Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Malware Befall, Öffnung von Tabs mit Werbung (https://www.trojaner-board.de/164458-malware-befall-offnung-tabs-werbung.html)

Antrox 25.02.2015 15:38
Malware Befall, Öffnung von Tabs mit Werbung
 
Hallo,

Ich habe ein Problem mit der Seite Rdsrv-com.
Wenn ich am Googlen bin und auf bestimmte seiten gehe wie Dmax-de dann
kann ich nichts mehr anklicken und muss dann ein Doppelklick ausführen das ich überhaupt was machen kann,
nach dem Doppelklick öffnet sich ein neuer Tab mit der Seite Rdsrv-com die leitet mich aber auf Werbeseiten um. AVG hat beim Suchlauf nichts gefunden, dann habe Ich Kaspersky rescue disk gestartet und etwas gefunden was ich auch gleich in Quarantäne geschickt habe.
Ich habe die Browser: Google Chrome, Firefox und Internet Explorer auf dem PC und alle sind befallen. Ich glaube es ist eine Malware ich hoffe Sie können mir weiterhelfen.

schrauber 25.02.2015 15:44
hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


Antrox 25.02.2015 15:51

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-02-2015 01
Ran by Hambu_000 (administrator) on FLO on 25-02-2015 15:47:51
Running from C:\Users\Hambu_000\Downloads
Loaded Profiles: Hambu_000 (Available profiles: Hambu_000)
Platform: Windows 8.1 Pro (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(DTS) C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
() C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
() C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
(Razer, Inc.) C:\Users\Hambu_000\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe
(TeamSpeak Systems GmbH) C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585744 2015-01-16] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-19] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3667472 2014-12-18] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vmware-tray.exe] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [112856 2014-04-14] (VMware, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585536 2015-01-06] (Razer Inc.)
HKU\S-1-5-21-2088537837-413021123-565316019-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-2088537837-413021123-565316019-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22058080 2014-10-01] (Skype Technologies S.A.)
HKU\S-1-5-21-2088537837-413021123-565316019-1001\...\Run: [EADM] => D:\Origin\Origin.exe [3619160 2015-02-01] (Electronic Arts)
HKU\S-1-5-21-2088537837-413021123-565316019-1001\...\Run: [GoogleChromeAutoLaunch_D1EF6F3B51D0D08552EA818CAB33B365] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [898376 2015-02-18] (Google Inc.)
HKU\S-1-5-21-2088537837-413021123-565316019-1001\...\MountPoints2: {42e3c0e1-ac8e-11e4-8281-c8600089ef5f} - "E:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-2088537837-413021123-565316019-1001\...\MountPoints2: {8e2549c7-72f5-11e4-8267-c8600089ef5f} - "E:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-2088537837-413021123-565316019-1001\...\MountPoints2: {8e2549dc-72f5-11e4-8267-c8600089ef5f} - "E:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-2088537837-413021123-565316019-1001\...\MountPoints2: {f28296f1-64b1-11e4-825a-c8600089ef5f} - "E:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-2088537837-413021123-565316019-1001\...\MountPoints2: {f2829718-64b1-11e4-825a-c8600089ef5f} - "E:\HTC_Sync_Manager_PC.exe"
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2088537837-413021123-565316019-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/search?FORM=INCOH1&PC=IC02
HKU\S-1-5-21-2088537837-413021123-565316019-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
SearchScopes: HKLM -> {39118170-7B07-4BC5-8B47-C62B1DC1DC99} URL = hxxp://www.bing.com/search?FORM=INCOH1&PC=IC02&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2088537837-413021123-565316019-1001 -> {39118170-7B07-4BC5-8B47-C62B1DC1DC99} URL = hxxp://www.bing.com/search?FORM=INCOH1&PC=IC02&q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Hambu_000\AppData\Roaming\Mozilla\Firefox\Profiles\vck1ypx5.default
FF SelectedSearchEngine: Bing
FF Homepage: https://www.google.de/?gws_rd=ssl
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKU\S-1-5-21-2088537837-413021123-565316019-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Extension: MEGA - C:\Users\Hambu_000\AppData\Roaming\Mozilla\Firefox\Profiles\vck1ypx5.default\Extensions\firefox@mega.co.nz.xpi [2014-12-25]
FF Extension: Adblock Plus - C:\Users\Hambu_000\AppData\Roaming\Mozilla\Firefox\Profiles\vck1ypx5.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-10-15]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.de/
CHR StartupUrls: Default -> "hxxp://google.de/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Hambu_000\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Hambu_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-02]
CHR Extension: (Google Docs) - C:\Users\Hambu_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-02]
CHR Extension: (Google Drive) - C:\Users\Hambu_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-02]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Hambu_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-02]
CHR Extension: (YouTube) - C:\Users\Hambu_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-02]
CHR Extension: (Adblock Plus) - C:\Users\Hambu_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-11-02]
CHR Extension: (Google Search) - C:\Users\Hambu_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-02]
CHR Extension: (Google Sheets) - C:\Users\Hambu_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-02]
CHR Extension: (Google Wallet) - C:\Users\Hambu_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-02]
CHR Extension: (Gmail) - C:\Users\Hambu_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-02]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2014-10-15] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2014-10-15] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2014-10-15] (ASUSTeK Computer Inc.)
R2 avgfws; C:\Program Files (x86)\AVG\AVG2015\avgfws.exe [1486664 2014-12-18] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3432976 2014-12-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [298080 2014-12-18] (AVG Technologies CZ, s.r.o.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 DTSAudioService; C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe [210024 2011-05-31] (DTS)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [174624 2015-02-08] (EasyAntiCheat Ltd)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2015-01-16] (NVIDIA Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706128 2015-01-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833360 2015-01-16] (NVIDIA Corporation)
S3 Origin Client Service; D:\Origin\OriginClientService.exe [1910128 2015-02-01] (Electronic Arts)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-12-25] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2015-02-02] ()
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [186048 2014-12-09] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH)
R2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [14407384 2014-04-14] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2014-10-15] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2014-10-15] ()
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\system32\DRIVERS\avgfwd6a.sys [57144 2013-09-26] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [260888 2014-12-08] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [277784 2014-09-24] (AVG Technologies CZ, s.r.o.)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-10-15] (Disc Soft Ltd)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-01-16] (NVIDIA Corporation)
R3 NVVADARM; C:\Windows\system32\drivers\nvvadarm.sys [39240 2015-02-05] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S3 ptun0901; C:\Windows\system32\DRIVERS\ptun0901.sys [27136 2014-08-08] (The OpenVPN Project)
R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [39592 2014-12-30] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2014-12-09] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2014-12-10] (Razer, Inc.)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [33872 2013-02-22] (VMware, Inc.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-03-18] (Microsoft Corporation)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-25 15:47 - 2015-02-25 15:48 - 00021210 _____ () C:\Users\Hambu_000\Downloads\FRST.txt
2015-02-25 15:47 - 2015-02-25 15:47 - 02087936 _____ (Farbar) C:\Users\Hambu_000\Downloads\FRST64.exe
2015-02-25 00:09 - 2015-02-25 00:09 - 00387584 _____ () C:\Users\Hambu_000\Downloads\rescue2usb.exe
2015-02-25 00:08 - 2015-02-25 00:13 - 321716224 _____ () C:\Users\Hambu_000\Desktop\kav_rescue_10.iso
2015-02-25 00:04 - 2015-02-25 00:04 - 00000000 ____D () C:\Users\Hambu_000\Documents\2013_08_14
2015-02-25 00:04 - 2014-08-09 12:51 - 00020316 _____ () C:\Users\Hambu_000\Documents\Bewerbung2.odt
2015-02-25 00:04 - 2014-08-09 12:51 - 00020316 _____ () C:\Users\Hambu_000\Documents\Bewerbung.odt
2015-02-25 00:04 - 2014-08-09 12:49 - 00016921 _____ () C:\Users\Hambu_000\Documents\Lebenslauf2.odt
2015-02-24 04:39 - 2015-02-25 13:56 - 00004750 _____ () C:\Windows\setupact.log
2015-02-24 04:39 - 2015-02-24 04:39 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-24 04:38 - 2015-02-25 13:56 - 00267082 _____ () C:\Windows\WindowsUpdate.log
2015-02-24 02:54 - 2015-02-24 02:54 - 00000000 ____D () C:\Users\Hambu_000\AppData\Local\Blizzard
2015-02-24 02:50 - 2015-02-24 02:54 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2015-02-24 02:50 - 2015-02-24 02:50 - 00001167 _____ () C:\Users\Public\Desktop\Hearthstone.lnk
2015-02-24 02:50 - 2015-02-24 02:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
2015-02-24 00:51 - 2015-02-25 15:47 - 00000000 ____D () C:\FRST
2015-02-23 13:18 - 2015-02-23 13:18 - 00015360 ___SH () C:\Users\Hambu_000\Downloads\Thumbs.db
2015-02-19 12:18 - 2015-02-19 12:18 - 00000000 ____D () C:\Users\Hambu_000\AppData\Local\Steam
2015-02-13 17:30 - 2015-02-05 18:57 - 00621384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-02-13 17:28 - 2015-02-05 22:01 - 32106640 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-02-13 17:28 - 2015-02-05 22:01 - 25460880 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-02-13 17:28 - 2015-02-05 22:01 - 24768144 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-02-13 17:28 - 2015-02-05 22:01 - 20466496 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-02-13 17:28 - 2015-02-05 22:01 - 17253848 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-02-13 17:28 - 2015-02-05 22:01 - 13294528 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-02-13 17:28 - 2015-02-05 22:01 - 13208200 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-02-13 17:28 - 2015-02-05 22:01 - 10773704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-02-13 17:28 - 2015-02-05 22:01 - 10713256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-02-13 17:28 - 2015-02-05 22:01 - 10284872 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-02-13 17:28 - 2015-02-05 22:01 - 03610768 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-02-13 17:28 - 2015-02-05 22:01 - 03247248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-02-13 17:28 - 2015-02-05 22:01 - 01895240 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434752.dll
2015-02-13 17:28 - 2015-02-05 22:01 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434752.dll
2015-02-13 17:28 - 2015-02-05 22:01 - 00995248 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-02-13 17:28 - 2015-02-05 22:01 - 00969872 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-02-13 17:28 - 2015-02-05 22:01 - 00943760 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-02-13 17:28 - 2015-02-05 22:01 - 00929936 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-02-13 17:28 - 2015-02-05 22:01 - 00908104 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-02-13 17:28 - 2015-02-05 22:01 - 00877816 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-02-13 17:28 - 2015-02-05 22:01 - 00833680 _____ () C:\Windows\system32\nvmcumd.dll
2015-02-13 17:28 - 2015-02-05 22:01 - 00496272 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-02-13 17:28 - 2015-02-05 22:01 - 00399504 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-02-13 17:28 - 2015-02-05 22:01 - 00390472 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-02-13 17:28 - 2015-02-05 22:01 - 00353224 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-02-13 17:28 - 2015-02-05 22:01 - 00345744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-02-13 17:28 - 2015-02-05 22:01 - 00305136 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-02-13 17:28 - 2015-02-05 22:01 - 00177624 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-02-13 17:28 - 2015-02-05 22:01 - 00164752 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-02-13 17:28 - 2015-02-05 22:01 - 00100496 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcaparm.dll
2015-02-13 17:28 - 2015-02-05 22:01 - 00039240 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvadarm.sys
2015-02-13 01:46 - 2015-02-13 01:46 - 00000000 ____D () C:\Windows\SysWOW64\directx
2015-02-11 21:18 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-11 21:18 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-11 02:47 - 2015-02-11 02:47 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
2015-02-11 02:47 - 2015-02-11 02:47 - 00000000 ____D () C:\Program Files\Realtek
2015-02-11 02:47 - 2013-08-21 11:50 - 03591000 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2015-02-11 02:47 - 2013-08-20 19:17 - 02809048 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2015-02-11 02:47 - 2013-08-20 19:17 - 02585304 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO64.dll
2015-02-11 02:47 - 2013-08-20 17:48 - 00633381 _____ () C:\Windows\system32\Drivers\RTAIODAT.DAT
2015-02-11 02:47 - 2013-08-20 09:02 - 04848920 _____ (ASUSTeKcomputer.Inc Inc) C:\Windows\system32\RTKSMlfx.dll
2015-02-11 02:47 - 2013-08-16 14:46 - 00818008 _____ (ASUSTeKcomputer.Inc Inc) C:\Windows\system32\RTKSMSettingsIPC.dll
2015-02-11 02:47 - 2013-08-13 04:21 - 01019136 _____ (SRS Labs, Inc.) C:\Windows\system32\slcnt64.dll
2015-02-11 02:47 - 2013-08-13 04:21 - 00899328 _____ (DTS, Inc.) C:\Windows\system32\sl3apo64.dll
2015-02-11 02:47 - 2013-08-13 04:21 - 00720128 _____ (DTS, Inc.) C:\Windows\system32\sltech64.dll
2015-02-11 02:47 - 2013-08-13 04:21 - 00244480 _____ (TODO: <Company name>) C:\Windows\system32\slprp64.dll
2015-02-11 02:47 - 2013-08-06 08:47 - 00947248 _____ (Sony Corporation) C:\Windows\system32\SFSS_APO.dll
2015-02-11 02:47 - 2013-08-02 19:16 - 01005784 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2015-02-11 02:47 - 2013-08-01 09:59 - 05694760 _____ () C:\Windows\system32\Drivers\rtvienna.dat
2015-02-11 02:47 - 2013-07-26 13:05 - 00617176 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2015-02-11 02:47 - 2013-07-23 14:40 - 02103040 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib64.dll
2015-02-11 02:47 - 2013-06-25 11:47 - 00871856 _____ (TOSHIBA Corporation) C:\Windows\system32\tossaeapo64.dll
2015-02-11 02:47 - 2013-06-25 11:47 - 00162224 _____ (TOSHIBA Corporation) C:\Windows\system32\toseaeapo64.dll
2015-02-11 02:47 - 2013-06-25 11:46 - 00582056 _____ (TOSHIBA Corporation) C:\Windows\system32\tosasfapo64.dll
2015-02-11 02:47 - 2013-04-24 16:16 - 01662024 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2015-02-11 02:47 - 2013-02-20 18:55 - 01284680 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2015-02-11 02:47 - 2012-01-30 11:43 - 00836544 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo264.dll
2015-02-11 02:47 - 2012-01-10 10:20 - 00065944 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\tepeqapo64.dll
2015-02-11 02:47 - 2011-12-20 15:32 - 00331880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2015-02-11 02:47 - 2011-11-22 16:28 - 00014952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2015-02-11 02:47 - 2011-09-02 13:21 - 00221024 _____ (Synopsys, Inc.) C:\Windows\system32\SFNHK64.dll
2015-02-11 02:47 - 2011-09-02 13:21 - 00081248 _____ (Synopsys, Inc.) C:\Windows\system32\SFCOM64.dll
2015-02-11 02:47 - 2011-09-02 13:21 - 00078688 _____ (Synopsys, Inc.) C:\Windows\system32\SFAPO64.dll
2015-02-11 02:47 - 2011-03-17 12:17 - 01361336 _____ (TOSHIBA Corporation) C:\Windows\system32\tosade.dll
2015-02-11 02:47 - 2011-03-07 17:11 - 00148416 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo.dll
2015-02-11 02:47 - 2010-11-08 07:31 - 00375128 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2015-02-11 02:47 - 2010-11-08 07:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2015-02-11 02:47 - 2010-11-08 07:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2015-02-11 02:47 - 2010-11-08 07:31 - 00204120 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2015-02-11 02:47 - 2010-11-08 07:31 - 00101208 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2015-02-11 02:47 - 2010-11-08 07:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2015-02-11 02:47 - 2010-11-03 18:30 - 00149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2015-02-11 02:47 - 2010-07-22 15:48 - 00074064 _____ (Virage Logic Corporation / Sonic Focus) C:\Windows\SysWOW64\SFCOM.dll
2015-02-11 02:47 - 2009-11-24 09:55 - 00518896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2015-02-11 02:47 - 2009-11-24 09:55 - 00211184 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
2015-02-11 02:47 - 2009-11-24 09:55 - 00198896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
2015-02-11 02:47 - 2009-11-24 09:55 - 00155888 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2015-02-11 02:46 - 2013-08-20 17:31 - 00148184 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2015-02-11 02:46 - 2013-08-20 12:51 - 31488000 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
2015-02-11 02:46 - 2013-08-14 15:36 - 01325312 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO5064.dll
2015-02-11 02:46 - 2013-08-14 15:36 - 00662784 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVolumeSDAPO.dll
2015-02-11 02:46 - 2013-08-14 15:35 - 01084160 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO4064.dll
2015-02-11 02:46 - 2013-08-14 15:35 - 00907008 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO2064.dll
2015-02-11 02:46 - 2013-08-14 15:35 - 00663296 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll
2015-02-11 02:46 - 2013-08-07 16:34 - 00765184 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxSpeechAPO64.dll
2015-02-11 02:46 - 2013-07-28 09:48 - 27518208 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioVnA64.dll
2015-02-11 02:46 - 2013-07-24 09:07 - 02032896 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ64.dll
2015-02-11 02:46 - 2013-07-23 14:40 - 03610880 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioVnN64.dll
2015-02-11 02:46 - 2013-07-23 14:39 - 14048512 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek64.dll
2015-02-11 02:46 - 2013-07-23 14:39 - 01916672 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek264.dll
2015-02-11 02:46 - 2013-07-23 14:39 - 00922880 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell64.dll
2015-02-11 02:46 - 2013-04-03 13:13 - 00906800 _____ (Sony Corporation) C:\Windows\system32\MISS_APO.dll
2015-02-11 02:46 - 2012-08-31 18:18 - 07164176 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64A.dll
2015-02-11 02:46 - 2012-08-31 18:17 - 00434960 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64A.dll
2015-02-11 02:46 - 2012-08-31 18:17 - 00141584 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64A.dll
2015-02-11 02:46 - 2012-08-31 18:17 - 00124176 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll
2015-02-11 02:46 - 2012-08-31 18:17 - 00075024 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64A.dll
2015-02-11 02:46 - 2010-09-27 08:34 - 00318808 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2015-02-11 02:45 - 2011-08-23 16:00 - 00603984 _____ (Knowles Acoustics ) C:\Windows\system32\KAAPORT64.dll
2015-02-11 02:44 - 2013-08-07 16:41 - 00113576 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2015-02-11 02:44 - 2013-08-06 03:56 - 06219096 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64A.dll
2015-02-11 02:44 - 2013-08-06 03:56 - 01908568 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64A.dll
2015-02-11 02:44 - 2013-08-06 03:56 - 00312152 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64A.dll
2015-02-11 02:44 - 2013-08-06 03:56 - 00261464 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64.dll
2015-02-11 02:44 - 2013-08-05 17:11 - 02743328 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2015-02-11 02:44 - 2013-07-11 13:15 - 00557880 _____ () C:\Windows\system32\audioLibVc.dll
2015-02-11 02:44 - 2013-06-21 10:01 - 00109848 _____ () C:\Windows\system32\AcpiServiceVnA64.dll
2015-02-11 02:44 - 2013-06-05 20:42 - 00208072 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2015-02-11 02:44 - 2012-10-02 13:41 - 00501192 _____ (DTS) C:\Windows\system32\DTSU2PLFX64.dll
2015-02-11 02:44 - 2012-10-02 13:41 - 00487368 _____ (DTS) C:\Windows\system32\DTSU2PGFX64.dll
2015-02-11 02:44 - 2012-10-02 13:41 - 00415688 _____ (DTS) C:\Windows\system32\DTSU2PREC64.dll
2015-02-11 02:44 - 2012-03-08 11:47 - 00108640 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2015-02-11 02:44 - 2011-05-31 08:42 - 01756264 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL64.dll
2015-02-11 02:44 - 2011-05-31 08:42 - 01568360 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL64.dll
2015-02-11 02:44 - 2011-05-31 08:42 - 01486952 _____ (DTS) C:\Windows\system32\DTSBoostDLL64.dll
2015-02-11 02:44 - 2011-05-31 08:42 - 00728680 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL64.dll
2015-02-11 02:44 - 2011-05-31 08:42 - 00712296 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL64.dll
2015-02-11 02:44 - 2011-05-31 08:42 - 00693352 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL64.dll
2015-02-11 02:44 - 2011-05-31 08:42 - 00491112 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL64.dll
2015-02-11 02:44 - 2011-05-31 08:42 - 00432744 _____ (DTS) C:\Windows\system32\DTSLimiterDLL64.dll
2015-02-11 02:44 - 2011-05-31 08:42 - 00428648 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL64.dll
2015-02-11 02:44 - 2011-05-31 08:42 - 00242792 _____ (DTS) C:\Windows\system32\DTSLFXAPO64.dll
2015-02-11 02:44 - 2011-05-31 08:42 - 00242792 _____ (DTS) C:\Windows\system32\DTSGFXAPO64.dll
2015-02-11 02:44 - 2011-05-31 08:42 - 00241768 _____ (DTS) C:\Windows\system32\DTSGFXAPONS64.dll
2015-02-11 00:51 - 2015-01-19 19:42 - 01487976 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2015-02-11 00:51 - 2015-01-15 23:43 - 00563504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 00:51 - 2015-01-15 23:43 - 00177984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 00:51 - 2015-01-14 05:22 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-02-11 00:51 - 2015-01-14 04:53 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-02-11 00:51 - 2015-01-13 23:11 - 01762840 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 00:51 - 2015-01-13 23:04 - 01489072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 00:51 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 00:51 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 00:51 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 00:51 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-11 00:51 - 2015-01-12 03:34 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-02-11 00:51 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-11 00:51 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 00:51 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-11 00:51 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 00:51 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-11 00:51 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-11 00:51 - 2015-01-12 02:58 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-02-11 00:51 - 2015-01-12 02:55 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-02-11 00:51 - 2015-01-12 02:51 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-02-11 00:51 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 00:51 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 00:51 - 2015-01-12 02:48 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 00:51 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 00:51 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-11 00:51 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 00:51 - 2015-01-12 02:34 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-02-11 00:51 - 2015-01-12 02:30 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-02-11 00:51 - 2015-01-12 02:27 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-02-11 00:51 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 00:51 - 2015-01-12 02:25 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-02-11 00:51 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-11 00:51 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-11 00:51 - 2015-01-12 02:23 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-11 00:51 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-11 00:51 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 00:51 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-11 00:51 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-11 00:51 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-11 00:51 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-11 00:51 - 2015-01-10 10:10 - 07472960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 00:51 - 2015-01-10 10:10 - 01733440 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-02-11 00:51 - 2015-01-10 09:28 - 01498360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-02-11 00:51 - 2015-01-10 09:22 - 04175872 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-11 00:51 - 2015-01-10 08:00 - 00430080 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 00:51 - 2015-01-10 07:38 - 00359424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-11 00:51 - 2014-12-19 09:57 - 00788680 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 00:51 - 2014-12-19 09:25 - 00602776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-11 00:51 - 2014-12-09 04:45 - 00393728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 00:51 - 2014-12-09 02:56 - 00538624 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 00:51 - 2014-12-09 00:12 - 00391526 _____ () C:\Windows\system32\ApnDatabase.xml
2015-02-10 13:44 - 2015-02-10 13:44 - 00001363 _____ () C:\Users\Public\Desktop\GeForce Experience.lnk
2015-02-10 13:44 - 2015-02-10 13:44 - 00000000 ____D () C:\Users\Hambu_000\AppData\Local\NVIDIA
2015-02-10 13:44 - 2015-01-16 07:40 - 01316184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-02-10 13:44 - 2015-01-16 07:40 - 01278920 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-02-10 13:44 - 2015-01-16 07:39 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-02-10 13:44 - 2015-01-16 07:39 - 01514528 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-02-10 13:44 - 2014-11-22 11:46 - 00038032 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2015-02-10 13:44 - 2014-11-22 11:46 - 00035472 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2015-02-10 13:44 - 2014-11-22 11:46 - 00032400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2015-02-08 21:39 - 2015-02-08 21:35 - 00174624 _____ (EasyAntiCheat Ltd) C:\Windows\SysWOW64\EasyAntiCheat.exe
2015-02-06 16:00 - 2015-02-24 00:44 - 00000000 ____D () C:\Program Files (x86)\Mp3tag
2015-02-03 10:22 - 2015-02-03 10:22 - 00000000 ____D () C:\Users\Hambu_000\Documents\BFH Beta 2
2015-02-02 22:05 - 2015-02-02 22:05 - 00344064 _____ () C:\Users\Hambu_000\Documents\Meine neue App.accdb
2015-02-02 22:04 - 2015-02-02 22:04 - 00003021 _____ () C:\Users\Hambu_000\Desktop\Visio 2013.lnk
2015-02-02 22:04 - 2015-02-02 22:04 - 00002953 _____ () C:\Users\Hambu_000\Desktop\Publisher 2013.lnk
2015-02-02 22:04 - 2015-02-02 22:04 - 00002845 _____ () C:\Users\Hambu_000\Desktop\Access 2013.lnk
2015-02-02 21:58 - 2015-02-02 21:58 - 00003053 _____ () C:\Users\Hambu_000\Desktop\Excel 2013.lnk
2015-02-02 21:58 - 2015-02-02 21:58 - 00002953 _____ () C:\Users\Hambu_000\Desktop\PowerPoint 2013.lnk
2015-02-02 21:57 - 2015-02-02 21:57 - 00003031 _____ () C:\Users\Hambu_000\Desktop\Word 2013.lnk
2015-02-02 21:52 - 2015-02-02 21:52 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server
2015-02-02 21:51 - 2015-02-02 21:52 - 00000000 ____D () C:\Program Files\Microsoft SQL Server
2015-02-01 15:49 - 2015-02-02 21:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-29 18:02 - 2015-01-29 18:02 - 00000000 ___RD () C:\Users\Hambu_000\AppData\Roaming\Brother
2015-01-29 18:01 - 2015-01-29 18:02 - 00000432 _____ () C:\Windows\BRWMARK.INI
2015-01-29 18:01 - 2015-01-29 18:01 - 00000034 _____ () C:\Windows\SysWOW64\BD2030.DAT

