Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Win 8.1 dvmexp (https://www.trojaner-board.de/167830-win-8-1-dvmexp.html)

m1ck3y 11.06.2015 14:31
Win 8.1 dvmexp
 
Hallo,

ich habe heute erstmals auf meinem Computer einen Ordner Namens dvmexp entdeckt. War am Sonntag definitiv nocht nicht da. Dieser ordner ist auf C: dann noch auf C: eine datei dvmexp.idx und im temp ordner befinden sich nocht einmal der ordner dvmexp, tmpdvmexp und tmpdvmexp.idx. in dem tmpdvemxp order sind noch einmal unterordner mit bookmark und vaeconf und jeweils idx von den ordnernamen.

Es kommt immer wieder sofort nach dem löschen zurück. Ist das ein Virus/Trojaner oder boshafte Schadsoftware? Bitte um eure Hilfe

cosinus 11.06.2015 14:36
Hallo und :hallo:

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten!
Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!



Zudem bitte auch ein Log mit Farbars Tool machen:

Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)



Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

m1ck3y 11.06.2015 14:48
Hallo,

und erstmal danke für die schnelle Hilfe!
leider habe ich keine alten Logs zur Zeit zu Verfügung :(

FRST.
FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:08-06-2015
Ran by m1ck3y (administrator) on MICKEY on 11-06-2015 15:45:10
Running from B:\Downloads
Loaded Profiles: m1ck3y (Available Profiles: m1ck3y & l3jlah)
Platform: Windows 8.1 Pro (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Windows\SysWOW64\ASGT.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(DeviceVM, Inc.) C:\ASUS.SYS\config\DVMExportService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\System32\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-05-23] (NVIDIA Corporation)
HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2013-04-09] (Pixart Imaging Inc)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2245120 2009-07-24] (VIA)
HKU\S-1-5-21-1474457362-1224508852-2511664465-1001\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [37152 2015-05-25] (Glarysoft Ltd)
HKU\S-1-5-21-1474457362-1224508852-2511664465-1001\...\MountPoints2: {c1519432-dc57-11e4-824f-806e6f6e6963} - "H:\CheckID.exe"
BootExecute: autocheck autochk * 

