FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-05-2015
Ran by Hirlak (administrator) on HIRLAK-PC on 01-06-2015 23:20:34
Running from C:\Users\Hirlak\Desktop
Loaded Profiles: Hirlak & (Available Profiles: Hirlak)
Platform: Microsoft Windows 7 Professional (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Egis Technology Inc.) C:\Program Files\Acer Bio Protection\CompPtcVUI.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Egis Technology Inc.) C:\Program Files\Acer Bio Protection\BASVC.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Egis Technology Inc.) C:\Program Files\Acer Bio Protection\PdtWzd.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Overwolf LTD) C:\Program Files\Overwolf\Overwolf.exe
(Valve Corporation) C:\Program Files\Steam\Steam.exe
(Egis Technology Inc.) C:\Program Files\Acer Bio Protection\PwdBank.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Valve Corporation) C:\Program Files\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Overwolf LTD) C:\Program Files\Common Files\Overwolf\0.85.190.0\OverwolfHelper.exe
(Overwolf LTD) C:\Program Files\Overwolf\0.85.190.0\Purplizer\Purplizer.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Avira Operations GmbH & Co. KG) C:\Users\Hirlak\AppData\Local\Temp\cleaner\avwebloader.exe
(Avira Operations GmbH & Co. KG) C:\Users\Hirlak\AppData\Local\Temp\cleaner\eucleaner\setup\cleaner.exe
(Avira Operations GmbH & Co. KG) C:\Users\Hirlak\AppData\Local\Temp\cleaner\eucleaner\setup\avscan.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-17] (Avast Software s.r.o.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8120864 2009-11-30] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [217088 2009-05-21] (Alps Electric Co., Ltd.)
HKLM\...\Run: [VitaKeyPdtWzd] => C:\Program Files\Acer Bio Protection\PdtWzd.exe [3567616 2009-09-05] (Egis Technology Inc.)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKU\S-1-5-21-717356552-2788057288-3721422200-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-717356552-2788057288-3721422200-1000\...\Run: [Overwolf] => C:\Program Files\Overwolf\Overwolf.exe [41200 2015-05-04] (Overwolf LTD)
HKU\S-1-5-21-717356552-2788057288-3721422200-1000\...\Run: [Steam] => C:\Program Files\Steam\steam.exe [2888384 2015-05-15] (Valve Corporation)
HKU\S-1-5-21-717356552-2788057288-3721422200-1000\...\Run: [Chromatic] => C:\Users\Hirlak\AppData\Local\Chromatic\application\chromatic.exe --restore-last-session
HKU\S-1-5-21-717356552-2788057288-3721422200-1000\...\Run: [WatchDog] => C:\Users\Hirlak\AppData\Local\wd\wd.exe
HKU\S-1-5-21-717356552-2788057288-3721422200-1000\...\Run: [Updater] => C:\Users\Hirlak\AppData\Local\Chromatic\Utils\Updater.exe
HKU\S-1-5-21-717356552-2788057288-3721422200-1000\...\MountPoints2: {11c4b831-eefd-11e3-aed3-70f395270a1a} - H:\setup.exe
HKU\S-1-5-21-717356552-2788057288-3721422200-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-717356552-2788057288-3721422200-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Overwolf] => C:\Program Files\Overwolf\Overwolf.exe [41200 2015-05-04] (Overwolf LTD)
HKU\S-1-5-21-717356552-2788057288-3721422200-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Steam] => C:\Program Files\Steam\steam.exe [2888384 2015-05-15] (Valve Corporation)
HKU\S-1-5-21-717356552-2788057288-3721422200-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Chromatic] => C:\Users\Hirlak\AppData\Local\Chromatic\application\chromatic.exe --restore-last-session
HKU\S-1-5-21-717356552-2788057288-3721422200-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [WatchDog] => C:\Users\Hirlak\AppData\Local\wd\wd.exe
HKU\S-1-5-21-717356552-2788057288-3721422200-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Updater] => C:\Users\Hirlak\AppData\Local\Chromatic\Utils\Updater.exe
HKU\S-1-5-21-717356552-2788057288-3721422200-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {11c4b831-eefd-11e3-aed3-70f395270a1a} - H:\setup.exe
Lsa: [Notification Packages] C:\Program Files\Acer Bio Protection\PwdFilter
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-05-17] (Avast Software s.r.o.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-717356552-2788057288-3721422200-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-717356552-2788057288-3721422200-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKU\S-1-5-21-717356552-2788057288-3721422200-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-717356552-2788057288-3721422200-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-717356552-2788057288-3721422200-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-717356552-2788057288-3721422200-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-04-22] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-06-16] (Oracle Corporation)
BHO: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files\Arc\Plugins\ArcPluginIE.dll [2015-05-14] (Perfect World Entertainment Inc)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-05-17] (Avast Software s.r.o.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-06-16] (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-04-14] (Microsoft Corporation)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF ProfilePath: C:\Users\Hirlak\AppData\Roaming\Mozilla\Firefox\Profiles\ex3d2wsc.default-1431814326853
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-05-17] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-02-20] ()
FF Plugin: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-06-16] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-06-16] (Oracle Corporation)
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-04-22] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files\Arc\Plugins\npArcPluginFF.dll [2015-05-14] (Perfect World Entertainment Inc)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF user.js: detected! => C:\Users\Hirlak\AppData\Roaming\Mozilla\Firefox\Profiles\ex3d2wsc.default-1431814326853\user.js [2015-06-01]
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-04-22] (Microsoft Corporation)
FF Extension: Adblock Plus - C:\Users\Hirlak\AppData\Roaming\Mozilla\Firefox\Profiles\ex3d2wsc.default-1431814326853\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-05-17]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-05-14]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2014-08-16]
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Hirlak\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Hirlak\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-01]
CHR Extension: (Google Docs) - C:\Users\Hirlak\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-14]
CHR Extension: (Google Drive) - C:\Users\Hirlak\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-14]
CHR Extension: (YouTube) - C:\Users\Hirlak\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-14]
CHR Extension: (Google Sheets) - C:\Users\Hirlak\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-01]
CHR Extension: (Avast Online Security) - C:\Users\Hirlak\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-06-01]
CHR Extension: (Amazon-Icon) - C:\Users\Hirlak\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkcedibhemacmilmkpndpkoidlnmgngg [2015-06-01]
CHR Extension: (Gmail) - C:\Users\Hirlak\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-14]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-05-17]
CHR HKLM\...\Chrome\Extension: [mkcedibhemacmilmkpndpkoidlnmgngg] - C:\Users\Hirlak\ChromeExtensions\mkcedibhemacmilmkpndpkoidlnmgngg\amazon.crx [2014-05-15]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 ArcService; C:\Program Files\Arc\ArcService.exe [88400 2015-05-14] (Perfect World Entertainment Inc)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-17] (Avast Software s.r.o.)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [107448 2015-05-17] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3207800 2015-05-17] (Avast Software)
R2 IGBASVC; C:\Program Files\Acer Bio Protection\BASVC.exe [3450368 2009-09-05] (Egis Technology Inc.) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 OverwolfUpdater; C:\Program Files\Overwolf\OverwolfUpdater.exe [999152 2015-05-04] (Overwolf LTD)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2015-05-17] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [26096 2015-05-17] (Avast Software s.r.o.)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [74976 2015-05-17] (Avast Software s.r.o.)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [271248 2015-05-17] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81728 2015-05-17] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49904 2015-05-17] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787760 2015-05-17] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427992 2015-05-17] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [106912 2015-05-17] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [209048 2015-05-17] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [243128 2014-06-08] (Disc Soft Ltd)
R2 FPSensor; C:\Windows\System32\Drivers\FPSensor.sys [29744 2015-05-17] (EgisTec)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-06-01] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220752 2015-05-17] (Avast Software)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-01 23:17 - 2015-06-01 23:19 - 00037276 _____ () C:\Users\Hirlak\Desktop\Addition.txt
2015-06-01 23:13 - 2015-06-01 23:20 - 00017043 _____ () C:\Users\Hirlak\Desktop\FRST.txt