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-25 15:43 - 2014-10-15 21:03 - 00000000 ____D () C:\Users\Hambu_000\AppData\Roaming\ClassicShell
2015-02-25 15:37 - 2014-10-15 20:54 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2088537837-413021123-565316019-1001
2015-02-25 15:28 - 2014-10-15 21:56 - 00000000 ____D () C:\ProgramData\MFAData
2015-02-25 15:23 - 2014-10-18 12:13 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-25 15:20 - 2014-11-02 18:05 - 00001126 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-25 15:08 - 2014-10-19 13:13 - 00000000 ____D () C:\Users\Hambu_000\AppData\Roaming\TS3Client
2015-02-25 15:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2015-02-25 14:21 - 2014-12-15 11:41 - 00000000 ____D () C:\Users\Hambu_000\AppData\Local\Battle.net
2015-02-25 13:42 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-02-25 11:46 - 2014-10-15 21:34 - 00001354 _____ () C:\Windows\Tasks\WJ.job
2015-02-25 11:32 - 2014-11-02 18:05 - 00001122 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-25 11:32 - 2014-10-15 21:34 - 00001358 _____ () C:\Windows\Tasks\XZWU.job
2015-02-25 11:32 - 2014-10-15 20:51 - 00000000 ____D () C:\Users\Hambu_000\SkyDrive
2015-02-25 04:06 - 2014-10-22 22:25 - 00000000 ____D () C:\Users\Hambu_000\AppData\Local\Arma 3
2015-02-25 03:03 - 2014-10-15 20:53 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{74B743A0-6143-453C-B8BE-B47F9D254E7E}
2015-02-25 02:59 - 2014-12-25 21:38 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-25 02:59 - 2014-10-15 22:19 - 00000000 ____D () C:\ProgramData\VMware
2015-02-25 02:59 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-25 00:18 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-02-25 00:07 - 2014-10-15 20:51 - 01785100 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-25 00:07 - 2013-09-30 04:58 - 00767024 _____ () C:\Windows\system32\perfh007.dat
2015-02-25 00:07 - 2013-09-30 04:58 - 00160370 _____ () C:\Windows\system32\perfc007.dat
2015-02-24 21:51 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache
2015-02-24 20:55 - 2014-10-15 22:28 - 00000000 ____D () C:\Users\Hambu_000\AppData\Roaming\Skype
2015-02-24 13:27 - 2014-10-15 21:29 - 00189952 ___SH () C:\Users\Hambu_000\Desktop\Thumbs.db
2015-02-24 00:18 - 2014-10-20 16:58 - 00000000 ____D () C:\Users\Hambu_000\AppData\Roaming\vlc
2015-02-21 22:51 - 2014-12-28 20:03 - 00000000 ____D () C:\Users\Hambu_000\AppData\Roaming\FileZilla
2015-02-21 22:51 - 2014-11-23 18:12 - 00000000 ____D () C:\Users\Hambu_000\AppData\Roaming\TeamViewer
2015-02-21 22:51 - 2014-11-11 18:56 - 00000000 ___DC () C:\Users\Hambu_000\AppData\Local\MigWiz
2015-02-21 22:51 - 2014-10-15 22:32 - 00000000 ____D () C:\Windows\Minidump
2015-02-21 22:51 - 2014-10-15 21:42 - 00000000 ____D () C:\Windows\Panther
2015-02-21 22:51 - 2014-10-15 21:32 - 00000000 ____D () C:\Users\Hambu_000\AppData\Roaming\DAEMON Tools Lite
2015-02-20 19:42 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-02-19 22:28 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2015-02-17 06:15 - 2014-10-15 22:08 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-02-17 06:14 - 2014-10-15 22:07 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-15 01:50 - 2014-12-02 23:01 - 00000000 ____D () C:\Users\Hambu_000\Desktop\Prime95
2015-02-13 17:30 - 2014-10-15 21:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-02-13 01:44 - 2014-12-27 02:26 - 00000000 ____D () C:\Users\Hambu_000\Documents\My Games
2015-02-12 17:48 - 2014-10-18 12:13 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-12 17:48 - 2014-10-18 12:13 - 00000000 ____D () C:\Users\Hambu_000\AppData\Local\Adobe
2015-02-11 14:32 - 2013-08-22 15:44 - 00480816 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-11 04:02 - 2014-10-21 22:50 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-11 03:58 - 2014-10-21 22:50 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-11 03:57 - 2013-08-22 14:25 - 00000167 _____ () C:\Windows\win.ini
2015-02-11 02:48 - 2014-10-15 21:11 - 00000000 ___HD () C:\Program Files (x86)\Temp
2015-02-11 02:43 - 2014-10-15 21:10 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-02-10 20:55 - 2014-10-15 21:48 - 00000000 ____D () C:\ProgramData\Origin
2015-02-10 16:21 - 2014-10-15 20:48 - 00000000 ____D () C:\Users\Hambu_000\AppData\Local\Packages
2015-02-10 13:45 - 2014-10-15 21:36 - 00007606 _____ () C:\Users\Hambu_000\AppData\Local\Resmon.ResmonCfg
2015-02-10 13:44 - 2014-10-15 21:15 - 00000000 ____D () C:\Users\Hambu_000\AppData\Local\NVIDIA Corporation
2015-02-10 13:44 - 2014-10-15 20:54 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2015-02-10 13:44 - 2014-10-15 20:54 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-02-10 13:44 - 2014-10-15 20:54 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2015-02-10 10:03 - 2014-10-15 21:17 - 00000000 ____D () C:\ProgramData\KMSAutoS
2015-02-09 15:40 - 2014-10-15 20:48 - 00000000 ____D () C:\Users\Hambu_000
2015-02-08 20:48 - 2014-10-16 00:37 - 00226680 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2015-02-08 14:41 - 2014-10-16 00:37 - 00226680 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2015-02-08 12:25 - 2014-10-22 18:22 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-08 01:33 - 2014-12-15 11:41 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2015-02-07 20:56 - 2014-10-15 21:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-07 03:42 - 2015-01-19 16:52 - 00000000 ____D () C:\Program Files (x86)\Razer
2015-02-06 16:23 - 2014-12-28 20:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2015-02-06 16:23 - 2014-12-28 20:03 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
2015-02-06 16:15 - 2014-11-02 18:05 - 00004098 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-06 16:15 - 2014-11-02 18:05 - 00003862 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-05 22:01 - 2014-12-25 21:39 - 16017040 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-02-05 22:01 - 2014-12-25 21:39 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvmcvadgenco64.dll
2015-02-05 22:01 - 2014-12-25 21:38 - 00074056 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-02-05 22:01 - 2014-12-25 21:38 - 00060560 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-02-05 22:01 - 2014-11-02 17:14 - 18575880 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-02-05 22:01 - 2014-11-02 17:14 - 14119744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-02-05 22:01 - 2014-11-02 17:14 - 03299512 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-02-05 22:01 - 2014-11-02 17:14 - 02902784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-02-05 22:01 - 2014-11-02 17:14 - 00027441 _____ () C:\Windows\system32\nvinfo.pb
2015-02-05 20:07 - 2014-12-25 21:38 - 06861128 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-02-05 20:07 - 2014-12-25 21:38 - 03517584 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-02-05 20:07 - 2014-12-25 21:38 - 02558792 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-02-05 20:07 - 2014-12-25 21:38 - 00935056 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-02-05 20:07 - 2014-12-25 21:38 - 00062792 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-02-05 20:06 - 2014-12-25 21:38 - 00385168 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-02-05 13:50 - 2014-12-25 21:38 - 04236870 _____ () C:\Windows\system32\nvcoproc.bin
2015-02-04 03:29 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-03 20:31 - 2013-08-22 16:38 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-03 20:31 - 2013-08-22 16:38 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-03 10:30 - 2014-10-19 14:40 - 00000000 ____D () C:\Users\Hambu_000\AppData\Local\PunkBuster
2015-02-03 01:03 - 2014-12-24 21:28 - 00000311 _____ () C:\Users\Hambu_000\Desktop\Neues Textdokument.txt
2015-02-02 22:56 - 2014-10-16 00:37 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2015-02-02 22:01 - 2014-10-15 21:17 - 00003748 _____ () C:\Windows\System32\Tasks\KMSAutoNet
2015-02-02 22:01 - 2014-10-15 21:17 - 00000000 ____D () C:\Users\Hambu_000\AppData\Local\MSfree Inc
2015-02-02 22:00 - 2014-10-15 21:29 - 00000000 ____D () C:\Users\Hambu_000\Desktop\Weis-IT
2015-02-02 21:59 - 2014-10-15 22:17 - 00000000 ____D () C:\Program Files\KMSpico
2015-02-02 21:53 - 2013-09-30 05:00 - 00000000 ____D () C:\Windows\ShellNew
2015-02-02 21:53 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-02-02 21:51 - 2014-10-15 22:07 - 00000000 ____D () C:\Program Files\Microsoft Office
2015-02-02 21:50 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\System
2015-01-29 17:58 - 2014-11-02 16:45 - 00000000 ____D () C:\Users\Hambu_000\AppData\Roaming\Foxit Software

