Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Alles rund um Windows (https://www.trojaner-board.de/alles-rund-um-windows/)
-   -   Windows 7 64-bit Mehrere exe Programme fehlerhaft (https://www.trojaner-board.de/165571-windows-7-64-bit-mehrere-exe-programme-fehlerhaft.html)

Wildstyle 28.03.2015 15:19
Windows 7 64-bit Mehrere exe Programme fehlerhaft
 
Hallo experten Team,

ich habe folgendes Problem.
Sobald Windows 7 64-bit hochgefahren ist, öffnen sich kleine Fenster mit fehlerhaften Infos wie zum beispiel. wscript.exe, typeperf.exe, sc.exe, fontview.exe uvm(die anderen habe ich leider nicht aufgeschrieben).

Zudem habe ich immer das Programm Mawarebytes im Hintergrund laufen und poppt mir immer Fehler oder Blocks auf.

Obwohl ich zb. nur offline Games spiele wie zb Fifa 15, wird das Game-Fenster minimiert und es schiebt sich ein Block Fenster von Malwarebytes hoch. Jedesmal drücke ich auf Quarantäne und dennoch taucht immer wieder dieses Malwarebytes Fenster auf mit dem selben blocken vom selben Programm oder was auch immer das sein soll.

Zudem muss ich sagen, dass ich bereits auf eigene Faust einige schritte vollzogen habe die ihr anderen Benutzern abgearbeitet haben, da meine Probleme identisch waren.

Jetzt weiß ich das es Falsch war, da darauf ausdrücklich hingewiesen wurde dies nicht zu tun!

Zu den oben genannten fehlerhaften exe Dateien...
Ich habe nichts von mir aus Gelöscht, was diese Fehler hervorrufen könnte.
Malwarebytes habe ich auch Mbam laufen lassen und die gefundenen Sachen entfernt, aber finde die Logs dazu gerade nicht.

Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Privat (administrator) on PRIVAT-PC on 28-03-2015 13:05:33
Running from C:\Users\Privat\Downloads\Programs
Loaded Profiles: Privat (Available profiles: Privat)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(The Within Network, LLC) C:\Windows\UnsignedThemesSvc.exe
(SysTool PasSame LIMITED) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
(Systweak) C:\Program Files (x86)\Advanced System Optimizer 3\SystemProtector.exe
(Intel Corporation) C:\Program Files (x86)\Intel\AMT\atchk.exe
(WinZip Computing International, LLC) C:\Program Files\File Association Helper\FAHWindow.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\vVX1000.exe
() C:\Program Files (x86)\phonostar-Player\phonostarTimer.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Stardock Corporation) C:\Program Files (x86)\Stardock\CursorFX\CursorFx.exe
(ReviverSoft) C:\SkinPack\StartMenu\StartMenuReviver.exe
(Microsoft Corporation) C:\Windows\SysWOW64\vssadmin.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Systweak Software, (www.systweak.com)) C:\Program Files (x86)\Advanced System Optimizer 3\ASO3DefragSrv64.exe
() C:\Users\Privat\AppData\Roaming\910A7ED9-1425685473-1192-C5DB-90FBA635F3BA\jnsaF4CF.tmp
() C:\Users\Privat\AppData\Roaming\910A7ED9-1425685473-1192-C5DB-90FBA635F3BA\nsx3C58.tmp
(Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
(Microsoft Corporation) C:\Windows\SysWOW64\w32tm.exe
(XTab system) C:\Program Files (x86)\XTab\ProtectService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(SearchProtect) C:\Program Files (x86)\XTab\CmdShell.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(XTab system) C:\Program Files (x86)\XTab\HPNotify.exe
(Microsoft Corporation) C:\Windows\SysWOW64\chkdsk.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Curse) C:\Users\Privat\AppData\Local\Apps\2.0\89GOB73C.32A\7VGNOZDE.XJJ\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b62a0ea0a2ec\CurseClient.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.3885\Agent.exe
(Blizzard Entertainment) C:\Program Files (x86)\Battle.net\Battle.net.5621\Battle.net.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [FAHConsole] => C:\Program Files\File Association Helper\FAHConsole.exe [216248 2013-09-26] (WinZip Computing International, LLC)
HKLM\...\Run: [atchk] => C:\Program Files (x86)\Intel\AMT\atchk.exe [401408 2009-12-01] (Intel Corporation)
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)
HKLM\...\Run: [VX1000] => C:\Windows\vVX1000.exe [762736 2010-05-20] (Microsoft Corporation)
HKLM-x32\...\Run: [MetroSidebar] => C:\Program Files (x86)\MetroSidebar\MetroSidebar.exe [1079808 2015-02-19] (MetroSidebar)
HKLM-x32\...\Run: [gmsd_de_271] => [X]
Winlogon\Notify\WB: C:\Program Files (x86)\Stardock\WindowBlinds\fast64.dll [X]
HKU\S-1-5-21-599707613-2096614801-711580207-1000\...\Run: [Dxtory Update Checker 2.0] => C:\Program Files (x86)\ExKode\Dxtory2.0\UpdateChecker.exe [93696 2010-10-17] (Dxtory Software)
HKU\S-1-5-21-599707613-2096614801-711580207-1000\...\Run: [phonostar-PlayerTimer] => C:\Program Files (x86)\phonostar-Player\phonostarTimer.exe [42496 2013-04-25] ()
HKU\S-1-5-21-599707613-2096614801-711580207-1000\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1562264 2014-07-25] (Samsung)
HKU\S-1-5-21-599707613-2096614801-711580207-1000\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3890768 2015-03-19] (Tonec Inc.)
HKU\S-1-5-21-599707613-2096614801-711580207-1000\...\Run: [force-survive] => C:\Users\Privat\AppData\Roaming\Forcedog\force-feed.exe [182272 2015-03-26] ()
HKU\S-1-5-21-599707613-2096614801-711580207-1000\...\Run: [chart_table] => C:\Users\Privat\AppData\Roaming\Chart_plate\chart_go.exe [182272 2015-03-26] ()
HKU\S-1-5-21-599707613-2096614801-711580207-1000\...\Run: [range-horse] => C:\Users\Privat\AppData\Local\Range-must\rangepractice.exe [97792 2015-03-26] ()
HKU\S-1-5-21-599707613-2096614801-711580207-1000\...\Run: [desire-card] => C:\Users\Privat\AppData\Roaming\Desire_profit\desire_boss.exe [184320 2015-03-26] ()
HKU\S-1-5-21-599707613-2096614801-711580207-1000\...\Run: [stick-date] => C:\Users\Privat\AppData\Local\Temp\Stick-sky\stick-generate.exe [97280 2015-03-26] () <===== ATTENTION
HKU\S-1-5-21-599707613-2096614801-711580207-1000\...\Run: [MetroSidebar] => C:\Program Files (x86)\MetroSidebar\MetroSidebar.exe [1079808 2015-02-19] (MetroSidebar)
HKU\S-1-5-21-599707613-2096614801-711580207-1000\...\Run: [tssop] => C:\ProgramData\Blizzard Entertainment\Battle.net\Cache\1e\6f\design_for_testability\valve.exe [209920 2012-03-02] (BackupFly Software)
HKU\S-1-5-21-599707613-2096614801-711580207-1000\...\Run: [CursorFX] => C:\Program Files (x86)\Stardock\CursorFX\CursorFX.exe [653128 2012-06-28] (Stardock Corporation)
HKU\S-1-5-21-599707613-2096614801-711580207-1000\...\Run: [song_fill] => C:\Users\Privat\AppData\Local\Songshoot\songprogram.exe [151552 2015-03-28] (CryDev Software)
HKU\S-1-5-21-599707613-2096614801-711580207-1000\...\Run: [summer-number] => C:\Users\Privat\AppData\Local\Temp\Summersmoke\summer-employ.exe [97792 2015-03-27] () <===== ATTENTION
HKU\S-1-5-21-599707613-2096614801-711580207-1000\...\RunOnce: [desire-card] => C:\Users\Privat\AppData\Roaming\Desire_profit\desire_boss.exe [184320 2015-03-26] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImmersiveExplorer.lnk
ShortcutTarget: ImmersiveExplorer.lnk -> C:\SkinPack\ImmersiveExplorer\Immersive Explorer.exe (Julien MANICI)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MetroSidebar.lnk
ShortcutTarget: MetroSidebar.lnk -> C:\SkinPack\MetroSidebar\MetroSidebar.exe (MetroSidebar)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\StartMenu.lnk
ShortcutTarget: StartMenu.lnk -> C:\SkinPack\StartMenu\StartMenuReviver.exe (ReviverSoft)
Startup: C:\Users\Privat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll (Tonec Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-599707613-2096614801-711580207-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1427455032&from=smt&uid=ST3500412AS_5VV08871XXXX5VV08871&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1427455032&from=smt&uid=ST3500412AS_5VV08871XXXX5VV08871&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1427455032&from=smt&uid=ST3500412AS_5VV08871XXXX5VV08871&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1427455032&from=smt&uid=ST3500412AS_5VV08871XXXX5VV08871&q={searchTerms}
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-599707613-2096614801-711580207-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM-x32 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.swellsearch.info/?l=1&q={searchTerms}&pid=3458&r=2015/03/08&hid=8905827995642330909&lg=EN&cc=DE&unqvl=84
SearchScopes: HKU\S-1-5-21-599707613-2096614801-711580207-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=smt&utm_campaign=install_ie&utm_content=ds&from=smt&uid=ST3500412AS_5VV08871XXXX5VV08871&ts=1427455171&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-599707613-2096614801-711580207-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=smt&utm_campaign=install_ie&utm_content=ds&from=smt&uid=ST3500412AS_5VV08871XXXX5VV08871&ts=1427455171&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-599707613-2096614801-711580207-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=smt&utm_campaign=install_ie&utm_content=ds&from=smt&uid=ST3500412AS_5VV08871XXXX5VV08871&ts=1427455171&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-599707613-2096614801-711580207-1000 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=smt&utm_campaign=install_ie&utm_content=ds&from=smt&uid=ST3500412AS_5VV08871XXXX5VV08871&ts=1427455171&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-599707613-2096614801-711580207-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=smt&utm_campaign=install_ie&utm_content=ds&from=smt&uid=ST3500412AS_5VV08871XXXX5VV08871&ts=1427455171&type=default&q={searchTerms}
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-02-21] (Internet Download Manager, Tonec Inc.)
BHO: UniDeals -> {5d13e1e4-c7f7-4cff-b327-a4a2b6c80d35} ->  No File
BHO: youtubeadblocker -> {ee7d8238-d949-4684-8e4a-ca063ffedf4d} ->  No File
BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll [2014-12-15] (DVDVideoSoft Ltd.)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2015-02-21] (Internet Download Manager, Tonec Inc.)
BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\XTab\SupTab.dll [2015-03-20] (Thinknice Co. Limited)
BHO-x32: UniDeals -> {5d13e1e4-c7f7-4cff-b327-a4a2b6c80d35} -> C:\Program Files (x86)\UniDeals\9YQjqcXa2rJO5I.dll No File
BHO-x32: youtubeadblocker -> {ee7d8238-d949-4684-8e4a-ca063ffedf4d} -> C:\Program Files (x86)\youtubeadblocker\sFMvFwYa99nIOn.dll No File
BHO-x32: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll [2014-12-15] (DVDVideoSoft Ltd.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Privat\AppData\Roaming\Mozilla\Firefox\Profiles\0mzbzn3k.default-1425799298169
FF Homepage: hxxp://www.google.com/
FF Keyword.URL:
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-05] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2013-11-12] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin HKU\S-1-5-21-599707613-2096614801-711580207-1000: @phonostar.de/phonostar-Player -> C:\Program Files (x86)\phonostar-Player\npphonostarDetectNP.dll [2013-08-06] ( )
FF user.js: detected! => C:\Users\Privat\AppData\Roaming\Mozilla\Firefox\Profiles\0mzbzn3k.default-1425799298169\user.js [2015-03-28]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml [2015-03-11]
FF Extension: Search Enginer - C:\Users\Privat\AppData\Roaming\Mozilla\Firefox\Profiles\0mzbzn3k.default-1425799298169\Extensions\searchengine@gmail.com [2015-03-27]
FF Extension: WEB.DE MailCheck - C:\Users\Privat\AppData\Roaming\Mozilla\Firefox\Profiles\0mzbzn3k.default-1425799298169\Extensions\toolbar@web.de [2015-03-08]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900}.xpi [2015-02-26]
FF Extension: UITBAutoInstaller - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\{edd7fc99-d65c-4979-85c2-ddeed30c50c7} [2015-03-02]
FF HKLM-x32\...\Firefox\Extensions: [searchengine@gmail.com] - C:\Users\Privat\AppData\Roaming\Mozilla\Firefox\Profiles\0mzbzn3k.default-1425799298169\extensions\searchengine@gmail.com
FF HKU\S-1-5-21-599707613-2096614801-711580207-1000\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-02-20]
FF HKU\S-1-5-21-599707613-2096614801-711580207-1000\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Privat\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Privat\AppData\Roaming\IDM\idmmzcc5 [2015-03-22]
FF HKU\S-1-5-21-599707613-2096614801-711580207-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Privat\AppData\Roaming\IDM\idmmzcc5
FF Extension: No Name - C:\Users\Privat\AppData\Roaming\Mozilla\Firefox\Profiles\0mzbzn3k.default-1425799298169\extensions\istart_ffnt@gmail.com [Not Found]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.mystartsearch.com/?type=hp&ts=1425685414&from=ima&uid=ST3500412AS_5VV08871XXXX5VV08871
CHR StartupUrls: Default -> "hxxp://www.google.de/", "hxxp://www.google.com/"
CHR Profile: C:\Users\Privat\AppData\Local\Google\Chrome\User Data\default
CHR Extension: (YouTube) - C:\Users\Privat\AppData\Local\Google\Chrome\User Data\default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-09]
CHR Extension: (Adblock Plus) - C:\Users\Privat\AppData\Local\Google\Chrome\User Data\default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-03-09]
CHR Extension: (Spotify - Music for every moment) - C:\Users\Privat\AppData\Local\Google\Chrome\User Data\default\Extensions\cnkjkdjlofllcpbemipjbcpfnglbgieh [2015-03-09]
CHR Extension: (Cog - System Info Viewer) - C:\Users\Privat\AppData\Local\Google\Chrome\User Data\default\Extensions\difcjdggkffcfgcfconafogflmmaadco [2015-03-09]
CHR Extension: (Awesome Reload All Tabs Button) - C:\Users\Privat\AppData\Local\Google\Chrome\User Data\default\Extensions\kamfkajbgmjkfmfgcikbmbmpjfokfijk [2015-03-20]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Privat\AppData\Local\Google\Chrome\User Data\default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-09]
CHR Extension: (IDM Integration Module) - C:\Users\Privat\AppData\Local\Google\Chrome\User Data\default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2015-03-09]
CHR Extension: (Google Wallet) - C:\Users\Privat\AppData\Local\Google\Chrome\User Data\default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-16]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-03-19]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-03-19]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASO3DiskOptimizer; C:\Program Files (x86)\Advanced System Optimizer 3\ASO3DefragSrv64.exe [264464 2015-03-09] (Systweak Software, (www.systweak.com))
S4 atchksrv; C:\Program Files (x86)\Intel\AMT\atchksrv.exe [176128 2009-12-01] (Intel Corporation) [File not signed]
R2 cepyqugu; C:\Users\Privat\AppData\Roaming\910A7ED9-1425685473-1192-C5DB-90FBA635F3BA\jnsaF4CF.tmp [194048 2015-03-07] () [File not signed]
R2 donureqe; C:\Users\Privat\AppData\Roaming\910A7ED9-1425685473-1192-C5DB-90FBA635F3BA\nsx3C58.tmp [140288 2015-03-08] () [File not signed]
S4 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-13] (NVIDIA Corporation)
S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 IHProtect Service; C:\Program Files (x86)\XTab\ProtectService.exe [158816 2015-03-20] (XTab system)
S2 Irmon; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S2 Irmon; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S4 LMS; C:\Program Files (x86)\Intel\AMT\LMS.exe [102400 2009-12-01] (Intel) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S4 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation)
S4 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-13] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910640 2015-03-04] (Electronic Arts)
S4 RzOvlMon; C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe [32960 2014-04-18] (Razer, Inc.)
S4 UNS; C:\Program Files (x86)\Intel\AMT\UNS.exe [2519040 2009-12-01] (Intel) [File not signed]
R2 UnsignedThemes; C:\Windows\UnsignedThemesSvc.exe [24168 2009-07-13] (The Within Network, LLC)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [493712 2015-03-27] (SysTool PasSame LIMITED)
S2 6d75c4f6; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\ProcessSystem\ProcessSystem.dll",serv

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [36096 2013-05-21] (Advanced Micro Devices, Inc.)
S3 h647906; C:\Windows\System32\drivers\h647906.sys [63856 2008-08-08] (Your Corporation)
S3 h648101; C:\Windows\System32\drivers\h648101.sys [65776 2008-08-08] (Your Corporation)
S3 h648103; C:\Windows\System32\drivers\h648103.sys [62960 2008-08-08] (Your Corporation)
S3 hid7906; C:\Windows\SysWOW64\drivers\hid7906.sys [41272 2008-08-08] (Your Corporation)
S3 hid8101; C:\Windows\SysWOW64\drivers\hid8101.sys [43192 2008-08-08] (Your Corporation)
S3 hid8103; C:\Windows\SysWOW64\drivers\hid8103.sys [40856 2008-08-08] (Your Corporation)
R3 irsir; C:\Windows\System32\DRIVERS\irsir.sys [27648 2008-01-19] (Microsoft Corporation)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [49304 2014-12-15] (Visicom Media Inc.)
R2 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [93400 2014-11-21] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-28] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35992 2014-12-15] (Visicom Media Inc.)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R3 RzDxgk; C:\Windows\system32\drivers\RzDxgk.sys [129472 2014-04-18] (Razer, Inc.)
R1 RzFilter; C:\Windows\system32\drivers\RzFilter.sys [74432 2014-04-18] (Razer, Inc.)
S3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [34544 2013-09-04] (Synaptics Incorporated)
R2 uxpatch; C:\Windows\system32\drivers\uxpatch.sys [30568 2009-07-13] ()
R0 vsock; C:\Windows\System32\drivers\vsock.sys [76480 2015-01-07] (VMware, Inc.)
S3 Asushwio; \??\D:\Bin\64bit\Asushwio.sys [X]
S1 cherimoya; system32\drivers\cherimoya.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-28 13:05 - 2015-03-28 13:05 - 00000000 ____D () C:\FRST
2015-03-28 02:13 - 2015-03-28 02:13 - 00000000 ___HD () C:\Users\Privat\AppData\Local\Songshoot
2015-03-27 15:45 - 2015-03-27 15:45 - 00000000 ____D () C:\Program Files\W10-Beta
2015-03-27 15:21 - 2015-03-27 15:21 - 00000000 ____D () C:\Program Files (x86)\predm
2015-03-27 12:31 - 2015-03-28 00:10 - 00001307 _____ () C:\Users\Privat\AppData\Roaming\Microsoft\Windows\Start Menu\Immersive Explorer.lnk
2015-03-27 12:31 - 2015-03-28 00:10 - 00000000 ____D () C:\Users\Privat\AppData\Local\immersive-explorer.com
2015-03-27 12:27 - 2015-03-27 12:27 - 00060424 _____ () C:\Users\Privat\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-27 12:19 - 2015-03-27 12:28 - 00000000 ____D () C:\Program Files (x86)\XTab
2015-03-27 12:19 - 2015-03-27 12:19 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2015-03-27 12:19 - 2015-03-27 12:19 - 00000000 ____D () C:\ProgramData\IHProtectUpDate
2015-03-27 12:17 - 2015-03-27 12:17 - 00002639 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MetroSidebar.lnk
2015-03-27 12:16 - 2015-03-27 12:17 - 00000000 ____D () C:\Program Files (x86)\MetroSidebar
2015-03-27 12:16 - 2015-03-27 12:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MetroSidebar
2015-03-27 12:05 - 2015-03-27 12:29 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\MetroSidebar
2015-03-27 12:05 - 2015-03-27 12:05 - 00003096 _____ () C:\Windows\System32\Tasks\ReviverSoft Start Menu Run once task
2015-03-27 12:05 - 2015-03-27 12:05 - 00000000 ____D () C:\ProgramData\StartMenuReviver.exe
2015-03-27 12:05 - 2015-03-27 12:05 - 00000000 ____D () C:\ProgramData\ReviverSoft
2015-03-27 12:04 - 2015-03-27 12:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SkinPack
2015-03-27 12:04 - 2015-03-27 12:04 - 00000000 ___HD () C:\W7P_Backups
2015-03-27 12:02 - 2015-03-27 12:05 - 00000000 ____D () C:\SkinPack
2015-03-27 11:54 - 2015-03-27 12:01 - 00000000 ____D () C:\Users\Privat\AppData\Local\VMware
2015-03-27 11:54 - 2015-03-27 11:54 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\VMware
2015-03-27 11:52 - 2015-02-06 18:40 - 00066752 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmx86.sys
2015-03-27 11:52 - 2015-02-06 18:39 - 00033472 _____ (VMware, Inc.) C:\Windows\system32\Drivers\VMkbd.sys
2015-03-27 11:52 - 2015-01-07 15:55 - 00076480 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vsock.sys
2015-03-27 11:52 - 2015-01-07 15:55 - 00068288 _____ (VMware, Inc.) C:\Windows\system32\vsocklib.dll
2015-03-27 11:52 - 2015-01-07 15:55 - 00064192 _____ (VMware, Inc.) C:\Windows\SysWOW64\vsocklib.dll
2015-03-27 11:51 - 2015-02-06 18:40 - 00438464 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
2015-03-27 11:51 - 2015-02-06 18:40 - 00359104 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
2015-03-27 11:51 - 2015-02-06 18:40 - 00026816 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmnetuserif.sys
2015-03-27 11:51 - 2015-02-06 18:39 - 00931008 _____ (VMware, Inc.) C:\Windows\system32\vnetlib64.dll
2015-03-27 11:51 - 2015-01-07 08:02 - 00055488 _____ (VMware, Inc.) C:\Windows\system32\Drivers\hcmon.sys
2015-03-27 11:50 - 2015-03-28 11:53 - 00000000 ____D () C:\ProgramData\VMware
2015-03-27 11:50 - 2015-03-27 11:50 - 00000000 ____D () C:\Program Files\Common Files\VMware
2015-03-27 11:50 - 2015-03-27 11:50 - 00000000 ____D () C:\Program Files (x86)\VMware
2015-03-26 18:26 - 2015-03-26 18:26 - 00000000 ___HD () C:\Users\Privat\AppData\Roaming\Desire_profit
2015-03-26 16:43 - 2015-03-26 16:43 - 00000000 ___HD () C:\Users\Privat\AppData\Local\Range-must
2015-03-26 14:58 - 2015-03-28 00:07 - 00014220 _____ () C:\Windows\PFRO.log
2015-03-26 11:02 - 2015-03-26 11:02 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\Alien Isolation
2015-03-26 11:01 - 2015-03-26 11:01 - 00000364 _____ () C:\Windows\DirectX.log
2015-03-26 00:47 - 2015-03-26 00:47 - 00000000 ___HD () C:\Users\Privat\AppData\Roaming\Chart_plate
2015-03-26 00:19 - 2015-03-27 15:46 - 00000000 ____D () C:\ProgramData\ywfme
2015-03-26 00:05 - 2015-03-26 00:05 - 00000000 ___HD () C:\Users\Privat\AppData\Roaming\Forcedog
2015-03-25 23:12 - 2015-03-27 10:22 - 00000000 ___HD () C:\Users\Privat\AppData\Roaming\Song-open
2015-03-25 11:17 - 2015-03-11 05:06 - 00943616 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-03-25 11:17 - 2015-03-11 05:06 - 00760832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-03-25 11:17 - 2015-03-11 05:06 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-03-25 11:17 - 2015-03-11 05:06 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-03-25 11:17 - 2015-03-11 05:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-03-25 11:17 - 2015-03-11 05:05 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-03-25 11:17 - 2015-03-11 05:05 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-03-25 11:17 - 2015-03-11 05:02 - 01107456 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-03-24 20:04 - 2015-03-28 11:51 - 00001248 _____ () C:\Windows\setupact.log
2015-03-24 20:04 - 2015-03-24 20:04 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-22 23:14 - 2015-03-23 06:02 - 00000000 ____D () C:\Users\Privat\AppData\Local\Darksiders2
2015-03-22 23:14 - 2015-03-22 23:14 - 00000000 ____D () C:\Users\Privat\AppData\Local\SKIDROW
2015-03-19 04:08 - 2015-03-19 03:27 - 00191960 _____ (Tonec Inc.) C:\Windows\system32\Drivers\idmwfp.sys
2015-03-18 15:43 - 2015-03-18 15:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SimBin
2015-03-14 19:57 - 2015-03-14 19:58 - 00002566 _____ () C:\Users\Privat\Documents\Verschlüsselt.pfx
2015-03-14 13:35 - 2015-03-14 13:35 - 00000000 ____D () C:\Users\Privat\Documents\CAPCOM
2015-03-14 13:20 - 2015-03-14 13:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows - LIVE
2015-03-14 13:19 - 2015-03-14 13:20 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2015-03-14 13:19 - 2015-03-14 13:19 - 00000000 ____D () C:\Windows\SysWOW64\xlive
2015-03-13 10:15 - 2015-03-13 10:21 - 00000000 ___HD () C:\Verschlüsselt
2015-03-11 18:54 - 2015-03-11 18:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIMP3
2015-03-11 14:37 - 2015-02-20 05:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-11 14:37 - 2015-02-20 05:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-11 14:37 - 2015-02-20 05:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-11 14:37 - 2015-02-20 05:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-11 14:37 - 2015-02-20 05:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-11 14:37 - 2015-02-20 05:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-11 14:37 - 2015-02-20 05:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-11 14:37 - 2015-02-20 05:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-11 14:37 - 2015-02-20 04:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-11 14:37 - 2015-02-20 04:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-11 14:37 - 2015-02-03 04:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-11 14:37 - 2015-02-03 04:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-03-11 14:37 - 2015-02-03 04:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-11 14:37 - 2015-02-03 04:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-03-11 14:37 - 2015-02-03 04:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-11 14:37 - 2015-02-03 04:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-11 14:37 - 2015-02-03 04:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-11 14:37 - 2015-02-03 04:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-11 14:37 - 2015-02-03 04:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-11 14:37 - 2015-02-03 04:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-11 14:37 - 2015-02-03 04:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-11 14:37 - 2015-02-03 04:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-11 14:37 - 2015-02-03 04:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-11 14:37 - 2015-02-03 04:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-11 14:37 - 2015-02-03 04:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-11 14:37 - 2015-02-03 04:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-11 14:37 - 2015-02-03 04:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-11 14:37 - 2015-02-03 04:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-11 14:37 - 2015-02-03 04:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-11 14:37 - 2015-02-03 04:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-11 14:37 - 2015-02-03 04:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-11 14:37 - 2015-02-03 04:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-11 14:37 - 2015-02-03 04:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-11 14:37 - 2015-02-03 04:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-11 14:37 - 2015-02-03 04:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-11 14:37 - 2015-02-03 04:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-11 14:37 - 2015-02-03 04:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-11 14:37 - 2015-02-03 04:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-11 14:37 - 2015-02-03 04:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-11 14:37 - 2015-02-03 04:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-11 14:37 - 2015-02-03 04:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-11 14:37 - 2015-02-03 04:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-11 14:37 - 2015-02-03 04:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-11 14:37 - 2015-02-03 04:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-11 14:37 - 2015-02-03 04:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-11 14:37 - 2015-02-03 04:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-11 14:37 - 2015-02-03 04:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-11 14:37 - 2015-02-03 04:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-11 14:37 - 2015-02-03 04:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-11 14:37 - 2015-02-03 04:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-11 14:37 - 2015-02-03 04:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-11 14:37 - 2015-02-03 04:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-11 14:37 - 2015-02-03 04:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-11 14:37 - 2015-02-03 04:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-11 14:37 - 2015-02-03 04:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-11 14:37 - 2015-02-03 04:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-11 14:37 - 2015-02-03 04:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-11 14:37 - 2015-02-03 04:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-11 14:37 - 2015-02-03 04:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-11 14:37 - 2015-02-03 04:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-11 14:37 - 2015-02-03 04:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-11 14:37 - 2015-02-03 04:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-11 14:37 - 2015-02-03 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-11 14:37 - 2015-02-03 04:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-11 14:37 - 2015-02-03 04:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-11 14:37 - 2015-02-03 04:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-11 14:37 - 2015-02-03 04:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-03-11 14:37 - 2015-02-03 04:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-03-11 14:37 - 2015-02-03 04:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-03-11 14:37 - 2015-02-03 04:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-03-11 14:37 - 2015-02-03 04:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-03-11 14:37 - 2015-02-03 04:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-03-11 14:37 - 2015-02-03 04:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-03-11 14:37 - 2015-02-03 04:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-03-11 14:37 - 2015-02-03 04:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-03-11 14:37 - 2015-02-03 04:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-03-11 14:37 - 2015-02-03 04:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-03-11 14:37 - 2015-02-03 04:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-03-11 14:37 - 2015-02-03 04:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-03-11 14:37 - 2015-02-03 04:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-03-11 14:37 - 2015-02-03 04:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-03-11 14:37 - 2015-02-03 04:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-03-11 14:37 - 2015-02-03 04:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-03-11 14:37 - 2015-02-03 04:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-03-11 14:37 - 2015-02-03 04:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-03-11 14:37 - 2015-02-03 04:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-03-11 14:37 - 2015-02-03 04:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-03-11 14:37 - 2015-02-03 04:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-03-11 14:37 - 2015-02-03 04:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-03-11 14:37 - 2015-02-03 04:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-03-11 14:37 - 2015-02-03 04:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-03-11 14:37 - 2015-02-03 04:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-03-11 14:37 - 2015-02-03 04:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-03-11 14:37 - 2015-02-03 04:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-03-11 14:37 - 2015-02-03 04:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-03-11 14:37 - 2015-02-03 04:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-03-11 14:37 - 2015-02-03 04:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-03-11 14:37 - 2015-02-03 04:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-03-11 14:37 - 2015-02-03 03:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-11 14:37 - 2014-10-31 23:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-11 14:37 - 2014-06-28 01:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-03-11 14:37 - 2014-06-28 01:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-03-11 14:36 - 2015-03-06 06:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-11 14:36 - 2015-03-06 06:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-11 14:36 - 2015-03-06 06:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-11 14:36 - 2015-03-06 06:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-11 14:36 - 2015-03-06 06:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-11 14:36 - 2015-03-06 06:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-11 14:36 - 2015-03-06 06:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-11 14:36 - 2015-03-06 06:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-11 14:36 - 2015-03-06 06:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-11 14:36 - 2015-03-06 06:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-11 14:36 - 2015-03-06 06:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-11 14:36 - 2015-03-06 06:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-11 14:36 - 2015-03-06 06:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-11 14:36 - 2015-03-06 06:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-11 14:36 - 2015-03-06 06:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-11 14:36 - 2015-03-06 06:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-11 14:36 - 2015-03-06 06:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-11 14:36 - 2015-03-06 06:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-11 14:36 - 2015-03-06 06:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-03-11 14:36 - 2015-03-06 06:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-03-11 14:36 - 2015-03-06 06:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-11 14:36 - 2015-03-06 06:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-03-11 14:36 - 2015-03-06 06:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-03-11 14:36 - 2015-03-06 06:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-03-11 14:36 - 2015-03-06 06:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-11 14:36 - 2015-03-06 06:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-03-11 14:36 - 2015-03-06 06:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-11 14:36 - 2015-03-06 06:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-03-11 14:36 - 2015-03-06 06:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-03-11 14:36 - 2015-03-06 06:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-03-11 14:36 - 2015-03-06 06:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-11 14:36 - 2015-02-26 04:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-11 14:36 - 2015-02-24 04:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-11 14:36 - 2015-02-24 03:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-03-11 14:36 - 2015-02-21 02:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-11 14:36 - 2015-02-21 01:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-11 14:36 - 2015-02-21 01:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-11 14:36 - 2015-02-21 01:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-11 14:36 - 2015-02-21 01:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-11 14:36 - 2015-02-21 00:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-11 14:36 - 2015-02-21 00:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-11 14:36 - 2015-02-20 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-11 14:36 - 2015-02-20 04:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-11 14:36 - 2015-02-20 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-11 14:36 - 2015-02-20 03:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-11 14:36 - 2015-02-20 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-11 14:36 - 2015-02-20 03:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-11 14:36 - 2015-02-20 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-11 14:36 - 2015-02-20 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-11 14:36 - 2015-02-20 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-11 14:36 - 2015-02-20 03:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-11 14:36 - 2015-02-20 03:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-11 14:36 - 2015-02-20 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-11 14:36 - 2015-02-20 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-11 14:36 - 2015-02-20 03:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-11 14:36 - 2015-02-20 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-11 14:36 - 2015-02-20 03:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-11 14:36 - 2015-02-20 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-11 14:36 - 2015-02-20 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-11 14:36 - 2015-02-20 03:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-11 14:36 - 2015-02-20 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-11 14:36 - 2015-02-20 03:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-03-11 14:36 - 2015-02-20 03:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-03-11 14:36 - 2015-02-20 03:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-11 14:36 - 2015-02-20 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-11 14:36 - 2015-02-20 03:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-11 14:36 - 2015-02-20 03:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-11 14:36 - 2015-02-20 03:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-03-11 14:36 - 2015-02-20 02:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-03-11 14:36 - 2015-02-20 02:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-03-11 14:36 - 2015-02-20 02:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-03-11 14:36 - 2015-02-20 02:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-11 14:36 - 2015-02-20 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-11 14:36 - 2015-02-20 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-11 14:36 - 2015-02-20 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-11 14:36 - 2015-02-20 02:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-11 14:36 - 2015-02-20 02:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-11 14:36 - 2015-02-20 02:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-03-11 14:36 - 2015-02-20 02:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-11 14:36 - 2015-02-20 02:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-11 14:36 - 2015-02-20 02:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-11 14:36 - 2015-02-20 02:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-11 14:36 - 2015-02-20 02:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-03-11 14:36 - 2015-02-20 02:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-11 14:36 - 2015-02-20 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-11 14:36 - 2015-02-20 02:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-11 14:36 - 2015-02-20 01:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-11 14:36 - 2015-02-20 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-11 14:36 - 2015-02-13 06:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-11 14:36 - 2015-02-13 06:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-11 14:36 - 2015-02-04 04:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-11 14:36 - 2015-02-04 03:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-11 14:36 - 2015-02-03 04:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-11 14:36 - 2015-02-03 04:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-11 14:36 - 2015-02-03 04:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-11 14:36 - 2015-02-03 04:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-11 14:36 - 2015-01-31 04:48 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-03-11 14:36 - 2015-01-31 04:48 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-03-11 14:36 - 2015-01-31 00:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-11 14:36 - 2015-01-31 00:56 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-03-11 14:36 - 2015-01-17 03:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-11 14:36 - 2015-01-17 03:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-10 18:06 - 2015-03-11 05:05 - 00000000 ____D () C:\ProgramData\Codemasters
2015-03-09 15:48 - 2008-11-21 00:08 - 00016896 _____ () C:\Windows\system32\sasnative64.exe
2015-03-09 12:49 - 2015-03-09 12:49 - 00000000 ____D () C:\Users\Privat\Documents\FIFA 11
2015-03-09 05:40 - 2015-03-09 05:40 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-03-08 22:57 - 2015-03-08 22:57 - 00000000 ____D () C:\Users\Privat\AppData\Local\BANDAI NAMCO Games
2015-03-08 06:36 - 2015-03-08 06:36 - 00003202 _____ () C:\Windows\System32\Tasks\StardockTR
2015-03-08 06:12 - 2015-03-08 06:12 - 00000000 _____ () C:\ProgramData\rebootpending.txt
2015-03-08 05:50 - 2014-08-02 13:37 - 00000000 ____D () C:\Program Files\WindowBlinds
2015-03-08 05:45 - 2015-03-08 05:45 - 00000000 ____D () C:\Windows\SysWOW64\X86
2015-03-08 05:45 - 2015-03-08 05:45 - 00000000 ____D () C:\Windows\SysWOW64\AMD64
2015-03-08 05:44 - 2015-03-26 11:08 - 00000000 ____D () C:\Program Files (x86)\youtubeadblocker
2015-03-08 05:44 - 2015-03-12 17:27 - 00000000 ____D () C:\Program Files (x86)\Sinhala Meaning
2015-03-08 05:44 - 2015-03-12 10:21 - 00000000 ____D () C:\Program Files (x86)\ProcessSystem
2015-03-08 05:43 - 2015-03-26 11:08 - 00000000 ____D () C:\Program Files (x86)\UniaDealese
2015-03-08 05:43 - 2015-03-26 11:07 - 00000000 ____D () C:\Program Files (x86)\UniDeals
2015-03-08 05:43 - 2015-03-08 05:43 - 00000000 ____D () C:\ProgramData\aipmpddpoiejompnaadabedgjbbegmck
2015-03-08 05:43 - 2015-03-08 05:43 - 00000000 ____D () C:\ProgramData\4337803204961706088
2015-03-08 05:42 - 2015-03-08 06:14 - 00000000 ____D () C:\ProgramData\{9a05f486-54c6-b219-9a05-5f48654cd219}
2015-03-08 04:36 - 2015-03-08 06:32 - 00000000 ____D () C:\ProgramData\Stardock
2015-03-08 04:14 - 2015-03-08 04:14 - 00000000 ___HD () C:\ProgramData\{CEC42AA7-80BC-42B4-B5F3-8E754D04A118}
2015-03-08 04:07 - 2015-03-27 12:26 - 00000000 ____D () C:\Program Files (x86)\Stardock
2015-03-08 04:07 - 2015-03-27 12:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stardock
2015-03-08 04:07 - 2015-03-08 05:36 - 00000000 ____D () C:\Users\Privat\AppData\Local\Stardock
2015-03-08 04:07 - 2015-03-08 05:35 - 00000000 ____D () C:\Users\Public\Documents\Stardock
2015-03-08 04:06 - 2015-03-08 04:06 - 00000000 ____D () C:\Users\Privat\Downloads\Stardock
2015-03-08 02:33 - 2007-09-21 09:57 - 00081920 _____ () C:\Windows\SysWOW64\dancemat.exe
2015-03-08 02:24 - 2015-03-08 02:24 - 00003170 _____ () C:\Windows\System32\Tasks\{E52F1503-D79A-4591-981D-7BD3AEAEDBD8}
2015-03-07 21:35 - 2015-03-07 22:26 - 00000000 ____D () C:\Program Files\X360ce
2015-03-07 16:57 - 2008-08-08 15:31 - 00040856 _____ (Your Corporation) C:\Windows\SysWOW64\Drivers\hid8103.sys
2015-03-07 15:44 - 2015-03-07 15:44 - 00003106 _____ () C:\Windows\System32\Tasks\{5A6297E5-8A05-41E3-9AC7-B324F3968FF8}
2015-03-07 01:54 - 2015-03-07 01:54 - 00628688 _____ (CMI Limited) C:\Users\Privat\AppData\Local\nslD097.tmp
2015-03-07 01:38 - 2015-03-07 01:38 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\910A7ED9-1425688737-1192-C5DB-90FBA635F3BA
2015-03-07 01:37 - 2015-03-07 01:37 - 00001957 _____ () C:\Windows\patsearch.bin
2015-03-07 01:20 - 2015-03-10 19:06 - 00000000 ____D () C:\ProgramData\a8859e1800001c33
2015-03-07 00:45 - 2015-03-07 00:50 - 00000000 ____D () C:\Users\Privat\AppData\Local\910A7ED9-1425689132-1192-C5DB-90FBA635F3BA
2015-03-07 00:44 - 2015-03-08 17:27 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\910A7ED9-1425685473-1192-C5DB-90FBA635F3BA
2015-03-07 00:43 - 2015-03-07 17:20 - 00000000 ____D () C:\ProgramData\{adb05eb9-8e80-1ef7-adb0-05eb98e87ae6}
2015-03-07 00:43 - 2015-03-07 16:56 - 00000000 ____D () C:\Users\Privat\AppData\Local\winengine
2015-03-07 00:16 - 2015-03-07 00:16 - 00000000 ____D () C:\ProgramData\KONAMI
2015-03-06 10:46 - 2015-03-06 10:46 - 00000000 ____D () C:\Users\Privat\AppData\Local\My Games
2015-03-06 10:36 - 2015-03-10 14:15 - 00000000 ____D () C:\ProgramData\Orbit
2015-03-06 10:36 - 2015-03-06 21:18 - 00281688 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2015-03-06 10:26 - 2015-03-06 10:36 - 00281688 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2015-03-06 01:15 - 2015-03-06 01:15 - 00000000 ____D () C:\Users\Privat\AppData\Local\Crytek
2015-03-05 14:56 - 2008-08-08 15:33 - 00008316 _____ () C:\Windows\SysWOW64\Drivers\hid8103.cat
2015-03-05 14:56 - 2008-08-08 15:33 - 00008316 _____ () C:\Windows\SysWOW64\Drivers\hid8101.cat
2015-03-05 14:56 - 2008-08-08 15:33 - 00008316 _____ () C:\Windows\SysWOW64\Drivers\hid7906.cat
2015-03-05 14:56 - 2008-08-08 15:31 - 00065776 _____ (Your Corporation) C:\Windows\system32\Drivers\h648101.sys
2015-03-05 14:56 - 2008-08-08 15:31 - 00063856 _____ (Your Corporation) C:\Windows\system32\Drivers\h647906.sys
2015-03-05 14:56 - 2008-08-08 15:31 - 00062960 _____ (Your Corporation) C:\Windows\system32\Drivers\h648103.sys
2015-03-05 14:56 - 2008-08-08 15:31 - 00043192 _____ (Your Corporation) C:\Windows\SysWOW64\Drivers\hid8101.sys
2015-03-05 14:56 - 2008-08-08 15:31 - 00041272 _____ (Your Corporation) C:\Windows\SysWOW64\Drivers\hid7906.sys
2015-03-05 14:56 - 2007-11-12 15:28 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\USBGAMEPAD.cpl
2015-03-05 14:55 - 2015-03-08 02:33 - 00000000 ____D () C:\Windows\USB Vibration
2015-03-05 14:54 - 2015-03-05 14:56 - 00000000 ____D () C:\Program Files (x86)\USB Vibration
2015-03-05 12:08 - 2015-03-05 12:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crysis 3
2015-03-05 11:03 - 2015-03-05 16:06 - 00000000 ____D () C:\Users\Privat\Documents\FIFA 15
2015-03-04 16:42 - 2015-03-04 17:05 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\Origin
2015-03-04 16:42 - 2015-03-04 17:05 - 00000000 ____D () C:\Users\Privat\AppData\Local\Origin
2015-03-04 16:41 - 2015-03-04 16:42 - 00000000 ____D () C:\Program Files (x86)\Origin
2015-03-04 16:12 - 2015-03-04 16:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FIFA 15
2015-03-04 10:50 - 2015-03-04 10:50 - 00000000 ____D () C:\Windows\SysWOW64\䙔䵁
2015-03-04 05:05 - 2015-03-04 05:05 - 00000000 ____D () C:\ProgramData\EA Core
2015-03-02 02:23 - 2015-03-02 02:23 - 01700352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdiplus.dll
2015-03-02 02:23 - 2015-03-02 02:23 - 01060864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc71.dll
2015-03-02 02:06 - 2015-03-02 02:06 - 00000000 ____D () C:\Program Files (x86)\WEB.DE MailCheck
2015-03-02 00:58 - 2015-03-02 00:58 - 00000000 ____D () C:\Users\Privat\AppData\Local\storage
2015-03-02 00:57 - 2015-03-21 16:41 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\Ubisoft
2015-03-02 00:57 - 2015-03-06 10:36 - 00000000 ____D () C:\Users\Privat\AppData\Local\PunkBuster
2015-03-01 18:16 - 2015-03-22 20:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Catalyst
2015-03-01 17:34 - 2015-03-01 17:34 - 00000000 ____D () C:\Users\Privat\Documents\Rockstar Games
2015-03-01 17:32 - 2015-03-01 17:32 - 00000000 __SHD () C:\ProgramData\SecuROM
2015-03-01 17:32 - 2015-03-01 17:32 - 00000000 ____D () C:\Users\Privat\AppData\Local\Rockstar Games
2015-03-01 16:56 - 2015-03-01 16:56 - 00000000 __RHD () C:\Users\Privat\AppData\Roaming\SecuROM
2015-03-01 05:35 - 2015-03-15 14:21 - 00000000 ____D () C:\Users\Privat\AppData\Local\CAPCOM
2015-03-01 05:35 - 2015-03-01 05:35 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\Steam
2015-03-01 02:56 - 2015-03-01 02:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraISO
2015-03-01 02:56 - 2015-03-01 02:56 - 00000000 ____D () C:\Program Files (x86)\UltraISO
2015-03-01 02:42 - 2015-03-28 02:32 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\DMCache
2015-03-01 02:42 - 2015-03-27 12:26 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\IDM
2015-03-01 02:42 - 2015-03-27 12:05 - 00000000 ____D () C:\Users\Privat\Downloads\Compressed
2015-03-01 02:42 - 2015-03-23 15:17 - 00000000 ____D () C:\Program Files (x86)\Internet Download Manager
2015-03-01 02:42 - 2015-03-13 10:35 - 00000000 ____D () C:\Users\Privat\Downloads\Video
2015-03-01 02:42 - 2015-03-01 02:42 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2015-03-01 02:42 - 2015-03-01 02:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2015-03-01 02:42 - 2015-03-01 02:42 - 00000000 ____D () C:\ProgramData\IDM
2015-02-26 02:03 - 2015-03-11 15:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-28 13:06 - 2013-11-23 02:18 - 00000000 ____D () C:\Users\Privat\AppData\Local\Battle.net
2015-03-28 12:57 - 2013-11-23 20:11 - 00000000 ____D () C:\Users\Privat\AppData\Local\Deployment
2015-03-28 12:30 - 2014-02-16 08:33 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-28 12:16 - 2013-11-22 22:29 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-28 12:01 - 2009-07-14 05:45 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-28 12:01 - 2009-07-14 05:45 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-28 11:58 - 2013-11-22 21:32 - 01819106 _____ () C:\Windows\WindowsUpdate.log
2015-03-28 11:54 - 2015-02-23 15:53 - 00003108 _____ () C:\Windows\System32\Tasks\ASO-System Protector_startup
2015-03-28 11:52 - 2014-02-16 08:33 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-28 11:51 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-28 00:09 - 2014-04-15 13:42 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-27 15:21 - 2013-11-29 08:21 - 00001160 _____ () C:\Users\Privat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-03-27 15:21 - 2013-11-22 22:00 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-03-27 15:21 - 2013-11-22 21:38 - 00001421 _____ () C:\Users\Privat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-03-27 13:14 - 2013-11-23 14:29 - 00000000 ____D () C:\Users\Privat\Documents\My Games
2015-03-27 12:27 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-27 12:27 - 2009-07-14 05:45 - 00268872 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-27 12:04 - 2014-08-14 21:40 - 03984896 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-03-27 12:04 - 2014-08-14 21:40 - 03849216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-03-27 12:04 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\oobe
2015-03-27 12:04 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Cursors
2015-03-27 12:04 - 2009-07-14 00:57 - 51167232 _____ (Microsoft Corporation) C:\Windows\system32\imageres.dll
2015-03-27 12:04 - 2009-07-14 00:42 - 51167232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imageres.dll
2015-03-27 11:50 - 2013-11-23 00:22 - 01648846 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-03-27 11:50 - 2011-04-12 08:43 - 00702138 _____ () C:\Windows\system32\perfh007.dat
2015-03-27 11:50 - 2011-04-12 08:43 - 00150804 _____ () C:\Windows\system32\perfc007.dat
2015-03-27 11:38 - 2013-11-23 16:05 - 00000000 ____D () C:\Games
2015-03-27 10:22 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\Performance
2015-03-27 09:27 - 2015-02-23 15:45 - 00000432 _____ () C:\Windows\Tasks\ASO-OneClickCare.job
2015-03-26 15:07 - 2015-02-23 15:45 - 00003304 _____ () C:\Windows\System32\Tasks\ASO-OneClickCare
2015-03-26 00:05 - 2013-11-22 21:37 - 00000000 ____D () C:\Users\Privat\AppData\Local\VirtualStore
2015-03-25 23:04 - 2013-11-24 19:16 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\TS3Client
2015-03-25 18:34 - 2014-12-11 03:53 - 00000000 ____D () C:\Windows\system32\appraiser
2015-03-25 18:34 - 2014-04-30 01:20 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-03-25 11:34 - 2013-11-23 01:12 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft
2015-03-24 16:16 - 2013-11-22 21:37 - 00000000 ____D () C:\Users\Privat
2015-03-24 16:15 - 2013-11-23 00:07 - 00001656 _____ () C:\Windows\system32\ASOROSet.bin
2015-03-24 16:15 - 2009-07-14 03:34 - 71565312 _____ () C:\Windows\system32\config\software.bak
2015-03-24 16:15 - 2009-07-14 03:34 - 25690112 _____ () C:\Windows\system32\config\system.bak
2015-03-24 16:15 - 2009-07-14 03:34 - 00024576 _____ () C:\Windows\system32\config\security.bak
2015-03-24 16:11 - 2009-07-14 03:34 - 00061440 _____ () C:\Windows\system32\config\sam.bak
2015-03-23 15:47 - 2015-02-23 15:45 - 00000462 _____ () C:\Windows\Tasks\ASO-AutoCheckUpdate7Days.job
2015-03-23 15:35 - 2009-07-14 06:13 - 01593956 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-22 01:34 - 2014-08-04 11:18 - 00000000 ____D () C:\ProgramData\Package Cache
2015-03-22 01:30 - 2014-05-08 14:01 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\NVIDIA
2015-03-21 17:39 - 2013-11-23 02:18 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2015-03-21 16:43 - 2013-11-22 22:16 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-03-21 16:41 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-03-19 19:16 - 2014-03-12 11:58 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2015-03-16 10:35 - 2014-07-04 18:29 - 00000000 ____D () C:\ProgramData\Origin
2015-03-12 21:59 - 2014-08-03 18:55 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\Skype
2015-03-12 17:02 - 2013-11-23 22:31 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\AIMP3
2015-03-12 06:57 - 2009-07-14 06:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-03-12 06:51 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-12 06:51 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-11 23:53 - 2013-11-23 13:54 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-11 23:48 - 2013-11-23 13:54 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-11 18:54 - 2013-11-23 22:31 - 00000000 ____D () C:\Program Files (x86)\AIMP3
2015-03-11 15:57 - 2013-11-23 14:38 - 00000000 ___HD () C:\Windows\msdownld.tmp
2015-03-11 15:57 - 2013-11-23 14:38 - 00000000 ____D () C:\Windows\SysWOW64\directx
2015-03-09 19:55 - 2014-08-06 16:46 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\Systweak
2015-03-09 15:48 - 2014-08-06 16:46 - 00000000 ____D () C:\ProgramData\Systweak
2015-03-09 15:48 - 2013-11-22 22:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Optimizer 3
2015-03-09 15:48 - 2013-11-22 22:54 - 00000000 ____D () C:\Program Files (x86)\Advanced System Optimizer 3
2015-03-09 12:19 - 2014-08-06 16:41 - 00019728 _____ (Systweak Inc., (www.systweak.com)) C:\Windows\system32\roboot64.exe
2015-03-09 00:37 - 2013-11-23 02:36 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\vlc
2015-03-06 18:52 - 2013-11-22 22:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-06 02:27 - 2013-11-23 14:29 - 00000000 ____D () C:\ProgramData\Steam
2015-03-05 21:01 - 2014-08-03 21:50 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-03-05 21:01 - 2014-08-03 18:54 - 00000000 ____D () C:\ProgramData\Skype
2015-03-03 15:23 - 2014-05-31 19:48 - 00000000 ____D () C:\ProgramData\Electronic Arts
2015-03-03 14:12 - 2014-04-10 03:10 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-03-03 11:49 - 2013-12-07 09:53 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft Public Test
2015-03-01 18:49 - 2014-06-06 18:37 - 00000000 ____D () C:\Program Files (x86)\Razer
2015-03-01 18:12 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-26 07:45 - 2015-02-23 15:47 - 00000000 ____D () C:\Windows\Repair