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled
ProxyServer: [.DEFAULT] => http=127.0.0.1:49484;https=127.0.0.1:49484
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-1474457362-1224508852-2511664465-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.facebook.com/
HKU\S-1-5-21-1474457362-1224508852-2511664465-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-at/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1474457362-1224508852-2511664465-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-05-19] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-05-13] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-05-19] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\m1ck3y\AppData\Roaming\Mozilla\Firefox\Profiles\yhtlr7zb.default
FF Homepage: hxxp://www.google.at/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_160.dll [2015-06-11] ()
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_160.dll [2015-06-11] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-31] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-05-28] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-05-28] (NVIDIA Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-31] (Microsoft Corporation)
FF Extension: Adblock Plus - C:\Users\m1ck3y\AppData\Roaming\Mozilla\Firefox\Profiles\yhtlr7zb.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-05-30]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] () [File not signed]
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 DvmMDES; C:\ASUS.SYS\config\DVMExportService.exe [319488 2009-07-17] (DeviceVM, Inc.) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-05-23] (NVIDIA Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1893008 2015-05-23] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23006864 2015-05-23] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1997168 2015-06-02] (Electronic Arts)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2015-05-02] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2015-05-01] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2015-05-04] (Glarysoft Ltd)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-06-11] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [17280 2013-05-17] ()
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-05-23] (NVIDIA Corporation)
R3 NVVADARM; C:\Windows\system32\drivers\nvvadarm.sys [39056 2015-05-28] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2015-04-03] (NVIDIA Corporation)
R3 t_mouse.sys; C:\Windows\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] ()
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-11 15:45 - 2015-06-11 15:45 - 00000000 ____D C:\FRST
2015-06-11 15:25 - 2015-06-11 15:36 - 00000177 ____H C:\dvmexp.idx
2015-06-11 15:16 - 2015-06-11 15:25 - 00000000 ___HD C:\dvmexp
2015-06-11 14:49 - 2015-06-11 15:26 - 00057469 _____ C:\Windows\WindowsUpdate.log
2015-06-11 12:41 - 2015-06-11 12:42 - 00000000 ____D C:\Users\l3jlah\AppData\Local\Adobe
2015-06-11 12:41 - 2015-06-11 12:41 - 00000000 ____D C:\ProgramData\McAfee
2015-06-10 15:49 - 2015-06-03 18:18 - 00792568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-10 15:49 - 2015-06-03 18:18 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-10 12:41 - 2015-06-11 13:06 - 00003926 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{EFE052BD-2E86-4D2D-9DC8-BC8E897EFFE8}
2015-06-10 12:41 - 2015-06-10 12:41 - 00000000 __SHD C:\Users\l3jlah\AppData\Local\EmieUserList
2015-06-10 12:41 - 2015-06-10 12:41 - 00000000 __SHD C:\Users\l3jlah\AppData\Local\EmieSiteList
2015-06-10 12:41 - 2015-06-10 12:41 - 00000000 __SHD C:\Users\l3jlah\AppData\Local\EmieBrowserModeList
2015-06-10 05:54 - 2015-05-27 16:35 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-10 05:54 - 2015-05-27 16:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-06-10 05:54 - 2015-05-23 05:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-06-10 05:54 - 2015-05-23 05:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-06-10 05:54 - 2015-05-23 05:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-06-10 05:54 - 2015-05-23 05:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-06-10 05:54 - 2015-05-23 05:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-06-10 05:54 - 2015-05-23 04:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-06-10 05:54 - 2015-05-23 04:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-06-10 05:54 - 2015-05-23 04:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-06-10 05:54 - 2015-05-23 04:47 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-06-10 05:54 - 2015-05-23 04:43 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-06-10 05:54 - 2015-05-23 04:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-06-10 05:54 - 2015-05-23 04:38 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-06-10 05:54 - 2015-05-23 04:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-06-10 05:54 - 2015-05-23 04:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-06-10 05:54 - 2015-05-23 04:28 - 01042944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2015-06-10 05:54 - 2015-05-23 04:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-06-10 05:54 - 2015-05-23 04:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-06-10 05:54 - 2015-05-23 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-06-10 05:54 - 2015-05-22 21:00 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-10 05:54 - 2015-05-22 21:00 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-10 05:54 - 2015-05-22 21:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-10 05:54 - 2015-05-22 20:52 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-10 05:54 - 2015-05-22 20:48 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-10 05:54 - 2015-05-22 20:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-10 05:54 - 2015-05-22 20:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-06-10 05:54 - 2015-05-22 20:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-10 05:54 - 2015-05-22 20:23 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-06-10 05:54 - 2015-05-22 20:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-10 05:54 - 2015-05-22 20:15 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-06-10 05:54 - 2015-05-22 20:09 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-06-10 05:54 - 2015-05-22 20:08 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-10 05:54 - 2015-05-22 20:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-10 05:54 - 2015-05-22 20:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-10 05:54 - 2015-05-22 19:57 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-10 05:54 - 2015-05-22 19:50 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-10 05:54 - 2015-05-22 19:49 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-06-10 05:54 - 2015-05-22 19:38 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-10 05:54 - 2015-05-22 19:26 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-06-10 05:54 - 2015-05-21 18:47 - 04177920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-10 05:54 - 2015-04-25 04:34 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-10 05:54 - 2015-04-25 04:33 - 00549888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-06-07 19:08 - 2015-06-07 19:08 - 00226680 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2015-06-06 16:44 - 2015-06-06 16:44 - 00226680 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2015-06-04 19:31 - 2015-06-04 19:31 - 00000000 ____D C:\Users\l3jlah\AppData\Roaming\GlarySoft
2015-06-04 15:20 - 2015-06-04 15:20 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-06-04 15:20 - 2015-06-04 15:20 - 00000000 ___SD C:\Windows\system32\GWX
2015-06-04 11:26 - 2015-06-04 11:26 - 00000000 __SHD C:\Windows\BitLockerDiscoveryVolumeContents
2015-06-04 11:26 - 2015-06-04 11:26 - 00000000 ____D C:\Windows\CSC
2015-06-04 11:18 - 2015-06-04 11:18 - 02252800 _____ (Microsoft Corporation) C:\Windows\system32\PeerDistSvc.dll
2015-06-04 11:18 - 2015-06-04 11:18 - 01358336 _____ (Microsoft Corporation) C:\Windows\system32\srmclient.dll
2015-06-04 11:18 - 2015-06-04 11:18 - 01241600 _____ (Microsoft Corporation) C:\Windows\system32\PeerDistSh.dll
2015-06-04 11:18 - 2015-06-04 11:18 - 01170432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PeerDistSh.dll
2015-06-04 11:18 - 2015-06-04 11:18 - 00967680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srmclient.dll
2015-06-04 11:18 - 2015-06-04 11:18 - 00945152 _____ (Microsoft Corporation) C:\Windows\system32\PeerDistCacheProvider.dll
2015-06-04 11:18 - 2015-06-04 11:18 - 00809984 _____ (Microsoft Corporation) C:\Windows\system32\fvewiz.dll
2015-06-04 11:18 - 2015-06-04 11:18 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\cscsvc.dll
2015-06-04 11:18 - 2015-06-04 11:18 - 00687616 _____ (Microsoft Corporation) C:\Windows\system32\cscui.dll
2015-06-04 11:18 - 2015-06-04 11:18 - 00677376 _____ (Microsoft Corporation) C:\Windows\system32\gpprefcl.dll
2015-06-04 11:18 - 2015-06-04 11:18 - 00657408 _____ (Microsoft Corporation) C:\Windows\system32\srmscan.dll
2015-06-04 11:18 - 2015-06-04 11:18 - 00582656 _____ (Microsoft Corporation) C:\Windows\system32\AdmTmpl.dll
2015-06-04 11:18 - 2015-06-04 11:18 - 00578560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpprefcl.dll
2015-06-04 11:18 - 2015-06-04 11:18 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\scrptadm.dll
2015-06-04 11:18 - 2015-06-04 11:18 - 00559104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\csc.sys
2015-06-04 11:18 - 2015-06-04 11:18 - 00482304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrptadm.dll
2015-06-04 11:18 - 2015-06-04 11:18 - 00481280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srmscan.dll
2015-06-04 11:18 - 2015-06-04 11:18 - 00464384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AdmTmpl.dll
2015-06-04 11:18 - 2015-06-04 11:18 - 00459264 _____ (Microsoft Corporation) C:\Windows\system32\appmgr.dll
2015-06-04 11:18 - 2015-06-04 11:18 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\PeerDistCleaner.dll
2015-06-04 11:18 - 2015-06-04 11:18 - 00371712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appmgr.dll
