| Windassel | 21.01.2015 22:16 |
Die 1. Datei:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015
Ran by Nicolas (administrator) on NIK on 21-01-2015 22:10:30
Running from C:\Users\Nicolas\Downloads
Loaded Profiles: Nicolas (Available profiles: Nicolas)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Fuyu LIMITED) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
() C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
(XTab system) C:\Program Files (x86)\XTab\ProtectService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Maxthon) C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
() C:\Users\Nicolas\AppData\Roaming\SoftwareUpdater\SUsrv.exe
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(McAfee, Inc.) C:\Program Files\mcafee\vul\McVulCtr.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Lenovo) C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe
(Pokki) C:\Users\Nicolas\AppData\Local\Pokki\Engine\HostAppServiceUpdater.exe
(Seekar Ltd) C:\Program Files (x86)\Ares\Ares.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Pokki) C:\Users\Nicolas\AppData\Local\Pokki\Engine\StartMenuIndexer.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Windows\WinStore\WSHost.exe
(Pokki) C:\Users\Nicolas\AppData\Local\Pokki\Engine\HostAppService.exe
(Pokki) C:\Users\Nicolas\AppData\Local\Pokki\Engine\HostAppService.exe
(Pokki) C:\Users\Nicolas\AppData\Local\Pokki\Engine\HostAppService.exe
(Pokki) C:\Users\Nicolas\AppData\Local\Pokki\Engine\HostAppService.exe
(Spotify Ltd) C:\Users\Nicolas\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
() C:\Program Files\WindowsApps\GAMELOFTSA.WorldatArms_2.2.0.17_x86__0pp20fcewvvtj\WAA.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
( ) C:\Program Files (x86)\Firefly Studios\Stronghold Crusader\Stronghold Crusader.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_257.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_257.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(WindSolutions) C:\Users\Nicolas\Downloads\CopyTransManagerDEv1.013\CopyTransManager.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-01-21] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286056 2013-09-24] (Intel Corporation)
HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [6340312 2013-09-02] (Realtek semiconductor)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-08-11] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2777840 2013-08-14] (Synaptics Incorporated)
HKLM\...\Run: [OnekeyStudio] => C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe [4196432 2012-09-14] (Lenovo)
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [15813616 2014-04-28] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80880 2014-04-28] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [179976 2013-08-26] (cyberlink)
HKLM-x32\...\Run: [mbot_de_409] => [X]
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-09-07] ( (Atheros Communications))
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-404188015-4282570589-3326894618-1001\...\Run: [Pokki] => "%LOCALAPPDATA%\Pokki\Engine\HostAppServiceUpdater.exe" /LOGON
HKU\S-1-5-21-404188015-4282570589-3326894618-1001\...\Run: [ares] => C:\Program Files (x86)\Ares\Ares.exe [2758656 2014-03-28] (Seekar Ltd)
HKU\S-1-5-21-404188015-4282570589-3326894618-1001\...\Run: [Spotify] => C:\Users\Nicolas\AppData\Roaming\Spotify\Spotify.exe [6737976 2015-01-14] (Spotify Ltd)
HKU\S-1-5-21-404188015-4282570589-3326894618-1001\...\Run: [Spotify Web Helper] => C:\Users\Nicolas\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2015-01-14] (Spotify Ltd)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1420822811&from=cvs4&uid=ST1000LM014-SSHD-8GB_W381H5A7XXXXW381H5A7&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1420822811&from=cvs4&uid=ST1000LM014-SSHD-8GB_W381H5A7XXXXW381H5A7&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1420822811&from=cvs4&uid=ST1000LM014-SSHD-8GB_W381H5A7XXXXW381H5A7
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1420822811&from=cvs4&uid=ST1000LM014-SSHD-8GB_W381H5A7XXXXW381H5A7
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1420822811&from=cvs4&uid=ST1000LM014-SSHD-8GB_W381H5A7XXXXW381H5A7&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1420822811&from=cvs4&uid=ST1000LM014-SSHD-8GB_W381H5A7XXXXW381H5A7&q={searchTerms}
HKU\S-1-5-21-404188015-4282570589-3326894618-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-404188015-4282570589-3326894618-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1420822811&from=cvs4&uid=ST1000LM014-SSHD-8GB_W381H5A7XXXXW381H5A7
HKU\S-1-5-21-404188015-4282570589-3326894618-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKU\S-1-5-21-404188015-4282570589-3326894618-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1420822811&from=cvs4&uid=ST1000LM014-SSHD-8GB_W381H5A7XXXXW381H5A7
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1420822811&from=cvs4&uid=ST1000LM014-SSHD-8GB_W381H5A7XXXXW381H5A7&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1420822811&from=cvs4&uid=ST1000LM014-SSHD-8GB_W381H5A7XXXXW381H5A7&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1420822811&from=cvs4&uid=ST1000LM014-SSHD-8GB_W381H5A7XXXXW381H5A7&q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1420822811&from=cvs4&uid=ST1000LM014-SSHD-8GB_W381H5A7XXXXW381H5A7&q={searchTerms}
SearchScopes: HKU\S-1-5-21-404188015-4282570589-3326894618-1001 -> DefaultScope {4262809C-151E-47ED-9E83-F9AEC7EF156A} URL = hxxp://go.web.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-404188015-4282570589-3326894618-1001 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3330130&octid=EB_ORIGINAL_CTID&ISID=M89D33711-B031-4EC8-A266-0F4715B840D0&SearchSource=58&CUI=&UM=8&UP=SP5FB60B70-A260-4A29-969A-6363488384AE&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-404188015-4282570589-3326894618-1001 -> {024F3B2D-EF6B-4FB5-922D-87BD80B5CD2F} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-404188015-4282570589-3326894618-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1420822811&from=cvs4&uid=ST1000LM014-SSHD-8GB_W381H5A7XXXXW381H5A7&q={searchTerms}