==================== Files in the root of some directories =======

2013-11-22 22:12 - 2013-11-22 22:12 - 0003584 _____ () C:\Users\Privat\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-03-07 01:54 - 2015-03-07 01:54 - 0628688 _____ (CMI Limited) C:\Users\Privat\AppData\Local\nslD097.tmp
2013-11-22 23:52 - 2013-11-22 23:52 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-03-08 06:12 - 2015-03-08 06:12 - 0000000 _____ () C:\ProgramData\rebootpending.txt

Files to move or delete:
====================
C:\Users\Privat\AppData\Local\Temp\Stick-sky\stick-generate.exe
C:\Users\Privat\AppData\Local\Temp\Summersmoke\summer-employ.exe
C:\ProgramData\StartMenuReviver.exe


Some content of TEMP:
====================
C:\Users\Privat\AppData\Local\Temp\avgnt.exe
C:\Users\Privat\AppData\Local\Temp\bitool.dll
C:\Users\Privat\AppData\Local\Temp\setup_gmsd_de.exe
C:\Users\Privat\AppData\Local\Temp\smt_istartsurf.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-25 17:33

==================== End Of Log ============================
Ich nutze den Rechner nicht alleine, von daher wäre es nett, wenn man mir anschliessend sagen könnte, wo man sich NICHT aufhalten sollte, bevor sowas mit meinem Rechner wieder passiert.
Ich hoffe mir kann bei diesem Diversen Problem geholfen werden. :abklatsch:

M-K-D-B 28.03.2015 15:25
:hallo:


Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.


Bitte beachte folgende Hinweise:
  • Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
  • Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
  • Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo. Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
  • Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
  • Bitte beachten: Download bei filepony.de: So ladet Ihr unsere Tools richtig!
  • Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!


Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:
So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke aauf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

Danke für deine Mitarbeit!




Zukünftig bitte beachten:
Zitat:
Running from C:\Users\Privat\Downloads\Programs
Leider hast du unsere Anleitung nicht richtig befolgt:
Bitte alle Tools direkt auf den Desktop downloaden bzw. dorthin verschieben und vom Desktop starten, da unsere Anleitungen daraufhin ausgelegt sind.
Zudem lassen sich dann am Ende der Bereinigung alle verwendeten Tools sehr einfach entfernen.
Alle Tools bis zum Ende der Bereinigung auf dem Desktop lassen, evtl. benötigen wir manche öfter.




Wir beginnen mit ComboFix vom Desktop:


Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Wildstyle 28.03.2015 17:23
Hallo Matthias,

danke dir für das schnelle Reagieren.
Nach dem durchlauf von Combofix sehe ich meinen mauszeiger nicht mehr.

Hier die logs:

Code:
ComboFix 15-03-25.01 - Privat 28.03.2015  16:30:37.3.4 - x64
Microsoft Windows 7 Ultimate  6.1.7601.1.1252.49.1031.18.8191.6326 [GMT 1:00]
ausgeführt von:: c:\users\Privat\Desktop\ComboFix_2.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((  Dateien erstellt von 2015-02-28 bis 2015-03-28  ))))))))))))))))))))))))))))))
.
.
2015-03-28 15:46 . 2015-03-28 15:46        --------        d-----w-        c:\users\Public\AppData\Local\temp
2015-03-28 15:46 . 2015-03-28 15:46        --------        d-----w-        c:\users\Default\AppData\Local\temp
2015-03-28 13:11 . 2015-03-28 13:11        --------        d-----w-        c:\program files (x86)\ESET
2015-03-28 12:05 . 2015-03-28 12:07        --------        d-----w-        C:\FRST
2015-03-28 01:13 . 2015-03-28 01:13        --------        d--h--w-        c:\users\Privat\AppData\Local\Songshoot
2015-03-27 14:45 . 2015-03-27 14:45        --------        d-----w-        c:\program files\W10-Beta
2015-03-27 11:31 . 2015-03-27 23:10        --------        d-----w-        c:\users\Privat\AppData\Local\immersive-explorer.com
2015-03-27 11:16 . 2015-03-28 12:19        --------        d-----w-        c:\program files (x86)\MetroSidebar
2015-03-27 11:05 . 2015-03-27 11:05        --------        d-----w-        c:\programdata\StartMenuReviver.exe
2015-03-27 11:05 . 2015-03-27 11:05        --------        d-----w-        c:\programdata\ReviverSoft
2015-03-27 11:05 . 2015-03-27 11:29        --------        d-----w-        c:\users\Privat\AppData\Roaming\MetroSidebar
2015-03-27 11:04 . 2015-03-27 11:04        --------        d-----w-        C:\W7P_Backups
2015-03-27 11:02 . 2015-03-27 11:05        --------        d-----w-        C:\SkinPack
2015-03-27 10:54 . 2015-03-27 11:01        --------        d-----w-        c:\users\Privat\AppData\Local\VMware
2015-03-27 10:54 . 2015-03-27 10:54        --------        d-----w-        c:\users\Privat\AppData\Roaming\VMware
2015-03-27 10:52 . 2015-01-07 14:55        76480        ----a-w-        c:\windows\system32\drivers\vsock.sys
2015-03-27 10:52 . 2015-01-07 14:55        68288        ----a-w-        c:\windows\system32\vsocklib.dll
2015-03-27 10:52 . 2015-01-07 14:55        64192        ----a-w-        c:\windows\SysWow64\vsocklib.dll
2015-03-27 10:52 . 2015-02-06 17:40        66752        ----a-w-        c:\windows\system32\drivers\vmx86.sys
2015-03-27 10:52 . 2015-02-06 17:39        33472        ----a-w-        c:\windows\system32\drivers\VMkbd.sys
2015-03-27 10:51 . 2015-02-06 17:40        359104        ----a-w-        c:\windows\SysWow64\vmnetdhcp.exe
2015-03-27 10:51 . 2015-02-06 17:40        26816        ----a-w-        c:\windows\system32\drivers\vmnetuserif.sys
2015-03-27 10:51 . 2015-02-06 17:40        438464        ----a-w-        c:\windows\SysWow64\vmnat.exe
2015-03-27 10:51 . 2015-02-06 17:39        931008        ----a-w-        c:\windows\system32\vnetlib64.dll
2015-03-27 10:51 . 2015-01-07 07:02        55488        ----a-w-        c:\windows\system32\drivers\hcmon.sys
2015-03-27 10:50 . 2015-03-27 10:50        --------        d-----w-        c:\program files\Common Files\VMware
2015-03-27 10:50 . 2015-03-28 13:05        --------        d-----w-        c:\programdata\VMware
2015-03-27 10:50 . 2015-03-27 10:50        --------        d-----w-        c:\program files (x86)\VMware
2015-03-27 10:50 . 2015-03-27 10:50        --------        d-----w-        c:\program files (x86)\Common Files\VMware
2015-03-27 08:32 . 2015-03-14 10:02        12002392        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{2E12228A-2EC4-41A4-B083-D542B0A447C7}\mpengine.dll
2015-03-26 17:26 . 2015-03-26 17:26        --------        d--h--w-        c:\users\Privat\AppData\Roaming\Desire_profit
2015-03-26 15:43 . 2015-03-26 15:43        --------        d--h--w-        c:\users\Privat\AppData\Local\Range-must
2015-03-26 10:02 . 2015-03-26 10:02        --------        d-----w-        c:\users\Privat\AppData\Roaming\Alien Isolation
2015-03-25 23:47 . 2015-03-25 23:47        --------        d--h--w-        c:\users\Privat\AppData\Roaming\Chart_plate
2015-03-25 23:19 . 2015-03-27 14:46        --------        d-----w-        c:\programdata\ywfme
2015-03-25 23:05 . 2015-03-25 23:05        --------        d--h--w-        c:\users\Privat\AppData\Roaming\Forcedog
2015-03-25 22:12 . 2015-03-27 09:22        --------        d--h--w-        c:\users\Privat\AppData\Roaming\Song-open
2015-03-25 10:17 . 2015-03-11 04:06        677888        ----a-w-        c:\windows\system32\generaltel.dll
2015-03-25 10:17 . 2015-03-11 04:06        760832        ----a-w-        c:\windows\system32\invagent.dll
2015-03-25 10:17 . 2015-03-11 04:06        414720        ----a-w-        c:\windows\system32\devinv.dll
2015-03-25 10:17 . 2015-03-11 04:06        943616        ----a-w-        c:\windows\system32\appraiser.dll
2015-03-25 10:17 . 2015-03-11 04:05        30720        ----a-w-        c:\windows\system32\acmigration.dll
2015-03-25 10:17 . 2015-03-11 04:05        227328        ----a-w-        c:\windows\system32\aepdu.dll
2015-03-25 10:17 . 2015-03-11 04:05        192000        ----a-w-        c:\windows\system32\aepic.dll
2015-03-25 10:17 . 2015-03-11 04:02        1107456        ----a-w-        c:\windows\system32\aeinv.dll
2015-03-22 22:14 . 2015-03-23 05:02        --------        d-----w-        c:\users\Privat\AppData\Local\Darksiders2
2015-03-22 22:14 . 2015-03-22 22:14        --------        d-----w-        c:\users\Privat\AppData\Local\SKIDROW
2015-03-19 03:08 . 2015-03-19 02:27        191960        ----a-w-        c:\windows\system32\drivers\idmwfp.sys
2015-03-14 12:19 . 2015-03-14 12:20        --------        d-----w-        c:\program files (x86)\Microsoft Games for Windows - LIVE
2015-03-14 12:19 . 2015-03-14 12:19        --------        d-----w-        c:\windows\SysWow64\xlive
2015-03-13 09:15 . 2015-03-13 09:21        --------        d---a-w-        C:\Verschlüsselt
2015-03-11 13:36 . 2015-01-31 03:48        3179520        ----a-w-        c:\windows\system32\rdpcorets.dll
2015-03-10 17:06 . 2015-03-11 04:05        --------        d-----w-        c:\programdata\Codemasters
2015-03-08 21:57 . 2015-03-08 21:57        --------        d-----w-        c:\users\Privat\AppData\Local\BANDAI NAMCO Games
2015-03-08 04:50 . 2014-08-02 12:37        --------        d-----w-        c:\program files\WindowBlinds
2015-03-08 04:45 . 2015-03-08 04:45        --------        d-----w-        c:\windows\SysWow64\AMD64
2015-03-08 04:44 . 2015-03-12 09:21        --------        d-----w-        c:\program files (x86)\ProcessSystem
2015-03-08 04:44 . 2015-03-12 16:27        --------        d-----w-        c:\program files (x86)\Sinhala Meaning
2015-03-08 04:42 . 2015-03-08 05:14        --------        d-----w-        c:\programdata\{9a05f486-54c6-b219-9a05-5f48654cd219}
2015-03-08 03:36 . 2015-03-08 05:32        --------        d-----w-        c:\programdata\Stardock
2015-03-08 03:14 . 2015-03-08 03:14        --------        d--h--w-        c:\programdata\{CEC42AA7-80BC-42B4-B5F3-8E754D04A118}
2015-03-08 03:07 . 2015-03-08 04:36        --------        d-----w-        c:\users\Privat\AppData\Local\Stardock
2015-03-08 03:07 . 2015-03-27 11:26        --------        d-----w-        c:\program files (x86)\Stardock
2015-03-08 01:33 . 2007-09-21 08:57        81920        ----a-w-        c:\windows\SysWow64\dancemat.exe
2015-03-07 20:35 . 2015-03-07 21:26        --------        d-----w-        c:\program files\X360ce
2015-03-07 15:57 . 2008-08-08 14:31        40856        ----a-w-        c:\windows\SysWow64\drivers\hid8103.sys
2015-03-06 23:43 . 2015-03-07 16:20        --------        d-----w-        c:\programdata\{adb05eb9-8e80-1ef7-adb0-05eb98e87ae6}
2015-03-06 23:43 . 2015-03-07 15:56        --------        d-----w-        c:\users\Privat\AppData\Local\winengine
2015-03-06 23:16 . 2015-03-06 23:16        --------        d-----w-        c:\programdata\KONAMI
2015-03-06 09:46 . 2015-03-06 09:46        --------        d-----w-        c:\users\Privat\AppData\Local\My Games
2015-03-06 09:36 . 2015-03-06 20:18        281688        ----a-w-        c:\windows\SysWow64\PnkBstrB.xtr
2015-03-06 09:36 . 2015-03-10 13:15        --------        d-----w-        c:\programdata\Orbit
2015-03-06 09:26 . 2015-03-06 09:36        281688        ----a-w-        c:\windows\SysWow64\PnkBstrB.ex0
2015-03-06 00:15 . 2015-03-06 00:15        --------        d-----w-        c:\users\Privat\AppData\Local\Crytek
2015-03-05 13:54 . 2015-03-05 13:54        270468        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0700\Intel32\Setup.dll
2015-03-05 13:54 . 2015-03-05 13:54        159876        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0700\Intel32\IGdi.dll
2015-03-04 15:42 . 2015-03-04 16:05        --------        d-----w-        c:\users\Privat\AppData\Roaming\Origin
2015-03-04 15:42 . 2015-03-04 16:05        --------        d-----w-        c:\users\Privat\AppData\Local\Origin
2015-03-04 15:41 . 2015-03-04 15:42        --------        d-----w-        c:\program files (x86)\Origin
2015-03-04 15:12 . 2015-03-04 15:12        --------        d--h--w-        c:\program files (x86)\Common Files\EAInstaller
2015-03-04 09:50 . 2015-03-04 09:50        --------        d-----w-        c:\windows\SysWow64\0E1D~1
2015-03-04 04:05 . 2015-03-04 04:05        --------        d-----w-        c:\programdata\EA Core
2015-03-02 01:23 . 2015-03-02 01:23        1700352        ----a-w-        c:\windows\SysWow64\gdiplus.dll
2015-03-02 01:23 . 2015-03-02 01:23        1060864        ----a-w-        c:\windows\SysWow64\mfc71.dll
2015-03-02 01:06 . 2015-03-02 01:06        --------        d-----w-        c:\program files (x86)\WEB.DE MailCheck
2015-03-01 23:58 . 2015-03-01 23:58        --------        d-----w-        c:\users\Privat\AppData\Local\storage
2015-03-01 23:57 . 2015-03-06 09:36        --------        d-----w-        c:\users\Privat\AppData\Local\PunkBuster
2015-03-01 23:57 . 2015-03-21 15:41        --------        d-----w-        c:\users\Privat\AppData\Roaming\Ubisoft
2015-03-01 16:32 . 2015-03-01 16:32        --------        d-----w-        c:\users\Privat\AppData\Local\Rockstar Games
2015-03-01 16:32 . 2015-03-01 16:32        --------        d-sh--w-        c:\programdata\SecuROM
2015-03-01 15:56 . 2015-03-01 15:56        --------        d--h--r-        c:\users\Privat\AppData\Roaming\SecuROM
2015-03-01 04:35 . 2015-03-15 13:21        --------        d-----w-        c:\users\Privat\AppData\Local\CAPCOM
2015-03-01 04:35 . 2015-03-01 04:35        --------        d-----w-        c:\users\Privat\AppData\Roaming\Steam
2015-03-01 01:56 . 2015-03-01 01:56        --------        d-----w-        c:\program files (x86)\UltraISO
2015-03-01 01:56 . 2015-03-01 01:56        --------        d-----w-        c:\program files (x86)\Common Files\EZB Systems
2015-03-01 01:42 . 2015-03-27 11:26        --------        d-----w-        c:\users\Privat\AppData\Roaming\IDM
2015-03-01 01:42 . 2015-03-01 01:42        --------        d-----w-        c:\programdata\IDM
2015-03-01 01:42 . 2015-03-28 15:47        --------        d-----w-        c:\users\Privat\AppData\Roaming\DMCache
2015-03-01 01:42 . 2015-03-23 14:17        --------        d-----w-        c:\program files (x86)\Internet Download Manager
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-03-27 11:04 . 2014-08-14 20:40        3849216        ----a-w-        c:\windows\SysWow64\authui.dll
2015-03-27 11:04 . 2009-07-13 23:42        51167232        ----a-w-        c:\windows\SysWow64\imageres.dll
2015-03-27 11:04 . 2009-07-13 23:57        51167232        ----a-w-        c:\windows\system32\imageres.dll
2015-03-27 11:04 . 2014-08-14 20:40        3984896        ----a-w-        c:\windows\system32\authui.dll
2015-03-24 15:15 . 2013-11-22 23:07        1656        ----a-w-        c:\windows\system32\ASOROSet.bin
2015-03-19 00:47 . 2013-12-19 13:55        893552        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2015-03-19 00:47 . 2013-12-19 13:55        42168        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2015-03-11 22:48 . 2013-11-23 12:54        122905848        ----a-w-        c:\windows\system32\MRT.exe
2015-02-24 08:57 . 2015-02-24 03:02        129752        ----a-w-        c:\windows\system32\drivers\2CAD687B.sys
2015-02-24 03:17 . 2010-11-21 03:27        295552        ----a-w-        c:\windows\system32\MpSigStub.exe
2015-02-06 17:39 . 2015-02-06 17:39        81088        ----a-w-        c:\windows\system32\vmnetbridge.dll
2015-02-06 17:39 . 2015-02-06 17:39        49856        ----a-w-        c:\windows\system32\vnetinst.dll
2015-02-06 17:39 . 2015-02-06 17:39        48832        ----a-w-        c:\windows\system32\drivers\vmnetbridge.sys
2015-02-06 17:39 . 2015-02-06 17:39        28864        ----a-w-        c:\windows\system32\drivers\vmnetadapter.sys
2015-02-06 17:39 . 2015-02-06 17:39        27328        ----a-w-        c:\windows\system32\drivers\vmnet.sys
2015-02-05 21:01 . 2015-02-11 11:36        995248        ----a-w-        c:\windows\system32\nvumdshimx.dll
2015-02-05 21:01 . 2015-02-11 11:36        969872        ----a-w-        c:\windows\system32\NvIFR64.dll
2015-02-05 21:01 . 2015-02-11 11:36        943760        ----a-w-        c:\windows\system32\NvFBC64.dll
2015-02-05 21:01 . 2015-02-11 11:36        929936        ----a-w-        c:\windows\SysWow64\NvIFR.dll
2015-02-05 21:01 . 2015-02-11 11:36        908104        ----a-w-        c:\windows\SysWow64\NvFBC.dll
2015-02-05 21:01 . 2015-02-11 11:36        877816        ----a-w-        c:\windows\SysWow64\nvumdshim.dll
2015-02-05 21:01 . 2015-02-11 11:36        3610768        ----a-w-        c:\windows\system32\nvcuvid.dll
2015-02-05 21:01 . 2015-02-11 11:36        353224        ----a-w-        c:\windows\system32\nvoglshim64.dll
2015-02-05 21:01 . 2015-02-11 11:36        3247248        ----a-w-        c:\windows\SysWow64\nvcuvid.dll
2015-02-05 21:01 . 2015-02-11 11:36        32106640        ----a-w-        c:\windows\system32\nvoglv64.dll
2015-02-05 21:01 . 2015-02-11 11:36        305136        ----a-w-        c:\windows\SysWow64\nvoglshim32.dll
2015-02-05 21:01 . 2015-02-11 11:36        2902784        ----a-w-        c:\windows\SysWow64\nvapi.dll
2015-02-05 21:01 . 2015-02-11 11:36        25460880        ----a-w-        c:\windows\system32\nvcompiler.dll
2015-02-05 21:01 . 2015-02-11 11:36        24768144        ----a-w-        c:\windows\SysWow64\nvoglv32.dll
2015-02-05 21:01 . 2015-02-11 11:36        20466496        ----a-w-        c:\windows\SysWow64\nvcompiler.dll
2015-02-05 21:01 . 2015-02-11 11:36        1895240        ----a-w-        c:\windows\system32\nvdispco6434752.dll
2015-02-05 21:01 . 2015-02-11 11:36        177624        ----a-w-        c:\windows\system32\nvinitx.dll
2015-02-05 21:01 . 2015-02-11 11:36        164752        ----a-w-        c:\windows\SysWow64\nvinit.dll
2015-02-05 21:01 . 2015-02-11 11:36        16017040        ----a-w-        c:\windows\SysWow64\nvwgf2um.dll
2015-02-05 21:01 . 2015-02-11 11:36        1557648        ----a-w-        c:\windows\system32\nvdispgenco6434752.dll
2015-02-05 21:01 . 2015-02-11 11:36        13294528        ----a-w-        c:\windows\system32\nvopencl.dll
2015-02-05 21:01 . 2015-02-11 11:36        13208200        ----a-w-        c:\windows\system32\nvcuda.dll
2015-02-05 21:01 . 2015-02-11 11:36        10773704        ----a-w-        c:\windows\SysWow64\nvopencl.dll
2015-02-05 21:01 . 2015-02-11 11:36        10713256        ----a-w-        c:\windows\SysWow64\nvcuda.dll
2015-02-05 21:01 . 2015-02-11 11:36        10284872        ----a-w-        c:\windows\system32\drivers\nvlddmkm.sys
2015-02-05 21:01 . 2014-07-29 21:40        17253848        ----a-w-        c:\windows\system32\nvd3dumx.dll
2015-02-05 21:01 . 2014-04-10 02:10        74056        ----a-w-        c:\windows\system32\OpenCL.dll
2015-02-05 21:01 . 2014-04-10 02:10        60560        ----a-w-        c:\windows\SysWow64\OpenCL.dll
2015-02-05 21:01 . 2014-04-10 02:06        18575880        ----a-w-        c:\windows\system32\nvwgf2umx.dll
2015-02-05 21:01 . 2014-04-10 02:06        14119744        ----a-w-        c:\windows\SysWow64\nvd3dum.dll
2015-02-05 21:01 . 2014-04-10 02:06        3299512        ----a-w-        c:\windows\system32\nvapi64.dll
2015-02-05 19:07 . 2014-04-10 02:10        6861128        ----a-w-        c:\windows\system32\nvcpl.dll
2015-02-05 19:07 . 2014-04-10 02:10        3517584        ----a-w-        c:\windows\system32\nvsvc64.dll
2015-02-05 19:07 . 2014-04-10 02:10        935056        ----a-w-        c:\windows\system32\nvvsvc.exe
2015-02-05 19:07 . 2014-04-10 02:10        62792        ----a-w-        c:\windows\system32\nvshext.dll
2015-02-05 19:07 . 2014-04-10 02:10        2558792        ----a-w-        c:\windows\system32\nvsvcr.dll
2015-02-05 19:06 . 2014-04-10 02:10        385168        ----a-w-        c:\windows\system32\nvmctray.dll
2015-02-05 17:57 . 2015-02-11 11:39        621384        ----a-w-        c:\windows\SysWow64\nvStreaming.exe
2015-02-05 16:16 . 2013-11-22 21:29        71344        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-02-05 16:16 . 2013-11-22 21:29        701616        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2015-02-05 12:50 . 2014-04-10 02:10        4236870        ----a-w-        c:\windows\system32\nvcoproc.bin
2015-01-28 09:46 . 2015-01-27 10:32        129752        ----a-w-        c:\windows\system32\drivers\3EA435C6.sys
2015-01-27 23:36 . 2015-02-11 11:01        1239720        ----a-w-        c:\windows\system32\aitstatic.exe
2015-01-13 07:52 . 2015-01-12 03:54        129752        ----a-w-        c:\windows\system32\drivers\76777137.sys
2015-01-10 08:07 . 2015-01-25 09:02        1895240        ----a-w-        c:\windows\system32\nvdispco6434725.dll
2015-01-10 08:07 . 2015-01-25 09:02        1556808        ----a-w-        c:\windows\system32\nvdispgenco6434725.dll
2015-01-10 07:22 . 2015-01-09 07:20        129752        ----a-w-        c:\windows\system32\drivers\0DE7241C.sys
2015-01-09 03:14 . 2015-02-25 18:18        91136        ----a-w-        c:\windows\system32\wdi.dll
2015-01-09 03:14 . 2015-02-25 18:18        950272        ----a-w-        c:\windows\system32\perftrack.dll
2015-01-09 03:14 . 2015-02-25 18:18        29696        ----a-w-        c:\windows\system32\powertracker.dll
2015-01-09 02:48 . 2015-02-25 18:18        76800        ----a-w-        c:\windows\SysWow64\wdi.dll
2015-01-08 07:10 . 2015-01-07 05:36        129752        ----a-w-        c:\windows\system32\drivers\79483828.sys
2015-01-07 14:55 . 2015-01-07 14:55        85584        ----a-w-        c:\windows\system32\drivers\vmci.sys
2015-01-01 11:53 . 2014-12-31 02:01        129752        ----a-w-        c:\windows\system32\drivers\4C6B708B.sys
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dxtory Update Checker 2.0"="c:\program files (x86)\ExKode\Dxtory2.0\UpdateChecker.exe" [2010-10-17 93696]
"phonostar-PlayerTimer"="c:\program files (x86)\phonostar-Player\phonostarTimer.exe" [2013-04-25 42496]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2014-07-25 1562264]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2015-03-19 3890768]
"force-survive"="c:\users\Privat\AppData\Roaming\Forcedog\force-feed.exe" [2015-03-25 182272]
"chart_table"="c:\users\Privat\AppData\Roaming\Chart_plate\chart_go.exe" [2015-03-25 182272]
"range-horse"="c:\users\Privat\AppData\Local\Range-must\rangepractice.exe" [2015-03-26 97792]
"desire-card"="c:\users\Privat\AppData\Roaming\Desire_profit\desire_boss.exe" [2015-03-26 184320]
"tssop"="c:\programdata\Blizzard Entertainment\Battle.net\Cache\1e\6f\design_for_testability\valve.exe" [2012-03-02 209920]
"CursorFX"="c:\program files (x86)\Stardock\CursorFX\CursorFX.exe" [2012-06-27 653128]
"song_fill"="c:\users\Privat\AppData\Local\Songshoot\songprogram.exe" [2015-03-28 151552]
.
c:\users\Privat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2014-8-28 0]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ImmersiveExplorer.lnk - c:\skinpack\ImmersiveExplorer\Immersive Explorer.exe [2014-9-30 721080]
MetroSidebar.lnk - c:\skinpack\MetroSidebar\MetroSidebar.exe [2014-9-30 1081856]
StartMenu.lnk - c:\skinpack\StartMenu\StartMenuReviver.exe [2014-9-17 14817400]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableSecureUIAPath"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 6d75c4f6;ProcessSystem;c:\windows\system32\rundll32.exe;c:\windows\SYSNATIVE\rundll32.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys;c:\windows\SYSNATIVE\Drivers\ssadadb.sys [x]
R3 Asushwio;Asushwio;d:\bin\64bit\Asushwio.sys;d:\bin\64bit\Asushwio.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 h647906;DragonRise H647906 AMD64 Driver;c:\windows\system32\drivers\h647906.sys;c:\windows\SYSNATIVE\drivers\h647906.sys [x]
R3 h648101;DragonRise H648101 AMD64 Driver;c:\windows\system32\drivers\h648101.sys;c:\windows\SYSNATIVE\drivers\h648101.sys [x]
R3 h648103;DragonRise H648103 AMD64 Driver;c:\windows\system32\drivers\h648103.sys;c:\windows\SYSNATIVE\drivers\h648103.sys [x]
R3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
R3 hid7906;hid7906;c:\windows\system32\drivers\hid7906.sys;c:\windows\SYSNATIVE\drivers\hid7906.sys [x]
R3 hid8101;hid8101;c:\windows\system32\drivers\hid8101.sys;c:\windows\SYSNATIVE\drivers\hid8101.sys [x]
R3 hid8103;hid8103;c:\windows\system32\drivers\hid8103.sys;c:\windows\SYSNATIVE\drivers\hid8103.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
R3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
R3 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssadserd.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 xhunter1;xhunter1;c:\windows\xhunter1.sys;c:\windows\xhunter1.sys [x]
R4 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
R4 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
R4 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
R4 RzOvlMon;Razer Overlay Subsystem Emergency Service;c:\program files (x86)\Razer\Core\64bit\rzovlmon.exe;c:\program files (x86)\Razer\Core\64bit\rzovlmon.exe [x]
R4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
R4 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
R4 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files (x86)\Intel\AMT\UNS.exe;c:\program files (x86)\Intel\AMT\UNS.exe [x]
S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\system32\DRIVERS\amdkmpfd.sys;c:\windows\SYSNATIVE\DRIVERS\amdkmpfd.sys [x]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys;c:\windows\SYSNATIVE\DRIVERS\vmci.sys [x]
S0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys;c:\windows\SYSNATIVE\drivers\vsock.sys [x]
S1 RzFilter;RzFilter;c:\windows\system32\drivers\RzFilter.sys;c:\windows\SYSNATIVE\drivers\RzFilter.sys [x]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x]
S2 UnsignedThemes;Unsigned Themes;c:\windows\UnsignedThemesSvc.exe;c:\windows\UnsignedThemesSvc.exe [x]
S2 uxpatch;uxpatch;c:\windows\system32\drivers\uxpatch.sys;c:\windows\SYSNATIVE\drivers\uxpatch.sys [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv.sys;c:\windows\SYSNATIVE\DRIVERS\mcvidrv.sys [x]
S3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys;c:\windows\SYSNATIVE\drivers\mcaudrv_x64.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RzDxgk;RzDxgk;c:\windows\system32\drivers\RzDxgk.sys;c:\windows\SYSNATIVE\drivers\RzDxgk.sys [x]
S3 rzudd;Razer Mouse Driver;c:\windows\system32\DRIVERS\rzudd.sys;c:\windows\SYSNATIVE\DRIVERS\rzudd.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2015-03-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-22 16:16]
.
2015-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-02-16 07:33]
.
2015-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-02-16 07:33]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2014-04-21 08:02        25112        ----a-w-        c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FAHConsole"="c:\program files\File Association Helper\FAHConsole.exe" [2013-09-26 216248]
"atchk"="c:\program files (x86)\Intel\AMT\atchk.exe" [2009-12-01 401408]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [BU]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-12-13 2824504]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-12-13 2531472]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-10-24 13662936]
"VX1000"="c:\windows\vVX1000.exe" [2010-05-20 762736]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{F791A188-699D-4FD4-955A-EB59E89B1907}"= "c:\skinpack\ThemeResourceChanger.dll" [2014-09-30 103936]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mDefault_Search_URL = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com/
mStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.bing.com/search?q={searchTerms}
IE: Download aller Links mit IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download mit IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: Free YouTube Download - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
TCP: DhcpNameServer = 192.168.0.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
AddRemove-Darksiders II_is1 - c:\r.g. catalyst\Darksiders II\uninstall\unins000.exe
AddRemove-Reload Icons Cache 1.00 - c:\program files (x86)\Mr Blade Design's\Reload Icons Cache\Uninstall.exe
AddRemove-{FB0127F3-985B-44CE-AE29-378CAF60B361}_is1 - c:\r.g. catalyst\Need for Speed - Most Wanted\uninstall\unins000.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-599707613-2096614801-711580207-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
@DACL=(02 0000)
"ExcludeProfileDirs"="AppData\\Local;AppData\\LocalLow;$Recycle.Bin"
"BuildNumber"=dword:00001db1
"FirstLogon"=dword:00000000
"ParseAutoexec"="1"
.
[HKEY_USERS\S-1-5-21-599707613-2096614801-711580207-1000\Software\SecuROM\License information*]
"datasecu"=hex:45,b3,19,ac,ab,9b,34,c2,ec,fe,b7,15,50,47,92,36,c8,93,83,44,fb,
  bd,91,4a,38,22,35,03,d0,32,9f,55,32,08,83,fd,cc,50,75,22,c5,b6,b7,b9,16,b3,\
"rkeysecu"=hex:1f,8d,70,35,c9,d5,0b,4c,10,9d,1b,22,b6,72,88,55
.
[HKEY_USERS\S-1-5-21-599707613-2096614801-711580207-1000_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):51,07,aa,a5,14,df,c4,72,fe,6c,22,ef,51,eb,a3,45,59,90,9e,f2,fe,
  35,fc,64,67,39,99,04,70,99,5e,69,4f,2a,47,ce,82,e6,71,35,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-599707613-2096614801-711580207-1000_Classes\Wow6432Node\CLSID\{8652aae3-33bf-43c0-978b-a3a1de03c3fc}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000056
"Therad"=dword:0000001c
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.16"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-03-28  17:16:18
ComboFix-quarantined-files.txt  2015-03-28 16:16
ComboFix2.txt  2015-03-28 12:23
ComboFix3.txt  2014-08-06 01:55
.
Vor Suchlauf: 21 Verzeichnis(se), 233.794.703.360 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 233.949.241.344 Bytes frei
.
- - End Of File - - 145AAC1A06E82C997065565A299412D3
A36C5E4F47E84449FF07ED3517B43A31