2015-06-04 11:18 - 2015-06-04 11:18 - 00354304 _____ (Microsoft Corporation) C:\Windows\system32\bdechangepin.exe
2015-06-04 11:18 - 2015-06-04 11:18 - 00332800 _____ (Microsoft Corporation) C:\Windows\system32\cscobj.dll
2015-06-04 11:18 - 2015-06-04 11:18 - 00322048 _____ (Microsoft Corporation) C:\Windows\system32\fvecpl.dll
2015-06-04 11:18 - 2015-06-04 11:18 - 00313344 _____ (Microsoft Corporation) C:\Windows\system32\SrpUxNativeSnapIn.dll
2015-06-04 11:18 - 2015-06-04 11:18 - 00304128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SrpUxNativeSnapIn.dll
2015-06-04 11:18 - 2015-06-04 11:18 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\AppIdPolicyEngineApi.dll
2015-06-04 11:18 - 2015-06-04 11:18 - 00284160 _____ (Microsoft Corporation) C:\Windows\system32\srmstormod.dll
2015-06-04 11:18 - 2015-06-04 11:18 - 00279552 _____ (Microsoft Corporation) C:\Windows\system32\srm.dll
2015-06-04 11:18 - 2015-06-04 11:18 - 00278528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srm.dll
2015-06-04 11:18 - 2015-06-04 11:18 - 00260608 _____ (Microsoft Corporation) C:\Windows\system32\ddputils.dll
2015-06-04 11:18 - 2015-06-04 11:18 - 00226304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppIdPolicyEngineApi.dll
2015-06-04 11:18 - 2015-06-04 11:18 - 00224768 _____ (Microsoft Corporation) C:\Windows\system32\tscfgwmi.dll
2015-06-04 11:18 - 2015-06-04 11:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\AuditNativeSnapIn.dll
2015-06-04 11:18 - 2015-06-04 11:18 - 00219648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AuditNativeSnapIn.dll
2015-06-04 11:18 - 2015-06-04 11:18 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ddpchunk.dll
2015-06-04 11:18 - 2015-06-04 11:18 - 00215040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscobj.dll
2015-06-04 11:18 - 2015-06-04 11:18 - 00214528 _____ (Microsoft Corporation) C:\Windows\system32\PresentationSettings.exe
2015-06-04 11:18 - 2015-06-04 11:18 - 00209408 _____ (Microsoft Corporation) C:\Windows\system32\PeerDist.dll
2015-06-04 11:18 - 2015-06-04 11:18 - 00201216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srmstormod.dll
2015-06-04 11:18 - 2015-06-04 11:18 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\appmgmts.dll
2015-06-04 11:18 - 2015-06-04 11:18 - 00183808 _____ (Microsoft Corporation) C:\Windows\system32\PeerDistWSDDiscoProv.dll
2015-06-04 11:18 - 2015-06-04 11:18 - 00174592 _____ (Microsoft Corporation) C:\Windows\system32\srmshell.dll
2015-06-04 11:18 - 2015-06-04 11:18 - 00172544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PeerDist.dll
2015-06-04 11:18 - 2015-06-04 11:18 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\fveprompt.exe
2015-06-04 11:18 - 2015-06-04 11:18 - 00155648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appmgmts.dll
2015-06-04 11:18 - 2015-06-04 11:18 - 00147439 _____ C:\Windows\SysWOW64\gpedit.msc
2015-06-04 11:18 - 2015-06-04 11:18 - 00147439 _____ C:\Windows\system32\gpedit.msc
2015-06-04 11:18 - 2015-06-04 11:18 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\CscMig.dll
2015-06-04 11:18 - 2015-06-04 11:18 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\adrclient.dll
2015-06-04 11:18 - 2015-06-04 11:18 - 00134656 _____ (Microsoft Corporation) C:\Windows\system32\ddptrace.dll
2015-06-04 11:18 - 2015-06-04 11:18 - 00130560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srmshell.dll
2015-06-04 11:18 - 2015-06-04 11:18 - 00130560 _____ (Microsoft Corporation) C:\Windows\system32\BdeHdCfg.exe
2015-06-04 11:18 - 2015-06-04 11:18 - 00120458 _____ C:\Windows\system32\secpol.msc
2015-06-04 11:18 - 2015-06-04 11:18 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\baaupdate.exe
2015-06-04 11:18 - 2015-06-04 11:18 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\BdeHdCfgLib.dll
2015-06-04 11:18 - 2015-06-04 11:18 - 00103744 _____ (Microsoft Corporation) C:\Windows\system32\embeddedapplauncher.exe
2015-06-04 11:18 - 2015-06-04 11:18 - 00102912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adrclient.dll
2015-06-04 11:18 - 2015-06-04 11:18 - 00101888 _____ (Microsoft Corporation) C:\Windows\system32\BitLockerWizardElev.exe
2015-06-04 11:18 - 2015-06-04 11:18 - 00101888 _____ (Microsoft Corporation) C:\Windows\system32\BitLockerWizard.exe
2015-06-04 11:18 - 2015-06-04 11:18 - 00095232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpolmsg.dll
2015-06-04 11:18 - 2015-06-04 11:18 - 00095232 _____ (Microsoft Corporation) C:\Windows\system32\auditpolmsg.dll
2015-06-04 11:18 - 2015-06-04 11:18 - 00092992 _____ (Microsoft Corporation) C:\Windows\system32\KeyboardFilterSvc.dll
2015-06-04 11:18 - 2015-06-04 11:18 - 00090112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srmlib.dll
2015-06-04 11:18 - 2015-06-04 11:18 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\srmlib.dll
2015-06-04 11:18 - 2015-06-04 11:18 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\srmtrace.dll
2015-06-04 11:18 - 2015-06-04 11:18 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\AuditPolicyGPInterop.dll
2015-06-04 11:18 - 2015-06-04 11:18 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\PrintBrmUi.exe
2015-06-04 11:18 - 2015-06-04 11:18 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srmtrace.dll
2015-06-04 11:18 - 2015-06-04 11:18 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\ddp_ps.dll
2015-06-04 11:18 - 2015-06-04 11:18 - 00057856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AuditPolicyGPInterop.dll
2015-06-04 11:18 - 2015-06-04 11:18 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\PeerDistHttpTrans.dll
2015-06-04 11:18 - 2015-06-04 11:18 - 00043566 _____ C:\Windows\SysWOW64\rsop.msc
2015-06-04 11:18 - 2015-06-04 11:18 - 00043566 _____ C:\Windows\system32\rsop.msc
2015-06-04 11:18 - 2015-06-04 11:18 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\PeerDistAD.dll
2015-06-04 11:18 - 2015-06-04 11:18 - 00041280 _____ (Microsoft Corporation) C:\Windows\system32\KeyboardFilterCore.dll
2015-06-04 11:18 - 2015-06-04 11:18 - 00040256 _____ (Microsoft Corporation) C:\Windows\system32\EmbeddedAppLauncherConfig.dll
2015-06-04 11:18 - 2015-06-04 11:18 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\gpscript.dll
2015-06-04 11:18 - 2015-06-04 11:18 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\gpscript.exe
2015-06-04 11:18 - 2015-06-04 11:18 - 00034112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KeyboardFilterCore.dll
2015-06-04 11:18 - 2015-06-04 11:18 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpscript.dll
2015-06-04 11:18 - 2015-06-04 11:18 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\srm_ps.dll
2015-06-04 11:18 - 2015-06-04 11:18 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpscript.exe
2015-06-04 11:18 - 2015-06-04 11:18 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\qwinsta.exe
2015-06-04 11:18 - 2015-06-04 11:18 - 00027136 _____ (Microsoft Corporation) C:\Windows\system32\qprocess.exe
2015-06-04 11:18 - 2015-06-04 11:18 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\msg.exe
2015-06-04 11:18 - 2015-06-04 11:18 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\quser.exe
2015-06-04 11:18 - 2015-06-04 11:18 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\chgport.exe
2015-06-04 11:18 - 2015-06-04 11:18 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\tskill.exe
2015-06-04 11:18 - 2015-06-04 11:18 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\qappsrv.exe
2015-06-04 11:18 - 2015-06-04 11:18 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\tsdiscon.exe
2015-06-04 11:18 - 2015-06-04 11:18 - 00022272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kbldfltr.sys
2015-06-04 11:18 - 2015-06-04 11:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\tscon.exe
2015-06-04 11:18 - 2015-06-04 11:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\rwinsta.exe
2015-06-04 11:18 - 2015-06-04 11:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\chglogon.exe
2015-06-04 11:18 - 2015-06-04 11:18 - 00021504 _____ (Microsoft Corporation) C:\Windows\system32\logoff.exe
2015-06-04 11:18 - 2015-06-04 11:18 - 00021504 _____ (Microsoft Corporation) C:\Windows\system32\chgusr.exe
2015-06-04 11:18 - 2015-06-04 11:18 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\reset.exe
2015-06-04 11:18 - 2015-06-04 11:18 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\change.exe
2015-06-04 11:18 - 2015-06-04 11:18 - 00016384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srm_ps.dll
2015-06-04 11:18 - 2015-06-04 11:18 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\query.exe
2015-06-04 11:18 - 2015-06-04 11:18 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\BdeSysprep.dll
2015-06-04 11:18 - 2014-03-18 12:12 - 00035781 _____ C:\Windows\Professional.xml
2015-06-04 11:14 - 2015-06-04 11:15 - 00000000 ____D C:\Users\m1ck3y\AppData\Roaming\Skype
2015-06-04 11:14 - 2015-06-04 11:15 - 00000000 ____D C:\ProgramData\Skype
2015-06-04 11:14 - 2015-06-04 11:14 - 00000000 ____D C:\Users\m1ck3y\AppData\Local\Skype
2015-06-04 09:56 - 2015-06-04 11:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-03 16:59 - 2015-06-03 16:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-06-03 16:59 - 2015-06-03 16:59 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-06-03 16:59 - 2015-06-03 16:59 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-06-03 16:59 - 2015-01-06 05:01 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndproxy.sys
2015-06-03 16:59 - 2015-01-06 04:59 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wanarp.sys
2015-06-03 16:59 - 2015-01-06 03:12 - 00185856 _____ (Microsoft Corporation) C:\Windows\system32\rascfg.dll
2015-06-03 16:59 - 2015-01-06 03:02 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rascfg.dll
2015-06-03 16:58 - 2015-06-03 16:58 - 00825856 _____ (Microsoft Corporation) C:\Windows\system32\pmcsnap.dll
2015-06-03 16:58 - 2015-06-03 16:58 - 00260096 _____ (Microsoft Corporation) C:\Windows\system32\ppcsnap.dll
2015-06-03 16:58 - 2015-06-03 16:58 - 00146389 _____ C:\Windows\system32\printmanagement.msc