SearchScopes: HKU\S-1-5-21-404188015-4282570589-3326894618-1001 -> {4262809C-151E-47ED-9E83-F9AEC7EF156A} URL = hxxp://go.web.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-404188015-4282570589-3326894618-1001 -> {74C20080-DB3C-4E16-8EFF-E1CDC8BA10F3} URL = hxxp://go.mail.com/tb/en-us/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-404188015-4282570589-3326894618-1001 -> {7AF35162-871D-4377-86AD-33BDC761C626} URL = hxxp://go.gmx.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-404188015-4282570589-3326894618-1001 -> {CD83694A-99A7-41D2-A888-9A3AF44BB551} URL =
BHO: No Name -> {41524553-2D56-3700-76A7-7A786E7484D7} -> No File
BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\XTab\SupTab.dll (Thinknice Co. Limited)
Toolbar: HKU\S-1-5-21-404188015-4282570589-3326894618-1001 -> No Name - {C424171E-592A-415A-9EB1-DFD6D95D3530} - No File
Toolbar: HKU\S-1-5-21-404188015-4282570589-3326894618-1001 -> No Name - {41524553-5350-2D53-4154-7A786E7484D7} - No File
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Nicolas\AppData\Roaming\Mozilla\Firefox\Profiles\re7zp08y.default
FF DefaultSearchEngine: webssearches
FF SelectedSearchEngine: webssearches
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll (Nitro PDF)
FF user.js: detected! => C:\Users\Nicolas\AppData\Roaming\Mozilla\Firefox\Profiles\re7zp08y.default\user.js
FF SearchPlugin: C:\Users\Nicolas\AppData\Roaming\Mozilla\Firefox\Profiles\re7zp08y.default\searchplugins\trovi-search.xml
FF SearchPlugin: C:\Users\Nicolas\AppData\Roaming\Mozilla\Firefox\Profiles\re7zp08y.default\searchplugins\webssearches.xml
FF Extension: FF Toolbar - C:\Users\Nicolas\AppData\Roaming\Mozilla\Firefox\Profiles\re7zp08y.default\Extensions\fftoolbar2014@etech.com [2015-01-09]
FF Extension: jid0j253QhG0S1FBMdVUnCkPZnGZODYjetpack - C:\Users\Nicolas\AppData\Roaming\Mozilla\Firefox\Profiles\re7zp08y.default\Extensions\jid0-j253QhG0S1FBMdVUnCkPZnGZODY@jetpack [2015-01-17]
FF Extension: nishannaseergoogimagesearchgmailcom - C:\Users\Nicolas\AppData\Roaming\Mozilla\Firefox\Profiles\re7zp08y.default\Extensions\nishan.naseer.googimagesearch@gmail.com [2015-01-13]
FF Extension: Adblock Plus - C:\Users\Nicolas\AppData\Roaming\Mozilla\Firefox\Profiles\re7zp08y.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-01-21]
FF HKLM-x32\...\Firefox\Extensions: [fftoolbar2014@etech.com] - C:\Users\Nicolas\AppData\Roaming\Mozilla\Firefox\Profiles\re7zp08y.default\extensions\fftoolbar2014@etech.com
FF HKLM-x32\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\Nicolas\AppData\Roaming\Mozilla\Firefox\Profiles\re7zp08y.default\extensions\faststartff@gmail.com
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-04-28]
Chrome:
=======
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-09-07] (Windows (R) Win 7 DDK provider)
S2 CLKMSVC10_3A60B698; C:\Program Files (x86)\Lenovo\PowerDVD10\NavFilter\kmsvc.exe [243464 2013-08-26] (CyberLink)
R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2135232 2014-03-20] ()
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [14696 2013-09-24] (Intel Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 IHProtect Service; C:\Program Files (x86)\XTab\ProtectService.exe [158864 2014-12-29] (XTab system)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-04] (Intel Corporation)
R2 MaxthonUpdateSvc; C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe [1851192 2014-12-05] (Maxthon)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334608 2013-07-29] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [602944 2013-08-14] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-03-18] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-04-03] (McAfee, Inc.)
R2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [189912 2014-04-03] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2013-12-12] (Nitro PDF Software)
U2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-01-21] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16939296 2014-01-21] (NVIDIA Corporation)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
R2 serversu; C:\Users\Nicolas\AppData\Roaming\SoftwareUpdater\SUsrv.exe [429568 2015-01-09] () [File not signed]
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [338944 2013-08-11] (IDT, Inc.) [File not signed]
R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2014-04-28] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [473088 2015-01-09] (Fuyu LIMITED) [File not signed]
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-09-07] (Atheros) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-15] (Qualcomm Atheros Communications, Inc.)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-07] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-04-03] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R0 IntelHSWPcc; C:\Windows\System32\drivers\IntelPcc.sys [74344 2013-07-03] (Intel Corporation)
S3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-04] (Intel Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [177544 2014-04-03] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311856 2014-04-03] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69352 2014-04-03] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [522360 2014-04-03] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [784760 2014-04-03] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [441264 2014-03-18] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96592 2014-03-18] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [346760 2014-04-03] (McAfee, Inc.)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3344352 2013-07-08] (Intel Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8874712 2013-09-02] (Realtek Semiconductor Corp.)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-14] (Synaptics Incorporated)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