M-K-D-B 28.03.2015 20:36
Servus,


Rechner neu starten.



Bitte lasse die Datei aus der Code-Box bei Virustotal überprüfen.
  • Klicke auf Wählen Sie eine
  • Kopiere nun folgendes in die Suchleiste
    Code:
    C:\Windows\System32\drivers\h647906.sys
  • und klicke auf Öffnen.
  • Klicke auf Scannen!.
  • Warte bitte bis die Datei vollständig hochgeladen wurde. Solltest Du folgende Meldung bekommen
    Zitat:
    Diese Datei wurde bereits von VirusTotal analysiert...
    klicke auf Neu analysieren.
  • Warte bis dir das Analysedatum angezeigt wird und der Scan abgeschlossen ist.
  • Kopiere den Link aus deiner Adresszeile und poste ihn hier.

Wiederhole den Vorgang mit den folgenden Dateien:
C:\Users\Privat\AppData\Local\Range-must\rangepractice.exe
C:\Users\Privat\AppData\Roaming\910A7ED9-1425685473-1192-C5DB-90FBA635F3BA\jnsaF4CF.tmp

Wildstyle 28.03.2015 22:20
Hey hey,

Das erste hat geklappt...Link:
https://www.virustotal.com/de/file/a...is/1427576850/

Zweites: wird verwendet, oder ändern sie den Namen und versuchen sie es erneut.

Drittes: Pfad ist nicht vorhanden, bitte überprüfen sie den Pfad und versuchen sie es erneut.

:(

M-K-D-B 28.03.2015 22:21
Schritt 1
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).





Schritt 2
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.







Schritt 3

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.







Schritt 4
  • Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
  • FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.






Bitte poste mit deiner nächsten Antwort
  • die Logdatei von AdwCleaner,
  • die Logdatei von MBAM,
  • die Logdatei von JRT,
  • die beiden neuen Logdateien von FRST.

Wildstyle 28.03.2015 23:21
Code:
# AdwCleaner v4.113 - Bericht erstellt 28/03/2015 um 22:28:53
# Aktualisiert 22/03/2015 von Xplode
# Datenbank : 2015-03-28.1 [Server]
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (x64)
# Benutzername : Privat - PRIVAT-PC
# Gestarted von : C:\Users\Privat\Desktop\AdwCleaner_4.113.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17689


-\\ Mozilla Firefox v36.0.1 (x86 de)


-\\ Google Chrome v41.0.2272.101


-\\ Opera v0.0.0.0


*************************

AdwCleaner[R0].txt - [8301 Bytes] - [06/08/2014 03:18:15]
AdwCleaner[R1].txt - [16615 Bytes] - [28/03/2015 13:33:23]
AdwCleaner[R2].txt - [1090 Bytes] - [28/03/2015 22:26:36]
AdwCleaner[S0].txt - [8110 Bytes] - [06/08/2014 03:19:57]
AdwCleaner[S1].txt - [16815 Bytes] - [28/03/2015 13:36:25]
AdwCleaner[S2].txt - [1013 Bytes] - [28/03/2015 22:28:53]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1072  Bytes] ##########
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 28.03.2015
Suchlauf-Zeit: 22:35:51
Logdatei: MBAM.txt
Administrator: Ja

Version: 2.01.4.1018
Malware Datenbank: v2015.03.28.07
Rootkit Datenbank: v2015.03.26.01
Lizenz: Premium
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Aktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Privat

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 373130
Verstrichene Zeit: 12 Min, 31 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Warnen
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 0
(Keine schädliche Elemente gefunden)

Registrierungswerte: 0
(Keine schädliche Elemente gefunden)

Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)

Ordner: 0
(Keine schädliche Elemente gefunden)

Dateien: 1
PUP.Optional.MyStartSearch.A, C:\Users\Privat\AppData\Local\Google\Chrome\User Data\default\Secure Preferences, Gut: (), Schlecht: (  "homepage": "hxxp://www.mystartsearch.com/?type=hp&ts=1425685414&from=ima&uid=ST3500412AS_5VV08871XXXX5VV08871",), Ersetzt,[3cab1d2d1f6b3df9b2bf5cd81ceac739]

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Privat (administrator) on PRIVAT-PC on 28-03-2015 23:15:51
Running from C:\Users\Privat\Desktop
Loaded Profiles: Privat (Available profiles: Privat)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(The Within Network, LLC) C:\Windows\UnsignedThemesSvc.exe
(WinZip Computing International, LLC) C:\Program Files\File Association Helper\FAHWindow.exe
(Intel Corporation) C:\Program Files (x86)\Intel\AMT\atchk.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\vVX1000.exe
() C:\Program Files (x86)\phonostar-Player\phonostarTimer.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(MetroSidebar) C:\SkinPack\MetroSidebar\MetroSidebar.exe
(ReviverSoft) C:\SkinPack\StartMenu\StartMenuReviver.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\lodctr.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\powercfg.exe
(Microsoft Corporation) C:\Windows\SysWOW64\at.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cleanmgr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\find.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [FAHConsole] => C:\Program Files\File Association Helper\FAHConsole.exe [216248 2013-09-26] (WinZip Computing International, LLC)
HKLM\...\Run: [atchk] => C:\Program Files (x86)\Intel\AMT\atchk.exe [401408 2009-12-01] (Intel Corporation)
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)
HKLM\...\Run: [VX1000] => C:\Windows\vVX1000.exe [762736 2010-05-20] (Microsoft Corporation)
Winlogon\Notify\WB: C:\Program Files (x86)\Stardock\WindowBlinds\fast64.dll [X]
HKU\S-1-5-21-599707613-2096614801-711580207-1000\...\Run: [Dxtory Update Checker 2.0] => C:\Program Files (x86)\ExKode\Dxtory2.0\UpdateChecker.exe [93696 2010-10-17] (Dxtory Software)
HKU\S-1-5-21-599707613-2096614801-711580207-1000\...\Run: [phonostar-PlayerTimer] => C:\Program Files (x86)\phonostar-Player\phonostarTimer.exe [42496 2013-04-25] ()
HKU\S-1-5-21-599707613-2096614801-711580207-1000\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1562264 2014-07-25] (Samsung)
HKU\S-1-5-21-599707613-2096614801-711580207-1000\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3890768 2015-03-19] (Tonec Inc.)
HKU\S-1-5-21-599707613-2096614801-711580207-1000\...\Run: [force-survive] => C:\Users\Privat\AppData\Roaming\Forcedog\force-feed.exe [182272 2015-03-26] ()
HKU\S-1-5-21-599707613-2096614801-711580207-1000\...\Run: [chart_table] => C:\Users\Privat\AppData\Roaming\Chart_plate\chart_go.exe [182272 2015-03-26] ()
HKU\S-1-5-21-599707613-2096614801-711580207-1000\...\Run: [range-horse] => C:\Users\Privat\AppData\Local\Range-must\rangepractice.exe [97792 2015-03-26] ()
HKU\S-1-5-21-599707613-2096614801-711580207-1000\...\Run: [desire-card] => C:\Users\Privat\AppData\Roaming\Desire_profit\desire_boss.exe [184320 2015-03-26] ()
HKU\S-1-5-21-599707613-2096614801-711580207-1000\...\Run: [tssop] => C:\ProgramData\Blizzard Entertainment\Battle.net\Cache\1e\6f\design_for_testability\valve.exe [209920 2012-03-02] (BackupFly Software)
HKU\S-1-5-21-599707613-2096614801-711580207-1000\...\Run: [song_fill] => C:\Users\Privat\AppData\Local\Songshoot\songprogram.exe [151552 2015-03-28] ()
HKU\S-1-5-21-599707613-2096614801-711580207-1000\...\RunOnce: [force-survive] => C:\Users\Privat\AppData\Roaming\Forcedog\force-feed.exe [182272 2015-03-26] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImmersiveExplorer.lnk
ShortcutTarget: ImmersiveExplorer.lnk -> C:\SkinPack\ImmersiveExplorer\Immersive Explorer.exe (Julien MANICI)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MetroSidebar.lnk
ShortcutTarget: MetroSidebar.lnk -> C:\SkinPack\MetroSidebar\MetroSidebar.exe (MetroSidebar)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\StartMenu.lnk
ShortcutTarget: StartMenu.lnk -> C:\SkinPack\StartMenu\StartMenuReviver.exe (ReviverSoft)
Startup: C:\Users\Privat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll (Tonec Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-599707613-2096614801-711580207-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-599707613-2096614801-711580207-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-02-21] (Internet Download Manager, Tonec Inc.)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2015-02-21] (Internet Download Manager, Tonec Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Privat\AppData\Roaming\Mozilla\Firefox\Profiles\0mzbzn3k.default-1425799298169
FF Homepage: hxxp://www.google.com/
FF Keyword.URL:
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-05] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2013-11-12] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin HKU\S-1-5-21-599707613-2096614801-711580207-1000: @phonostar.de/phonostar-Player -> C:\Program Files (x86)\phonostar-Player\npphonostarDetectNP.dll [2013-08-06] ( )
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900}.xpi [2015-02-26]
FF Extension: UITBAutoInstaller - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\{edd7fc99-d65c-4979-85c2-ddeed30c50c7} [2015-03-02]
FF HKU\S-1-5-21-599707613-2096614801-711580207-1000\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-02-20]
FF HKU\S-1-5-21-599707613-2096614801-711580207-1000\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Privat\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Privat\AppData\Roaming\IDM\idmmzcc5 [2015-03-22]
FF HKU\S-1-5-21-599707613-2096614801-711580207-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Privat\AppData\Roaming\IDM\idmmzcc5
FF Extension: No Name - C:\Users\Privat\AppData\Roaming\Mozilla\Firefox\Profiles\0mzbzn3k.default-1425799298169\extensions\toolbar@web.de [Not Found]
FF Extension: No Name - C:\Users\Privat\AppData\Roaming\Mozilla\Firefox\Profiles\0mzbzn3k.default-1425799298169\extensions\istart_ffnt@gmail.com [Not Found]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.mystartsearch.com/?type=hp&ts=1425685414&from=ima&uid=ST3500412AS_5VV08871XXXX5VV08871
CHR StartupUrls: Default -> "hxxp://www.google.de/", "hxxp://www.google.com/"
CHR Profile: C:\Users\Privat\AppData\Local\Google\Chrome\User Data\default
CHR Extension: (YouTube) - C:\Users\Privat\AppData\Local\Google\Chrome\User Data\default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-09]
CHR Extension: (Adblock Plus) - C:\Users\Privat\AppData\Local\Google\Chrome\User Data\default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-03-09]
CHR Extension: (Spotify - Music for every moment) - C:\Users\Privat\AppData\Local\Google\Chrome\User Data\default\Extensions\cnkjkdjlofllcpbemipjbcpfnglbgieh [2015-03-09]
CHR Extension: (Cog - System Info Viewer) - C:\Users\Privat\AppData\Local\Google\Chrome\User Data\default\Extensions\difcjdggkffcfgcfconafogflmmaadco [2015-03-09]
CHR Extension: (Awesome Reload All Tabs Button) - C:\Users\Privat\AppData\Local\Google\Chrome\User Data\default\Extensions\kamfkajbgmjkfmfgcikbmbmpjfokfijk [2015-03-20]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Privat\AppData\Local\Google\Chrome\User Data\default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-09]
CHR Extension: (IDM Integration Module) - C:\Users\Privat\AppData\Local\Google\Chrome\User Data\default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2015-03-09]
CHR Extension: (Google Wallet) - C:\Users\Privat\AppData\Local\Google\Chrome\User Data\default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-16]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-03-19]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-03-19]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 atchksrv; C:\Program Files (x86)\Intel\AMT\atchksrv.exe [176128 2009-12-01] (Intel Corporation) [File not signed]
S4 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-13] (NVIDIA Corporation)
S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 Irmon; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S2 Irmon; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S4 LMS; C:\Program Files (x86)\Intel\AMT\LMS.exe [102400 2009-12-01] (Intel) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
S4 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation)
S4 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-13] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910640 2015-03-04] (Electronic Arts)
S4 RzOvlMon; C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe [32960 2014-04-18] (Razer, Inc.)
S4 UNS; C:\Program Files (x86)\Intel\AMT\UNS.exe [2519040 2009-12-01] (Intel) [File not signed]
R2 UnsignedThemes; C:\Windows\UnsignedThemesSvc.exe [24168 2009-07-13] (The Within Network, LLC)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 6d75c4f6; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\ProcessSystem\ProcessSystem.dll",serv

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [36096 2013-05-21] (Advanced Micro Devices, Inc.)
S3 h647906; C:\Windows\System32\drivers\h647906.sys [63856 2008-08-08] (Your Corporation)
S3 h648101; C:\Windows\System32\drivers\h648101.sys [65776 2008-08-08] (Your Corporation)
S3 h648103; C:\Windows\System32\drivers\h648103.sys [62960 2008-08-08] (Your Corporation)
S3 hid7906; C:\Windows\SysWOW64\drivers\hid7906.sys [41272 2008-08-08] (Your Corporation)
S3 hid8101; C:\Windows\SysWOW64\drivers\hid8101.sys [43192 2008-08-08] (Your Corporation)
S3 hid8103; C:\Windows\SysWOW64\drivers\hid8103.sys [40856 2008-08-08] (Your Corporation)
R3 irsir; C:\Windows\System32\DRIVERS\irsir.sys [27648 2008-01-19] (Microsoft Corporation)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [49304 2014-12-15] (Visicom Media Inc.)
R2 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [107736 2015-03-17] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-03-28] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35992 2014-12-15] (Visicom Media Inc.)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R3 RzDxgk; C:\Windows\system32\drivers\RzDxgk.sys [129472 2014-04-18] (Razer, Inc.)
R1 RzFilter; C:\Windows\system32\drivers\RzFilter.sys [74432 2014-04-18] (Razer, Inc.)
S3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [34544 2013-09-04] (Synaptics Incorporated)
R2 uxpatch; C:\Windows\system32\drivers\uxpatch.sys [30568 2009-07-13] ()
R0 vsock; C:\Windows\System32\drivers\vsock.sys [76480 2015-01-07] (VMware, Inc.)
S3 Asushwio; \??\D:\Bin\64bit\Asushwio.sys [X]
S3 catchme; \??\C:\ComboFix_2\catchme.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-28 23:15 - 2015-03-28 23:16 - 00018884 _____ () C:\Users\Privat\Desktop\FRST.txt
2015-03-28 23:15 - 2015-03-28 23:15 - 02095616 _____ (Farbar) C:\Users\Privat\Desktop\FRST64.exe
2015-03-28 23:02 - 2015-03-28 23:02 - 01389240 _____ (Thisisu) C:\Users\Privat\Desktop\JRT.exe
2015-03-28 22:33 - 2015-03-28 22:53 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-28 22:33 - 2015-03-28 22:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-28 22:33 - 2015-03-28 22:33 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-28 22:33 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-28 22:33 - 2015-03-17 06:15 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-28 22:33 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-28 22:32 - 2015-03-28 22:32 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Privat\Desktop\mbam-setup-2.1.4.1018.exe
2015-03-28 22:26 - 2015-03-28 22:26 - 02168320 _____ () C:\Users\Privat\Desktop\AdwCleaner_4.113.exe
2015-03-28 17:16 - 2015-03-28 17:16 - 00034985 _____ () C:\ComboFix.txt
2015-03-28 16:28 - 2015-03-28 16:28 - 05615749 ____R (Swearware) C:\Users\Privat\Desktop\ComboFix_2.exe
2015-03-28 13:05 - 2015-03-28 23:15 - 00000000 ____D () C:\FRST
2015-03-28 02:13 - 2015-03-28 02:13 - 00000000 ___HD () C:\Users\Privat\AppData\Local\Songshoot
2015-03-27 15:45 - 2015-03-27 15:45 - 00000000 ____D () C:\Program Files\W10-Beta
2015-03-27 12:31 - 2015-03-28 00:10 - 00001307 _____ () C:\Users\Privat\AppData\Roaming\Microsoft\Windows\Start Menu\Immersive Explorer.lnk
2015-03-27 12:31 - 2015-03-28 00:10 - 00000000 ____D () C:\Users\Privat\AppData\Local\immersive-explorer.com
2015-03-27 12:27 - 2015-03-27 12:27 - 00060424 _____ () C:\Users\Privat\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-27 12:17 - 2015-03-27 12:17 - 00002639 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MetroSidebar.lnk
2015-03-27 12:16 - 2015-03-28 13:19 - 00000000 ____D () C:\Program Files (x86)\MetroSidebar
2015-03-27 12:16 - 2015-03-27 12:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MetroSidebar
2015-03-27 12:05 - 2015-03-27 12:29 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\MetroSidebar
2015-03-27 12:05 - 2015-03-27 12:05 - 00003096 _____ () C:\Windows\System32\Tasks\ReviverSoft Start Menu Run once task
2015-03-27 12:05 - 2015-03-27 12:05 - 00000000 ____D () C:\ProgramData\StartMenuReviver.exe
2015-03-27 12:05 - 2015-03-27 12:05 - 00000000 ____D () C:\ProgramData\ReviverSoft
2015-03-27 12:04 - 2015-03-27 12:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SkinPack
2015-03-27 12:04 - 2015-03-27 12:04 - 00000000 ____D () C:\W7P_Backups
2015-03-27 12:02 - 2015-03-27 12:05 - 00000000 ____D () C:\SkinPack
2015-03-27 11:54 - 2015-03-27 12:01 - 00000000 ____D () C:\Users\Privat\AppData\Local\VMware
2015-03-27 11:54 - 2015-03-27 11:54 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\VMware
2015-03-27 11:52 - 2015-02-06 18:40 - 00066752 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmx86.sys
2015-03-27 11:52 - 2015-02-06 18:39 - 00033472 _____ (VMware, Inc.) C:\Windows\system32\Drivers\VMkbd.sys
2015-03-27 11:52 - 2015-01-07 15:55 - 00076480 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vsock.sys
2015-03-27 11:52 - 2015-01-07 15:55 - 00068288 _____ (VMware, Inc.) C:\Windows\system32\vsocklib.dll
2015-03-27 11:52 - 2015-01-07 15:55 - 00064192 _____ (VMware, Inc.) C:\Windows\SysWOW64\vsocklib.dll
2015-03-27 11:51 - 2015-02-06 18:40 - 00438464 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
2015-03-27 11:51 - 2015-02-06 18:40 - 00359104 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
2015-03-27 11:51 - 2015-02-06 18:40 - 00026816 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmnetuserif.sys
2015-03-27 11:51 - 2015-02-06 18:39 - 00931008 _____ (VMware, Inc.) C:\Windows\system32\vnetlib64.dll
2015-03-27 11:51 - 2015-01-07 08:02 - 00055488 _____ (VMware, Inc.) C:\Windows\system32\Drivers\hcmon.sys
2015-03-27 11:50 - 2015-03-28 22:53 - 00000000 ____D () C:\ProgramData\VMware
2015-03-27 11:50 - 2015-03-27 11:50 - 00000000 ____D () C:\Program Files\Common Files\VMware
2015-03-27 11:50 - 2015-03-27 11:50 - 00000000 ____D () C:\Program Files (x86)\VMware
2015-03-26 18:26 - 2015-03-26 18:26 - 00000000 ___HD () C:\Users\Privat\AppData\Roaming\Desire_profit
2015-03-26 16:43 - 2015-03-26 16:43 - 00000000 ___HD () C:\Users\Privat\AppData\Local\Range-must
2015-03-26 14:58 - 2015-03-28 22:52 - 00020586 _____ () C:\Windows\PFRO.log
2015-03-26 11:02 - 2015-03-26 11:02 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\Alien Isolation
2015-03-26 11:01 - 2015-03-26 11:01 - 00000364 _____ () C:\Windows\DirectX.log
2015-03-26 00:47 - 2015-03-26 00:47 - 00000000 ___HD () C:\Users\Privat\AppData\Roaming\Chart_plate
2015-03-26 00:19 - 2015-03-27 15:46 - 00000000 ____D () C:\ProgramData\ywfme
2015-03-26 00:05 - 2015-03-26 00:05 - 00000000 ___HD () C:\Users\Privat\AppData\Roaming\Forcedog
2015-03-25 23:12 - 2015-03-27 10:22 - 00000000 ___HD () C:\Users\Privat\AppData\Roaming\Song-open
2015-03-25 11:17 - 2015-03-11 05:06 - 00943616 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-03-25 11:17 - 2015-03-11 05:06 - 00760832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-03-25 11:17 - 2015-03-11 05:06 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-03-25 11:17 - 2015-03-11 05:06 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-03-25 11:17 - 2015-03-11 05:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-03-25 11:17 - 2015-03-11 05:05 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-03-25 11:17 - 2015-03-11 05:05 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-03-25 11:17 - 2015-03-11 05:02 - 01107456 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-03-24 20:04 - 2015-03-28 22:52 - 00001640 _____ () C:\Windows\setupact.log
2015-03-24 20:04 - 2015-03-24 20:04 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-22 23:14 - 2015-03-23 06:02 - 00000000 ____D () C:\Users\Privat\AppData\Local\Darksiders2
2015-03-22 23:14 - 2015-03-22 23:14 - 00000000 ____D () C:\Users\Privat\AppData\Local\SKIDROW
2015-03-19 04:08 - 2015-03-19 03:27 - 00191960 _____ (Tonec Inc.) C:\Windows\system32\Drivers\idmwfp.sys
2015-03-18 15:43 - 2015-03-18 15:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SimBin
2015-03-14 19:57 - 2015-03-14 19:58 - 00002566 _____ () C:\Users\Privat\Documents\Verschlüsselt.pfx
2015-03-14 13:35 - 2015-03-14 13:35 - 00000000 ____D () C:\Users\Privat\Documents\CAPCOM
2015-03-14 13:20 - 2015-03-14 13:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows - LIVE
2015-03-14 13:19 - 2015-03-14 13:20 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2015-03-14 13:19 - 2015-03-14 13:19 - 00000000 ____D () C:\Windows\SysWOW64\xlive
2015-03-13 10:15 - 2015-03-13 10:21 - 00000000 ____D () C:\Verschlüsselt
2015-03-11 18:54 - 2015-03-11 18:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIMP3
2015-03-11 14:37 - 2015-02-20 05:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-11 14:37 - 2015-02-20 05:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-11 14:37 - 2015-02-20 05:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-11 14:37 - 2015-02-20 05:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-11 14:37 - 2015-02-20 05:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-11 14:37 - 2015-02-20 05:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-11 14:37 - 2015-02-20 05:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-11 14:37 - 2015-02-20 05:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-11 14:37 - 2015-02-20 04:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-11 14:37 - 2015-02-20 04:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-11 14:37 - 2015-02-03 04:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-11 14:37 - 2015-02-03 04:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-03-11 14:37 - 2015-02-03 04:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-11 14:37 - 2015-02-03 04:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-03-11 14:37 - 2015-02-03 04:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-11 14:37 - 2015-02-03 04:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-11 14:37 - 2015-02-03 04:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-11 14:37 - 2015-02-03 04:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-11 14:37 - 2015-02-03 04:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-11 14:37 - 2015-02-03 04:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-11 14:37 - 2015-02-03 04:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-11 14:37 - 2015-02-03 04:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-11 14:37 - 2015-02-03 04:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-11 14:37 - 2015-02-03 04:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-11 14:37 - 2015-02-03 04:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-11 14:37 - 2015-02-03 04:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-11 14:37 - 2015-02-03 04:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-11 14:37 - 2015-02-03 04:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-11 14:37 - 2015-02-03 04:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-11 14:37 - 2015-02-03 04:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-11 14:37 - 2015-02-03 04:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-11 14:37 - 2015-02-03 04:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-11 14:37 - 2015-02-03 04:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-11 14:37 - 2015-02-03 04:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-11 14:37 - 2015-02-03 04:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-11 14:37 - 2015-02-03 04:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-11 14:37 - 2015-02-03 04:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-11 14:37 - 2015-02-03 04:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-11 14:37 - 2015-02-03 04:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-11 14:37 - 2015-02-03 04:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-11 14:37 - 2015-02-03 04:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-11 14:37 - 2015-02-03 04:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-11 14:37 - 2015-02-03 04:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-11 14:37 - 2015-02-03 04:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-11 14:37 - 2015-02-03 04:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-11 14:37 - 2015-02-03 04:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-11 14:37 - 2015-02-03 04:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-11 14:37 - 2015-02-03 04:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-11 14:37 - 2015-02-03 04:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-11 14:37 - 2015-02-03 04:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-11 14:37 - 2015-02-03 04:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-11 14:37 - 2015-02-03 04:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-11 14:37 - 2015-02-03 04:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-11 14:37 - 2015-02-03 04:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-11 14:37 - 2015-02-03 04:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-11 14:37 - 2015-02-03 04:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-11 14:37 - 2015-02-03 04:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-11 14:37 - 2015-02-03 04:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-11 14:37 - 2015-02-03 04:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-11 14:37 - 2015-02-03 04:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-11 14:37 - 2015-02-03 04:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-11 14:37 - 2015-02-03 04:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-11 14:37 - 2015-02-03 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-11 14:37 - 2015-02-03 04:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-11 14:37 - 2015-02-03 04:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-11 14:37 - 2015-02-03 04:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-11 14:37 - 2015-02-03 04:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-03-11 14:37 - 2015-02-03 04:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-03-11 14:37 - 2015-02-03 04:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-03-11 14:37 - 2015-02-03 04:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-03-11 14:37 - 2015-02-03 04:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-03-11 14:37 - 2015-02-03 04:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-03-11 14:37 - 2015-02-03 04:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-03-11 14:37 - 2015-02-03 04:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-03-11 14:37 - 2015-02-03 04:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-03-11 14:37 - 2015-02-03 04:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-03-11 14:37 - 2015-02-03 04:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-03-11 14:37 - 2015-02-03 04:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-03-11 14:37 - 2015-02-03 04:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-03-11 14:37 - 2015-02-03 04:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-03-11 14:37 - 2015-02-03 04:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-03-11 14:37 - 2015-02-03 04:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-03-11 14:37 - 2015-02-03 04:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-03-11 14:37 - 2015-02-03 04:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-03-11 14:37 - 2015-02-03 04:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-03-11 14:37 - 2015-02-03 04:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-03-11 14:37 - 2015-02-03 04:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-03-11 14:37 - 2015-02-03 04:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-03-11 14:37 - 2015-02-03 04:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-03-11 14:37 - 2015-02-03 04:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-03-11 14:37 - 2015-02-03 04:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-03-11 14:37 - 2015-02-03 04:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-03-11 14:37 - 2015-02-03 04:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-03-11 14:37 - 2015-02-03 04:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-03-11 14:37 - 2015-02-03 04:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-03-11 14:37 - 2015-02-03 04:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-03-11 14:37 - 2015-02-03 04:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-03-11 14:37 - 2015-02-03 04:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-03-11 14:37 - 2015-02-03 03:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-11 14:37 - 2014-10-31 23:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-11 14:37 - 2014-06-28 01:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-03-11 14:37 - 2014-06-28 01:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-03-11 14:36 - 2015-03-06 06:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-11 14:36 - 2015-03-06 06:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-11 14:36 - 2015-03-06 06:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-11 14:36 - 2015-03-06 06:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-11 14:36 - 2015-03-06 06:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-11 14:36 - 2015-03-06 06:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-11 14:36 - 2015-03-06 06:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-11 14:36 - 2015-03-06 06:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-11 14:36 - 2015-03-06 06:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-11 14:36 - 2015-03-06 06:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-11 14:36 - 2015-03-06 06:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-11 14:36 - 2015-03-06 06:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-11 14:36 - 2015-03-06 06:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-11 14:36 - 2015-03-06 06:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-11 14:36 - 2015-03-06 06:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-11 14:36 - 2015-03-06 06:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-11 14:36 - 2015-03-06 06:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-11 14:36 - 2015-03-06 06:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-11 14:36 - 2015-03-06 06:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-03-11 14:36 - 2015-03-06 06:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-03-11 14:36 - 2015-03-06 06:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-11 14:36 - 2015-03-06 06:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-03-11 14:36 - 2015-03-06 06:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-03-11 14:36 - 2015-03-06 06:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-03-11 14:36 - 2015-03-06 06:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-11 14:36 - 2015-03-06 06:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-03-11 14:36 - 2015-03-06 06:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-11 14:36 - 2015-03-06 06:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-03-11 14:36 - 2015-03-06 06:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-03-11 14:36 - 2015-03-06 06:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-03-11 14:36 - 2015-03-06 06:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-11 14:36 - 2015-02-26 04:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-11 14:36 - 2015-02-24 04:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-11 14:36 - 2015-02-24 03:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-03-11 14:36 - 2015-02-21 02:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-11 14:36 - 2015-02-21 01:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-11 14:36 - 2015-02-21 01:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-11 14:36 - 2015-02-21 01:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-11 14:36 - 2015-02-21 01:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-11 14:36 - 2015-02-21 00:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-11 14:36 - 2015-02-21 00:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-11 14:36 - 2015-02-20 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-11 14:36 - 2015-02-20 04:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-11 14:36 - 2015-02-20 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-11 14:36 - 2015-02-20 03:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-11 14:36 - 2015-02-20 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-11 14:36 - 2015-02-20 03:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-11 14:36 - 2015-02-20 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-11 14:36 - 2015-02-20 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-11 14:36 - 2015-02-20 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-11 14:36 - 2015-02-20 03:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-11 14:36 - 2015-02-20 03:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-11 14:36 - 2015-02-20 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-11 14:36 - 2015-02-20 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-11 14:36 - 2015-02-20 03:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-11 14:36 - 2015-02-20 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-11 14:36 - 2015-02-20 03:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-11 14:36 - 2015-02-20 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-11 14:36 - 2015-02-20 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-11 14:36 - 2015-02-20 03:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-11 14:36 - 2015-02-20 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-11 14:36 - 2015-02-20 03:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-03-11 14:36 - 2015-02-20 03:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-03-11 14:36 - 2015-02-20 03:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-11 14:36 - 2015-02-20 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-11 14:36 - 2015-02-20 03:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-11 14:36 - 2015-02-20 03:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-11 14:36 - 2015-02-20 03:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-03-11 14:36 - 2015-02-20 02:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-03-11 14:36 - 2015-02-20 02:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-03-11 14:36 - 2015-02-20 02:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-03-11 14:36 - 2015-02-20 02:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-11 14:36 - 2015-02-20 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-11 14:36 - 2015-02-20 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-11 14:36 - 2015-02-20 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-11 14:36 - 2015-02-20 02:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-11 14:36 - 2015-02-20 02:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-11 14:36 - 2015-02-20 02:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-03-11 14:36 - 2015-02-20 02:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-11 14:36 - 2015-02-20 02:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-11 14:36 - 2015-02-20 02:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-11 14:36 - 2015-02-20 02:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-11 14:36 - 2015-02-20 02:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-03-11 14:36 - 2015-02-20 02:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-11 14:36 - 2015-02-20 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-11 14:36 - 2015-02-20 02:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-11 14:36 - 2015-02-20 01:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-11 14:36 - 2015-02-20 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-11 14:36 - 2015-02-13 06:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-11 14:36 - 2015-02-13 06:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-11 14:36 - 2015-02-04 04:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-11 14:36 - 2015-02-04 03:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-11 14:36 - 2015-02-03 04:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-11 14:36 - 2015-02-03 04:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-11 14:36 - 2015-02-03 04:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-11 14:36 - 2015-02-03 04:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-11 14:36 - 2015-01-31 04:48 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-03-11 14:36 - 2015-01-31 04:48 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-03-11 14:36 - 2015-01-31 00:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-11 14:36 - 2015-01-31 00:56 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-03-11 14:36 - 2015-01-17 03:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-11 14:36 - 2015-01-17 03:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-10 18:06 - 2015-03-11 05:05 - 00000000 ____D () C:\ProgramData\Codemasters
2015-03-09 12:49 - 2015-03-09 12:49 - 00000000 ____D () C:\Users\Privat\Documents\FIFA 11
2015-03-09 05:40 - 2015-03-09 05:40 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-03-08 22:57 - 2015-03-08 22:57 - 00000000 ____D () C:\Users\Privat\AppData\Local\BANDAI NAMCO Games
2015-03-08 06:36 - 2015-03-08 06:36 - 00003202 _____ () C:\Windows\System32\Tasks\StardockTR
2015-03-08 06:12 - 2015-03-08 06:12 - 00000000 _____ () C:\ProgramData\rebootpending.txt
2015-03-08 05:50 - 2014-08-02 13:37 - 00000000 ____D () C:\Program Files\WindowBlinds
2015-03-08 05:45 - 2015-03-08 05:45 - 00000000 ____D () C:\Windows\SysWOW64\AMD64
2015-03-08 05:44 - 2015-03-12 17:27 - 00000000 ____D () C:\Program Files (x86)\Sinhala Meaning
2015-03-08 05:44 - 2015-03-12 10:21 - 00000000 ____D () C:\Program Files (x86)\ProcessSystem
2015-03-08 05:42 - 2015-03-08 06:14 - 00000000 ____D () C:\ProgramData\{9a05f486-54c6-b219-9a05-5f48654cd219}
2015-03-08 04:36 - 2015-03-08 06:32 - 00000000 ____D () C:\ProgramData\Stardock
2015-03-08 04:14 - 2015-03-08 04:14 - 00000000 ___HD () C:\ProgramData\{CEC42AA7-80BC-42B4-B5F3-8E754D04A118}
2015-03-08 04:07 - 2015-03-27 12:26 - 00000000 ____D () C:\Program Files (x86)\Stardock
2015-03-08 04:07 - 2015-03-27 12:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stardock
2015-03-08 04:07 - 2015-03-08 05:36 - 00000000 ____D () C:\Users\Privat\AppData\Local\Stardock
2015-03-08 04:07 - 2015-03-08 05:35 - 00000000 ____D () C:\Users\Public\Documents\Stardock
2015-03-08 04:06 - 2015-03-08 04:06 - 00000000 ____D () C:\Users\Privat\Downloads\Stardock
2015-03-08 02:33 - 2007-09-21 09:57 - 00081920 _____ () C:\Windows\SysWOW64\dancemat.exe
2015-03-08 02:24 - 2015-03-08 02:24 - 00003170 _____ () C:\Windows\System32\Tasks\{E52F1503-D79A-4591-981D-7BD3AEAEDBD8}
2015-03-07 21:35 - 2015-03-07 22:26 - 00000000 ____D () C:\Program Files\X360ce
2015-03-07 16:57 - 2008-08-08 15:31 - 00040856 _____ (Your Corporation) C:\Windows\SysWOW64\Drivers\hid8103.sys
2015-03-07 15:44 - 2015-03-07 15:44 - 00003106 _____ () C:\Windows\System32\Tasks\{5A6297E5-8A05-41E3-9AC7-B324F3968FF8}
2015-03-07 00:43 - 2015-03-07 17:20 - 00000000 ____D () C:\ProgramData\{adb05eb9-8e80-1ef7-adb0-05eb98e87ae6}
2015-03-07 00:43 - 2015-03-07 16:56 - 00000000 ____D () C:\Users\Privat\AppData\Local\winengine
2015-03-07 00:16 - 2015-03-07 00:16 - 00000000 ____D () C:\ProgramData\KONAMI
2015-03-06 10:46 - 2015-03-06 10:46 - 00000000 ____D () C:\Users\Privat\AppData\Local\My Games
2015-03-06 10:36 - 2015-03-10 14:15 - 00000000 ____D () C:\ProgramData\Orbit
2015-03-06 10:36 - 2015-03-06 21:18 - 00281688 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2015-03-06 10:26 - 2015-03-06 10:36 - 00281688 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2015-03-06 01:15 - 2015-03-06 01:15 - 00000000 ____D () C:\Users\Privat\AppData\Local\Crytek
2015-03-05 14:56 - 2008-08-08 15:33 - 00008316 _____ () C:\Windows\SysWOW64\Drivers\hid8103.cat
2015-03-05 14:56 - 2008-08-08 15:33 - 00008316 _____ () C:\Windows\SysWOW64\Drivers\hid8101.cat
2015-03-05 14:56 - 2008-08-08 15:33 - 00008316 _____ () C:\Windows\SysWOW64\Drivers\hid7906.cat
2015-03-05 14:56 - 2008-08-08 15:31 - 00065776 _____ (Your Corporation) C:\Windows\system32\Drivers\h648101.sys
2015-03-05 14:56 - 2008-08-08 15:31 - 00063856 _____ (Your Corporation) C:\Windows\system32\Drivers\h647906.sys
2015-03-05 14:56 - 2008-08-08 15:31 - 00062960 _____ (Your Corporation) C:\Windows\system32\Drivers\h648103.sys
2015-03-05 14:56 - 2008-08-08 15:31 - 00043192 _____ (Your Corporation) C:\Windows\SysWOW64\Drivers\hid8101.sys
2015-03-05 14:56 - 2008-08-08 15:31 - 00041272 _____ (Your Corporation) C:\Windows\SysWOW64\Drivers\hid7906.sys
2015-03-05 14:56 - 2007-11-12 15:28 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\USBGAMEPAD.cpl
2015-03-05 14:55 - 2015-03-08 02:33 - 00000000 ____D () C:\Windows\USB Vibration
2015-03-05 14:54 - 2015-03-05 14:56 - 00000000 ____D () C:\Program Files (x86)\USB Vibration
2015-03-05 12:08 - 2015-03-05 12:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crysis 3
2015-03-05 11:03 - 2015-03-05 16:06 - 00000000 ____D () C:\Users\Privat\Documents\FIFA 15
2015-03-04 16:42 - 2015-03-04 17:05 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\Origin
2015-03-04 16:42 - 2015-03-04 17:05 - 00000000 ____D () C:\Users\Privat\AppData\Local\Origin
2015-03-04 16:41 - 2015-03-04 16:42 - 00000000 ____D () C:\Program Files (x86)\Origin
2015-03-04 16:12 - 2015-03-04 16:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FIFA 15
2015-03-04 10:50 - 2015-03-04 10:50 - 00000000 ____D () C:\Windows\SysWOW64\䙔䵁
2015-03-04 05:05 - 2015-03-04 05:05 - 00000000 ____D () C:\ProgramData\EA Core
2015-03-02 02:23 - 2015-03-02 02:23 - 01700352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdiplus.dll
2015-03-02 02:23 - 2015-03-02 02:23 - 01060864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc71.dll
2015-03-02 02:06 - 2015-03-02 02:06 - 00000000 ____D () C:\Program Files (x86)\WEB.DE MailCheck
2015-03-02 00:58 - 2015-03-02 00:58 - 00000000 ____D () C:\Users\Privat\AppData\Local\storage
2015-03-02 00:57 - 2015-03-21 16:41 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\Ubisoft
2015-03-02 00:57 - 2015-03-06 10:36 - 00000000 ____D () C:\Users\Privat\AppData\Local\PunkBuster
2015-03-01 18:16 - 2015-03-22 20:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Catalyst
2015-03-01 17:34 - 2015-03-01 17:34 - 00000000 ____D () C:\Users\Privat\Documents\Rockstar Games
2015-03-01 17:32 - 2015-03-01 17:32 - 00000000 __SHD () C:\ProgramData\SecuROM
2015-03-01 17:32 - 2015-03-01 17:32 - 00000000 ____D () C:\Users\Privat\AppData\Local\Rockstar Games
2015-03-01 16:56 - 2015-03-01 16:56 - 00000000 __RHD () C:\Users\Privat\AppData\Roaming\SecuROM
2015-03-01 05:35 - 2015-03-15 14:21 - 00000000 ____D () C:\Users\Privat\AppData\Local\CAPCOM
2015-03-01 05:35 - 2015-03-01 05:35 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\Steam
2015-03-01 02:56 - 2015-03-01 02:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraISO
2015-03-01 02:56 - 2015-03-01 02:56 - 00000000 ____D () C:\Program Files (x86)\UltraISO
2015-03-01 02:42 - 2015-03-28 22:51 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\DMCache
2015-03-01 02:42 - 2015-03-27 12:26 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\IDM
2015-03-01 02:42 - 2015-03-27 12:05 - 00000000 ____D () C:\Users\Privat\Downloads\Compressed
2015-03-01 02:42 - 2015-03-23 15:17 - 00000000 ____D () C:\Program Files (x86)\Internet Download Manager
2015-03-01 02:42 - 2015-03-13 10:35 - 00000000 ____D () C:\Users\Privat\Downloads\Video
2015-03-01 02:42 - 2015-03-01 02:42 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2015-03-01 02:42 - 2015-03-01 02:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2015-03-01 02:42 - 2015-03-01 02:42 - 00000000 ____D () C:\ProgramData\IDM
2015-02-26 02:03 - 2015-03-11 15:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-28 23:16 - 2013-11-22 22:29 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-28 23:05 - 2009-07-14 03:34 - 00000473 _____ () C:\Windows\win.ini
2015-03-28 23:00 - 2009-07-14 05:45 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-28 23:00 - 2009-07-14 05:45 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-28 22:56 - 2013-11-22 21:32 - 01948805 _____ () C:\Windows\WindowsUpdate.log
2015-03-28 22:53 - 2013-11-23 20:11 - 00000000 ____D () C:\Users\Privat\AppData\Local\Deployment
2015-03-28 22:52 - 2014-02-16 08:33 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-28 22:52 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-28 22:31 - 2014-02-16 08:33 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-28 22:28 - 2014-08-06 03:12 - 00000000 ____D () C:\AdwCleaner
2015-03-28 22:28 - 2013-11-23 02:18 - 00000000 ____D () C:\Users\Privat\AppData\Local\Battle.net
2015-03-28 17:30 - 2013-11-23 20:11 - 00000000 ____D () C:\Users\Privat\AppData\Local\Apps\2.0
2015-03-28 17:18 - 2014-08-06 02:15 - 00000000 ____D () C:\Qoobox
2015-03-28 16:47 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-03-28 14:03 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Globalization
2015-03-28 13:30 - 2015-02-23 15:53 - 00003108 _____ () C:\Windows\System32\Tasks\ASO-System Protector_startup
2015-03-27 15:21 - 2013-11-29 08:21 - 00001160 _____ () C:\Users\Privat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-03-27 15:21 - 2013-11-22 22:00 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-03-27 15:21 - 2013-11-22 21:38 - 00001421 _____ () C:\Users\Privat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-03-27 13:14 - 2013-11-23 14:29 - 00000000 ____D () C:\Users\Privat\Documents\My Games
2015-03-27 12:27 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-27 12:27 - 2009-07-14 05:45 - 00268872 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-27 12:04 - 2014-08-14 21:40 - 03984896 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-03-27 12:04 - 2014-08-14 21:40 - 03849216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-03-27 12:04 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\oobe
2015-03-27 12:04 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Cursors
2015-03-27 12:04 - 2009-07-14 00:57 - 51167232 _____ (Microsoft Corporation) C:\Windows\system32\imageres.dll
2015-03-27 12:04 - 2009-07-14 00:42 - 51167232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imageres.dll
2015-03-27 11:50 - 2013-11-23 00:22 - 01648846 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-03-27 11:50 - 2011-04-12 08:43 - 00702138 _____ () C:\Windows\system32\perfh007.dat
2015-03-27 11:50 - 2011-04-12 08:43 - 00150804 _____ () C:\Windows\system32\perfc007.dat
2015-03-27 11:38 - 2013-11-23 16:05 - 00000000 ____D () C:\Games
2015-03-27 10:22 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\Performance
2015-03-26 00:05 - 2013-11-22 21:37 - 00000000 ____D () C:\Users\Privat\AppData\Local\VirtualStore
2015-03-25 23:04 - 2013-11-24 19:16 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\TS3Client
2015-03-25 18:34 - 2014-12-11 03:53 - 00000000 ____D () C:\Windows\system32\appraiser
2015-03-25 18:34 - 2014-04-30 01:20 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-03-25 11:34 - 2013-11-23 01:12 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft
2015-03-24 16:16 - 2013-11-22 21:37 - 00000000 ____D () C:\Users\Privat
2015-03-24 16:15 - 2013-11-23 00:07 - 00001656 _____ () C:\Windows\system32\ASOROSet.bin
2015-03-24 16:15 - 2009-07-14 03:34 - 71565312 _____ () C:\Windows\system32\config\software.bak
2015-03-24 16:15 - 2009-07-14 03:34 - 25690112 _____ () C:\Windows\system32\config\system.bak
2015-03-24 16:15 - 2009-07-14 03:34 - 00024576 _____ () C:\Windows\system32\config\security.bak
2015-03-24 16:11 - 2009-07-14 03:34 - 00061440 _____ () C:\Windows\system32\config\sam.bak
2015-03-23 15:35 - 2009-07-14 06:13 - 01593956 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-22 01:34 - 2014-08-04 11:18 - 00000000 ____D () C:\ProgramData\Package Cache
2015-03-22 01:30 - 2014-05-08 14:01 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\NVIDIA
2015-03-21 17:39 - 2013-11-23 02:18 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2015-03-21 16:43 - 2013-11-22 22:16 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-03-21 16:41 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-03-19 19:16 - 2014-03-12 11:58 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2015-03-16 10:35 - 2014-07-04 18:29 - 00000000 ____D () C:\ProgramData\Origin
2015-03-12 21:59 - 2014-08-03 18:55 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\Skype
2015-03-12 17:02 - 2013-11-23 22:31 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\AIMP3
2015-03-12 06:57 - 2009-07-14 06:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-03-12 06:51 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-12 06:51 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-11 23:53 - 2013-11-23 13:54 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-11 23:48 - 2013-11-23 13:54 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-11 18:54 - 2013-11-23 22:31 - 00000000 ____D () C:\Program Files (x86)\AIMP3
2015-03-11 15:57 - 2013-11-23 14:38 - 00000000 ____D () C:\Windows\SysWOW64\directx
2015-03-09 00:37 - 2013-11-23 02:36 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\vlc
2015-03-06 18:52 - 2013-11-22 22:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-06 02:27 - 2013-11-23 14:29 - 00000000 ____D () C:\ProgramData\Steam
2015-03-05 21:01 - 2014-08-03 21:50 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-03-05 21:01 - 2014-08-03 18:54 - 00000000 ____D () C:\ProgramData\Skype
2015-03-03 15:23 - 2014-05-31 19:48 - 00000000 ____D () C:\ProgramData\Electronic Arts
2015-03-03 14:12 - 2014-04-10 03:10 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-03-03 11:49 - 2013-12-07 09:53 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft Public Test
2015-03-01 18:49 - 2014-06-06 18:37 - 00000000 ____D () C:\Program Files (x86)\Razer
2015-03-01 18:12 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-26 07:45 - 2015-02-23 15:47 - 00000000 ____D () C:\Windows\Repair