2015-06-03 16:58 - 2015-05-25 15:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-06-03 16:58 - 2015-05-25 15:07 - 01430528 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-06-03 16:58 - 2015-05-22 15:08 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-06-03 16:58 - 2015-05-21 15:08 - 01119232 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-06-03 16:58 - 2015-05-21 15:08 - 01020928 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-06-03 16:58 - 2015-05-21 15:08 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-06-03 16:58 - 2015-05-21 15:08 - 00422912 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-06-03 16:58 - 2015-05-21 15:08 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-06-03 16:58 - 2015-05-21 15:08 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-06-03 16:58 - 2015-05-16 00:01 - 00133288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-06-03 16:58 - 2015-05-15 23:05 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-06-03 16:58 - 2015-05-15 22:47 - 00355328 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-06-03 16:58 - 2015-05-15 22:23 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-06-03 16:58 - 2015-05-15 21:42 - 03682304 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-06-03 16:58 - 2015-05-15 21:32 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-06-03 16:58 - 2015-05-15 21:31 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-06-03 16:58 - 2015-05-15 21:28 - 02223104 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-06-03 16:58 - 2015-05-15 21:28 - 00408064 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-06-03 16:58 - 2015-05-15 21:28 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-06-03 16:58 - 2015-05-15 21:27 - 00891904 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-06-03 16:58 - 2015-05-15 21:21 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-06-03 16:58 - 2015-05-15 21:21 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-06-03 16:58 - 2015-05-15 21:19 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-06-03 16:58 - 2015-05-15 21:19 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-06-03 16:58 - 2015-04-17 00:07 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-06-03 16:58 - 2015-04-16 08:17 - 00325464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS
2015-06-03 16:58 - 2015-04-14 00:37 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\authz.dll
2015-06-03 16:58 - 2015-04-14 00:34 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authz.dll
2015-06-03 16:58 - 2015-04-10 02:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCore.dll
2015-06-03 16:58 - 2015-04-10 02:17 - 01018880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAutomationCore.dll
2015-06-03 16:58 - 2015-04-09 00:41 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rgb9rast.dll
2015-06-03 16:58 - 2015-04-09 00:07 - 00410336 _____ C:\Windows\system32\ApnDatabase.xml
2015-06-03 16:58 - 2015-04-02 00:42 - 03097600 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2015-06-03 16:58 - 2015-04-02 00:30 - 02483712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2015-06-03 16:58 - 2015-04-01 06:21 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2015-06-03 16:58 - 2015-04-01 06:18 - 00468480 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2015-06-03 16:58 - 2015-04-01 06:17 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2015-06-03 16:58 - 2015-04-01 06:08 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2015-06-03 16:58 - 2015-04-01 05:46 - 03633664 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2015-06-03 16:58 - 2015-04-01 05:17 - 02551808 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2015-06-03 16:58 - 2015-04-01 05:17 - 00903168 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2015-06-03 16:58 - 2015-04-01 04:53 - 00391680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2015-06-03 16:58 - 2015-04-01 04:53 - 00272896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2015-06-03 16:58 - 2015-04-01 04:45 - 02749952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2015-06-03 16:58 - 2015-04-01 04:45 - 00699392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2015-06-03 16:58 - 2015-04-01 04:14 - 01920000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2015-06-03 16:58 - 2015-04-01 04:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2015-06-03 16:58 - 2015-03-20 05:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\compstui.dll
2015-06-03 16:58 - 2015-03-20 05:08 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2015-06-03 16:58 - 2015-03-20 04:37 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2015-06-03 16:58 - 2015-03-20 04:07 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2015-06-03 16:58 - 2015-03-02 03:43 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\rastapi.dll
2015-06-03 16:58 - 2015-03-02 03:21 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastapi.dll
2015-06-03 16:49 - 2015-06-03 16:49 - 00000000 ____D C:\Users\m1ck3y\AppData\Local\GWX
2015-06-01 21:36 - 2015-05-28 05:52 - 00571024 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-06-01 21:35 - 2015-05-28 09:04 - 42719888 _____ C:\Windows\system32\nvcompiler.dll
2015-06-01 21:35 - 2015-05-28 09:04 - 37741712 _____ C:\Windows\SysWOW64\nvcompiler.dll
2015-06-01 21:35 - 2015-05-28 09:04 - 30480528 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-06-01 21:35 - 2015-05-28 09:04 - 22946960 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-06-01 21:35 - 2015-05-28 09:04 - 17486856 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-06-01 21:35 - 2015-05-28 09:04 - 16185352 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-06-01 21:35 - 2015-05-28 09:04 - 15864064 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-06-01 21:35 - 2015-05-28 09:04 - 14987528 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-06-01 21:35 - 2015-05-28 09:04 - 14495448 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-06-01 21:35 - 2015-05-28 09:04 - 13304280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-06-01 21:35 - 2015-05-28 09:04 - 12852152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-06-01 21:35 - 2015-05-28 09:04 - 11830512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-06-01 21:35 - 2015-05-28 09:04 - 10995528 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-06-01 21:35 - 2015-05-28 09:04 - 03379680 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-06-01 21:35 - 2015-05-28 09:04 - 02986392 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-06-01 21:35 - 2015-05-28 09:04 - 02932368 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-06-01 21:35 - 2015-05-28 09:04 - 02599056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-06-01 21:35 - 2015-05-28 09:04 - 01898312 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435306.dll
2015-06-01 21:35 - 2015-05-28 09:04 - 01557832 _____ (NVIDIA Corporation) C:\Windows\system32\nvmcvadgenco64.dll
2015-06-01 21:35 - 2015-05-28 09:04 - 01557832 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435306.dll
2015-06-01 21:35 - 2015-05-28 09:04 - 01099808 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-06-01 21:35 - 2015-05-28 09:04 - 01059984 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-06-01 21:35 - 2015-05-28 09:04 - 01050440 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-06-01 21:35 - 2015-05-28 09:04 - 00982856 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-06-01 21:35 - 2015-05-28 09:04 - 00974480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-06-01 21:35 - 2015-05-28 09:04 - 00939080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-06-01 21:35 - 2015-05-28 09:04 - 00878816 _____ C:\Windows\system32\nvmcumd.dll
2015-06-01 21:35 - 2015-05-28 09:04 - 00503408 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-06-01 21:35 - 2015-05-28 09:04 - 00408208 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-06-01 21:35 - 2015-05-28 09:04 - 00407112 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-06-01 21:35 - 2015-05-28 09:04 - 00364176 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-06-01 21:35 - 2015-05-28 09:04 - 00175880 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-06-01 21:35 - 2015-05-28 09:04 - 00154256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-06-01 21:35 - 2015-05-28 09:04 - 00150648 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-06-01 21:35 - 2015-05-28 09:04 - 00128512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-06-01 21:35 - 2015-05-28 09:04 - 00117576 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcaparm.dll
2015-06-01 21:35 - 2015-05-28 09:04 - 00039056 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvadarm.sys
2015-06-01 21:35 - 2015-05-28 09:04 - 00030966 _____ C:\Windows\system32\nvinfo.pb
2015-06-01 11:54 - 2015-06-01 11:54 - 00000000 ____D C:\Users\m1ck3y\Documents\My Games
2015-06-01 10:59 - 2015-06-04 19:29 - 00000244 _____ C:\Users\m1ck3y\Desktop\Murdered Soul Suspect.url
2015-06-01 10:59 - 2015-06-01 10:59 - 00000000 ____D C:\Users\m1ck3y\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-06-01 10:57 - 2015-06-01 10:57 - 00000000 ____D C:\Users\m1ck3y\AppData\Local\Steam
2015-06-01 10:55 - 2015-06-11 14:45 - 00000000 ____D C:\Program Files (x86)\Steam
2015-06-01 10:55 - 2015-06-01 10:55 - 00000979 _____ C:\Users\Public\Desktop\Steam.lnk
2015-06-01 10:55 - 2015-06-01 10:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2015-06-01 07:02 - 2015-06-01 07:02 - 00000295 _____ C:\Users\l3jlah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Papierkorb.lnk
2015-05-31 21:04 - 2015-05-23 03:47 - 01571696 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-05-31 21:04 - 2015-05-23 03:47 - 01320304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-05-31 21:03 - 2015-06-01 21:35 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-05-31 21:03 - 2015-04-03 15:21 - 00052880 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2015-05-31 21:03 - 2015-04-03 15:21 - 00048784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2015-05-31 21:03 - 2015-04-03 15:21 - 00038032 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2015-05-31 11:43 - 2015-05-31 11:43 - 00003312 _____ C:\Windows\System32\Tasks\GlaryInitialize 5
2015-05-31 11:43 - 2015-05-31 11:43 - 00002970 _____ C:\Windows\System32\Tasks\GU5SkipUAC