R1 ccnfd_1_10_0_6; system32\drivers\ccnfd_1_10_0_6.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-21 22:10 - 2015-01-21 22:11 - 00023939 _____ () C:\Users\Nicolas\Downloads\FRST.txt
2015-01-21 22:10 - 2015-01-21 22:10 - 00000000 ____D () C:\FRST
2015-01-21 22:09 - 2015-01-21 22:09 - 02126848 _____ (Farbar) C:\Users\Nicolas\Downloads\FRST64.exe
2015-01-21 22:06 - 2015-01-21 22:06 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-01-21 22:05 - 2015-01-21 22:05 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-01-21 22:02 - 2015-01-21 22:02 - 05240339 _____ () C:\Users\Nicolas\Desktop\CopyTransDriversInstallerDEv2.008.zip
2015-01-21 21:40 - 2015-01-21 21:40 - 00000000 ____D () C:\Users\Nicolas\Downloads\CopyTransManagerDEv1.013
2015-01-21 21:16 - 2015-01-21 21:16 - 09280316 _____ () C:\Users\Nicolas\Downloads\CopyTransManagerDEv1.013.zip
2015-01-21 21:15 - 2015-01-21 21:15 - 01191200 _____ () C:\Users\Nicolas\Downloads\CopyTrans Manager - CHIP-Installer.exe
2015-01-21 20:56 - 2015-01-21 20:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-01-21 13:41 - 2015-01-21 20:52 - 00000098 _____ () C:\Users\Nicolas\Downloads\German Top 100 Single Charts 12.01.2015.rar
2015-01-21 13:25 - 2015-01-21 13:25 - 00000000 ____D () C:\Users\Nicolas\Desktop\Vega-Kaos
2015-01-21 13:25 - 2015-01-21 13:25 - 00000000 ____D () C:\Users\Nicolas\Desktop\trail-crack-de
2015-01-21 13:24 - 2015-01-21 13:24 - 00000000 ____D () C:\Users\Nicolas\AppData\Local\WinZip
2015-01-21 12:40 - 2015-01-21 13:24 - 00000000 ____D () C:\ProgramData\WinZip
2015-01-21 12:40 - 2015-01-21 12:40 - 00002260 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2015-01-21 12:40 - 2015-01-21 12:40 - 00002254 _____ () C:\Users\Public\Desktop\WinZip.lnk
2015-01-21 12:40 - 2015-01-21 12:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2015-01-21 12:40 - 2015-01-21 12:40 - 00000000 ____D () C:\Program Files (x86)\WinZip
2015-01-21 12:32 - 2015-01-21 12:39 - 60529152 _____ () C:\Users\Nicolas\Downloads\wz190gev-32 (1).msi
2015-01-20 15:00 - 2015-01-20 15:34 - 106660839 _____ () C:\Users\Nicolas\Downloads\VK15.rar
2015-01-17 14:40 - 2015-01-17 14:40 - 00002274 _____ () C:\WINDOWS\System32\Tasks\TempTask634
2015-01-17 12:44 - 2015-01-17 13:35 - 153949354 _____ () C:\Users\Nicolas\Downloads\Trailerpark - Crackstreet Boys 3 (Deluxe Edition) (2014).rar
2015-01-14 14:46 - 2015-01-21 00:04 - 00000000 ____D () C:\Users\Nicolas\AppData\Roaming\Spotify
2015-01-14 14:46 - 2015-01-19 22:04 - 00000000 ____D () C:\Users\Nicolas\AppData\Local\Spotify
2015-01-14 14:46 - 2015-01-14 14:46 - 00001868 _____ () C:\Users\Nicolas\Desktop\Spotify.lnk
2015-01-14 14:46 - 2015-01-14 14:46 - 00001854 _____ () C:\Users\Nicolas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2015-01-14 14:45 - 2015-01-14 14:45 - 00137888 _____ (Spotify Ltd) C:\Users\Nicolas\Downloads\SpotifySetup.exe
2015-01-14 09:30 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-01-14 09:30 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-01-14 09:30 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-01-14 09:30 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-01-14 09:30 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-01-14 09:30 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-01-14 09:30 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-01-14 09:30 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-01-14 09:30 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-01-14 09:30 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-01-14 09:30 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-01-14 09:30 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-01-14 09:30 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-01-14 09:30 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-01-14 09:30 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-01-14 09:30 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2015-01-14 09:30 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2015-01-14 09:30 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-01-14 09:30 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-01-14 09:30 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-01-14 09:30 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-01-14 09:30 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2015-01-14 09:30 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2015-01-14 09:30 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-01-14 09:30 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-01-14 09:30 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-01-14 09:30 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-01-14 09:30 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2015-01-14 09:30 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2015-01-14 09:30 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-01-14 09:30 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2015-01-13 22:48 - 2015-01-13 22:48 - 05013680 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2015-01-13 11:19 - 2015-01-13 11:19 - 00000000 ____D () C:\Program Files (x86)\predm
2015-01-13 11:15 - 2015-01-20 09:34 - 00000000 ____D () C:\ProgramData\e4756bc000002724