==================== Files in the root of some directories =======

2013-11-22 22:12 - 2013-11-22 22:12 - 0003584 _____ () C:\Users\Privat\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-11-22 23:52 - 2013-11-22 23:52 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-03-08 06:12 - 2015-03-08 06:12 - 0000000 _____ () C:\ProgramData\rebootpending.txt

Files to move or delete:
====================
C:\ProgramData\StartMenuReviver.exe


Some content of TEMP:
====================
C:\Users\Privat\AppData\Local\Temp\Quarantine.exe
C:\Users\Privat\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-25 17:33

==================== End Of Log ============================
--- --- ---


Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Privat at 2015-03-28 23:16:42
Running from C:\Users\Privat\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

"Crysis 3" (HKLM-x32\...\{6D1DFD35-9671-4DCC-B7E6-FCF6AD3FEB78}_is1) (Version: 1.3.0.0 - )
«Darksiders II»  1.5.up6 (HKLM-x32\...\Darksiders II_is1) (Version: 1.5.up6 - THQ)
«Need for Speed - Most Wanted»  1.0 (HKLM-x32\...\{FB0127F3-985B-44CE-AE29-378CAF60B361}_is1) (Version: 1.0 - Electronic Arts)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
AIMP3 (HKLM-x32\...\AIMP3) (Version: v3.60.1483, 27.02.2015 - AIMP DevTeam)
Alien Isolation (HKLM-x32\...\Alien Isolation_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
ASUS nVidia Driver (x32 Version: 1.00.0000 - ASUSTek) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Crysis® 2 (HKLM-x32\...\{6033673D-2530-4587-8AD0-EB059FC263F9}) (Version: 1.0.0.0 - Electronic Arts)
Curse Client (HKU\S-1-5-21-599707613-2096614801-711580207-1000\...\101a9f93b8f0bb6f) (Version: 5.1.1.820 - Curse)
CursorFX (x32 Version: 2.00 - Stardock Corporation) Hidden
CursorFX Plus (HKLM-x32\...\CursorFX Plus) (Version:  - Stardock Corporation)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Dxtory version 2.0.127 (HKLM-x32\...\Dxtory2.0_is1) (Version: 2.0.127 - ExKode Co. Ltd.)
EA SPORTS™ FIFA 15 (HKLM-x32\...\{3D4ADA2B-F028-4307-ADF4-6F9AA44725DA}) (Version: 1.4.0.0 - Electronic Arts)
FIFA 11 Demo (HKLM-x32\...\{DC158DF7-6B36-4C6F-BC91-109014297994}) (Version: 1.0.0.0 - Electronic Arts)
File Association Helper (HKLM\...\{572D0504-2C67-4016-801F-D70879A3026A}) (Version: 1.1.6.53763 - WinZip Computing International, LLC)
Free YouTube Download version 3.2.51.1215 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.51.1215 - DVDVideoSoft Ltd.)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.101 - Google Inc.)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
Intel(R) Management Engine Interface (HKLM\...\HECI) (Version:  - Intel Corporation)
Intel® Active-Management-Technologie (HKLM\...\MESOL) (Version:  - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Lagarith Lossless Codec (1.3.27) (HKLM-x32\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version:  - )
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Malwarebytes Anti-Malware Version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
ManyCam 4.1.0 (HKLM-x32\...\ManyCam) (Version: 4.1.0 - Visicom Media Inc.)
MetroSidebar (HKLM-x32\...\{4246284F-7D5A-4415-92FA-3CB0E98A5DA4}) (Version: 1.0.6 - MetroSidebar)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE  (HKLM-x32\...\{4D243BA7-9AC4-46D1-90E5-EEB88974F501}) (Version: 2.0.687.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}) (Version: 2.0.687.0 - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{6965A8D2-465D-4F98-9FAA-0E9E2348F329}) (Version: 3.22.270.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{3c3aafc8-d898-43ec-998f-965ffdae065a}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{2af972c7-13b0-4978-92a8-fee26a4fb4e9}) (Version: 12.0.21005.1 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{e6e75766-da0f-4ba2-9788-6ea593ce702d}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 36.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 36.0.1 (x86 de)) (Version: 36.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MyFreeCodec (HKU\S-1-5-21-599707613-2096614801-711580207-1000\...\MyFreeCodec) (Version:  - )
NVIDIA 3D Vision Controller-Treiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.52 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.5 - NVIDIA Corporation)
NVIDIA Grafiktreiber 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.52 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.5.5.2850 - Electronic Arts, Inc.)
phonostar-Player Version 3.03.1 (HKLM-x32\...\phonostar3RadioPlayer_is1) (Version:  - )
PS TO PC CONVERTER (HKLM-x32\...\{A483F88A-41E9-45B2-AAC9-A823DD9B4873}) (Version: 2007.01.01 - )
Razer Core (HKLM-x32\...\Razer Core) (Version: 1.0.1.66 - Razer Inc)
Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.13 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7385 - Realtek Semiconductor Corp.)
Reload Icons Cache 1.00 (HKLM-x32\...\Reload Icons Cache 1.00) (Version: 1.00 - Mr Blade Design's)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.14044_17 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.3.14044_17 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
SHIELD Streaming (Version: 3.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.18.9 - NVIDIA Corporation) Hidden
Shutdown Timer (HKLM\...\{0B1BBEE3-C10D-44BE-A6BE-EEC867315F87}) (Version: 3.3.4 - Sinvise Systems)
SkinPack Windows10 V4.0 (HKLM-x32\...\SkinPack) (Version: Windows10 V4.0 - SkinPack)
Skype™ 7.1 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)
STREET FIGHTER IV (HKLM-x32\...\{59ABBDF0-E1E5-48AF-85FB-F523A08C3490}) (Version: 1.00.3013 - CAPCOM U.S.A., INC.)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
Tukui Client (HKLM-x32\...\{EF0FAA54-5532-4B90-99C4-B4A97D600A94}) (Version: 2.4.3 - Tukui)
Twin USB Vibration Gamepad (HKLM-x32\...\{1BBDD6C0-ED6F-43C3-8A9C-84E3249A5615}) (Version: 2007.01.01 - )
UltraISO Premium V9.53 (HKLM-x32\...\UltraISO_is1) (Version:  - )
USB Network Driver (HKLM-x32\...\{66ED8E01-C915-41F5-B33E-C5C31F27B885}) (Version: V3.70a - )
UxStyle Core Beta (HKLM\...\{8E363055-15E5-4D8A-9C69-A0A9DE9A3337}) (Version: 0.2.1.1 - The Within Network, LLC)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VLC media player 2.1.1 (HKLM\...\VLC media player) (Version: 2.1.1 - VideoLAN)
VMware Player (HKLM-x32\...\VMware_Player) (Version: 7.1.0 - VMware, Inc)
VMware Player (Version: 7.1.0 - VMware, Inc.) Hidden
WEB.DE MailCheck für Mozilla Firefox (HKLM-x32\...\1&1 Mail & Media GmbH Toolbar FF) (Version: 3.0.2.1739 - 1&1 Mail & Media GmbH)
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-599707613-2096614801-711580207-1000_Classes\CLSID\{78100a96-d60c-4ceb-82b8-d54834ef4d19}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-599707613-2096614801-711580207-1000_Classes\CLSID\{95801f19-25b2-41fb-8347-c69d13a4b393}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-599707613-2096614801-711580207-1000_Classes\CLSID\{b159717a-9134-42fd-ad87-0820f6c95e44}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-599707613-2096614801-711580207-1000_Classes\CLSID\{b7431fc4-b219-4818-b54b-1a850cddbbed}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-599707613-2096614801-711580207-1000_Classes\CLSID\{e1275246-fcf3-4712-9a4a-265615936441}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)

==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2015-03-28 13:20 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {023D6028-E61B-46B9-A409-05D52408CFB9} - \{7E0D1610-60EE-4758-94E6-66435D2B062D} No Task File <==== ATTENTION
Task: {0566F90C-5A50-4D07-A1FA-25FE73F3F4B0} - System32\Tasks\ReviverSoft Start Menu Run once task => C:\SkinPack\StartMenu\StartMenuReviver.exe [2014-10-05] (ReviverSoft)
Task: {47D5B8ED-A1D8-4D73-8BA6-2B370E5C2E31} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-16] (Google Inc.)
Task: {48E4CE6C-8549-43C0-BF10-8BBA97E10A6D} - System32\Tasks\{5A6297E5-8A05-41E3-9AC7-B324F3968FF8} => pcalua.exe -a C:\Windows\SysWOW64\USBGAMEPAD.cpl -c Game Controllers
Task: {4ADBFEF0-F400-4C2F-A2D8-1545556E44C0} - System32\Tasks\{64601819-02F8-4237-A59D-29B1DDE31AD7} => pcalua.exe -a "C:\Users\Privat\Desktop\Creative Sound Blaster Audigy DriverSBAX PCDVTBETA US v2.1.0000.exe" -d C:\Users\Privat\Desktop
Task: {5416AF43-0D6D-41FB-AC70-7FFB43245C2C} - System32\Tasks\{E52F1503-D79A-4591-981D-7BD3AEAEDBD8} => pcalua.exe -a C:\Games\Grand_Theft_Auto_IV\Content\setup.exe -d C:\Games\Grand_Theft_Auto_IV\Content
Task: {7677171F-B703-433A-8878-EDA2574A4501} - \{8F0D9FF9-91E0-49E4-B6C4-0139326F4B34} No Task File <==== ATTENTION
Task: {867E6326-310F-4F06-929D-B0BB10E4948A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-16] (Google Inc.)
Task: {92903F6F-D415-40CD-9AEF-B2147CFBBFD7} - \{74041EED-175D-43AD-9310-FDDAD2FC303A} No Task File <==== ATTENTION
Task: {9FE4054D-06D9-4DB4-B65F-8992910396E2} - \{FF448DBE-8796-4E69-A7E9-AEB11AA1B2E0} No Task File <==== ATTENTION
Task: {A4812B36-AEC6-4194-B04C-05ABF29EF794} - System32\Tasks\ASO-System Protector_startup => C:\Program Files (x86)\Advanced System Optimizer 3\SystemProtector.exe
Task: {B9839B66-29D4-4226-B426-EEA4B1B388EF} - System32\Tasks\{3CA7F2AF-5D51-4F7B-86D3-95C106C67251} => pcalua.exe -a D:\player\audio.exe -d D:\player
Task: {DE5CAF76-12BE-4E4F-ACDF-9307A16F3E37} - System32\Tasks\StardockTR => C:\Program Files (x86)\Stardock\StardockTR.exe [2013-06-24] ()
Task: {E56EEE5C-98D2-41B2-B97D-F359B9E14E8F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2014-04-28 08:23 - 2013-04-25 16:23 - 00042496 _____ () C:\Program Files (x86)\phonostar-Player\phonostarTimer.exe
2015-03-20 00:33 - 2015-03-14 11:02 - 01530184 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\libglesv2.dll
2015-03-20 00:33 - 2015-03-14 11:02 - 00091976 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\libegl.dll
2015-03-20 00:33 - 2015-03-14 11:02 - 11266888 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\pdf.dll
2015-02-06 18:40 - 2015-02-06 18:40 - 01301696 _____ () C:\Program Files (x86)\VMware\VMware Player\libxml2.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-599707613-2096614801-711580207-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Privat\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: ASO3DiskOptimizer => 2
MSCONFIG\Services: atchksrv => 2
MSCONFIG\Services: Avira.OE.ServiceHost => 2
MSCONFIG\Services: GfExperienceService => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NvNetworkService => 2
MSCONFIG\Services: NvStreamSvc => 2
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: RzOvlMon => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Stereo Service => 2
MSCONFIG\Services: UMVPFSrv => 2
MSCONFIG\Services: UNS => 2

==================== Accounts: =============================

Administrator (S-1-5-21-599707613-2096614801-711580207-500 - Administrator - Disabled)
Gast (S-1-5-21-599707613-2096614801-711580207-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-599707613-2096614801-711580207-1002 - Limited - Enabled)
Privat (S-1-5-21-599707613-2096614801-711580207-1000 - Administrator - Enabled) => C:\Users\Privat

==================== Faulty Device Manager Devices =============

Name: Microsoft-Teredo-Tunneling-Adapter
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (03/28/2015 11:10:50 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: AMD Athlon(tm) II X4 640 Processor
Percentage of memory in use: 32%
Total physical RAM: 8191.3 MB
Available physical RAM: 5488.49 MB
Total Pagefile: 16380.8 MB
Available Pagefile: 12964.35 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:231.8 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: EB83E9A5)
Partition 1: (Active) - (Size=465.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.7 (03.28.2015:1)
OS: Windows 7 Ultimate x64
Ran by Privat on 28.03.2015 at 23:03:17,55
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\Windows\prefetch\DRIVERQUERY.EXE-90300611.pf