2015-05-30 16:16 - 2015-05-31 15:21 - 00000000 ____D C:\ProgramData\Steam
2015-05-22 15:42 - 2015-05-23 14:52 - 00000000 ____D C:\Users\m1ck3y\AppData\Roaming\dvdcss
2015-05-21 15:00 - 2015-05-21 15:00 - 00000000 ____D C:\Users\m1ck3y\AppData\Roaming\Thinstall
2015-05-21 15:00 - 2015-05-21 15:00 - 00000000 ____D C:\Users\m1ck3y\AppData\Local\Thinstall
2015-05-20 11:22 - 2015-05-20 11:22 - 00000982 _____ C:\Users\m1ck3y\Desktop\Family Rules.lnk
2015-05-19 07:38 - 2015-05-19 07:52 - 00014782 _____ C:\Users\l3jlah\Desktop\VerbenArtikel.xlsx
2015-05-19 07:38 - 2015-05-19 07:38 - 00000000 ____D C:\Users\l3jlah\Documents\Benutzerdefinierte Office-Vorlagen
2015-05-18 20:04 - 2015-05-28 06:15 - 00062608 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-05-18 20:04 - 2015-05-13 08:52 - 01558848 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2015-05-18 20:04 - 2015-05-13 08:52 - 00195912 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2015-05-18 20:04 - 2015-05-13 08:52 - 00031552 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2015-05-18 20:04 - 2015-05-12 08:27 - 01898312 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435286.dll
2015-05-18 20:04 - 2015-05-12 08:27 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435286.dll
2015-05-15 09:12 - 2015-05-15 09:12 - 00036352 ___SH C:\Users\l3jlah\Desktop\Thumbs.db
2015-05-13 08:35 - 2015-05-01 01:05 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-13 08:35 - 2015-05-01 00:48 - 00358912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-13 08:35 - 2015-04-21 18:13 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2015-05-13 08:35 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-13 08:35 - 2015-04-21 17:28 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-05-13 08:35 - 2015-04-10 03:00 - 01996800 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-13 08:35 - 2015-04-10 02:50 - 01387008 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-13 08:35 - 2015-04-10 02:34 - 02256896 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-05-13 08:35 - 2015-04-10 02:26 - 01560576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-13 08:35 - 2015-04-10 02:11 - 01943040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-05-13 08:35 - 2015-04-09 00:55 - 00410128 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-13 08:35 - 2015-04-03 02:35 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\PhotoMetadataHandler.dll
2015-05-13 08:35 - 2015-04-03 02:14 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PhotoMetadataHandler.dll
2015-05-13 08:35 - 2015-04-02 00:22 - 02985984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbgeng.dll
2015-05-13 08:35 - 2015-04-02 00:20 - 04417536 _____ (Microsoft Corporation) C:\Windows\system32\dbgeng.dll
2015-05-13 08:35 - 2015-04-01 05:45 - 01491456 _____ (Microsoft Corporation) C:\Windows\system32\dbghelp.dll
2015-05-13 08:35 - 2015-04-01 04:31 - 01207296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbghelp.dll
2015-05-13 08:35 - 2015-03-30 07:47 - 00561928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-05-13 08:35 - 2015-03-27 05:27 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-13 08:35 - 2015-03-27 04:50 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-13 08:35 - 2015-03-27 04:48 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-13 08:35 - 2015-03-20 03:56 - 00080384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys
2015-05-13 08:35 - 2015-03-17 19:26 - 00467776 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2015-05-13 08:35 - 2015-03-13 06:03 - 00239424 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2015-05-13 08:35 - 2015-03-13 06:03 - 00154432 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2015-05-13 08:35 - 2015-03-13 04:02 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys
2015-05-13 08:35 - 2015-03-13 03:11 - 02162176 _____ (Microsoft Corporation) C:\Windows\system32\SRH.dll
2015-05-13 08:35 - 2015-03-13 02:39 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRH.dll
2015-05-13 08:35 - 2015-03-11 03:49 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-13 08:35 - 2015-03-11 03:09 - 00021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-13 08:35 - 2015-03-09 04:02 - 00057856 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\bthhfenum.sys
2015-05-13 08:35 - 2015-03-06 05:08 - 02067968 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-13 08:35 - 2015-03-06 04:47 - 01696256 _____ (Microsoft Corporation) C:\Windows\system32\wevtsvc.dll
2015-05-13 08:35 - 2015-03-06 04:43 - 01969664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-13 08:35 - 2015-03-04 03:32 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Input.Inking.dll
2015-05-13 08:35 - 2015-03-04 03:12 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Input.Inking.dll
2015-05-13 08:35 - 2015-02-18 01:19 - 00186368 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2015-05-13 08:35 - 2015-01-30 02:53 - 02819584 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-11 15:44 - 2015-04-06 18:27 - 00000000 ____D C:\Users\m1ck3y\AppData\Local\JDownloader v2.0
2015-06-11 15:35 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\sru
2015-06-11 15:33 - 2015-04-15 21:45 - 00000000 ____D C:\Program Files (x86)\Glary Utilities 5
2015-06-11 15:32 - 2015-04-06 17:08 - 00000000 __SHD C:\Users\m1ck3y\AppData\Local\EmieBrowserModeList
2015-06-11 15:32 - 2015-04-06 14:59 - 00000000 __SHD C:\Users\m1ck3y\AppData\Local\EmieUserList
2015-06-11 15:32 - 2015-04-06 14:59 - 00000000 __SHD C:\Users\m1ck3y\AppData\Local\EmieSiteList
2015-06-11 15:32 - 2014-03-18 12:03 - 01686150 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-11 15:32 - 2014-03-18 11:25 - 00726688 _____ C:\Windows\system32\perfh007.dat
2015-06-11 15:32 - 2014-03-18 11:25 - 00151380 _____ C:\Windows\system32\perfc007.dat
2015-06-11 15:31 - 2015-04-13 20:50 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-11 15:31 - 2015-04-06 14:32 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1474457362-1224508852-2511664465-1001
2015-06-11 15:25 - 2015-04-06 14:37 - 00000000 ____D C:\ProgramData\NVIDIA
2015-06-11 15:25 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-11 15:16 - 2015-04-06 17:05 - 00000000 ___HD C:\temp
2015-06-11 15:10 - 2015-04-06 18:32 - 00000000 ____D C:\Program Files\VideoLAN
2015-06-11 14:59 - 2015-04-06 18:25 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-11 14:54 - 2015-04-06 14:59 - 00003926 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{2E756853-EE45-40C9-9F7F-0E07554DD0BE}
2015-06-11 14:29 - 2015-04-06 18:34 - 00000000 ____D C:\ProgramData\Origin
2015-06-11 12:41 - 2015-04-06 18:25 - 00003772 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-06-11 12:41 - 2015-04-06 18:25 - 00000000 ____D C:\Users\m1ck3y\AppData\Local\Adobe
2015-06-10 22:45 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-06-10 16:20 - 2015-04-15 21:43 - 00347872 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-10 16:19 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-06-10 16:11 - 2015-04-06 22:04 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1474457362-1224508852-2511664465-1004
2015-06-10 15:52 - 2015-04-06 19:49 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-10 15:50 - 2015-04-06 15:44 - 00000000 ____D C:\Windows\system32\MRT
2015-06-10 15:49 - 2015-04-06 15:44 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-10 15:49 - 2013-08-22 17:20 - 00000000 ____D C:\Windows\CbsTemp
2015-06-10 15:48 - 2015-04-06 19:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-06-10 12:29 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\AppReadiness
2015-06-05 04:57 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\rescache
2015-06-04 11:26 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\restore
2015-06-04 11:26 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\security
2015-06-04 11:02 - 2015-04-06 17:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-03 17:00 - 2015-04-06 16:47 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-06-03 17:00 - 2015-04-06 16:47 - 00000000 ____D C:\Windows\system32\appraiser
2015-06-03 17:00 - 2013-08-22 17:36 - 00000000 ___RD C:\Windows\ToastData
2015-06-02 20:46 - 2015-04-06 18:36 - 00000000 ____D C:\Users\m1ck3y\AppData\Roaming\Origin
2015-06-02 09:10 - 2015-04-06 21:59 - 00000000 ____D C:\Users\l3jlah\AppData\Roaming\Origin
2015-06-02 09:10 - 2015-04-06 18:33 - 00000000 ____D C:\Program Files (x86)\Origin
2015-06-01 21:36 - 2015-04-06 18:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-06-01 21:36 - 2015-04-06 14:37 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-05-31 11:44 - 2015-04-15 21:45 - 00001118 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2015-05-28 09:04 - 2015-04-06 14:37 - 00112968 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-05-28 09:04 - 2015-04-06 14:37 - 00105288 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-05-28 06:15 - 2015-04-06 14:37 - 06872904 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-05-28 06:15 - 2015-04-06 14:37 - 03491984 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-05-28 06:15 - 2015-04-06 14:37 - 02558608 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-05-28 06:15 - 2015-04-06 14:37 - 00937288 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-05-28 06:15 - 2015-04-06 14:37 - 00385168 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-05-27 12:48 - 2015-04-06 14:37 - 04408727 _____ C:\Windows\system32\nvcoproc.bin
2015-05-23 10:51 - 2015-04-06 14:26 - 00000000 ____D C:\Users\m1ck3y
2015-05-23 03:47 - 2015-04-06 18:13 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-05-23 03:47 - 2015-04-06 18:13 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-05-20 11:23 - 2015-04-06 18:36 - 00000000 ____D C:\Users\m1ck3y\AppData\Local\Origin
2015-05-15 09:33 - 2015-04-07 19:47 - 00000000 ____D C:\Users\l3jlah\Documents\Electronic Arts
2015-05-13 11:40 - 2013-08-22 17:36 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2015-05-13 11:40 - 2013-08-22 15:36 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2015-05-13 10:54 - 2014-03-18 11:40 - 00000000 ____D C:\Program Files\Windows Journal