2015-01-11 14:40 - 2015-01-21 14:40 - 00004518 _____ () C:\WINDOWS\Tasks\1b0083fe-d782-46a3-b76e-ea8592c4aaf2-4.job
2015-01-11 14:40 - 2015-01-11 14:40 - 00007522 _____ () C:\WINDOWS\System32\Tasks\1b0083fe-d782-46a3-b76e-ea8592c4aaf2-4
2015-01-09 18:02 - 2015-01-09 18:07 - 00000000 ____D () C:\Users\Nicolas\AppData\Roaming\SoftwareUpdater
2015-01-09 18:01 - 2015-01-09 18:01 - 00000000 ____D () C:\ProgramData\IHProtectUpDate
2015-01-09 18:01 - 2015-01-09 18:01 - 00000000 ____D () C:\Program Files (x86)\XTab
2015-01-09 18:00 - 2015-01-09 18:00 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2015-01-09 17:59 - 2015-01-16 23:33 - 00000000 ____D () C:\Program Files (x86)\Flwsrf
2015-01-09 17:59 - 2015-01-16 23:28 - 00004544 _____ () C:\WINDOWS\SysWOW64\abengine.ini
2015-01-09 17:59 - 2015-01-16 23:28 - 00002424 _____ () C:\WINDOWS\SysWOW64\abengineOff.ini
2015-01-09 17:59 - 2015-01-16 23:28 - 00002424 _____ () C:\WINDOWS\system32\abengineOff.ini
2015-01-09 17:59 - 2015-01-09 17:59 - 00003090 _____ () C:\WINDOWS\System32\Tasks\upfs7235
2015-01-09 17:59 - 2014-12-05 00:09 - 00370880 _____ (Abengine) C:\WINDOWS\system32\abengine64.dll.rlwrgkr
2015-01-09 17:59 - 2014-12-05 00:09 - 00324592 _____ (Abengine) C:\WINDOWS\SysWOW64\abengine.dll.rlwrgkr
2015-01-09 17:58 - 2015-01-13 14:45 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2015-01-09 17:58 - 2015-01-09 18:28 - 00003398 _____ () C:\WINDOWS\System32\Tasks\temp_a2e827d0-75a4-4b2c-9f1e-3062558f44fc-2
2015-01-09 17:58 - 2015-01-09 17:58 - 00000000 ____D () C:\Users\Nicolas\AppData\Local\globalUpdate
2015-01-09 17:57 - 2015-01-09 17:57 - 00294176 _____ () C:\Users\Nicolas\Downloads\Rammstein Greatest Hits (2CD) (2012)_10924_i13383619_il345.exe
2014-12-24 21:50 - 2014-12-24 21:50 - 00000000 ____D () C:\Users\Nicolas\Desktop\ccn2
2014-12-24 21:45 - 2014-12-24 21:46 - 60529152 _____ () C:\Users\Nicolas\Downloads\wz190gev-32(1).msi
2014-12-24 17:26 - 2014-12-24 18:04 - 116337117 _____ () C:\Users\Nicolas\Downloads\BSSBCCN2.rar
2014-12-22 19:19 - 2014-12-22 20:52 - 254285976 _____ () C:\Users\Nicolas\Downloads\DHDSdFH M T - UTC.part1.rar.part
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-21 22:07 - 2014-05-22 16:17 - 00000000 ____D () C:\Users\Nicolas\AppData\Local\Pokki
2015-01-21 22:06 - 2014-05-22 17:04 - 00000000 ____D () C:\Users\Nicolas\AppData\Roaming\WindSolutions
2015-01-21 22:05 - 2014-05-22 17:10 - 00000000 ____D () C:\ProgramData\Apple
2015-01-21 22:04 - 2014-04-28 16:28 - 01099973 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-21 22:03 - 2014-05-22 17:04 - 00000000 ____D () C:\ProgramData\WindSolutions
2015-01-21 22:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-01-21 21:48 - 2014-05-22 16:58 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-01-21 21:25 - 2014-05-22 16:23 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-404188015-4282570589-3326894618-1001
2015-01-21 21:13 - 2014-05-26 13:29 - 00000000 ____D () C:\Users\Nicolas\AppData\Local\CrashDumps
2015-01-21 21:08 - 2013-08-22 15:46 - 00037059 _____ () C:\WINDOWS\setupact.log
2015-01-21 20:56 - 2014-04-28 17:57 - 00001871 _____ () C:\Users\Public\Desktop\McAfee LiveSafe – Internet Security.lnk
2015-01-21 17:48 - 2014-05-22 17:00 - 00003918 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B91DB306-DC3C-4964-AE8F-CA45B02BBF28}
2015-01-21 12:40 - 2014-05-22 16:17 - 00000000 ____D () C:\Users\Nicolas
2015-01-21 12:01 - 2014-05-22 17:11 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2015-01-21 11:51 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-01-21 11:42 - 2014-05-22 16:46 - 00000000 ____D () C:\Users\Nicolas\AppData\Roaming\vlc
2015-01-18 12:30 - 2014-05-22 16:20 - 00000000 ___DO () C:\Users\Nicolas\OneDrive
2015-01-16 19:14 - 2014-05-25 14:53 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-16 19:09 - 2014-05-25 14:53 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-01-16 18:48 - 2014-05-22 17:19 - 00000000 ____D () C:\Users\Nicolas\AppData\Roaming\Nitro PDF
2015-01-16 18:43 - 2014-04-29 02:13 - 00766620 _____ () C:\WINDOWS\system32\perfh007.dat
2015-01-16 18:43 - 2014-04-29 02:13 - 00159902 _____ () C:\WINDOWS\system32\perfc007.dat
2015-01-16 18:43 - 2013-10-07 19:27 - 01780340 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-01-16 18:37 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-16 18:35 - 2014-04-28 18:02 - 00006656 _____ () C:\WINDOWS\system32\VfService.trf
2015-01-16 18:35 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-01-16 18:32 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-01-16 18:31 - 2014-09-27 20:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-16 18:31 - 2014-05-25 12:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-16 18:31 - 2013-10-07 19:23 - 00029660 _____ () C:\WINDOWS\PFRO.log
2015-01-14 15:29 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\LiveKernelReports
2015-01-14 15:23 - 2014-05-22 16:18 - 00000000 ____D () C:\Users\Nicolas\AppData\Local\Packages
2015-01-14 14:43 - 2014-05-25 12:56 - 00001182 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-14 14:43 - 2014-05-25 12:56 - 00001170 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-01-14 14:43 - 2014-05-22 16:18 - 00001461 _____ () C:\Users\Nicolas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-14 09:37 - 2013-08-22 16:20 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-01-13 22:48 - 2014-05-22 16:58 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-01-09 18:26 - 2014-05-22 16:39 - 00002337 _____ () C:\Users\Nicolas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
2015-01-06 01:08 - 2013-08-22 16:38 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-01-06 01:08 - 2013-08-22 16:38 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-03 13:50 - 2014-07-05 16:55 - 00000000 ____D () C:\Users\Nicolas\Desktop\Filme