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files (x86)\myfree codec"



~~~ FireFox

Successfully deleted: [Folder] C:\Users\Privat\AppData\Roaming\mozilla\firefox\profiles\0mzbzn3k.default-1425799298169\extensions\toolbar@web.de
Successfully deleted the following from C:\Users\Privat\AppData\Roaming\mozilla\firefox\profiles\0mzbzn3k.default-1425799298169\prefs.js

user_pref("browser.search.searchengine.desc", "this is my first firefox searchEngine");
user_pref("browser.search.searchengine.ptid", "smt");
user_pref("browser.search.searchengine.uid", "ST3500412AS_5VV08871XXXX5VV08871");



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 28.03.2015 at 23:09:50,39
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

M-K-D-B 29.03.2015 11:43
Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Code:
start
CloseProcesses:
HKU\S-1-5-21-599707613-2096614801-711580207-1000\...\Run: [force-survive] => C:\Users\Privat\AppData\Roaming\Forcedog\force-feed.exe [182272 2015-03-26] ()
C:\Users\Privat\AppData\Roaming\Forcedog
HKU\S-1-5-21-599707613-2096614801-711580207-1000\...\Run: [chart_table] => C:\Users\Privat\AppData\Roaming\Chart_plate\chart_go.exe [182272 2015-03-26] ()
C:\Users\Privat\AppData\Roaming\Chart_plate
HKU\S-1-5-21-599707613-2096614801-711580207-1000\...\Run: [range-horse] => C:\Users\Privat\AppData\Local\Range-must\rangepractice.exe [97792 2015-03-26] ()
C:\Users\Privat\AppData\Local\Range-must
HKU\S-1-5-21-599707613-2096614801-711580207-1000\...\Run: [desire-card] => C:\Users\Privat\AppData\Roaming\Desire_profit\desire_boss.exe [184320 2015-03-26] ()
C:\Users\Privat\AppData\Roaming\Desire_profit
HKU\S-1-5-21-599707613-2096614801-711580207-1000\...\RunOnce: [force-survive] => C:\Users\Privat\AppData\Roaming\Forcedog\force-feed.exe [182272 2015-03-26] ()
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-599707613-2096614801-711580207-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
FF Keyword.URL:
CHR HomePage: Default -> hxxp://www.mystartsearch.com/?type=hp&ts=1425685414&from=ima&uid=ST3500412AS_5VV08871XXXX5VV08871
S2 6d75c4f6; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\ProcessSystem\ProcessSystem.dll",serv
c:\Program Files (x86)\ProcessSystem
C:\ProgramData\ywfme
Task: {023D6028-E61B-46B9-A409-05D52408CFB9} - \{7E0D1610-60EE-4758-94E6-66435D2B062D} No Task File <==== ATTENTION
Task: {7677171F-B703-433A-8878-EDA2574A4501} - \{8F0D9FF9-91E0-49E4-B6C4-0139326F4B34} No Task File <==== ATTENTION
Task: {92903F6F-D415-40CD-9AEF-B2147CFBBFD7} - \{74041EED-175D-43AD-9310-FDDAD2FC303A} No Task File <==== ATTENTION
Task: {9FE4054D-06D9-4DB4-B65F-8992910396E2} - \{FF448DBE-8796-4E69-A7E9-AEB11AA1B2E0} No Task File <==== ATTENTION
Task: {A4812B36-AEC6-4194-B04C-05ABF29EF794} - System32\Tasks\ASO-System Protector_startup => C:\Program Files (x86)\Advanced System Optimizer 3\SystemProtector.exe
C:\Program Files (x86)\Advanced System Optimizer 3
EmptyTemp:
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.







Schritt 2
  • Deaktiviere dein Anti-Viren-Programm.
  • Gehe zum Ordner C:\FRST\Quarantine.
  • Rechtsklicke auf den Ordner Quarantine und wähle > Senden an > Zip-komprimierter Ordner.
  • Es wird eine zip-Datei mit dem Namen Quarantine.zip im Ordner FRST erstellt.
  • Lade die Quarantine.zip im Upload-Channel hoch.
  • Klicke dazu auf Durchsuchen, navigiere zu der zip-Datei ( C:\FRST\Quarantine.zip ) und klicke auf Öffnen.
  • Klicke abschließend auf Hochladen.
  • Vielen Dank für deine Hilfe.
  • Aktiviere dein Anti-Viren-Programm wieder.





Schritt 3
Lade dir die passende Version von SystemLook vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop:
SystemLook (32 bit) | SystemLook (64 bit)
  • Doppelklicke auf die SystemLook.exe, um das Tool zu starten.
  • Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:

    Code:
    :folderfind
    *ProcessSystem*
    *Advanced System Optimizer*

    :regfind
    ProcessSystem
    Advanced System Optimizer
  • Klicke nun auf den Button Look, um den Scan zu starten.
  • Der Suchlauf kann einige Zeit dauern.
  • Wenn der Suchlauf beendet ist, wird sich dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
  • Die Ergebnisse werden auch auf dem Desktop als SystemLook.txt gespeichert.







Schritt 4
  • Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
  • FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.




Bitte poste mit deiner nächsten Antwort
  • die Logdatei des FRST-Fix,
  • die Logdatei von SystemLook,
  • die beiden neuen Logdateien von FRST.

Wildstyle 29.03.2015 12:22
Grüß dich,

Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by Privat at 2015-03-29 12:54:39 Run:1
Running from C:\Users\Privat\Desktop
Loaded Profiles: Privat (Available profiles: Privat)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CloseProcesses:
HKU\S-1-5-21-599707613-2096614801-711580207-1000\...\Run: [force-survive] => C:\Users\Privat\AppData\Roaming\Forcedog\force-feed.exe [182272 2015-03-26] ()
C:\Users\Privat\AppData\Roaming\Forcedog
HKU\S-1-5-21-599707613-2096614801-711580207-1000\...\Run: [chart_table] => C:\Users\Privat\AppData\Roaming\Chart_plate\chart_go.exe [182272 2015-03-26] ()
C:\Users\Privat\AppData\Roaming\Chart_plate
HKU\S-1-5-21-599707613-2096614801-711580207-1000\...\Run: [range-horse] => C:\Users\Privat\AppData\Local\Range-must\rangepractice.exe [97792 2015-03-26] ()
C:\Users\Privat\AppData\Local\Range-must
HKU\S-1-5-21-599707613-2096614801-711580207-1000\...\Run: [desire-card] => C:\Users\Privat\AppData\Roaming\Desire_profit\desire_boss.exe [184320 2015-03-26] ()
C:\Users\Privat\AppData\Roaming\Desire_profit
HKU\S-1-5-21-599707613-2096614801-711580207-1000\...\RunOnce: [force-survive] => C:\Users\Privat\AppData\Roaming\Forcedog\force-feed.exe [182272 2015-03-26] ()
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-599707613-2096614801-711580207-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
FF Keyword.URL:
CHR HomePage: Default -> hxxp://www.mystartsearch.com/?type=hp&ts=1425685414&from=ima&uid=ST3500412AS_5VV08871XXXX5VV08871
S2 6d75c4f6; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\ProcessSystem\ProcessSystem.dll",serv
c:\Program Files (x86)\ProcessSystem
C:\ProgramData\ywfme
Task: {023D6028-E61B-46B9-A409-05D52408CFB9} - \{7E0D1610-60EE-4758-94E6-66435D2B062D} No Task File <==== ATTENTION
Task: {7677171F-B703-433A-8878-EDA2574A4501} - \{8F0D9FF9-91E0-49E4-B6C4-0139326F4B34} No Task File <==== ATTENTION
Task: {92903F6F-D415-40CD-9AEF-B2147CFBBFD7} - \{74041EED-175D-43AD-9310-FDDAD2FC303A} No Task File <==== ATTENTION
Task: {9FE4054D-06D9-4DB4-B65F-8992910396E2} - \{FF448DBE-8796-4E69-A7E9-AEB11AA1B2E0} No Task File <==== ATTENTION
Task: {A4812B36-AEC6-4194-B04C-05ABF29EF794} - System32\Tasks\ASO-System Protector_startup => C:\Program Files (x86)\Advanced System Optimizer 3\SystemProtector.exe
C:\Program Files (x86)\Advanced System Optimizer 3
EmptyTemp:
end
       
*****************

Processes closed successfully.
HKU\S-1-5-21-599707613-2096614801-711580207-1000\Software\Microsoft\Windows\CurrentVersion\Run\\force-survive => value deleted successfully.
C:\Users\Privat\AppData\Roaming\Forcedog => Moved successfully.
HKU\S-1-5-21-599707613-2096614801-711580207-1000\Software\Microsoft\Windows\CurrentVersion\Run\\chart_table => value deleted successfully.
C:\Users\Privat\AppData\Roaming\Chart_plate => Moved successfully.
HKU\S-1-5-21-599707613-2096614801-711580207-1000\Software\Microsoft\Windows\CurrentVersion\Run\\range-horse => value deleted successfully.
C:\Users\Privat\AppData\Local\Range-must => Moved successfully.
HKU\S-1-5-21-599707613-2096614801-711580207-1000\Software\Microsoft\Windows\CurrentVersion\Run\\desire-card => value deleted successfully.
C:\Users\Privat\AppData\Roaming\Desire_profit => Moved successfully.
HKU\S-1-5-21-599707613-2096614801-711580207-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\force-survive => Value not found.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKU\S-1-5-21-599707613-2096614801-711580207-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
Firefox Keyword.URL deleted successfully.
Chrome HomePage deleted successfully.
6d75c4f6 => Service deleted successfully.
c:\Program Files (x86)\ProcessSystem => Moved successfully.
C:\ProgramData\ywfme => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{023D6028-E61B-46B9-A409-05D52408CFB9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{023D6028-E61B-46B9-A409-05D52408CFB9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7E0D1610-60EE-4758-94E6-66435D2B062D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7677171F-B703-433A-8878-EDA2574A4501}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7677171F-B703-433A-8878-EDA2574A4501}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{8F0D9FF9-91E0-49E4-B6C4-0139326F4B34}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{92903F6F-D415-40CD-9AEF-B2147CFBBFD7}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{92903F6F-D415-40CD-9AEF-B2147CFBBFD7}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{74041EED-175D-43AD-9310-FDDAD2FC303A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9FE4054D-06D9-4DB4-B65F-8992910396E2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9FE4054D-06D9-4DB4-B65F-8992910396E2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{FF448DBE-8796-4E69-A7E9-AEB11AA1B2E0}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A4812B36-AEC6-4194-B04C-05ABF29EF794}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A4812B36-AEC6-4194-B04C-05ABF29EF794}" => Key deleted successfully.
C:\Windows\System32\Tasks\ASO-System Protector_startup => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASO-System Protector_startup" => Key deleted successfully.
"C:\Program Files (x86)\Advanced System Optimizer 3" => File/Directory not found.
EmptyTemp: => Removed 1.2 GB temporary data.


The system needed a reboot.

==== End of Fixlog 12:55:33 ====
Code:
SystemLook 30.07.11 by jpshortstuff
Log created at 13:12 on 29/03/2015 by Privat
Administrator - Elevation successful

========== folderfind ==========

Searching for "*ProcessSystem*"
C:\FRST\Quarantine\C\Program Files (x86)\ProcessSystem        d------        [04:44 08/03/2015]

Searching for "*Advanced System Optimizer*"
C:\AdwCleaner\Quarantine\C\Program Files (x86)\advanced system optimizer 3        d------        [12:36 28/03/2015]
C:\AdwCleaner\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu\Programs\advanced system optimizer 3        d------        [12:36 28/03/2015]

========== regfind ==========

Searching for "ProcessSystem"
No data found.

Searching for "Advanced System Optimizer"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ASO3_JUMP_LIST\DefaultIcon]
@="C:\Program Files (x86)\Advanced System Optimizer 3\ASO3.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ASO3_JUMP_LIST\shell\Open\Command]
@="C:\Program Files (x86)\Advanced System Optimizer 3\ASO3.exe /HandleDocument:%1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{2A03A149-3CD3-429D-B4A4-28D9D2974874}\1.0\0\win32]
@="C:\Program Files (x86)\Advanced System Optimizer 3\SecureShell.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{2A03A149-3CD3-429D-B4A4-28D9D2974874}\1.0\HELPDIR]
@="C:\Program Files (x86)\Advanced System Optimizer 3"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D23C3BA7-6DC3-4DDF-9BDF-12599E852A40}\InprocServer32]
@="C:\Program Files (x86)\Advanced System Optimizer 3\SecureShell.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{2A03A149-3CD3-429D-B4A4-28D9D2974874}\1.0\0\win32]
@="C:\Program Files (x86)\Advanced System Optimizer 3\SecureShell.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{2A03A149-3CD3-429D-B4A4-28D9D2974874}\1.0\HELPDIR]
@="C:\Program Files (x86)\Advanced System Optimizer 3"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"Advanced System Optimizer - SecureDeleteShellExt extension"="{D114FF7C-C252-4512-B853-2308A6494BE7}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{D23C3BA7-6DC3-4DDF-9BDF-12599E852A40}\InprocServer32]
@="C:\Program Files (x86)\Advanced System Optimizer 3\SecureShell.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{2A03A149-3CD3-429D-B4A4-28D9D2974874}\1.0\0\win32]
@="C:\Program Files (x86)\Advanced System Optimizer 3\SecureShell.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{2A03A149-3CD3-429D-B4A4-28D9D2974874}\1.0\HELPDIR]
@="C:\Program Files (x86)\Advanced System Optimizer 3"

-= EOF =-

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Privat (administrator) on PRIVAT-PC on 29-03-2015 13:15:05
Running from C:\Users\Privat\Desktop
Loaded Profiles: Privat (Available profiles: Privat)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(The Within Network, LLC) C:\Windows\UnsignedThemesSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(WinZip Computing International, LLC) C:\Program Files\File Association Helper\FAHWindow.exe
(Intel Corporation) C:\Program Files (x86)\Intel\AMT\atchk.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\vVX1000.exe
() C:\Program Files (x86)\phonostar-Player\phonostarTimer.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Curse) C:\Users\Privat\AppData\Local\Apps\2.0\QJCG50TG.1QL\XZCRRC33.NN8\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b62a0ea0a2ec\CurseClient.exe
(Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [FAHConsole] => C:\Program Files\File Association Helper\FAHConsole.exe [216248 2013-09-26] (WinZip Computing International, LLC)
HKLM\...\Run: [atchk] => C:\Program Files (x86)\Intel\AMT\atchk.exe [401408 2009-12-01] (Intel Corporation)
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)
HKLM\...\Run: [VX1000] => C:\Windows\vVX1000.exe [762736 2010-05-20] (Microsoft Corporation)
Winlogon\Notify\WB: C:\Program Files (x86)\Stardock\WindowBlinds\fast64.dll [X]
HKU\S-1-5-21-599707613-2096614801-711580207-1000\...\Run: [Dxtory Update Checker 2.0] => C:\Program Files (x86)\ExKode\Dxtory2.0\UpdateChecker.exe [93696 2010-10-17] (Dxtory Software)
HKU\S-1-5-21-599707613-2096614801-711580207-1000\...\Run: [phonostar-PlayerTimer] => C:\Program Files (x86)\phonostar-Player\phonostarTimer.exe [42496 2013-04-25] ()
HKU\S-1-5-21-599707613-2096614801-711580207-1000\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1562264 2014-07-25] (Samsung)
HKU\S-1-5-21-599707613-2096614801-711580207-1000\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3890768 2015-03-19] (Tonec Inc.)
HKU\S-1-5-21-599707613-2096614801-711580207-1000\...\Run: [tssop] => C:\ProgramData\Blizzard Entertainment\Battle.net\Cache\1e\6f\design_for_testability\valve.exe [209920 2012-03-02] (BackupFly Software)
HKU\S-1-5-21-599707613-2096614801-711580207-1000\...\Run: [song_fill] => C:\Users\Privat\AppData\Local\Songshoot\songprogram.exe [151552 2015-03-28] ()
HKU\S-1-5-21-599707613-2096614801-711580207-1000\...\RunOnce: [song_fill] => C:\Users\Privat\AppData\Local\Songshoot\songprogram.exe [151552 2015-03-28] ()
Startup: C:\Users\Privat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll (Tonec Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-599707613-2096614801-711580207-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-02-21] (Internet Download Manager, Tonec Inc.)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2015-02-21] (Internet Download Manager, Tonec Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Privat\AppData\Roaming\Mozilla\Firefox\Profiles\0mzbzn3k.default-1425799298169
FF Homepage: hxxp://www.google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-05] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2013-11-12] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin HKU\S-1-5-21-599707613-2096614801-711580207-1000: @phonostar.de/phonostar-Player -> C:\Program Files (x86)\phonostar-Player\npphonostarDetectNP.dll [2013-08-06] ( )
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900}.xpi [2015-02-26]
FF Extension: UITBAutoInstaller - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\{edd7fc99-d65c-4979-85c2-ddeed30c50c7} [2015-03-02]
FF HKU\S-1-5-21-599707613-2096614801-711580207-1000\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-02-20]
FF HKU\S-1-5-21-599707613-2096614801-711580207-1000\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Privat\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Privat\AppData\Roaming\IDM\idmmzcc5 [2015-03-22]
FF HKU\S-1-5-21-599707613-2096614801-711580207-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Privat\AppData\Roaming\IDM\idmmzcc5
FF Extension: No Name - C:\Users\Privat\AppData\Roaming\Mozilla\Firefox\Profiles\0mzbzn3k.default-1425799298169\extensions\toolbar@web.de [Not Found]
FF Extension: No Name - C:\Users\Privat\AppData\Roaming\Mozilla\Firefox\Profiles\0mzbzn3k.default-1425799298169\extensions\istart_ffnt@gmail.com [Not Found]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.mystartsearch.com/?type=hp&ts=1425685414&from=ima&uid=ST3500412AS_5VV08871XXXX5VV08871
CHR StartupUrls: Default -> "hxxp://www.google.de/", "hxxp://www.google.com/"
CHR Profile: C:\Users\Privat\AppData\Local\Google\Chrome\User Data\default
CHR Extension: (YouTube) - C:\Users\Privat\AppData\Local\Google\Chrome\User Data\default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-09]
CHR Extension: (Adblock Plus) - C:\Users\Privat\AppData\Local\Google\Chrome\User Data\default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-03-09]
CHR Extension: (Spotify - Music for every moment) - C:\Users\Privat\AppData\Local\Google\Chrome\User Data\default\Extensions\cnkjkdjlofllcpbemipjbcpfnglbgieh [2015-03-09]
CHR Extension: (Cog - System Info Viewer) - C:\Users\Privat\AppData\Local\Google\Chrome\User Data\default\Extensions\difcjdggkffcfgcfconafogflmmaadco [2015-03-09]
CHR Extension: (Awesome Reload All Tabs Button) - C:\Users\Privat\AppData\Local\Google\Chrome\User Data\default\Extensions\kamfkajbgmjkfmfgcikbmbmpjfokfijk [2015-03-20]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Privat\AppData\Local\Google\Chrome\User Data\default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-09]
CHR Extension: (IDM Integration Module) - C:\Users\Privat\AppData\Local\Google\Chrome\User Data\default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2015-03-09]
CHR Extension: (Google Wallet) - C:\Users\Privat\AppData\Local\Google\Chrome\User Data\default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-16]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-03-19]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-03-19]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 atchksrv; C:\Program Files (x86)\Intel\AMT\atchksrv.exe [176128 2009-12-01] (Intel Corporation) [File not signed]
S4 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-13] (NVIDIA Corporation)
S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 Irmon; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S2 Irmon; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S4 LMS; C:\Program Files (x86)\Intel\AMT\LMS.exe [102400 2009-12-01] (Intel) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
S4 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation)
S4 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-13] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910640 2015-03-04] (Electronic Arts)
S4 RzOvlMon; C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe [32960 2014-04-18] (Razer, Inc.)
S4 UNS; C:\Program Files (x86)\Intel\AMT\UNS.exe [2519040 2009-12-01] (Intel) [File not signed]
R2 UnsignedThemes; C:\Windows\UnsignedThemesSvc.exe [24168 2009-07-13] (The Within Network, LLC)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [36096 2013-05-21] (Advanced Micro Devices, Inc.)
S3 h647906; C:\Windows\System32\drivers\h647906.sys [63856 2008-08-08] (Your Corporation)
S3 h648101; C:\Windows\System32\drivers\h648101.sys [65776 2008-08-08] (Your Corporation)
S3 h648103; C:\Windows\System32\drivers\h648103.sys [62960 2008-08-08] (Your Corporation)
S3 hid7906; C:\Windows\SysWOW64\drivers\hid7906.sys [41272 2008-08-08] (Your Corporation)
S3 hid8101; C:\Windows\SysWOW64\drivers\hid8101.sys [43192 2008-08-08] (Your Corporation)
S3 hid8103; C:\Windows\SysWOW64\drivers\hid8103.sys [40856 2008-08-08] (Your Corporation)
R3 irsir; C:\Windows\System32\DRIVERS\irsir.sys [27648 2008-01-19] (Microsoft Corporation)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [49304 2014-12-15] (Visicom Media Inc.)
R2 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [107736 2015-03-17] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-03-29] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35992 2014-12-15] (Visicom Media Inc.)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R3 RzDxgk; C:\Windows\system32\drivers\RzDxgk.sys [129472 2014-04-18] (Razer, Inc.)
R1 RzFilter; C:\Windows\system32\drivers\RzFilter.sys [74432 2014-04-18] (Razer, Inc.)
S3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [34544 2013-09-04] (Synaptics Incorporated)
R2 uxpatch; C:\Windows\system32\drivers\uxpatch.sys [30568 2009-07-13] ()
R0 vsock; C:\Windows\System32\drivers\vsock.sys [76480 2015-01-07] (VMware, Inc.)
S3 Asushwio; \??\D:\Bin\64bit\Asushwio.sys [X]
S3 catchme; \??\C:\ComboFix_2\catchme.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-29 13:15 - 2015-03-29 13:15 - 00017080 _____ () C:\Users\Privat\Desktop\FRST.txt
2015-03-29 13:12 - 2015-03-29 13:13 - 00005150 _____ () C:\Users\Privat\Desktop\SystemLook.txt
2015-03-29 13:06 - 2015-03-29 13:06 - 00165376 _____ () C:\Users\Privat\Desktop\SystemLook_x64.exe
2015-03-29 12:58 - 2015-03-29 12:58 - 00060424 _____ () C:\Users\Privat\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-29 05:04 - 2015-03-29 05:04 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\Milestone
2015-03-29 02:38 - 2015-03-29 04:27 - 2104360960 _____ () C:\Users\Privat\Desktop\Ride.iso
2015-03-29 00:40 - 2015-03-29 13:14 - 00000000 ____D () C:\Program Files\Log-Programme
2015-03-29 00:15 - 2015-03-29 00:15 - 02095616 _____ (Farbar) C:\Users\Privat\Desktop\FRST64.exe
2015-03-28 23:33 - 2015-03-29 13:08 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-28 23:33 - 2015-03-28 23:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-28 23:33 - 2015-03-28 23:33 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-28 23:33 - 2015-03-17 07:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-28 23:33 - 2015-03-17 07:15 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-28 23:33 - 2015-03-17 07:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-28 18:16 - 2015-03-28 18:16 - 00034985 _____ () C:\ComboFix.txt
2015-03-28 14:05 - 2015-03-29 13:15 - 00000000 ____D () C:\FRST
2015-03-28 03:13 - 2015-03-28 03:13 - 00000000 ___HD () C:\Users\Privat\AppData\Local\Songshoot
2015-03-27 16:45 - 2015-03-27 16:45 - 00000000 ____D () C:\Program Files\W10-Beta
2015-03-27 13:31 - 2015-03-28 01:10 - 00001307 _____ () C:\Users\Privat\AppData\Roaming\Microsoft\Windows\Start Menu\Immersive Explorer.lnk
2015-03-27 13:31 - 2015-03-28 01:10 - 00000000 ____D () C:\Users\Privat\AppData\Local\immersive-explorer.com
2015-03-27 13:16 - 2015-03-29 12:19 - 00000000 ____D () C:\Program Files (x86)\MetroSidebar
2015-03-27 13:16 - 2015-03-27 13:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MetroSidebar
2015-03-27 13:05 - 2015-03-27 13:29 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\MetroSidebar
2015-03-27 13:05 - 2015-03-27 13:05 - 00003096 _____ () C:\Windows\System32\Tasks\ReviverSoft Start Menu Run once task
2015-03-27 13:05 - 2015-03-27 13:05 - 00000000 ____D () C:\ProgramData\StartMenuReviver.exe
2015-03-27 13:05 - 2015-03-27 13:05 - 00000000 ____D () C:\ProgramData\ReviverSoft
2015-03-27 13:04 - 2015-03-29 12:24 - 00000000 ____D () C:\W7P_Backups
2015-03-27 13:02 - 2015-03-29 12:24 - 00000000 ____D () C:\SkinPack
2015-03-27 12:54 - 2015-03-27 13:01 - 00000000 ____D () C:\Users\Privat\AppData\Local\VMware
2015-03-27 12:54 - 2015-03-27 12:54 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\VMware
2015-03-27 12:52 - 2015-02-06 19:40 - 00066752 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmx86.sys
2015-03-27 12:52 - 2015-02-06 19:39 - 00033472 _____ (VMware, Inc.) C:\Windows\system32\Drivers\VMkbd.sys
2015-03-27 12:52 - 2015-01-07 16:55 - 00076480 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vsock.sys
2015-03-27 12:52 - 2015-01-07 16:55 - 00068288 _____ (VMware, Inc.) C:\Windows\system32\vsocklib.dll
2015-03-27 12:52 - 2015-01-07 16:55 - 00064192 _____ (VMware, Inc.) C:\Windows\SysWOW64\vsocklib.dll
2015-03-27 12:51 - 2015-02-06 19:40 - 00438464 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
2015-03-27 12:51 - 2015-02-06 19:40 - 00359104 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
2015-03-27 12:51 - 2015-02-06 19:40 - 00026816 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmnetuserif.sys
2015-03-27 12:51 - 2015-02-06 19:39 - 00931008 _____ (VMware, Inc.) C:\Windows\system32\vnetlib64.dll
2015-03-27 12:51 - 2015-01-07 09:02 - 00055488 _____ (VMware, Inc.) C:\Windows\system32\Drivers\hcmon.sys
2015-03-27 12:50 - 2015-03-29 12:57 - 00000000 ____D () C:\ProgramData\VMware
2015-03-27 12:50 - 2015-03-27 12:50 - 00000000 ____D () C:\Program Files\Common Files\VMware
2015-03-27 12:50 - 2015-03-27 12:50 - 00000000 ____D () C:\Program Files (x86)\VMware
2015-03-26 15:58 - 2015-03-29 12:56 - 00023862 _____ () C:\Windows\PFRO.log
2015-03-26 12:02 - 2015-03-26 12:02 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\Alien Isolation
2015-03-26 12:01 - 2015-03-29 04:57 - 00018837 _____ () C:\Windows\DirectX.log
2015-03-26 00:12 - 2015-03-27 11:22 - 00000000 ___HD () C:\Users\Privat\AppData\Roaming\Song-open
2015-03-25 12:17 - 2015-03-11 06:06 - 00943616 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-03-25 12:17 - 2015-03-11 06:06 - 00760832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-03-25 12:17 - 2015-03-11 06:06 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-03-25 12:17 - 2015-03-11 06:06 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-03-25 12:17 - 2015-03-11 06:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-03-25 12:17 - 2015-03-11 06:05 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-03-25 12:17 - 2015-03-11 06:05 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-03-25 12:17 - 2015-03-11 06:02 - 01107456 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-03-24 21:04 - 2015-03-29 12:57 - 00001864 _____ () C:\Windows\setupact.log
2015-03-24 21:04 - 2015-03-24 21:04 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-23 00:14 - 2015-03-23 07:02 - 00000000 ____D () C:\Users\Privat\AppData\Local\Darksiders2
2015-03-23 00:14 - 2015-03-23 00:14 - 00000000 ____D () C:\Users\Privat\AppData\Local\SKIDROW
2015-03-19 05:08 - 2015-03-19 04:27 - 00191960 _____ (Tonec Inc.) C:\Windows\system32\Drivers\idmwfp.sys
2015-03-18 16:43 - 2015-03-18 16:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SimBin
2015-03-14 20:57 - 2015-03-14 20:58 - 00002566 _____ () C:\Users\Privat\Documents\Verschlüsselt.pfx
2015-03-14 14:35 - 2015-03-14 14:35 - 00000000 ____D () C:\Users\Privat\Documents\CAPCOM
2015-03-14 14:20 - 2015-03-14 14:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows - LIVE
2015-03-14 14:19 - 2015-03-14 14:20 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2015-03-14 14:19 - 2015-03-14 14:19 - 00000000 ____D () C:\Windows\SysWOW64\xlive
2015-03-13 11:15 - 2015-03-13 11:21 - 00000000 ____D () C:\Verschlüsselt
2015-03-11 19:54 - 2015-03-11 19:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIMP3
2015-03-11 15:37 - 2015-02-20 06:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-11 15:37 - 2015-02-20 06:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-11 15:37 - 2015-02-20 06:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-11 15:37 - 2015-02-20 06:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-11 15:37 - 2015-02-20 06:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-11 15:37 - 2015-02-20 06:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-11 15:37 - 2015-02-20 06:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-11 15:37 - 2015-02-20 06:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-11 15:37 - 2015-02-20 05:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-11 15:37 - 2015-02-20 05:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-11 15:37 - 2015-02-03 05:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-11 15:37 - 2015-02-03 05:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-03-11 15:37 - 2015-02-03 05:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-11 15:37 - 2015-02-03 05:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-03-11 15:37 - 2015-02-03 05:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-11 15:37 - 2015-02-03 05:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-11 15:37 - 2015-02-03 05:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-11 15:37 - 2015-02-03 05:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-11 15:37 - 2015-02-03 05:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-11 15:37 - 2015-02-03 05:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-11 15:37 - 2015-02-03 05:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-11 15:37 - 2015-02-03 05:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-11 15:37 - 2015-02-03 05:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-11 15:37 - 2015-02-03 05:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-11 15:37 - 2015-02-03 05:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-11 15:37 - 2015-02-03 05:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-11 15:37 - 2015-02-03 05:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-11 15:37 - 2015-02-03 05:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-11 15:37 - 2015-02-03 05:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-11 15:37 - 2015-02-03 05:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-11 15:37 - 2015-02-03 05:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-11 15:37 - 2015-02-03 05:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-11 15:37 - 2015-02-03 05:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-11 15:37 - 2015-02-03 05:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-11 15:37 - 2015-02-03 05:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-11 15:37 - 2015-02-03 05:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-11 15:37 - 2015-02-03 05:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-11 15:37 - 2015-02-03 05:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-11 15:37 - 2015-02-03 05:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-11 15:37 - 2015-02-03 05:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-11 15:37 - 2015-02-03 05:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-11 15:37 - 2015-02-03 05:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-11 15:37 - 2015-02-03 05:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-11 15:37 - 2015-02-03 05:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-11 15:37 - 2015-02-03 05:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-11 15:37 - 2015-02-03 05:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-11 15:37 - 2015-02-03 05:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-11 15:37 - 2015-02-03 05:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-11 15:37 - 2015-02-03 05:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-11 15:37 - 2015-02-03 05:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-11 15:37 - 2015-02-03 05:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-11 15:37 - 2015-02-03 05:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-11 15:37 - 2015-02-03 05:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-11 15:37 - 2015-02-03 05:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-11 15:37 - 2015-02-03 05:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-11 15:37 - 2015-02-03 05:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-11 15:37 - 2015-02-03 05:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-11 15:37 - 2015-02-03 05:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-11 15:37 - 2015-02-03 05:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-11 15:37 - 2015-02-03 05:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-11 15:37 - 2015-02-03 05:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-11 15:37 - 2015-02-03 05:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-11 15:37 - 2015-02-03 05:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-11 15:37 - 2015-02-03 05:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-11 15:37 - 2015-02-03 05:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-11 15:37 - 2015-02-03 05:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-11 15:37 - 2015-02-03 05:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-03-11 15:37 - 2015-02-03 05:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-03-11 15:37 - 2015-02-03 05:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-03-11 15:37 - 2015-02-03 05:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-03-11 15:37 - 2015-02-03 05:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-03-11 15:37 - 2015-02-03 05:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-03-11 15:37 - 2015-02-03 05:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-03-11 15:37 - 2015-02-03 05:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-03-11 15:37 - 2015-02-03 05:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-03-11 15:37 - 2015-02-03 05:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-03-11 15:37 - 2015-02-03 05:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-03-11 15:37 - 2015-02-03 05:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-03-11 15:37 - 2015-02-03 05:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-03-11 15:37 - 2015-02-03 05:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-03-11 15:37 - 2015-02-03 05:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-03-11 15:37 - 2015-02-03 05:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-03-11 15:37 - 2015-02-03 05:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-03-11 15:37 - 2015-02-03 05:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-03-11 15:37 - 2015-02-03 05:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-03-11 15:37 - 2015-02-03 05:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-03-11 15:37 - 2015-02-03 05:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-03-11 15:37 - 2015-02-03 05:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-03-11 15:37 - 2015-02-03 05:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-03-11 15:37 - 2015-02-03 05:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-03-11 15:37 - 2015-02-03 05:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-03-11 15:37 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-03-11 15:37 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-03-11 15:37 - 2015-02-03 05:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-03-11 15:37 - 2015-02-03 05:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-03-11 15:37 - 2015-02-03 05:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-03-11 15:37 - 2015-02-03 05:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-03-11 15:37 - 2015-02-03 05:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-03-11 15:37 - 2015-02-03 04:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-11 15:37 - 2014-11-01 00:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-11 15:37 - 2014-06-28 02:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-03-11 15:37 - 2014-06-28 02:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-03-11 15:36 - 2015-03-06 07:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-11 15:36 - 2015-03-06 07:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-11 15:36 - 2015-03-06 07:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-11 15:36 - 2015-03-06 07:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-11 15:36 - 2015-03-06 07:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-11 15:36 - 2015-03-06 07:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-11 15:36 - 2015-03-06 07:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-11 15:36 - 2015-03-06 07:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-11 15:36 - 2015-03-06 07:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-11 15:36 - 2015-03-06 07:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-11 15:36 - 2015-03-06 07:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-11 15:36 - 2015-03-06 07:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-11 15:36 - 2015-03-06 07:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-11 15:36 - 2015-03-06 07:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-11 15:36 - 2015-03-06 07:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-11 15:36 - 2015-03-06 07:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-11 15:36 - 2015-03-06 07:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-11 15:36 - 2015-03-06 07:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-11 15:36 - 2015-03-06 07:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-03-11 15:36 - 2015-03-06 07:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-03-11 15:36 - 2015-03-06 07:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-11 15:36 - 2015-03-06 07:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-03-11 15:36 - 2015-03-06 07:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-03-11 15:36 - 2015-03-06 07:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-03-11 15:36 - 2015-03-06 07:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-11 15:36 - 2015-03-06 07:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-03-11 15:36 - 2015-03-06 07:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-11 15:36 - 2015-03-06 07:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-03-11 15:36 - 2015-03-06 07:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-03-11 15:36 - 2015-03-06 07:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-03-11 15:36 - 2015-03-06 07:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-11 15:36 - 2015-02-26 05:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-11 15:36 - 2015-02-24 05:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-11 15:36 - 2015-02-24 04:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-03-11 15:36 - 2015-02-21 03:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-11 15:36 - 2015-02-21 02:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-11 15:36 - 2015-02-21 02:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-11 15:36 - 2015-02-21 02:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-11 15:36 - 2015-02-21 02:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-11 15:36 - 2015-02-21 01:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-11 15:36 - 2015-02-21 01:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-11 15:36 - 2015-02-20 05:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-11 15:36 - 2015-02-20 05:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-11 15:36 - 2015-02-20 04:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-11 15:36 - 2015-02-20 04:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-11 15:36 - 2015-02-20 04:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-11 15:36 - 2015-02-20 04:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-11 15:36 - 2015-02-20 04:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-11 15:36 - 2015-02-20 04:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-11 15:36 - 2015-02-20 04:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-11 15:36 - 2015-02-20 04:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-11 15:36 - 2015-02-20 04:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-11 15:36 - 2015-02-20 04:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-11 15:36 - 2015-02-20 04:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-11 15:36 - 2015-02-20 04:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-11 15:36 - 2015-02-20 04:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-11 15:36 - 2015-02-20 04:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-11 15:36 - 2015-02-20 04:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-11 15:36 - 2015-02-20 04:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-11 15:36 - 2015-02-20 04:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-11 15:36 - 2015-02-20 04:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-11 15:36 - 2015-02-20 04:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-03-11 15:36 - 2015-02-20 04:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-03-11 15:36 - 2015-02-20 04:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-11 15:36 - 2015-02-20 04:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-11 15:36 - 2015-02-20 04:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-11 15:36 - 2015-02-20 04:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-11 15:36 - 2015-02-20 04:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-03-11 15:36 - 2015-02-20 03:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-03-11 15:36 - 2015-02-20 03:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-03-11 15:36 - 2015-02-20 03:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-03-11 15:36 - 2015-02-20 03:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-11 15:36 - 2015-02-20 03:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-11 15:36 - 2015-02-20 03:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-11 15:36 - 2015-02-20 03:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-11 15:36 - 2015-02-20 03:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-11 15:36 - 2015-02-20 03:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-11 15:36 - 2015-02-20 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-03-11 15:36 - 2015-02-20 03:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-11 15:36 - 2015-02-20 03:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-11 15:36 - 2015-02-20 03:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-11 15:36 - 2015-02-20 03:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-11 15:36 - 2015-02-20 03:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-03-11 15:36 - 2015-02-20 03:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-11 15:36 - 2015-02-20 03:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-11 15:36 - 2015-02-20 03:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-11 15:36 - 2015-02-20 02:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-11 15:36 - 2015-02-20 02:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-11 15:36 - 2015-02-13 07:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-11 15:36 - 2015-02-13 07:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-11 15:36 - 2015-02-04 05:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-11 15:36 - 2015-02-04 04:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-11 15:36 - 2015-02-03 05:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-11 15:36 - 2015-02-03 05:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-11 15:36 - 2015-02-03 05:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-11 15:36 - 2015-02-03 05:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-11 15:36 - 2015-01-31 05:48 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-03-11 15:36 - 2015-01-31 05:48 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-03-11 15:36 - 2015-01-31 01:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-11 15:36 - 2015-01-31 01:56 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-03-11 15:36 - 2015-01-17 04:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-11 15:36 - 2015-01-17 04:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-10 19:06 - 2015-03-11 06:05 - 00000000 ____D () C:\ProgramData\Codemasters
2015-03-09 13:49 - 2015-03-09 13:49 - 00000000 ____D () C:\Users\Privat\Documents\FIFA 11
2015-03-09 06:40 - 2015-03-09 06:40 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-03-08 23:57 - 2015-03-08 23:57 - 00000000 ____D () C:\Users\Privat\AppData\Local\BANDAI NAMCO Games
2015-03-08 07:36 - 2015-03-08 07:36 - 00003202 _____ () C:\Windows\System32\Tasks\StardockTR
2015-03-08 07:12 - 2015-03-08 07:12 - 00000000 _____ () C:\ProgramData\rebootpending.txt
2015-03-08 06:50 - 2014-08-02 14:37 - 00000000 ____D () C:\Program Files\WindowBlinds
2015-03-08 06:45 - 2015-03-08 06:45 - 00000000 ____D () C:\Windows\SysWOW64\AMD64
2015-03-08 06:44 - 2015-03-12 18:27 - 00000000 ____D () C:\Program Files (x86)\Sinhala Meaning
2015-03-08 06:42 - 2015-03-08 07:14 - 00000000 ____D () C:\ProgramData\{9a05f486-54c6-b219-9a05-5f48654cd219}
2015-03-08 05:36 - 2015-03-08 07:32 - 00000000 ____D () C:\ProgramData\Stardock
2015-03-08 05:14 - 2015-03-08 05:14 - 00000000 ___HD () C:\ProgramData\{CEC42AA7-80BC-42B4-B5F3-8E754D04A118}
2015-03-08 05:07 - 2015-03-27 13:26 - 00000000 ____D () C:\Program Files (x86)\Stardock
2015-03-08 05:07 - 2015-03-27 13:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stardock
2015-03-08 05:07 - 2015-03-08 06:36 - 00000000 ____D () C:\Users\Privat\AppData\Local\Stardock
2015-03-08 05:07 - 2015-03-08 06:35 - 00000000 ____D () C:\Users\Public\Documents\Stardock
2015-03-08 05:06 - 2015-03-08 05:06 - 00000000 ____D () C:\Users\Privat\Downloads\Stardock
2015-03-08 03:33 - 2007-09-21 10:57 - 00081920 _____ () C:\Windows\SysWOW64\dancemat.exe
2015-03-08 03:24 - 2015-03-08 03:24 - 00003170 _____ () C:\Windows\System32\Tasks\{E52F1503-D79A-4591-981D-7BD3AEAEDBD8}
2015-03-07 22:35 - 2015-03-07 23:26 - 00000000 ____D () C:\Program Files\X360ce
2015-03-07 17:57 - 2008-08-08 16:31 - 00040856 _____ (Your Corporation) C:\Windows\SysWOW64\Drivers\hid8103.sys
2015-03-07 16:44 - 2015-03-07 16:44 - 00003106 _____ () C:\Windows\System32\Tasks\{5A6297E5-8A05-41E3-9AC7-B324F3968FF8}
2015-03-07 01:43 - 2015-03-07 18:20 - 00000000 ____D () C:\ProgramData\{adb05eb9-8e80-1ef7-adb0-05eb98e87ae6}
2015-03-07 01:43 - 2015-03-07 17:56 - 00000000 ____D () C:\Users\Privat\AppData\Local\winengine
2015-03-07 01:16 - 2015-03-07 01:16 - 00000000 ____D () C:\ProgramData\KONAMI
2015-03-06 11:46 - 2015-03-06 11:46 - 00000000 ____D () C:\Users\Privat\AppData\Local\My Games
2015-03-06 11:36 - 2015-03-10 15:15 - 00000000 ____D () C:\ProgramData\Orbit
2015-03-06 11:36 - 2015-03-06 22:18 - 00281688 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2015-03-06 11:26 - 2015-03-06 11:36 - 00281688 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2015-03-06 02:15 - 2015-03-06 02:15 - 00000000 ____D () C:\Users\Privat\AppData\Local\Crytek
2015-03-05 15:56 - 2008-08-08 16:33 - 00008316 _____ () C:\Windows\SysWOW64\Drivers\hid8103.cat
2015-03-05 15:56 - 2008-08-08 16:33 - 00008316 _____ () C:\Windows\SysWOW64\Drivers\hid8101.cat
2015-03-05 15:56 - 2008-08-08 16:33 - 00008316 _____ () C:\Windows\SysWOW64\Drivers\hid7906.cat
2015-03-05 15:56 - 2008-08-08 16:31 - 00065776 _____ (Your Corporation) C:\Windows\system32\Drivers\h648101.sys
2015-03-05 15:56 - 2008-08-08 16:31 - 00063856 _____ (Your Corporation) C:\Windows\system32\Drivers\h647906.sys
2015-03-05 15:56 - 2008-08-08 16:31 - 00062960 _____ (Your Corporation) C:\Windows\system32\Drivers\h648103.sys
2015-03-05 15:56 - 2008-08-08 16:31 - 00043192 _____ (Your Corporation) C:\Windows\SysWOW64\Drivers\hid8101.sys
2015-03-05 15:56 - 2008-08-08 16:31 - 00041272 _____ (Your Corporation) C:\Windows\SysWOW64\Drivers\hid7906.sys
2015-03-05 15:56 - 2007-11-12 16:28 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\USBGAMEPAD.cpl
2015-03-05 15:55 - 2015-03-08 03:33 - 00000000 ____D () C:\Windows\USB Vibration
2015-03-05 15:54 - 2015-03-05 15:56 - 00000000 ____D () C:\Program Files (x86)\USB Vibration
2015-03-05 13:08 - 2015-03-05 13:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crysis 3
2015-03-05 12:03 - 2015-03-05 17:06 - 00000000 ____D () C:\Users\Privat\Documents\FIFA 15
2015-03-04 17:42 - 2015-03-04 18:05 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\Origin
2015-03-04 17:42 - 2015-03-04 18:05 - 00000000 ____D () C:\Users\Privat\AppData\Local\Origin
2015-03-04 17:41 - 2015-03-04 17:42 - 00000000 ____D () C:\Program Files (x86)\Origin
2015-03-04 17:12 - 2015-03-04 17:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FIFA 15
2015-03-04 11:50 - 2015-03-04 11:50 - 00000000 ____D () C:\Windows\SysWOW64\䙔䵁
2015-03-04 06:05 - 2015-03-04 06:05 - 00000000 ____D () C:\ProgramData\EA Core
2015-03-02 03:23 - 2015-03-02 03:23 - 01700352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdiplus.dll
2015-03-02 03:23 - 2015-03-02 03:23 - 01060864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc71.dll
2015-03-02 03:06 - 2015-03-02 03:06 - 00000000 ____D () C:\Program Files (x86)\WEB.DE MailCheck
2015-03-02 01:58 - 2015-03-02 01:58 - 00000000 ____D () C:\Users\Privat\AppData\Local\storage
2015-03-02 01:57 - 2015-03-21 17:41 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\Ubisoft
2015-03-02 01:57 - 2015-03-06 11:36 - 00000000 ____D () C:\Users\Privat\AppData\Local\PunkBuster
2015-03-01 19:16 - 2015-03-22 21:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Catalyst
2015-03-01 18:34 - 2015-03-01 18:34 - 00000000 ____D () C:\Users\Privat\Documents\Rockstar Games
2015-03-01 18:32 - 2015-03-01 18:32 - 00000000 __SHD () C:\ProgramData\SecuROM
2015-03-01 18:32 - 2015-03-01 18:32 - 00000000 ____D () C:\Users\Privat\AppData\Local\Rockstar Games
2015-03-01 17:56 - 2015-03-01 17:56 - 00000000 __RHD () C:\Users\Privat\AppData\Roaming\SecuROM
2015-03-01 06:35 - 2015-03-15 15:21 - 00000000 ____D () C:\Users\Privat\AppData\Local\CAPCOM
2015-03-01 06:35 - 2015-03-01 06:35 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\Steam
2015-03-01 03:56 - 2015-03-01 03:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraISO
2015-03-01 03:56 - 2015-03-01 03:56 - 00000000 ____D () C:\Program Files (x86)\UltraISO
2015-03-01 03:42 - 2015-03-29 13:07 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\IDM
2015-03-01 03:42 - 2015-03-29 12:20 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\DMCache
2015-03-01 03:42 - 2015-03-27 13:05 - 00000000 ____D () C:\Users\Privat\Downloads\Compressed
2015-03-01 03:42 - 2015-03-23 16:17 - 00000000 ____D () C:\Program Files (x86)\Internet Download Manager
2015-03-01 03:42 - 2015-03-13 11:35 - 00000000 ____D () C:\Users\Privat\Downloads\Video
2015-03-01 03:42 - 2015-03-01 03:42 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2015-03-01 03:42 - 2015-03-01 03:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2015-03-01 03:42 - 2015-03-01 03:42 - 00000000 ____D () C:\ProgramData\IDM

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-29 13:04 - 2009-07-14 06:45 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-29 13:04 - 2009-07-14 06:45 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-29 13:01 - 2013-11-22 22:32 - 02067013 _____ () C:\Windows\WindowsUpdate.log
2015-03-29 13:01 - 2011-04-12 09:43 - 00702138 _____ () C:\Windows\system32\perfh007.dat
2015-03-29 13:01 - 2011-04-12 09:43 - 00150804 _____ () C:\Windows\system32\perfc007.dat
2015-03-29 13:01 - 2009-07-14 07:13 - 01628890 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-29 12:58 - 2013-11-23 21:11 - 00000000 ____D () C:\Users\Privat\AppData\Local\Deployment
2015-03-29 12:57 - 2014-02-16 09:33 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-29 12:57 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-29 12:57 - 2009-07-14 06:45 - 00268872 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-29 12:30 - 2014-02-16 09:33 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-29 12:24 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Cursors
2015-03-29 12:16 - 2013-11-22 23:29 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-29 05:00 - 2014-08-04 12:18 - 00000000 ____D () C:\ProgramData\Package Cache
2015-03-29 04:30 - 2013-11-23 17:05 - 00000000 ____D () C:\Games
2015-03-29 02:03 - 2013-11-23 03:18 - 00000000 ____D () C:\Users\Privat\AppData\Local\Battle.net
2015-03-29 00:42 - 2013-11-23 03:18 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2015-03-29 00:05 - 2009-07-14 04:34 - 00000473 _____ () C:\Windows\win.ini
2015-03-28 23:28 - 2014-08-06 04:12 - 00000000 ____D () C:\AdwCleaner
2015-03-28 18:30 - 2013-11-23 21:11 - 00000000 ____D () C:\Users\Privat\AppData\Local\Apps\2.0
2015-03-28 18:18 - 2014-08-06 03:15 - 00000000 ____D () C:\Qoobox
2015-03-28 17:47 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2015-03-28 15:03 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Globalization
2015-03-27 16:21 - 2013-11-29 09:21 - 00001160 _____ () C:\Users\Privat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-03-27 16:21 - 2013-11-22 23:00 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-03-27 16:21 - 2013-11-22 22:38 - 00001421 _____ () C:\Users\Privat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-03-27 14:14 - 2013-11-23 15:29 - 00000000 ____D () C:\Users\Privat\Documents\My Games
2015-03-27 13:27 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-27 13:04 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\oobe
2015-03-27 12:50 - 2013-11-23 01:22 - 01648846 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-03-27 11:22 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\Performance
2015-03-26 01:05 - 2013-11-22 22:37 - 00000000 ____D () C:\Users\Privat\AppData\Local\VirtualStore
2015-03-26 00:04 - 2013-11-24 20:16 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\TS3Client
2015-03-25 19:34 - 2014-12-11 04:53 - 00000000 ____D () C:\Windows\system32\appraiser
2015-03-25 19:34 - 2014-04-30 02:20 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-03-25 12:34 - 2013-11-23 02:12 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft
2015-03-24 17:16 - 2013-11-22 22:37 - 00000000 ____D () C:\Users\Privat
2015-03-24 17:15 - 2013-11-23 01:07 - 00001656 _____ () C:\Windows\system32\ASOROSet.bin