2015-06-01 23:09 - 2015-06-01 23:20 - 00000000 ____D () C:\FRST
2015-06-01 22:57 - 2015-06-01 22:59 - 01147392 _____ (Farbar) C:\Users\Hirlak\Desktop\FRST.exe
2015-06-01 22:48 - 2015-06-01 22:48 - 00002245 _____ () C:\Users\Hirlak\Desktop\Chrome App Launcher.lnk
2015-06-01 22:48 - 2015-06-01 22:48 - 00000000 ____D () C:\Users\Hirlak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-06-01 22:08 - 2015-06-01 22:08 - 00000000 _____ () C:\Users\Hirlak\Downloads\Nicht bestätigt 662887.crdownload
2015-06-01 21:35 - 2015-06-01 21:35 - 00001990 _____ () C:\Users\Hirlak\Desktop\Entfernen des Avira EU-Cleaners.lnk
2015-06-01 21:35 - 2015-06-01 21:35 - 00001934 _____ () C:\Users\Hirlak\Desktop\Avira EU-Cleaner.lnk
2015-06-01 20:24 - 2015-06-01 20:24 - 02209056 _____ () C:\Users\Hirlak\Downloads\avira-eu-cleaner_de.exe
2015-06-01 20:23 - 2015-06-01 20:23 - 50811104 _____ (Microsoft Corporation) C:\Users\Hirlak\Downloads\Windows-KB890830-V5.24.exe
2015-06-01 20:00 - 2015-06-01 22:34 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-01 19:58 - 2015-06-01 19:58 - 00001060 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-01 19:58 - 2015-06-01 19:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-01 19:58 - 2015-06-01 19:58 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-06-01 19:58 - 2015-06-01 19:58 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-06-01 19:58 - 2015-04-14 09:37 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-01 19:58 - 2015-04-14 09:37 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-01 19:58 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-06-01 19:57 - 2015-06-01 19:57 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Hirlak\Downloads\mbam-setup-2.1.6.1022.exe
2015-06-01 19:16 - 2015-06-01 19:16 - 00000000 ____D () C:\temp
2015-06-01 19:14 - 2015-06-01 19:14 - 00000000 ____D () C:\ProgramData\4217751947255792026
2015-06-01 19:13 - 2015-06-01 19:29 - 00000000 ____D () C:\ProgramData\{ed808204-444d-0ab0-ed80-082044440811}
2015-06-01 19:10 - 2015-06-01 19:10 - 01285176 _____ (Alcpu ) C:\Users\Hirlak\Downloads\Core-Temp-installer.exe
2015-05-31 21:39 - 2015-05-31 21:39 - 00000000 ____D () C:\ProgramData\Samsung
2015-05-31 21:38 - 2015-05-31 21:38 - 00002069 _____ () C:\Users\Public\Desktop\Smart Switch.lnk
2015-05-31 21:38 - 2015-05-31 21:38 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log
2015-05-31 21:38 - 2015-05-31 21:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2015-05-31 21:37 - 2015-05-31 21:43 - 00000000 ____D () C:\Users\Hirlak\AppData\Roaming\Samsung
2015-05-31 21:37 - 2015-05-31 21:37 - 00000000 ____D () C:\Program Files\Samsung
2015-05-31 21:37 - 2015-04-23 10:08 - 00144664 _____ (MAPILab Ltd. & Add-in Express Ltd.) C:\Windows\system32\secman.dll
2015-05-31 21:35 - 2015-05-31 21:36 - 38854416 _____ (Samsung Electronics Co., Ltd.) C:\Users\Hirlak\Downloads\Smart_Switch_PC.exe
2015-05-31 16:41 - 2015-05-31 16:41 - 00000000 ____D () C:\Users\Hirlak\AppData\Local\Steam
2015-05-31 16:38 - 2015-06-01 22:31 - 00000000 ____D () C:\Program Files\Steam
2015-05-31 16:38 - 2015-06-01 14:52 - 00000000 ____D () C:\Program Files\Common Files\Steam
2015-05-31 16:38 - 2015-05-31 16:38 - 00000921 _____ () C:\Users\Public\Desktop\Steam.lnk
2015-05-31 16:38 - 2015-05-31 16:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2015-05-31 16:37 - 2015-05-31 16:38 - 01142128 _____ () C:\Users\Hirlak\Downloads\SteamSetup.exe
2015-05-31 16:29 - 2015-05-31 16:29 - 00000000 ____D () C:\Windows\system32\savegame
2015-05-31 16:29 - 2015-05-31 16:29 - 00000000 ____D () C:\Windows\system32\mods
2015-05-31 16:27 - 2015-05-31 16:27 - 00001563 _____ () C:\Users\Hirlak\Desktop\aomx - Verknüpfung.lnk
2015-05-31 16:24 - 2015-05-31 16:24 - 00000914 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Age of Mythology Extended Edition.lnk
2015-05-31 16:17 - 2015-06-01 17:28 - 00000000 ____D () C:\Program Files\Age of Mythology Extended Edition
2015-05-31 16:10 - 2014-08-18 17:05 - 00000000 ____D () C:\Users\Hirlak\Desktop\Crack 1.9
2015-05-31 16:10 - 2014-08-14 23:08 - 23233713 _____ () C:\Users\Hirlak\Desktop\Age of Mythology EE Update 1.9-1.bin
2015-05-31 16:10 - 2014-08-14 23:08 - 00687394 _____ ( ) C:\Users\Hirlak\Desktop\Age of Mythology EE Update 1.9.exe
2015-05-31 16:05 - 2015-05-31 16:08 - 26951257 _____ () C:\Users\Hirlak\Downloads\A5geoMyth7ologyExtEdUpd1.9-elamigos.rar
2015-05-31 15:53 - 2015-05-31 15:53 - 00000000 ____D () C:\ProgramData\Package Cache
2015-05-31 15:52 - 2015-05-31 15:52 - 06554576 _____ (Microsoft Corporation) C:\Users\Hirlak\Downloads\vcredist_x86.exe
2015-05-31 15:30 - 2015-05-31 15:30 - 00000000 ____D () C:\Windows\system32\appmgmt
2015-05-31 15:25 - 2015-05-31 15:28 - 27920637 _____ () C:\Users\Hirlak\Downloads\738fc9e4b1b2a46334534975bd254f79.rar
2015-05-31 15:25 - 2015-05-31 15:25 - 00638976 _____ () C:\Users\Hirlak\Downloads\Detection.msi
2015-05-31 15:16 - 2014-05-09 12:39 - 00000000 ____D () C:\Users\Hirlak\Desktop\Age.of.Mythology.Extended.Edition-RELOADED
2015-05-31 14:58 - 2015-05-31 14:58 - 00098906 _____ () C:\Users\Hirlak\Downloads\9052.nzb.gz
2015-05-30 20:19 - 2015-05-30 20:19 - 00000000 ____D () C:\Users\Hirlak\Documents\My Games
2015-05-28 21:30 - 2015-05-28 21:30 - 00000000 ____D () C:\aa0c516e50ce26ce47e8fb
2015-05-26 01:42 - 2015-05-26 01:42 - 00000000 ____D () C:\ProgramData\boost_interprocess
2015-05-26 01:41 - 2015-05-26 01:41 - 04156991 _____ () C:\Users\Hirlak\Downloads\teamspeak3-server_win32-3.0.11.3 (1).zip
2015-05-25 21:29 - 2015-05-25 21:31 - 00000000 ____D () C:\Program Files\Heroes of the Storm
2015-05-25 21:24 - 2015-05-25 21:29 - 00000000 ____D () C:\Users\Hirlak\AppData\Local\Battle.net
2015-05-25 21:24 - 2015-05-25 21:28 - 00000000 ____D () C:\Users\Hirlak\AppData\Roaming\Battle.net
2015-05-25 21:24 - 2015-05-25 21:24 - 00001076 _____ () C:\Users\Public\Desktop\Battle.net.lnk
2015-05-25 21:24 - 2015-05-25 21:24 - 00000000 ____D () C:\Users\Hirlak\AppData\Local\Blizzard Entertainment
2015-05-25 21:24 - 2015-05-25 21:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2015-05-25 21:24 - 2015-05-25 21:24 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2015-05-25 21:24 - 2015-05-25 21:24 - 00000000 ____D () C:\Program Files\Battle.net
2015-05-25 21:22 - 2015-05-25 21:23 - 00000000 ____D () C:\ProgramData\Battle.net
2015-05-25 21:21 - 2015-05-25 21:22 - 03081784 _____ (Blizzard Entertainment) C:\Users\Hirlak\Downloads\Heroes-of-the-Storm-Setup-deDE.exe
2015-05-25 12:51 - 2015-05-25 12:51 - 02403211 _____ () C:\Users\Hirlak\Downloads\brennstoffzelle fertig.pptx
2015-05-25 12:47 - 2014-11-16 18:37 - 02403211 _____ () C:\Users\Hirlak\Desktop\brennstoffzelle fertig.pptx
2015-05-25 03:02 - 2015-05-25 03:02 - 00000000 ____D () C:\b50bb291b111ff5286d199ebe1f2
2015-05-23 23:15 - 2015-05-23 23:16 - 04156991 _____ () C:\Users\Hirlak\Downloads\teamspeak3-server_win32-3.0.11.3.zip
2015-05-22 21:51 - 2015-05-22 21:51 - 00000000 ____D () C:\df51801b649c1a7e529faeea3e017a1a
2015-05-20 17:33 - 2015-05-20 17:33 - 00000000 ____D () C:\860af8b53ba675ac25b09d5d2ae17c
2015-05-19 21:51 - 2015-05-19 21:51 - 00586768 _____ () C:\Windows\Minidump\051915-26379-01.dmp
2015-05-19 21:51 - 2015-05-19 21:51 - 00000000 ____D () C:\Windows\Minidump
2015-05-19 21:50 - 2015-05-19 21:50 - 314921584 _____ () C:\Windows\MEMORY.DMP
2015-05-18 14:21 - 2015-05-18 14:36 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-18 14:21 - 2015-04-30 10:07 - 137310008 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-18 14:02 - 2015-05-18 14:02 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-05-18 14:02 - 2015-05-18 14:02 - 00000000 ____D () C:\Windows\system32\appraiser
2015-05-18 00:18 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2015-05-18 00:18 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2015-05-18 00:18 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2015-05-18 00:18 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2015-05-18 00:18 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2015-05-18 00:18 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2015-05-18 00:18 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2015-05-18 00:18 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2015-05-18 00:18 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2015-05-18 00:18 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2015-05-18 00:18 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2015-05-18 00:18 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2015-05-18 00:18 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2015-05-18 00:18 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2015-05-18 00:18 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2015-05-18 00:18 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2015-05-18 00:18 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2015-05-18 00:18 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2015-05-18 00:18 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2015-05-18 00:18 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2015-05-18 00:18 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2015-05-18 00:18 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2015-05-18 00:18 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2015-05-18 00:18 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2015-05-18 00:18 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2015-05-18 