2014-12-29 14:20 - 2014-04-28 18:03 - 00000000 ____D () C:\ProgramData\Energy Manager
==================== Files in the root of some directories =======
2014-04-28 17:16 - 2014-04-28 17:16 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Some content of TEMP:
====================
C:\Users\Nicolas\AppData\Local\Temp\1_flashplayer.exe
C:\Users\Nicolas\AppData\Local\Temp\416283.exe.exe
C:\Users\Nicolas\AppData\Local\Temp\bjcabfbbbbf.exe
C:\Users\Nicolas\AppData\Local\Temp\bjcabfcjeg.exe
C:\Users\Nicolas\AppData\Local\Temp\CloudBackup6263.exe
C:\Users\Nicolas\AppData\Local\Temp\ochelper.dll
C:\Users\Nicolas\AppData\Local\Temp\ochelper.exe
C:\Users\Nicolas\AppData\Local\Temp\oct67EE.tmp.exe
C:\Users\Nicolas\AppData\Local\Temp\octB3EA.tmp.exe
C:\Users\Nicolas\AppData\Local\Temp\octCC1B.tmp.exe
C:\Users\Nicolas\AppData\Local\Temp\octF50F.tmp.exe
C:\Users\Nicolas\AppData\Local\Temp\optprosetup.exe
C:\Users\Nicolas\AppData\Local\Temp\Rammstein Greatest Hits (2CD) (2012)__10924_i1443442454_il1632860.exe
C:\Users\Nicolas\AppData\Local\Temp\setup.exe
C:\Users\Nicolas\AppData\Local\Temp\SpOrder.dll
C:\Users\Nicolas\AppData\Local\Temp\WEB.DE_Toolbar_IE_Setup.exe
C:\Users\Nicolas\AppData\Local\Temp\webde_onlinespeicher_setup_a201412.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-16 19:08
==================== End Of Log ============================
--- --- ---
Die 2. Datei: Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-01-2015
Ran by Nicolas at 2015-01-21 22:11:42
Running from C:\Users\Nicolas\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: McAfee Anti-Virus und Anti-Spyware (Disabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus und Anti-Spyware (Disabled - Out of date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Disabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Age of Empires III - The WarChiefs (HKLM-x32\...\InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III - The WarChiefs (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden
Age of Empires III (HKLM-x32\...\InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 20.2.1245.53580 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 20.2.1245.53580 - Alcor Micro Corp.) Hidden
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Ares 2.2.8 (HKLM-x32\...\Ares) (Version: 2.2.8-Build#3052 - Seekar Ltd)
Benutzerhandbücher (x32 Version: 3.0.0.3 - Lenovo) Hidden
Canon MP560 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP560_series) (Version: - )
Cheat Engine 6.3 (HKLM-x32\...\Cheat Engine 6.3_is1) (Version: - Cheat Engine)
Comodo Dragon (HKLM-x32\...\Comodo Dragon) (Version: 31.1.2.0 - COMODO)
CyberLink MediaStory (HKLM-x32\...\InstallShield_{55762F9A-FCE3-45d5-817B-051218658423}) (Version: 1.0.1314 - CyberLink Corp.)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4107 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.3.2.2 - Dolby Laboratories Inc)
Energy Manager (HKLM-x32\...\InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.0.0.31 - Lenovo)
Energy Manager (x32 Version: 1.0.0.31 - Lenovo) Hidden
Facebook (HKU\S-1-5-21-404188015-4282570589-3326894618-1001\...\Pokki_a65116cdc0b4377bed428e280c19949d56248d11) (Version: 1.1.4 - Pokki)
Free YouTube to MP3 Converter version 3.12.41.623 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.41.623 - DVDVideoSoft Ltd.)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Host App Service (HKU\S-1-5-21-404188015-4282570589-3326894618-1001\...\Pokki) (Version: 0.269.5.367 - Pokki)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6490.0 - IDT)
Intel Collaborative Processor Performance Control (HKLM-x32\...\0E7DAF70-FB54-4B91-B192-7E771C25AEEB) (Version: 1.0.0.1013 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3316 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.5.1000 - Intel Corporation)
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10245 - Realtek Semiconductor Corp.)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.2105 - CyberLink Corp.) Hidden
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.7 - CEWE COLOR AG u Co. OHG)
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5630.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.5630.52 - CyberLink Corp.) Hidden
Lenovo VeriFace (HKLM\...\Lenovo VeriFace) (Version: 5.0.13.5261 - Lenovo)
Lenovo Web Start (HKU\S-1-5-21-404188015-4282570589-3326894618-1001\...\Pokki_04bb6df446330549a2cb8d67fbd1a745025b7bd1) (Version: 1.0.2.53457 - Pokki)
Maxthon Cloud Browser (HKLM-x32\...\Maxthon3) (Version: 4.1.3.5000 - Maxthon International Limited)
McAfee LiveSafe – Internet Security (HKLM-x32\...\MSC) (Version: 12.8.958 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Firefox 35.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0 (x86 de)) (Version: 35.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
Nitro Pro 9 (HKLM\...\{4C32F7E8-A65F-4D3C-9153-9F3B57CB6872}) (Version: 9.0.5.9 - Nitro)
NVIDIA GeForce Experience 1.8.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.2 - NVIDIA Corporation)
NVIDIA Grafiktreiber 332.76 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 332.76 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.0927 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0927 - NVIDIA Corporation)
NVIDIA Virtual Audio 1.2.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.20 - NVIDIA Corporation)
Onekey Theater (HKLM-x32\...\{91CC5BAE-A098-40D3-A43B-C0DC7CE263FE}) (Version: 3.0.1.2 - Lenovo)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.10525 - CyberLink Corp.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.305 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Qualcomm Atheros Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.)