==================== Files in the root of some directories =======

2014-09-01 09:18 - 2014-09-01 09:18 - 0001248 _____ () C:\Users\Hambu_000\AppData\Roaming\XZWU
2014-10-15 21:36 - 2015-02-10 13:45 - 0007606 _____ () C:\Users\Hambu_000\AppData\Local\Resmon.ResmonCfg
2014-10-15 21:12 - 2014-10-15 21:12 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-18 06:15

==================== End Of Log ============================
--- --- ---


Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-02-2015 01
Ran by Hambu_000 at 2015-02-25 15:49:02
Running from C:\Users\Hambu_000\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG Internet Security 2015 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security 2015 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2015 (Enabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Arma 3 (HKLM-x32\...\Steam App 107410) (Version:  - Bohemia Interactive)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5645 - AVG Technologies)
AVG 2015 (Version: 15.0.4299 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5645 - AVG Technologies) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.4.2.23831 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.0 - EA Digital Illusions CE AB)
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
CPUID HWMonitor 1.26 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Epoch Launcher (HKU\S-1-5-21-2088537837-413021123-565316019-1001\...\de6ddf4941177887) (Version: 0.0.1.12 - Epoch Mod Team)
FileZilla Client 3.10.1.1 (HKLM-x32\...\FileZilla Client) (Version: 3.10.1.1 - Tim Kosse)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.0.3.916 - Foxit Software Inc.)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Java 7 Update 71 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417071FF}) (Version: 7.0.710 - Oracle)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
KMSpico v9.2.3 (HKLM\...\KMSpico_is1) (Version: 9.2.3 - )
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visio Professional 2013 (HKLM\...\Office15.VISPRO) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0 - Mozilla)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.9 - Notepad++ Team)
NVIDIA 3D Vision Controller-Treiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.52 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation)
NVIDIA Grafiktreiber 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.52 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA Miracast Virtueller Ton 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 347.52 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.5.3.636 - Electronic Arts, Inc.)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.994 - Even Balance, Inc.)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.19.23944 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.)
ROCCAT Power-Grid Version 0.459 (HKLM-x32\...\{953CF6E6-4EC8-4E55-A263-720CEBD591FE}_is1) (Version: 0.459 - ROCCAT GmbH)
Rust (HKLM-x32\...\Steam App 252490) (Version:  - Facepunch Studios)
SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden
Skype™ 6.21 (HKLM-x32\...\{1845470B-EB14-4ABC-835B-E36C693DC07D}) (Version: 6.21.104 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.36897 - TeamViewer)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Uplay (HKLM-x32\...\Uplay) (Version: 4.9 - Ubisoft)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VMware Workstation (HKLM-x32\...\VMware_Workstation) (Version: 10.0.2 - VMware, Inc)
VMware Workstation (Version: 10.0.2 - VMware, Inc.) Hidden
War Thunder (HKLM-x32\...\Steam App 236390) (Version:  - Gaijin Entertainment)
WinRAR 5.11 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

08-02-2015 12:24:40 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
12-02-2015 00:45:06 Windows Update
17-02-2015 06:12:23 Windows Update
24-02-2015 00:44:59 UltraMon wird entfernt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1C258240-6AFD-4796-A7CB-AFFCDE206031} - System32\Tasks\KMSAutoNet => C:\ProgramData\KMSAutoS\KMSAuto Net.exe [2014-08-06] (MSfree Inc.)
Task: {3331BEA8-7FD7-490E-B05C-35FD2CCD4F85} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {4716A9FB-7C07-48AA-A491-8E3EE60D7A2B} - System32\Tasks\AutoKMSCustom => C:\Windows\AutoKMS\AutoKMS.exe [2014-10-15] ()
Task: {4F8EB2C8-E7E4-4010-A612-D7AF766BBFA9} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-02-11] (Microsoft Corporation)
Task: {6E971E23-23A8-40BA-8FA3-7FA14E4D46F7} - System32\Tasks\WJ => C:\Users\Hambu_000\AppData\Roaming\WJ.exe <==== ATTENTION
Task: {729780D9-8393-45EB-940C-BFF9C6D8E249} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {8D17D1A0-D45A-47CA-9B93-B86EE63D39EA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-02] (Google Inc.)
Task: {900C6ADB-2D9B-4A22-95B5-EB8031C1C7A7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {CBFF573A-3E3C-477C-902C-22BBB7A6B0A8} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2014-03-02] ()
Task: {CC2F19EB-129B-4448-961D-B3ED45719072} - System32\Tasks\XZWU => C:\Users\Hambu_000\AppData\Roaming\XZWU.exe <==== ATTENTION
Task: {F2973FD1-F2BC-4345-B0BE-0B530C97BD2A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-12] (Adobe Systems Incorporated)
Task: {FE86DE69-1236-4E59-AAF2-7D63B66D79F3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-02] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\WJ.job => C:\Users\Hambu_000\AppData\Roaming\WJ.exe <==== ATTENTION
Task: C:\Windows\Tasks\XZWU.job => C:\Users\Hambu_000\AppData\Roaming\XZWU.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) ==============

2014-10-16 00:37 - 2015-02-02 22:56 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-12-09 23:22 - 2014-12-09 23:22 - 00186048 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2014-04-14 15:04 - 2014-04-14 15:04 - 14407384 _____ () C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
2014-10-15 21:10 - 2014-10-15 21:10 - 00920736 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
2014-12-25 21:38 - 2015-02-05 20:07 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-12-08 11:10 - 2014-12-08 11:10 - 00102176 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2014-12-19 04:22 - 2014-12-19 04:22 - 00290816 _____ () C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
2014-02-28 10:14 - 2014-02-28 10:14 - 00173568 _____ () C:\Program Files\TeamSpeak 3 Client\quazip.dll
2014-02-27 15:51 - 2014-02-27 15:51 - 01080832 _____ () C:\Program Files\TeamSpeak 3 Client\platforms\qwindows.dll
2014-02-27 15:51 - 2014-02-27 15:51 - 00833024 _____ () C:\Program Files\TeamSpeak 3 Client\sqldrivers\qsqlite.dll
2014-08-04 14:43 - 2014-08-04 14:43 - 00102344 _____ () C:\Program Files\TeamSpeak 3 Client\soundbackends\directsound_win64.dll
2014-08-04 14:43 - 2014-08-04 14:43 - 00108488 _____ () C:\Program Files\TeamSpeak 3 Client\soundbackends\windowsaudiosession_win64.dll
2014-02-27 15:51 - 2014-02-27 15:51 - 00030208 _____ () C:\Program Files\TeamSpeak 3 Client\imageformats\qgif.dll
2014-02-27 15:51 - 2014-02-27 15:51 - 00233984 _____ () C:\Program Files\TeamSpeak 3 Client\imageformats\qjpeg.dll
2014-08-04 14:46 - 2014-08-04 14:46 - 00563656 _____ () C:\Program Files\TeamSpeak 3 Client\plugins\clientquery_plugin.dll
2014-08-04 14:46 - 2014-08-04 14:46 - 00579016 _____ () C:\Program Files\TeamSpeak 3 Client\plugins\teamspeak_control_plugin.dll
2014-02-27 15:51 - 2014-02-27 15:51 - 00159232 _____ () C:\Program Files\TeamSpeak 3 Client\accessible\qtaccessiblewidgets.dll
2015-02-20 05:22 - 2015-02-18 02:34 - 01450312 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\libglesv2.dll
2015-02-20 05:22 - 2015-02-18 02:34 - 00205128 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\libegl.dll
2015-02-20 05:22 - 2015-02-18 02:34 - 10864456 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\pdf.dll
2014-04-14 15:41 - 2014-04-14 15:41 - 01261272 _____ () C:\Program Files (x86)\VMware\VMware Workstation\libxml2.dll
2014-10-15 21:10 - 2015-02-25 03:02 - 00033280 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\PEbiosinterface32.dll
2014-10-15 21:10 - 2014-10-15 21:09 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\ATKEX.dll
2015-01-19 17:07 - 2014-11-26 03:12 - 40622592 _____ () C:\Users\Hambu_000\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libcef.dll
2014-12-19 04:22 - 2014-12-19 04:22 - 00192512 _____ () C:\ProgramData\Razer\Synapse\RzStats\RigWrapper.dll
2015-01-19 17:07 - 2014-11-26 03:12 - 00911360 _____ () C:\Users\Hambu_000\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libglesv2.dll
2015-01-19 17:07 - 2014-11-26 03:12 - 00134144 _____ () C:\Users\Hambu_000\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libegl.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Hambu_000\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2088537837-413021123-565316019-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Hambu_000\Desktop\kontra_k_by_ezzkah-d5zfzsh.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "vmware-tray.exe"
HKLM\...\StartupApproved\Run32: => "vProt"
HKU\S-1-5-21-2088537837-413021123-565316019-1001\...\StartupApproved\Run: => "DAEMON Tools Lite"
HKU\S-1-5-21-2088537837-413021123-565316019-1001\...\StartupApproved\Run: => "EADM"
HKU\S-1-5-21-2088537837-413021123-565316019-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-2088537837-413021123-565316019-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_D1EF6F3B51D0D08552EA818CAB33B365"

==================== Accounts: =============================

Administrator (S-1-5-21-2088537837-413021123-565316019-500 - Administrator - Disabled)
Gast (S-1-5-21-2088537837-413021123-565316019-501 - Limited - Disabled)
Hambu_000 (S-1-5-21-2088537837-413021123-565316019-1001 - Administrator - Enabled) => C:\Users\Hambu_000
HomeGroupUser$ (S-1-5-21-2088537837-413021123-565316019-1003 - Limited - Enabled)
Steph_000 (S-1-5-21-2088537837-413021123-565316019-1005 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: VMware Virtual Ethernet Adapter for VMnet1
Description: VMware Virtual Ethernet Adapter for VMnet1
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: VMware, Inc.
Service: VMnetAdapter
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: VMware Virtual Ethernet Adapter for VMnet8
Description: VMware Virtual Ethernet Adapter for VMnet8
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: VMware, Inc.
Service: VMnetAdapter
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/25/2015 03:00:07 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4

Error: (02/25/2015 03:00:07 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll4

Error: (02/24/2015 01:10:58 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll4

Error: (02/24/2015 01:08:50 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4

Error: (02/24/2015 00:45:10 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.

Error: (02/23/2015 10:13:11 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: RzStats.Manager.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: Ausnahmecode c0000005, Ausnahmeadresse 72657A61
Stapel:

Error: (02/22/2015 07:37:13 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4

Error: (02/22/2015 07:37:13 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll4

Error: (02/20/2015 06:33:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: arma3.exe, Version: 1.38.128.937, Zeitstempel: 0x54bd4194
Name des fehlerhaften Moduls: PhysX3_x86.dll, Version: 3.3.2.0, Zeitstempel: 0x54233834
Ausnahmecode: 0xc0000005
Fehleroffset: 0x001a484c
ID des fehlerhaften Prozesses: 0xd5bc
Startzeit der fehlerhaften Anwendung: 0xarma3.exe0
Pfad der fehlerhaften Anwendung: arma3.exe1
Pfad des fehlerhaften Moduls: arma3.exe2
Berichtskennung: arma3.exe3
Vollständiger Name des fehlerhaften Pakets: arma3.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: arma3.exe5

Error: (02/20/2015 01:53:46 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT-AUTORITÄT)
Description: There was an error with the Windows Location Provider database


System errors:
=============
Error: (02/25/2015 04:53:01 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 5

Error: (02/24/2015 01:08:24 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Der Dienst Windows Update konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden.

Error: (02/24/2015 01:06:30 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056

Error: (02/24/2015 01:06:25 AM) (Source: DCOM) (EventID: 10010) (User: FLO)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

Error: (02/24/2015 01:06:02 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (02/24/2015 01:06:00 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (02/24/2015 01:05:59 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "ASUS Com Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (02/24/2015 01:05:59 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "VMware Workstation Server" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (02/24/2015 01:05:59 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "VMware USB Arbitration Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (02/24/2015 01:05:59 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "VMware DHCP Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


Microsoft Office Sessions:
=========================
Error: (02/25/2015 03:00:07 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4

Error: (02/25/2015 03:00:07 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll4

Error: (02/24/2015 01:10:58 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll4

Error: (02/24/2015 01:08:50 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4

Error: (02/24/2015 00:45:10 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert

Error: (02/23/2015 10:13:11 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: RzStats.Manager.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: Ausnahmecode c0000005, Ausnahmeadresse 72657A61
Stapel:

Error: (02/22/2015 07:37:13 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4

Error: (02/22/2015 07:37:13 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll4

Error: (02/20/2015 06:33:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: arma3.exe1.38.128.93754bd4194PhysX3_x86.dll3.3.2.054233834c0000005001a484cd5bc01d04d0c1eb26836D:\Steam\steamapps\common\Arma 3\arma3.exeD:\Steam\steamapps\common\Arma 3\PhysX3_x86.dlla6f62068-b926-11e4-8287-c8600089ef5f

Error: (02/20/2015 01:53:46 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT-AUTORITÄT)
Description: -2147024883


==================== Memory info ===========================

Processor: AMD FX(tm)-8150 Eight-Core Processor
Percentage of memory in use: 28%
Total physical RAM: 8137.34 MB
Available physical RAM: 5846.76 MB
Total Pagefile: 16841.34 MB
Available Pagefile: 13550.98 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:236.26 GB) NTFS
Drive d: () (Fixed) (Total:465.76 GB) (Free:306.86 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: CD040803)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 1BE7CFDC)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================

schrauber 26.02.2015 07:53
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

Antrox 26.02.2015 14:25
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 26.02.2015
Suchlauf-Zeit: 13:40:05
Logdatei: Malwarebytes Anti-Malware.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2015.02.26.02
Rootkit Datenbank: v2015.02.25.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: Hambu_000

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 348315
Verstrichene Zeit: 10 Min, 32 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 1
PUP.Optional.Squeaky.A, HKU\S-1-5-21-2088537837-413021123-565316019-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Squeaky, In Quarantäne, [d03a28fb0a80fe38de695b3fa65d8878],

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 2
Trojan.Proxy, C:\Windows\SECOH-QAD.dll, In Quarantäne, [d3375dc61179ed49cbf4bb6dfc069070],
Trojan.Proxy, C:\Windows\SECOH-QAD.exe, In Quarantäne, [f218ee35b7d34aec7e4041e7d032649c],

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)
Code:
# Benutzername : Hambu_000 - FLO
# Gestarted von : C:\Users\Hambu_000\Downloads\AdwCleaner_4.111.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v35.0.1 (x86 de)