Some files in TEMP:
====================
C:\Users\m1ck3y\AppData\Local\Temp\proxy_vole4261940663973096191.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-06 20:35

==================== End of log ============================
--- --- ---


Addition [CODE]Additional
FRST Logfile:
Code:
scan result of Farbar Recovery Scan Tool (x64) Version:08-06-2015
Ran by m1ck3y at 2015-06-11 15:45:29
Running from B:\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1474457362-1224508852-2511664465-500 - Administrator - Disabled)
Gast (S-1-5-21-1474457362-1224508852-2511664465-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1474457362-1224508852-2511664465-1003 - Limited - Enabled)
l3jlah (S-1-5-21-1474457362-1224508852-2511664465-1004 - Limited - Enabled) => C:\Users\l3jlah
m1ck3y (S-1-5-21-1474457362-1224508852-2511664465-1001 - Administrator - Enabled) => C:\Users\m1ck3y

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.160 - Adobe Systems Incorporated)
Apple Application Support (32-Bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS GPU Tweak (HKLM-x32\...\InstallShield_{532F6E8A-AF97-41C3-915F-39F718EC07D1}) (Version: 2.6.8.3 - ASUSTek COMPUTER INC.)
ASUS GPU Tweak (x32 Version: 2.6.8.3 - ASUSTek COMPUTER INC.) Hidden
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.4.2.25648 - Electronic Arts)
Battlefield™ Hardline (HKLM-x32\...\{CB4AC3DA-8CC1-4516-86DA-4078B57DB229}) (Version: 1.0.0.2 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.6.2 - EA Digital Illusions CE AB)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Core Temp 1.0 RC6 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
CPUID CPU-Z 1.72 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
Express Gate (HKLM-x32\...\{99AD9D6D-A456-49EE-8360-F22EE7AA1272}) (Version: 1.4.10.8 - DeviceVM, Inc.)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Glary Utilities PRO 5.26 (HKLM-x32\...\Glary Utilities 5) (Version: 5.26.0.45 - Glarysoft Ltd)
GPUTweakStreaming (HKLM-x32\...\InstallShield_{D2A41AA7-4313-43D5-AA39-7E3FBBE0556D}) (Version: 1.0.3.5 - ASUS)
GPUTweakStreaming (x32 Version: 1.0.3.5 - ASUS) Hidden
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
JMicron JMB36X Driver (HKLM-x32\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.00.0000 - JMICRON Technology Corp.)
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Proofing Tools 2013 - English (HKLM\...\{90150000-001F-0409-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Mozilla Firefox 38.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 de)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 37.0.1 - Mozilla)
MURDERED: SOUL SUSPECT™ (HKLM-x32\...\Steam App 233290) (Version:  - Airtight Games)
Nettv+ Player 4 (HKU\S-1-5-21-1474457362-1224508852-2511664465-1001\...\Nettv+ Player 4) (Version: 00.04.06.01 - nettvplus)
NVIDIA 3D Vision Controller-Treiber 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 353.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 353.06 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.4.5.28 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.5.28 - NVIDIA Corporation)
NVIDIA Grafiktreiber 353.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.06 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA Miracast Virtueller Ton 353.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 353.06 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.5.11.2855 - Electronic Arts, Inc.)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Platform (x32 Version: 1.34 - VIA Technologies, Inc.) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version:  - Microsoft)
SHIELD Streaming (Version: 4.1.2000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.4.5.28 - NVIDIA Corporation) Hidden
SSD Fresh (HKLM-x32\...\SSD Fresh_is1) (Version: 2015 - Abelssoft)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.7.65.1020 - Electronic Arts Inc.)
TreeSize Professional V6.1.1 (64 bit) (HKLM\...\TreeSize Professional_is1) (Version: 6.1.1 - JAM Software)
Update for Skype for Business 2015 (KB2889853) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0407-0000-0000000FF1CE}_Office15.PROPLUS_{0C5B0539-7EDE-4297-947E-48890971B557}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3054791) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{04ADDEC1-208F-4295-AA61-16789EA56814}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3054791) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUS_{04ADDEC1-208F-4295-AA61-16789EA56814}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3054791) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0407-0000-0000000FF1CE}_Office15.PROPLUS_{04ADDEC1-208F-4295-AA61-16789EA56814}) (Version:  - Microsoft)
VIA Plattform-Geräte-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

04-06-2015 11:38:19 Windows Update
08-06-2015 15:10:34 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-06-11 15:24 - 2015-06-11 15:24 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost
::1      localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01715C8D-9566-45AD-BE02-BE7EA7478F8B} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {087C4BD6-9018-45DE-AD96-915B616C50E0} - System32\Tasks\GU5SkipUAC => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe [2015-05-25] (Glarysoft Ltd)
Task: {0A741225-6B9D-470A-B73A-D309C6A4F34E} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2015-05-25] (Glarysoft Ltd)
Task: {22E9B6C9-A4C0-41E2-8401-6CCCFA4668F6} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {40C74B36-95DC-44E8-96F1-6031486BF6D3} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {6DC08257-9D30-439D-90D2-74DE31162F69} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-11] (Adobe Systems Incorporated)
Task: {7C66CFBC-3517-4299-BBEF-9B1C0C851990} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-06-10] (Microsoft Corporation)
Task: {9A71BA07-BA9E-4841-807D-7D3E21EDCADE} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {A42B8AC5-5972-4489-AF98-5F43B03AE19B} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-06] (Microsoft Corporation)
Task: {A5F4E90E-A039-4713-804B-2095A05CCF17} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {BDB163E1-9280-4EE6-8B47-39ECC54A1564} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {C7062845-7235-444C-B709-BAB4D554302A} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattel\DiagTrackRunner.exe [2015-03-16] (Microsoft Corporation)
Task: {CAD9F925-2480-4A1A-BE8E-CBBE34CC1E5D} - System32\Tasks\{93906159-D190-4A12-89B3-99C3C7FF8853} => Firefox.exe hxxp://ui.skype.com/ui/0/7.0.0.102/de/abandoninstall?page=tsMain
Task: {CCDF18BE-AD00-4166-AF5D-B6107E56E042} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E8799797-0243-49C2-901E-294EDD2FDB86} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (Whitelisted) ==============

2015-04-06 14:37 - 2015-05-28 06:15 - 00116368 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-02-13 04:20 - 2015-02-13 04:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-02-13 04:20 - 2015-02-13 04:20 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-01-17 11:24 - 2012-01-17 11:24 - 00055296 _____ () C:\Windows\SysWOW64\ASGT.exe
2015-05-02 17:37 - 2015-05-02 17:37 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe
2015-04-06 18:51 - 2015-05-23 03:48 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:6DAA43DB