SHIELD Streaming (Version: 1.7.306 - NVIDIA Corporation) Hidden
Software Updater (HKLM-x32\...\SoftwareUpdater) (Version: 1.0.0.0 - Software Updater Ltd)
Spotify (HKU\S-1-5-21-404188015-4282570589-3326894618-1001\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
Start Menu (HKU\S-1-5-21-404188015-4282570589-3326894618-1001\...\Pokki_Start_Menu) (Version: 0.269.5.367 - Pokki)
Stronghold Crusader Extreme (HKLM-x32\...\{8C3727F2-8E37-49E4-820C-03B1677F53B6}) (Version: 1.20.0000 - Firefly Studios)
Stronghold Legends (HKLM-x32\...\{66A405D2-BA14-4594-BF36-B3B544F0754E}) (Version: 1.20.0000 - Firefly Studios)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.9.1 - Synaptics Incorporated)
User Manuals (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 3.0.0.3 - Lenovo)
VLC media player 2.1.2 (HKLM\...\VLC media player) (Version: 2.1.2 - VideoLAN)
Windows-Treiberpaket - Lenovo (ACPIVPC) System (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo)
Windows-Treiberpaket - Lenovo (WUDFRd) LenovoVhid (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)
WinZip 19.0 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E4}) (Version: 19.0.11293 - WinZip Computing, S.L. )
YouTube for Pokki (HKU\S-1-5-21-404188015-4282570589-3326894618-1001\...\Pokki_d25e316a7812ebb3c4f8e18291ce53ba535b8659) (Version: 1.0.10.1 - Pokki)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
24-12-2014 21:39:37 WinZip 19.0 wird entfernt
10-01-2015 05:49:37 Geplanter Prüfpunkt
13-01-2015 11:20:41 Uniblue SpeedUpMyPC installation
16-01-2015 19:08:24 Windows Update
21-01-2015 11:58:35 Removed iTunes
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {374AA51C-28B7-4BF8-B484-F2C5FD4E6376} - System32\Tasks\Maxthon Update => C:\Program Files (x86)\Maxthon\Bin\mxup.exe [2013-10-14] (Maxthon International ltd.)
Task: {5C8D6659-F03D-4672-A138-A563D43AC19D} - System32\Tasks\OFFICE2013ACT => C:\ProgramData\Office2013\OFFICEICON.vbs [2013-06-03] ()
Task: {5D25044E-1981-499F-BC6F-65A32A33FB3A} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-01-16] (Microsoft Corporation)
Task: {6D752277-EA4A-42C2-806D-E103080F4340} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-13] (Adobe Systems Incorporated)
Task: {794031E7-5FF3-4FD3-8E38-EEFAE9ACB60B} - System32\Tasks\1b0083fe-d782-46a3-b76e-ea8592c4aaf2-4 => C:\Program Files (x86)\CinemaHd For Pro 2.4cV11.01\1b0083fe-d782-46a3-b76e-ea8592c4aaf2-4.exe <==== ATTENTION
Task: {A15BE587-BBB5-4AB6-8BB4-EEF7B2A5C07F} - System32\Tasks\TempTask634 => Firefox.exe
Task: {D8D76932-F779-4D80-A8F1-666659274016} - System32\Tasks\upfs7235 => C:\PROGRA~2\Flwsrf\upfs7235.exe
Task: {DA3F6755-9A97-4E84-942D-3265F606C4C7} - System32\Tasks\PDVDServ Task => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE [2013-03-08] (CyberLink Corp.)
Task: {E99E1F42-C623-4C17-9861-D27B5DD24AB5} - System32\Tasks\temp_a2e827d0-75a4-4b2c-9f1e-3062558f44fc-2 => C:\Users\Nicolas\AppData\Local\Temp\nsn6783.tmp\a2e827d0-75a4-4b2c-9f1e-3062558f44fc-2.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\1b0083fe-d782-46a3-b76e-ea8592c4aaf2-4.job => C:\Program Files (x86)\CinemaHd For Pro 2.4cV11.01\1b0083fe-d782-46a3-b76e-ea8592c4aaf2-4.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2014-03-20 16:51 - 2014-03-20 16:51 - 02135232 _____ () C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
2014-04-28 17:58 - 2012-04-24 11:43 - 00390632 ____N () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2015-01-09 18:02 - 2015-01-09 18:02 - 00429568 _____ () C:\Users\Nicolas\AppData\Roaming\SoftwareUpdater\SUsrv.exe
2014-04-28 18:02 - 2014-04-28 18:02 - 00068368 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
2014-04-28 18:02 - 2014-04-28 18:02 - 00669288 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfDataStorageInterface.dll
2014-04-28 17:12 - 2014-03-04 18:10 - 00117536 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-09-07 00:48 - 2013-09-07 00:48 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-09-07 00:45 - 2013-09-07 00:45 - 00086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2013-09-07 00:52 - 2013-09-07 00:52 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2015-01-14 15:05 - 2015-01-14 15:08 - 14244352 _____ () C:\Program Files\WindowsApps\GAMELOFTSA.WorldatArms_2.2.0.17_x86__0pp20fcewvvtj\WAA.exe
2014-04-28 17:14 - 2013-09-04 00:53 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-12-31 23:52 - 2014-12-31 23:52 - 00569856 _____ () C:\Users\Nicolas\AppData\Local\Pokki\Engine\ppGoogleNaClPluginChrome.dll
2014-12-31 23:52 - 2014-12-31 23:52 - 01400846 _____ () C:\Users\Nicolas\AppData\Local\Pokki\Engine\avcodec-54.dll
2014-12-31 23:52 - 2014-12-31 23:52 - 00151054 _____ () C:\Users\Nicolas\AppData\Local\Pokki\Engine\avutil-51.dll
2014-12-31 23:52 - 2014-12-31 23:52 - 00222734 _____ () C:\Users\Nicolas\AppData\Local\Pokki\Engine\avformat-54.dll
2014-12-31 23:52 - 2014-12-31 23:52 - 00716288 _____ () C:\Users\Nicolas\AppData\Local\Pokki\Engine\libglesv2.dll
2014-12-31 23:52 - 2014-12-31 23:52 - 00130048 _____ () C:\Users\Nicolas\AppData\Local\Pokki\Engine\libegl.dll
2015-01-14 15:05 - 2015-01-14 15:08 - 00040960 _____ () C:\Program Files\WindowsApps\GAMELOFTSA.WorldatArms_2.2.0.17_x86__0pp20fcewvvtj\IGPLib_Windows_8.dll