2015-03-24 17:15 - 2009-07-14 04:34 - 71565312 _____ () C:\Windows\system32\config\software.bak
2015-03-24 17:15 - 2009-07-14 04:34 - 25690112 _____ () C:\Windows\system32\config\system.bak
2015-03-24 17:15 - 2009-07-14 04:34 - 00024576 _____ () C:\Windows\system32\config\security.bak
2015-03-24 17:11 - 2009-07-14 04:34 - 00061440 _____ () C:\Windows\system32\config\sam.bak
2015-03-22 02:30 - 2014-05-08 15:01 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\NVIDIA
2015-03-21 17:43 - 2013-11-22 23:16 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-03-21 17:41 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-03-19 20:16 - 2014-03-12 12:58 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2015-03-16 11:35 - 2014-07-04 19:29 - 00000000 ____D () C:\ProgramData\Origin
2015-03-12 22:59 - 2014-08-03 19:55 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\Skype
2015-03-12 18:02 - 2013-11-23 23:31 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\AIMP3
2015-03-12 07:57 - 2009-07-14 07:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-03-12 07:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-12 07:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-12 00:53 - 2013-11-23 14:54 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-12 00:48 - 2013-11-23 14:54 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-11 19:54 - 2013-11-23 23:31 - 00000000 ____D () C:\Program Files (x86)\AIMP3
2015-03-11 16:57 - 2015-02-26 03:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-11 16:57 - 2013-11-23 15:38 - 00000000 ____D () C:\Windows\SysWOW64\directx
2015-03-09 01:37 - 2013-11-23 03:36 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\vlc
2015-03-06 19:52 - 2013-11-22 23:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-06 03:27 - 2013-11-23 15:29 - 00000000 ____D () C:\ProgramData\Steam
2015-03-05 22:01 - 2014-08-03 22:50 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-03-05 22:01 - 2014-08-03 19:54 - 00000000 ____D () C:\ProgramData\Skype
2015-03-03 16:23 - 2014-05-31 20:48 - 00000000 ____D () C:\ProgramData\Electronic Arts
2015-03-03 15:12 - 2014-04-10 04:10 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-03-03 12:49 - 2013-12-07 10:53 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft Public Test
2015-03-01 19:49 - 2014-06-06 19:37 - 00000000 ____D () C:\Program Files (x86)\Razer
2015-03-01 19:12 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF

==================== Files in the root of some directories =======

2013-11-22 23:12 - 2013-11-22 23:12 - 0003584 _____ () C:\Users\Privat\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-11-23 00:52 - 2013-11-23 00:52 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-03-08 07:12 - 2015-03-08 07:12 - 0000000 _____ () C:\ProgramData\rebootpending.txt

Files to move or delete:
====================
C:\ProgramData\StartMenuReviver.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-25 18:33

==================== End Of Log ============================
--- --- ---


Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Privat at 2015-03-29 13:15:55
Running from C:\Users\Privat\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

"Crysis 3" (HKLM-x32\...\{6D1DFD35-9671-4DCC-B7E6-FCF6AD3FEB78}_is1) (Version: 1.3.0.0 - )
«Darksiders II»  1.5.up6 (HKLM-x32\...\Darksiders II_is1) (Version: 1.5.up6 - THQ)
«Need for Speed - Most Wanted»  1.0 (HKLM-x32\...\{FB0127F3-985B-44CE-AE29-378CAF60B361}_is1) (Version: 1.0 - Electronic Arts)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
AIMP3 (HKLM-x32\...\AIMP3) (Version: v3.60.1483, 27.02.2015 - AIMP DevTeam)
Alien Isolation (HKLM-x32\...\Alien Isolation_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
ASUS nVidia Driver (x32 Version: 1.00.0000 - ASUSTek) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Crysis® 2 (HKLM-x32\...\{6033673D-2530-4587-8AD0-EB059FC263F9}) (Version: 1.0.0.0 - Electronic Arts)
Curse Client (HKU\S-1-5-21-599707613-2096614801-711580207-1000\...\101a9f93b8f0bb6f) (Version: 5.1.1.820 - Curse)
CursorFX (x32 Version: 2.00 - Stardock Corporation) Hidden
CursorFX Plus (HKLM-x32\...\CursorFX Plus) (Version:  - Stardock Corporation)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Dxtory version 2.0.127 (HKLM-x32\...\Dxtory2.0_is1) (Version: 2.0.127 - ExKode Co. Ltd.)
EA SPORTS™ FIFA 15 (HKLM-x32\...\{3D4ADA2B-F028-4307-ADF4-6F9AA44725DA}) (Version: 1.4.0.0 - Electronic Arts)
FIFA 11 Demo (HKLM-x32\...\{DC158DF7-6B36-4C6F-BC91-109014297994}) (Version: 1.0.0.0 - Electronic Arts)
File Association Helper (HKLM\...\{572D0504-2C67-4016-801F-D70879A3026A}) (Version: 1.1.6.53763 - WinZip Computing International, LLC)
Free YouTube Download version 3.2.51.1215 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.51.1215 - DVDVideoSoft Ltd.)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.101 - Google Inc.)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
Intel(R) Management Engine Interface (HKLM\...\HECI) (Version:  - Intel Corporation)
Intel® Active-Management-Technologie (HKLM\...\MESOL) (Version:  - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Lagarith Lossless Codec (1.3.27) (HKLM-x32\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version:  - )
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Malwarebytes Anti-Malware Version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
ManyCam 4.1.0 (HKLM-x32\...\ManyCam) (Version: 4.1.0 - Visicom Media Inc.)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE  (HKLM-x32\...\{4D243BA7-9AC4-46D1-90E5-EEB88974F501}) (Version: 2.0.687.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}) (Version: 2.0.687.0 - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{6965A8D2-465D-4F98-9FAA-0E9E2348F329}) (Version: 3.22.270.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{3c3aafc8-d898-43ec-998f-965ffdae065a}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{e6e75766-da0f-4ba2-9788-6ea593ce702d}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 36.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 36.0.1 (x86 de)) (Version: 36.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MyFreeCodec (HKU\S-1-5-21-599707613-2096614801-711580207-1000\...\MyFreeCodec) (Version:  - )
NVIDIA 3D Vision Controller-Treiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.52 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.5 - NVIDIA Corporation)
NVIDIA Grafiktreiber 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.52 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.5.5.2850 - Electronic Arts, Inc.)
phonostar-Player Version 3.03.1 (HKLM-x32\...\phonostar3RadioPlayer_is1) (Version:  - )
PS TO PC CONVERTER (HKLM-x32\...\{A483F88A-41E9-45B2-AAC9-A823DD9B4873}) (Version: 2007.01.01 - )
Razer Core (HKLM-x32\...\Razer Core) (Version: 1.0.1.66 - Razer Inc)
Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.13 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7385 - Realtek Semiconductor Corp.)
Reload Icons Cache 1.00 (HKLM-x32\...\Reload Icons Cache 1.00) (Version: 1.00 - Mr Blade Design's)
RIDE (HKLM-x32\...\UklERQ==_is1) (Version: 1 - )
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.14044_17 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.3.14044_17 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
SHIELD Streaming (Version: 3.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.18.9 - NVIDIA Corporation) Hidden
Shutdown Timer (HKLM\...\{0B1BBEE3-C10D-44BE-A6BE-EEC867315F87}) (Version: 3.3.4 - Sinvise Systems)
Skype™ 7.1 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)
STREET FIGHTER IV (HKLM-x32\...\{59ABBDF0-E1E5-48AF-85FB-F523A08C3490}) (Version: 1.00.3013 - CAPCOM U.S.A., INC.)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
Tukui Client (HKLM-x32\...\{EF0FAA54-5532-4B90-99C4-B4A97D600A94}) (Version: 2.4.3 - Tukui)
Twin USB Vibration Gamepad (HKLM-x32\...\{1BBDD6C0-ED6F-43C3-8A9C-84E3249A5615}) (Version: 2007.01.01 - )
UltraISO Premium V9.53 (HKLM-x32\...\UltraISO_is1) (Version:  - )
USB Network Driver (HKLM-x32\...\{66ED8E01-C915-41F5-B33E-C5C31F27B885}) (Version: V3.70a - )
UxStyle Core Beta (HKLM\...\{8E363055-15E5-4D8A-9C69-A0A9DE9A3337}) (Version: 0.2.1.1 - The Within Network, LLC)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VLC media player 2.1.1 (HKLM\...\VLC media player) (Version: 2.1.1 - VideoLAN)
VMware Player (HKLM-x32\...\VMware_Player) (Version: 7.1.0 - VMware, Inc)
VMware Player (Version: 7.1.0 - VMware, Inc.) Hidden
WEB.DE MailCheck für Mozilla Firefox (HKLM-x32\...\1&1 Mail & Media GmbH Toolbar FF) (Version: 3.0.2.1739 - 1&1 Mail & Media GmbH)
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-599707613-2096614801-711580207-1000_Classes\CLSID\{78100a96-d60c-4ceb-82b8-d54834ef4d19}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-599707613-2096614801-711580207-1000_Classes\CLSID\{95801f19-25b2-41fb-8347-c69d13a4b393}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-599707613-2096614801-711580207-1000_Classes\CLSID\{b159717a-9134-42fd-ad87-0820f6c95e44}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-599707613-2096614801-711580207-1000_Classes\CLSID\{b7431fc4-b219-4818-b54b-1a850cddbbed}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-599707613-2096614801-711580207-1000_Classes\CLSID\{e1275246-fcf3-4712-9a4a-265615936441}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)

==================== Restore Points  =========================

29-03-2015 04:54:40 DirectX wurde installiert
29-03-2015 04:57:52 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
29-03-2015 04:58:14 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
29-03-2015 04:58:54 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005
29-03-2015 04:59:27 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
29-03-2015 05:00:15 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
29-03-2015 12:18:27 MetroSidebar wird entfernt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2015-03-28 14:20 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0566F90C-5A50-4D07-A1FA-25FE73F3F4B0} - System32\Tasks\ReviverSoft Start Menu Run once task => C:\SkinPack\StartMenu\StartMenuReviver.exe
Task: {47D5B8ED-A1D8-4D73-8BA6-2B370E5C2E31} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-16] (Google Inc.)
Task: {48E4CE6C-8549-43C0-BF10-8BBA97E10A6D} - System32\Tasks\{5A6297E5-8A05-41E3-9AC7-B324F3968FF8} => pcalua.exe -a C:\Windows\SysWOW64\USBGAMEPAD.cpl -c Game Controllers
Task: {4ADBFEF0-F400-4C2F-A2D8-1545556E44C0} - System32\Tasks\{64601819-02F8-4237-A59D-29B1DDE31AD7} => pcalua.exe -a "C:\Users\Privat\Desktop\Creative Sound Blaster Audigy DriverSBAX PCDVTBETA US v2.1.0000.exe" -d C:\Users\Privat\Desktop
Task: {5416AF43-0D6D-41FB-AC70-7FFB43245C2C} - System32\Tasks\{E52F1503-D79A-4591-981D-7BD3AEAEDBD8} => pcalua.exe -a C:\Games\Grand_Theft_Auto_IV\Content\setup.exe -d C:\Games\Grand_Theft_Auto_IV\Content
Task: {867E6326-310F-4F06-929D-B0BB10E4948A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-16] (Google Inc.)
Task: {B9839B66-29D4-4226-B426-EEA4B1B388EF} - System32\Tasks\{3CA7F2AF-5D51-4F7B-86D3-95C106C67251} => pcalua.exe -a D:\player\audio.exe -d D:\player
Task: {DE5CAF76-12BE-4E4F-ACDF-9307A16F3E37} - System32\Tasks\StardockTR => C:\Program Files (x86)\Stardock\StardockTR.exe [2013-06-24] ()
Task: {E56EEE5C-98D2-41B2-B97D-F359B9E14E8F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2014-04-28 09:23 - 2013-04-25 17:23 - 00042496 _____ () C:\Program Files (x86)\phonostar-Player\phonostarTimer.exe
2015-03-29 00:35 - 2015-03-29 00:35 - 00016384 _____ () C:\Users\Privat\AppData\Local\Apps\2.0\QJCG50TG.1QL\XZCRRC33.NN8\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b62a0ea0a2ec\Curse.CurseClient.WowDb.dll
2015-03-29 00:35 - 2015-03-29 00:35 - 00035840 _____ () C:\Users\Privat\AppData\Local\Apps\2.0\QJCG50TG.1QL\XZCRRC33.NN8\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b62a0ea0a2ec\Curse.Advertising.dll
2015-03-29 00:35 - 2015-03-29 00:35 - 00099840 _____ () C:\Users\Privat\AppData\Local\Apps\2.0\QJCG50TG.1QL\XZCRRC33.NN8\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b62a0ea0a2ec\Curse.CurseClient.CMOD2.dll
2015-03-20 01:33 - 2015-03-14 12:02 - 01530184 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\libglesv2.dll
2015-03-20 01:33 - 2015-03-14 12:02 - 00091976 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\libegl.dll
2015-03-20 01:33 - 2015-03-14 12:02 - 11266888 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\pdf.dll
2015-02-06 19:40 - 2015-02-06 19:40 - 01301696 _____ () C:\Program Files (x86)\VMware\VMware Player\libxml2.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-599707613-2096614801-711580207-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Privat\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: ASO3DiskOptimizer => 2
MSCONFIG\Services: atchksrv => 2
MSCONFIG\Services: Avira.OE.ServiceHost => 2
MSCONFIG\Services: GfExperienceService => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NvNetworkService => 2
MSCONFIG\Services: NvStreamSvc => 2
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: RzOvlMon => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Stereo Service => 2
MSCONFIG\Services: UMVPFSrv => 2
MSCONFIG\Services: UNS => 2

==================== Accounts: =============================

Administrator (S-1-5-21-599707613-2096614801-711580207-500 - Administrator - Disabled)
Gast (S-1-5-21-599707613-2096614801-711580207-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-599707613-2096614801-711580207-1002 - Limited - Enabled)
Privat (S-1-5-21-599707613-2096614801-711580207-1000 - Administrator - Enabled) => C:\Users\Privat

==================== Faulty Device Manager Devices =============

Name: Microsoft-Teredo-Tunneling-Adapter
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/29/2015 00:58:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/29/2015 00:22:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/29/2015 00:17:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/29/2015 00:27:34 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (03/29/2015 00:57:11 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Infrarotüberwachungsdienst" wurde mit folgendem Fehler beendet:
%%2

Error: (03/29/2015 00:55:09 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056

Error: (03/29/2015 00:54:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (03/29/2015 00:54:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (03/29/2015 00:54:39 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "MBAMService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (03/29/2015 00:54:39 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "VMware Authorization Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (03/29/2015 00:54:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "VMware USB Arbitration Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (03/29/2015 00:54:39 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "VMware DHCP Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (03/29/2015 00:54:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "VMware NAT Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 1000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (03/29/2015 00:54:39 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "MSCamSvc" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


Microsoft Office Sessions:
=========================
Error: (03/29/2015 00:58:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/29/2015 00:22:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/29/2015 00:17:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/29/2015 00:27:34 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info ===========================

Processor: AMD Athlon(tm) II X4 640 Processor
Percentage of memory in use: 27%
Total physical RAM: 8191.3 MB
Available physical RAM: 5898.85 MB
Total Pagefile: 16380.8 MB
Available Pagefile: 13705.05 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:191.21 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: EB83E9A5)
Partition 1: (Active) - (Size=465.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================
Habe eine Frage, bei jedem Windows start öffnet sich immer ein kleines Fenster mit folgender Fehlermeldung: cmmon32.exe. Das Laufwerk ist nicht bereit. Die verriegelung könnte geöffnet sein. Stellen sie sicher, dass ein Datenträger in Laufwerk A: eingelegt und die Laufwerkverriegelung gschlossen ist. Das Lustige ist, ich habe kein A: Laufwerk, demnach ein Disketten-Laufwerk. Diese gleiche Fehlermeldung taucht bei einigen anderen exe Dateien auf.

M-K-D-B 29.03.2015 12:30
Servus,


danke für den Upload.


Es scheint ein Problem beim Zugriff mit deinem Diskettenlaufwerk zu geben.
Dieses könntest du meines Wissens nach über das BIOS auch deaktivieren lassen.



Bitte lasse die Datei aus der Code-Box bei Virustotal überprüfen.
  • Klicke auf Wählen Sie eine
  • Kopiere nun folgendes in die Suchleiste
    Code:
    C:\Users\Privat\AppData\Local\Songshoot\songprogram.exe
  • und klicke auf Öffnen.
  • Klicke auf Scannen!.
  • Warte bitte bis die Datei vollständig hochgeladen wurde. Solltest Du folgende Meldung bekommen
    Zitat:
    Diese Datei wurde bereits von VirusTotal analysiert...
    klicke auf Neu analysieren.
  • Warte bis dir das Analysedatum angezeigt wird und der Scan abgeschlossen ist.
  • Kopiere den Link aus deiner Adresszeile und poste ihn hier.

Wildstyle 29.03.2015 12:37
Ich kenne mich leider mit Bios gar nicht aus und weiß auch nicht wie man in dieses rein kommt. Irgendwas muss mein PC bzw Windows verändert haben, so das diese Fehler ständig auftauchen bei jedem Windows neustart. Vor ca. einer Woche wurde mir sowas noch nicht angezeigt. :confused:

Zu VirusTotal, da steht das die Datei verwendet wird. Ich solle den Namen ändern.

M-K-D-B 29.03.2015 12:43
Servus,

evtl. gehen die Fehler auch so weg, wenn der Rechner sauber ist.

ok, wegen VirusTotal... das ist nicht mehr nötig, habe mir gerade die Dateien angesehen, die du mir bereits hochgeladen hast. Das ist neue Malware, die müssen wir noch löschen. :)




Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Code:
start
CloseProcesses:
HKU\S-1-5-21-599707613-2096614801-711580207-1000\...\Run: [song_fill] => C:\Users\Privat\AppData\Local\Songshoot\songprogram.exe [151552 2015-03-28] ()
HKU\S-1-5-21-599707613-2096614801-711580207-1000\...\RunOnce: [song_fill] => C:\Users\Privat\AppData\Local\Songshoot\songprogram.exe [151552 2015-03-28] ()
C:\Users\Privat\AppData\Local\Songshoot
CHR HomePage: Default -> hxxp://www.mystartsearch.com/?type=hp&ts=1425685414&from=ima&uid=ST3500412AS_5VV08871XXXX5VV08871
S3 h647906; C:\Windows\System32\drivers\h647906.sys [63856 2008-08-08] (Your Corporation)
C:\Windows\System32\drivers\h647906.sys
S3 h648101; C:\Windows\System32\drivers\h648101.sys [65776 2008-08-08] (Your Corporation)
C:\Windows\System32\drivers\h648101.sys
S3 h648103; C:\Windows\System32\drivers\h648103.sys [62960 2008-08-08] (Your Corporation)
C:\Windows\System32\drivers\h648103.sys
S3 hid7906; C:\Windows\SysWOW64\drivers\hid7906.sys [41272 2008-08-08] (Your Corporation)
C:\Windows\SysWOW64\drivers\hid7906.sys
S3 hid8101; C:\Windows\SysWOW64\drivers\hid8101.sys [43192 2008-08-08] (Your Corporation)
C:\Windows\SysWOW64\drivers\hid8101.sys
S3 hid8103; C:\Windows\SysWOW64\drivers\hid8103.sys [40856 2008-08-08] (Your Corporation)
C:\Windows\SysWOW64\drivers\hid8103.sys
EmptyTemp:
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.







Schritt 2
  • Deaktiviere dein Anti-Viren-Programm.
  • Gehe zum Ordner C:\FRST\Quarantine.
  • Rechtsklicke auf den Ordner Quarantine und wähle > Senden an > Zip-komprimierter Ordner.
  • Es wird eine zip-Datei mit dem Namen Quarantine.zip im Ordner FRST erstellt.
  • Lade die Quarantine.zip im Upload-Channel hoch.
  • Klicke dazu auf Durchsuchen, navigiere zu der zip-Datei ( C:\FRST\Quarantine.zip ) und klicke auf Öffnen.
  • Klicke abschließend auf Hochladen.
  • Vielen Dank für deine Hilfe.
  • Aktiviere dein Anti-Viren-Programm wieder.





Schritt 3
  • Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
  • FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.




Bitte poste mit deiner nächsten Antwort
  • die Logdatei des FRST-Fix,
  • eine Rückmeldung bezüglich des Uploads,
  • die beiden neuen Logdateien von FRST.

Wildstyle 29.03.2015 13:00
Hallo,

zunächst einmal muss ich dir mitteilen das nach dem jetzt zuletzt ausgeführtem Fixlog und neustart meines Rechners keine Fehler mehr bezüglich exe Dateien auftauchten.
Ich hoffe das bleibt so, macht mich gerade happy :applaus:

Hier die von dir geforderten logs:

Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by Privat at 2015-03-29 13:46:57 Run:2
Running from C:\Users\Privat\Desktop
Loaded Profiles: Privat (Available profiles: Privat)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CloseProcesses:
HKU\S-1-5-21-599707613-2096614801-711580207-1000\...\Run: [song_fill] => C:\Users\Privat\AppData\Local\Songshoot\songprogram.exe [151552 2015-03-28] ()
HKU\S-1-5-21-599707613-2096614801-711580207-1000\...\RunOnce: [song_fill] => C:\Users\Privat\AppData\Local\Songshoot\songprogram.exe [151552 2015-03-28] ()
C:\Users\Privat\AppData\Local\Songshoot
CHR HomePage: Default -> hxxp://www.mystartsearch.com/?type=hp&ts=1425685414&from=ima&uid=ST3500412AS_5VV08871XXXX5VV08871
S3 h647906; C:\Windows\System32\drivers\h647906.sys [63856 2008-08-08] (Your Corporation)
C:\Windows\System32\drivers\h647906.sys
S3 h648101; C:\Windows\System32\drivers\h648101.sys [65776 2008-08-08] (Your Corporation)
C:\Windows\System32\drivers\h648101.sys
S3 h648103; C:\Windows\System32\drivers\h648103.sys [62960 2008-08-08] (Your Corporation)
C:\Windows\System32\drivers\h648103.sys
S3 hid7906; C:\Windows\SysWOW64\drivers\hid7906.sys [41272 2008-08-08] (Your Corporation)
C:\Windows\SysWOW64\drivers\hid7906.sys
S3 hid8101; C:\Windows\SysWOW64\drivers\hid8101.sys [43192 2008-08-08] (Your Corporation)
C:\Windows\SysWOW64\drivers\hid8101.sys
S3 hid8103; C:\Windows\SysWOW64\drivers\hid8103.sys [40856 2008-08-08] (Your Corporation)
C:\Windows\SysWOW64\drivers\hid8103.sys
EmptyTemp:
end
*****************

Processes closed successfully.
HKU\S-1-5-21-599707613-2096614801-711580207-1000\Software\Microsoft\Windows\CurrentVersion\Run\\song_fill => value deleted successfully.
HKU\S-1-5-21-599707613-2096614801-711580207-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\song_fill => value deleted successfully.
C:\Users\Privat\AppData\Local\Songshoot => Moved successfully.
Chrome HomePage deleted successfully.
h647906 => Service deleted successfully.
C:\Windows\System32\drivers\h647906.sys => Moved successfully.
h648101 => Service deleted successfully.
C:\Windows\System32\drivers\h648101.sys => Moved successfully.
h648103 => Service deleted successfully.
C:\Windows\System32\drivers\h648103.sys => Moved successfully.
hid7906 => Service deleted successfully.
C:\Windows\SysWOW64\drivers\hid7906.sys => Moved successfully.
hid8101 => Service deleted successfully.
C:\Windows\SysWOW64\drivers\hid8101.sys => Moved successfully.
hid8103 => Service deleted successfully.
C:\Windows\SysWOW64\drivers\hid8103.sys => Moved successfully.
EmptyTemp: => Removed 15.5 MB temporary data.


The system needed a reboot.

==== End of Fixlog 13:47:03 ====

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Privat (administrator) on PRIVAT-PC on 29-03-2015 13:54:54
Running from C:\Users\Privat\Desktop
Loaded Profiles: Privat (Available profiles: Privat)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(The Within Network, LLC) C:\Windows\UnsignedThemesSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(WinZip Computing International, LLC) C:\Program Files\File Association Helper\FAHWindow.exe
(Intel Corporation) C:\Program Files (x86)\Intel\AMT\atchk.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\vVX1000.exe
() C:\Program Files (x86)\phonostar-Player\phonostarTimer.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Curse) C:\Users\Privat\AppData\Local\Apps\2.0\QJCG50TG.1QL\XZCRRC33.NN8\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b62a0ea0a2ec\CurseClient.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [FAHConsole] => C:\Program Files\File Association Helper\FAHConsole.exe [216248 2013-09-26] (WinZip Computing International, LLC)
HKLM\...\Run: [atchk] => C:\Program Files (x86)\Intel\AMT\atchk.exe [401408 2009-12-01] (Intel Corporation)
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)
HKLM\...\Run: [VX1000] => C:\Windows\vVX1000.exe [762736 2010-05-20] (Microsoft Corporation)
Winlogon\Notify\WB: C:\Program Files (x86)\Stardock\WindowBlinds\fast64.dll [X]
HKU\S-1-5-21-599707613-2096614801-711580207-1000\...\Run: [Dxtory Update Checker 2.0] => C:\Program Files (x86)\ExKode\Dxtory2.0\UpdateChecker.exe [93696 2010-10-17] (Dxtory Software)
HKU\S-1-5-21-599707613-2096614801-711580207-1000\...\Run: [phonostar-PlayerTimer] => C:\Program Files (x86)\phonostar-Player\phonostarTimer.exe [42496 2013-04-25] ()
HKU\S-1-5-21-599707613-2096614801-711580207-1000\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1562264 2014-07-25] (Samsung)
HKU\S-1-5-21-599707613-2096614801-711580207-1000\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3890768 2015-03-19] (Tonec Inc.)
HKU\S-1-5-21-599707613-2096614801-711580207-1000\...\Run: [tssop] => C:\ProgramData\Blizzard Entertainment\Battle.net\Cache\1e\6f\design_for_testability\valve.exe [209920 2012-03-02] (BackupFly Software)
Startup: C:\Users\Privat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll (Tonec Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-599707613-2096614801-711580207-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-02-21] (Internet Download Manager, Tonec Inc.)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2015-02-21] (Internet Download Manager, Tonec Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Privat\AppData\Roaming\Mozilla\Firefox\Profiles\0mzbzn3k.default-1425799298169
FF Homepage: hxxp://www.google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-05] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2013-11-12] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin HKU\S-1-5-21-599707613-2096614801-711580207-1000: @phonostar.de/phonostar-Player -> C:\Program Files (x86)\phonostar-Player\npphonostarDetectNP.dll [2013-08-06] ( )
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900}.xpi [2015-02-26]
FF Extension: UITBAutoInstaller - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\{edd7fc99-d65c-4979-85c2-ddeed30c50c7} [2015-03-02]
FF HKU\S-1-5-21-599707613-2096614801-711580207-1000\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-02-20]
FF HKU\S-1-5-21-599707613-2096614801-711580207-1000\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Privat\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Privat\AppData\Roaming\IDM\idmmzcc5 [2015-03-22]
FF HKU\S-1-5-21-599707613-2096614801-711580207-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Privat\AppData\Roaming\IDM\idmmzcc5
FF Extension: No Name - C:\Users\Privat\AppData\Roaming\Mozilla\Firefox\Profiles\0mzbzn3k.default-1425799298169\extensions\toolbar@web.de [Not Found]
FF Extension: No Name - C:\Users\Privat\AppData\Roaming\Mozilla\Firefox\Profiles\0mzbzn3k.default-1425799298169\extensions\istart_ffnt@gmail.com [Not Found]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.mystartsearch.com/?type=hp&ts=1425685414&from=ima&uid=ST3500412AS_5VV08871XXXX5VV08871
CHR StartupUrls: Default -> "hxxp://www.google.de/", "hxxp://www.google.com/"
CHR Profile: C:\Users\Privat\AppData\Local\Google\Chrome\User Data\default
CHR Extension: (YouTube) - C:\Users\Privat\AppData\Local\Google\Chrome\User Data\default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-09]
CHR Extension: (Adblock Plus) - C:\Users\Privat\AppData\Local\Google\Chrome\User Data\default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-03-09]
CHR Extension: (Spotify - Music for every moment) - C:\Users\Privat\AppData\Local\Google\Chrome\User Data\default\Extensions\cnkjkdjlofllcpbemipjbcpfnglbgieh [2015-03-09]
CHR Extension: (Cog - System Info Viewer) - C:\Users\Privat\AppData\Local\Google\Chrome\User Data\default\Extensions\difcjdggkffcfgcfconafogflmmaadco [2015-03-09]
CHR Extension: (Awesome Reload All Tabs Button) - C:\Users\Privat\AppData\Local\Google\Chrome\User Data\default\Extensions\kamfkajbgmjkfmfgcikbmbmpjfokfijk [2015-03-20]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Privat\AppData\Local\Google\Chrome\User Data\default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-09]
CHR Extension: (IDM Integration Module) - C:\Users\Privat\AppData\Local\Google\Chrome\User Data\default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2015-03-09]
CHR Extension: (Google Wallet) - C:\Users\Privat\AppData\Local\Google\Chrome\User Data\default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-16]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-03-19]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-03-19]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 atchksrv; C:\Program Files (x86)\Intel\AMT\atchksrv.exe [176128 2009-12-01] (Intel Corporation) [File not signed]
S4 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-13] (NVIDIA Corporation)
S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 Irmon; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S2 Irmon; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S4 LMS; C:\Program Files (x86)\Intel\AMT\LMS.exe [102400 2009-12-01] (Intel) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
S4 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation)
S4 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-13] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910640 2015-03-04] (Electronic Arts)
S4 RzOvlMon; C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe [32960 2014-04-18] (Razer, Inc.)
S4 UNS; C:\Program Files (x86)\Intel\AMT\UNS.exe [2519040 2009-12-01] (Intel) [File not signed]
R2 UnsignedThemes; C:\Windows\UnsignedThemesSvc.exe [24168 2009-07-13] (The Within Network, LLC)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [36096 2013-05-21] (Advanced Micro Devices, Inc.)
R3 irsir; C:\Windows\System32\DRIVERS\irsir.sys [27648 2008-01-19] (Microsoft Corporation)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [49304 2014-12-15] (Visicom Media Inc.)
R2 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [107736 2015-03-17] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-03-29] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35992 2014-12-15] (Visicom Media Inc.)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R3 RzDxgk; C:\Windows\system32\drivers\RzDxgk.sys [129472 2014-04-18] (Razer, Inc.)
R1 RzFilter; C:\Windows\system32\drivers\RzFilter.sys [74432 2014-04-18] (Razer, Inc.)
S3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [34544 2013-09-04] (Synaptics Incorporated)
R2 uxpatch; C:\Windows\system32\drivers\uxpatch.sys [30568 2009-07-13] ()
R0 vsock; C:\Windows\System32\drivers\vsock.sys [76480 2015-01-07] (VMware, Inc.)
S3 Asushwio; \??\D:\Bin\64bit\Asushwio.sys [X]
S3 catchme; \??\C:\ComboFix_2\catchme.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-29 13:54 - 2015-03-29 13:55 - 00016112 _____ () C:\Users\Privat\Desktop\FRST.txt
2015-03-29 12:58 - 2015-03-29 12:58 - 00060424 _____ () C:\Users\Privat\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-29 05:04 - 2015-03-29 05:04 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\Milestone
2015-03-29 00:40 - 2015-03-29 13:46 - 00000000 ____D () C:\Program Files\Log-Programme
2015-03-29 00:15 - 2015-03-29 00:15 - 02095616 _____ (Farbar) C:\Users\Privat\Desktop\FRST64.exe
2015-03-28 23:33 - 2015-03-29 13:53 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-28 23:33 - 2015-03-28 23:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-28 23:33 - 2015-03-28 23:33 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-28 23:33 - 2015-03-17 07:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-28 23:33 - 2015-03-17 07:15 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-28 23:33 - 2015-03-17 07:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-28 18:16 - 2015-03-28 18:16 - 00034985 _____ () C:\ComboFix.txt
2015-03-28 14:05 - 2015-03-29 13:54 - 00000000 ____D () C:\FRST
2015-03-27 16:45 - 2015-03-27 16:45 - 00000000 ____D () C:\Program Files\W10-Beta
2015-03-27 13:31 - 2015-03-28 01:10 - 00001307 _____ () C:\Users\Privat\AppData\Roaming\Microsoft\Windows\Start Menu\Immersive Explorer.lnk
2015-03-27 13:31 - 2015-03-28 01:10 - 00000000 ____D () C:\Users\Privat\AppData\Local\immersive-explorer.com
2015-03-27 13:16 - 2015-03-29 12:19 - 00000000 ____D () C:\Program Files (x86)\MetroSidebar
2015-03-27 13:16 - 2015-03-27 13:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MetroSidebar
2015-03-27 13:05 - 2015-03-27 13:29 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\MetroSidebar
2015-03-27 13:05 - 2015-03-27 13:05 - 00003096 _____ () C:\Windows\System32\Tasks\ReviverSoft Start Menu Run once task
2015-03-27 13:05 - 2015-03-27 13:05 - 00000000 ____D () C:\ProgramData\StartMenuReviver.exe
2015-03-27 13:05 - 2015-03-27 13:05 - 00000000 ____D () C:\ProgramData\ReviverSoft
2015-03-27 13:04 - 2015-03-29 12:24 - 00000000 ____D () C:\W7P_Backups
2015-03-27 13:02 - 2015-03-29 12:24 - 00000000 ____D () C:\SkinPack
2015-03-27 12:54 - 2015-03-27 13:01 - 00000000 ____D () C:\Users\Privat\AppData\Local\VMware
2015-03-27 12:54 - 2015-03-27 12:54 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\VMware
2015-03-27 12:52 - 2015-02-06 19:40 - 00066752 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmx86.sys
2015-03-27 12:52 - 2015-02-06 19:39 - 00033472 _____ (VMware, Inc.) C:\Windows\system32\Drivers\VMkbd.sys
2015-03-27 12:52 - 2015-01-07 16:55 - 00076480 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vsock.sys
2015-03-27 12:52 - 2015-01-07 16:55 - 00068288 _____ (VMware, Inc.) C:\Windows\system32\vsocklib.dll
2015-03-27 12:52 - 2015-01-07 16:55 - 00064192 _____ (VMware, Inc.) C:\Windows\SysWOW64\vsocklib.dll
2015-03-27 12:51 - 2015-02-06 19:40 - 00438464 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
2015-03-27 12:51 - 2015-02-06 19:40 - 00359104 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
2015-03-27 12:51 - 2015-02-06 19:40 - 00026816 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmnetuserif.sys
2015-03-27 12:51 - 2015-02-06 19:39 - 00931008 _____ (VMware, Inc.) C:\Windows\system32\vnetlib64.dll
2015-03-27 12:51 - 2015-01-07 09:02 - 00055488 _____ (VMware, Inc.) C:\Windows\system32\Drivers\hcmon.sys
2015-03-27 12:50 - 2015-03-29 13:48 - 00000000 ____D () C:\ProgramData\VMware
2015-03-27 12:50 - 2015-03-27 12:50 - 00000000 ____D () C:\Program Files\Common Files\VMware
2015-03-27 12:50 - 2015-03-27 12:50 - 00000000 ____D () C:\Program Files (x86)\VMware
2015-03-26 15:58 - 2015-03-29 12:56 - 00023862 _____ () C:\Windows\PFRO.log
2015-03-26 12:02 - 2015-03-26 12:02 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\Alien Isolation
2015-03-26 12:01 - 2015-03-29 04:57 - 00018837 _____ () C:\Windows\DirectX.log
2015-03-26 00:12 - 2015-03-27 11:22 - 00000000 ___HD () C:\Users\Privat\AppData\Roaming\Song-open
2015-03-25 12:17 - 2015-03-11 06:06 - 00943616 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-03-25 12:17 - 2015-03-11 06:06 - 00760832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-03-25 12:17 - 2015-03-11 06:06 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-03-25 12:17 - 2015-03-11 06:06 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-03-25 12:17 - 2015-03-11 06:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-03-25 12:17 - 2015-03-11 06:05 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-03-25 12:17 - 2015-03-11 06:05 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-03-25 12:17 - 2015-03-11 06:02 - 01107456 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-03-24 21:04 - 2015-03-29 13:47 - 00001920 _____ () C:\Windows\setupact.log
2015-03-24 21:04 - 2015-03-24 21:04 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-23 00:14 - 2015-03-23 07:02 - 00000000 ____D () C:\Users\Privat\AppData\Local\Darksiders2
2015-03-23 00:14 - 2015-03-23 00:14 - 00000000 ____D () C:\Users\Privat\AppData\Local\SKIDROW
2015-03-19 05:08 - 2015-03-19 04:27 - 00191960 _____ (Tonec Inc.) C:\Windows\system32\Drivers\idmwfp.sys
2015-03-18 16:43 - 2015-03-18 16:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SimBin
2015-03-14 20:57 - 2015-03-14 20:58 - 00002566 _____ () C:\Users\Privat\Documents\Verschlüsselt.pfx
2015-03-14 14:35 - 2015-03-14 14:35 - 00000000 ____D () C:\Users\Privat\Documents\CAPCOM
2015-03-14 14:20 - 2015-03-14 14:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows - LIVE
2015-03-14 14:19 - 2015-03-14 14:20 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2015-03-14 14:19 - 2015-03-14 14:19 - 00000000 ____D () C:\Windows\SysWOW64\xlive
2015-03-13 11:15 - 2015-03-13 11:21 - 00000000 ____D () C:\Verschlüsselt
2015-03-11 19:54 - 2015-03-11 19:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIMP3
2015-03-11 15:37 - 2015-02-20 06:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-11 15:37 - 2015-02-20 06:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-11 15:37 - 2015-02-20 06:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-11 15:37 - 2015-02-20 06:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-11 15:37 - 2015-02-20 06:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-11 15:37 - 2015-02-20 06:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-11 15:37 - 2015-02-20 06:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-11 15:37 - 2015-02-20 06:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-11 15:37 - 2015-02-20 05:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-11 15:37 - 2015-02-20 05:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-11 15:37 - 2015-02-03 05:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-11 15:37 - 2015-02-03 05:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-03-11 15:37 - 2015-02-03 05:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-11 15:37 - 2015-02-03 05:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-03-11 15:37 - 2015-02-03 05:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-11 15:37 - 2015-02-03 05:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-11 15:37 - 2015-02-03 05:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-11 15:37 - 2015-02-03 05:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-11 15:37 - 2015-02-03 05:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-11 15:37 - 2015-02-03 05:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-11 15:37 - 2015-02-03 05:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-11 15:37 - 2015-02-03 05:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-11 15:37 - 2015-02-03 05:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-11 15:37 - 2015-02-03 05:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-11 15:37 - 2015-02-03 05:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-11 15:37 - 2015-02-03 05:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-11 15:37 - 2015-02-03 05:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-11 15:37 - 2015-02-03 05:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-11 15:37 - 2015-02-03 05:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-11 15:37 - 2015-02-03 05:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-11 15:37 - 2015-02-03 05:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-11 15:37 - 2015-02-03 05:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-11 15:37 - 2015-02-03 05:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-11 15:37 - 2015-02-03 05:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-11 15:37 - 2015-02-03 05:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-11 15:37 - 2015-02-03 05:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-11 15:37 - 2015-02-03 05:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-11 15:37 - 2015-02-03 05:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-11 15:37 - 2015-02-03 05:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-11 15:37 - 2015-02-03 05:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-11 15:37 - 2015-02-03 05:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-11 15:37 - 2015-02-03 05:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-11 15:37 - 2015-02-03 05:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-11 15:37 - 2015-02-03 05:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-11 15:37 - 2015-02-03 05:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-11 15:37 - 2015-02-03 05:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-11 15:37 - 2015-02-03 05:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-11 15:37 - 2015-02-03 05:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-11 15:37 - 2015-02-03 05:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-11 15:37 - 2015-02-03 05:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-11 15:37 - 2015-02-03 05:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-11 15:37 - 2015-02-03 05:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-11 15:37 - 2015-02-03 05:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-11 15:37 - 2015-02-03 05:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-11 15:37 - 2015-02-03 05:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-11 15:37 - 2015-02-03 05:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-11 15:37 - 2015-02-03 05:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-11 15:37 - 2015-02-03 05:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-11 15:37 - 2015-02-03 05:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-11 15:37 - 2015-02-03 05:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-11 15:37 - 2015-02-03 05:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-11 15:37 - 2015-02-03 05:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-11 15:37 - 2015-02-03 05:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-11 15:37 - 2015-02-03 05:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-11 15:37 - 2015-02-03 05:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-11 15:37 - 2015-02-03 05:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-11 15:37 - 2015-02-03 05:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-03-11 15:37 - 2015-02-03 05:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-03-11 15:37 - 2015-02-03 05:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-03-11 15:37 - 2015-02-03 05:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-03-11 15:37 - 2015-02-03 05:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-03-11 15:37 - 2015-02-03 05:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-03-11 15:37 - 2015-02-03 05:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-03-11 15:37 - 2015-02-03 05:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-03-11 15:37 - 2015-02-03 05:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-03-11 15:37 - 2015-02-03 05:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-03-11 15:37 - 2015-02-03 05:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-03-11 15:37 - 2015-02-03 05:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-03-11 15:37 - 2015-02-03 05:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-03-11 15:37 - 2015-02-03 05:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-03-11 15:37 - 2015-02-03 05:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-03-11 15:37 - 2015-02-03 05:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-03-11 15:37 - 2015-02-03 05:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-03-11 15:37 - 2015-02-03 05:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-03-11 15:37 - 2015-02-03 05:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-03-11 15:37 - 2015-02-03 05:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-03-11 15:37 - 2015-02-03 05:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-03-11 15:37 - 2015-02-03 05:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-03-11 15:37 - 2015-02-03 05:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-03-11 15:37 - 2015-02-03 05:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-03-11 15:37 - 2015-02-03 05:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-03-11 15:37 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-03-11 15:37 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-03-11 15:37 - 2015-02-03 05:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-03-11 15:37 - 2015-02-03 05:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-03-11 15:37 - 2015-02-03 05:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-03-11 15:37 - 2015-02-03 05:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-03-11 15:37 - 2015-02-03 05:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-03-11 15:37 - 2015-02-03 04:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-11 15:37 - 2014-11-01 00:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-11 15:37 - 2014-06-28 02:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-03-11 15:37 - 2014-06-28 02:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-03-11 15:36 - 2015-03-06 07:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-11 15:36 - 2015-03-06 07:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-11 15:36 - 2015-03-06 07:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-11 15:36 - 2015-03-06 07:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-11 15:36 - 2015-03-06 07:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-11 15:36 - 2015-03-06 07:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-11 15:36 - 2015-03-06 07:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-11 15:36 - 2015-03-06 07:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-11 15:36 - 2015-03-06 07:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-11 15:36 - 2015-03-06 07:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-11 15:36 - 2015-03-06 07:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-11 15:36 - 2015-03-06 07:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-11 15:36 - 2015-03-06 07:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-11 15:36 - 2015-03-06 07:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-11 15:36 - 2015-03-06 07:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-11 15:36 - 2015-03-06 07:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-11 15:36 - 2015-03-06 07:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-11 15:36 - 2015-03-06 07:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-11 15:36 - 2015-03-06 07:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-03-11 15:36 - 2015-03-06 07:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-03-11 15:36 - 2015-03-06 07:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-11 15:36 - 2015-03-06 07:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-03-11 15:36 - 2015-03-06 07:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-03-11 15:36 - 2015-03-06 07:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-03-11 15:36 - 2015-03-06 07:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-11 15:36 - 2015-03-06 07:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-03-11 15:36 - 2015-03-06 07:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-11 15:36 - 2015-03-06 07:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-03-11 15:36 - 2015-03-06 07:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-03-11 15:36 - 2015-03-06 07:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-03-11 15:36 - 2015-03-06 07:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-11 15:36 - 2015-02-26 05:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-11 15:36 - 2015-02-24 05:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-11 15:36 - 2015-02-24 04:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-03-11 15:36 - 2015-02-21 03:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-11 15:36 - 2015-02-21 02:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-11 15:36 - 2015-02-21 02:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-11 15:36 - 2015-02-21 02:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-11 15:36 - 2015-02-21 02:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-11 15:36 - 2015-02-21 01:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-11 15:36 - 2015-02-21 01:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-11 15:36 - 2015-02-20 05:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-11 15:36 - 2015-02-20 05:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-11 15:36 - 2015-02-20 04:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-11 15:36 - 2015-02-20 04:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-11 15:36 - 2015-02-20 04:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-11 15:36 - 2015-02-20 04:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-11 15:36 - 2015-02-20 04:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-11 15:36 - 2015-02-20 04:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-11 15:36 - 2015-02-20 04:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-11 15:36 - 2015-02-20 04:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-11 15:36 - 2015-02-20 04:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-11 15:36 - 2015-02-20 04:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-11 15:36 - 2015-02-20 04:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-11 15:36 - 2015-02-20 04:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-11 15:36 - 2015-02-20 04:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-11 15:36 - 2015-02-20 04:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-11 15:36 - 2015-02-20 04:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-11 15:36 - 2015-02-20 04:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-11 15:36 - 2015-02-20 04:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-11 15:36 - 2015-02-20 04:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-11 15:36 - 2015-02-20 04:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-03-11 15:36 - 2015-02-20 04:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-03-11 15:36 - 2015-02-20 04:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-11 15:36 - 2015-02-20 04:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-11 15:36 - 2015-02-20 04:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-11 15:36 - 2015-02-20 04:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-11 15:36 - 2015-02-20 04:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-03-11 15:36 - 2015-02-20 03:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-03-11 15:36 - 2015-02-20 03:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-03-11 15:36 - 2015-02-20 03:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-03-11 15:36 - 2015-02-20 03:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-11 15:36 - 2015-02-20 03:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-11 15:36 - 2015-02-20 03:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-11 15:36 - 2015-02-20 03:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-11 15:36 - 2015-02-20 03:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-11 15:36 - 2015-02-20 03:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-11 15:36 - 2015-02-20 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-03-11 15:36 - 2015-02-20 03:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-11 15:36 - 2015-02-20 03:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-11 15:36 - 2015-02-20 03:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-11 15:36 - 2015-02-20 03:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-11 15:36 - 2015-02-20 03:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-03-11 15:36 - 2015-02-20 03:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-11 15:36 - 2015-02-20 03:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-11 15:36 - 2015-02-20 03:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-11 15:36 - 2015-02-20 02:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-11 15:36 - 2015-02-20 02:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-11 15:36 - 2015-02-13 07:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-11 15:36 - 2015-02-13 07:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-11 15:36 - 2015-02-04 05:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-11 15:36 - 2015-02-04 04:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-11 15:36 - 2015-02-03 05:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-11 15:36 - 2015-02-03 05:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-11 15:36 - 2015-02-03 05:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-11 15:36 - 2015-02-03 05:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-11 15:36 - 2015-01-31 05:48 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-03-11 15:36 - 2015-01-31 05:48 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-03-11 15:36 - 2015-01-31 01:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-11 15:36 - 2015-01-31 01:56 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-03-11 15:36 - 2015-01-17 04:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-11 15:36 - 2015-01-17 04:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-10 19:06 - 2015-03-11 06:05 - 00000000 ____D () C:\ProgramData\Codemasters
2015-03-09 13:49 - 2015-03-09 13:49 - 00000000 ____D () C:\Users\Privat\Documents\FIFA 11
2015-03-09 06:40 - 2015-03-09 06:40 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-03-08 23:57 - 2015-03-08 23:57 - 00000000 ____D () C:\Users\Privat\AppData\Local\BANDAI NAMCO Games
2015-03-08 07:36 - 2015-03-08 07:36 - 00003202 _____ () C:\Windows\System32\Tasks\StardockTR
2015-03-08 07:12 - 2015-03-08 07:12 - 00000000 _____ () C:\ProgramData\rebootpending.txt