-\\ Google Chrome v40.0.2214.115


*************************

AdwCleaner[R0].txt - [812 Bytes] - [26/02/2015 13:59:34]
AdwCleaner[S0].txt - [735 Bytes] - [26/02/2015 14:01:59]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [793  Bytes] ##########
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 8.1 Pro x64
Ran by Hambu_000 on 26.02.2015 at 14:08:40,65
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Hambu_000\AppData\Roaming\mozilla\firefox\profiles\vck1ypx5.default\minidumps [17 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26.02.2015 at 14:12:24,38
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
can result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-02-2015 01
Ran by Hambu_000 (administrator) on FLO on 26-02-2015 14:21:41
Running from C:\Users\Hambu_000\Downloads
Loaded Profiles: Hambu_000 (Available profiles: Hambu_000)
Platform: Windows 8.1 Pro (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(DTS) C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
() C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Users\Hambu_000\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
() C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
(Razer, Inc.) C:\Users\Hambu_000\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585744 2015-01-16] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-19] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3667472 2014-12-18] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vmware-tray.exe] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [112856 2014-04-14] (VMware, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585536 2015-01-06] (Razer Inc.)
HKU\S-1-5-21-2088537837-413021123-565316019-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-2088537837-413021123-565316019-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22058080 2014-10-01] (Skype Technologies S.A.)
HKU\S-1-5-21-2088537837-413021123-565316019-1001\...\Run: [EADM] => D:\Origin\Origin.exe [3619160 2015-02-01] (Electronic Arts)
HKU\S-1-5-21-2088537837-413021123-565316019-1001\...\Run: [GoogleChromeAutoLaunch_D1EF6F3B51D0D08552EA818CAB33B365] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [898376 2015-02-18] (Google Inc.)
HKU\S-1-5-21-2088537837-413021123-565316019-1001\...\MountPoints2: {42e3c0e1-ac8e-11e4-8281-c8600089ef5f} - "E:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-2088537837-413021123-565316019-1001\...\MountPoints2: {8e2549c7-72f5-11e4-8267-c8600089ef5f} - "E:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-2088537837-413021123-565316019-1001\...\MountPoints2: {8e2549dc-72f5-11e4-8267-c8600089ef5f} - "E:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-2088537837-413021123-565316019-1001\...\MountPoints2: {f28296f1-64b1-11e4-825a-c8600089ef5f} - "E:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-2088537837-413021123-565316019-1001\...\MountPoints2: {f2829718-64b1-11e4-825a-c8600089ef5f} - "E:\HTC_Sync_Manager_PC.exe"
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2088537837-413021123-565316019-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/search?FORM=INCOH1&PC=IC02
HKU\S-1-5-21-2088537837-413021123-565316019-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
SearchScopes: HKLM -> {39118170-7B07-4BC5-8B47-C62B1DC1DC99} URL = hxxp://www.bing.com/search?FORM=INCOH1&PC=IC02&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2088537837-413021123-565316019-1001 -> {39118170-7B07-4BC5-8B47-C62B1DC1DC99} URL = hxxp://www.bing.com/search?FORM=INCOH1&PC=IC02&q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Hambu_000\AppData\Roaming\Mozilla\Firefox\Profiles\vck1ypx5.default
FF SelectedSearchEngine: Bing
FF Homepage: https://www.google.de/?gws_rd=ssl
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKU\S-1-5-21-2088537837-413021123-565316019-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Extension: MEGA - C:\Users\Hambu_000\AppData\Roaming\Mozilla\Firefox\Profiles\vck1ypx5.default\Extensions\firefox@mega.co.nz.xpi [2014-12-25]
FF Extension: Adblock Plus - C:\Users\Hambu_000\AppData\Roaming\Mozilla\Firefox\Profiles\vck1ypx5.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-10-15]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.de/
CHR StartupUrls: Default -> "hxxp://google.de/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Hambu_000\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Hambu_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-02]
CHR Extension: (Google Docs) - C:\Users\Hambu_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-02]
CHR Extension: (Google Drive) - C:\Users\Hambu_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-02]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Hambu_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-02]
CHR Extension: (YouTube) - C:\Users\Hambu_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-02]
CHR Extension: (Adblock Plus) - C:\Users\Hambu_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-11-02]
CHR Extension: (Google Search) - C:\Users\Hambu_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-02]
CHR Extension: (Google Sheets) - C:\Users\Hambu_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-02]
CHR Extension: (Google Wallet) - C:\Users\Hambu_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-02]
CHR Extension: (Gmail) - C:\Users\Hambu_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-02]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2014-10-15] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2014-10-15] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2014-10-15] (ASUSTeK Computer Inc.)
R2 avgfws; C:\Program Files (x86)\AVG\AVG2015\avgfws.exe [1486664 2014-12-18] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3432976 2014-12-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [298080 2014-12-18] (AVG Technologies CZ, s.r.o.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 DTSAudioService; C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe [210024 2011-05-31] (DTS)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [237864 2015-02-25] (EasyAntiCheat Ltd)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2015-01-16] (NVIDIA Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706128 2015-01-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833360 2015-01-16] (NVIDIA Corporation)
S3 Origin Client Service; D:\Origin\OriginClientService.exe [1910128 2015-02-01] (Electronic Arts)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-12-25] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2015-02-02] ()
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [186048 2014-12-09] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH)
R2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [14407384 2014-04-14] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2014-10-15] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2014-10-15] ()
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\system32\DRIVERS\avgfwd6a.sys [57144 2013-09-26] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [260888 2014-12-08] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [277784 2014-09-24] (AVG Technologies CZ, s.r.o.)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-10-15] (Disc Soft Ltd)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-01-16] (NVIDIA Corporation)
R3 NVVADARM; C:\Windows\system32\drivers\nvvadarm.sys [39240 2015-02-05] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S3 ptun0901; C:\Windows\system32\DRIVERS\ptun0901.sys [27136 2014-08-08] (The OpenVPN Project)
R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [39592 2014-12-30] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2014-12-09] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2014-12-10] (Razer, Inc.)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [33872 2013-02-22] (VMware, Inc.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-03-18] (Microsoft Corporation)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-26 14:22 - 2015-02-26 14:22 - 06791360 _____ (IvoSoft) C:\Users\Hambu_000\Downloads\ClassicShellSetup_4_1_0 (1).exe
2015-02-26 14:16 - 2015-02-26 14:16 - 06791360 _____ (IvoSoft) C:\Users\Hambu_000\Downloads\ClassicShellSetup_4_1_0.exe
2015-02-26 14:12 - 2015-02-26 14:12 - 00000758 _____ () C:\Users\Hambu_000\Desktop\JRT.txt
2015-02-26 14:08 - 2015-02-26 14:08 - 01388274 _____ (Thisisu) C:\Users\Hambu_000\Downloads\JRT.exe
2015-02-26 14:04 - 2015-02-26 14:05 - 00000691 _____ () C:\Users\Hambu_000\Desktop\AdwCleaner.txt
2015-02-26 13:59 - 2015-02-26 14:01 - 00000000 ____D () C:\AdwCleaner
2015-02-26 13:58 - 2015-02-26 13:59 - 02126848 _____ () C:\Users\Hambu_000\Downloads\AdwCleaner_4.111.exe
2015-02-26 13:53 - 2015-02-26 14:03 - 00001102 _____ () C:\Windows\PFRO.log
2015-02-26 13:51 - 2015-02-26 13:51 - 00001512 _____ () C:\Users\Hambu_000\Desktop\Malwarebytes Anti-Malware.txt
2015-02-26 13:39 - 2015-02-26 13:39 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-26 13:39 - 2015-02-26 13:39 - 00001114 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-26 13:39 - 2015-02-26 13:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-26 13:39 - 2015-02-26 13:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-26 13:39 - 2015-02-26 13:39 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-26 13:39 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-26 13:39 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-26 13:39 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-26 13:38 - 2015-02-26 13:38 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Hambu_000\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-25 21:50 - 2015-02-25 21:50 - 00000000 ____D () C:\Users\Hambu_000\AppData\Roaming\.mono
2015-02-25 18:16 - 2015-02-25 18:17 - 03002960 _____ () C:\Users\Hambu_000\Desktop\ts3_recording_15_02_25_18_16_45.wav
2015-02-25 15:49 - 2015-02-25 15:49 - 00027695 _____ () C:\Users\Hambu_000\Downloads\Addition.txt
2015-02-25 15:47 - 2015-02-26 14:21 - 00021049 _____ () C:\Users\Hambu_000\Downloads\FRST.txt
2015-02-25 15:47 - 2015-02-25 15:47 - 02087936 _____ (Farbar) C:\Users\Hambu_000\Downloads\FRST64.exe
2015-02-25 00:09 - 2015-02-25 00:09 - 00387584 _____ () C:\Users\Hambu_000\Downloads\rescue2usb.exe
2015-02-25 00:08 - 2015-02-25 00:13 - 321716224 _____ () C:\Users\Hambu_000\Desktop\kav_rescue_10.iso
2015-02-25 00:04 - 2015-02-25 00:04 - 00000000 ____D () C:\Users\Hambu_000\Documents\2013_08_14
2015-02-25 00:04 - 2014-08-09 12:51 - 00020316 _____ () C:\Users\Hambu_000\Documents\Bewerbung2.odt
2015-02-25 00:04 - 2014-08-09 12:51 - 00020316 _____ () C:\Users\Hambu_000\Documents\Bewerbung.odt
2015-02-25 00:04 - 2014-08-09 12:49 - 00016921 _____ () C:\Users\Hambu_000\Documents\Lebenslauf2.odt
2015-02-24 23:39 - 2014-12-13 22:28 - 00513488 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-24 23:39 - 2014-12-13 22:28 - 00513488 _____ () C:\Windows\system32\locale.nls
2015-02-24 04:39 - 2015-02-26 14:19 - 00006908 _____ () C:\Windows\setupact.log
2015-02-24 04:39 - 2015-02-24 04:39 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-24 04:38 - 2015-02-26 13:48 - 00360825 _____ () C:\Windows\WindowsUpdate.log
2015-02-24 02:54 - 2015-02-24 02:54 - 00000000 ____D () C:\Users\Hambu_000\AppData\Local\Blizzard
2015-02-24 02:50 - 2015-02-24 02:54 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2015-02-24 02:50 - 2015-02-24 02:50 - 00001167 _____ () C:\Users\Public\Desktop\Hearthstone.lnk
2015-02-24 02:50 - 2015-02-24 02:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
2015-02-24 00:51 - 2015-02-26 14:21 - 00000000 ____D () C:\FRST
2015-02-23 13:18 - 2015-02-23 13:18 - 00015360 ___SH () C:\Users\Hambu_000\Downloads\Thumbs.db
2015-02-19 12:18 - 2015-02-19 12:18 - 00000000 ____D () C:\Users\Hambu_000\AppData\Local\Steam
2015-02-13 17:30 - 2015-02-05 18:57 - 00621384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-02-13 17:28 - 2015-02-05 22:01 - 32106640 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-02-13 17:28 - 2015-02-05 22:01 - 25460880 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-02-13 17:28 - 2015-02-05 22:01 - 24768144 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-02-13 17:28 - 2015-02-05 22:01 - 20466496 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-02-13 17:28 - 2015-02-05 22:01 - 17253848 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-02-13 17:28 - 2015-02-05 22:01 - 13294528 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-02-13 17:28 - 2015-02-05 22:01 - 13208200 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-02-13 17:28 - 2015-02-05 22:01 - 10773704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-02-13 17:28 - 2015-02-05 22:01 - 10713256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-02-13 17:28 - 2015-02-05 22:01 - 10284872 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-02-13 17:28 - 2015-02-05 22:01 - 03610768 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-02-13 17:28 - 2015-02-05 22:01 - 03247248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-02-13 17:28 - 2015-02-05 22:01 - 01895240 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434752.dll
2015-02-13 17:28 - 2015-02-05 22:01 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434752.dll
2015-02-13 17:28 - 2015-02-05 22:01 - 00995248 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-02-13 17:28 - 2015-02-05 22:01 - 00969872 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-02-13 17:28 - 2015-02-05 22:01 - 00943760 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-02-13 17:28 - 2015-02-05 22:01 - 00929936 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-02-13 17:28 - 2015-02-05 22:01 - 00908104 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-02-13 17:28 - 2015-02-05 22:01 - 00877816 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-02-13 17:28 - 2015-02-05 22:01 - 00833680 _____ () C:\Windows\system32\nvmcumd.dll
2015-02-13 17:28 - 2015-02-05 22:01 - 00496272 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-02-13 17:28 - 2015-02-05 22:01 - 00399504 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-02-13 17:28 - 2015-02-05 22:01 - 00390472 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-02-13 17:28 - 2015-02-05 22:01 - 00353224 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-02-13 17:28 - 2015-02-05 22:01 - 00345744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-02-13 17:28 - 2015-02-05 22:01 - 00305136 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-02-13 17:28 - 2015-02-05 22:01 - 00177624 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-02-13 17:28 - 2015-02-05 22:01 - 00164752 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-02-13 17:28 - 2015-02-05 22:01 - 00100496 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcaparm.dll
2015-02-13 17:28 - 2015-02-05 22:01 - 00039240 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvadarm.sys
2015-02-13 01:46 - 2015-02-13 01:46 - 00000000 ____D () C:\Windows\SysWOW64\directx
2015-02-11 21:18 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-11 21:18 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-11 02:47 - 2015-02-11 02:47 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
2015-02-11 02:47 - 2015-02-11 02:47 - 00000000 ____D () C:\Program Files\Realtek
2015-02-11 02:47 - 2013-08-21 11:50 - 03591000 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2015-02-11 02:47 - 2013-08-20 19:17 - 02809048 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2015-02-11 02:47 - 2013-08-20 19:17 - 02585304 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO64.dll
2015-02-11 02:47 - 2013-08-20 17:48 - 00633381 _____ () C:\Windows\system32\Drivers\RTAIODAT.DAT
2015-02-11 02:47 - 2013-08-20 09:02 - 04848920 _____ (ASUSTeKcomputer.Inc Inc) C:\Windows\system32\RTKSMlfx.dll
2015-02-11 02:47 - 2013-08-16 14:46 - 00818008 _____ (ASUSTeKcomputer.Inc Inc) C:\Windows\system32\RTKSMSettingsIPC.dll
2015-02-11 02:47 - 2013-08-13 04:21 - 01019136 _____ (SRS Labs, Inc.) C:\Windows\system32\slcnt64.dll
2015-02-11 02:47 - 2013-08-13 04:21 - 00899328 _____ (DTS, Inc.) C:\Windows\system32\sl3apo64.dll
2015-02-11 02:47 - 2013-08-13 04:21 - 00720128 _____ (DTS, Inc.) C:\Windows\system32\sltech64.dll
2015-02-11 02:47 - 2013-08-13 04:21 - 00244480 _____ (TODO: <Company name>) C:\Windows\system32\slprp64.dll
2015-02-11 02:47 - 2013-08-06 08:47 - 00947248 _____ (Sony Corporation) C:\Windows\system32\SFSS_APO.dll
2015-02-11 02:47 - 2013-08-02 19:16 - 01005784 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2015-02-11 02:47 - 2013-08-01 09:59 - 05694760 _____ () C:\Windows\system32\Drivers\rtvienna.dat
2015-02-11 02:47 - 2013-07-26 13:05 - 00617176 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2015-02-11 02:47 - 2013-07-23 14:40 - 02103040 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib64.dll
2015-02-11 02:47 - 2013-06-25 11:47 - 00871856 _____ (TOSHIBA Corporation) C:\Windows\system32\tossaeapo64.dll
2015-02-11 02:47 - 2013-06-25 11:47 - 00162224 _____ (TOSHIBA Corporation) C:\Windows\system32\toseaeapo64.dll
2015-02-11 02:47 - 2013-06-25 11:46 - 00582056 _____ (TOSHIBA Corporation) C:\Windows\system32\tosasfapo64.dll
2015-02-11 02:47 - 2013-04-24 16:16 - 01662024 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2015-02-11 02:47 - 2013-02-20 18:55 - 01284680 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2015-02-11 02:47 - 2012-01-30 11:43 - 00836544 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo264.dll
2015-02-11 02:47 - 2012-01-10 10:20 - 00065944 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\tepeqapo64.dll
2015-02-11 02:47 - 2011-12-20 15:32 - 00331880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2015-02-11 02:47 - 2011-11-22 16:28 - 00014952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2015-02-11 02:47 - 2011-09-02 13:21 - 00221024 _____ (Synopsys, Inc.) C:\Windows\system32\SFNHK64.dll
2015-02-11 02:47 - 2011-09-02 13:21 - 00081248 _____ (Synopsys, Inc.) C:\Windows\system32\SFCOM64.dll
2015-02-11 02:47 - 2011-09-02 13:21 - 00078688 _____ (Synopsys, Inc.) C:\Windows\system32\SFAPO64.dll
2015-02-11 02:47 - 2011-03-17 12:17 - 01361336 _____ (TOSHIBA Corporation) C:\Windows\system32\tosade.dll
2015-02-11 02:47 - 2011-03-07 17:11 - 00148416 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo.dll
2015-02-11 02:47 - 2010-11-08 07:31 - 00375128 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2015-02-11 02:47 - 2010-11-08 07:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2015-02-11 02:47 - 2010-11-08 07:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2015-02-11 02:47 - 2010-11-08 07:31 - 00204120 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2015-02-11 02:47 - 2010-11-08 07:31 - 00101208 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2015-02-11 02:47 - 2010-11-08 07:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2015-02-11 02:47 - 2010-11-03 18:30 - 00149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2015-02-11 02:47 - 2010-07-22 15:48 - 00074064 _____ (Virage Logic Corporation / Sonic Focus) C:\Windows\SysWOW64\SFCOM.dll
2015-02-11 02:47 - 2009-11-24 09:55 - 00518896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2015-02-11 02:47 - 2009-11-24 09:55 - 00211184 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
2015-02-11 02:47 - 2009-11-24 09:55 - 00198896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
2015-02-11 02:47 - 2009-11-24 09:55 - 00155888 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2015-02-11 02:46 - 2013-08-20 17:31 - 00148184 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2015-02-11 02:46 - 2013-08-20 12:51 - 31488000 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
2015-02-11 02:46 - 2013-08-14 15:36 - 01325312 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO5064.dll
2015-02-11 02:46 - 2013-08-14 15:36 - 00662784 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVolumeSDAPO.dll
2015-02-11 02:46 - 2013-08-14 15:35 - 01084160 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO4064.dll
2015-02-11 02:46 - 2013-08-14 15:35 - 00907008 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO2064.dll
2015-02-11 02:46 - 2013-08-14 15:35 - 00663296 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll
2015-02-11 02:46 - 2013-08-07 16:34 - 00765184 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxSpeechAPO64.dll
2015-02-11 02:46 - 2013-07-28 09:48 - 27518208 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioVnA64.dll
2015-02-11 02:46 - 2013-07-24 09:07 - 02032896 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ64.dll
2015-02-11 02:46 - 2013-07-23 14:40 - 03610880 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioVnN64.dll
2015-02-11 02:46 - 2013-07-23 14:39 - 14048512 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek64.dll
2015-02-11 02:46 - 2013-07-23 14:39 - 01916672 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek264.dll
2015-02-11 02:46 - 2013-07-23 14:39 - 00922880 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell64.dll
2015-02-11 02:46 - 2013-04-03 13:13 - 00906800 _____ (Sony Corporation) C:\Windows\system32\MISS_APO.dll
2015-02-11 02:46 - 2012-08-31 18:18 - 07164176 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64A.dll
2015-02-11 02:46 - 2012-08-31 18:17 - 00434960 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64A.dll
2015-02-11 02:46 - 2012-08-31 18:17 - 00141584 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64A.dll
2015-02-11 02:46 - 2012-08-31 18:17 - 00124176 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll
2015-02-11 02:46 - 2012-08-31 18:17 - 00075024 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64A.dll
2015-02-11 02:46 - 2010-09-27 08:34 - 00318808 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2015-02-11 02:45 - 2011-08-23 16:00 - 00603984 _____ (Knowles Acoustics ) C:\Windows\system32\KAAPORT64.dll
2015-02-11 02:44 - 2013-08-07 16:41 - 00113576 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2015-02-11 02:44 - 2013-08-06 03:56 - 06219096 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64A.dll
2015-02-11 02:44 - 2013-08-06 03:56 - 01908568 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64A.dll
2015-02-11 02:44 - 2013-08-06 03:56 - 00312152 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64A.dll
2015-02-11 02:44 - 2013-08-06 03:56 - 00261464 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64.dll
2015-02-11 02:44 - 2013-08-05 17:11 - 02743328 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2015-02-11 02:44 - 2013-07-11 13:15 - 00557880 _____ () C:\Windows\system32\audioLibVc.dll
2015-02-11 02:44 - 2013-06-21 10:01 - 00109848 _____ () C:\Windows\system32\AcpiServiceVnA64.dll
2015-02-11 02:44 - 2013-06-05 20:42 - 00208072 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2015-02-11 02:44 - 2012-10-02 13:41 - 00501192 _____ (DTS) C:\Windows\system32\DTSU2PLFX64.dll
2015-02-11 02:44 - 2012-10-02 13:41 - 00487368 _____ (DTS) C:\Windows\system32\DTSU2PGFX64.dll
2015-02-11 02:44 - 2012-10-02 13:41 - 00415688 _____ (DTS) C:\Windows\system32\DTSU2PREC64.dll
2015-02-11 02:44 - 2012-03-08 11:47 - 00108640 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2015-02-11 02:44 - 2011-05-31 08:42 - 01756264 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL64.dll
2015-02-11 02:44 - 2011-05-31 08:42 - 01568360 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL64.dll
2015-02-11 02:44 - 2011-05-31 08:42 - 01486952 _____ (DTS) C:\Windows\system32\DTSBoostDLL64.dll
2015-02-11 02:44 - 2011-05-31 08:42 - 00728680 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL64.dll
2015-02-11 02:44 - 2011-05-31 08:42 - 00712296 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL64.dll
2015-02-11 02:44 - 2011-05-31 08:42 - 00693352 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL64.dll
2015-02-11 02:44 - 2011-05-31 08:42 - 00491112 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL64.dll
2015-02-11 02:44 - 2011-05-31 08:42 - 00432744 _____ (DTS) C:\Windows\system32\DTSLimiterDLL64.dll
2015-02-11 02:44 - 2011-05-31 08:42 - 00428648 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL64.dll
2015-02-11 02:44 - 2011-05-31 08:42 - 00242792 _____ (DTS) C:\Windows\system32\DTSLFXAPO64.dll
2015-02-11 02:44 - 2011-05-31 08:42 - 00242792 _____ (DTS) C:\Windows\system32\DTSGFXAPO64.dll
2015-02-11 02:44 - 2011-05-31 08:42 - 00241768 _____ (DTS) C:\Windows\system32\DTSGFXAPONS64.dll
2015-02-11 00:51 - 2015-01-19 19:42 - 01487976 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2015-02-11 00:51 - 2015-01-15 23:43 - 00563504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 00:51 - 2015-01-15 23:43 - 00177984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 00:51 - 2015-01-14 05:22 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-02-11 00:51 - 2015-01-14 04:53 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-02-11 00:51 - 2015-01-13 23:11 - 01762840 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 00:51 - 2015-01-13 23:04 - 01489072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 00:51 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 00:51 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 00:51 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 00:51 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-11 00:51 - 2015-01-12 03:34 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-02-11 00:51 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-11 00:51 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 00:51 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-11 00:51 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 00:51 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-11 00:51 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-11 00:51 - 2015-01-12 02:58 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-02-11 00:51 - 2015-01-12 02:55 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-02-11 00:51 - 2015-01-12 02:51 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-02-11 00:51 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 00:51 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 00:51 - 2015-01-12 02:48 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 00:51 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 00:51 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-11 00:51 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 00:51 - 2015-01-12 02:34 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-02-11 00:51 - 2015-01-12 02:30 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-02-11 00:51 - 2015-01-12 02:27 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-02-11 00:51 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 00:51 - 2015-01-12 02:25 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-02-11 00:51 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-11 00:51 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-11 00:51 - 2015-01-12 02:23 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-11 00:51 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-11 00:51 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 00:51 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-11 00:51 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-11 00:51 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-11 00:51 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-11 00:51 - 2015-01-10 10:10 - 07472960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 00:51 - 2015-01-10 10:10 - 01733440 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-02-11 00:51 - 2015-01-10 09:28 - 01498360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-02-11 00:51 - 2015-01-10 09:22 - 04175872 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-11 00:51 - 2015-01-10 08:00 - 00430080 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 00:51 - 2015-01-10 07:38 - 00359424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-11 00:51 - 2014-12-19 09:57 - 00788680 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 00:51 - 2014-12-19 09:25 - 00602776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-11 00:51 - 2014-12-09 04:45 - 00393728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 00:51 - 2014-12-09 02:56 - 00538624 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 00:51 - 2014-12-09 00:12 - 00391526 _____ () C:\Windows\system32\ApnDatabase.xml
2015-02-10 13:44 - 2015-02-10 13:44 - 00001363 _____ () C:\Users\Public\Desktop\GeForce Experience.lnk
2015-02-10 13:44 - 2015-02-10 13:44 - 00000000 ____D () C:\Users\Hambu_000\AppData\Local\NVIDIA
2015-02-10 13:44 - 2015-01-16 07:40 - 01316184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-02-10 13:44 - 2015-01-16 07:40 - 01278920 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-02-10 13:44 - 2015-01-16 07:39 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-02-10 13:44 - 2015-01-16 07:39 - 01514528 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-02-10 13:44 - 2014-11-22 11:46 - 00038032 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2015-02-10 13:44 - 2014-11-22 11:46 - 00035472 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2015-02-10 13:44 - 2014-11-22 11:46 - 00032400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2015-02-08 21:39 - 2015-02-25 21:46 - 00237864 _____ (EasyAntiCheat Ltd) C:\Windows\SysWOW64\EasyAntiCheat.exe
2015-02-06 16:00 - 2015-02-24 00:44 - 00000000 ____D () C:\Program Files (x86)\Mp3tag
2015-02-03 10:22 - 2015-02-03 10:22 - 00000000 ____D () C:\Users\Hambu_000\Documents\BFH Beta 2
2015-02-02 22:05 - 2015-02-02 22:05 - 00344064 _____ () C:\Users\Hambu_000\Documents\Meine neue App.accdb
2015-02-02 22:04 - 2015-02-02 22:04 - 00003021 _____ () C:\Users\Hambu_000\Desktop\Visio 2013.lnk
2015-02-02 22:04 - 2015-02-02 22:04 - 00002953 _____ () C:\Users\Hambu_000\Desktop\Publisher 2013.lnk
2015-02-02 22:04 - 2015-02-02 22:04 - 00002845 _____ () C:\Users\Hambu_000\Desktop\Access 2013.lnk
2015-02-02 21:58 - 2015-02-02 21:58 - 00003053 _____ () C:\Users\Hambu_000\Desktop\Excel 2013.lnk
2015-02-02 21:58 - 2015-02-02 21:58 - 00002953 _____ () C:\Users\Hambu_000\Desktop\PowerPoint 2013.lnk
2015-02-02 21:57 - 2015-02-02 21:57 - 00003031 _____ () C:\Users\Hambu_000\Desktop\Word 2013.lnk
2015-02-02 21:52 - 2015-02-02 21:52 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server
2015-02-02 21:51 - 2015-02-02 21:52 - 00000000 ____D () C:\Program Files\Microsoft SQL Server
2015-02-01 15:49 - 2015-02-02 21:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-29 18:02 - 2015-01-29 18:02 - 00000000 ___RD () C:\Users\Hambu_000\AppData\Roaming\Brother
2015-01-29 18:01 - 2015-01-29 18:02 - 00000432 _____ () C:\Windows\BRWMARK.INI
2015-01-29 18:01 - 2015-01-29 18:01 - 00000034 _____ () C:\Windows\SysWOW64\BD2030.DAT