2014-10-24 15:07 - 2014-10-24 15:07 - 00228864 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Foundation\f7e726805e56676bd7b8662a3d842b0e\Windows.Foundation.ni.dll
2014-10-24 15:07 - 2014-10-24 15:07 - 00960000 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.UI\6c2169e34bfb3814fa44f267572335f6\Windows.UI.ni.dll
2014-10-24 15:07 - 2014-10-24 15:07 - 01130496 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.App640a3541#\6e37f358bf8363dad51e2333292d61a9\Windows.ApplicationModel.ni.dll
2015-01-16 19:16 - 2015-01-16 19:16 - 00164864 _____ () C:\Users\Nicolas\AppData\Local\Packages\gameloftsa.worldatarms_0pp20fcewvvtj\AC\Microsoft\CLR_v4.0_32\NativeImages\IGPBridgeLibrary\010b0881ddcea5428643f0749def744e\IGPBridgeLibrary.ni.dll
2014-10-24 15:07 - 2014-10-24 15:07 - 03530752 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.UI.Xaml\90a4331ab5b5bb3ead23d75d4349a491\Windows.UI.Xaml.ni.dll
2015-01-16 19:43 - 2015-01-16 19:43 - 00263680 _____ () C:\Users\Nicolas\AppData\Local\Packages\gameloftsa.worldatarms_0pp20fcewvvtj\AC\Microsoft\CLR_v4.0_32\NativeImages\IGPWindows8\38b55645461cc84c2b53c7d83a1f4ca4\IGPWindows8.ni.dll
2014-10-24 15:07 - 2014-10-24 15:07 - 00337920 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Data\fe565d34d4335337c06264bb0d85e3b0\Windows.Data.ni.dll
2014-10-24 15:07 - 2014-10-24 15:07 - 00808448 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Storage\f0a2c10499402eff632a7a7df0b4afef\Windows.Storage.ni.dll
2014-10-24 15:07 - 2014-10-24 15:07 - 00402432 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Security\ade4f25e9d8384f190ede9eb090281cb\Windows.Security.ni.dll
2014-10-24 15:07 - 2014-10-24 15:07 - 00133120 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.System\7819e306c2c55c42f35a5fa10b93710f\Windows.System.ni.dll
2015-01-16 19:43 - 2015-01-16 19:43 - 00030720 _____ () C:\Users\Nicolas\AppData\Local\Packages\gameloftsa.worldatarms_0pp20fcewvvtj\AC\Microsoft\CLR_v4.0_32\NativeImages\PopUpsBridgeLibrary\d33379597c1fc1ffc38ec997f0a6c7ea\PopUpsBridgeLibrary.ni.dll
2015-01-16 19:43 - 2015-01-16 19:43 - 00045568 _____ () C:\Users\Nicolas\AppData\Local\Packages\gameloftsa.worldatarms_0pp20fcewvvtj\AC\Microsoft\CLR_v4.0_32\NativeImages\PopUpsView\8e24d893965d8b3390b81083503e3464\PopUpsView.ni.dll
2015-01-16 19:43 - 2015-01-16 19:43 - 00083456 _____ () C:\Users\Nicolas\AppData\Local\Packages\gameloftsa.worldatarms_0pp20fcewvvtj\AC\Microsoft\CLR_v4.0_32\NativeImages\InGameBrowserLibrary\2c89e8c9420d42ab16f0abd9304f1345\InGameBrowserLibrary.ni.dll
2015-01-16 19:43 - 2015-01-16 19:43 - 00329728 _____ () C:\Users\Nicolas\AppData\Local\Packages\gameloftsa.worldatarms_0pp20fcewvvtj\AC\Microsoft\CLR_v4.0_32\NativeImages\FacebookRun67b5d43e#\b70f20fb32cd74153c5020a3e42fb1f9\FacebookRuntimeComponent.ni.dll
2014-10-02 00:39 - 2014-10-02 00:39 - 01282048 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Devices\bf5509cf3a0d2e3afbd0c33e9153ecbd\Windows.Devices.ni.dll
2014-10-02 00:39 - 2014-10-02 00:39 - 00304128 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Graphics\4e33edd5ee2ee09f751c0071ba0a26c3\Windows.Graphics.ni.dll
2015-01-16 19:43 - 2015-01-16 19:43 - 00072704 _____ () C:\Users\Nicolas\AppData\Local\Packages\gameloftsa.worldatarms_0pp20fcewvvtj\AC\Microsoft\CLR_v4.0_32\NativeImages\WAA\87fdfbd363f0064140cd2b9c06db22d9\WAA.ni.dll
2015-01-16 19:43 - 2015-01-16 19:43 - 00426496 _____ () C:\Users\Nicolas\AppData\Local\Packages\gameloftsa.worldatarms_0pp20fcewvvtj\AC\Microsoft\CLR_v4.0_32\NativeImages\Notificatioc5a47191#\d3fc14be18a5f458aab60c74789b8514\NotificationsExtensions.ni.dll
2015-01-16 19:09 - 2015-01-16 19:09 - 00869888 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Web\e80741874129b38ff4bc85abedf8e4a2\Windows.Web.ni.dll
2013-08-30 15:58 - 2013-08-30 15:58 - 13646184 _____ () C:\Program Files (x86)\Lenovo\PowerDVD10\Skins\BlackSatin.dll
2013-08-26 09:03 - 2013-08-26 09:03 - 00696072 ____N () C:\Program Files (x86)\Lenovo\PowerDVD10\2cMovie.dll
2013-08-26 09:03 - 2013-08-26 09:03 - 00159496 ____N () C:\Program Files (x86)\Lenovo\PowerDVD10\CLVistaAudioMixer.dll
2013-08-26 09:03 - 2013-08-26 09:03 - 00159496 _____ () C:\Program Files (x86)\Lenovo\PowerDVD10\AudioFilter\CLVistaAudioMixer.dll
2013-08-26 09:03 - 2013-08-26 09:03 - 00057096 ____N () C:\Program Files (x86)\Lenovo\PowerDVD10\DKA.dll
2013-08-26 09:03 - 2013-08-26 09:03 - 01420424 ____N () C:\Program Files (x86)\Lenovo\PowerDVD10\fdtr.dll
2014-05-27 21:21 - 2001-11-07 13:53 - 00310835 _____ () C:\Program Files (x86)\Firefly Studios\Stronghold Crusader\binkw32.dll
2014-05-27 21:21 - 2001-10-16 14:55 - 00348160 _____ () C:\Program Files (x86)\Firefly Studios\Stronghold Crusader\mss32.dll
2014-09-27 20:33 - 2015-01-14 16:13 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 00237352 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\Nicolas\OneDrive:ms-properties
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run32: => "MailCheck IE Broker"
========================= Accounts: ==========================
Administrator (S-1-5-21-404188015-4282570589-3326894618-500 - Administrator - Disabled)
Gast (S-1-5-21-404188015-4282570589-3326894618-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-404188015-4282570589-3326894618-1003 - Limited - Enabled)
Nicolas (S-1-5-21-404188015-4282570589-3326894618-1001 - Administrator - Enabled) => C:\Users\Nicolas