00:18 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2015-05-18 00:18 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2015-05-18 00:18 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2015-05-18 00:18 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2015-05-18 00:18 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2015-05-18 00:18 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2015-05-18 00:18 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2015-05-18 00:18 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2015-05-18 00:18 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2015-05-18 00:18 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2015-05-18 00:18 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2015-05-18 00:18 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2015-05-18 00:18 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2015-05-18 00:18 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2015-05-18 00:18 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2015-05-18 00:18 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2015-05-18 00:18 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2015-05-18 00:18 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2015-05-18 00:18 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2015-05-18 00:18 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2015-05-18 00:18 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2015-05-18 00:18 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2015-05-18 00:18 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2015-05-18 00:18 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2015-05-18 00:18 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2015-05-18 00:18 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2015-05-18 00:18 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2015-05-18 00:18 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2015-05-18 00:18 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2015-05-18 00:18 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2015-05-18 00:18 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2015-05-18 00:18 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2015-05-18 00:18 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2015-05-18 00:18 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2015-05-18 00:18 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2015-05-18 00:18 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2015-05-18 00:18 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2015-05-18 00:18 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2015-05-18 00:18 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2015-05-18 00:18 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2015-05-18 00:18 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2015-05-18 00:18 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2015-05-18 00:18 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2015-05-18 00:18 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2015-05-18 00:18 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2015-05-18 00:18 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2015-05-18 00:18 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2015-05-18 00:18 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2015-05-18 00:18 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2015-05-18 00:18 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2015-05-18 00:18 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2015-05-18 00:18 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2015-05-18 00:18 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2015-05-18 00:18 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2015-05-18 00:18 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2015-05-18 00:18 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2015-05-18 00:18 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2015-05-18 00:18 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2015-05-18 00:18 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2015-05-18 00:18 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2015-05-18 00:18 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2015-05-18 00:17 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2015-05-18 00:17 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2015-05-18 00:17 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2015-05-18 00:17 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2015-05-18 00:17 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2015-05-17 23:14 - 2015-05-25 22:58 - 00000000 ____D () C:\Program Files\Neverwinter_de
2015-05-17 20:38 - 2015-05-29 15:33 - 00000161 _____ () C:\Users\Hirlak\Desktop\real.txt
2015-05-17 20:26 - 2015-05-17 23:37 - 00000000 ___HD () C:\ArcTemp
2015-05-17 20:20 - 2015-05-25 12:54 - 00000000 ____D () C:\Program Files\Arc
2015-05-17 20:20 - 2015-05-21 20:00 - 00000000 ____D () C:\Users\Hirlak\AppData\Roaming\Arc
2015-05-17 20:20 - 2015-05-17 23:37 - 00001875 _____ () C:\Users\Public\Desktop\Neverwinter.lnk
2015-05-17 20:20 - 2015-05-17 23:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Perfect World Entertainment
2015-05-17 20:20 - 2015-05-17 20:20 - 00001546 _____ () C:\Users\Public\Desktop\Arc.lnk
2015-05-17 20:20 - 2015-05-17 20:20 - 00000000 ____D () C:\Users\Public\Documents\Arc
2015-05-17 20:18 - 2015-05-17 20:18 - 00996688 _____ (Perfect World Entertainment) C:\Users\Hirlak\Downloads\Neverwinter_ArcSetup.exe
2015-05-17 20:18 - 2015-05-17 20:18 - 00000000 ____D () C:\Users\Hirlak\Downloads\Log
2015-05-17 20:18 - 2015-05-07 23:28 - 10480240 _____ (Perfect World Entertainment) C:\Users\Hirlak\Downloads\ArcInstall_NW_20150430a.exe
2015-05-17 18:47 - 2015-03-23 03:36 - 00860160 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-05-17 18:47 - 2015-03-23 03:36 - 00630784 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-05-17 18:47 - 2015-03-23 03:36 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-05-17 18:47 - 2015-03-23 03:36 - 00331264 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-05-17 18:47 - 2015-03-23 03:35 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-05-17 18:47 - 2015-03-23 03:35 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-05-17 18:47 - 2015-03-23 03:30 - 00896000 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-05-17 18:47 - 2015-01-28 01:28 - 01167520 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-05-17 18:47 - 2014-12-04 04:20 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-05-17 15:31 - 2015-05-17 15:31 - 05676608 _____ () C:\Users\Hirlak\Downloads\QuestHelper3.3.5.rar
2015-05-17 15:26 - 2015-05-17 15:27 - 00216934 _____ () C:\Users\Hirlak\Downloads\GearScore.zip
2015-05-17 15:26 - 2015-05-17 15:26 - 00007638 _____ () C:\Users\Hirlak\Downloads\GearScoreLite3x04.zip
2015-05-17 15:23 - 2015-05-17 15:23 - 00001113 _____ () C:\Users\Hirlak\Desktop\Wow - Verknüpfung.lnk
2015-05-17 14:14 - 2015-05-17 14:14 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-05-17 13:50 - 2015-05-26 15:42 - 00000000 ____D () C:\Users\Hirlak\Desktop\World of Warcraft 3.3.5.a
2015-05-17 13:50 - 2012-04-02 19:52 - 00000000 ____D () C:\Users\Hirlak\Desktop\World.of.Warcraft3.3.5a.FULL
2015-05-17 13:37 - 2009-09-03 15:18 - 00490088 _____ (NVIDIA Corporation) C:\Windows\system32\nvuninst.exe
2015-05-17 13:35 - 2009-07-28 18:56 - 10387456 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv32.dll
2015-05-17 13:35 - 2009-07-28 18:56 - 09791552 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-05-17 13:35 - 2009-07-28 18:56 - 07627776 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dum.dll
2015-05-17 13:35 - 2009-07-28 18:56 - 03156480 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2um.dll
2015-05-17 13:35 - 2009-07-28 18:56 - 01705984 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-05-17 13:35 - 2009-07-28 18:56 - 01530400 _____ (NVIDIA Corporation) C:\Windows\system32\nvencodemft.dll
2015-05-17 13:35 - 2009-07-28 18:56 - 01317408 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2015-05-17 13:35 - 2009-07-28 18:56 - 00991744 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi.dll
2015-05-17 13:35 - 2009-07-28 18:56 - 00795104 _____ (Microsoft Corporation) C:\Windows\system32\dpinst.exe
2015-05-17 13:35 - 2009-07-28 18:56 - 00678432 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-05-17 13:35 - 2009-07-28 18:56 - 00485920 _____ (NVIDIA Corporation) C:\Windows\system32\nvudisp.exe
2015-05-17 13:35 - 2009-07-28 18:56 - 00256544 _____ (NVIDIA Corporation) C:\Windows\system32\nvdecodemft.dll
2015-05-17 13:35 - 2009-07-28 18:56 - 00155648 _____ (NVIDIA Corporation) C:\Windows\system32\nvcod1510.dll
2015-05-17 13:35 - 2009-07-28 18:56 - 00155648 _____ (NVIDIA Corporation) C:\Windows\system32\nvcod.dll
2015-05-17 13:35 - 2009-07-28 18:56 - 00010155 _____ () C:\Windows\system32\nvdisp.nvu
2015-05-17 13:35 - 2009-07-28 18:56 - 00004224 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvBridge.kmd
2015-05-17 13:35 - 2009-05-01 10:13 - 00064032 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda32v.sys
2015-05-17 13:35 - 2009-05-01 10:13 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\nvhdap32.dll
2015-05-17 13:35 - 2009-04-26 22:02 - 00457248 _____ (NVIDIA Corporation) C:\Windows\system32\nvuhda.exe
2015-05-17 13:35 - 2009-04-26 22:02 - 00143360 _____ (NVIDIA Corporation) C:\Windows\system32\nvcohda.dll