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-26 14:20 - 2014-11-02 18:05 - 00001126 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-26 14:19 - 2014-11-02 18:05 - 00001122 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-26 14:19 - 2014-10-15 21:34 - 00001358 _____ () C:\Windows\Tasks\XZWU.job
2015-02-26 14:19 - 2014-10-15 21:34 - 00001354 _____ () C:\Windows\Tasks\WJ.job
2015-02-26 14:19 - 2014-10-15 21:03 - 00000000 ____D () C:\Users\Hambu_000\AppData\Roaming\ClassicShell
2015-02-26 14:19 - 2014-10-15 20:51 - 00000000 ___RD () C:\Users\Hambu_000\SkyDrive
2015-02-26 14:16 - 2014-10-15 21:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Classic Shell
2015-02-26 14:16 - 2014-10-15 21:02 - 00000000 ____D () C:\Program Files\Classic Shell
2015-02-26 14:14 - 2014-10-15 20:54 - 00003594 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2088537837-413021123-565316019-1001
2015-02-26 14:03 - 2014-12-25 21:38 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-26 14:03 - 2014-10-15 22:19 - 00000000 ____D () C:\ProgramData\VMware
2015-02-26 14:03 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-26 14:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2015-02-26 13:53 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\Registration
2015-02-26 13:52 - 2014-10-19 13:13 - 00000000 ____D () C:\Users\Hambu_000\AppData\Roaming\TS3Client
2015-02-26 13:52 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-02-26 13:34 - 2014-10-15 21:56 - 00000000 ____D () C:\ProgramData\MFAData
2015-02-26 13:34 - 2014-10-15 20:53 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{74B743A0-6143-453C-B8BE-B47F9D254E7E}
2015-02-26 04:23 - 2014-10-18 12:13 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-25 23:09 - 2014-10-22 22:25 - 00000000 ____D () C:\Users\Hambu_000\AppData\Local\Arma 3
2015-02-25 14:21 - 2014-12-15 11:41 - 00000000 ____D () C:\Users\Hambu_000\AppData\Local\Battle.net
2015-02-25 13:42 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-02-25 00:07 - 2014-10-15 20:51 - 01785100 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-25 00:07 - 2013-09-30 04:58 - 00767024 _____ () C:\Windows\system32\perfh007.dat
2015-02-25 00:07 - 2013-09-30 04:58 - 00160370 _____ () C:\Windows\system32\perfc007.dat
2015-02-24 21:51 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache
2015-02-24 20:55 - 2014-10-15 22:28 - 00000000 ____D () C:\Users\Hambu_000\AppData\Roaming\Skype
2015-02-24 13:27 - 2014-10-15 21:29 - 00189952 ___SH () C:\Users\Hambu_000\Desktop\Thumbs.db
2015-02-24 00:18 - 2014-10-20 16:58 - 00000000 ____D () C:\Users\Hambu_000\AppData\Roaming\vlc
2015-02-21 22:51 - 2014-12-28 20:03 - 00000000 ____D () C:\Users\Hambu_000\AppData\Roaming\FileZilla
2015-02-21 22:51 - 2014-11-23 18:12 - 00000000 ____D () C:\Users\Hambu_000\AppData\Roaming\TeamViewer
2015-02-21 22:51 - 2014-11-11 18:56 - 00000000 ___DC () C:\Users\Hambu_000\AppData\Local\MigWiz
2015-02-21 22:51 - 2014-10-15 22:32 - 00000000 ____D () C:\Windows\Minidump
2015-02-21 22:51 - 2014-10-15 21:42 - 00000000 ____D () C:\Windows\Panther
2015-02-21 22:51 - 2014-10-15 21:32 - 00000000 ____D () C:\Users\Hambu_000\AppData\Roaming\DAEMON Tools Lite
2015-02-20 19:42 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-02-19 22:28 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2015-02-17 06:15 - 2014-10-15 22:08 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-02-17 06:14 - 2014-10-15 22:07 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-15 01:50 - 2014-12-02 23:01 - 00000000 ____D () C:\Users\Hambu_000\Desktop\Prime95
2015-02-13 17:30 - 2014-10-15 21:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-02-13 01:44 - 2014-12-27 02:26 - 00000000 ____D () C:\Users\Hambu_000\Documents\My Games
2015-02-12 17:48 - 2014-10-18 12:13 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-12 17:48 - 2014-10-18 12:13 - 00000000 ____D () C:\Users\Hambu_000\AppData\Local\Adobe
2015-02-11 14:32 - 2013-08-22 15:44 - 00480816 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-11 04:02 - 2014-10-21 22:50 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-11 03:58 - 2014-10-21 22:50 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-11 03:57 - 2013-08-22 14:25 - 00000167 _____ () C:\Windows\win.ini
2015-02-11 02:48 - 2014-10-15 21:11 - 00000000 ___HD () C:\Program Files (x86)\Temp
2015-02-11 02:43 - 2014-10-15 21:10 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-02-10 20:55 - 2014-10-15 21:48 - 00000000 ____D () C:\ProgramData\Origin
2015-02-10 16:21 - 2014-10-15 20:48 - 00000000 ____D () C:\Users\Hambu_000\AppData\Local\Packages
2015-02-10 13:45 - 2014-10-15 21:36 - 00007606 _____ () C:\Users\Hambu_000\AppData\Local\Resmon.ResmonCfg
2015-02-10 13:44 - 2014-10-15 21:15 - 00000000 ____D () C:\Users\Hambu_000\AppData\Local\NVIDIA Corporation
2015-02-10 13:44 - 2014-10-15 20:54 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2015-02-10 13:44 - 2014-10-15 20:54 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-02-10 13:44 - 2014-10-15 20:54 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2015-02-10 10:03 - 2014-10-15 21:17 - 00000000 ____D () C:\ProgramData\KMSAutoS
2015-02-09 15:40 - 2014-10-15 20:48 - 00000000 ____D () C:\Users\Hambu_000
2015-02-08 20:48 - 2014-10-16 00:37 - 00226680 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2015-02-08 14:41 - 2014-10-16 00:37 - 00226680 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2015-02-08 12:25 - 2014-10-22 18:22 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-08 01:33 - 2014-12-15 11:41 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2015-02-07 20:56 - 2014-10-15 21:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-07 03:42 - 2015-01-19 16:52 - 00000000 ____D () C:\Program Files (x86)\Razer
2015-02-06 16:23 - 2014-12-28 20:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2015-02-06 16:23 - 2014-12-28 20:03 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
2015-02-06 16:15 - 2014-11-02 18:05 - 00004098 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-06 16:15 - 2014-11-02 18:05 - 00003862 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-05 22:01 - 2014-12-25 21:39 - 16017040 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-02-05 22:01 - 2014-12-25 21:39 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvmcvadgenco64.dll
2015-02-05 22:01 - 2014-12-25 21:38 - 00074056 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-02-05 22:01 - 2014-12-25 21:38 - 00060560 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-02-05 22:01 - 2014-11-02 17:14 - 18575880 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-02-05 22:01 - 2014-11-02 17:14 - 14119744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-02-05 22:01 - 2014-11-02 17:14 - 03299512 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-02-05 22:01 - 2014-11-02 17:14 - 02902784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-02-05 22:01 - 2014-11-02 17:14 - 00027441 _____ () C:\Windows\system32\nvinfo.pb
2015-02-05 20:07 - 2014-12-25 21:38 - 06861128 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-02-05 20:07 - 2014-12-25 21:38 - 03517584 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-02-05 20:07 - 2014-12-25 21:38 - 02558792 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-02-05 20:07 - 2014-12-25 21:38 - 00935056 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-02-05 20:07 - 2014-12-25 21:38 - 00062792 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-02-05 20:06 - 2014-12-25 21:38 - 00385168 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-02-05 13:50 - 2014-12-25 21:38 - 04236870 _____ () C:\Windows\system32\nvcoproc.bin
2015-02-04 03:29 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-03 20:31 - 2013-08-22 16:38 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-03 20:31 - 2013-08-22 16:38 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-03 10:30 - 2014-10-19 14:40 - 00000000 ____D () C:\Users\Hambu_000\AppData\Local\PunkBuster
2015-02-03 01:03 - 2014-12-24 21:28 - 00000311 _____ () C:\Users\Hambu_000\Desktop\Neues Textdokument.txt
2015-02-02 22:56 - 2014-10-16 00:37 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2015-02-02 22:01 - 2014-10-15 21:17 - 00003748 _____ () C:\Windows\System32\Tasks\KMSAutoNet
2015-02-02 22:01 - 2014-10-15 21:17 - 00000000 ____D () C:\Users\Hambu_000\AppData\Local\MSfree Inc
2015-02-02 22:00 - 2014-10-15 21:29 - 00000000 ____D () C:\Users\Hambu_000\Desktop\Weis-IT
2015-02-02 21:59 - 2014-10-15 22:17 - 00000000 ____D () C:\Program Files\KMSpico
2015-02-02 21:53 - 2013-09-30 05:00 - 00000000 ____D () C:\Windows\ShellNew
2015-02-02 21:53 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-02-02 21:51 - 2014-10-15 22:07 - 00000000 ____D () C:\Program Files\Microsoft Office
2015-02-02 21:50 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\System
2015-01-29 17:58 - 2014-11-02 16:45 - 00000000 ____D () C:\Users\Hambu_000\AppData\Roaming\Foxit Software

==================== Files in the root of some directories =======

2014-09-01 09:18 - 2014-09-01 09:18 - 0001248 _____ () C:\Users\Hambu_000\AppData\Roaming\XZWU
2014-10-15 21:36 - 2015-02-10 13:45 - 0007606 _____ () C:\Users\Hambu_000\AppData\Local\Resmon.ResmonCfg
2014-10-15 21:12 - 2014-10-15 21:12 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some content of TEMP:
====================
C:\Users\Hambu_000\AppData\Local\Temp\Quarantine.exe
C:\Users\Hambu_000\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-18 06:15