2015-03-08 06:50 - 2014-08-02 14:37 - 00000000 ____D () C:\Program Files\WindowBlinds
2015-03-08 06:45 - 2015-03-08 06:45 - 00000000 ____D () C:\Windows\SysWOW64\AMD64
2015-03-08 06:44 - 2015-03-12 18:27 - 00000000 ____D () C:\Program Files (x86)\Sinhala Meaning
2015-03-08 06:42 - 2015-03-08 07:14 - 00000000 ____D () C:\ProgramData\{9a05f486-54c6-b219-9a05-5f48654cd219}
2015-03-08 05:36 - 2015-03-08 07:32 - 00000000 ____D () C:\ProgramData\Stardock
2015-03-08 05:14 - 2015-03-08 05:14 - 00000000 ___HD () C:\ProgramData\{CEC42AA7-80BC-42B4-B5F3-8E754D04A118}
2015-03-08 05:07 - 2015-03-27 13:26 - 00000000 ____D () C:\Program Files (x86)\Stardock
2015-03-08 05:07 - 2015-03-27 13:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stardock
2015-03-08 05:07 - 2015-03-08 06:36 - 00000000 ____D () C:\Users\Privat\AppData\Local\Stardock
2015-03-08 05:07 - 2015-03-08 06:35 - 00000000 ____D () C:\Users\Public\Documents\Stardock
2015-03-08 05:06 - 2015-03-08 05:06 - 00000000 ____D () C:\Users\Privat\Downloads\Stardock
2015-03-08 03:33 - 2007-09-21 10:57 - 00081920 _____ () C:\Windows\SysWOW64\dancemat.exe
2015-03-08 03:24 - 2015-03-08 03:24 - 00003170 _____ () C:\Windows\System32\Tasks\{E52F1503-D79A-4591-981D-7BD3AEAEDBD8}
2015-03-07 22:35 - 2015-03-07 23:26 - 00000000 ____D () C:\Program Files\X360ce
2015-03-07 16:44 - 2015-03-07 16:44 - 00003106 _____ () C:\Windows\System32\Tasks\{5A6297E5-8A05-41E3-9AC7-B324F3968FF8}
2015-03-07 01:43 - 2015-03-07 18:20 - 00000000 ____D () C:\ProgramData\{adb05eb9-8e80-1ef7-adb0-05eb98e87ae6}
2015-03-07 01:43 - 2015-03-07 17:56 - 00000000 ____D () C:\Users\Privat\AppData\Local\winengine
2015-03-07 01:16 - 2015-03-07 01:16 - 00000000 ____D () C:\ProgramData\KONAMI
2015-03-06 11:46 - 2015-03-06 11:46 - 00000000 ____D () C:\Users\Privat\AppData\Local\My Games
2015-03-06 11:36 - 2015-03-10 15:15 - 00000000 ____D () C:\ProgramData\Orbit
2015-03-06 11:36 - 2015-03-06 22:18 - 00281688 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2015-03-06 11:26 - 2015-03-06 11:36 - 00281688 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2015-03-06 02:15 - 2015-03-06 02:15 - 00000000 ____D () C:\Users\Privat\AppData\Local\Crytek
2015-03-05 15:56 - 2008-08-08 16:33 - 00008316 _____ () C:\Windows\SysWOW64\Drivers\hid8103.cat
2015-03-05 15:56 - 2008-08-08 16:33 - 00008316 _____ () C:\Windows\SysWOW64\Drivers\hid8101.cat
2015-03-05 15:56 - 2008-08-08 16:33 - 00008316 _____ () C:\Windows\SysWOW64\Drivers\hid7906.cat
2015-03-05 15:56 - 2007-11-12 16:28 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\USBGAMEPAD.cpl
2015-03-05 15:55 - 2015-03-08 03:33 - 00000000 ____D () C:\Windows\USB Vibration
2015-03-05 15:54 - 2015-03-05 15:56 - 00000000 ____D () C:\Program Files (x86)\USB Vibration
2015-03-05 13:08 - 2015-03-05 13:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crysis 3
2015-03-05 12:03 - 2015-03-05 17:06 - 00000000 ____D () C:\Users\Privat\Documents\FIFA 15
2015-03-04 17:42 - 2015-03-04 18:05 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\Origin
2015-03-04 17:42 - 2015-03-04 18:05 - 00000000 ____D () C:\Users\Privat\AppData\Local\Origin
2015-03-04 17:41 - 2015-03-04 17:42 - 00000000 ____D () C:\Program Files (x86)\Origin
2015-03-04 17:12 - 2015-03-04 17:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FIFA 15
2015-03-04 11:50 - 2015-03-04 11:50 - 00000000 ____D () C:\Windows\SysWOW64\䙔䵁
2015-03-04 06:05 - 2015-03-04 06:05 - 00000000 ____D () C:\ProgramData\EA Core
2015-03-02 03:23 - 2015-03-02 03:23 - 01700352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdiplus.dll
2015-03-02 03:23 - 2015-03-02 03:23 - 01060864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc71.dll
2015-03-02 03:06 - 2015-03-02 03:06 - 00000000 ____D () C:\Program Files (x86)\WEB.DE MailCheck
2015-03-02 01:58 - 2015-03-02 01:58 - 00000000 ____D () C:\Users\Privat\AppData\Local\storage
2015-03-02 01:57 - 2015-03-21 17:41 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\Ubisoft
2015-03-02 01:57 - 2015-03-06 11:36 - 00000000 ____D () C:\Users\Privat\AppData\Local\PunkBuster
2015-03-01 19:16 - 2015-03-22 21:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Catalyst
2015-03-01 18:34 - 2015-03-01 18:34 - 00000000 ____D () C:\Users\Privat\Documents\Rockstar Games
2015-03-01 18:32 - 2015-03-01 18:32 - 00000000 __SHD () C:\ProgramData\SecuROM
2015-03-01 18:32 - 2015-03-01 18:32 - 00000000 ____D () C:\Users\Privat\AppData\Local\Rockstar Games
2015-03-01 17:56 - 2015-03-01 17:56 - 00000000 __RHD () C:\Users\Privat\AppData\Roaming\SecuROM
2015-03-01 06:35 - 2015-03-15 15:21 - 00000000 ____D () C:\Users\Privat\AppData\Local\CAPCOM
2015-03-01 06:35 - 2015-03-01 06:35 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\Steam
2015-03-01 03:56 - 2015-03-01 03:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraISO
2015-03-01 03:56 - 2015-03-01 03:56 - 00000000 ____D () C:\Program Files (x86)\UltraISO
2015-03-01 03:42 - 2015-03-29 13:07 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\IDM
2015-03-01 03:42 - 2015-03-29 12:20 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\DMCache
2015-03-01 03:42 - 2015-03-27 13:05 - 00000000 ____D () C:\Users\Privat\Downloads\Compressed
2015-03-01 03:42 - 2015-03-23 16:17 - 00000000 ____D () C:\Program Files (x86)\Internet Download Manager
2015-03-01 03:42 - 2015-03-13 11:35 - 00000000 ____D () C:\Users\Privat\Downloads\Video
2015-03-01 03:42 - 2015-03-01 03:42 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2015-03-01 03:42 - 2015-03-01 03:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2015-03-01 03:42 - 2015-03-01 03:42 - 00000000 ____D () C:\ProgramData\IDM

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-29 13:53 - 2011-04-12 09:43 - 00702138 _____ () C:\Windows\system32\perfh007.dat
2015-03-29 13:53 - 2011-04-12 09:43 - 00150804 _____ () C:\Windows\system32\perfc007.dat
2015-03-29 13:53 - 2009-07-14 07:13 - 01628890 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-29 13:51 - 2013-11-22 22:32 - 02084191 _____ () C:\Windows\WindowsUpdate.log
2015-03-29 13:48 - 2014-02-16 09:33 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-29 13:48 - 2013-11-23 21:11 - 00000000 ____D () C:\Users\Privat\AppData\Local\Deployment
2015-03-29 13:47 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-29 13:30 - 2014-02-16 09:33 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-29 13:16 - 2013-11-22 23:29 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-29 13:04 - 2009-07-14 06:45 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-29 13:04 - 2009-07-14 06:45 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-29 12:57 - 2009-07-14 06:45 - 00268872 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-29 12:24 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Cursors
2015-03-29 05:00 - 2014-08-04 12:18 - 00000000 ____D () C:\ProgramData\Package Cache
2015-03-29 04:30 - 2013-11-23 17:05 - 00000000 ____D () C:\Games
2015-03-29 02:03 - 2013-11-23 03:18 - 00000000 ____D () C:\Users\Privat\AppData\Local\Battle.net
2015-03-29 00:42 - 2013-11-23 03:18 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2015-03-29 00:05 - 2009-07-14 04:34 - 00000473 _____ () C:\Windows\win.ini
2015-03-28 23:28 - 2014-08-06 04:12 - 00000000 ____D () C:\AdwCleaner
2015-03-28 18:30 - 2013-11-23 21:11 - 00000000 ____D () C:\Users\Privat\AppData\Local\Apps\2.0
2015-03-28 18:18 - 2014-08-06 03:15 - 00000000 ____D () C:\Qoobox
2015-03-28 17:47 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2015-03-28 15:03 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Globalization
2015-03-27 16:21 - 2013-11-29 09:21 - 00001160 _____ () C:\Users\Privat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-03-27 16:21 - 2013-11-22 23:00 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-03-27 16:21 - 2013-11-22 22:38 - 00001421 _____ () C:\Users\Privat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-03-27 14:14 - 2013-11-23 15:29 - 00000000 ____D () C:\Users\Privat\Documents\My Games
2015-03-27 13:27 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-27 13:04 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\oobe
2015-03-27 12:50 - 2013-11-23 01:22 - 01648846 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-03-27 11:22 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\Performance
2015-03-26 01:05 - 2013-11-22 22:37 - 00000000 ____D () C:\Users\Privat\AppData\Local\VirtualStore
2015-03-26 00:04 - 2013-11-24 20:16 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\TS3Client
2015-03-25 19:34 - 2014-12-11 04:53 - 00000000 ____D () C:\Windows\system32\appraiser
2015-03-25 19:34 - 2014-04-30 02:20 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-03-25 12:34 - 2013-11-23 02:12 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft
2015-03-24 17:16 - 2013-11-22 22:37 - 00000000 ____D () C:\Users\Privat
2015-03-24 17:15 - 2013-11-23 01:07 - 00001656 _____ () C:\Windows\system32\ASOROSet.bin
2015-03-24 17:15 - 2009-07-14 04:34 - 71565312 _____ () C:\Windows\system32\config\software.bak
2015-03-24 17:15 - 2009-07-14 04:34 - 25690112 _____ () C:\Windows\system32\config\system.bak
2015-03-24 17:15 - 2009-07-14 04:34 - 00024576 _____ () C:\Windows\system32\config\security.bak
2015-03-24 17:11 - 2009-07-14 04:34 - 00061440 _____ () C:\Windows\system32\config\sam.bak
2015-03-22 02:30 - 2014-05-08 15:01 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\NVIDIA
2015-03-21 17:43 - 2013-11-22 23:16 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-03-21 17:41 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-03-19 20:16 - 2014-03-12 12:58 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2015-03-16 11:35 - 2014-07-04 19:29 - 00000000 ____D () C:\ProgramData\Origin
2015-03-12 22:59 - 2014-08-03 19:55 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\Skype
2015-03-12 18:02 - 2013-11-23 23:31 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\AIMP3
2015-03-12 07:57 - 2009-07-14 07:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-03-12 07:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-12 07:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-12 00:53 - 2013-11-23 14:54 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-12 00:48 - 2013-11-23 14:54 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-11 19:54 - 2013-11-23 23:31 - 00000000 ____D () C:\Program Files (x86)\AIMP3
2015-03-11 16:57 - 2015-02-26 03:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-11 16:57 - 2013-11-23 15:38 - 00000000 ____D () C:\Windows\SysWOW64\directx
2015-03-09 01:37 - 2013-11-23 03:36 - 00000000 ____D () C:\Users\Privat\AppData\Roaming\vlc
2015-03-06 19:52 - 2013-11-22 23:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-06 03:27 - 2013-11-23 15:29 - 00000000 ____D () C:\ProgramData\Steam
2015-03-05 22:01 - 2014-08-03 22:50 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-03-05 22:01 - 2014-08-03 19:54 - 00000000 ____D () C:\ProgramData\Skype
2015-03-03 16:23 - 2014-05-31 20:48 - 00000000 ____D () C:\ProgramData\Electronic Arts
2015-03-03 15:12 - 2014-04-10 04:10 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-03-03 12:49 - 2013-12-07 10:53 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft Public Test
2015-03-01 19:49 - 2014-06-06 19:37 - 00000000 ____D () C:\Program Files (x86)\Razer
2015-03-01 19:12 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF

==================== Files in the root of some directories =======

2013-11-22 23:12 - 2013-11-22 23:12 - 0003584 _____ () C:\Users\Privat\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-11-23 00:52 - 2013-11-23 00:52 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-03-08 07:12 - 2015-03-08 07:12 - 0000000 _____ () C:\ProgramData\rebootpending.txt

Files to move or delete:
====================
C:\ProgramData\StartMenuReviver.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-25 18:33

==================== End Of Log ============================
--- --- ---


Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Privat at 2015-03-29 13:55:51
Running from C:\Users\Privat\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

"Crysis 3" (HKLM-x32\...\{6D1DFD35-9671-4DCC-B7E6-FCF6AD3FEB78}_is1) (Version: 1.3.0.0 - )
«Darksiders II»  1.5.up6 (HKLM-x32\...\Darksiders II_is1) (Version: 1.5.up6 - THQ)
«Need for Speed - Most Wanted»  1.0 (HKLM-x32\...\{FB0127F3-985B-44CE-AE29-378CAF60B361}_is1) (Version: 1.0 - Electronic Arts)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
AIMP3 (HKLM-x32\...\AIMP3) (Version: v3.60.1483, 27.02.2015 - AIMP DevTeam)
Alien Isolation (HKLM-x32\...\Alien Isolation_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
ASUS nVidia Driver (x32 Version: 1.00.0000 - ASUSTek) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Crysis® 2 (HKLM-x32\...\{6033673D-2530-4587-8AD0-EB059FC263F9}) (Version: 1.0.0.0 - Electronic Arts)
Curse Client (HKU\S-1-5-21-599707613-2096614801-711580207-1000\...\101a9f93b8f0bb6f) (Version: 5.1.1.820 - Curse)
CursorFX (x32 Version: 2.00 - Stardock Corporation) Hidden
CursorFX Plus (HKLM-x32\...\CursorFX Plus) (Version:  - Stardock Corporation)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Dxtory version 2.0.127 (HKLM-x32\...\Dxtory2.0_is1) (Version: 2.0.127 - ExKode Co. Ltd.)
EA SPORTS™ FIFA 15 (HKLM-x32\...\{3D4ADA2B-F028-4307-ADF4-6F9AA44725DA}) (Version: 1.4.0.0 - Electronic Arts)
FIFA 11 Demo (HKLM-x32\...\{DC158DF7-6B36-4C6F-BC91-109014297994}) (Version: 1.0.0.0 - Electronic Arts)
File Association Helper (HKLM\...\{572D0504-2C67-4016-801F-D70879A3026A}) (Version: 1.1.6.53763 - WinZip Computing International, LLC)
Free YouTube Download version 3.2.51.1215 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.51.1215 - DVDVideoSoft Ltd.)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.101 - Google Inc.)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
Intel(R) Management Engine Interface (HKLM\...\HECI) (Version:  - Intel Corporation)
Intel® Active-Management-Technologie (HKLM\...\MESOL) (Version:  - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Lagarith Lossless Codec (1.3.27) (HKLM-x32\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version:  - )
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Malwarebytes Anti-Malware Version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
ManyCam 4.1.0 (HKLM-x32\...\ManyCam) (Version: 4.1.0 - Visicom Media Inc.)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE  (HKLM-x32\...\{4D243BA7-9AC4-46D1-90E5-EEB88974F501}) (Version: 2.0.687.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}) (Version: 2.0.687.0 - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{6965A8D2-465D-4F98-9FAA-0E9E2348F329}) (Version: 3.22.270.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{3c3aafc8-d898-43ec-998f-965ffdae065a}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{e6e75766-da0f-4ba2-9788-6ea593ce702d}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 36.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 36.0.1 (x86 de)) (Version: 36.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MyFreeCodec (HKU\S-1-5-21-599707613-2096614801-711580207-1000\...\MyFreeCodec) (Version:  - )
NVIDIA 3D Vision Controller-Treiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.52 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.5 - NVIDIA Corporation)
NVIDIA Grafiktreiber 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.52 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.5.5.2850 - Electronic Arts, Inc.)
phonostar-Player Version 3.03.1 (HKLM-x32\...\phonostar3RadioPlayer_is1) (Version:  - )
PS TO PC CONVERTER (HKLM-x32\...\{A483F88A-41E9-45B2-AAC9-A823DD9B4873}) (Version: 2007.01.01 - )
Razer Core (HKLM-x32\...\Razer Core) (Version: 1.0.1.66 - Razer Inc)
Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.13 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7385 - Realtek Semiconductor Corp.)
Reload Icons Cache 1.00 (HKLM-x32\...\Reload Icons Cache 1.00) (Version: 1.00 - Mr Blade Design's)
RIDE (HKLM-x32\...\UklERQ==_is1) (Version: 1 - )
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.14044_17 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.3.14044_17 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
SHIELD Streaming (Version: 3.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.18.9 - NVIDIA Corporation) Hidden
Shutdown Timer (HKLM\...\{0B1BBEE3-C10D-44BE-A6BE-EEC867315F87}) (Version: 3.3.4 - Sinvise Systems)
Skype™ 7.1 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)
STREET FIGHTER IV (HKLM-x32\...\{59ABBDF0-E1E5-48AF-85FB-F523A08C3490}) (Version: 1.00.3013 - CAPCOM U.S.A., INC.)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
Tukui Client (HKLM-x32\...\{EF0FAA54-5532-4B90-99C4-B4A97D600A94}) (Version: 2.4.3 - Tukui)
Twin USB Vibration Gamepad (HKLM-x32\...\{1BBDD6C0-ED6F-43C3-8A9C-84E3249A5615}) (Version: 2007.01.01 - )
UltraISO Premium V9.53 (HKLM-x32\...\UltraISO_is1) (Version:  - )
USB Network Driver (HKLM-x32\...\{66ED8E01-C915-41F5-B33E-C5C31F27B885}) (Version: V3.70a - )
UxStyle Core Beta (HKLM\...\{8E363055-15E5-4D8A-9C69-A0A9DE9A3337}) (Version: 0.2.1.1 - The Within Network, LLC)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VLC media player 2.1.1 (HKLM\...\VLC media player) (Version: 2.1.1 - VideoLAN)
VMware Player (HKLM-x32\...\VMware_Player) (Version: 7.1.0 - VMware, Inc)
VMware Player (Version: 7.1.0 - VMware, Inc.) Hidden
WEB.DE MailCheck für Mozilla Firefox (HKLM-x32\...\1&1 Mail & Media GmbH Toolbar FF) (Version: 3.0.2.1739 - 1&1 Mail & Media GmbH)
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-599707613-2096614801-711580207-1000_Classes\CLSID\{78100a96-d60c-4ceb-82b8-d54834ef4d19}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-599707613-2096614801-711580207-1000_Classes\CLSID\{95801f19-25b2-41fb-8347-c69d13a4b393}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-599707613-2096614801-711580207-1000_Classes\CLSID\{b159717a-9134-42fd-ad87-0820f6c95e44}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-599707613-2096614801-711580207-1000_Classes\CLSID\{b7431fc4-b219-4818-b54b-1a850cddbbed}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-599707613-2096614801-711580207-1000_Classes\CLSID\{e1275246-fcf3-4712-9a4a-265615936441}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)

==================== Restore Points  =========================

29-03-2015 04:54:40 DirectX wurde installiert
29-03-2015 04:57:52 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
29-03-2015 04:58:14 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
29-03-2015 04:58:54 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005
29-03-2015 04:59:27 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
29-03-2015 05:00:15 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
29-03-2015 12:18:27 MetroSidebar wird entfernt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2015-03-28 14:20 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0566F90C-5A50-4D07-A1FA-25FE73F3F4B0} - System32\Tasks\ReviverSoft Start Menu Run once task => C:\SkinPack\StartMenu\StartMenuReviver.exe
Task: {47D5B8ED-A1D8-4D73-8BA6-2B370E5C2E31} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-16] (Google Inc.)
Task: {48E4CE6C-8549-43C0-BF10-8BBA97E10A6D} - System32\Tasks\{5A6297E5-8A05-41E3-9AC7-B324F3968FF8} => pcalua.exe -a C:\Windows\SysWOW64\USBGAMEPAD.cpl -c Game Controllers
Task: {4ADBFEF0-F400-4C2F-A2D8-1545556E44C0} - System32\Tasks\{64601819-02F8-4237-A59D-29B1DDE31AD7} => pcalua.exe -a "C:\Users\Privat\Desktop\Creative Sound Blaster Audigy DriverSBAX PCDVTBETA US v2.1.0000.exe" -d C:\Users\Privat\Desktop
Task: {5416AF43-0D6D-41FB-AC70-7FFB43245C2C} - System32\Tasks\{E52F1503-D79A-4591-981D-7BD3AEAEDBD8} => pcalua.exe -a C:\Games\Grand_Theft_Auto_IV\Content\setup.exe -d C:\Games\Grand_Theft_Auto_IV\Content
Task: {867E6326-310F-4F06-929D-B0BB10E4948A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-16] (Google Inc.)
Task: {B9839B66-29D4-4226-B426-EEA4B1B388EF} - System32\Tasks\{3CA7F2AF-5D51-4F7B-86D3-95C106C67251} => pcalua.exe -a D:\player\audio.exe -d D:\player
Task: {DE5CAF76-12BE-4E4F-ACDF-9307A16F3E37} - System32\Tasks\StardockTR => C:\Program Files (x86)\Stardock\StardockTR.exe [2013-06-24] ()
Task: {E56EEE5C-98D2-41B2-B97D-F359B9E14E8F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2014-04-28 09:23 - 2013-04-25 17:23 - 00042496 _____ () C:\Program Files (x86)\phonostar-Player\phonostarTimer.exe
2015-03-29 00:35 - 2015-03-29 00:35 - 00016384 _____ () C:\Users\Privat\AppData\Local\Apps\2.0\QJCG50TG.1QL\XZCRRC33.NN8\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b62a0ea0a2ec\Curse.CurseClient.WowDb.dll
2015-03-29 00:35 - 2015-03-29 00:35 - 00035840 _____ () C:\Users\Privat\AppData\Local\Apps\2.0\QJCG50TG.1QL\XZCRRC33.NN8\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b62a0ea0a2ec\Curse.Advertising.dll
2015-03-29 00:35 - 2015-03-29 00:35 - 00099840 _____ () C:\Users\Privat\AppData\Local\Apps\2.0\QJCG50TG.1QL\XZCRRC33.NN8\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b62a0ea0a2ec\Curse.CurseClient.CMOD2.dll
2015-03-20 01:33 - 2015-03-14 12:02 - 01530184 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\libglesv2.dll
2015-03-20 01:33 - 2015-03-14 12:02 - 00091976 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\libegl.dll
2015-03-20 01:33 - 2015-03-14 12:02 - 11266888 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\pdf.dll
2015-02-06 19:40 - 2015-02-06 19:40 - 01301696 _____ () C:\Program Files (x86)\VMware\VMware Player\libxml2.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-599707613-2096614801-711580207-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Privat\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: ASO3DiskOptimizer => 2
MSCONFIG\Services: atchksrv => 2
MSCONFIG\Services: Avira.OE.ServiceHost => 2
MSCONFIG\Services: GfExperienceService => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NvNetworkService => 2
MSCONFIG\Services: NvStreamSvc => 2
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: RzOvlMon => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Stereo Service => 2
MSCONFIG\Services: UMVPFSrv => 2
MSCONFIG\Services: UNS => 2

==================== Accounts: =============================

Administrator (S-1-5-21-599707613-2096614801-711580207-500 - Administrator - Disabled)
Gast (S-1-5-21-599707613-2096614801-711580207-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-599707613-2096614801-711580207-1002 - Limited - Enabled)
Privat (S-1-5-21-599707613-2096614801-711580207-1000 - Administrator - Enabled) => C:\Users\Privat

==================== Faulty Device Manager Devices =============

Name: Microsoft-Teredo-Tunneling-Adapter
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/29/2015 01:49:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/29/2015 00:58:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/29/2015 00:22:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/29/2015 00:17:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/29/2015 00:27:34 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (03/29/2015 01:47:52 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Infrarotüberwachungsdienst" wurde mit folgendem Fehler beendet:
%%2

Error: (03/29/2015 01:46:57 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (03/29/2015 01:46:57 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (03/29/2015 01:46:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "VMware Authorization Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (03/29/2015 01:46:57 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "VMware USB Arbitration Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (03/29/2015 01:46:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "VMware DHCP Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (03/29/2015 01:46:57 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "VMware NAT Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 1000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (03/29/2015 01:46:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "MSCamSvc" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (03/29/2015 01:46:57 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Druckwarteschlange" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (03/29/2015 01:46:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Unsigned Themes" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


Microsoft Office Sessions:
=========================
Error: (03/29/2015 01:49:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/29/2015 00:58:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/29/2015 00:22:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/29/2015 00:17:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/29/2015 00:27:34 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info ===========================

Processor: AMD Athlon(tm) II X4 640 Processor
Percentage of memory in use: 33%
Total physical RAM: 8191.3 MB
Available physical RAM: 5479.59 MB
Total Pagefile: 16380.8 MB
Available Pagefile: 13605.09 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:191.21 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: EB83E9A5)
Partition 1: (Active) - (Size=465.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================
Upload sollte auch da sein :)

M-K-D-B 29.03.2015 13:09
Servus,


dann kamen die Meldungen echt von der Malware, danke für den Upload... :)


Wir entfernen die letzten Reste und kontrollieren nochmal alles. ESET kann länger (> 2 h) dauern.
Im Anschluss entfernen wir alle verwendeten Tools und ich gebe dir noch ein paar Tipps mit auf den Weg.




Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Code:
start
CloseProcesses:
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ASO3_JUMP_LIST
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{2A03A149-3CD3-429D-B4A4-28D9D2974874}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D23C3BA7-6DC3-4DDF-9BDF-12599E852A40}
EmptyTemp:
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.






Schritt 2
Downloade dir die passende Version von HitmanPro auf deinen Desktop: HitmanPro - 32 Bit | HitmanPro - 64 Bit.
  • Starte die HitmanPro.exe
  • Klicke auf
  • Entferne den Haken bei
  • Klicke auf
    und
  • Akzeptiere die Lizenzbedingungen und klicke auf
  • Klicke auf

    und auf
  • Wenn der Scan beendet wurde, nichts löschen lassen etc. sondern wähle unten links auf der Button-Leiste
    und speichere die Logdatei auf Deinem Desktop.
  • Schließe HitmanPro und poste mir das Log.

 






Schritt 3

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset






Schritt 4
Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.






Bitte poste mit deiner nächsten Antwort
  • die Logdatei des FRST-Fix,
  • die Logdatei von HitmanPro,
  • die Logdatei von ESET,
  • die Logdatei von SecurityCheck.

Wildstyle 29.03.2015 15:51
Hat etwas gedauert, aber hier deine Logs! :Boogie:

Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by Privat at 2015-03-29 14:15:25 Run:3
Running from C:\Users\Privat\Desktop
Loaded Profiles: Privat (Available profiles: Privat)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CloseProcesses:
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ASO3_JUMP_LIST
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{2A03A149-3CD3-429D-B4A4-28D9D2974874}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D23C3BA7-6DC3-4DDF-9BDF-12599E852A40}
EmptyTemp:
end
*****************

Processes closed successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ASO3_JUMP_LIST => Failed to delete key at first attempt (Error: C0000121), see next line.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ASO3_JUMP_LIST => Key Deleted Successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{2A03A149-3CD3-429D-B4A4-28D9D2974874} => Failed to delete key at first attempt (Error: C0000121), see next line.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{2A03A149-3CD3-429D-B4A4-28D9D2974874} => Key Deleted Successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D23C3BA7-6DC3-4DDF-9BDF-12599E852A40} => Failed to delete key at first attempt (Error: C0000121), see next line.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D23C3BA7-6DC3-4DDF-9BDF-12599E852A40} => Key Deleted Successfully.
EmptyTemp: => Removed 12.4 MB temporary data.


The system needed a reboot.

==== End of Fixlog 14:15:31 ====
Code:

       
Code:

       
HitmanPro 3.7.9.240
www.hitmanpro.com

   Computer name . . . . : PRIVAT-PC
   Windows . . . . . . . : 6.1.1.7601.X64/4
   User name . . . . . . : Privat-PC\Privat
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Trial (30 days left)

   Scan date . . . . . . : 2015-03-29 14:24:25
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 6m 2s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : Yes

   Threats . . . . . . . : 3
   Traces  . . . . . . . : 38

   Objects scanned . . . : 1.455.505
   Files scanned . . . . : 31.916
   Remnants scanned  . . : 363.104 files / 1.060.485 keys

Malware _____________________________________________________________________

   C:\FRST\Quarantine\C\Users\Privat\AppData\Local\Range-must\rangepractice.exe -> Deleted
      Size . . . . . . . : 97.792 bytes
      Age  . . . . . . . : 2.9 days (2015-03-26 17:43:50)
      Entropy  . . . . . : 7.0
      SHA-256  . . . . . : C6AE2835F9AE99386A6EDBD969FF88BE9AC80683B9B8146F3818C93ADF8D023A
    > Bitdefender  . . . : Trojan.GenericKD.2254276
    > Kaspersky  . . . . : Backdoor.Win32.Androm.gnpc
      Fuzzy  . . . . . . : 117.0
      Forensic Cluster
         -0.0s C:\FRST\Quarantine\C\Users\Privat\AppData\Local\Range-must\
          0.0s C:\FRST\Quarantine\C\Users\Privat\AppData\Local\Range-must\rangepractice.exe

   C:\FRST\Quarantine\C\Users\Privat\AppData\Local\Songshoot\songprogram.exe -> Deleted
      Size . . . . . . . : 151.552 bytes
      Age  . . . . . . . : 1.5 days (2015-03-28 03:13:05)
      Entropy  . . . . . : 6.2
      SHA-256  . . . . . : 97C3EC096D926468A1ED2F770BCFC5691211FB9279943F42BD6B6164DB18EA15
      Product  . . . . . : Trend Micro Internet Security
      Publisher  . . . . : CryDev Software
      Description  . . . : Trend Micro software history cleaner
      Copyright  . . . . : Copyright (C) 1995-2009 Trend Micro Incorporated. All rights reserved.
      LanguageID . . . . : 1033
    > Kaspersky  . . . . : Backdoor.Win32.Androm.gnuf
      Fuzzy  . . . . . . : 115.0
      Forensic Cluster
         -0.0s C:\FRST\Quarantine\C\Users\Privat\AppData\Local\Songshoot\
          0.0s C:\FRST\Quarantine\C\Users\Privat\AppData\Local\Songshoot\songprogram.exe

   C:\ProgramData\Blizzard Entertainment\Battle.net\Cache\1e\6f\design_for_testability\valve.exe -> Deleted
      Size . . . . . . . : 209.920 bytes
      Age  . . . . . . . : 559.0 days (2013-09-16 15:02:32)
      Entropy  . . . . . : 7.2
      SHA-256  . . . . . : 1D5BDC21F4D54B621E1CFD9AC299A715EF80157B2D9ACA4A2C0249FD6FC26E40
      Product  . . . . . : multifix feature plug-in
      Publisher  . . . . : BackupFly Software
      Description  . . . : multifix feature plug-in
      Copyright  . . . . : Copyright © 1998-2010, Check Point, LTD
      Gossip . . . . . . : izzard Entertainment
      LanguageID . . . . : 1033
    > Kaspersky  . . . . : Trojan.Win32.Yakes.keob
      Fuzzy  . . . . . . : 109.0
      Startup
         HKU\S-1-5-21-599707613-2096614801-711580207-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tssop


Suspicious files ____________________________________________________________

   C:\Users\Privat\AppData\Local\PunkBuster\FC3\pb\pbcl.dll -> Deleted
      Size . . . . . . . : 953.886 bytes
      Age  . . . . . . . : 23.1 days (2015-03-06 11:36:37)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 6D5E2CD4A7A43EB00B600BA783AD3BEE6B817C030A40600D40367173A6ECEB13
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
      Forensic Cluster
         -0.0s C:\Users\Privat\AppData\Local\PunkBuster\FC3\
         -0.0s C:\Users\Privat\AppData\Local\PunkBuster\FC3\pb\
         -0.0s C:\Users\Privat\AppData\Local\PunkBuster\FC3\pb\pbclgame.cfg
          0.0s C:\Users\Privat\AppData\Local\PunkBuster\FC3\pb\pbcl.db
          0.0s C:\Users\Privat\AppData\Local\PunkBuster\FC3\pb\pbcl.dll
          0.1s C:\Users\Privat\AppData\Local\PunkBuster\FC3\pb\pbag.dll
          0.1s C:\Users\Privat\AppData\Local\PunkBuster\FC3\pb\scrnshot\
          0.1s C:\Users\Privat\AppData\Local\PunkBuster\FC3\pb\dll\
          0.1s C:\Users\Privat\AppData\Local\PunkBuster\FC3\pb\htm\
          0.2s C:\Users\Privat\AppData\Local\PunkBuster\FC3\pb\PnkBstrB.exe
          5.4s C:\Users\Privat\AppData\Local\PunkBuster\FC3\pb\pbns_c.dat
          6.3s C:\Windows\SysWOW64\PnkBstrB.xtr
         14.4s C:\Users\Privat\AppData\Local\PunkBuster\FC3\pb\PnkBstrK.sys

   C:\Users\Privat\AppData\Local\PunkBuster\FC3\pb\PnkBstrK.sys -> PendingDelete
      Size . . . . . . . : 138.032 bytes
      Age  . . . . . . . : 23.1 days (2015-03-06 11:36:52)
      Entropy  . . . . . : 7.8
      SHA-256  . . . . . : ABAF3FACF01E10E4C685F79C3B9E5D2118B3CF8629C4277EBE035B2A10474148
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         The file is a device driver. Device drivers run as trusted (highly privileged) code.
         Program is code signed with a valid Authenticode certificate.
      Forensic Cluster
         -14.4s C:\Users\Privat\AppData\Local\PunkBuster\FC3\
         -14.4s C:\Users\Privat\AppData\Local\PunkBuster\FC3\pb\
         -14.4s C:\Users\Privat\AppData\Local\PunkBuster\FC3\pb\pbclgame.cfg
         -14.4s C:\Users\Privat\AppData\Local\PunkBuster\FC3\pb\pbcl.db
         -14.4s C:\Users\Privat\AppData\Local\PunkBuster\FC3\pb\pbcl.dll
         -14.3s C:\Users\Privat\AppData\Local\PunkBuster\FC3\pb\pbag.dll
         -14.3s C:\Users\Privat\AppData\Local\PunkBuster\FC3\pb\scrnshot\
         -14.3s C:\Users\Privat\AppData\Local\PunkBuster\FC3\pb\dll\
         -14.3s C:\Users\Privat\AppData\Local\PunkBuster\FC3\pb\htm\
         -14.2s C:\Users\Privat\AppData\Local\PunkBuster\FC3\pb\PnkBstrB.exe
         -9.0s C:\Users\Privat\AppData\Local\PunkBuster\FC3\pb\pbns_c.dat
         -8.0s C:\Windows\SysWOW64\PnkBstrB.xtr
          0.0s C:\Users\Privat\AppData\Local\PunkBuster\FC3\pb\PnkBstrK.sys

   C:\Users\Privat\AppData\Roaming\Ubisoft\Tom Clancy's Ghost Recon Future Soldier\pb\pbcl.dll -> Deleted
      Size . . . . . . . : 972.501 bytes
      Age  . . . . . . . : 27.5 days (2015-03-02 01:57:57)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : CCD4FD05B76D1C64855930E0B24365B4C9ABA3F3319DACEE5D06A565D5CC78F9
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
      Forensic Cluster
         -1.0s C:\Users\Privat\AppData\Roaming\Ubisoft\Tom Clancy's Ghost Recon Future Soldier\
         -1.0s C:\Users\Privat\AppData\Roaming\Ubisoft\
         -1.0s C:\Users\Privat\AppData\Roaming\Ubisoft\Tom Clancy's Ghost Recon Future Soldier\pb\
         -0.7s C:\Users\Privat\AppData\Roaming\Ubisoft\Tom Clancy's Ghost Recon Future Soldier\pb\pbsv.dll
          0.0s C:\Users\Privat\AppData\Roaming\Ubisoft\Tom Clancy's Ghost Recon Future Soldier\pb\pbcl.dll
          0.2s C:\Users\Privat\AppData\Roaming\Ubisoft\Tom Clancy's Ghost Recon Future Soldier\pb\pbag.dll
          0.5s C:\Users\Privat\AppData\Roaming\Ubisoft\Tom Clancy's Ghost Recon Future Soldier\pb\svlogs\
          0.5s C:\Users\Privat\AppData\Roaming\Ubisoft\Tom Clancy's Ghost Recon Future Soldier\pb\htm\
          0.5s C:\Users\Privat\AppData\Roaming\Ubisoft\Tom Clancy's Ghost Recon Future Soldier\pb\dll\
          0.5s C:\Users\Privat\AppData\Roaming\Ubisoft\Tom Clancy's Ghost Recon Future Soldier\pb\pbsv.dat
          0.5s C:\Users\Privat\AppData\Roaming\Ubisoft\Tom Clancy's Ghost Recon Future Soldier\pb\svss\
          0.7s C:\Users\Privat\AppData\Roaming\Ubisoft\Tom Clancy's Ghost Recon Future Soldier\pb\pbcls.dll
          0.9s C:\Users\Privat\AppData\Roaming\Ubisoft\Tom Clancy's Ghost Recon Future Soldier\pb\pbags.dll
          1.1s C:\Users\Privat\AppData\Roaming\Ubisoft\Tom Clancy's Ghost Recon Future Soldier\pb\pbcl.db
          1.1s C:\Users\Privat\AppData\Local\PunkBuster\
          1.1s C:\Users\Privat\AppData\Local\PunkBuster\GRFS\
          1.1s C:\Users\Privat\AppData\Local\PunkBuster\GRFS\pb\
          1.2s C:\Users\Privat\AppData\Roaming\Ubisoft\Tom Clancy's Ghost Recon Future Soldier\pb\scrnshot\
          3.1s C:\Users\Privat\AppData\Roaming\Ubisoft\Tom Clancy's Ghost Recon Future Soldier\pb\pbns_c.dat
          4.6s C:\Users\Privat\AppData\Local\storage\SKIDROW\
          4.6s C:\Users\Privat\AppData\Local\storage\SKIDROW\53\
          4.6s C:\Users\Privat\AppData\Local\storage\
          4.6s C:\Users\Privat\AppData\Roaming\Ubisoft\Tom Clancy's Ghost Recon Future Soldier\pb\pbns.dat

   C:\Users\Privat\AppData\Roaming\Ubisoft\Tom Clancy's Ghost Recon Future Soldier\pb\pbcls.dll -> Deleted
      Size . . . . . . . : 972.501 bytes
      Age  . . . . . . . : 27.5 days (2015-03-02 01:57:58)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : CCD4FD05B76D1C64855930E0B24365B4C9ABA3F3319DACEE5D06A565D5CC78F9
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
      Forensic Cluster
         -1.6s C:\Users\Privat\AppData\Roaming\Ubisoft\Tom Clancy's Ghost Recon Future Soldier\
         -1.6s C:\Users\Privat\AppData\Roaming\Ubisoft\
         -1.6s C:\Users\Privat\AppData\Roaming\Ubisoft\Tom Clancy's Ghost Recon Future Soldier\pb\
         -1.4s C:\Users\Privat\AppData\Roaming\Ubisoft\Tom Clancy's Ghost Recon Future Soldier\pb\pbsv.dll
         -0.7s C:\Users\Privat\AppData\Roaming\Ubisoft\Tom Clancy's Ghost Recon Future Soldier\pb\pbcl.dll
         -0.4s C:\Users\Privat\AppData\Roaming\Ubisoft\Tom Clancy's Ghost Recon Future Soldier\pb\pbag.dll
         -0.2s C:\Users\Privat\AppData\Roaming\Ubisoft\Tom Clancy's Ghost Recon Future Soldier\pb\svlogs\
         -0.2s C:\Users\Privat\AppData\Roaming\Ubisoft\Tom Clancy's Ghost Recon Future Soldier\pb\htm\
         -0.2s C:\Users\Privat\AppData\Roaming\Ubisoft\Tom Clancy's Ghost Recon Future Soldier\pb\dll\
         -0.2s C:\Users\Privat\AppData\Roaming\Ubisoft\Tom Clancy's Ghost Recon Future Soldier\pb\pbsv.dat
         -0.2s C:\Users\Privat\AppData\Roaming\Ubisoft\Tom Clancy's Ghost Recon Future Soldier\pb\svss\
          0.0s C:\Users\Privat\AppData\Roaming\Ubisoft\Tom Clancy's Ghost Recon Future Soldier\pb\pbcls.dll
          0.3s C:\Users\Privat\AppData\Roaming\Ubisoft\Tom Clancy's Ghost Recon Future Soldier\pb\pbags.dll
          0.5s C:\Users\Privat\AppData\Roaming\Ubisoft\Tom Clancy's Ghost Recon Future Soldier\pb\pbcl.db
          0.5s C:\Users\Privat\AppData\Local\PunkBuster\
          0.5s C:\Users\Privat\AppData\Local\PunkBuster\GRFS\
          0.5s C:\Users\Privat\AppData\Local\PunkBuster\GRFS\pb\
          0.5s C:\Users\Privat\AppData\Roaming\Ubisoft\Tom Clancy's Ghost Recon Future Soldier\pb\scrnshot\
          2.4s C:\Users\Privat\AppData\Roaming\Ubisoft\Tom Clancy's Ghost Recon Future Soldier\pb\pbns_c.dat
          3.9s C:\Users\Privat\AppData\Local\storage\SKIDROW\
          3.9s C:\Users\Privat\AppData\Local\storage\SKIDROW\53\
          3.9s C:\Users\Privat\AppData\Local\storage\
          3.9s C:\Users\Privat\AppData\Roaming\Ubisoft\Tom Clancy's Ghost Recon Future Soldier\pb\pbns.dat


Potential Unwanted Programs _________________________________________________

   C:\ProgramData\EmailNotifier\ (MyStart) -> Deleted
   C:\ProgramData\EmailNotifier\EmailNotifier.exe (MyStart) -> Deleted
      Size . . . . . . . : 1.081.096 bytes
      Age  . . . . . . . : 105.7 days (2014-12-13 21:56:22)
      Entropy  . . . . . : 6.6
      SHA-256  . . . . . : 1D63E3EC096EF09FDF24F65DF0EFFFCE8BCD916DF7D95F1AC5A8BF2C181044AF
      Product  . . . . . : Email Notifier (TimeWarner Edition)
      Publisher
      Description  . . . : Email Notifier User Interface
      Version  . . . . . : 1.0.1.37
      RSA Key Size . . . : 2048
      LanguageID . . . . : 4105
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : -12.0

   C:\ProgramData\EmailNotifier\EmailNotifierAPI.dll (MyStart) -> Deleted
      Size . . . . . . . : 858.584 bytes
      Age  . . . . . . . : 105.7 days (2014-12-13 21:56:22)
      Entropy  . . . . . : 6.6
      SHA-256  . . . . . : F41783CDE97511F0DE13485FCCCB8B75A6C2EA9053ECF96D84A28EDD911E42A2
      Product  . . . . . : Email Notifier
      Publisher
      Description  . . . : Email Notifier API
      Version  . . . . . : 1.0.0.58
      RSA Key Size . . . : 2048
      LanguageID . . . . : 4105
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : -12.0

   C:\ProgramData\EmailNotifier\EmailNotifierEN.lng (MyStart) -> Deleted
   C:\ProgramData\EmailNotifier\EmailNotifierFR.lng (MyStart) -> Deleted
   HKLM\SOFTWARE\Classes\AppID\secman.DLL\ (Babylon) -> Deleted
   HKLM\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6}\ (FLV Player) -> Deleted
   HKLM\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E}\ (FLV Player) -> Deleted
   HKLM\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24}\ (FLV Player) -> Deleted
   HKLM\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9}\ (FLV Player) -> Deleted
   HKLM\SOFTWARE\Classes\Wow6432Node\AppID\secman.DLL\ (Babylon) -> PendingDelete
   HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0C5365B7-358F-402d-A440-F1270AEF1175}\ (MyStart) -> Deleted
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{58124A0B-DC32-4180-9BFF-E0E21AE34026} (Iminent) -> Deleted
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{977AE9CC-AF83-45E8-9E03-E2798216E2D5} (Iminent) -> Deleted
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} (Iminent) -> Deleted
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0C5365B7-358F-402d-A440-F1270AEF1175}\ (MyStart) -> Deleted
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\Stats\{5645E0E7-FC12-43BF-A6E4-F9751942B298}\ (DomalQ) -> Deleted
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\Stats\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}\ (DomalQ) -> Deleted
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{58124A0B-DC32-4180-9BFF-E0E21AE34026} (Iminent) -> PendingDelete
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{977AE9CC-AF83-45E8-9E03-E2798216E2D5} (Iminent) -> PendingDelete
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} (Iminent) -> PendingDelete
   HKLM\SOFTWARE\Wow6432Node\SpeedBit\ (SpeedBit) -> Deleted
   HKU\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\ (UniDeals) -> Deleted
   HKU\.DEFAULT\Software\Systweak\ (AdvSysProtector) -> Deleted
   HKU\S-1-5-18\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\ (UniDeals) -> PendingDelete
   HKU\S-1-5-18\Software\Systweak\ (AdvSysProtector) -> PendingDelete
   HKU\S-1-5-21-599707613-2096614801-711580207-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\SnapDo.exe (FLV Player) -> Deleted
   HKU\S-1-5-21-599707613-2096614801-711580207-1000_Classes\Wow6432Node\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\ (UniDeals) -> Deleted
   HKU\S-1-5-21-599707613-2096614801-711580207-1000_Classes\Wow6432Node\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}\ (UniDeals) -> Deleted

Cookies _____________________________________________________________________

   C:\Users\Privat\AppData\Roaming\Microsoft\Windows\Cookies\UIJCHXWE.txt

Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=cd596b60afef8546b5c749036b66c4b4
# engine=23139
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-03-29 02:25:40
# local_time=2015-03-29 04:25:40 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 197584 179268990 0 0
# scanned=205013
# found=48
# cleaned=48
# scan_time=6283
sh=288B0D45FC9D8FE9631A863AB04CF78FA08310B4 ft=1 fh=1841516c18146756 vn="Variante von Win32/Systweak.L evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\advanced system optimizer 3\ASO3.exe.vir"
sh=5F8CDAF8CFE9DC71EEE6EB34CD29B0705FB3F818 ft=1 fh=a87a5e460e6d4f5f vn="Variante von Win32/Systweak.L evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\advanced system optimizer 3\asodemo.exe.vir"
sh=C9C837B162F1CF0FAA189DC01545EEEF82AC54D1 ft=1 fh=3f6589666d67494a vn="Variante von Win32/Systweak.N evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\advanced system optimizer 3\ASOHelper.dll.vir"
sh=E4F8D6B714FD73E640FABC46AB4CE4739322675B ft=1 fh=223caaa032d6f852 vn="Variante von Win32/Systweak.L evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\advanced system optimizer 3\BackupManager.exe.vir"
sh=A362BD54C45E62F716F236FB2927BD168581AACB ft=1 fh=a08ce27e634a02a8 vn="Variante von Win32/Systweak.L evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\advanced system optimizer 3\BeforeUninstall.exe.vir"
sh=5BFE81966C4F84E0A14DE369E387E426E3C422F3 ft=1 fh=6980254952f9f56d vn="Variante von Win32/Systweak.L evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\advanced system optimizer 3\CheckUpdate.exe.vir"
sh=4202CEE0771ADCC3631F9908D96C0FEE9B4732F3 ft=1 fh=e263274a7e59e2f3 vn="Variante von Win32/Systweak.L evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\advanced system optimizer 3\DiskDoctor.exe.vir"
sh=475C66C790788172D0C0F96CD882725963BCD1C1 ft=1 fh=c2f20690010fdc74 vn="Variante von Win32/Systweak.L evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\advanced system optimizer 3\DiskExplorer.exe.vir"
sh=748C20EC14FE97B57588B10E7F3BDDA8E5CBDAE9 ft=1 fh=0ebfcebe2912fa5e vn="Variante von Win32/Systweak.L evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\advanced system optimizer 3\DiskOptimizer.exe.vir"
sh=934992CFC7C1EE223DF87B0F9E83294772A617CB ft=1 fh=7f93f46aeb9aa1af vn="Variante von Win32/Systweak.L evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\advanced system optimizer 3\DriverUpdater.exe.vir"
sh=B98A2FEB068E4F15CD908E4D428CF7B7D4E65273 ft=1 fh=9b7406f998a16fb0 vn="Variante von Win32/Systweak.L evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\advanced system optimizer 3\DuplicateFilesRemover.exe.vir"
sh=859E9008670A3F08A4291006D97C7135380A0CB2 ft=1 fh=80fd2f5a7a58661a vn="Variante von Win32/Systweak.L evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\advanced system optimizer 3\GameOptimizer.exe.vir"
sh=1A5AC8EB60A1BADF4F3F0811829CF0559E91EB03 ft=1 fh=e2e360e7fcfe2807 vn="Variante von Win32/Systweak.L evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\advanced system optimizer 3\GOHelper.exe.vir"
sh=84CABBC6AB4B5A798CC7D0A3C580BEBE9B246C9A ft=1 fh=c0dd673013301c66 vn="Variante von Win32/Systweak.L evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\advanced system optimizer 3\MemoryOptimizer.exe.vir"
sh=9FE5E9EFE046072861ACB10A6AACFBAEBD857535 ft=1 fh=9ba63164ad7d9a38 vn="Variante von Win32/Systweak.M evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\advanced system optimizer 3\Network.dll.vir"
sh=4498719F4D24895BA364EC450860BF3D7A4E2085 ft=1 fh=e1290162f1aef6cf vn="Variante von Win32/Systweak.L evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\advanced system optimizer 3\NewScheduler.exe.vir"
sh=F5099CD4095F824F798775B7CEF27BA374146399 ft=1 fh=52588b4f0065d239 vn="Variante von Win32/Systweak.L evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\advanced system optimizer 3\PCFixer.exe.vir"
sh=493B20BE208AB86C612D91F2CA1F65A4AAD135FC ft=1 fh=2464d87ae1596886 vn="Variante von Win32/Systweak.L evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\advanced system optimizer 3\PrivacyProtector.exe.vir"
sh=C5C11CE9B5A08FA8F58A65ACF680715C1DA001B0 ft=1 fh=ef47e268baf427c0 vn="Variante von Win32/Systweak evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\advanced system optimizer 3\RegClean.exe.vir"
sh=9A45E3718898A059A900217C28CB15055164D1C7 ft=1 fh=29e5ffa5afd9640b vn="Variante von Win32/Systweak.L evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\advanced system optimizer 3\RegistryOptimizer.exe.vir"
sh=772C1DF562E98B1A9FA68F012B6AD4A5DD9894D7 ft=1 fh=cc541eb4baef5382 vn="Variante von MSIL/AdvancedSystemProtector.F evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\advanced system optimizer 3\ScanDll.dll.vir"
sh=2A86DDA8A74688B0A44207B2A7972532FF721DC6 ft=1 fh=871599e2c6ddfacc vn="Variante von Win32/Systweak.L evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\advanced system optimizer 3\SecureDelete.exe.vir"
sh=513F9438C08E895284FF75B95C29265F1B3E86D7 ft=1 fh=ebb68f58f0b02931 vn="Variante von Win32/Systweak.L evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\advanced system optimizer 3\SecureEncryptor.exe.vir"
sh=C66F3C8C86FBC3237CF1C53CCED153318591E4BD ft=1 fh=79f5761327a243dc vn="Variante von Win32/Systweak.L evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\advanced system optimizer 3\StartupManager.exe.vir"
sh=F82C36755BEF7D5758D9569117342F08298B0CED ft=1 fh=75b29be5df6c4d34 vn="Variante von Win32/Systweak.L evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\advanced system optimizer 3\SysFileBakRes.exe.vir"
sh=9C0FE15C72D6505719B72B05E13AAE94088BF377 ft=1 fh=66f12a81bd569c7c vn="Variante von Win32/Systweak.L evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\advanced system optimizer 3\SystemAnalyzerAndAdvisor.exe.vir"
sh=6E598B2E398C45D1EDBA80967D4B0487654708DB ft=1 fh=9c4e91c0a13ce5fd vn="Variante von Win32/Systweak.L evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\advanced system optimizer 3\SystemCleaner.exe.vir"
sh=F8885246F1A1CECE7C3B73B7239977DD4D929EA1 ft=1 fh=676d779de09f3805 vn="Variante von MSIL/AdvancedSystemProtector.F evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\advanced system optimizer 3\SystemProtector.exe.vir"
sh=DC0370C52D9B40AB983245B26174433BF89614CB ft=1 fh=97621db1fdd69f0b vn="Variante von Win32/Systweak.L evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\advanced system optimizer 3\Undelete.exe.vir"
sh=5809FAD37CA5874E1F55BC6E4C09193780EC9583 ft=1 fh=3125e113330a9072 vn="Variante von Win32/Systweak.L evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\advanced system optimizer 3\UninstallManager.exe.vir"
sh=5D628376391A827A818B0A079B64EE457AE9B82A ft=1 fh=c71c0011e2e7a7a5 vn="Variante von Win32/ELEX.BM evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\BrowserAction.dll.vir"
sh=F7C95992D10C15DC84CE4F9E4D5080164516EFBF ft=1 fh=92576c3b21a96199 vn="Win32/ELEX.BM evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\CmdShell.exe.vir"
sh=B06D7F91A13E85C35AE4EC84B97C4A919C5DB9C1 ft=1 fh=ca1e94579e2771c5 vn="Win32/ELEX.BM evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\HPNotify.exe.vir"
sh=6FF91414D5DAB803286645AFE8CA3AD64EE222EF ft=1 fh=b3b4963ffc56accd vn="Win32/ELEX.BM evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\ProtectService.exe.vir"
sh=D73747CD0D08856D22ECA8D897D2C82230904FC7 ft=1 fh=20acb29e899ba8cd vn="Variante von Win32/Thinknice.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\SupTab.dll.vir"
sh=E527BBCAFEDDC287A621A2DB49A1F10502C1E3D0 ft=1 fh=4c77490216ec3f95 vn="Variante von Win32/ELEX.BH evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe.vir"
sh=FAFB1ADB1BC81242F561FE5DE3769D2562C967B1 ft=1 fh=e681f7fe19842455 vn="Win32/AdvancedSystemProtector.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Privat\AppData\Roaming\Systweak\ASO3\sUpdateExe.exe.vir"
sh=B8E6BA69D75149795E4283A8A484B694CC50C001 ft=1 fh=7690bee84a2cb28f vn="Win32/VOPackage.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Privat\AppData\Roaming\VOPackage\Uninstall.exe.vir"
sh=44ED55CB1079D34027CB77CD62248064FF5A0A09 ft=1 fh=3916453e74289c7d vn="Win32/VOPackage.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Privat\AppData\Roaming\VOPackage\VOPackage.exe.vir"
sh=B88DB9F0D6F1DB4F1759808B41A7B00BAAE5F26C ft=1 fh=9f1ed77dec1720d4 vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir"
sh=AAA29097B1E5A7098E19A38F1200E636EE1C3A1E ft=1 fh=6b75069f13c3f94c vn="Win64/AdvancedSystemProtector.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Windows\System32\sasnative64.exe.vir"
sh=626906A697628B4798020BF00F76579234D8F85C ft=1 fh=f1298f6db5bdf5d5 vn="Variante von Win32/Kryptik.DDDX Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\FRST\Quarantine\C\Users\Privat\AppData\Roaming\Chart_plate\chart_go.exe"
sh=672672979DB01751A1818FBF12A9EAA191F16874 ft=1 fh=2f37fd3d46cd41cc vn="Win32/Trustezeb.K Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\FRST\Quarantine\C\Users\Privat\AppData\Roaming\Forcedog\force-feed.exe"
sh=D2ED8E27C1171CB13AB6B2D5DEF9944EB8FB95B1 ft=1 fh=768d71cdfeb2f64a vn="Variante von Win32/Packed.VMProtect.AAA Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Games\FIFA_15\FIFA 15\3dmgame.dll"
sh=DDBE869C5FF22DDF88289E73026C65C54198BC5D ft=1 fh=f3583c188ee93d13 vn="Variante von Generik.MNUUZTJ Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Program Files\Common Files\Microsoft Shared\MSInfo\design_for_testability\centripetal_force.exe"
sh=E36FC2987179741B6E0D08967C3370A6E4F9E0AB ft=1 fh=9b8d06036d89f9c0 vn="Win32/AnyProtect.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Qoobox\Quarantine\C\Users\Privat\AppData\Local\nslD097.tmp.vir"
sh=E549DEF436377A6CA0E9046525125E9AA34ED673 ft=1 fh=48455528b549e4cc vn="Win32/Somoto.Q evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Privat\Downloads\Programs\MetroSidebar16459_setup.exe"
sh=9EF6A5D7DBEABD05ADA16887427FAFBC1572806E ft=1 fh=5d9aaf1263ec4b76 vn="Win32/DownloadGuide.F evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Privat\Downloads\Programs\VMware-player-7.1.0-2496824_CB-DL-Manager.exe"
Code:
Results of screen317's Security Check version 0.99.97 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
  Java 64-bit 8 Update 31 
 Adobe Flash Player 16.0.0.305 
 Mozilla Firefox (36.0.1)
 Google Chrome (41.0.2272.101)
 Google Chrome (41.0.2272.89)
````````Process Check: objlist.exe by Laurent```````` 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````
Mir wurde beim Start von Windows ein Fenster geöffnet ob ich etwas Updaten möchte, kenne es aber nicht. Habe es vorerst abgelehnt.