2015-05-17 13:35 - 2009-04-26 21:59 - 00001407 _____ () C:\Windows\system32\nvhda.nvu
2015-05-17 13:31 - 2015-05-17 13:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2015-05-17 13:30 - 2015-05-17 13:31 - 00000000 ____D () C:\Program Files\Acer Bio Protection
2015-05-17 13:30 - 2015-05-17 13:30 - 00469552 _____ (EgisTec) C:\Windows\system32\NBMatS1SDK.dll
2015-05-17 13:29 - 2015-05-17 13:29 - 00029744 _____ (EgisTec) C:\Windows\system32\Drivers\FPSensor.sys
2015-05-17 13:26 - 2015-05-17 13:26 - 00005540 _____ () C:\Windows\DPINST.LOG
2015-05-17 13:26 - 2015-05-17 13:26 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_Apfiltr_01007.Wdf
2015-05-17 13:26 - 2015-05-17 13:26 - 00000000 ____D () C:\Program Files\Apoint2K
2015-05-17 13:25 - 2009-05-24 19:50 - 00203824 _____ (Alps Electric Co., Ltd.) C:\Windows\system32\Drivers\Apfiltr.sys
2015-05-17 13:25 - 2009-05-08 14:47 - 00108606 _____ (Alps Electric Co., Ltd.) C:\Windows\system32\Vxdif.dll
2015-05-17 13:25 - 2008-03-27 17:49 - 01112288 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01007.dll
2015-05-17 13:24 - 2015-05-17 13:28 - 177538108 _____ () C:\Users\Hirlak\Downloads\VGA_NVIDIA_8.15.11.8652_W7x86W7x64_A.zip
2015-05-17 13:24 - 2015-05-17 13:26 - 106587892 _____ () C:\Users\Hirlak\Downloads\Fingerprint_EGISTEC_6.2.56_W7x64W7x86_A.zip
2015-05-17 13:24 - 2015-05-17 13:25 - 08853222 _____ () C:\Users\Hirlak\Downloads\TouchPad_ALPS_7.5.2015.1103_W7x64W7x86_A.zip
2015-05-17 13:01 - 2015-05-17 13:02 - 12415994 _____ () C:\Users\Hirlak\Downloads\MugiwarasNewWorldBT_TW7-DESKANIME.NET.zip
2015-05-17 12:25 - 2015-06-01 22:33 - 00000000 ____D () C:\Users\Hirlak\AppData\Local\Purplizer
2015-05-17 12:18 - 2015-05-26 01:51 - 00000000 ____D () C:\Users\Hirlak\AppData\Roaming\TS3Client
2015-05-17 12:18 - 2015-05-17 12:18 - 00001120 _____ () C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2015-05-17 12:18 - 2015-05-17 12:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2015-05-17 12:17 - 2015-05-17 12:18 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client
2015-05-17 12:15 - 2015-05-17 12:23 - 00000000 ____D () C:\ProgramData\Overwolf
2015-05-17 12:15 - 2015-05-17 12:15 - 00001915 _____ () C:\Users\Public\Desktop\Overwolf.lnk
2015-05-17 12:15 - 2015-05-17 12:15 - 00000000 ____D () C:\Users\Hirlak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Overwolf
2015-05-17 12:15 - 2015-05-17 12:15 - 00000000 ____D () C:\Program Files\Overwolf
2015-05-17 12:15 - 2015-05-17 12:15 - 00000000 ____D () C:\Program Files\Common Files\Overwolf
2015-05-17 12:13 - 2015-06-01 22:32 - 00000000 ____D () C:\Users\Hirlak\AppData\Local\Overwolf
2015-05-17 02:19 - 2015-05-17 09:51 - 00000000 ____D () C:\Users\Hirlak\AppData\Local\FluxSoftware
2015-05-17 01:22 - 2015-05-17 13:50 - 324003183 _____ () C:\Users\Hirlak\Downloads\World.of.Warcraft3.3.5a.rar
2015-05-17 01:12 - 2015-05-17 01:12 - 00000000 ____D () C:\Windows\system32\vbox
2015-05-17 01:02 - 2015-03-19 04:57 - 03963320 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-05-17 01:02 - 2015-03-19 04:57 - 03908024 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-17 01:01 - 2015-05-17 01:01 - 00000000 ____D () C:\Users\Hirlak\Desktop\Windows Loader2.0.0
2015-05-17 01:01 - 2011-04-07 10:07 - 00002692 _____ () C:\Users\Hirlak\Desktop\--OKU KURULUM--( ANLEITUNG ).txt
2015-05-17 00:59 - 2015-05-17 00:59 - 00000000 ____D () C:\5470cae9f014433e6faddecb8e
2015-05-17 00:57 - 2015-05-17 00:57 - 00000000 ____D () C:\Windows\CheckSur
2015-05-17 00:39 - 2015-05-17 00:39 - 00000000 ____D () C:\Windows\system32\RTCOM
2015-05-17 00:38 - 2015-05-17 00:38 - 00000000 ____D () C:\Program Files\Realtek
2015-05-17 00:38 - 2009-11-30 21:46 - 02795552 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO.dll
2015-05-17 00:38 - 2009-11-30 21:46 - 01538592 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkPgExt.dll
2015-05-17 00:38 - 2009-11-30 21:46 - 00551456 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSndMgr.cpl
2015-05-17 00:38 - 2009-11-30 21:46 - 00354848 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApoApi.dll
2015-05-17 00:38 - 2009-11-30 21:46 - 00055328 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoInst.dll
2015-05-17 00:38 - 2009-11-30 21:32 - 02968480 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHDA.sys
2015-05-17 00:38 - 2009-11-24 10:55 - 00345328 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSXT.dll
2015-05-17 00:38 - 2009-11-24 10:55 - 00185584 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSHD.dll
2015-05-17 00:38 - 2009-11-24 10:55 - 00173296 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP360.dll
2015-05-17 00:38 - 2009-11-24 10:55 - 00140528 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW.dll
2015-05-17 00:38 - 2009-11-19 14:45 - 00001352 _____ () C:\Windows\system32\Drivers\RtHdatEx.dat
2015-05-17 00:38 - 2009-11-19 14:44 - 00231056 _____ () C:\Windows\system32\Drivers\RTConvEQ.dat
2015-05-17 00:38 - 2009-11-18 19:42 - 01938704 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ.dll
2015-05-17 00:38 - 2009-11-18 19:42 - 01783056 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesLib.dll
2015-05-17 00:38 - 2009-11-18 19:42 - 00311568 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2015-05-17 00:38 - 2009-11-17 19:13 - 00096160 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTARen.dll
2015-05-17 00:38 - 2009-11-17 19:10 - 00146336 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTACap.dll
2015-05-17 00:38 - 2009-11-13 16:16 - 00348160 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP32A.dll
2015-05-17 00:38 - 2009-11-13 16:16 - 00165376 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED32A.dll
2015-05-17 00:38 - 2009-11-13 16:16 - 00073216 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL32A.dll
2015-05-17 00:38 - 2009-11-13 16:16 - 00059392 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG32A.dll
2015-05-17 00:38 - 2009-10-30 19:56 - 00290816 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO.dll
2015-05-17 00:38 - 2009-03-09 06:32 - 00290304 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT32.dll
2015-05-17 00:38 - 2009-03-09 06:30 - 00290304 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA32.dll
2015-05-17 00:38 - 2008-11-17 23:07 - 00000520 _____ () C:\Windows\system32\Drivers\RTEQEX0.dat
2015-05-17 00:38 - 2008-08-21 13:43 - 00000520 _____ () C:\Windows\system32\Drivers\RTEQEX2.dat
2015-05-17 00:38 - 2007-07-30 18:26 - 00126976 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO.dll
2015-05-17 00:38 - 2007-07-13 14:11 - 00000008 _____ () C:\Windows\system32\Drivers\rtkhdaud.dat
2015-05-17 00:38 - 2005-06-27 05:29 - 00000520 _____ () C:\Windows\system32\Drivers\RTEQEX1.dat
2015-05-17 00:37 - 2015-05-17 00:47 - 00000000 ___HD () C:\Program Files\Temp
2015-05-17 00:37 - 2009-11-24 18:40 - 00838176 _____ (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
2015-05-17 00:33 - 2015-05-17 00:33 - 00002063 _____ () C:\Users\Public\Desktop\Avast SafeZone.lnk
2015-05-17 00:33 - 2015-05-17 00:33 - 00002003 _____ () C:\Users\Public\Desktop\Avast Internet Security.lnk
2015-05-17 00:33 - 2015-05-17 00:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-05-17 00:29 - 2015-05-17 00:25 - 00291312 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-05-17 00:25 - 2015-05-17 00:25 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-05-17 00:21 - 2015-05-17 00:21 - 00271248 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswNdisFlt.sys
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-01 23:13 - 2014-05-20 00:30 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-01 22:42 - 2014-05-14 22:22 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-01 22:34 - 2014-05-13 21:28 - 01894703 _____ () C:\Windows\WindowsUpdate.log
2015-06-01 22:29 - 2014-05-14 22:22 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-01 22:28 - 2014-05-20 11:17 - 00020996 _____ () C:\Windows\setupact.log
2015-06-01 22:28 - 2014-05-14 15:10 - 00133990 _____ () C:\Windows\PFRO.log
2015-06-01 22:28 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-06-01 22:26 - 2009-07-14 06:34 - 00010032 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-01 22:26 - 2009-07-14 06:34 - 00010032 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-01 19:56 - 2014-05-14 22:22 - 00002121 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-01 19:56 - 2014-05-14 13:27 - 00001117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-06-01 19:56 - 2014-05-14 13:27 - 00001105 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-06-01 19:56 - 2014-05-13 21:29 - 00001409 _____ () C:\Users\Hirlak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-06-01 19:23 - 2009-07-14 04:04 - 00000580 _____ () C:\Windows\win.ini
2015-05-31 21:37 - 2014-05-15 17:02 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-05-31 15:37 - 2014-05-13 21:31 - 06649824 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-31 15:37 - 2009-07-30 14:43 - 00679342 _____ () C:\Windows\system32\prfh0816.dat
2015-05-31 15:37 - 2009-07-30 14:43 - 00133752 _____ () C:\Windows\system32\prfc0816.dat
2015-05-31 15:37 - 2009-07-30 14:37 - 00691192 _____ () C:\Windows\system32\perfh013.dat
2015-05-31 15:37 - 2009-07-30 14:37 - 00132940 _____ () C:\Windows\system32\perfc013.dat
2015-05-31 15:37 - 2009-07-30 14:31 - 00689108 _____ () C:\Windows\system32\perfh010.dat
2015-05-31 15:37 - 2009-07-30 14:31 - 00127144 _____ () C:\Windows\system32\perfc010.dat