==================== End Of Log ============================
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-02-2015 01
Ran by Hambu_000 at 2015-02-26 14:22:35
Running from C:\Users\Hambu_000\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG Internet Security 2015 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security 2015 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2015 (Enabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Arma 3 (HKLM-x32\...\Steam App 107410) (Version:  - Bohemia Interactive)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5645 - AVG Technologies)
AVG 2015 (Version: 15.0.4299 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5645 - AVG Technologies) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.4.2.23831 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.0 - EA Digital Illusions CE AB)
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
CPUID HWMonitor 1.26 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Epoch Launcher (HKU\S-1-5-21-2088537837-413021123-565316019-1001\...\de6ddf4941177887) (Version: 0.0.1.12 - Epoch Mod Team)
FileZilla Client 3.10.1.1 (HKLM-x32\...\FileZilla Client) (Version: 3.10.1.1 - Tim Kosse)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.0.3.916 - Foxit Software Inc.)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Java 7 Update 71 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417071FF}) (Version: 7.0.710 - Oracle)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
KMSpico v9.2.3 (HKLM\...\KMSpico_is1) (Version: 9.2.3 - )
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visio Professional 2013 (HKLM\...\Office15.VISPRO) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0 - Mozilla)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.9 - Notepad++ Team)
NVIDIA 3D Vision Controller-Treiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.52 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation)
NVIDIA Grafiktreiber 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.52 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA Miracast Virtueller Ton 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 347.52 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.5.3.636 - Electronic Arts, Inc.)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.994 - Even Balance, Inc.)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.19.23944 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.)
Robocraft (HKLM-x32\...\Steam App 301520) (Version:  - Freejam)
ROCCAT Power-Grid Version 0.459 (HKLM-x32\...\{953CF6E6-4EC8-4E55-A263-720CEBD591FE}_is1) (Version: 0.459 - ROCCAT GmbH)
Rust (HKLM-x32\...\Steam App 252490) (Version:  - Facepunch Studios)
SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden
Skype™ 6.21 (HKLM-x32\...\{1845470B-EB14-4ABC-835B-E36C693DC07D}) (Version: 6.21.104 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.36897 - TeamViewer)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Uplay (HKLM-x32\...\Uplay) (Version: 4.9 - Ubisoft)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VMware Workstation (HKLM-x32\...\VMware_Workstation) (Version: 10.0.2 - VMware, Inc)
VMware Workstation (Version: 10.0.2 - VMware, Inc.) Hidden
War Thunder (HKLM-x32\...\Steam App 236390) (Version:  - Gaijin Entertainment)
WinRAR 5.11 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

08-02-2015 12:24:40 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
12-02-2015 00:45:06 Windows Update
17-02-2015 06:12:23 Windows Update
24-02-2015 00:44:59 UltraMon wird entfernt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1C258240-6AFD-4796-A7CB-AFFCDE206031} - System32\Tasks\KMSAutoNet => C:\ProgramData\KMSAutoS\KMSAuto Net.exe [2014-08-06] (MSfree Inc.)
Task: {3331BEA8-7FD7-490E-B05C-35FD2CCD4F85} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {4716A9FB-7C07-48AA-A491-8E3EE60D7A2B} - System32\Tasks\AutoKMSCustom => C:\Windows\AutoKMS\AutoKMS.exe [2014-10-15] ()
Task: {6E971E23-23A8-40BA-8FA3-7FA14E4D46F7} - System32\Tasks\WJ => C:\Users\Hambu_000\AppData\Roaming\WJ.exe <==== ATTENTION
Task: {727A1936-E7F8-490A-8B95-1143D0A873F1} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-02-11] (Microsoft Corporation)
Task: {729780D9-8393-45EB-940C-BFF9C6D8E249} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {8D17D1A0-D45A-47CA-9B93-B86EE63D39EA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-02] (Google Inc.)
Task: {900C6ADB-2D9B-4A22-95B5-EB8031C1C7A7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {CBFF573A-3E3C-477C-902C-22BBB7A6B0A8} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2014-03-02] ()
Task: {CC2F19EB-129B-4448-961D-B3ED45719072} - System32\Tasks\XZWU => C:\Users\Hambu_000\AppData\Roaming\XZWU.exe <==== ATTENTION
Task: {F2973FD1-F2BC-4345-B0BE-0B530C97BD2A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-12] (Adobe Systems Incorporated)
Task: {FE86DE69-1236-4E59-AAF2-7D63B66D79F3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-02] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\WJ.job => C:\Users\Hambu_000\AppData\Roaming\WJ.exe <==== ATTENTION
Task: C:\Windows\Tasks\XZWU.job => C:\Users\Hambu_000\AppData\Roaming\XZWU.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) ==============

2014-10-16 00:37 - 2015-02-02 22:56 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-12-09 23:22 - 2014-12-09 23:22 - 00186048 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2014-04-14 15:04 - 2014-04-14 15:04 - 14407384 _____ () C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
2014-10-15 21:10 - 2014-10-15 21:10 - 00920736 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
2014-12-25 21:38 - 2015-02-05 20:07 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-12-19 04:22 - 2014-12-19 04:22 - 00290816 _____ () C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
2014-04-14 15:41 - 2014-04-14 15:41 - 01261272 _____ () C:\Program Files (x86)\VMware\VMware Workstation\libxml2.dll
2014-10-15 21:10 - 2015-02-26 14:05 - 00033280 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\PEbiosinterface32.dll
2014-10-15 21:10 - 2014-10-15 21:09 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\ATKEX.dll
2015-01-19 17:07 - 2014-11-26 03:12 - 40622592 _____ () C:\Users\Hambu_000\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libcef.dll
2014-12-19 04:22 - 2014-12-19 04:22 - 00192512 _____ () C:\ProgramData\Razer\Synapse\RzStats\RigWrapper.dll
2015-01-19 17:07 - 2014-11-26 03:12 - 00911360 _____ () C:\Users\Hambu_000\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libglesv2.dll
2015-01-19 17:07 - 2014-11-26 03:12 - 00134144 _____ () C:\Users\Hambu_000\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libegl.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Hambu_000\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2088537837-413021123-565316019-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Hambu_000\Desktop\kontra_k_by_ezzkah-d5zfzsh.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "vmware-tray.exe"
HKLM\...\StartupApproved\Run32: => "vProt"
HKU\S-1-5-21-2088537837-413021123-565316019-1001\...\StartupApproved\Run: => "DAEMON Tools Lite"
HKU\S-1-5-21-2088537837-413021123-565316019-1001\...\StartupApproved\Run: => "EADM"
HKU\S-1-5-21-2088537837-413021123-565316019-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-2088537837-413021123-565316019-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_D1EF6F3B51D0D08552EA818CAB33B365"

==================== Accounts: =============================

Administrator (S-1-5-21-2088537837-413021123-565316019-500 - Administrator - Disabled)
Gast (S-1-5-21-2088537837-413021123-565316019-501 - Limited - Disabled)
Hambu_000 (S-1-5-21-2088537837-413021123-565316019-1001 - Administrator - Enabled) => C:\Users\Hambu_000
HomeGroupUser$ (S-1-5-21-2088537837-413021123-565316019-1003 - Limited - Enabled)
Steph_000 (S-1-5-21-2088537837-413021123-565316019-1005 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: VMware Virtual Ethernet Adapter for VMnet1
Description: VMware Virtual Ethernet Adapter for VMnet1
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: VMware, Inc.
Service: VMnetAdapter
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: VMware Virtual Ethernet Adapter for VMnet8
Description: VMware Virtual Ethernet Adapter for VMnet8
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: VMware, Inc.
Service: VMnetAdapter
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: MTP-USB-Gerät
Description: MTP-USB-Gerät
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: (Standardmäßiges MTP-Gerät)
Service: WUDFWpdMtp
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Android Phone
Description: Android Phone
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/26/2015 02:16:58 PM) (Source: Winlogon) (EventID: 4005) (User: )
Description: Der Windows-Anmeldeprozess wurde unerwartet beendet.


System errors:
=============
Error: (02/26/2015 02:17:11 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 5


Microsoft Office Sessions:
=========================
Error: (02/26/2015 02:16:58 PM) (Source: Winlogon) (EventID: 4005) (User: )
Description:


==================== Memory info ===========================

Processor: AMD FX(tm)-8150 Eight-Core Processor
Percentage of memory in use: 27%
Total physical RAM: 8137.34 MB
Available physical RAM: 5913.36 MB
Total Pagefile: 16841.34 MB
Available Pagefile: 14182.18 MB
Total Virtual: 131072 MB
Available Virtual: 131071.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:236.04 GB) NTFS
Drive d: () (Fixed) (Total:465.76 GB) (Free:305.98 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: CD040803)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 1BE7CFDC)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================
Das Problem besteht immer noch ich danke schon mal im vorraus