Och poste dir die Nachricht auch mal zur sicherheit, falls es wieder auftauchen sollte, würde ich schon gerne wissen ob ich es bedenklos installieren kann :)

Code:
Neue Version verfügbar!

Version 6.23 Build 9 Final is available (Mar/26/2015)

What's new in version 6.23 Build 9?

- Fixed compatibility problems of Google Chrome extension with
  Kaspersky Internet Security

What's new in version 6.23 Build 8?

- Fixed a critical bug in IDM network driver

What's new in version 6.23 Builds 2-7?

- Fixed compatibility problems with antiviral and internet security software
- Improved taking over downloads of videos from web players in Google Chrome
- Added a feature to change video resolution for rtmp protocol
- Added support for SeaMonkey 2.33
- Fixed problems with video/audio recognition for several types of web sites
- Fixed compatibility problems of Google Chrome extension with
  several applications
- Fixed bugs in Chrome integration module
- Added support for Firefox 37

What's new in version 6.23?

- Added support for Google Chrome 42
- Added support for new types of video streaming sites
- Fixed bugs

What's new in version 6.22?

- Added support for Windows 10
- Fixed problems with corrupted video files from several types of video services
- Fixed bugs

What's new in versions 6.21 and 6.21 Builds 2-18?

- Resolved compatibility issues with some applications
- Added support for Firefox 36 and SeaMonkey 2.32
- Added support for SeaMonkey 2.31 and for Pale Moon 25
- Improved the recognition of new types of videos
- Added a feature to wake up from sleep to download scheduled files in queue
- Added support for Firefox 35
- Improved video recognition in Google Chrome
- Added support for Firefox 34 and SeaMonkey 2.30
- Fixed problems with Google Chrome extension for non-default zoom
- Fixed a freezing problem when assembling downloaded videos
- Added 64-bit support to "IDM Integration module" Chrome extension
- Added a feature to select a group of files in main IDM list and
  change their storage folder
- Fixed several problems with erroneous interceptions of videos
- Improved the logic of "Download this video" panel 
- Added a feature to search downloads in IDM list
- Added high DPI support for Google chrome extension
- Fixed detections of two separate video and audio streams in Chrome browser
- Improved IDM download engine
- Added support for Firefox 33 and SeaMonkey 2.29

What's new in version 6.20 Build 5?

- Fixed an erroneous interception of attendant content in Google Docs
- Fixed a critical bug when saving and resuming several types of videos
- Fixed a bug in the recognition of several types of videos in Google Chrome

What's new in versions 6.20 and 6.20 Build 2?

- Added support for Firefox 32 and SeaMonkey 2.28
- Added the recognition and downloading of TS videos
- Resolved "403 Forbidden" problems while downloading some videos
- Improved video recognition in web players
- Fixed bugs

What's new in version 6.19 Builds 2-9?

- Improved downloading from file sharing sites
- Added support for Firefox 31 and SeaMonkey 2.26
- Fixed a problem with not clickable download panel
  in Google Chrome version 34 and above
- Improved video recognition in web players
- Added support for Firefox 30 and SeaMonkey 2.25
- Improved video recognition in Google Chrome
- Added support for Google Chrome 33
- Fixed bugs

What's new in version 6.19?

- Improved IDM download engine
- Added support for Firefox 29 and SeaMonkey 2.24
- Fixed video recognition problems in Google Chrome
- Fixed problems when taking over https downloads
  in Google Chrome

What's new in version 6.18 Builds 8-12?

- Resolved compatibility issues with Google Chrome 32
- Resolved problems with 1080p HD video recognition
  in Google Chrome
- Added support for Firefox 28 and SeaMonkey 2.23
- Fixed a bug with erroneous dialup dialog
- Added a workaround for Trusteer bug when it crashes IE
- Increased the maximum number of connections to support
  up to 32 simultaneous connections per download
- Improved video recognition in web players
- Improved IDM download engine

What's new in version 6.18 Build 7?

- Fixed a critical bug in IE integration module
- Improved Windows 8.1 and IE 11 integration
- Resolved compatibility issues with Google Chrome 31
- Improved video recognition in web players

What's new in version 6.18 Build 5?

- Added support for Firefox 26 and SeaMonkey 2.21
- Fixed a bug when assembling video files with high bitrate
- Improved video recognition in Google Chrome

What's new in version 6.18 Builds 2-4?

- Redeveloped assembling of video files to improve compatibility
  with Windows Media player
- Improved video recognition in web players.
- Redeveloped assembling of video files to improve compatibility
  with some video players.
- Resolved compatibility issues with Google Chrome 30.
- Fixed downloading of groups of links for several
  file sharing sites.

What's new in version 6.18?

- Added support for High DPI settings.
- Added a feature to take over https downloads in Google Chrome.
- Added a feature to show download this video/audio panel
  for https videos in Google Chrome.
- Resolved problems with downloading videos from several sites.
- Fixed bugs.

What's new in version 6.17 Builds 1-11?

- Added support for Firefox 26 and SeaMonkey 2.21
- Resolved problems with downloading videos from several sites
- Fixed errors during file assembling, missing file errors,
  problems with non-playing videos, or videos without a sound
  when taking over downloading of videos in Google Chrome
- Resolved problems with Google Chrome extension
- Added support for Firefox 25 and SeaMonkey 2.20
- Resolved problems with downloading videos from several sites
- Changed Google Chrome extension
- Resolved problems with downloading videos from several sites
- Fixed a bug with high CPU loading
- Added support for new youtube changes
- Added support for Google Chrome 30
- Improved IE 11 integration (Windows 8.1)
- Added support for new youtube changes
- Added support for new types of video streaming sites
- Added support for Firefox 24 and SeaMonkey 2.19
- Added a workaround for youtube changes

What's new in version 6.16?

- Improved IDM download engine
- Fixed problems when downloading from dailymotion sites
- Fixed bugs

What's new in version 6.15 Builds 1-15?

- Resolved problems with downloading videos from the sites
  that play videos hosted on youtube
- Resolved problems with downloading of youtube videos
- Fixed a critical security bug
- Added support for Firefox 23 and SeaMonkey 2.18
- Fixed crash in 64-bit Mozilla Firefox integration module
- Added a workaround for youtube problems with separate
  audio and video streams
- Added support for Firefox 22 and SeaMonkey 2.17
- Added the feature to stop and save live stream broadcasts
- Fixed a critical bug with processing some types of redirects
- Resolved problems when displaying "Download progress" dialog tabs
  with large windows fonts
- Fixed a bug with the download progress bar showing
  download threads when resuming zip files
- Fixed a critical bug in download engine
- Added download panel for selected links in Chrome browser
- Added support for automatic proxy configuration scripts
  (used in services like premiumize.me and others)
- Fixed a critical bug in IE integration module
- Resolved downloading problems with several file sharing sites
- Changed "Minimize to tray" button style for Windows 8


Alle Zeitangaben in WEZ +1. Es ist jetzt 09:32 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131