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1474457362-1224508852-2511664465-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\m1ck3y\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.0.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1474457362-1224508852-2511664465-1001\...\StartupApproved\Run: => "GUDelayStartup"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{EE5F1B2B-FD6B-4289-A443-89DD4EDBA255}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BC57A823-65AB-4CF4-81A5-4397D403B0C8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{20CFE133-858C-483B-90F6-A62848705982}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{5BACF746-3A0D-471C-AADB-716BAE707473}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{FA5645B4-9D7E-4DA8-AA7E-ACDF03230E62}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{757E3ECD-4FAE-474C-8274-9B8E56034E3C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{F0AD1B22-277E-4036-99BA-93C1E6F5D03A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{2E5525A1-8971-4D6E-8A1C-B6775DC5CD6B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{EB3DDB49-08BE-47DF-B49C-A44F45F945E5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2D93F1A6-8D6A-49DA-94A4-0EB300ADDF50}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0E28BA78-849F-4F98-8FA8-47C5580439C7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{089453E5-A325-4510-A3A7-2CE6F84BACFD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{0725BB5E-DE50-4768-B00B-696DC11C11E2}B:\utorrentportable\app\utorrent\utorrent.exe] => (Allow) B:\utorrentportable\app\utorrent\utorrent.exe
FirewallRules: [UDP Query User{5A573F04-D4B6-4533-A3B6-C022F194F63A}B:\utorrentportable\app\utorrent\utorrent.exe] => (Allow) B:\utorrentportable\app\utorrent\utorrent.exe
FirewallRules: [{160AD135-2725-491F-8F75-F31F6D5F6E7E}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{8316E254-1322-4644-AC7A-308BE417D771}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{73E8FA17-A315-45EF-8F37-12BF5E58DE6F}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{0A58A6DC-9750-486D-B607-2AC4C7B2918B}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{5C2413FA-D3E6-45AC-8651-C774AAE5E876}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{22B6FB25-5B54-493F-BA16-66EF244A33BD}] => (Allow) B:\Games\BFH\bfh.exe
FirewallRules: [{A7C39749-A562-404E-977D-31235D9D1A57}] => (Allow) B:\Games\BFH\bfh.exe
FirewallRules: [{41571559-B0BF-46B8-A315-9A0A36D50E45}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{E9381C00-E42D-4D9B-8100-4FFD45FF0EE2}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{2FD068D1-48C5-4F0F-AE53-CA1005FB1C17}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{A230B875-F867-4766-A301-C3B206511B01}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{27658D24-2566-471E-9867-7347A635178D}] => (Allow) B:\Games\Battlefield 4\bf4_x86.exe
FirewallRules: [{8B7C616D-640A-4967-BC21-FAE5467BC892}] => (Allow) B:\Games\Battlefield 4\bf4_x86.exe
FirewallRules: [{DF525BFE-E1E9-4AB9-96D3-2E885CB13947}] => (Allow) B:\Games\Battlefield 4\bf4.exe
FirewallRules: [{11465CD7-8E0F-429E-95D2-D70088B59064}] => (Allow) B:\Games\Battlefield 4\bf4.exe
FirewallRules: [TCP Query User{ECD97465-167F-4EFB-AAE2-1D7D0756ECA8}B:\downloads\nero 2015 platinum v16.0.03000 portable\nero 2015.exe] => (Block) B:\downloads\nero 2015 platinum v16.0.03000 portable\nero 2015.exe
FirewallRules: [UDP Query User{3E3B7004-3FF0-4F1D-9819-FEE379CB8D23}B:\downloads\nero 2015 platinum v16.0.03000 portable\nero 2015.exe] => (Block) B:\downloads\nero 2015 platinum v16.0.03000 portable\nero 2015.exe
FirewallRules: [TCP Query User{5FA87220-2D09-46AE-A7A4-B54D10DBE921}B:\games\murdered - soul suspect\binaries\win64\murdered.exe] => (Block) B:\games\murdered - soul suspect\binaries\win64\murdered.exe
FirewallRules: [UDP Query User{F805E380-ECA9-4720-9287-9584A2AC7357}B:\games\murdered - soul suspect\binaries\win64\murdered.exe] => (Block) B:\games\murdered - soul suspect\binaries\win64\murdered.exe
FirewallRules: [TCP Query User{8B91D930-1B30-4706-AB04-1C7DBF6ACE83}B:\games\murdered soul suspect\binaries\win64\murdered.exe] => (Block) B:\games\murdered soul suspect\binaries\win64\murdered.exe
FirewallRules: [UDP Query User{E092324B-8864-4C01-A5C0-1246F7994884}B:\games\murdered soul suspect\binaries\win64\murdered.exe] => (Block) B:\games\murdered soul suspect\binaries\win64\murdered.exe
FirewallRules: [{8C2E5D3E-6D7D-44B6-AB75-84C3B86954A2}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{21B3B0A9-493F-4198-899C-8B8085F9F462}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{7E7FB344-EACD-4165-96C4-CE1DF3D13F37}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{BF536E74-5595-4856-A692-7B33563F7B4F}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{1F530096-A364-41C6-A888-9909816CECBF}] => (Allow) B:\Games\Murdered Soul Suspect\steamapps\common\Murdered Soul Suspect\Binaries\Win64\Murdered.exe
FirewallRules: [{426744FF-EBAE-4783-8BD7-1766E2B2746E}] => (Allow) B:\Games\Murdered Soul Suspect\steamapps\common\Murdered Soul Suspect\Binaries\Win64\Murdered.exe
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [{6643E035-C6EC-42FB-90AE-9D815D297252}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{974816C3-298E-447E-A6EC-27FB942BC4F6}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/11/2015 03:26:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: VDeck.exe, Version: 7.3.0.30, Zeitstempel: 0x4a695333
Name des fehlerhaften Moduls: VDeck.exe, Version: 7.3.0.30, Zeitstempel: 0x4a695333
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000280a0
ID des fehlerhaften Prozesses: 0x12bc
Startzeit der fehlerhaften Anwendung: 0xVDeck.exe0
Pfad der fehlerhaften Anwendung: VDeck.exe1
Pfad des fehlerhaften Moduls: VDeck.exe2
Berichtskennung: VDeck.exe3
Vollständiger Name des fehlerhaften Pakets: VDeck.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: VDeck.exe5

Error: (06/11/2015 03:17:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: VDeck.exe, Version: 7.3.0.30, Zeitstempel: 0x4a695333
Name des fehlerhaften Moduls: VDeck.exe, Version: 7.3.0.30, Zeitstempel: 0x4a695333
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000280a0
ID des fehlerhaften Prozesses: 0x121c
Startzeit der fehlerhaften Anwendung: 0xVDeck.exe0
Pfad der fehlerhaften Anwendung: VDeck.exe1
Pfad des fehlerhaften Moduls: VDeck.exe2
Berichtskennung: VDeck.exe3
Vollständiger Name des fehlerhaften Pakets: VDeck.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: VDeck.exe5

Error: (06/11/2015 03:11:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: VDeck.exe, Version: 7.3.0.30, Zeitstempel: 0x4a695333
Name des fehlerhaften Moduls: VDeck.exe, Version: 7.3.0.30, Zeitstempel: 0x4a695333
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000280a0
ID des fehlerhaften Prozesses: 0x1254
Startzeit der fehlerhaften Anwendung: 0xVDeck.exe0
Pfad der fehlerhaften Anwendung: VDeck.exe1
Pfad des fehlerhaften Moduls: VDeck.exe2
Berichtskennung: VDeck.exe3
Vollständiger Name des fehlerhaften Pakets: VDeck.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: VDeck.exe5

Error: (06/11/2015 03:10:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_DiagTrack, Version: 6.3.9600.17415, Zeitstempel: 0x54504177
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17736, Zeitstempel: 0x550f4336
Ausnahmecode: 0xc000000d
Fehleroffset: 0x0000000000101e60
ID des fehlerhaften Prozesses: 0x59c
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_DiagTrack0
Pfad der fehlerhaften Anwendung: svchost.exe_DiagTrack1
Pfad des fehlerhaften Moduls: svchost.exe_DiagTrack2
Berichtskennung: svchost.exe_DiagTrack3
Vollständiger Name des fehlerhaften Pakets: svchost.exe_DiagTrack4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: svchost.exe_DiagTrack5

Error: (06/11/2015 02:49:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: VDeck.exe, Version: 7.3.0.30, Zeitstempel: 0x4a695333
Name des fehlerhaften Moduls: VDeck.exe, Version: 7.3.0.30, Zeitstempel: 0x4a695333
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000280a0
ID des fehlerhaften Prozesses: 0x123c
Startzeit der fehlerhaften Anwendung: 0xVDeck.exe0
Pfad der fehlerhaften Anwendung: VDeck.exe1
Pfad des fehlerhaften Moduls: VDeck.exe2
Berichtskennung: VDeck.exe3
Vollständiger Name des fehlerhaften Pakets: VDeck.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: VDeck.exe5

Error: (06/11/2015 02:29:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: VDeck.exe, Version: 7.3.0.30, Zeitstempel: 0x4a695333
Name des fehlerhaften Moduls: VDeck.exe, Version: 7.3.0.30, Zeitstempel: 0x4a695333
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000280a0
ID des fehlerhaften Prozesses: 0xc28
Startzeit der fehlerhaften Anwendung: 0xVDeck.exe0
Pfad der fehlerhaften Anwendung: VDeck.exe1
Pfad des fehlerhaften Moduls: VDeck.exe2
Berichtskennung: VDeck.exe3
Vollständiger Name des fehlerhaften Pakets: VDeck.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: VDeck.exe5

Error: (06/11/2015 01:58:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: TS4.exe, Version: 1.7.65.1020, Zeitstempel: 0x555636ec
Name des fehlerhaften Moduls: TS4.exe, Version: 1.7.65.1020, Zeitstempel: 0x555636ec
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00935be3
ID des fehlerhaften Prozesses: 0x13bc
Startzeit der fehlerhaften Anwendung: 0xTS4.exe0
Pfad der fehlerhaften Anwendung: TS4.exe1
Pfad des fehlerhaften Moduls: TS4.exe2
Berichtskennung: TS4.exe3
Vollständiger Name des fehlerhaften Pakets: TS4.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: TS4.exe5

Error: (06/11/2015 00:37:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: VDeck.exe, Version: 7.3.0.30, Zeitstempel: 0x4a695333
Name des fehlerhaften Moduls: VDeck.exe, Version: 7.3.0.30, Zeitstempel: 0x4a695333
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000280a0
ID des fehlerhaften Prozesses: 0x130c
Startzeit der fehlerhaften Anwendung: 0xVDeck.exe0
Pfad der fehlerhaften Anwendung: VDeck.exe1
Pfad des fehlerhaften Moduls: VDeck.exe2
Berichtskennung: VDeck.exe3
Vollständiger Name des fehlerhaften Pakets: VDeck.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: VDeck.exe5