schrauber 26.02.2015 18:15

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Antrox 26.02.2015 21:46
Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=b2883664a0190f449052397a29f06d77
# engine=22662
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-02-26 08:07:49
# local_time=2015-02-26 09:07:49 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1='AVG Internet Security 2015'
# compatibility_mode=1053 16777213 100 100 124546 112115253 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 9004524 49862562 0 0
# scanned=268404
# found=1
# cleaned=0
# scan_time=6835
sh=DDD7E789E67132CF6C5D8169B2F46E3498FCA60F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Hambu_000\AppData\Roaming\XZWU"
Code:
Results of screen317's Security Check version 0.99.96 
  x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
AVG Internet Security 2015 
Windows Defender           
 Antivirus out of date! 
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 71 
 Java 8 Update 25 
 Java version 32-bit out of Date!
  Java 64-bit 8 Update 31 
 Adobe Flash Player        16.0.0.305 
 Mozilla Firefox (35.0.1)
 Google Chrome (40.0.2214.111)
 Google Chrome (40.0.2214.115)
````````Process Check: objlist.exe by Laurent```````` 
 AVG avgwdsvc.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-02-2015 01
Ran by Hambu_000 (administrator) on FLO on 26-02-2015 21:43:54
Running from C:\Users\Hambu_000\Downloads
Loaded Profiles: Hambu_000 (Available profiles: Hambu_000)
Platform: Windows 8.1 Pro (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(DTS) C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
() C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
() C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
(Razer, Inc.) C:\Users\Hambu_000\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TeamSpeak Systems GmbH) C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe
(Valve Corporation) D:\Steam\Steam.exe
(Valve Corporation) D:\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) D:\Steam\bin\steamwebhelper.exe
(Valve Corporation) D:\Steam\bin\steamwebhelper.exe
(Bohemia Interactive) D:\Steam\SteamApps\common\Arma 3\arma3.exe
(Valve Corporation) D:\Steam\GameOverlayUI.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585744 2015-01-16] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-19] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3667472 2014-12-18] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vmware-tray.exe] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [112856 2014-04-14] (VMware, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585536 2015-01-06] (Razer Inc.)
HKU\S-1-5-21-2088537837-413021123-565316019-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-2088537837-413021123-565316019-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22058080 2014-10-01] (Skype Technologies S.A.)
HKU\S-1-5-21-2088537837-413021123-565316019-1001\...\Run: [EADM] => D:\Origin\Origin.exe [3619160 2015-02-01] (Electronic Arts)
HKU\S-1-5-21-2088537837-413021123-565316019-1001\...\Run: [GoogleChromeAutoLaunch_D1EF6F3B51D0D08552EA818CAB33B365] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [898376 2015-02-18] (Google Inc.)
HKU\S-1-5-21-2088537837-413021123-565316019-1001\...\MountPoints2: {42e3c0e1-ac8e-11e4-8281-c8600089ef5f} - "E:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-2088537837-413021123-565316019-1001\...\MountPoints2: {8e2549c7-72f5-11e4-8267-c8600089ef5f} - "E:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-2088537837-413021123-565316019-1001\...\MountPoints2: {8e2549dc-72f5-11e4-8267-c8600089ef5f} - "E:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-2088537837-413021123-565316019-1001\...\MountPoints2: {f28296f1-64b1-11e4-825a-c8600089ef5f} - "E:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-2088537837-413021123-565316019-1001\...\MountPoints2: {f2829718-64b1-11e4-825a-c8600089ef5f} - "E:\HTC_Sync_Manager_PC.exe"
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2088537837-413021123-565316019-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/search?FORM=INCOH1&PC=IC02
HKU\S-1-5-21-2088537837-413021123-565316019-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
SearchScopes: HKLM -> {39118170-7B07-4BC5-8B47-C62B1DC1DC99} URL = hxxp://www.bing.com/search?FORM=INCOH1&PC=IC02&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2088537837-413021123-565316019-1001 -> {39118170-7B07-4BC5-8B47-C62B1DC1DC99} URL = hxxp://www.bing.com/search?FORM=INCOH1&PC=IC02&q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Hambu_000\AppData\Roaming\Mozilla\Firefox\Profiles\vck1ypx5.default
FF SelectedSearchEngine: Bing
FF Homepage: https://www.google.de/?gws_rd=ssl
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKU\S-1-5-21-2088537837-413021123-565316019-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Extension: MEGA - C:\Users\Hambu_000\AppData\Roaming\Mozilla\Firefox\Profiles\vck1ypx5.default\Extensions\firefox@mega.co.nz.xpi [2014-12-25]
FF Extension: Adblock Plus - C:\Users\Hambu_000\AppData\Roaming\Mozilla\Firefox\Profiles\vck1ypx5.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-10-15]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.de/
CHR StartupUrls: Default -> "hxxp://google.de/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Hambu_000\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Hambu_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-02]
CHR Extension: (Google Docs) - C:\Users\Hambu_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-02]
CHR Extension: (Google Drive) - C:\Users\Hambu_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-02]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Hambu_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-02]
CHR Extension: (YouTube) - C:\Users\Hambu_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-02]
CHR Extension: (Adblock Plus) - C:\Users\Hambu_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-11-02]
CHR Extension: (Google Search) - C:\Users\Hambu_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-02]
CHR Extension: (Google Sheets) - C:\Users\Hambu_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-02]
CHR Extension: (Google Wallet) - C:\Users\Hambu_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-02]
CHR Extension: (Gmail) - C:\Users\Hambu_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-02]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2014-10-15] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2014-10-15] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2014-10-15] (ASUSTeK Computer Inc.)
S2 avgfws; C:\Program Files (x86)\AVG\AVG2015\avgfws.exe [1486664 2014-12-18] (AVG Technologies CZ, s.r.o.)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3432976 2014-12-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [298080 2014-12-18] (AVG Technologies CZ, s.r.o.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 DTSAudioService; C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe [210024 2011-05-31] (DTS)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [237864 2015-02-25] (EasyAntiCheat Ltd)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2015-01-16] (NVIDIA Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706128 2015-01-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833360 2015-01-16] (NVIDIA Corporation)
S3 Origin Client Service; D:\Origin\OriginClientService.exe [1910128 2015-02-01] (Electronic Arts)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-12-25] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2015-02-02] ()
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [186048 2014-12-09] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH)
R2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [14407384 2014-04-14] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2014-10-15] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2014-10-15] ()
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\system32\DRIVERS\avgfwd6a.sys [57144 2013-09-26] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [260888 2014-12-08] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [277784 2014-09-24] (AVG Technologies CZ, s.r.o.)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-10-15] (Disc Soft Ltd)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-01-16] (NVIDIA Corporation)
R3 NVVADARM; C:\Windows\system32\drivers\nvvadarm.sys [39240 2015-02-05] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S3 ptun0901; C:\Windows\system32\DRIVERS\ptun0901.sys [27136 2014-08-08] (The OpenVPN Project)
R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [39592 2014-12-30] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2014-12-09] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2014-12-10] (Razer, Inc.)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [33872 2013-02-22] (VMware, Inc.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-03-18] (Microsoft Corporation)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-26 21:37 - 2015-02-26 21:37 - 00852594 _____ () C:\Users\Hambu_000\Downloads\SecurityCheck.exe
2015-02-26 21:37 - 2015-02-26 21:37 - 00852594 _____ () C:\Users\Hambu_000\Desktop\SecurityCheck.exe
2015-02-26 19:12 - 2015-02-26 19:12 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-02-26 19:11 - 2015-02-26 19:11 - 02347384 _____ (ESET) C:\Users\Hambu_000\Downloads\esetsmartinstaller_deu.exe
2015-02-26 17:29 - 2015-02-26 17:29 - 00004608 _____ () C:\Windows\SECOH-QAD.exe
2015-02-26 17:29 - 2015-02-26 17:29 - 00003584 _____ () C:\Windows\SECOH-QAD.dll
2015-02-26 14:22 - 2015-02-26 14:22 - 06791360 _____ (IvoSoft) C:\Users\Hambu_000\Downloads\ClassicShellSetup_4_1_0 (1).exe
2015-02-26 14:16 - 2015-02-26 14:16 - 06791360 _____ (IvoSoft) C:\Users\Hambu_000\Downloads\ClassicShellSetup_4_1_0.exe
2015-02-26 14:12 - 2015-02-26 14:12 - 00000758 _____ () C:\Users\Hambu_000\Desktop\JRT.txt
2015-02-26 14:08 - 2015-02-26 14:08 - 01388274 _____ (Thisisu) C:\Users\Hambu_000\Downloads\JRT.exe
2015-02-26 14:04 - 2015-02-26 14:05 - 00000691 _____ () C:\Users\Hambu_000\Desktop\AdwCleaner.txt
2015-02-26 13:59 - 2015-02-26 14:01 - 00000000 ____D () C:\AdwCleaner
2015-02-26 13:58 - 2015-02-26 13:59 - 02126848 _____ () C:\Users\Hambu_000\Downloads\AdwCleaner_4.111.exe
2015-02-26 13:53 - 2015-02-26 14:03 - 00001102 _____ () C:\Windows\PFRO.log
2015-02-26 13:51 - 2015-02-26 13:51 - 00001512 _____ () C:\Users\Hambu_000\Desktop\Malwarebytes Anti-Malware.txt
2015-02-26 13:39 - 2015-02-26 13:39 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-26 13:39 - 2015-02-26 13:39 - 00001114 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-26 13:39 - 2015-02-26 13:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-26 13:39 - 2015-02-26 13:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-26 13:39 - 2015-02-26 13:39 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-26 13:39 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-26 13:39 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-26 13:39 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-26 13:38 - 2015-02-26 13:38 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Hambu_000\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-25 21:50 - 2015-02-25 21:50 - 00000000 ____D () C:\Users\Hambu_000\AppData\Roaming\.mono
2015-02-25 18:16 - 2015-02-25 18:17 - 03002960 _____ () C:\Users\Hambu_000\Desktop\ts3_recording_15_02_25_18_16_45.wav
2015-02-25 15:49 - 2015-02-26 14:23 - 00020851 _____ () C:\Users\Hambu_000\Downloads\Addition.txt
2015-02-25 15:47 - 2015-02-26 21:43 - 00021795 _____ () C:\Users\Hambu_000\Downloads\FRST.txt
2015-02-25 15:47 - 2015-02-25 15:47 - 02087936 _____ (Farbar) C:\Users\Hambu_000\Downloads\FRST64.exe
2015-02-25 00:09 - 2015-02-25 00:09 - 00387584 _____ () C:\Users\Hambu_000\Downloads\rescue2usb.exe
2015-02-25 00:08 - 2015-02-25 00:13 - 321716224 _____ () C:\Users\Hambu_000\Desktop\kav_rescue_10.iso
2015-02-25 00:04 - 2015-02-25 00:04 - 00000000 ____D () C:\Users\Hambu_000\Documents\2013_08_14
2015-02-25 00:04 - 2014-08-09 12:51 - 00020316 _____ () C:\Users\Hambu_000\Documents\Bewerbung2.odt
2015-02-25 00:04 - 2014-08-09 12:51 - 00020316 _____ () C:\Users\Hambu_000\Documents\Bewerbung.odt
2015-02-25 00:04 - 2014-08-09 12:49 - 00016921 _____ () C:\Users\Hambu_000\Documents\Lebenslauf2.odt
2015-02-24 23:39 - 2014-12-13 22:28 - 00513488 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-24 23:39 - 2014-12-13 22:28 - 00513488 _____ () C:\Windows\system32\locale.nls
2015-02-24 04:39 - 2015-02-26 14:19 - 00006908 _____ () C:\Windows\setupact.log
2015-02-24 04:39 - 2015-02-24 04:39 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-24 04:38 - 2015-02-26 16:59 - 00402646 _____ () C:\Windows\WindowsUpdate.log
2015-02-24 02:54 - 2015-02-24 02:54 - 00000000 ____D () C:\Users\Hambu_000\AppData\Local\Blizzard
2015-02-24 02:50 - 2015-02-24 02:54 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2015-02-24 02:50 - 2015-02-24 02:50 - 00001167 _____ () C:\Users\Public\Desktop\Hearthstone.lnk
2015-02-24 02:50 - 2015-02-24 02:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
2015-02-24 00:51 - 2015-02-26 21:43 - 00000000 ____D () C:\FRST
2015-02-23 13:18 - 2015-02-23 13:18 - 00015360 ___SH () C:\Users\Hambu_000\Downloads\Thumbs.db
2015-02-19 12:18 - 2015-02-19 12:18 - 00000000 ____D () C:\Users\Hambu_000\AppData\Local\Steam
2015-02-15 01:40 - 2015-02-15 01:40 - 00381440 _____ (Farbar) C:\Windows\mod_frst.exe
2015-02-13 17:30 - 2015-02-05 18:57 - 00621384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-02-13 17:28 - 2015-02-05 22:01 - 32106640 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-02-13 17:28 - 2015-02-05 22:01 - 25460880 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-02-13 17:28 - 2015-02-05 22:01 - 24768144 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-02-13 17:28 - 2015-02-05 22:01 - 20466496 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-02-13 17:28 - 2015-02-05 22:01 - 17253848 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-02-13 17:28 - 2015-02-05 22:01 - 13294528 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-02-13 17:28 - 2015-02-05 22:01 - 13208200 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-02-13 17:28 - 2015-02-05 22:01 - 10773704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-02-13 17:28 - 2015-02-05 22:01 - 10713256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-02-13 17:28 - 2015-02-05 22:01 - 10284872 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-02-13 17:28 - 2015-02-05 22:01 - 03610768 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-02-13 17:28 - 2015-02-05 22:01 - 03247248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-02-13 17:28 - 2015-02-05 22:01 - 01895240 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434752.dll
2015-02-13 17:28 - 2015-02-05 22:01 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434752.dll
2015-02-13 17:28 - 2015-02-05 22:01 - 00995248 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-02-13 17:28 - 2015-02-05 22:01 - 00969872 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-02-13 17:28 - 2015-02-05 22:01 - 00943760 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-02-13 17:28 - 2015-02-05 22:01 - 00929936 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-02-13 17:28 - 2015-02-05 22:01 - 00908104 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-02-13 17:28 - 2015-02-05 22:01 - 00877816 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-02-13 17:28 - 2015-02-05 22:01 - 00833680 _____ () C:\Windows\system32\nvmcumd.dll
2015-02-13 17:28 - 2015-02-05 22:01 - 00496272 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-02-13 17:28 - 2015-02-05 22:01 - 00399504 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-02-13 17:28 - 2015-02-05 22:01 - 00390472 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-02-13 17:28 - 2015-02-05 22:01 - 00353224 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-02-13 17:28 - 2015-02-05 22:01 - 00345744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-02-13 17:28 - 2015-02-05 22:01 - 00305136 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-02-13 17:28 - 2015-02-05 22:01 - 00177624 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-02-13 17:28 - 2015-02-05 22:01 - 00164752 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-02-13 17:28 - 2015-02-05 22:01 - 00100496 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcaparm.dll
2015-02-13 17:28 - 2015-02-05 22:01 - 00039240 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvadarm.sys
2015-02-13 01:46 - 2015-02-13 01:46 - 00000000 ____D () C:\Windows\SysWOW64\directx
2015-02-11 21:18 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-11 21:18 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-11 02:47 - 2015-02-11 02:47 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
2015-02-11 02:47 - 2015-02-11 02:47 - 00000000 ____D () C:\Program Files\Realtek
2015-02-11 02:47 - 2013-08-21 11:50 - 03591000 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2015-02-11 02:47 - 2013-08-20 19:17 - 02809048 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2015-02-11 02:47 - 2013-08-20 19:17 - 02585304 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO64.dll
2015-02-11 02:47 - 2013-08-20 17:48 - 00633381 _____ () C:\Windows\system32\Drivers\RTAIODAT.DAT
2015-02-11 02:47 - 2013-08-20 09:02 - 04848920 _____ (ASUSTeKcomputer.Inc Inc) C:\Windows\system32\RTKSMlfx.dll
2015-02-11 02:47 - 2013-08-16 14:46 - 00818008 _____ (ASUSTeKcomputer.Inc Inc) C:\Windows\system32\RTKSMSettingsIPC.dll
2015-02-11 02:47 - 2013-08-13 04:21 - 01019136 _____ (SRS Labs, Inc.) C:\Windows\system32\slcnt64.dll
2015-02-11 02:47 - 2013-08-13 04:21 - 00899328 _____ (DTS, Inc.) C:\Windows\system32\sl3apo64.dll
2015-02-11 02:47 - 2013-08-13 04:21 - 00720128 _____ (DTS, Inc.) C:\Windows\system32\sltech64.dll
2015-02-11 02:47 - 2013-08-13 04:21 - 00244480 _____ (TODO: <Company name>) C:\Windows\system32\slprp64.dll
2015-02-11 02:47 - 2013-08-06 08:47 - 00947248 _____ (Sony Corporation) C:\Windows\system32\SFSS_APO.dll
2015-02-11 02:47 - 2013-08-02 19:16 - 01005784 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2015-02-11 02:47 - 2013-08-01 09:59 - 05694760 _____ () C:\Windows\system32\Drivers\rtvienna.dat
2015-02-11 02:47 - 2013-07-26 13:05 - 00617176 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2015-02-11 02:47 - 2013-07-23 14:40 - 02103040 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib64.dll
2015-02-11 02:47 - 2013-06-25 11:47 - 00871856 _____ (TOSHIBA Corporation) C:\Windows\system32\tossaeapo64.dll
2015-02-11 02:47 - 2013-06-25 11:47 - 00162224 _____ (TOSHIBA Corporation) C:\Windows\system32\toseaeapo64.dll
2015-02-11 02:47 - 2013-06-25 11:46 - 00582056 _____ (TOSHIBA Corporation) C:\Windows\system32\tosasfapo64.dll
2015-02-11 02:47 - 2013-04-24 16:16 - 01662024 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2015-02-11 02:47 - 2013-02-20 18:55 - 01284680 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2015-02-11 02:47 - 2012-01-30 11:43 - 00836544 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo264.dll
2015-02-11 02:47 - 2012-01-10 10:20 - 00065944 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\tepeqapo64.dll
2015-02-11 02:47 - 2011-12-20 15:32 - 00331880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2015-02-11 02:47 - 2011-11-22 16:28 - 00014952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2015-02-11 02:47 - 2011-09-02 13:21 - 00221024 _____ (Synopsys, Inc.) C:\Windows\system32\SFNHK64.dll
2015-02-11 02:47 - 2011-09-02 13:21 - 00081248 _____ (Synopsys, Inc.) C:\Windows\system32\SFCOM64.dll
2015-02-11 02:47 - 2011-09-02 13:21 - 00078688 _____ (Synopsys, Inc.) C:\Windows\system32\SFAPO64.dll
2015-02-11 02:47 - 2011-03-17 12:17 - 01361336 _____ (TOSHIBA Corporation) C:\Windows\system32\tosade.dll
2015-02-11 02:47 - 2011-03-07 17:11 - 00148416 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo.dll
2015-02-11 02:47 - 2010-11-08 07:31 - 00375128 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2015-02-11 02:47 - 2010-11-08 07:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2015-02-11 02:47 - 2010-11-08 07:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2015-02-11 02:47 - 2010-11-08 07:31 - 00204120 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2015-02-11 02:47 - 2010-11-08 07:31 - 00101208 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2015-02-11 02:47 - 2010-11-08 07:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2015-02-11 02:47 - 2010-11-03 18:30 - 00149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2015-02-11 02:47 - 2010-07-22 15:48 - 00074064 _____ (Virage Logic Corporation / Sonic Focus) C:\Windows\SysWOW64\SFCOM.dll
2015-02-11 02:47 - 2009-11-24 09:55 - 00518896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2015-02-11 02:47 - 2009-11-24 09:55 - 00211184 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
2015-02-11 02:47 - 2009-11-24 09:55 - 00198896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
2015-02-11 02:47 - 2009-11-24 09:55 - 00155888 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2015-02-11 02:46 - 2013-08-20 17:31 - 00148184 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2015-02-11 02:46 - 2013-08-20 12:51 - 31488000 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
2015-02-11 02:46 - 2013-08-14 15:36 - 01325312 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO5064.dll
2015-02-11 02:46 - 2013-08-14 15:36 - 00662784 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVolumeSDAPO.dll
2015-02-11 02:46 - 2013-08-14 15:35 - 01084160 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO4064.dll
2015-02-11 02:46 - 2013-08-14 15:35 - 00907008 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO2064.dll
2015-02-11 02:46 - 2013-08-14 15:35 - 00663296 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll
2015-02-11 02:46 - 2013-08-07 16:34 - 00765184 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxSpeechAPO64.dll
2015-02-11 02:46 - 2013-07-28 09:48 - 27518208 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioVnA64.dll
2015-02-11 02:46 - 2013-07-24 09:07 - 02032896 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ64.dll
2015-02-11 02:46 - 2013-07-23 14:40 - 03610880 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioVnN64.dll
2015-02-11 02:46 - 2013-07-23 14:39 - 14048512 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek64.dll
2015-02-11 02:46 - 2013-07-23 14:39 - 01916672 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek264.dll
2015-02-11 02:46 - 2013-07-23 14:39 - 00922880 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell64.dll