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (01/21/2015 09:13:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Stronghold Crusader.exe, Version: 1.0.0.1, Zeitstempel: 0x4a66f6ce
Name des fehlerhaften Moduls: Wpc.dll_unloaded, Version: 6.3.9600.17236, Zeitstempel: 0x53c4e04b
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0014a78c
ID des fehlerhaften Prozesses: 0x1e8c
Startzeit der fehlerhaften Anwendung: 0xStronghold Crusader.exe0
Pfad der fehlerhaften Anwendung: Stronghold Crusader.exe1
Pfad des fehlerhaften Moduls: Stronghold Crusader.exe2
Berichtskennung: Stronghold Crusader.exe3
Vollständiger Name des fehlerhaften Pakets: Stronghold Crusader.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Stronghold Crusader.exe5
Error: (01/21/2015 09:01:54 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT-AUTORITÄT)
Description: There was an error with the Windows Location Provider database
Error: (01/21/2015 11:54:57 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: accept: 10022 (Ein ungültiges Argument wurde angegeben.)
Error: (01/21/2015 11:54:57 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: accept: 10022 (Ein ungültiges Argument wurde angegeben.)
Error: (01/21/2015 11:54:52 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: accept: 10022 (Ein ungültiges Argument wurde angegeben.)
Error: (01/21/2015 11:41:27 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 33969921
Error: (01/21/2015 11:41:27 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 33969921
Error: (01/21/2015 11:41:27 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (01/20/2015 02:51:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12455781
Error: (01/20/2015 02:51:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12455781
System errors:
=============
Error: (01/21/2015 00:32:37 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40. Der Windows-SChannel-Fehlerstatus lautet: 252.
Error: (01/21/2015 00:32:37 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40. Der Windows-SChannel-Fehlerstatus lautet: 252.
Error: (01/21/2015 00:22:18 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40. Der Windows-SChannel-Fehlerstatus lautet: 252.
Error: (01/21/2015 00:22:18 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40. Der Windows-SChannel-Fehlerstatus lautet: 252.
Error: (01/18/2015 00:29:53 PM) (Source: DCOM) (EventID: 10010) (User: NIK)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}
Error: (01/18/2015 08:24:53 AM) (Source: DCOM) (EventID: 10010) (User: NIK)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}
Error: (01/18/2015 08:24:53 AM) (Source: DCOM) (EventID: 10010) (User: NIK)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}
Error: (01/18/2015 08:24:53 AM) (Source: DCOM) (EventID: 10010) (User: NIK)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}
Error: (01/18/2015 08:24:53 AM) (Source: DCOM) (EventID: 10010) (User: NIK)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}
Error: (01/18/2015 08:24:53 AM) (Source: DCOM) (EventID: 10010) (User: NIK)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}
Microsoft Office Sessions:
=========================
Error: (01/21/2015 09:13:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Stronghold Crusader.exe1.0.0.14a66f6ceWpc.dll_unloaded6.3.9600.1723653c4e04bc00000050014a78c1e8c01d035b6c4135f97C:\Program Files (x86)\Firefly Studios\Stronghold Crusader\Stronghold Crusader.exeWpc.dll02aafa1e-a1aa-11e4-826c-28e347e7c9ab
Error: (01/21/2015 09:01:54 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT-AUTORITÄT)
Description: -2147024883
Error: (01/21/2015 11:54:57 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: accept: 10022 (Ein ungültiges Argument wurde angegeben.)
Error: (01/21/2015 11:54:57 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: accept: 10022 (Ein ungültiges Argument wurde angegeben.)
Error: (01/21/2015 11:54:52 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: accept: 10022 (Ein ungültiges Argument wurde angegeben.)
Error: (01/21/2015 11:41:27 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 33969921
Error: (01/21/2015 11:41:27 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 33969921
Error: (01/21/2015 11:41:27 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (01/20/2015 02:51:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12455781
Error: (01/20/2015 02:51:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12455781
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-4700MQ CPU @ 2.40GHz
Percentage of memory in use: 30%
Total physical RAM: 16308.27 MB
Available physical RAM: 11368.46 MB
Total Pagefile: 18740.27 MB
Available Pagefile: 12941.93 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB
==================== Drives ================================
Drive c: (Windows8_OS) (Fixed) (Total:889.67 GB) (Free:327.75 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.63 GB) NTFS
Drive e: (BAD_NEIGHBOURS_G51) (CDROM) (Total:39.44 GB) (Free:0 GB) UDF
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: D3823EA5)
Partition: GPT Partition Type.
==================== End Of Log ============================
Danke sehr, dass du uns hilfst. :) |
FRST 32-Bit | FRST 64-Bit
Malwarebytes Anti-Malware 
AdwCleaner auf deinen Desktop.