Error: (06/11/2015 08:11:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_DiagTrack, Version: 6.3.9600.17415, Zeitstempel: 0x54504177
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17736, Zeitstempel: 0x550f4336
Ausnahmecode: 0xc000000d
Fehleroffset: 0x0000000000101e60
ID des fehlerhaften Prozesses: 0x5c0
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_DiagTrack0
Pfad der fehlerhaften Anwendung: svchost.exe_DiagTrack1
Pfad des fehlerhaften Moduls: svchost.exe_DiagTrack2
Berichtskennung: svchost.exe_DiagTrack3
Vollständiger Name des fehlerhaften Pakets: svchost.exe_DiagTrack4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: svchost.exe_DiagTrack5

Error: (06/11/2015 06:57:36 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: TS4.exe, Version: 1.7.65.1020, Zeitstempel: 0x555636ec
Name des fehlerhaften Moduls: TS4.exe, Version: 1.7.65.1020, Zeitstempel: 0x555636ec
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00976c6a
ID des fehlerhaften Prozesses: 0xfbc
Startzeit der fehlerhaften Anwendung: 0xTS4.exe0
Pfad der fehlerhaften Anwendung: TS4.exe1
Pfad des fehlerhaften Moduls: TS4.exe2
Berichtskennung: TS4.exe3
Vollständiger Name des fehlerhaften Pakets: TS4.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: TS4.exe5


System errors:
=============
Error: (06/11/2015 03:25:51 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Die Initialisierung des Speicherabbildes ist fehlgeschlagen.

Error: (06/11/2015 03:24:01 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Stereoscopic 3D Driver Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (06/11/2015 03:16:51 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Die Initialisierung des Speicherabbildes ist fehlgeschlagen.

Error: (06/11/2015 03:10:42 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Die Initialisierung des Speicherabbildes ist fehlgeschlagen.

Error: (06/11/2015 03:10:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Diagnostics Tracking Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (06/11/2015 02:49:31 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Die Initialisierung des Speicherabbildes ist fehlgeschlagen.

Error: (06/11/2015 02:29:29 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: {5DC4F9AD-3A2B-4DF4-AC39-3FF5A19FCF4C}

Error: (06/11/2015 00:37:15 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Die Initialisierung des Speicherabbildes ist fehlgeschlagen.

Error: (06/11/2015 08:11:04 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Diagnostics Tracking Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (06/11/2015 06:48:42 AM) (Source: volmgr) (EventID: 46) (User: )
Description: Die Initialisierung des Speicherabbildes ist fehlgeschlagen.


Microsoft Office:
=========================
Error: (06/11/2015 03:26:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: VDeck.exe7.3.0.304a695333VDeck.exe7.3.0.304a695333c000000500000000000280a012bc01d0a44a2f0fbb3cC:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exeC:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe6d22cab3-103d-11e5-835b-90e6babca255

Error: (06/11/2015 03:17:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: VDeck.exe7.3.0.304a695333VDeck.exe7.3.0.304a695333c000000500000000000280a0121c01d0a448ebc540bcC:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exeC:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe29d853bd-103c-11e5-835a-90e6babca255

Error: (06/11/2015 03:11:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: VDeck.exe7.3.0.304a695333VDeck.exe7.3.0.304a695333c000000500000000000280a0125401d0a448105e6652C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exeC:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe4e7178d1-103b-11e5-8359-90e6babca255

Error: (06/11/2015 03:10:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_DiagTrack6.3.9600.1741554504177ntdll.dll6.3.9600.17736550f4336c000000d0000000000101e6059c01d0a4451298b711C:\Windows\System32\svchost.exeC:\Windows\SYSTEM32\ntdll.dll32d98c11-103b-11e5-8358-90e6babca255

Error: (06/11/2015 02:49:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: VDeck.exe7.3.0.304a695333VDeck.exe7.3.0.304a695333c000000500000000000280a0123c01d0a4451a3f3943C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exeC:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe586a2d76-1038-11e5-8358-90e6babca255

Error: (06/11/2015 02:29:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: VDeck.exe7.3.0.304a695333VDeck.exe7.3.0.304a695333c000000500000000000280a0c2801d0a4424d9124c7C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exeC:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe8b5cb229-1035-11e5-8357-90e6babca255

Error: (06/11/2015 01:58:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: TS4.exe1.7.65.1020555636ecTS4.exe1.7.65.1020555636ecc000000500935be313bc01d0a43418e6624dC:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exeC:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe1ffbee72-1031-11e5-8357-90e6babca255

Error: (06/11/2015 00:37:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: VDeck.exe7.3.0.304a695333VDeck.exe7.3.0.304a695333c000000500000000000280a0130c01d0a432a08e3381C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exeC:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exede9c7e08-1025-11e5-8357-90e6babca255

Error: (06/11/2015 08:11:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_DiagTrack6.3.9600.1741554504177ntdll.dll6.3.9600.17736550f4336c000000d0000000000101e605c001d0a401e7e36867C:\Windows\System32\svchost.exeC:\Windows\SYSTEM32\ntdll.dlla3ae5c23-1000-11e5-8356-90e6babca255

Error: (06/11/2015 06:57:36 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: TS4.exe1.7.65.1020555636ecTS4.exe1.7.65.1020555636ecc000000500976c6afbc01d0a402c3f7de02C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exeC:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe6075dc2b-0ff6-11e5-8356-90e6babca255


CodeIntegrity Errors:
===================================
  Date: 2015-06-10 15:45:30.019
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-06-09 07:47:31.428
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-06-07 11:03:24.351
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-06-06 20:35:39.545
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-06-06 09:33:23.829
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-06-05 04:24:38.225
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-06-03 11:34:01.805
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-06-02 07:51:57.580
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-06-01 09:15:23.426
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-05-31 11:38:09.004
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7 CPU 860 @ 2.80GHz
Percentage of memory in use: 13%
Total physical RAM: 16382.05 MB
Available physical RAM: 14123.78 MB
Total Pagefile: 16382.05 MB
Available Pagefile: 14015.44 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB

==================== Drives ================================

Drive a: (Seagate 1TB) (Fixed) (Total:931.51 GB) (Free:507.25 GB) NTFS
Drive b: (Seagate 1000 GB) (Fixed) (Total:931.17 GB) (Free:855.79 GB) NTFS
Drive c: () (Fixed) (Total:111.79 GB) (Free:56.7 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (System-reserviert) (Fixed) (Total:0.34 GB) (Free:0.31 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: FE2675D4)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 76FCC84D)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.2 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 3FBF5176)
Partition 1: (Active) - (Size=111.8 GB) - (Type=07 NTFS)

==================== End of log ============================
--- --- ---

cosinus 11.06.2015 15:14
Bitte mit MBAR fortfahren:

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

m1ck3y 11.06.2015 15:49
Code:
Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
  main:    v2015.06.11.03
  rootkit: v2015.06.02.01

Windows 8.1 x64 NTFS
Internet Explorer 11.0.9600.17842
m1ck3y :: MICKEY [administrator]

11.06.2015 16:30:23
mbar-log-2015-06-11 (16-30-23).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 414294
Time elapsed: 16 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

cosinus 11.06.2015 21:31
Ich seh da zwar nix, aber machen wir mal ruhig das volle Waschprogramm:

Adware/Junkware/Toolbars entfernen

1. Schritt: Malwarebytes

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.




(alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop!)

2. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).



3. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




4. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


m1ck3y 14.06.2015 09:01
Hallo,

wollte mich noch einmal kurz zu Wort melden. Erst einmal wollte ich mich noch einmal bedanken für die schnelle und rasche Hilfe! Ihr seit echt Spitze und besonderer Dank geht an cosinus. DANKE.

Nach etwas längerer Recherche, da man zu den Dateien leider eher wenig im Internet findet, fand ich auf einer US Seite heraus das diese Dateien möglicherweise zu dem ASUS Express Gate gehören. Also hab ich dieses installiert, da es von mir eigentlich nicht gebraucht wird. Und nach einigen Neustarts und 2 Tagen weniger ist der dvmexp Ordner komplett weg, samt dem temp ordner mit den Dateien und die dvmexp.idx Datei auf C:

Wollte nur bescheid geben, damit es auch Leute wissen die vl. irgendwann einmal das "Problem" haben. Habe die letzten 4. Schritte dann nicht mehr durchgeführt, da du auch gesagt hast du siehst erst mal nix. Danke schön noch einmal.


Alle Zeitangaben in WEZ +1. Es ist jetzt 18:13 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19