2015-05-31 15:30 - 2009-07-14 06:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-05-31 15:30 - 2009-07-14 04:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-05-29 01:50 - 2014-05-15 17:02 - 00000265 _____ () C:\Windows\Brownie.ini
2015-05-25 16:50 - 2014-05-13 21:29 - 00000000 ____D () C:\Users\Hirlak
2015-05-24 11:32 - 2014-05-14 13:58 - 00111912 _____ () C:\Users\Hirlak\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-19 21:13 - 2014-06-08 23:38 - 00000000 ____D () C:\Users\Hirlak\AppData\Roaming\vlc
2015-05-19 12:00 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\AppCompat
2015-05-18 14:15 - 2014-05-14 15:27 - 00000000 ___RD () C:\Users\Hirlak\Desktop\Microsoft Office 2013
2015-05-18 00:18 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-05-17 15:08 - 2014-05-13 21:29 - 00000000 ____D () C:\Users\Hirlak\AppData\Local\VirtualStore
2015-05-17 14:12 - 2009-07-14 06:33 - 00434472 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-17 14:06 - 2014-05-13 21:29 - 00000000 ___RD () C:\Users\Hirlak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-05-17 13:37 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Help
2015-05-17 13:03 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Resources
2015-05-17 09:48 - 2014-08-16 16:49 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-05-17 01:58 - 2014-05-20 01:02 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-05-17 01:56 - 2014-05-14 15:22 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-17 00:28 - 2014-05-14 15:14 - 00106912 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
2015-05-17 00:28 - 2014-05-14 15:14 - 00024144 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-05-17 00:28 - 2014-05-14 14:01 - 00427992 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
2015-05-17 00:28 - 2014-05-14 14:01 - 00209048 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-05-17 00:28 - 2014-05-14 14:01 - 00081728 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
2015-05-17 00:28 - 2014-05-14 14:01 - 00074976 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-05-17 00:28 - 2014-05-14 14:01 - 00049904 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-05-17 00:24 - 2014-05-14 14:01 - 00787760 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-05-17 00:24 - 2014-05-14 14:00 - 00026096 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswKbd.sys
2015-05-17 00:13 - 2014-05-20 00:30 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-05-17 00:13 - 2014-05-20 00:30 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
==================== Files in the root of some directories =======
2014-06-14 03:31 - 2014-06-14 03:31 - 0000000 _____ () C:\Users\Hirlak\AppData\Local\{6375F0CF-D101-49E1-9C1E-B8798E87324D}
Some files in TEMP:
====================
C:\Users\Hirlak\AppData\Local\Temp\ChromaticSetup_v1.1.exe
C:\Users\Hirlak\AppData\Local\Temp\utils.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-05-26 17:57
==================== End of log ============================
Addition Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 29-05-2015
Ran by Hirlak at 2015-06-01 23:25:54
Running from C:\Users\Hirlak\Desktop
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-717356552-2788057288-3721422200-500 - Administrator - Disabled)
Gast (S-1-5-21-717356552-2788057288-3721422200-501 - Limited - Disabled)
Hirlak (S-1-5-21-717356552-2788057288-3721422200-1000 - Administrator - Enabled) => C:\Users\Hirlak
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Acer Bio Protection (HKLM\...\InstallShield_{E09664BB-BB08-45FA-87D1-33EAB0E017F5}) (Version: 6.2.56 - Egis Technology Inc.)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Age of Mythology: Extended Edition Update v1.9 (HKLM\...\QWdlb2ZNeXRob2xvZ3lFeHRlbmRlZEVkaXRpb24=_is1) (Version: 1 - )
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.5.2015.1103 - Alps Electric)
Apple Application Support (HKLM\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Arc (HKLM\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.9668 - Perfect World Entertainment)
Avast Internet Security (HKLM\...\Avast) (Version: 10.2.2218 - AVAST Software)
Battle.net (HKLM\...\Battle.net) (Version: - Blizzard Entertainment)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.60.350.6 - Broadcom Corporation)
Brother HL-2030 (HKLM\...\{550AC66D-DDF9-497E-A9C1-CD5E07E4B89B}) (Version: 1.00 - Brother)
Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Die Sims 2 Gold v1.0 (HKLM\...\Die Sims 2 Gold_is1) (Version: - Maxis)
ElsterFormular (HKLM\...\ElsterFormular) (Version: 15.2.20140326 - Landesfinanzdirektion Thüringen)
Fingerprint Solution (Version: 6.1.56.0 - Egis Technology Inc.) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.)
Google Update Helper (Version: 1.3.25.5 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.27.5 - Google Inc.) Hidden
iTunes (HKLM\...\{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x86) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 38.0.1 (x86 de) (HKLM\...\Mozilla Firefox 38.0.1 (x86 de)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.3 - NVIDIA Corporation)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Overwolf (HKLM\...\Overwolf) (Version: 0.85.190.0 - Overwolf Ltd.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5992 - Realtek Semiconductor Corp.)
Smart Switch (HKLM\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.0.15044.7 - Samsung Electronics Co., Ltd.)
Smart Switch (Version: 4.0.15044.7 - Samsung Electronics Co., Ltd.) Hidden
Steam (HKLM\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Update for Skype for Business 2015 (KB2889853) 32-Bit Edition (HKLM\...\{90150000-012B-0407-0000-0000000FF1CE}_Office15.PROPLUS_{0C5B0539-7EDE-4297-947E-48890971B557}) (Version: - Microsoft)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WinRAR 5.10 beta 4 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.4 - win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Restore Points =========================
10-08-2014 21:41:12 Windows Update
10-08-2014 22:54:10 Windows Update
16-08-2014 16:55:31 Windows Update
16-08-2014 17:35:08 Windows Update
19-08-2014 21:28:26 Windows Update
19-08-2014 22:47:31 Windows Update
01-11-2014 21:15:55 Windows Update
17-05-2015 01:11:52 Windows Update
17-05-2015 01:14:08 Windows Update
17-05-2015 09:52:39 Windows Update
17-05-2015 13:29:04 Installiert Fingerprint Solution
17-05-2015 20:19:32 Installiert Arc
18-05-2015 00:16:16 DirectX wurde installiert
18-05-2015 01:32:35 Windows Update
18-05-2015 14:19:22 Windows Update
18-05-2015 15:12:20 Windows Update
19-05-2015 03:00:27 Windows Update
20-05-2015 02:14:17 Windows Update
20-05-2015 16:25:16 Windows Update
20-05-2015 17:33:01 Windows Update
21-05-2015 21:19:44 Windows Update
22-05-2015 21:50:57 Windows Update
23-05-2015 13:24:47 Windows Update
23-05-2015 13:36:07 Windows Update
23-05-2015 23:23:04 Windows Update
25-05-2015 03:00:32 Windows Update
26-05-2015 16:14:21 Windows Update
28-05-2015 21:29:42 Windows Update
29-05-2015 10:29:24 Windows Update
29-05-2015 18:09:28 Windows Update
30-05-2015 20:09:22 Installed Company of Heroes.
31-05-2015 13:06:40 Windows Update
31-05-2015 15:29:40 Removed Company of Heroes.
31-05-2015 15:30:52 Installed System Requirements Lab Detection
31-05-2015 15:31:28 Removed System Requirements Lab Detection
31-05-2015 15:53:06 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
31-05-2015 21:36:51 Installed Smart Switch
01-06-2015 14:55:20 Windows Update
01-06-2015 19:15:01 Windows Defender Checkpoint
01-06-2015 22:19:00 Avira EU-Cleaner - 01.06.2015 22:18
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {17C88663-29C7-4CE2-B95B-D4EAB37C606F} - System32\Tasks\{D92E80DA-D816-449E-A3D0-E390DCA4C4B6} => C:\Program Files\Arc\ArcLauncher.exe [2015-05-14] (Perfect World Entertainment)
Task: {1A6294EA-3520-4F02-B15F-74B211B32236} - System32\Tasks\{0565A558-930F-4598-B302-976A1088C681} => C:\Users\Hirlak\Desktop\RA2YR_PP\Red Alert 2 Yuri\Ra2.exe [2005-10-03] ()
Task: {1DB36057-9415-4DBC-8534-059860780178} - System32\Tasks\{FD379C6F-8E13-4327-B347-A1F85C832D30} => C:\Program Files\Age of Mythology Extended Edition\aomx.exe [2014-08-18] (Microsoft Corp)
Task: {2002D219-2472-42DD-93A7-940FE4777530} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {2E5449B4-DC0A-47EB-BE7D-6955D5860F7A} - System32\Tasks\{0147B5F9-BAF8-4B8B-B93C-D19FAAB05197} => C:\Program Files\Age of Mythology Extended Edition\aomx.exe [2014-08-18] (Microsoft Corp)
Task: {30EAD7C4-E443-4A56-A423-617E450D62CF} - System32\Tasks\{4E045BF7-EAD6-4972-B9C9-565E6428E58B} => C:\Program Files\Age of Mythology Extended Edition\aomx.exe [2014-08-18] (Microsoft Corp)
Task: {47693646-21A7-4570-A65B-3F7403090B53} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {4B1B9446-77D6-4867-B3BB-15042766BC01} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {61F4F95C-C9AB-489D-9923-BEA4C9468A2C} - System32\Tasks\{AA8F20C5-B7A8-4D3B-AA47-5C7FC8890338} => C:\Program Files\Age of Mythology Extended Edition\aomx.exe [2014-08-18] (Microsoft Corp)
Task: {6EA17C32-5D64-4A03-ADA5-BEF661D29932} - System32\Tasks\{0070E565-2297-414E-9DB2-4BCD4D81499E} => pcalua.exe -a "C:\Users\Hirlak\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3950YTVY\sp48616[1].exe" -d C:\Users\Hirlak\Desktop
Task: {7080C3C5-709B-415E-9A36-14BBA568174B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-05-14] (Google Inc.)