2015-02-11 02:46 - 2013-04-03 13:13 - 00906800 _____ (Sony Corporation) C:\Windows\system32\MISS_APO.dll
2015-02-11 02:46 - 2012-08-31 18:18 - 07164176 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64A.dll
2015-02-11 02:46 - 2012-08-31 18:17 - 00434960 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64A.dll
2015-02-11 02:46 - 2012-08-31 18:17 - 00141584 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64A.dll
2015-02-11 02:46 - 2012-08-31 18:17 - 00124176 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll
2015-02-11 02:46 - 2012-08-31 18:17 - 00075024 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64A.dll
2015-02-11 02:46 - 2010-09-27 08:34 - 00318808 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2015-02-11 02:45 - 2011-08-23 16:00 - 00603984 _____ (Knowles Acoustics ) C:\Windows\system32\KAAPORT64.dll
2015-02-11 02:44 - 2013-08-07 16:41 - 00113576 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2015-02-11 02:44 - 2013-08-06 03:56 - 06219096 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64A.dll
2015-02-11 02:44 - 2013-08-06 03:56 - 01908568 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64A.dll
2015-02-11 02:44 - 2013-08-06 03:56 - 00312152 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64A.dll
2015-02-11 02:44 - 2013-08-06 03:56 - 00261464 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64.dll
2015-02-11 02:44 - 2013-08-05 17:11 - 02743328 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2015-02-11 02:44 - 2013-07-11 13:15 - 00557880 _____ () C:\Windows\system32\audioLibVc.dll
2015-02-11 02:44 - 2013-06-21 10:01 - 00109848 _____ () C:\Windows\system32\AcpiServiceVnA64.dll
2015-02-11 02:44 - 2013-06-05 20:42 - 00208072 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2015-02-11 02:44 - 2012-10-02 13:41 - 00501192 _____ (DTS) C:\Windows\system32\DTSU2PLFX64.dll
2015-02-11 02:44 - 2012-10-02 13:41 - 00487368 _____ (DTS) C:\Windows\system32\DTSU2PGFX64.dll
2015-02-11 02:44 - 2012-10-02 13:41 - 00415688 _____ (DTS) C:\Windows\system32\DTSU2PREC64.dll
2015-02-11 02:44 - 2012-03-08 11:47 - 00108640 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2015-02-11 02:44 - 2011-05-31 08:42 - 01756264 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL64.dll
2015-02-11 02:44 - 2011-05-31 08:42 - 01568360 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL64.dll
2015-02-11 02:44 - 2011-05-31 08:42 - 01486952 _____ (DTS) C:\Windows\system32\DTSBoostDLL64.dll
2015-02-11 02:44 - 2011-05-31 08:42 - 00728680 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL64.dll
2015-02-11 02:44 - 2011-05-31 08:42 - 00712296 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL64.dll
2015-02-11 02:44 - 2011-05-31 08:42 - 00693352 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL64.dll
2015-02-11 02:44 - 2011-05-31 08:42 - 00491112 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL64.dll
2015-02-11 02:44 - 2011-05-31 08:42 - 00432744 _____ (DTS) C:\Windows\system32\DTSLimiterDLL64.dll
2015-02-11 02:44 - 2011-05-31 08:42 - 00428648 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL64.dll
2015-02-11 02:44 - 2011-05-31 08:42 - 00242792 _____ (DTS) C:\Windows\system32\DTSLFXAPO64.dll
2015-02-11 02:44 - 2011-05-31 08:42 - 00242792 _____ (DTS) C:\Windows\system32\DTSGFXAPO64.dll
2015-02-11 02:44 - 2011-05-31 08:42 - 00241768 _____ (DTS) C:\Windows\system32\DTSGFXAPONS64.dll
2015-02-11 00:51 - 2015-01-19 19:42 - 01487976 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2015-02-11 00:51 - 2015-01-15 23:43 - 00563504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 00:51 - 2015-01-15 23:43 - 00177984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 00:51 - 2015-01-14 05:22 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-02-11 00:51 - 2015-01-14 04:53 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-02-11 00:51 - 2015-01-13 23:11 - 01762840 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 00:51 - 2015-01-13 23:04 - 01489072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 00:51 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 00:51 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 00:51 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 00:51 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-11 00:51 - 2015-01-12 03:34 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-02-11 00:51 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-11 00:51 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 00:51 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-11 00:51 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 00:51 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-11 00:51 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-11 00:51 - 2015-01-12 02:58 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-02-11 00:51 - 2015-01-12 02:55 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-02-11 00:51 - 2015-01-12 02:51 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-02-11 00:51 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 00:51 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 00:51 - 2015-01-12 02:48 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 00:51 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 00:51 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-11 00:51 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 00:51 - 2015-01-12 02:34 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-02-11 00:51 - 2015-01-12 02:30 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-02-11 00:51 - 2015-01-12 02:27 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-02-11 00:51 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 00:51 - 2015-01-12 02:25 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-02-11 00:51 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-11 00:51 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-11 00:51 - 2015-01-12 02:23 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-11 00:51 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-11 00:51 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 00:51 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-11 00:51 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-11 00:51 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-11 00:51 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-11 00:51 - 2015-01-10 10:10 - 07472960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 00:51 - 2015-01-10 10:10 - 01733440 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-02-11 00:51 - 2015-01-10 09:28 - 01498360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-02-11 00:51 - 2015-01-10 09:22 - 04175872 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-11 00:51 - 2015-01-10 08:00 - 00430080 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 00:51 - 2015-01-10 07:38 - 00359424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-11 00:51 - 2014-12-19 09:57 - 00788680 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 00:51 - 2014-12-19 09:25 - 00602776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-11 00:51 - 2014-12-09 04:45 - 00393728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 00:51 - 2014-12-09 02:56 - 00538624 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 00:51 - 2014-12-09 00:12 - 00391526 _____ () C:\Windows\system32\ApnDatabase.xml
2015-02-10 13:44 - 2015-02-10 13:44 - 00001363 _____ () C:\Users\Public\Desktop\GeForce Experience.lnk
2015-02-10 13:44 - 2015-02-10 13:44 - 00000000 ____D () C:\Users\Hambu_000\AppData\Local\NVIDIA
2015-02-10 13:44 - 2015-01-16 07:40 - 01316184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-02-10 13:44 - 2015-01-16 07:40 - 01278920 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-02-10 13:44 - 2015-01-16 07:39 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-02-10 13:44 - 2015-01-16 07:39 - 01514528 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-02-10 13:44 - 2014-11-22 11:46 - 00038032 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2015-02-10 13:44 - 2014-11-22 11:46 - 00035472 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2015-02-10 13:44 - 2014-11-22 11:46 - 00032400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2015-02-08 21:39 - 2015-02-25 21:46 - 00237864 _____ (EasyAntiCheat Ltd) C:\Windows\SysWOW64\EasyAntiCheat.exe
2015-02-06 16:00 - 2015-02-24 00:44 - 00000000 ____D () C:\Program Files (x86)\Mp3tag
2015-02-03 10:22 - 2015-02-03 10:22 - 00000000 ____D () C:\Users\Hambu_000\Documents\BFH Beta 2
2015-02-02 22:05 - 2015-02-02 22:05 - 00344064 _____ () C:\Users\Hambu_000\Documents\Meine neue App.accdb
2015-02-02 22:04 - 2015-02-02 22:04 - 00003021 _____ () C:\Users\Hambu_000\Desktop\Visio 2013.lnk
2015-02-02 22:04 - 2015-02-02 22:04 - 00002953 _____ () C:\Users\Hambu_000\Desktop\Publisher 2013.lnk
2015-02-02 22:04 - 2015-02-02 22:04 - 00002845 _____ () C:\Users\Hambu_000\Desktop\Access 2013.lnk
2015-02-02 21:58 - 2015-02-02 21:58 - 00003053 _____ () C:\Users\Hambu_000\Desktop\Excel 2013.lnk
2015-02-02 21:58 - 2015-02-02 21:58 - 00002953 _____ () C:\Users\Hambu_000\Desktop\PowerPoint 2013.lnk
2015-02-02 21:57 - 2015-02-02 21:57 - 00003031 _____ () C:\Users\Hambu_000\Desktop\Word 2013.lnk
2015-02-02 21:52 - 2015-02-02 21:52 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server
2015-02-02 21:51 - 2015-02-02 21:52 - 00000000 ____D () C:\Program Files\Microsoft SQL Server
2015-02-01 15:49 - 2015-02-02 21:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-29 18:02 - 2015-01-29 18:02 - 00000000 ___RD () C:\Users\Hambu_000\AppData\Roaming\Brother
2015-01-29 18:01 - 2015-01-29 18:02 - 00000432 _____ () C:\Windows\BRWMARK.INI
2015-01-29 18:01 - 2015-01-29 18:01 - 00000034 _____ () C:\Windows\SysWOW64\BD2030.DAT

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-26 21:44 - 2014-10-19 13:13 - 00000000 ____D () C:\Users\Hambu_000\AppData\Roaming\TS3Client
2015-02-26 21:43 - 2014-10-15 21:03 - 00000000 ____D () C:\Users\Hambu_000\AppData\Roaming\ClassicShell
2015-02-26 21:23 - 2014-10-18 12:13 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-26 21:20 - 2014-11-02 18:05 - 00001126 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-26 21:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2015-02-26 20:53 - 2014-10-22 22:25 - 00000000 ____D () C:\Users\Hambu_000\AppData\Local\Arma 3
2015-02-26 19:51 - 2014-10-15 20:53 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{74B743A0-6143-453C-B8BE-B47F9D254E7E}
2015-02-26 18:43 - 2014-10-15 21:56 - 00000000 ____D () C:\ProgramData\MFAData
2015-02-26 18:22 - 2014-10-15 21:34 - 00001354 _____ () C:\Windows\Tasks\WJ.job
2015-02-26 16:39 - 2014-10-15 20:54 - 00003594 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2088537837-413021123-565316019-1001
2015-02-26 16:20 - 2014-11-02 18:05 - 00001122 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-26 16:10 - 2014-10-15 21:34 - 00001358 _____ () C:\Windows\Tasks\XZWU.job
2015-02-26 15:37 - 2014-10-15 21:48 - 00000000 ____D () C:\ProgramData\Origin
2015-02-26 14:19 - 2014-10-15 20:51 - 00000000 ___RD () C:\Users\Hambu_000\SkyDrive
2015-02-26 14:16 - 2014-10-15 21:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Classic Shell
2015-02-26 14:16 - 2014-10-15 21:02 - 00000000 ____D () C:\Program Files\Classic Shell
2015-02-26 14:03 - 2014-12-25 21:38 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-26 14:03 - 2014-10-15 22:19 - 00000000 ____D () C:\ProgramData\VMware
2015-02-26 14:03 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-26 13:53 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\Registration
2015-02-26 13:52 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-02-25 14:21 - 2014-12-15 11:41 - 00000000 ____D () C:\Users\Hambu_000\AppData\Local\Battle.net
2015-02-25 13:42 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-02-25 00:07 - 2014-10-15 20:51 - 01785100 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-25 00:07 - 2013-09-30 04:58 - 00767024 _____ () C:\Windows\system32\perfh007.dat
2015-02-25 00:07 - 2013-09-30 04:58 - 00160370 _____ () C:\Windows\system32\perfc007.dat
2015-02-24 21:51 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache
2015-02-24 20:55 - 2014-10-15 22:28 - 00000000 ____D () C:\Users\Hambu_000\AppData\Roaming\Skype
2015-02-24 13:27 - 2014-10-15 21:29 - 00189952 ___SH () C:\Users\Hambu_000\Desktop\Thumbs.db
2015-02-24 00:18 - 2014-10-20 16:58 - 00000000 ____D () C:\Users\Hambu_000\AppData\Roaming\vlc
2015-02-21 22:51 - 2014-12-28 20:03 - 00000000 ____D () C:\Users\Hambu_000\AppData\Roaming\FileZilla
2015-02-21 22:51 - 2014-11-23 18:12 - 00000000 ____D () C:\Users\Hambu_000\AppData\Roaming\TeamViewer
2015-02-21 22:51 - 2014-11-11 18:56 - 00000000 ___DC () C:\Users\Hambu_000\AppData\Local\MigWiz
2015-02-21 22:51 - 2014-10-15 22:32 - 00000000 ____D () C:\Windows\Minidump
2015-02-21 22:51 - 2014-10-15 21:42 - 00000000 ____D () C:\Windows\Panther
2015-02-21 22:51 - 2014-10-15 21:32 - 00000000 ____D () C:\Users\Hambu_000\AppData\Roaming\DAEMON Tools Lite
2015-02-20 19:42 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-02-19 22:28 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2015-02-17 06:15 - 2014-10-15 22:08 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-02-17 06:14 - 2014-10-15 22:07 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-15 01:50 - 2014-12-02 23:01 - 00000000 ____D () C:\Users\Hambu_000\Desktop\Prime95
2015-02-13 17:30 - 2014-10-15 21:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-02-13 01:44 - 2014-12-27 02:26 - 00000000 ____D () C:\Users\Hambu_000\Documents\My Games
2015-02-12 17:48 - 2014-10-18 12:13 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-12 17:48 - 2014-10-18 12:13 - 00000000 ____D () C:\Users\Hambu_000\AppData\Local\Adobe
2015-02-11 14:32 - 2013-08-22 15:44 - 00480816 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-11 04:02 - 2014-10-21 22:50 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-11 03:58 - 2014-10-21 22:50 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-11 03:57 - 2013-08-22 14:25 - 00000167 _____ () C:\Windows\win.ini
2015-02-11 02:48 - 2014-10-15 21:11 - 00000000 ___HD () C:\Program Files (x86)\Temp
2015-02-11 02:43 - 2014-10-15 21:10 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-02-10 16:21 - 2014-10-15 20:48 - 00000000 ____D () C:\Users\Hambu_000\AppData\Local\Packages
2015-02-10 13:45 - 2014-10-15 21:36 - 00007606 _____ () C:\Users\Hambu_000\AppData\Local\Resmon.ResmonCfg
2015-02-10 13:44 - 2014-10-15 21:15 - 00000000 ____D () C:\Users\Hambu_000\AppData\Local\NVIDIA Corporation
2015-02-10 13:44 - 2014-10-15 20:54 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2015-02-10 13:44 - 2014-10-15 20:54 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-02-10 13:44 - 2014-10-15 20:54 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2015-02-10 10:03 - 2014-10-15 21:17 - 00000000 ____D () C:\ProgramData\KMSAutoS
2015-02-09 15:40 - 2014-10-15 20:48 - 00000000 ____D () C:\Users\Hambu_000
2015-02-08 20:48 - 2014-10-16 00:37 - 00226680 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2015-02-08 14:41 - 2014-10-16 00:37 - 00226680 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2015-02-08 12:25 - 2014-10-22 18:22 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-08 01:33 - 2014-12-15 11:41 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2015-02-07 20:56 - 2014-10-15 21:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-07 03:42 - 2015-01-19 16:52 - 00000000 ____D () C:\Program Files (x86)\Razer
2015-02-06 16:23 - 2014-12-28 20:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2015-02-06 16:23 - 2014-12-28 20:03 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
2015-02-06 16:15 - 2014-11-02 18:05 - 00004098 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-06 16:15 - 2014-11-02 18:05 - 00003862 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-05 22:01 - 2014-12-25 21:39 - 16017040 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-02-05 22:01 - 2014-12-25 21:39 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvmcvadgenco64.dll
2015-02-05 22:01 - 2014-12-25 21:38 - 00074056 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-02-05 22:01 - 2014-12-25 21:38 - 00060560 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-02-05 22:01 - 2014-11-02 17:14 - 18575880 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-02-05 22:01 - 2014-11-02 17:14 - 14119744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-02-05 22:01 - 2014-11-02 17:14 - 03299512 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-02-05 22:01 - 2014-11-02 17:14 - 02902784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-02-05 22:01 - 2014-11-02 17:14 - 00027441 _____ () C:\Windows\system32\nvinfo.pb
2015-02-05 20:07 - 2014-12-25 21:38 - 06861128 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-02-05 20:07 - 2014-12-25 21:38 - 03517584 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-02-05 20:07 - 2014-12-25 21:38 - 02558792 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-02-05 20:07 - 2014-12-25 21:38 - 00935056 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-02-05 20:07 - 2014-12-25 21:38 - 00062792 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-02-05 20:06 - 2014-12-25 21:38 - 00385168 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-02-05 13:50 - 2014-12-25 21:38 - 04236870 _____ () C:\Windows\system32\nvcoproc.bin
2015-02-04 03:29 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-03 20:31 - 2013-08-22 16:38 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-03 20:31 - 2013-08-22 16:38 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-03 10:30 - 2014-10-19 14:40 - 00000000 ____D () C:\Users\Hambu_000\AppData\Local\PunkBuster
2015-02-03 01:03 - 2014-12-24 21:28 - 00000311 _____ () C:\Users\Hambu_000\Desktop\Neues Textdokument.txt
2015-02-02 22:56 - 2014-10-16 00:37 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2015-02-02 22:01 - 2014-10-15 21:17 - 00003748 _____ () C:\Windows\System32\Tasks\KMSAutoNet
2015-02-02 22:01 - 2014-10-15 21:17 - 00000000 ____D () C:\Users\Hambu_000\AppData\Local\MSfree Inc
2015-02-02 22:00 - 2014-10-15 21:29 - 00000000 ____D () C:\Users\Hambu_000\Desktop\Weis-IT
2015-02-02 21:59 - 2014-10-15 22:17 - 00000000 ____D () C:\Program Files\KMSpico
2015-02-02 21:53 - 2013-09-30 05:00 - 00000000 ____D () C:\Windows\ShellNew
2015-02-02 21:53 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-02-02 21:51 - 2014-10-15 22:07 - 00000000 ____D () C:\Program Files\Microsoft Office
2015-02-02 21:50 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\System
2015-01-29 17:58 - 2014-11-02 16:45 - 00000000 ____D () C:\Users\Hambu_000\AppData\Roaming\Foxit Software

==================== Files in the root of some directories =======

2014-09-01 09:18 - 2014-09-01 09:18 - 0001248 _____ () C:\Users\Hambu_000\AppData\Roaming\XZWU
2014-10-15 21:36 - 2015-02-10 13:45 - 0007606 _____ () C:\Users\Hambu_000\AppData\Local\Resmon.ResmonCfg
2014-10-15 21:12 - 2014-10-15 21:12 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some content of TEMP:
====================
C:\Users\Hambu_000\AppData\Local\Temp\Quarantine.exe
C:\Users\Hambu_000\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-18 06:15

==================== End Of Log ============================
--- --- ---


Den Fund habe ich noch nicht bereinigt wie es in der Anleitung steht

schrauber 27.02.2015 10:48
Java updaten.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
C:\Users\Hambu_000\AppData\Roaming\XZWU
Task: {6E971E23-23A8-40BA-8FA3-7FA14E4D46F7} - System32\Tasks\WJ => C:\Users\Hambu_000\AppData\Roaming\WJ.exe <==== ATTENTION
C:\Users\Hambu_000\AppData\Roaming\WJ.exe
Task: {CC2F19EB-129B-4448-961D-B3ED45719072} - System32\Tasks\XZWU => C:\Users\Hambu_000\AppData\Roaming\XZWU.exe <==== ATTENTION

Task: C:\Windows\Tasks\WJ.job => C:\Users\Hambu_000\AppData\Roaming\WJ.exe <==== ATTENTION

Task: C:\Windows\Tasks\XZWU.job => C:\Users\Hambu_000\AppData\Roaming\XZWU.exe <==== ATTENTION
Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.




Fertig :)

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

Antrox 27.02.2015 13:10
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-02-2015 01
Ran by Hambu_000 at 2015-02-27 12:58:21 Run:2
Running from C:\Users\Hambu_000\Downloads
Loaded Profiles: Hambu_000 (Available profiles: Hambu_000)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Users\Hambu_000\AppData\Roaming\XZWU
Task: {6E971E23-23A8-40BA-8FA3-7FA14E4D46F7} - System32\Tasks\WJ => C:\Users\Hambu_000\AppData\Roaming\WJ.exe <==== ATTENTION
C:\Users\Hambu_000\AppData\Roaming\WJ.exe
Task: {CC2F19EB-129B-4448-961D-B3ED45719072} - System32\Tasks\XZWU => C:\Users\Hambu_000\AppData\Roaming\XZWU.exe <==== ATTENTION

Task: C:\Windows\Tasks\WJ.job => C:\Users\Hambu_000\AppData\Roaming\WJ.exe <==== ATTENTION

Task: C:\Windows\Tasks\XZWU.job => C:\Users\Hambu_000\AppData\Roaming\XZWU.exe <==== ATTENTION
Emptytemp:
*****************

"C:\Users\Hambu_000\AppData\Roaming\XZWU" => File/Directory not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6E971E23-23A8-40BA-8FA3-7FA14E4D46F7} => Key not found.
C:\Windows\System32\Tasks\WJ not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WJ => Key not found.
"C:\Users\Hambu_000\AppData\Roaming\WJ.exe" => File/Directory not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CC2F19EB-129B-4448-961D-B3ED45719072} => Key not found.
C:\Windows\System32\Tasks\XZWU not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\XZWU => Key not found.
C:\Windows\Tasks\WJ.job not found.
C:\Windows\Tasks\XZWU.job not found.
EmptyTemp: => Removed 14.1 MB temporary data.


The system needed a reboot.

==== End of Fixlog 12:58:35 ====
Hallo Schrauber,

leider habe ich aus versehen FRST zweimal gestartet ich Dödel :headbang:. Ich habe gemerkt das die Malware nicht auf dem PC sitzt sondern in meinem Heimnetzwerk da Handys und Weitere Geräte befallen sind. ich werde mich mal schlau googeln was man da machen kann

schrauber 27.02.2015 18:25
Router auf Werkseinstellungen zurücksetzen.

Antrox 27.02.2015 21:11
Hallo Schrauber,

Ich habe mein Router auf Werkseinstellung zurückgesetzt, das hat es gebracht habe keine
Weiterleitungen etc. mehr. Ich danke dir für die Hilfe.

schrauber 28.02.2015 10:54
Jetzt bitte zur SIcherheit nochmal an jedem Rechner der an dem ROuter war alle Browser einmal zurücksetzen.


Fertig :)

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.


Alle Zeitangaben in WEZ +1. Es ist jetzt 07:26 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131