Task: {7AA3EB6D-CC3F-4133-B984-B911C12A6B04} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {87704616-F57C-455C-805E-1F4F90E6F549} - System32\Tasks\{C0F2D471-763D-4CB9-9FD8-DDEA0CB7D0DA} => C:\Program Files\Age of Mythology Extended Edition\aomx.exe [2014-08-18] (Microsoft Corp)
Task: {ADD23B76-ACA5-41AC-A311-C4B451B0CA3F} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-05-17] (Avast Software s.r.o.)
Task: {B0DD96D3-F5AB-41D7-A669-79BBC2B66101} - System32\Tasks\{367C39BB-4502-4B12-89C8-88EFADE3AFD4} => C:\Program Files\Arc\ArcLauncher.exe [2015-05-14] (Perfect World Entertainment)
Task: {B2FD02FE-3A0B-4A4E-9401-E83A2DB78DAA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-05-14] (Google Inc.)
Task: {E6EB5E94-FADC-480F-BD97-F18D0B976078} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-17] (Adobe Systems Incorporated)
Task: {EBB1C099-F5DE-4BCD-B194-0F63A31B8E60} - System32\Tasks\Overwolf Updater Task => C:\Program Files\Overwolf\OverwolfUpdater.exe [2015-05-04] (Overwolf LTD)
Task: {F4EF1740-341B-4EAF-963B-1A84A663104A} - System32\Tasks\{8BB41017-69DF-4CBC-9762-C60EC0E2E963} => C:\Program Files\Age of Mythology Extended Edition\aomx.exe [2014-08-18] (Microsoft Corp)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (Whitelisted) ==============
2015-05-17 00:25 - 2015-05-17 00:25 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-05-17 00:25 - 2015-05-17 00:25 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-06-01 21:31 - 2015-06-01 21:31 - 02951680 _____ () C:\Program Files\AVAST Software\Avast\defs\15060101\algo.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-05-17 00:26 - 2015-05-17 00:28 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-05-04 13:08 - 2015-05-04 13:08 - 00025600 _____ () C:\Program Files\Overwolf\0.85.190.0\CoreAudioApi.dll
2015-05-04 13:08 - 2015-05-04 13:08 - 40555008 _____ () C:\Program Files\Overwolf\0.85.190.0\libcef.DLL
2015-05-31 16:40 - 2015-04-16 19:40 - 00776192 _____ () C:\Program Files\Steam\SDL2.dll
2015-05-31 16:40 - 2015-04-23 04:16 - 04962816 _____ () C:\Program Files\Steam\v8.dll
2015-05-31 16:40 - 2015-04-23 04:16 - 01556992 _____ () C:\Program Files\Steam\icui18n.dll
2015-05-31 16:40 - 2015-04-23 04:16 - 01187840 _____ () C:\Program Files\Steam\icuuc.dll
2015-05-31 16:40 - 2015-05-15 03:58 - 02396352 _____ () C:\Program Files\Steam\video.dll
2015-05-31 16:40 - 2014-12-01 23:31 - 02396672 _____ () C:\Program Files\Steam\libavcodec-56.dll
2015-05-31 16:40 - 2014-12-01 23:31 - 00442880 _____ () C:\Program Files\Steam\libavutil-54.dll
2015-05-31 16:40 - 2014-12-01 23:31 - 00479744 _____ () C:\Program Files\Steam\libavformat-56.dll
2015-05-31 16:40 - 2014-12-01 23:31 - 00332800 _____ () C:\Program Files\Steam\libavresample-2.dll
2015-05-31 16:40 - 2014-12-01 23:31 - 00485888 _____ () C:\Program Files\Steam\libswscale-3.dll
2015-05-31 16:40 - 2015-05-15 03:57 - 00703168 _____ () C:\Program Files\Steam\bin\chromehtml.DLL
2015-05-31 16:40 - 2015-05-11 21:01 - 36302728 _____ () C:\Program Files\Steam\bin\libcef.dll
2015-05-04 13:08 - 2015-05-04 13:08 - 01274655 _____ () C:\Program Files\Overwolf\0.85.190.0\Purplizer\libxml2-2.dll
2015-05-04 13:08 - 2015-05-04 13:08 - 00100352 _____ () C:\Program Files\Overwolf\0.85.190.0\Purplizer\zlib1.dll
2015-05-04 13:08 - 2015-05-04 13:08 - 00028160 _____ () C:\Program Files\Overwolf\0.85.190.0\Purplizer\libssp-0.dll
2015-05-04 13:08 - 2015-05-04 13:08 - 00373657 _____ () C:\Program Files\Overwolf\0.85.190.0\Purplizer\plugins\libmsn.dll
2015-05-04 13:08 - 2015-05-04 13:08 - 00021337 _____ () C:\Program Files\Overwolf\0.85.190.0\Purplizer\plugins\libxmpp.dll
2015-05-04 13:08 - 2015-05-04 13:08 - 00415553 _____ () C:\Program Files\Overwolf\0.85.190.0\Purplizer\libjabber.dll
2015-05-04 13:08 - 2015-05-04 13:08 - 00190464 _____ () C:\Program Files\Overwolf\0.85.190.0\Purplizer\libsasl.dll
2015-05-04 13:08 - 2015-05-04 13:08 - 00022832 _____ () C:\Program Files\Overwolf\0.85.190.0\Purplizer\plugins\libyahoo.dll
2015-05-04 13:08 - 2015-05-04 13:08 - 00228908 _____ () C:\Program Files\Overwolf\0.85.190.0\Purplizer\libymsg.dll
2015-05-04 13:08 - 2015-05-04 13:08 - 00027811 _____ () C:\Program Files\Overwolf\0.85.190.0\Purplizer\plugins\ssl-nss.dll
2015-05-04 13:08 - 2015-05-04 13:08 - 00012004 _____ () C:\Program Files\Overwolf\0.85.190.0\Purplizer\plugins\ssl.dll
2015-05-04 13:08 - 2015-05-04 13:08 - 00140288 _____ () C:\Program Files\Overwolf\0.85.190.0\Purplizer\sasl2\saslDIGESTMD5.dll
2015-05-04 13:08 - 2015-05-04 13:08 - 00102912 _____ () C:\Program Files\Overwolf\0.85.190.0\Purplizer\sasl2\saslPLAIN.dll
2015-05-04 13:08 - 2015-05-04 13:08 - 00425984 _____ () C:\Program Files\Overwolf\0.85.190.0\Purplizer\sqlite3.dll
2015-05-26 00:54 - 2015-05-22 22:22 - 01281864 _____ () C:\Program Files\Google\Chrome\Application\43.0.2357.81\libglesv2.dll
2015-05-26 00:54 - 2015-05-22 22:22 - 00080712 _____ () C:\Program Files\Google\Chrome\Application\43.0.2357.81\libegl.dll
2015-05-26 00:54 - 2015-05-22 22:22 - 14982472 _____ () C:\Program Files\Google\Chrome\Application\43.0.2357.81\PepperFlash\pepflashplayer.dll
2015-06-01 21:35 - 2013-09-05 10:59 - 00023784 _____ () C:\Users\Hirlak\AppData\Local\Temp\cleaner\rcNwLoad_de.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-717356552-2788057288-3721422200-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Hirlak\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-717356552-2788057288-3721422200-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Hirlak\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{1541042D-DF0A-489A-8903-2F8D79DF1B3B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E65120BC-CC3A-4935-9141-CE2B2ED8791A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9660E691-BC00-49D4-9302-5A3D164198E8}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{82CA37A6-A1EA-4D7F-9407-D39346C6FD1D}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{1F196C8C-16F9-401A-AB12-9FAE92E1BA92}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{AA1ABAA8-64B7-47AF-8EDA-8207F0DB4FDD}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{B20B6899-BA7D-4B8B-A7B8-6D6AE22D8F05}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [TCP Query User{C33CC3E1-64E2-4FDB-A786-BEC7827422E4}C:\users\hirlak\desktop\ra2yr_pp\red alert 2 yuri\game.exe] => (Block) C:\users\hirlak\desktop\ra2yr_pp\red alert 2 yuri\game.exe
FirewallRules: [UDP Query User{17BB6491-2C9A-46E9-9E21-45A5EC91C04F}C:\users\hirlak\desktop\ra2yr_pp\red alert 2 yuri\game.exe] => (Block) C:\users\hirlak\desktop\ra2yr_pp\red alert 2 yuri\game.exe
FirewallRules: [TCP Query User{68A5E0F9-554D-40CA-8E8E-D4DEE8AA405A}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{6C382865-15BB-4EEB-B739-2BCCE41E7BE8}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [{9289E566-DDD1-4C6C-A4B2-5633F7C185FA}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{0D5CAC28-AE85-484F-BEC1-E50DD0DB3BC4}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{77C2AF3D-247B-458C-A507-95FB7B0AD061}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{98F6072D-D3E2-4439-A53C-A5FDF14F2EEB}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{99D86E37-F7FC-430B-9427-D195C8BAFB1A}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{7AE84B18-A27E-46FE-AAFF-407599E96902}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{999CB5B5-2E5B-4568-A6D4-69F9F5422DC3}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{D376CDF9-2BEF-430D-836A-0E1B72B75BE8}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{D26D5821-A8DB-42AF-9E48-3F53C04CB9FE}C:\program files\neverwinter_de\neverwinter\live\gameclient.exe] => (Allow) C:\program files\neverwinter_de\neverwinter\live\gameclient.exe
FirewallRules: [UDP Query User{6F609BED-C36F-46C2-8964-551B83E8B08F}C:\program files\neverwinter_de\neverwinter\live\gameclient.exe] => (Allow) C:\program files\neverwinter_de\neverwinter\live\gameclient.exe
FirewallRules: [{D9177D33-391C-478F-BDDA-F898B0F8B92C}] => (Allow) C:\Program Files\Battle.net\Battle.net.exe
FirewallRules: [{3461EC8E-06F0-4F2E-980F-6730939D3C28}] => (Allow) C:\Program Files\Battle.net\Battle.net.exe
FirewallRules: [{8AF6710B-84BC-487A-934C-C21773BE1190}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{6FA40102-7BA2-4F4C-B626-9B11A3A90607}C:\users\hirlak\desktop\teamspeak3-server_win32\ts3server_win32.exe] => (Allow) C:\users\hirlak\desktop\teamspeak3-server_win32\ts3server_win32.exe
FirewallRules: [UDP Query User{545F64C9-C6C0-424A-A254-D6CDE9B74E28}C:\users\hirlak\desktop\teamspeak3-server_win32\ts3server_win32.exe] => (Allow) C:\users\hirlak\desktop\teamspeak3-server_win32\ts3server_win32.exe
FirewallRules: [{43FE6295-E86C-4A6E-94BA-9348623EB4E1}] => (Allow) C:\Program Files\Steam\Steam.exe
FirewallRules: [{5D06BC0B-0B94-4E8E-A7A0-57DDF5E14814}] => (Allow) C:\Program Files\Steam\Steam.exe
FirewallRules: [{ABF00F9D-121C-4EB4-B453-408B1620E5A2}] => (Allow) C:\Program Files\Steam\bin\steamwebhelper.exe
FirewallRules: [{1529CBAB-94A7-4E4E-939A-54A535A7BA75}] => (Allow) C:\Program Files\Steam\bin\steamwebhelper.exe
FirewallRules: [{CCF8D40A-E13E-4EA7-8976-4D90D372C5BA}] => (Allow) C:\Users\Hirlak\AppData\Local\Chromatic\Application\chromatic.exe
FirewallRules: [{97DF4E3C-E410-4076-BBE5-B0D44EF972FF}] => (Allow) C:\Users\Hirlak\AppData\Local\Chromatic\Application\chromatic.exe
FirewallRules: [{6C56684B-AF79-4198-AA66-00BC4CC6492E}] => (Allow) C:\Users\Hirlak\AppData\Local\Chromatic\Utils\Updater.exe
FirewallRules: [{5A4510F4-2A72-469E-A792-F9D8741233CB}] => (Allow) C:\Users\Hirlak\AppData\Local\Chromatic\Utils\Updater.exe
FirewallRules: [{92D2858E-AF12-49E9-9412-C10857092377}] => (Allow) C:\Users\Hirlak\AppData\Local\wd\wd.exe
FirewallRules: [{228497AD-67C7-4A60-BB7E-4BA561961A84}] => (Allow) C:\Users\Hirlak\AppData\Local\wd\wd.exe
==================== Faulty Device Manager Devices =============
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (06/01/2015 10:20:18 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddWin32ServiceFiles: Unable to back up image of service Update Product Deals since QueryServiceConfig API failed
System Error:
Das System kann die angegebene Datei nicht finden.
.
Error: (06/01/2015 10:20:18 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddWin32ServiceFiles: Unable to back up image of service Util Product Deals since QueryServiceConfig API failed
System Error:
Das System kann die angegebene Datei nicht finden.
.
Error: (06/01/2015 10:20:18 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddWin32ServiceFiles: Unable to back up image of service IHProtect Service since QueryServiceConfig API failed
System Error:
Das System kann die angegebene Datei nicht finden.
.
Error: (06/01/2015 10:20:18 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddWin32ServiceFiles: Unable to back up image of service WindowsMangerProtect Service since QueryServiceConfig API failed
System Error:
Das System kann die angegebene Datei nicht finden.
.
Error: (06/01/2015 10:20:18 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary {9eb617cc-040e-4915-b808-5e36623eae21}Gw.
System Error:
Das System kann die angegebene Datei nicht finden.
.
Error: (06/01/2015 10:15:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ProtectWindowsManager.exe, Version: 0.0.0.0, Zeitstempel: 0x00000000
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16915, Zeitstempel: 0x4ec49caf
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00027404
ID des fehlerhaften Prozesses: 0xfd4
Startzeit der fehlerhaften Anwendung: 0xProtectWindowsManager.exe0
Pfad der fehlerhaften Anwendung: ProtectWindowsManager.exe1
Pfad des fehlerhaften Moduls: ProtectWindowsManager.exe2
Berichtskennung: ProtectWindowsManager.exe3
Error: (06/01/2015 05:42:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 79748
Error: (06/01/2015 05:42:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 79748
Error: (06/01/2015 05:42:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (06/01/2015 05:41:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13011
System errors:
=============
Error: (06/01/2015 10:24:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Sicherheitscenter" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (06/01/2015 10:24:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "TCP/IP-NetBIOS-Hilfsdienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 100 Millisekunden durchgeführt: Neustart des Diensts.
Error: (06/01/2015 10:24:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows-Ereignisprotokoll" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (06/01/2015 10:24:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "DHCP-Client" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (06/01/2015 10:24:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows-Audio" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (06/01/2015 10:15:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "WindowsMangerProtect Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (06/01/2015 09:00:05 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.
Error: (06/01/2015 09:00:05 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.
Error: (06/01/2015 09:00:05 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.
Error: (06/01/2015 08:14:03 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.
Microsoft Office:
=========================
Error: (06/01/2015 10:20:18 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service Update Product Deals since QueryServiceConfig API failed
System Error:
Das System kann die angegebene Datei nicht finden.
Error: (06/01/2015 10:20:18 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service Util Product Deals since QueryServiceConfig API failed
System Error:
Das System kann die angegebene Datei nicht finden.
Error: (06/01/2015 10:20:18 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service IHProtect Service since QueryServiceConfig API failed
System Error:
Das System kann die angegebene Datei nicht finden.
Error: (06/01/2015 10:20:18 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service WindowsMangerProtect Service since QueryServiceConfig API failed
System Error:
Das System kann die angegebene Datei nicht finden.
Error: (06/01/2015 10:20:18 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary {9eb617cc-040e-4915-b808-5e36623eae21}Gw.
System Error:
Das System kann die angegebene Datei nicht finden.
Error: (06/01/2015 10:15:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: ProtectWindowsManager.exe0.0.0.000000000ntdll.dll6.1.7600.169154ec49cafc000000500027404fd401d09c8e3ec82365C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exeC:\Windows\SYSTEM32\ntdll.dlle6d226a1-089a-11e5-8e96-933c526905e0
Error: (06/01/2015 05:42:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 79748
Error: (06/01/2015 05:42:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 79748
Error: (06/01/2015 05:42:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (06/01/2015 05:41:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13011
CodeIntegrity Errors:
===================================
Date: 2015-06-01 21:25:17.237
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-06-01 19:25:57.374
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-06-01 19:25:57.190
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-06-01 19:25:21.453
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-06-01 19:25:21.301
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-06-01 19:24:34.669
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-06-01 19:24:34.498
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-06-01 19:24:01.722
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-06-01 19:24:01.551
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-06-01 19:23:31.236
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Duo CPU T6500 @ 2.10GHz
Percentage of memory in use: 70%
Total physical RAM: 3066.84 MB
Available physical RAM: 891.9 MB
Total Pagefile: 6131.96 MB
Available Pagefile: 3314.87 MB
Total Virtual: 2047.88 MB
Available Virtual: 1891.87 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:280.79 GB) (Free:111.75 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (SYSTEM) (Fixed) (Total:0.29 GB) (Free:0.27 GB) NTFS
Drive e: (HP_RECOVERY) (Fixed) (Total:15 GB) (Free:4.11 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.99 GB) FAT32
Drive h: (Age of Mythology) (CDROM) (Total:2.09 GB) (Free:0 GB) CDFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 064EC92B)
Partition 1: (Not Active) - (Size=300 MB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=280.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2 GB) - (Type=0C)
==================== End of log ============================
Avira EU-Cleaner Log: Code:
Avira EU-Cleaner
Erstellungsdatum der Reportdatei: Montag, 1. Juni 2015 22:44
Es wird nach 8714556 Virenstämmen gesucht.
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : EU-Cleaner
Seriennummer : 2228416263-DECLE-0000001
Plattform : Windows 7 Professional
Windowsversion : (plain) [6.1.7600]
Boot Modus : Normal gebootet
Benutzername : Hirlak
Computername : HIRLAK-PC
Versionsinformationen:
BUILD.DAT : 10.0.0.65 13423 Bytes 07.04.2014 08:37:00
AVSCAN.EXE : 12.0.0.0 566200 Bytes 01.06.2015 19:37:14
AVSCAN.DLL : 12.0.0.0 58728 Bytes 01.06.2015 19:37:13
LUKE.DLL : 12.1.0.17 68304 Bytes 01.06.2015 19:37:24
AVSCPLR.DLL : 10.3.0.2 92776 Bytes 01.06.2015 19:37:15
AVREG.DLL : 12.1.0.20 227024 Bytes 01.06.2015 19:37:11
VBASE000.VDF : 7.11.70.0 66736640 Bytes 04.04.2013 19:44:44
VBASE001.VDF : 7.11.74.226 2201600 Bytes 30.04.2013 19:44:55
VBASE002.VDF : 7.11.80.60 2751488 Bytes 28.05.2013 19:45:00
VBASE003.VDF : 7.11.85.214 2162688 Bytes 21.06.2013 19:45:32
VBASE004.VDF : 7.11.91.176 3903488 Bytes 23.07.2013 19:46:15
VBASE005.VDF : 7.11.98.186 6822912 Bytes 29.08.2013 19:47:29
VBASE006.VDF : 7.11.139.38 15708672 Bytes 27.03.2014 19:50:13
VBASE007.VDF : 7.11.206.228 18292736 Bytes 04.02.2015 19:56:25
VBASE008.VDF : 7.11.213.152 2908672 Bytes 05.03.2015 19:57:53
VBASE009.VDF : 7.11.219.144 1976320 Bytes 25.03.2015 19:58:39
VBASE010.VDF : 7.11.225.66 2312192 Bytes 22.04.2015 19:58:48
VBASE011.VDF : 7.11.230.166 1603584 Bytes 13.05.2015 19:59:12
VBASE012.VDF : 7.11.230.167 2048 Bytes 13.05.2015 19:59:13
VBASE013.VDF : 7.11.230.235 80896 Bytes 13.05.2015 19:59:15
VBASE014.VDF : 7.11.231.71 92160 Bytes 14.05.2015 19:59:19
VBASE015.VDF : 7.11.231.171 66048 Bytes 14.05.2015 19:59:21
VBASE016.VDF : 7.11.231.253 200192 Bytes 15.05.2015 19:59:28
VBASE017.VDF : 7.11.232.15 2048 Bytes 15.05.2015 19:59:28
VBASE018.VDF : 7.11.232.59 64512 Bytes 15.05.2015 19:59:29
VBASE019.VDF : 7.11.232.197 143872 Bytes 16.05.2015 19:59:34
VBASE020.VDF : 7.11.233.13 256000 Bytes 18.05.2015 19:59:46
VBASE021.VDF : 7.11.233.89 271360 Bytes 19.05.2015 19:59:51
VBASE022.VDF : 7.11.233.149 174592 Bytes 19.05.2015 19:59:52
VBASE023.VDF : 7.11.234.176 574976 Bytes 23.05.2015 20:00:13
VBASE024.VDF : 7.11.235.220 797696 Bytes 29.05.2015 20:00:21
VBASE025.VDF : 7.11.236.45 142336 Bytes 30.05.2015 20:00:23
VBASE026.VDF : 7.11.236.83 138240 Bytes 31.05.2015 20:00:30
VBASE027.VDF : 7.11.236.123 120832 Bytes 01.06.2015 20:00:32
VBASE028.VDF : 7.11.236.124 2048 Bytes 01.06.2015 20:00:33
VBASE029.VDF : 7.11.236.125 2048 Bytes 01.06.2015 20:00:33
VBASE030.VDF : 7.11.236.126 2048 Bytes 01.06.2015 20:00:33
VBASE031.VDF : 7.11.236.134 518656 Bytes 01.06.2015 20:00:41
Engineversion : 8.3.30.40
AEVDF.DLL : 8.3.1.6 133992 Bytes 01.06.2015 20:02:43
AESCRIPT.DLL : 8.2.2.68 524352 Bytes 01.06.2015 20:02:38
AESCN.DLL : 8.3.2.10 142456 Bytes 01.06.2015 20:02:32
AESBX.DLL : 8.2.21.0 1622072 Bytes 01.06.2015 20:02:47
AERDL.DLL : 8.2.1.20 731040 Bytes 01.06.2015 20:02:31
AEPACK.DLL : 8.4.0.80 793728 Bytes 01.06.2015 20:02:23
AEOFFICE.DLL : 8.3.1.22 363376 Bytes 01.06.2015 20:02:15
AEMOBILE.DLL : 8.1.7.2 281720 Bytes 01.06.2015 20:03:08
AEHEUR.DLL : 8.1.4.1714 8440688 Bytes 01.06.2015 20:02:07
AEHELP.DLL : 8.3.2.0 281456 Bytes 01.06.2015 20:01:19
AEGEN.DLL : 8.1.7.40 456608 Bytes 01.06.2015 20:01:15
AEEXP.DLL : 8.4.2.88 266296 Bytes 01.06.2015 20:02:48
AEEMU.DLL : 8.1.3.4 399264 Bytes 01.06.2015 20:01:02
AEDROID.DLL : 8.4.3.116 1050536 Bytes 01.06.2015 20:03:05
AECORE.DLL : 8.3.6.2 243624 Bytes 01.06.2015 20:00:55
AEBB.DLL : 8.1.2.0 60448 Bytes 01.06.2015 20:00:52
AVWINLL.DLL : 12.1.0.17 27344 Bytes 01.06.2015 19:37:15
AVPREF.DLL : 12.1.0.17 51920 Bytes 01.06.2015 19:37:10
AVREP.DLL : 12.1.0.17 179408 Bytes 01.06.2015 19:37:12
AVARKT.DLL : Keine Information!
SQLITE3.DLL : 3.7.0.0 398288 Bytes 01.06.2015 19:37:47
AVSMTP.DLL : Keine Information!
NETNT.DLL : Keine Information!
RCIMAGE.DLL : 11.0.8.0 95336 Bytes 01.06.2015 19:37:43
RCTEXT.DLL : 11.0.7.0 401768 Bytes 01.06.2015 19:37:45
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: unknown
Konfigurationsdatei...................: C:\Users\Hirlak\AppData\Local\Temp\cleaner\eucleaner\setup\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: löschen
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:, E:, F:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Abweichende Archivtypen...............: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox,
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Abweichende Gefahrenkategorien........: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR,
Beginn des Suchlaufs: Montag, 1. Juni 2015 22:44
Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'D:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'E:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'F:\'
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'taskhost.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '9' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'Cleaner.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'avwebloader.exe' - '75' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '73' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '71' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '71' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '71' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '80' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '148' Modul(e) wurden durchsucht
Durchsuche Prozess 'TrustedInstaller.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'conhost.exe' - '15' Modul(e) wurden durchsucht
Durchsuche Prozess 'Purplizer.exe' - '70' Modul(e) wurden durchsucht
Durchsuche Prozess 'OverwolfHelper.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'PresentationFontCache.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'SteamService.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'steamwebhelper.exe' - '58' Modul(e) wurden durchsucht
Durchsuche Prozess 'wuauclt.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'PwdBank.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'Steam.exe' - '130' Modul(e) wurden durchsucht
Durchsuche Prozess 'Overwolf.exe' - '199' Modul(e) wurden durchsucht
Durchsuche Prozess 'sidebar.exe' - '106' Modul(e) wurden durchsucht
Durchsuche Prozess 'PdtWzd.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'sppsvc.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'unsecapp.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'iPodService.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'RtHDVCpl.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'iTunesHelper.exe' - '70' Modul(e) wurden durchsucht
Durchsuche Prozess 'AvastUI.exe' - '135' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '71' Modul(e) wurden durchsucht
Durchsuche Prozess 'AvastVBoxSVC.exe' - '58' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbam.exe' - '89' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamservice.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '172' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamscheduler.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'BASVC.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'mDNSResponder.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'AppleMobileDeviceService.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'afwServ.exe' - '85' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '83' Modul(e) wurden durchsucht
Durchsuche Prozess 'AvastSvc.exe' - '158' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '74' Modul(e) wurden durchsucht
Durchsuche Prozess 'CompPtcVUI.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'atieclxx.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '58' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '149' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '107' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '78' Modul(e) wurden durchsucht
Durchsuche Prozess 'atiesrxx.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht
Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '0' Dateien ).
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\'
C:\hp\bin\EndProcess.exe
[FUND] Enthält Erkennungsmuster der Anwendung APPL/KillApp.A
C:\Users\Hirlak\Desktop\Downloads\Microsoft Office Professional Plus 2013 SP1 32Bit\Aktivierung\Microsoft Toolkit.exe
[FUND] Enthält Erkennungsmuster des SPR/Tool.AutoKMS.4-Programmes
Beginne mit der Suche in 'D:\' <SYSTEM>
Beginne mit der Suche in 'E:\' <HP_RECOVERY>
Beginne mit der Suche in 'F:\' <HP_TOOLS>
Beginne mit der Desinfektion:
|
FRST 32-Bit | FRST 64-Bit
Lesestoff:
Malwarebytes Anti-Malware 
AdwCleaner auf deinen Desktop.
SecurityCheck und:
