Software Bundler

Dabbei · 26.04.2015, 21:44

Guten Abend,

leider habe ich mir wieder etwas runtergeladen, was ich nicht runterladen wollte.
Es wurde einfach im Hintergrund Programme installiert die ich weder bestätigen musste noch gesehen habe das diese installiert wurden. Des Weiteren wurden wieder dem Browser Add-Ons hinzugefüht, Startseite des Browser verändert, Weiterleitung auf "chrome://quick_start/content/index.html".

Der Windows Defender identifiziert "es" als "SoftwareBundler"
Um sicher zu gehen und Euch nicht unnötig zu stressen habe ich Malwarebyte durchlaufen lassen, Ergebnis: 99 erkannte Objekte. Um es nicht komplizierter zu machen, habe ich keine weiteren Schritte unternommen.
Bitte (mal wieder

) um Hilfe von Euch.

Mit freundlichen Grüßen
Dabbei

deeprybka · 26.04.2015, 22:41

Mein Name ist Jürgen und ich werde Dir bei Deinem Problem behilflich sein. Zusammen schaffen wir das...

Bitte arbeite alle Schritte der Reihe nach ab.
Lese die Anleitungen sorgfältig durch bevor Du beginnst. Wenn es Probleme gibt oder Du etwas nicht verstehst, dann stoppe mit Deiner Ausführung und beschreibe mir das Problem.
Führe bitte nur Scans durch, zu denen Du von mir aufgefordert wurdest.
Bitte kein Crossposting (posten in mehreren Foren).
Installiere oder deinstalliere während der Bereinigung keine Software, außer Du wurdest dazu aufgefordert.
Speichere alle unsere Tools auf dem Desktop ab. Link: So ladet Ihr unsere Tools richtig
Poste die Logfiles direkt in Deinen Thread in Code-Tags.
Bedenke, dass wir hier alle während unserer Freizeit tätig sind, wenn du innerhalb von 24 Stunden nichts von mir liest, dann schreibe mir bitte eine PM.

Hinweis:
Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden.
Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert.
Adware & Co. können wir sehr gut entfernen.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Du mein clean bekommst.

Los geht's:

Schritt 1

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Lesestoff
Posten in CODE-Tags: So gehts...
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert uns massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Dabbei · 27.04.2015, 19:00

Hallo, grüße dich.
Also bei mir erscheint leider keine Addition.txt, nur die FRST.txt. Habe danach gesucht, aber nicht fündig geworden.
Die Addition.txt sollte doch nach dem FRST Scan erstellt werden oder?

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-04-2015 01
Ran by Rod (administrator) on ROD on 27-04-2015 19:51:03
Running from D:\downloads
Loaded Profiles: Rod & MSSQLFDLauncher$AUSBILDUNG (Available profiles: Rod & MSSQL$AUSBILDUNG & MSSQLSERVER & MSSQLFDLauncher$AUSBILDUNG)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\SCM\MSIService.exe
(Microsoft Corporation) D:\SQL\MSSQL11.AUSBILDUNG\MSSQL\Binn\sqlservr.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) D:\SQL\MSSQL11.AUSBILDUNG\MSSQL\Binn\fdlauncher.exe
(Microsoft Corporation) D:\SQL\MSSQL11.AUSBILDUNG\MSSQL\Binn\fdhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(MSI) C:\Program Files (x86)\SCM\SCM.exe
() C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Geek Software GmbH) D:\Software\PDF24\PDF24\pdf24.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Valve Corporation) D:\Steam\Steam.exe
(Valve Corporation) D:\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) D:\Steam\bin\steamwebhelper.exe
(Valve Corporation) D:\Steam\bin\steamwebhelper.exe
(SysTool PasSame LIMITED) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
() C:\Users\Rod\AppData\Local\Temp\nstC01F.tmp
() C:\Users\Rod\AppData\Local\Temp\nstC020.tmp
() C:\Users\Rod\AppData\Roaming\00000000-1430077888-0000-0000-8C89A50FD868\jnsc4735.tmp
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Mozilla Corporation) D:\Firefox\firefox.exe
() C:\Users\Rod\AppData\Roaming\00000000-1430077888-0000-0000-8C89A50FD868\nspF9E4.tmp
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13538376 2013-05-21] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1308232 2013-05-20] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2859344 2013-04-30] (ELAN Microelectronics Corp.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286704 2013-03-22] (Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [Radio Manager] => C:\Program Files (x86)\SCM\Radio Manager.exe [403848 2013-05-14] (MSI)
HKLM\...\Run: [SCM] => C:\Program Files (x86)\SCM\SCM.exe [399776 2013-05-14] (MSI)
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2673296 2015-03-28] (NVIDIA Corporation)
HKLM\...\Run: [IgfxTray] => C:\WINDOWS\system32\igfxtray.exe [457616 2014-10-03] ()
HKLM\...\Run: [HotKeysCmds] => "C:\WINDOWS\system32\hkcmd.exe"
HKLM\...\Run: [Persistence] => "C:\WINDOWS\system32\igfxpers.exe"
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111576 2013-08-05] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [490760 2013-09-23] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-11] (CyberLink Corp.)
HKLM-x32\...\Run: [PDFPrint] => D:\Software\PDF24\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => E:\SuddenStrike3\Reader\Reader_sl.exe [40048 2007-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [mbot_de_611] => [X]
HKLM-x32\...\Run: [YTDownloader] => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
HKLM-x32\...\RunOnce: [Update] => C:\Users\Rod\AppData\Roaming\ASPackage\ASPackage.exe /runonce
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKLM\...\Policies\Explorer: [ConfirmFileDelete] 1
HKU\S-1-5-21-1164391901-2496949349-3293824855-1002\...\Run: [Spotify Web Helper] => C:\Users\Rod\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2018360 2015-04-03] (Spotify Ltd)
HKU\S-1-5-21-1164391901-2496949349-3293824855-1002\...\Run: [BuildNotification12] => "D:\VS2013\Common7\IDE\BuildNotificationApp.exe"
HKU\S-1-5-21-1164391901-2496949349-3293824855-1002\...\Run: [Spotify] => C:\Users\Rod\AppData\Roaming\Spotify\Spotify.exe [7112248 2015-04-03] (Spotify Ltd)
HKU\S-1-5-21-1164391901-2496949349-3293824855-1002\...\Run: [YTDownloader] => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
HKU\S-1-5-21-1164391901-2496949349-3293824855-1002\...\Run: [SwvUpdtr] => C:\Users\Rod\AppData\Local\8862\Updater.exe [1250816 2015-04-26] ()
HKU\S-1-5-21-1164391901-2496949349-3293824855-1002\...\MountPoints2: H - "H:\SETUP.EXE" 
HKU\S-1-5-21-1164391901-2496949349-3293824855-1002\...\MountPoints2: I - "I:\autorun.exe" 
HKU\S-1-5-21-1164391901-2496949349-3293824855-1002\...\MountPoints2: {4ace5a30-7e2d-11e3-824e-806e6f6e6963} - "F:\Autorun.exe" 
HKU\S-1-5-21-1164391901-2496949349-3293824855-1002\...\MountPoints2: {61f6dd93-d3e6-11e3-bede-8c89a50fd868} - "G:\autorun.exe" 
HKU\S-1-5-21-1164391901-2496949349-3293824855-1002\...\MountPoints2: {dc1b46f1-676a-11e4-bf0e-8c89a50fd868} - "G:\autorun.exe" 
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [178512 2015-03-13] (NVIDIA Corporation)
AppInit_DLLs: , C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [178512 2015-03-13] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [164568 2015-03-13] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Qualcomm Atheros Killer Network Manager.lnk [2013-10-28]
ShortcutTarget: Qualcomm Atheros Killer Network Manager.lnk -> C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe ()
Startup: C:\Users\Rod\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2015-01-26]
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-03-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-03-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-03-10] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.luckysearches.com/?type=hppp&ts=1430077802&from=fsf&uid=SanDiskXSD6SB1M064G_133958401282
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.luckysearches.com/?type=hppp&ts=1430077802&from=fsf&uid=SanDiskXSD6SB1M064G_133958401282
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.luckysearches.com/web/?type=ds&ts=1430077758&from=fsf&uid=SanDiskXSD6SB1M064G_133958401282&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.luckysearches.com/web/?type=ds&ts=1430077758&from=fsf&uid=SanDiskXSD6SB1M064G_133958401282&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.luckysearches.com/?type=hppp&ts=1430077802&from=fsf&uid=SanDiskXSD6SB1M064G_133958401282
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.luckysearches.com/?type=hppp&ts=1430077802&from=fsf&uid=SanDiskXSD6SB1M064G_133958401282
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.luckysearches.com/web/?type=ds&ts=1430077758&from=fsf&uid=SanDiskXSD6SB1M064G_133958401282&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.luckysearches.com/web/?type=ds&ts=1430077758&from=fsf&uid=SanDiskXSD6SB1M064G_133958401282&q={searchTerms}
HKU\S-1-5-21-1164391901-2496949349-3293824855-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.luckysearches.com/web/?type=dspp&ts=1430077802&from=fsf&uid=SanDiskXSD6SB1M064G_133958401282&q={searchTerms}
HKU\S-1-5-21-1164391901-2496949349-3293824855-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.luckysearches.com/?type=hppp&ts=1430077802&from=fsf&uid=SanDiskXSD6SB1M064G_133958401282
HKU\S-1-5-21-1164391901-2496949349-3293824855-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.luckysearches.com/?type=hppp&ts=1430077802&from=fsf&uid=SanDiskXSD6SB1M064G_133958401282
HKU\S-1-5-21-1164391901-2496949349-3293824855-1002\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.luckysearches.com/web/?type=dspp&ts=1430077802&from=fsf&uid=SanDiskXSD6SB1M064G_133958401282&q={searchTerms}
URLSearchHook: [S-1-5-80-4129702732-3888187158-186309658-1063465230-1591156635] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKU\S-1-5-21-1164391901-2496949349-3293824855-1002 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.luckysearches.com/web/?utm_source=b&utm_medium=fsf&utm_campaign=install_ie&utm_content=ds&from=fsf&uid=SanDiskXSD6SB1M064G_133958401282&ts=1430077809&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1164391901-2496949349-3293824855-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.luckysearches.com/web/?utm_source=b&utm_medium=fsf&utm_campaign=install_ie&utm_content=ds&from=fsf&uid=SanDiskXSD6SB1M064G_133958401282&ts=1430077809&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1164391901-2496949349-3293824855-1002 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.luckysearches.com/web/?utm_source=b&utm_medium=fsf&utm_campaign=install_ie&utm_content=ds&from=fsf&uid=SanDiskXSD6SB1M064G_133958401282&ts=1430077809&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1164391901-2496949349-3293824855-1002 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.luckysearches.com/web/?utm_source=b&utm_medium=fsf&utm_campaign=install_ie&utm_content=ds&from=fsf&uid=SanDiskXSD6SB1M064G_133958401282&ts=1430077809&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1164391901-2496949349-3293824855-1002 -> {4B746FD7-84D5-47E9-A957-FDEC06327FF9} URL = hxxp://www.luckysearches.com/web/?utm_source=b&utm_medium=fsf&utm_campaign=install_ie&utm_content=ds&from=fsf&uid=SanDiskXSD6SB1M064G_133958401282&ts=1430077809&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1164391901-2496949349-3293824855-1002 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://www.luckysearches.com/web/?utm_source=b&utm_medium=fsf&utm_campaign=install_ie&utm_content=ds&from=fsf&uid=SanDiskXSD6SB1M064G_133958401282&ts=1430077809&type=default&q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-03-10] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll [2014-10-16] (Oracle Corporation)
BHO: No Name -> {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} ->  No File
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-03-10] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-10-16] (Oracle Corporation)
BHO-x32: Adobe PDF Reader -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23] (Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-03-04] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-10-16] (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-03-10] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-10-16] (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Winsock: Catalog9-x64 01 C:\Windows\system32\BfLLR.dll [216064 2013-03-15] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 02 C:\Windows\system32\BfLLR.dll [216064 2013-03-15] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 03 C:\Windows\system32\BfLLR.dll [216064 2013-03-15] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 04 C:\Windows\system32\BfLLR.dll [216064 2013-03-15] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 16 C:\Windows\system32\BfLLR.dll [216064 2013-03-15] (Bigfoot Networks, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.luckysearches.com/?type=sc&ts=1430077758&from=fsf&uid=SanDiskXSD6SB1M064G_133958401282

FireFox:
========
FF ProfilePath: C:\Users\Rod\AppData\Roaming\Mozilla\Firefox\Profiles\xz1euvt7.default
FF NewTab: chrome://quick_start/content/index.html
FF SelectedSearchEngine: luckysearches
FF Homepage: hxxp://google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-14] ()
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2014-12-03] (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-10-16] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-10-16] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] ()
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2014-12-03] (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-03-12] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-03-12] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-10-16] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-10-16] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-02-17] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-01-26] (Microsoft Corporation)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll [2015-04-26] (globalUpdate)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll [2015-04-26] (globalUpdate)
FF SearchPlugin: C:\Users\Rod\AppData\Roaming\Mozilla\Firefox\Profiles\xz1euvt7.default\searchplugins\gmx-suche.xml [2015-03-10]
FF Extension: Ghostery - C:\Users\Rod\AppData\Roaming\Mozilla\Firefox\Profiles\xz1euvt7.default\Extensions\firefox@ghostery.com.xpi [2014-11-23]
FF Extension: CookieCuller - C:\Users\Rod\AppData\Roaming\Mozilla\Firefox\Profiles\xz1euvt7.default\Extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460}.xpi [2014-11-23]
FF Extension: Adblock Plus - C:\Users\Rod\AppData\Roaming\Mozilla\Firefox\Profiles\xz1euvt7.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-06-05]
FF HKLM-x32\...\Firefox\Extensions: [quick_searchff@gmail.com] - C:\Users\Rod\AppData\Roaming\Mozilla\Firefox\Profiles\xz1euvt7.default\extensions\quick_searchff@gmail.com
FF HKLM-x32\...\Firefox\Extensions: [sweetsearch@gmail.com] - C:\Users\Rod\AppData\Roaming\Mozilla\Firefox\Profiles\xz1euvt7.default\extensions\sweetsearch@gmail.com
StartMenuInternet: FIREFOX.EXE - D:\Firefox\firefox.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [5632 2014-03-11] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2719928 2015-03-18] (Microsoft Corporation)
R2 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [74712 2013-03-11] (CyberLink)
R2 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [316376 2013-03-11] (CyberLink)
R2 fovudyqe; C:\Users\Rod\AppData\Roaming\00000000-1430077888-0000-0000-8C89A50FD868\jnsc4735.tmp [123904 2015-04-26] () [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152144 2015-03-28] (NVIDIA Corporation)
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2015-04-26] (globalUpdate) [File not signed] <==== ATTENTION
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2015-04-26] (globalUpdate) [File not signed] <==== ATTENTION
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-03-22] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [329104 2014-10-03] (Intel Corporation)
R2 Intel(R) Bluetooth Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [160712 2013-03-11] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-03-12] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
R2 Micro Star SCM; C:\Program Files (x86)\SCM\MSIService.exe [160768 2013-05-14] (Micro-Star International Co., Ltd.) [File not signed]
R2 MSSQL$AUSBILDUNG; d:\SQL\MSSQL11.AUSBILDUNG\MSSQL\Binn\sqlservr.exe [191064 2012-02-11] (Microsoft Corporation)
R3 MSSQLFDLauncher$AUSBILDUNG; d:\SQL\MSSQL11.AUSBILDUNG\MSSQL\Binn\fdlauncher.exe [49752 2012-02-11] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-03-29] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1878672 2015-03-28] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [22995600 2015-03-28] (NVIDIA Corporation)
S3 Origin Client Service; D:\Origin\OriginClientService.exe [1931632 2015-04-17] (Electronic Arts)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76152 2015-02-04] ()
R2 Qualcomm Atheros Killer Service; C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe [495616 2013-03-15] () [File not signed]
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2013-03-06] ()
R2 rypuvimi; C:\Users\Rod\AppData\Roaming\00000000-1430077888-0000-0000-8C89A50FD868\nspF9E4.tmp [139264 2015-04-27] () [File not signed]
S2 SkypeUpdate; D:\Software\Skype\Updater\Updater.exe [315488 2015-02-18] (Skype Technologies)
S4 SQLAgent$AUSBILDUNG; d:\SQL\MSSQL11.AUSBILDUNG\MSSQL\Binn\SQLAGENT.EXE [597080 2012-02-11] (Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH)
S3 VsEtwService120; D:\Programmierung\VS Express 2013\Common7\Packages\Debugger\Services\VsEtwService.exe [89232 2014-07-22] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [337064 2015-04-26] (SysTool PasSame LIMITED)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3376880 2013-03-29] (Intel® Corporation)
S2 MSSQLSERVER; "C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe" -sMSSQLSERVER [X]
S4 SQLSERVERAGENT; "C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE" -i MSSQLSERVER [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [310728 2015-01-19] ()
S1 BfLwf; C:\Windows\system32\DRIVERS\bwcW8x64.sys [74096 2013-03-15] (Qualcomm Atheros, Inc.)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsfw.sys [1366328 2013-04-01] (Motorola Solutions, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R3 clwvd6; C:\Windows\system32\DRIVERS\clwvd6.sys [41704 2013-10-29] (CyberLink Corporation)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [76744 2013-03-11] (Intel Corporation)
R3 Ke2200; C:\Windows\system32\DRIVERS\e22w8x64.sys [174448 2013-03-15] (Qualcomm Atheros, Inc.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [42696 2015-01-19] ()
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-04-26] (Malwarebytes Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3589600 2013-09-25] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [3545056 2013-04-18] (Intel Corporation)
R1 nvkflt; C:\Windows\system32\DRIVERS\nvkflt.sys [299664 2015-03-13] (NVIDIA Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-03-28] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S4 RsFx0200; C:\Windows\System32\DRIVERS\RsFx0200.sys [334936 2012-02-11] (Microsoft Corporation)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [448072 2013-02-01] (RTS Corporation)
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [226304 2014-10-29] (Microsoft Corporation)
S3 UHSfiltv; C:\Windows\system32\drivers\UHSfiltv.sys [23552 2012-09-12] (Creative Technology Ltd.)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
S3 clwvd; \SystemRoot\system32\DRIVERS\clwvd.sys [X]
R4 SPDRIVER_1.42.0.1794; \??\C:\Program Files (x86)\ShopperPro\JSDriver\1.42.0.1794\jsdrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-27 19:38 - 2015-04-27 19:38 - 00001130 ____C () C:\Users\Rod\Desktop\Continue Live Installation.lnk
2015-04-26 22:25 - 2015-04-26 22:25 - 00000778 ____C () C:\Users\Rod\Desktop\Sudden Strike 2.lnk
2015-04-26 22:25 - 2015-04-26 22:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameTop.com
2015-04-26 22:22 - 2015-04-26 22:22 - 00000000 ___DC () C:\Users\Rod\AppData\Local\8862
2015-04-26 22:07 - 2015-04-26 22:07 - 00003146 _____ () C:\WINDOWS\System32\Tasks\{ABBAF84F-D062-43E1-B01B-79516F78051E}
2015-04-26 21:59 - 2015-04-26 21:59 - 02035200 ____C (Cinema PlusV16.03) C:\Users\Rod\AppData\Roaming\RTQFZORV.exe
2015-04-26 21:59 - 2015-04-26 21:59 - 01380352 ____C (Cinema PlusV16.03) C:\Users\Rod\AppData\Roaming\OXJV.exe
2015-04-26 21:59 - 2015-04-26 21:59 - 00004678 _____ () C:\WINDOWS\System32\Tasks\RTQFZORV
2015-04-26 21:59 - 2015-04-26 21:59 - 00004328 _____ () C:\WINDOWS\System32\Tasks\OXJV
2015-04-26 21:59 - 2015-04-26 21:59 - 00001686 _____ () C:\WINDOWS\Tasks\RTQFZORV.job
2015-04-26 21:59 - 2015-04-26 21:59 - 00001334 _____ () C:\WINDOWS\Tasks\OXJV.job
2015-04-26 21:56 - 2015-04-26 22:01 - 00000000 ___DC () C:\Users\Rod\AppData\Local\00000000-1430085370-0000-0000-8C89A50FD868
2015-04-26 21:54 - 2015-04-26 22:04 - 00000978 _____ () C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job
2015-04-26 21:54 - 2015-04-26 22:04 - 00000974 _____ () C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job
2015-04-26 21:54 - 2015-04-26 21:59 - 00003950 _____ () C:\WINDOWS\System32\Tasks\globalUpdateUpdateTaskMachineUA
2015-04-26 21:54 - 2015-04-26 21:59 - 00003714 _____ () C:\WINDOWS\System32\Tasks\globalUpdateUpdateTaskMachineCore
2015-04-26 21:54 - 2015-04-26 21:54 - 00000000 ___DC () C:\Users\Rod\AppData\Local\globalUpdate
2015-04-26 21:54 - 2015-04-26 21:54 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2015-04-26 21:52 - 2015-04-26 21:55 - 00000000 ___DC () C:\Users\Rod\AppData\Local\BrowserHelper
2015-04-26 21:52 - 2015-04-26 21:52 - 00000000 ___DC () C:\Users\Public\Documents\ShopperPro
2015-04-26 21:51 - 2015-04-27 19:33 - 00000000 ___DC () C:\Users\Rod\AppData\Roaming\00000000-1430077888-0000-0000-8C89A50FD868
2015-04-26 21:51 - 2015-04-26 21:51 - 00000000 ___DC () C:\Users\Rod\AppData\Local\CrashRpt
2015-04-26 21:50 - 2015-04-26 21:50 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2015-04-26 21:50 - 2015-04-26 21:50 - 00000000 ____D () C:\ProgramData\IHProtectUpDate
2015-04-26 21:48 - 2015-04-26 21:48 - 00003970 _____ () C:\WINDOWS\System32\Tasks\LaunchPreSignup
2015-04-26 21:45 - 2015-04-26 21:45 - 00003086 _____ () C:\WINDOWS\System32\Tasks\iren3006
2015-04-26 21:45 - 2015-04-26 21:45 - 00000002 _____ () C:\END
2015-04-26 21:45 - 2015-04-22 16:51 - 00409168 _____ (Abengine) C:\WINDOWS\system32\abengine64.dll.rlwrgkr
2015-04-26 21:45 - 2015-04-22 16:51 - 00341952 _____ (Abengine) C:\WINDOWS\SysWOW64\abengine.dll.rlwrgkr
2015-04-26 21:37 - 2015-04-26 21:37 - 00000000 ___DC () C:\Users\Rod\Documents\Fireglow Games
2015-04-15 15:48 - 2015-04-15 15:48 - 00424651 ____C () C:\Users\Rod\Desktop\Kündigungsbestätigung.jpeg
2015-04-15 15:47 - 2015-04-15 15:46 - 00292022 ____C () C:\Users\Rod\Desktop\Gutschrift.jpeg
2015-04-15 15:17 - 2015-03-14 10:54 - 00133256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-04-15 15:17 - 2015-03-14 03:56 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-04-15 15:17 - 2015-03-14 03:56 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-04-15 15:17 - 2015-03-14 03:51 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wu.upgrade.ps.dll
2015-04-15 15:17 - 2015-03-14 03:37 - 00267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2015-04-15 15:17 - 2015-03-14 03:14 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2015-04-15 15:17 - 2015-03-14 02:22 - 03678720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-04-15 15:17 - 2015-03-14 02:12 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-04-15 15:17 - 2015-03-14 02:12 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-04-15 15:17 - 2015-03-14 02:09 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2015-04-15 15:17 - 2015-03-14 02:08 - 00408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-04-15 15:17 - 2015-03-14 02:08 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-04-15 15:17 - 2015-03-14 02:06 - 02373632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-04-15 15:17 - 2015-03-14 02:06 - 00891392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-04-15 15:17 - 2015-03-14 02:02 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-04-15 15:17 - 2015-03-14 02:02 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-04-15 15:17 - 2015-03-14 01:59 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-04-15 15:17 - 2015-03-14 01:59 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-04-15 15:17 - 2015-02-21 01:49 - 00780800 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2015-04-15 15:16 - 2015-03-23 00:45 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-04-15 15:16 - 2015-03-23 00:09 - 01111552 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-04-15 15:16 - 2015-03-23 00:09 - 00957440 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-04-15 15:16 - 2015-03-23 00:09 - 00769024 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-04-15 15:16 - 2015-03-23 00:09 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-04-15 15:16 - 2015-03-23 00:09 - 00419328 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-04-15 15:16 - 2015-03-23 00:09 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-04-15 15:16 - 2015-03-04 12:25 - 00377152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2015-04-15 15:16 - 2015-03-04 05:04 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\clfsw32.dll
2015-04-15 15:16 - 2015-03-04 04:19 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clfsw32.dll
2015-04-15 15:16 - 2015-02-24 10:32 - 00991552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2015-04-04 15:07 - 2015-04-05 09:54 - 00000000 ___SD () C:\WINDOWS\system32\GWX
2015-04-04 15:07 - 2015-04-04 15:07 - 00000000 ___SD () C:\WINDOWS\SysWOW64\GWX
2015-03-30 20:35 - 2015-03-30 20:35 - 00000000 ____D () C:\WINDOWS\SysWOW64\NV
2015-03-30 20:35 - 2015-03-30 20:35 - 00000000 ____D () C:\WINDOWS\system32\NV
2015-03-30 20:34 - 2015-03-13 21:41 - 32114888 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2015-03-30 20:34 - 2015-03-13 21:41 - 25460880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2015-03-30 20:34 - 2015-03-13 21:41 - 24775368 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2015-03-30 20:34 - 2015-03-13 21:41 - 20466376 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2015-03-30 20:34 - 2015-03-13 21:41 - 18580512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2015-03-30 20:34 - 2015-03-13 21:41 - 17258024 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2015-03-30 20:34 - 2015-03-13 21:41 - 16022016 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2015-03-30 20:34 - 2015-03-13 21:41 - 13297144 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2015-03-30 20:34 - 2015-03-13 21:41 - 13210080 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2015-03-30 20:34 - 2015-03-13 21:41 - 10775080 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2015-03-30 20:34 - 2015-03-13 21:41 - 10715864 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2015-03-30 20:34 - 2015-03-13 21:41 - 10262160 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2015-03-30 20:34 - 2015-03-13 21:41 - 03611792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2015-03-30 20:34 - 2015-03-13 21:41 - 03249352 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2015-03-30 20:34 - 2015-03-13 21:41 - 01896136 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6434788.dll
2015-03-30 20:34 - 2015-03-13 21:41 - 01557648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6434788.dll
2015-03-30 20:34 - 2015-03-13 21:41 - 00970384 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2015-03-30 20:34 - 2015-03-13 21:41 - 00944784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2015-03-30 20:34 - 2015-03-13 21:41 - 00930448 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2015-03-30 20:34 - 2015-03-13 21:41 - 00909512 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2015-03-30 20:34 - 2015-03-13 21:41 - 00496272 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2015-03-30 20:34 - 2015-03-13 21:41 - 00400584 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2015-03-30 20:34 - 2015-03-13 21:41 - 00390288 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2015-03-30 20:34 - 2015-03-13 21:41 - 00354112 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2015-03-30 20:34 - 2015-03-13 21:41 - 00346824 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2015-03-30 20:34 - 2015-03-13 21:41 - 00306208 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2015-03-30 20:34 - 2015-03-13 21:41 - 00299664 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvkflt.sys
2015-03-30 20:34 - 2015-03-13 21:41 - 00032456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvpciflt.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-27 19:51 - 2014-11-20 22:33 - 00000000 ____D () C:\FRST
2015-04-27 19:38 - 2014-01-15 23:38 - 01381218 _____ () C:\WINDOWS\WindowsUpdate.log
2015-04-27 19:37 - 2014-05-09 18:45 - 00003902 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{08CD4898-E756-4FC0-8031-743705B1BC35}
2015-04-27 19:33 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-04-27 00:13 - 2013-12-28 16:01 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-04-26 22:51 - 2013-12-27 19:31 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1164391901-2496949349-3293824855-1002
2015-04-26 22:23 - 2014-11-22 13:50 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-04-26 22:23 - 2014-11-22 13:50 - 00001122 ____C () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-04-26 22:23 - 2014-11-22 13:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-04-26 22:23 - 2014-11-22 13:50 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-04-26 22:02 - 2013-08-22 17:36 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy
2015-04-26 21:54 - 2014-06-03 23:00 - 00000614 ____C () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-04-26 21:54 - 2014-06-03 23:00 - 00000614 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-04-26 21:54 - 2014-01-15 23:55 - 00001458 ____C () C:\Users\Rod\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-04-26 21:54 - 2013-10-29 10:40 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Welcome.lnk
2015-04-26 21:54 - 2013-10-29 10:40 - 00002449 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MEDIONhome.lnk
2015-04-26 21:52 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Common Files\System
2015-04-26 19:14 - 2013-11-14 09:27 - 02435178 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-04-26 19:14 - 2013-11-14 09:11 - 01025694 _____ () C:\WINDOWS\system32\perfh007.dat
2015-04-26 19:14 - 2013-11-14 09:11 - 00247972 _____ () C:\WINDOWS\system32\perfc007.dat
2015-04-26 18:37 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-04-26 18:13 - 2013-12-29 00:10 - 00000000 ___DC () C:\Users\Rod\AppData\Roaming\Skype
2015-04-26 16:27 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-04-26 15:45 - 2014-01-31 21:27 - 00000000 __DOC () C:\Users\Rod\SkyDrive
2015-04-26 15:45 - 2013-10-28 14:55 - 00000000 ____D () C:\ProgramData\Bigfoot Networks
2015-04-25 20:35 - 2014-11-08 15:57 - 00032988 _____ () C:\WINDOWS\setupact.log
2015-04-25 18:43 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-04-25 18:01 - 2013-08-22 15:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-04-17 16:47 - 2013-12-29 00:10 - 00000000 ____D () C:\ProgramData\Skype
2015-04-17 16:45 - 2013-11-14 00:18 - 00036850 _____ () C:\WINDOWS\PFRO.log
2015-04-17 00:20 - 2014-01-15 20:44 - 00000000 ____D () C:\ProgramData\Origin
2015-04-17 00:03 - 2014-04-01 12:53 - 00000000 ___DC () C:\Users\Rod\AppData\Local\Battle.net
2015-04-16 23:17 - 2015-01-26 01:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-04-16 23:17 - 2015-01-26 01:32 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-04-16 17:57 - 2013-12-28 00:49 - 00000000 ___DC () C:\Users\Rod\AppData\Local\Spotify
2015-04-16 17:51 - 2013-12-28 00:45 - 00000000 ___DC () C:\Users\Rod\AppData\Roaming\Spotify
2015-04-16 16:43 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-04-16 16:35 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppCompat
2015-04-15 23:46 - 2013-12-27 21:16 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-04-15 23:44 - 2013-03-22 19:03 - 128913832 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-04-15 23:41 - 2014-12-17 18:24 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-04-15 23:41 - 2014-07-15 04:28 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-04-15 15:48 - 2014-05-06 18:49 - 00223744 __SHC () C:\Users\Rod\Desktop\Thumbs.db
2015-04-15 15:16 - 2014-11-12 20:21 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaext.dll
2015-04-14 23:13 - 2013-08-22 17:36 - 00000000 __RDC () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-04-14 23:13 - 2013-08-22 17:36 - 00000000 __RDC () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-04-14 23:13 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Defender
2015-04-14 23:13 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-04-14 21:28 - 2015-01-13 21:13 - 18178736 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2015-04-14 21:28 - 2013-12-28 16:01 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-04-14 01:24 - 2013-08-22 17:38 - 00792056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-04-14 01:24 - 2013-08-22 17:38 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-13 03:04 - 2015-03-15 21:35 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Games
2015-04-10 19:02 - 2015-01-09 22:49 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2015-04-07 21:43 - 2014-02-06 19:04 - 00000000 ___DC () C:\Users\Rod\Documents\Visual Studio 2013
2015-04-03 11:58 - 2013-12-28 00:49 - 00001840 ____C () C:\Users\Rod\Desktop\Spotify.lnk
2015-04-03 11:58 - 2013-12-28 00:49 - 00001826 ____C () C:\Users\Rod\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2015-03-31 20:03 - 2013-08-22 16:44 - 00514440 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-03-30 20:35 - 2014-10-18 11:21 - 00000000 ____D () C:\Temp
2015-03-30 20:35 - 2014-01-15 23:38 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-03-30 20:35 - 2014-01-15 23:38 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-03-30 20:09 - 2013-12-28 18:54 - 00001401 ____C () C:\Users\Public\Desktop\GeForce Experience.lnk
2015-03-29 15:15 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2015-03-28 08:30 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2015-03-28 08:30 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\FileManager
2015-03-28 08:30 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\Camera
2015-03-28 05:44 - 2014-06-02 18:30 - 01316000 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2015-03-28 05:44 - 2013-12-28 17:02 - 01316000 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2015-03-28 05:43 - 2014-06-02 18:30 - 01756424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2015-03-28 05:43 - 2013-12-28 17:02 - 01570672 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2015-03-28 04:59 - 2013-08-22 17:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories

==================== Files in the root of some directories =======

2015-01-25 18:12 - 2015-01-25 18:12 - 0002086 ____C () C:\Users\Rod\AppData\Roaming\OXJV
2015-04-26 21:59 - 2015-04-26 21:59 - 1380352 ____C (Cinema PlusV16.03) C:\Users\Rod\AppData\Roaming\OXJV.exe
2015-03-09 23:30 - 2015-03-09 23:30 - 0005487 ____C () C:\Users\Rod\AppData\Roaming\RTQFZORV
2015-04-26 21:59 - 2015-04-26 21:59 - 2035200 ____C (Cinema PlusV16.03) C:\Users\Rod\AppData\Roaming\RTQFZORV.exe
2014-11-02 20:53 - 2014-11-02 20:53 - 0000218 ____C () C:\Users\Rod\AppData\Local\recently-used.xbel
2013-12-28 16:08 - 2014-10-04 12:47 - 0007623 ____C () C:\Users\Rod\AppData\Local\Resmon.ResmonCfg
2013-10-28 14:52 - 2013-10-28 14:52 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-03-07 17:36 - 2015-03-07 17:36 - 0091734 _____ () C:\ProgramData\dxdiag.txt
2013-10-28 16:30 - 2013-10-28 16:30 - 0000104 _____ () C:\ProgramData\{01FB4998-33C4-4431-85ED-079E3EEFE75D}.log
2013-10-28 16:30 - 2013-10-28 16:30 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2013-10-28 16:27 - 2013-10-28 16:28 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2013-10-28 16:30 - 2013-10-28 16:30 - 0000111 _____ () C:\ProgramData\{39337565-330E-4ab6-A9AE-AC81E0720B10}.log
2013-10-28 16:29 - 2013-10-28 16:29 - 0000032 _____ () C:\ProgramData\{551F492A-01B0-4DC4-866F-875EC4EDC0A8}.log
2013-10-28 16:26 - 2013-10-28 16:26 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2013-10-28 16:29 - 2013-10-28 16:29 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log
2013-10-28 16:27 - 2013-10-28 16:27 - 0000110 _____ () C:\ProgramData\{E3739848-5329-48E3-8D28-5BBD6E8BE384}.log
2013-10-28 16:28 - 2013-10-28 16:28 - 0000110 _____ () C:\ProgramData\{E3D04529-6EDB-11D8-A372-0050BAE317E1}.log

Some content of TEMP:
====================
C:\Users\Rod\AppData\Local\Temp\amt_luckysearches.exe
C:\Users\Rod\AppData\Local\Temp\AppLauncher.exe
C:\Users\Rod\AppData\Local\Temp\CloudBackup3360.exe
C:\Users\Rod\AppData\Local\Temp\comver.dll
C:\Users\Rod\AppData\Local\Temp\everesthome220.exe
C:\Users\Rod\AppData\Local\Temp\gkey.exe
C:\Users\Rod\AppData\Local\Temp\pkeyui.exe
C:\Users\Rod\AppData\Local\Temp\sdan.exe
C:\Users\Rod\AppData\Local\Temp\sdapk.exe
C:\Users\Rod\AppData\Local\Temp\sdaspwn.exe
C:\Users\Rod\AppData\Local\Temp\setup.exe
C:\Users\Rod\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Rod\AppData\Local\Temp\sudden strike 3 arms for victory 1.4 no cd__10924_i1505121814_il1500977.exe
C:\Users\Rod\AppData\Local\Temp\tu17p84.exe
C:\Users\Rod\AppData\Local\Temp\Uninstall.exe
C:\Users\Rod\AppData\Local\Temp\wabk.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-25 21:19

==================== End Of Log ============================

--- --- ---

deeprybka · 27.04.2015, 19:17

Hi,
nur beim ersten Scan wird die erstellt. Sonst muss man es FRST schon sagen...

Schritt 1

Bitte starte FRST erneut, markiere auch die checkbox

und drücke auf Scan.
Bitte poste mir den Inhalt der beiden Logs die erstellt werden.

Dabbei · 27.04.2015, 19:26

Musste die leider getrennt posten.

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-04-2015 01
Ran by Rod (administrator) on ROD on 27-04-2015 20:22:19
Running from D:\downloads
Loaded Profiles: Rod & MSSQLFDLauncher$AUSBILDUNG (Available profiles: Rod & MSSQL$AUSBILDUNG & MSSQLSERVER & MSSQLFDLauncher$AUSBILDUNG)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\SCM\MSIService.exe
(Microsoft Corporation) D:\SQL\MSSQL11.AUSBILDUNG\MSSQL\Binn\sqlservr.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) D:\SQL\MSSQL11.AUSBILDUNG\MSSQL\Binn\fdlauncher.exe
(Microsoft Corporation) D:\SQL\MSSQL11.AUSBILDUNG\MSSQL\Binn\fdhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(MSI) C:\Program Files (x86)\SCM\SCM.exe
() C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Geek Software GmbH) D:\Software\PDF24\PDF24\pdf24.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Valve Corporation) D:\Steam\Steam.exe
(Valve Corporation) D:\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) D:\Steam\bin\steamwebhelper.exe
(Valve Corporation) D:\Steam\bin\steamwebhelper.exe
(SysTool PasSame LIMITED) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
() C:\Users\Rod\AppData\Local\Temp\nstC01F.tmp
() C:\Users\Rod\AppData\Local\Temp\nstC020.tmp
() C:\Users\Rod\AppData\Roaming\00000000-1430077888-0000-0000-8C89A50FD868\jnsc4735.tmp
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
() C:\Users\Rod\AppData\Roaming\00000000-1430077888-0000-0000-8C89A50FD868\nspF9E4.tmp
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Mozilla Corporation) D:\Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13538376 2013-05-21] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1308232 2013-05-20] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2859344 2013-04-30] (ELAN Microelectronics Corp.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286704 2013-03-22] (Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [Radio Manager] => C:\Program Files (x86)\SCM\Radio Manager.exe [403848 2013-05-14] (MSI)
HKLM\...\Run: [SCM] => C:\Program Files (x86)\SCM\SCM.exe [399776 2013-05-14] (MSI)
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2673296 2015-03-28] (NVIDIA Corporation)
HKLM\...\Run: [IgfxTray] => C:\WINDOWS\system32\igfxtray.exe [457616 2014-10-03] ()
HKLM\...\Run: [HotKeysCmds] => "C:\WINDOWS\system32\hkcmd.exe"
HKLM\...\Run: [Persistence] => "C:\WINDOWS\system32\igfxpers.exe"
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111576 2013-08-05] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [490760 2013-09-23] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-11] (CyberLink Corp.)
HKLM-x32\...\Run: [PDFPrint] => D:\Software\PDF24\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => E:\SuddenStrike3\Reader\Reader_sl.exe [40048 2007-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [mbot_de_611] => [X]
HKLM-x32\...\Run: [YTDownloader] => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
HKLM-x32\...\RunOnce: [Update] => C:\Users\Rod\AppData\Roaming\ASPackage\ASPackage.exe /runonce
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKLM\...\Policies\Explorer: [ConfirmFileDelete] 1
HKU\S-1-5-21-1164391901-2496949349-3293824855-1002\...\Run: [Spotify Web Helper] => C:\Users\Rod\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2018360 2015-04-03] (Spotify Ltd)
HKU\S-1-5-21-1164391901-2496949349-3293824855-1002\...\Run: [BuildNotification12] => "D:\VS2013\Common7\IDE\BuildNotificationApp.exe"
HKU\S-1-5-21-1164391901-2496949349-3293824855-1002\...\Run: [Spotify] => C:\Users\Rod\AppData\Roaming\Spotify\Spotify.exe [7112248 2015-04-03] (Spotify Ltd)
HKU\S-1-5-21-1164391901-2496949349-3293824855-1002\...\Run: [YTDownloader] => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
HKU\S-1-5-21-1164391901-2496949349-3293824855-1002\...\Run: [SwvUpdtr] => C:\Users\Rod\AppData\Local\8862\Updater.exe [1250816 2015-04-26] ()
HKU\S-1-5-21-1164391901-2496949349-3293824855-1002\...\MountPoints2: H - "H:\SETUP.EXE" 
HKU\S-1-5-21-1164391901-2496949349-3293824855-1002\...\MountPoints2: I - "I:\autorun.exe" 
HKU\S-1-5-21-1164391901-2496949349-3293824855-1002\...\MountPoints2: {61f6dd93-d3e6-11e3-bede-8c89a50fd868} - "G:\autorun.exe" 
HKU\S-1-5-21-1164391901-2496949349-3293824855-1002\...\MountPoints2: {dc1b46f1-676a-11e4-bf0e-8c89a50fd868} - "G:\autorun.exe" 
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [178512 2015-03-13] (NVIDIA Corporation)
AppInit_DLLs: , C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [178512 2015-03-13] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [164568 2015-03-13] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Qualcomm Atheros Killer Network Manager.lnk [2013-10-28]
ShortcutTarget: Qualcomm Atheros Killer Network Manager.lnk -> C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe ()
Startup: C:\Users\Rod\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2015-01-26]
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-03-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-03-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-03-10] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.luckysearches.com/?type=hppp&ts=1430077802&from=fsf&uid=SanDiskXSD6SB1M064G_133958401282
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.luckysearches.com/?type=hppp&ts=1430077802&from=fsf&uid=SanDiskXSD6SB1M064G_133958401282
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.luckysearches.com/web/?type=ds&ts=1430077758&from=fsf&uid=SanDiskXSD6SB1M064G_133958401282&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.luckysearches.com/web/?type=ds&ts=1430077758&from=fsf&uid=SanDiskXSD6SB1M064G_133958401282&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.luckysearches.com/?type=hppp&ts=1430077802&from=fsf&uid=SanDiskXSD6SB1M064G_133958401282
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.luckysearches.com/?type=hppp&ts=1430077802&from=fsf&uid=SanDiskXSD6SB1M064G_133958401282
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.luckysearches.com/web/?type=ds&ts=1430077758&from=fsf&uid=SanDiskXSD6SB1M064G_133958401282&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.luckysearches.com/web/?type=ds&ts=1430077758&from=fsf&uid=SanDiskXSD6SB1M064G_133958401282&q={searchTerms}
HKU\S-1-5-21-1164391901-2496949349-3293824855-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.luckysearches.com/web/?type=dspp&ts=1430077802&from=fsf&uid=SanDiskXSD6SB1M064G_133958401282&q={searchTerms}
HKU\S-1-5-21-1164391901-2496949349-3293824855-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.luckysearches.com/?type=hppp&ts=1430077802&from=fsf&uid=SanDiskXSD6SB1M064G_133958401282
HKU\S-1-5-21-1164391901-2496949349-3293824855-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.luckysearches.com/?type=hppp&ts=1430077802&from=fsf&uid=SanDiskXSD6SB1M064G_133958401282
HKU\S-1-5-21-1164391901-2496949349-3293824855-1002\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.luckysearches.com/web/?type=dspp&ts=1430077802&from=fsf&uid=SanDiskXSD6SB1M064G_133958401282&q={searchTerms}
URLSearchHook: [S-1-5-80-4129702732-3888187158-186309658-1063465230-1591156635] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKU\S-1-5-21-1164391901-2496949349-3293824855-1002 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.luckysearches.com/web/?utm_source=b&utm_medium=fsf&utm_campaign=install_ie&utm_content=ds&from=fsf&uid=SanDiskXSD6SB1M064G_133958401282&ts=1430077809&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1164391901-2496949349-3293824855-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.luckysearches.com/web/?utm_source=b&utm_medium=fsf&utm_campaign=install_ie&utm_content=ds&from=fsf&uid=SanDiskXSD6SB1M064G_133958401282&ts=1430077809&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1164391901-2496949349-3293824855-1002 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.luckysearches.com/web/?utm_source=b&utm_medium=fsf&utm_campaign=install_ie&utm_content=ds&from=fsf&uid=SanDiskXSD6SB1M064G_133958401282&ts=1430077809&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1164391901-2496949349-3293824855-1002 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.luckysearches.com/web/?utm_source=b&utm_medium=fsf&utm_campaign=install_ie&utm_content=ds&from=fsf&uid=SanDiskXSD6SB1M064G_133958401282&ts=1430077809&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1164391901-2496949349-3293824855-1002 -> {4B746FD7-84D5-47E9-A957-FDEC06327FF9} URL = hxxp://www.luckysearches.com/web/?utm_source=b&utm_medium=fsf&utm_campaign=install_ie&utm_content=ds&from=fsf&uid=SanDiskXSD6SB1M064G_133958401282&ts=1430077809&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1164391901-2496949349-3293824855-1002 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://www.luckysearches.com/web/?utm_source=b&utm_medium=fsf&utm_campaign=install_ie&utm_content=ds&from=fsf&uid=SanDiskXSD6SB1M064G_133958401282&ts=1430077809&type=default&q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-03-10] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll [2014-10-16] (Oracle Corporation)
BHO: No Name -> {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} ->  No File
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-03-10] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-10-16] (Oracle Corporation)
BHO-x32: Adobe PDF Reader -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23] (Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-03-04] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-10-16] (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-03-10] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-10-16] (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Winsock: Catalog9-x64 01 C:\Windows\system32\BfLLR.dll [216064 2013-03-15] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 02 C:\Windows\system32\BfLLR.dll [216064 2013-03-15] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 03 C:\Windows\system32\BfLLR.dll [216064 2013-03-15] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 04 C:\Windows\system32\BfLLR.dll [216064 2013-03-15] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 16 C:\Windows\system32\BfLLR.dll [216064 2013-03-15] (Bigfoot Networks, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.luckysearches.com/?type=sc&ts=1430077758&from=fsf&uid=SanDiskXSD6SB1M064G_133958401282

FireFox:
========
FF ProfilePath: C:\Users\Rod\AppData\Roaming\Mozilla\Firefox\Profiles\xz1euvt7.default
FF NewTab: chrome://quick_start/content/index.html
FF SelectedSearchEngine: luckysearches
FF Homepage: hxxp://google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-14] ()
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2014-12-03] (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-10-16] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-10-16] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] ()
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2014-12-03] (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-03-12] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-03-12] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-10-16] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-10-16] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-02-17] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-01-26] (Microsoft Corporation)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll [2015-04-26] (globalUpdate)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll [2015-04-26] (globalUpdate)
FF SearchPlugin: C:\Users\Rod\AppData\Roaming\Mozilla\Firefox\Profiles\xz1euvt7.default\searchplugins\gmx-suche.xml [2015-03-10]
FF Extension: Ghostery - C:\Users\Rod\AppData\Roaming\Mozilla\Firefox\Profiles\xz1euvt7.default\Extensions\firefox@ghostery.com.xpi [2014-11-23]
FF Extension: CookieCuller - C:\Users\Rod\AppData\Roaming\Mozilla\Firefox\Profiles\xz1euvt7.default\Extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460}.xpi [2014-11-23]
FF Extension: Adblock Plus - C:\Users\Rod\AppData\Roaming\Mozilla\Firefox\Profiles\xz1euvt7.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-06-05]
FF HKLM-x32\...\Firefox\Extensions: [quick_searchff@gmail.com] - C:\Users\Rod\AppData\Roaming\Mozilla\Firefox\Profiles\xz1euvt7.default\extensions\quick_searchff@gmail.com
FF HKLM-x32\...\Firefox\Extensions: [sweetsearch@gmail.com] - C:\Users\Rod\AppData\Roaming\Mozilla\Firefox\Profiles\xz1euvt7.default\extensions\sweetsearch@gmail.com
StartMenuInternet: FIREFOX.EXE - D:\Firefox\firefox.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [5632 2014-03-11] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2719928 2015-03-18] (Microsoft Corporation)
R2 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [74712 2013-03-11] (CyberLink)
R2 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [316376 2013-03-11] (CyberLink)
R2 fovudyqe; C:\Users\Rod\AppData\Roaming\00000000-1430077888-0000-0000-8C89A50FD868\jnsc4735.tmp [123904 2015-04-26] () [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152144 2015-03-28] (NVIDIA Corporation)
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2015-04-26] (globalUpdate) [File not signed] <==== ATTENTION
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2015-04-26] (globalUpdate) [File not signed] <==== ATTENTION
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-03-22] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [329104 2014-10-03] (Intel Corporation)
R2 Intel(R) Bluetooth Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [160712 2013-03-11] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-03-12] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
R2 Micro Star SCM; C:\Program Files (x86)\SCM\MSIService.exe [160768 2013-05-14] (Micro-Star International Co., Ltd.) [File not signed]
R2 MSSQL$AUSBILDUNG; d:\SQL\MSSQL11.AUSBILDUNG\MSSQL\Binn\sqlservr.exe [191064 2012-02-11] (Microsoft Corporation)
R3 MSSQLFDLauncher$AUSBILDUNG; d:\SQL\MSSQL11.AUSBILDUNG\MSSQL\Binn\fdlauncher.exe [49752 2012-02-11] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-03-29] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1878672 2015-03-28] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [22995600 2015-03-28] (NVIDIA Corporation)
S3 Origin Client Service; D:\Origin\OriginClientService.exe [1931632 2015-04-17] (Electronic Arts)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76152 2015-02-04] ()
R2 Qualcomm Atheros Killer Service; C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe [495616 2013-03-15] () [File not signed]
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2013-03-06] ()
R2 rypuvimi; C:\Users\Rod\AppData\Roaming\00000000-1430077888-0000-0000-8C89A50FD868\nspF9E4.tmp [139264 2015-04-27] () [File not signed]
S2 SkypeUpdate; D:\Software\Skype\Updater\Updater.exe [315488 2015-02-18] (Skype Technologies)
S4 SQLAgent$AUSBILDUNG; d:\SQL\MSSQL11.AUSBILDUNG\MSSQL\Binn\SQLAGENT.EXE [597080 2012-02-11] (Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH)
S3 VsEtwService120; D:\Programmierung\VS Express 2013\Common7\Packages\Debugger\Services\VsEtwService.exe [89232 2014-07-22] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [337064 2015-04-26] (SysTool PasSame LIMITED)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3376880 2013-03-29] (Intel® Corporation)
S2 MSSQLSERVER; "C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe" -sMSSQLSERVER [X]
S4 SQLSERVERAGENT; "C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE" -i MSSQLSERVER [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [310728 2015-01-19] ()
S1 BfLwf; C:\Windows\system32\DRIVERS\bwcW8x64.sys [74096 2013-03-15] (Qualcomm Atheros, Inc.)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsfw.sys [1366328 2013-04-01] (Motorola Solutions, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R3 clwvd6; C:\Windows\system32\DRIVERS\clwvd6.sys [41704 2013-10-29] (CyberLink Corporation)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [76744 2013-03-11] (Intel Corporation)
R3 Ke2200; C:\Windows\system32\DRIVERS\e22w8x64.sys [174448 2013-03-15] (Qualcomm Atheros, Inc.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [42696 2015-01-19] ()
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-04-26] (Malwarebytes Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3589600 2013-09-25] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [3545056 2013-04-18] (Intel Corporation)
R1 nvkflt; C:\Windows\system32\DRIVERS\nvkflt.sys [299664 2015-03-13] (NVIDIA Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-03-28] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S4 RsFx0200; C:\Windows\System32\DRIVERS\RsFx0200.sys [334936 2012-02-11] (Microsoft Corporation)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [448072 2013-02-01] (RTS Corporation)
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [226304 2014-10-29] (Microsoft Corporation)
S3 UHSfiltv; C:\Windows\system32\drivers\UHSfiltv.sys [23552 2012-09-12] (Creative Technology Ltd.)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
S3 clwvd; \SystemRoot\system32\DRIVERS\clwvd.sys [X]
R4 SPDRIVER_1.42.0.1794; \??\C:\Program Files (x86)\ShopperPro\JSDriver\1.42.0.1794\jsdrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-27 19:38 - 2015-04-27 19:38 - 00001130 ____C () C:\Users\Rod\Desktop\Continue Live Installation.lnk
2015-04-26 22:25 - 2015-04-26 22:25 - 00000778 ____C () C:\Users\Rod\Desktop\Sudden Strike 2.lnk
2015-04-26 22:25 - 2015-04-26 22:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameTop.com
2015-04-26 22:22 - 2015-04-26 22:22 - 00000000 ___DC () C:\Users\Rod\AppData\Local\8862
2015-04-26 22:07 - 2015-04-26 22:07 - 00003146 _____ () C:\WINDOWS\System32\Tasks\{ABBAF84F-D062-43E1-B01B-79516F78051E}
2015-04-26 21:59 - 2015-04-26 21:59 - 02035200 ____C (Cinema PlusV16.03) C:\Users\Rod\AppData\Roaming\RTQFZORV.exe
2015-04-26 21:59 - 2015-04-26 21:59 - 01380352 ____C (Cinema PlusV16.03) C:\Users\Rod\AppData\Roaming\OXJV.exe
2015-04-26 21:59 - 2015-04-26 21:59 - 00004678 _____ () C:\WINDOWS\System32\Tasks\RTQFZORV
2015-04-26 21:59 - 2015-04-26 21:59 - 00004328 _____ () C:\WINDOWS\System32\Tasks\OXJV
2015-04-26 21:59 - 2015-04-26 21:59 - 00001686 _____ () C:\WINDOWS\Tasks\RTQFZORV.job
2015-04-26 21:59 - 2015-04-26 21:59 - 00001334 _____ () C:\WINDOWS\Tasks\OXJV.job
2015-04-26 21:56 - 2015-04-26 22:01 - 00000000 ___DC () C:\Users\Rod\AppData\Local\00000000-1430085370-0000-0000-8C89A50FD868
2015-04-26 21:54 - 2015-04-26 22:04 - 00000978 _____ () C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job
2015-04-26 21:54 - 2015-04-26 22:04 - 00000974 _____ () C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job
2015-04-26 21:54 - 2015-04-26 21:59 - 00003950 _____ () C:\WINDOWS\System32\Tasks\globalUpdateUpdateTaskMachineUA
2015-04-26 21:54 - 2015-04-26 21:59 - 00003714 _____ () C:\WINDOWS\System32\Tasks\globalUpdateUpdateTaskMachineCore
2015-04-26 21:54 - 2015-04-26 21:54 - 00000000 ___DC () C:\Users\Rod\AppData\Local\globalUpdate
2015-04-26 21:54 - 2015-04-26 21:54 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2015-04-26 21:52 - 2015-04-26 21:55 - 00000000 ___DC () C:\Users\Rod\AppData\Local\BrowserHelper
2015-04-26 21:52 - 2015-04-26 21:52 - 00000000 ___DC () C:\Users\Public\Documents\ShopperPro
2015-04-26 21:51 - 2015-04-27 19:33 - 00000000 ___DC () C:\Users\Rod\AppData\Roaming\00000000-1430077888-0000-0000-8C89A50FD868
2015-04-26 21:51 - 2015-04-26 21:51 - 00000000 ___DC () C:\Users\Rod\AppData\Local\CrashRpt
2015-04-26 21:50 - 2015-04-26 21:50 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2015-04-26 21:50 - 2015-04-26 21:50 - 00000000 ____D () C:\ProgramData\IHProtectUpDate
2015-04-26 21:48 - 2015-04-26 21:48 - 00003970 _____ () C:\WINDOWS\System32\Tasks\LaunchPreSignup
2015-04-26 21:45 - 2015-04-26 21:45 - 00003086 _____ () C:\WINDOWS\System32\Tasks\iren3006
2015-04-26 21:45 - 2015-04-26 21:45 - 00000002 _____ () C:\END
2015-04-26 21:45 - 2015-04-22 16:51 - 00409168 _____ (Abengine) C:\WINDOWS\system32\abengine64.dll.rlwrgkr
2015-04-26 21:45 - 2015-04-22 16:51 - 00341952 _____ (Abengine) C:\WINDOWS\SysWOW64\abengine.dll.rlwrgkr
2015-04-26 21:37 - 2015-04-26 21:37 - 00000000 ___DC () C:\Users\Rod\Documents\Fireglow Games
2015-04-15 15:48 - 2015-04-15 15:48 - 00424651 ____C () C:\Users\Rod\Desktop\Kündigungsbestätigung.jpeg
2015-04-15 15:47 - 2015-04-15 15:46 - 00292022 ____C () C:\Users\Rod\Desktop\Gutschrift.jpeg
2015-04-15 15:17 - 2015-03-14 10:54 - 00133256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-04-15 15:17 - 2015-03-14 03:56 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-04-15 15:17 - 2015-03-14 03:56 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-04-15 15:17 - 2015-03-14 03:51 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wu.upgrade.ps.dll
2015-04-15 15:17 - 2015-03-14 03:37 - 00267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2015-04-15 15:17 - 2015-03-14 03:14 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2015-04-15 15:17 - 2015-03-14 02:22 - 03678720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-04-15 15:17 - 2015-03-14 02:12 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-04-15 15:17 - 2015-03-14 02:12 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-04-15 15:17 - 2015-03-14 02:09 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2015-04-15 15:17 - 2015-03-14 02:08 - 00408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-04-15 15:17 - 2015-03-14 02:08 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-04-15 15:17 - 2015-03-14 02:06 - 02373632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-04-15 15:17 - 2015-03-14 02:06 - 00891392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-04-15 15:17 - 2015-03-14 02:02 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-04-15 15:17 - 2015-03-14 02:02 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-04-15 15:17 - 2015-03-14 01:59 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-04-15 15:17 - 2015-03-14 01:59 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-04-15 15:17 - 2015-02-21 01:49 - 00780800 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2015-04-15 15:16 - 2015-03-23 00:45 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-04-15 15:16 - 2015-03-23 00:09 - 01111552 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-04-15 15:16 - 2015-03-23 00:09 - 00957440 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-04-15 15:16 - 2015-03-23 00:09 - 00769024 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-04-15 15:16 - 2015-03-23 00:09 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-04-15 15:16 - 2015-03-23 00:09 - 00419328 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-04-15 15:16 - 2015-03-23 00:09 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-04-15 15:16 - 2015-03-04 12:25 - 00377152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2015-04-15 15:16 - 2015-03-04 05:04 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\clfsw32.dll
2015-04-15 15:16 - 2015-03-04 04:19 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clfsw32.dll
2015-04-15 15:16 - 2015-02-24 10:32 - 00991552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2015-04-04 15:07 - 2015-04-05 09:54 - 00000000 ___SD () C:\WINDOWS\system32\GWX
2015-04-04 15:07 - 2015-04-04 15:07 - 00000000 ___SD () C:\WINDOWS\SysWOW64\GWX
2015-03-30 20:35 - 2015-03-30 20:35 - 00000000 ____D () C:\WINDOWS\SysWOW64\NV
2015-03-30 20:35 - 2015-03-30 20:35 - 00000000 ____D () C:\WINDOWS\system32\NV
2015-03-30 20:34 - 2015-03-13 21:41 - 32114888 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2015-03-30 20:34 - 2015-03-13 21:41 - 25460880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2015-03-30 20:34 - 2015-03-13 21:41 - 24775368 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2015-03-30 20:34 - 2015-03-13 21:41 - 20466376 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2015-03-30 20:34 - 2015-03-13 21:41 - 18580512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2015-03-30 20:34 - 2015-03-13 21:41 - 17258024 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2015-03-30 20:34 - 2015-03-13 21:41 - 16022016 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2015-03-30 20:34 - 2015-03-13 21:41 - 13297144 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2015-03-30 20:34 - 2015-03-13 21:41 - 13210080 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2015-03-30 20:34 - 2015-03-13 21:41 - 10775080 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2015-03-30 20:34 - 2015-03-13 21:41 - 10715864 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2015-03-30 20:34 - 2015-03-13 21:41 - 10262160 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2015-03-30 20:34 - 2015-03-13 21:41 - 03611792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2015-03-30 20:34 - 2015-03-13 21:41 - 03249352 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2015-03-30 20:34 - 2015-03-13 21:41 - 01896136 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6434788.dll
2015-03-30 20:34 - 2015-03-13 21:41 - 01557648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6434788.dll
2015-03-30 20:34 - 2015-03-13 21:41 - 00970384 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2015-03-30 20:34 - 2015-03-13 21:41 - 00944784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2015-03-30 20:34 - 2015-03-13 21:41 - 00930448 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2015-03-30 20:34 - 2015-03-13 21:41 - 00909512 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2015-03-30 20:34 - 2015-03-13 21:41 - 00496272 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2015-03-30 20:34 - 2015-03-13 21:41 - 00400584 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2015-03-30 20:34 - 2015-03-13 21:41 - 00390288 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2015-03-30 20:34 - 2015-03-13 21:41 - 00354112 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2015-03-30 20:34 - 2015-03-13 21:41 - 00346824 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2015-03-30 20:34 - 2015-03-13 21:41 - 00306208 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2015-03-30 20:34 - 2015-03-13 21:41 - 00299664 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvkflt.sys
2015-03-30 20:34 - 2015-03-13 21:41 - 00032456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvpciflt.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-27 20:22 - 2014-11-20 22:33 - 00000000 ____D () C:\FRST
2015-04-27 20:19 - 2014-01-15 23:38 - 01419186 _____ () C:\WINDOWS\WindowsUpdate.log
2015-04-27 20:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-04-27 19:37 - 2014-05-09 18:45 - 00003902 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{08CD4898-E756-4FC0-8031-743705B1BC35}
2015-04-27 00:13 - 2013-12-28 16:01 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-04-26 22:51 - 2013-12-27 19:31 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1164391901-2496949349-3293824855-1002
2015-04-26 22:23 - 2014-11-22 13:50 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-04-26 22:23 - 2014-11-22 13:50 - 00001122 ____C () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-04-26 22:23 - 2014-11-22 13:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-04-26 22:23 - 2014-11-22 13:50 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-04-26 22:02 - 2013-08-22 17:36 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy
2015-04-26 21:54 - 2014-06-03 23:00 - 00000614 ____C () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-04-26 21:54 - 2014-06-03 23:00 - 00000614 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-04-26 21:54 - 2014-01-15 23:55 - 00001458 ____C () C:\Users\Rod\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-04-26 21:54 - 2013-10-29 10:40 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Welcome.lnk
2015-04-26 21:54 - 2013-10-29 10:40 - 00002449 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MEDIONhome.lnk
2015-04-26 21:52 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Common Files\System
2015-04-26 19:14 - 2013-11-14 09:27 - 02435178 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-04-26 19:14 - 2013-11-14 09:11 - 01025694 _____ () C:\WINDOWS\system32\perfh007.dat
2015-04-26 19:14 - 2013-11-14 09:11 - 00247972 _____ () C:\WINDOWS\system32\perfc007.dat
2015-04-26 18:37 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-04-26 18:13 - 2013-12-29 00:10 - 00000000 ___DC () C:\Users\Rod\AppData\Roaming\Skype
2015-04-26 16:27 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-04-26 15:45 - 2014-01-31 21:27 - 00000000 __DOC () C:\Users\Rod\SkyDrive
2015-04-26 15:45 - 2013-10-28 14:55 - 00000000 ____D () C:\ProgramData\Bigfoot Networks
2015-04-25 20:35 - 2014-11-08 15:57 - 00032988 _____ () C:\WINDOWS\setupact.log
2015-04-25 18:43 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-04-25 18:01 - 2013-08-22 15:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-04-17 16:47 - 2013-12-29 00:10 - 00000000 ____D () C:\ProgramData\Skype
2015-04-17 16:45 - 2013-11-14 00:18 - 00036850 _____ () C:\WINDOWS\PFRO.log
2015-04-17 00:20 - 2014-01-15 20:44 - 00000000 ____D () C:\ProgramData\Origin
2015-04-17 00:03 - 2014-04-01 12:53 - 00000000 ___DC () C:\Users\Rod\AppData\Local\Battle.net
2015-04-16 23:17 - 2015-01-26 01:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-04-16 23:17 - 2015-01-26 01:32 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-04-16 17:57 - 2013-12-28 00:49 - 00000000 ___DC () C:\Users\Rod\AppData\Local\Spotify
2015-04-16 17:51 - 2013-12-28 00:45 - 00000000 ___DC () C:\Users\Rod\AppData\Roaming\Spotify
2015-04-16 16:43 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-04-16 16:35 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppCompat
2015-04-15 23:46 - 2013-12-27 21:16 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-04-15 23:44 - 2013-03-22 19:03 - 128913832 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-04-15 23:41 - 2014-12-17 18:24 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-04-15 23:41 - 2014-07-15 04:28 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-04-15 15:48 - 2014-05-06 18:49 - 00223744 __SHC () C:\Users\Rod\Desktop\Thumbs.db
2015-04-15 15:16 - 2014-11-12 20:21 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaext.dll
2015-04-14 23:13 - 2013-08-22 17:36 - 00000000 __RDC () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-04-14 23:13 - 2013-08-22 17:36 - 00000000 __RDC () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-04-14 23:13 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Defender
2015-04-14 23:13 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-04-14 21:28 - 2015-01-13 21:13 - 18178736 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2015-04-14 21:28 - 2013-12-28 16:01 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-04-14 01:24 - 2013-08-22 17:38 - 00792056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-04-14 01:24 - 2013-08-22 17:38 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-13 03:04 - 2015-03-15 21:35 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Games
2015-04-10 19:02 - 2015-01-09 22:49 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2015-04-07 21:43 - 2014-02-06 19:04 - 00000000 ___DC () C:\Users\Rod\Documents\Visual Studio 2013
2015-04-03 11:58 - 2013-12-28 00:49 - 00001840 ____C () C:\Users\Rod\Desktop\Spotify.lnk
2015-04-03 11:58 - 2013-12-28 00:49 - 00001826 ____C () C:\Users\Rod\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2015-03-31 20:03 - 2013-08-22 16:44 - 00514440 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-03-30 20:35 - 2014-10-18 11:21 - 00000000 ____D () C:\Temp
2015-03-30 20:35 - 2014-01-15 23:38 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-03-30 20:35 - 2014-01-15 23:38 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-03-30 20:09 - 2013-12-28 18:54 - 00001401 ____C () C:\Users\Public\Desktop\GeForce Experience.lnk
2015-03-29 15:15 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2015-03-28 08:30 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2015-03-28 08:30 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\FileManager
2015-03-28 08:30 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\Camera
2015-03-28 05:44 - 2014-06-02 18:30 - 01316000 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2015-03-28 05:44 - 2013-12-28 17:02 - 01316000 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2015-03-28 05:43 - 2014-06-02 18:30 - 01756424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2015-03-28 05:43 - 2013-12-28 17:02 - 01570672 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2015-03-28 04:59 - 2013-08-22 17:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories

==================== Files in the root of some directories =======

2015-01-25 18:12 - 2015-01-25 18:12 - 0002086 ____C () C:\Users\Rod\AppData\Roaming\OXJV
2015-04-26 21:59 - 2015-04-26 21:59 - 1380352 ____C (Cinema PlusV16.03) C:\Users\Rod\AppData\Roaming\OXJV.exe
2015-03-09 23:30 - 2015-03-09 23:30 - 0005487 ____C () C:\Users\Rod\AppData\Roaming\RTQFZORV
2015-04-26 21:59 - 2015-04-26 21:59 - 2035200 ____C (Cinema PlusV16.03) C:\Users\Rod\AppData\Roaming\RTQFZORV.exe
2014-11-02 20:53 - 2014-11-02 20:53 - 0000218 ____C () C:\Users\Rod\AppData\Local\recently-used.xbel
2013-12-28 16:08 - 2014-10-04 12:47 - 0007623 ____C () C:\Users\Rod\AppData\Local\Resmon.ResmonCfg
2013-10-28 14:52 - 2013-10-28 14:52 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-03-07 17:36 - 2015-03-07 17:36 - 0091734 _____ () C:\ProgramData\dxdiag.txt
2013-10-28 16:30 - 2013-10-28 16:30 - 0000104 _____ () C:\ProgramData\{01FB4998-33C4-4431-85ED-079E3EEFE75D}.log
2013-10-28 16:30 - 2013-10-28 16:30 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2013-10-28 16:27 - 2013-10-28 16:28 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2013-10-28 16:30 - 2013-10-28 16:30 - 0000111 _____ () C:\ProgramData\{39337565-330E-4ab6-A9AE-AC81E0720B10}.log
2013-10-28 16:29 - 2013-10-28 16:29 - 0000032 _____ () C:\ProgramData\{551F492A-01B0-4DC4-866F-875EC4EDC0A8}.log
2013-10-28 16:26 - 2013-10-28 16:26 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2013-10-28 16:29 - 2013-10-28 16:29 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log
2013-10-28 16:27 - 2013-10-28 16:27 - 0000110 _____ () C:\ProgramData\{E3739848-5329-48E3-8D28-5BBD6E8BE384}.log
2013-10-28 16:28 - 2013-10-28 16:28 - 0000110 _____ () C:\ProgramData\{E3D04529-6EDB-11D8-A372-0050BAE317E1}.log

Some content of TEMP:
====================
C:\Users\Rod\AppData\Local\Temp\amt_luckysearches.exe
C:\Users\Rod\AppData\Local\Temp\AppLauncher.exe
C:\Users\Rod\AppData\Local\Temp\CloudBackup3360.exe
C:\Users\Rod\AppData\Local\Temp\comver.dll
C:\Users\Rod\AppData\Local\Temp\everesthome220.exe
C:\Users\Rod\AppData\Local\Temp\gkey.exe
C:\Users\Rod\AppData\Local\Temp\pkeyui.exe
C:\Users\Rod\AppData\Local\Temp\sdan.exe
C:\Users\Rod\AppData\Local\Temp\sdapk.exe
C:\Users\Rod\AppData\Local\Temp\sdaspwn.exe
C:\Users\Rod\AppData\Local\Temp\setup.exe
C:\Users\Rod\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Rod\AppData\Local\Temp\sudden strike 3 arms for victory 1.4 no cd__10924_i1505121814_il1500977.exe
C:\Users\Rod\AppData\Local\Temp\tu17p84.exe
C:\Users\Rod\AppData\Local\Temp\Uninstall.exe
C:\Users\Rod\AppData\Local\Temp\wabk.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-25 21:19

==================== End Of Log ============================

--- --- ---

--- --- ---

Dabbei · 27.04.2015, 19:27

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-04-2015 01
Ran by Rod at 2015-04-27 20:22:38
Running from D:\downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1164391901-2496949349-3293824855-500 - Administrator - Disabled)
Gast (S-1-5-21-1164391901-2496949349-3293824855-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1164391901-2496949349-3293824855-1006 - Limited - Enabled)
Rod (S-1-5-21-1164391901-2496949349-3293824855-1002 - Administrator - Enabled) => C:\Users\Rod

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader 8.1.0 - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-A81000000003}) (Version: 8.1.0 - Adobe Systems Incorporated)
Ashampoo AppLauncher (Medion) v.1.0.0 (HKLM-x32\...\Ashampoo AppLauncher (Medion)_is1) (Version: 1.0.0 - Ashampoo GmbH & Co. KG)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.6.2 - EA Digital Illusions CE AB)
Behaviors SDK (Windows Phone) for Visual Studio 2013 (x32 Version: 12.0.50716.0 - Microsoft Corporation) Hidden
Behaviors SDK (Windows) for Visual Studio 2013 (x32 Version: 12.0.50429.0 - Microsoft Corporation) Hidden
Build Tools - amd64 (Version: 12.0.31101 - Microsoft Corporation) Hidden
Build Tools - x86 (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden
Build Tools Language Resources - amd64 (Version: 12.0.31101 - Microsoft Corporation) Hidden
Build Tools Language Resources - x86 (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
CDBurnerXP (HKLM-x32\...\{909A791A-DBB0-432F-BC0E-D0C81925E340}) (Version: 4.5.3.4746 - Canneverbe Limited)
Company of Heroes (HKLM-x32\...\Steam App 4560) (Version:  - Relic Entertainment)
Company of Heroes 2 (HKLM-x32\...\Steam App 231430) (Version:  - Relic Entertainment)
Contents (x32 Version: 16.0.0.106 - Corel Corporation) Hidden
CyberLink Home Cinema 10 (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
CyberLink PowerDirector 11 (Version: 11.0.0.3215 - CyberLink Corp.) Hidden
CyberLink PowerRecover (HKLM-x32\...\InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.7.0.2103 - CyberLink Corp.)
CyberLink PowerRecover (Version: 5.7.0.2103 - CyberLink Corp.) Hidden
Dia (nur entfernen) (HKLM-x32\...\Dia) (Version:  - )
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
Entity Framework 6.1.1 Tools  for Visual Studio 2013 (HKLM-x32\...\{85253F13-EE42-4850-A3A5-79B90E92D7AC}) (Version: 12.0.30610.0 - Microsoft Corporation)
Entity Framework Designer für Visual Studio 2012 - DEU (HKLM-x32\...\{B2BDC072-BE01-432D-B281-30891D597FBB}) (Version: 11.1.30729.00 - Microsoft Corporation)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
ETDWare PS/2-X64 11.13.0.2_WHQL (HKLM\...\Elantech) (Version: 11.13.0.2 - ELAN Microelectronic Corp.)
Europa Universalis IV (HKLM-x32\...\Steam App 236850) (Version:  - Paradox Development Studio)
EVEREST Home Edition v2.20 (HKLM-x32\...\EVEREST Home Edition_is1) (Version: 2.20 - Lavalys Inc)
Fotogalleri (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Free Window Registry Repair (HKLM-x32\...\Free Window Registry Repair) (Version:  - )
FUSSBALL MANAGER 14 (HKLM-x32\...\{5FC27E1E-08C0-4346-A321-ED2D31FAE936}) (Version: 1.0.0.0 - Electronic Arts)
Galeria de Fotografias (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
ICA (x32 Version: 16.0.0.106 - Corel Corporation) Hidden
IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb) (Version:  - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version:  - )
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1323 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3960 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{302600C1-6BDF-4FD1-1303-148929CC1385}) (Version: 3.0.1303.0326 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.5.0.1066 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{c59bceea-23ab-4e2e-bfa6-625dd1e26dd1}) (Version: 16.0.2 - Intel Corporation)
IPM_VS_Pro (x32 Version: 16.0 - Corel Corporation) Hidden
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java SE Development Kit 8 Update 20 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180200}) (Version: 8.0.200.26 - Oracle Corporation)
KB9X Radio Switch Driver (HKLM\...\5AADE1068CF70DD983F763B20CF2CAAB72883915) (Version: 1.1.0.0 - ENE TECHNOLOGY INC.)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK - DEU Lang Pack (HKLM-x32\...\{21B0F482-5EF9-45DA-8840-340AFE705A6C}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (Deutsch) (HKLM-x32\...\{CBD7095F-7211-43FD-9FE7-FB08D753AF79}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Help Viewer 1.0 Language Pack - DEU (HKLM\...\Microsoft Help Viewer 1.0 Language Pack - DEU) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Help Viewer 1.1 Language Pack - DEU (HKLM\...\Microsoft Help Viewer 1.1 Language Pack - DEU) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Help Viewer 2.0 (HKLM-x32\...\Microsoft Help Viewer 2.0) (Version: 2.0.50727 - Microsoft Corporation)
Microsoft Help Viewer 2.0 Language Pack - DEU (HKLM-x32\...\Microsoft Help Viewer 2.0 Language Pack - DEU) (Version: 2.0.50727 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Help Viewer 2.1 Sprachpaket - DEU (HKLM-x32\...\Microsoft Help Viewer 2.1 Sprachpaket - DEU) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Office 365 ProPlus - de-de (HKLM\...\O365ProPlusRetail - de-de) (Version: 15.0.4711.1002 - Microsoft Corporation)
Microsoft Report Viewer 2012-Laufzeit (HKLM-x32\...\{F2C6E9F1-8F35-42A0-A9CA-E6C94D92A86C}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Silverlight 5 SDK - DEU (HKLM-x32\...\{F351AA2C-723C-4CFE-A7CB-8E43AB164F7F}) (Version: 5.0.61118.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{5973B12E-5FC1-4EF6-B63B-49C1C4AF2AAA}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2012 (64-Bit) (HKLM\...\Microsoft SQL Server SQLServer2012) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{58FED865-4F13-408D-A5BF-996019C4B936}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (x64) (HKLM\...\{A6BA243E-85A3-4635-A269-32949C98AC7F}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{6C026A91-640F-4A23-8B68-05D589CC6F18}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Setup (English) (HKLM\...\{8CB0713F-CFE0-445D-BCB2-538465860E1A}) (Version: 11.1.3128.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL Compiler Service  (HKLM\...\{55FABD1D-8BE6-4A1A-958D-52B15F1DFEF0}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM\...\{90E8C2E5-198C-4923-BC06-AF13E5FA964D}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM-x32\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012-Richtlinien  (HKLM-x32\...\{1D4E365F-F39C-48BA-A995-CAEDFDA29AD1}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2014 Express LocalDB  (HKLM\...\{AB8DE9BA-19E1-446A-BCFA-6B3DA9751E21}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 DEU (HKLM-x32\...\{0125D081-30D0-4A97-82A8-C28D444B6256}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 DEU (HKLM\...\{C3EAE456-7E7A-451F-80EF-F34C7A13C558}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools – Database Projects – Web installer entry point (HKLM-x32\...\{18558FE7-A87A-4063-9732-95E9E1420828}) (Version: 10.3.20116.0 - Microsoft Corporation)
Microsoft SQL Server Data Tools - DEU (11.1.20828.01) (HKLM-x32\...\{E511AE89-54BB-481D-BC4A-1B1F1E1B7693}) (Version: 11.1.20828.01 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (12.0.41012.0) (HKLM-x32\...\{AC8E0CF4-42A1-4151-B684-97CF6FD726CF}) (Version: 12.0.41012.0 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - DEU (11.1.20828.01) (HKLM-x32\...\{00C84D22-DB8F-4159-BF70-682B8EA56A1E}) (Version: 11.1.20828.01 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - DEU (12.0.30919.1) (HKLM-x32\...\{BCB8A870-2B3D-4CC0-87D6-F931E065AC0C}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) (HKLM-x32\...\{6781FF9B-E87D-4A03-9373-A55A288B83FA}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{A282A232-780C-45E2-A5E5-9B61D74DCC6E}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{4701DEDE-1888-49E0-BAE5-857875924CA2}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{05FF8209-C4F1-4C77-BC28-791653156D20}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{8C06D6DB-A391-4686-B050-99CC522A7843}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{4AEB505C-95E1-4964-9B64-8D27F3186D30}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM-x32\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU (HKLM\...\{3C983A67-DFB2-3D3D-AD9E-CA1A5A09FD18}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Shell (Integrated) - DEU (HKLM-x32\...\{B28DC16A-5394-3761-B143-450AE92516BB}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Shell (Isolated) - DEU (HKLM-x32\...\{987AE03F-234A-3623-BD28-6B31FD1D3AB3}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Express 2013 for Windows Desktop - ENU with Update 4 (HKLM-x32\...\{b8a9dbc1-1fd4-4103-a83b-a2896f193ea0}) (Version: 12.0.31101.0 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications Design-Time 3.0 - DEU Language Pack (HKLM-x32\...\{38F74A0E-357B-336C-B614-FE59F4BC62A0}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications Design-Time 3.0 (HKLM-x32\...\{5A03C202-08B4-3F1D-9A60-A4F53EF1B636}) (Version: 10.0.40220 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications x86 Runtime 3.0 - DEU Language Pack (HKLM-x32\...\{96D7B7B6-424F-3A52-8E8D-32CF2615DBD2}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications x86 Runtime 3.0 (HKLM-x32\...\{191A6F65-6878-398D-A272-EF011B80F371}) (Version: 10.0.40220 - Microsoft Corporation)
Microsoft Web Deploy 3.5 (HKLM\...\{69A998C5-00A9-42CA-AB4E-C31CFFCD9251}) (Version: 3.1237.1763 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Firefox 37.0.2 (x86 de) (HKU\S-1-5-21-1164391901-2496949349-3293824855-1002\...\Mozilla Firefox 37.0.2 (x86 de)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.9 - Notepad++ Team)
NVIDIA GeForce Experience 2.4.1.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.1.21 - NVIDIA Corporation)
NVIDIA Grafiktreiber 347.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.88 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4711.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4711.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4711.1002 - Microsoft Corporation) Hidden
Open XML SDK 2.5 for Microsoft Office (x32 Version: 2.5.5631 - Microsoft Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 9.5.3.636 - Electronic Arts, Inc.)
Paket zur Festlegung von Zielversionen für Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM-x32\...\{D5409B11-EF28-37A1-AE7A-6051A5BAD923}) (Version: 4.5.50932 - Microsoft Corporation)
PDF24 Creator 6.9.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PowreShellIntegration.Notifications (x32 Version: 2.5.21003.1603 - Microsoft Corporation) Hidden
Prerequisites for SSDT  (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
Prerequisites for SSDT  (HKLM-x32\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation)
Protegere (HKLM-x32\...\Protegere) (Version:  - )
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.994 - Even Balance, Inc.)
Python Tools Redirection Template (x32 Version: 1.1 - Microsoft Corporation) Hidden
Qualcomm Atheros Killer Network Manager (HKLM-x32\...\InstallShield_{DF446558-ADF7-4884-9B2D-281979CCE71F}) (Version: 6.1.0.550 - Qualcomm Atheros)
Qualcomm Atheros Killer Network Manager (Version: 6.1.0.550 - Qualcomm Atheros) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6914 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{BCDA54F6-C4B6-4519-A09E-FA064A6B4098}) (Version: 6.2.9200.21219 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Rise of Nations: Extended Edition (HKLM-x32\...\Steam App 287450) (Version:  - SkyBox Labs)
SCM (HKLM\...\{EDF24C5B-2E36-4089-B96A-329B15A74649}) (Version: 11.013.05146 -  )
Setup (x32 Version: 16.0.0.106 - Corel Corporation) Hidden
Share (x32 Version: 16.0.0.106 - Corel Corporation) Hidden
Share64 (Version: 16.0.0.106 - Corel Corporation) Hidden
SharePoint Client Components (Version: 15.0.4481.1505 - Microsoft Corporation) Hidden
SHIELD Streaming (Version: 4.1.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.4.1.21 - NVIDIA Corporation) Hidden
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
SmartSound Common Data (HKLM-x32\...\InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}) (Version: 1.1.0 - SmartSound Software Inc.)
SmartSound Common Data (x32 Version: 1.1.0 - SmartSound Software Inc.) Hidden
SmartSound Quicktracks 5 (HKLM-x32\...\InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.6 - SmartSound Software Inc.)
SmartSound Quicktracks 5 (x32 Version: 5.1.6 - SmartSound Software Inc.) Hidden
Software Version Updater (HKU\S-1-5-21-1164391901-2496949349-3293824855-1002\...\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}) (Version: 1.1.4.2 - ) <==== ATTENTION
Spiral Knights (HKLM-x32\...\Steam App 99900) (Version:  - Three Rings)
Spotify (HKU\S-1-5-21-1164391901-2496949349-3293824855-1002\...\Spotify) (Version: 1.0.3.101.gbfa97dfe - Spotify AB)
SQL Server 2012 BI Development Studio (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Client Tools (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Common Files (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Services (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Shared (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Full text search (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Management Studio (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 SQL Data Quality Common (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
Sql Server Customer Experience Improvement Program (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Sudden Strike 2 (HKLM-x32\...\Sudden Strike 2_is1) (Version: 1.0 - Media Contact LLC)
Supreme Commander 2 (HKLM-x32\...\Steam App 40100) (Version:  - Gas Powered Games)
Syndicate (HKLM-x32\...\{64CFBAAB-46F7-4628-8D9B-E656A8C11CDB}) (Version: 2.0.0.3 - Electronic Arts)
Team Explorer for Microsoft Visual Studio 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
TeamSpeak 3 Client (HKU\S-1-5-21-1164391901-2496949349-3293824855-1002\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.36897 - TeamViewer)
Total War: SHOGUN 2 (HKLM-x32\...\Steam App 34330) (Version:  - The Creative Assembly)
TypeScript Power Tool (x32 Version: 1.0.5.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2013 (x32 Version: 1.0.5.0 - Microsoft Corporation) Hidden
Unterstützungsdateien für Microsoft SQL Server 2008-Setup  (HKLM\...\{6AF73222-EE90-434C-AE7E-B96F70A68D89}) (Version: 10.1.2731.0 - Microsoft Corporation)
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Visual Studio 2010 Prerequisites - English (HKLM\...\{53952792-BF16-300E-ADF2-E7E4367E00CF}) (Version: 10.0.40219 - Microsoft Corporation)
Visual Studio 2013 Update 4 (KB2829760) (HKLM-x32\...\{53d408db-eb91-43fb-9d8f-167681c19763}) (Version: 12.0.31101 - Microsoft Corporation)
VS Update core components (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden
VSClassic (x32 Version: 16.0.0.106 - Corel Corporation) Hidden
VSHelp (x32 Version: 16.0.0.106 - Corel Corporation) Hidden
VSPro (x32 Version: 16.0.0.106 - Corel Corporation) Hidden
WCF RIA Services V1.0 SP2 (HKLM-x32\...\{5D8DD6A8-C4D7-4554-93F9-F1CC28C72600}) (Version: 4.1.62812.0 - Microsoft Corporation)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1164391901-2496949349-3293824855-1002_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)

==================== Restore Points  =========================

26-04-2015 21:09:26 Geplanter Prüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2014-11-23 01:37 - 00000035 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0D2ED2D9-ECE3-444E-9D45-5D5BCBCD7D7B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-02-03] (Microsoft Corporation)
Task: {10146EE2-D0FE-40EC-8017-890C940753E9} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {263B42A9-202C-438F-88B0-AA5594A81CB7} - System32\Tasks\OXJV => C:\Users\Rod\AppData\Roaming\OXJV.exe [2015-04-26] (Cinema PlusV16.03) <==== ATTENTION
Task: {28CD03C0-1C6F-41E7-90FF-213BDC2B86F4} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {326646C5-E4B9-4C85-8794-5BD27A0921D5} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: {39C0BF6A-2C38-4956-86E7-B450CB67D108} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2015-04-26] (globalUpdate) <==== ATTENTION
Task: {4BA0862F-A95A-473A-AB09-E9588C5056F9} - System32\Tasks\Dolby Selector => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [2012-08-31] (Dolby Laboratories Inc.)
Task: {52143E63-AF6D-4D2B-9179-F3CAEE2FC345} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-03-10] (Microsoft Corporation)
Task: {5A55966A-ABBD-4005-AB03-93E1F89036B6} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-03-10] (Microsoft Corporation)
Task: {5D1A4B91-7D76-4850-9F7D-32031EA7B175} - System32\Tasks\RTQFZORV => C:\Users\Rod\AppData\Roaming\RTQFZORV.exe [2015-04-26] (Cinema PlusV16.03) <==== ATTENTION
Task: {672EC4B1-9424-4EB9-B21B-6F6B83A321C5} - \AutoPico Daily Restart No Task File <==== ATTENTION
Task: {71ACAD82-B89F-4C6D-BF05-412CB8F79F9E} - System32\Tasks\LaunchPreSignup => C:\Program Files (x86)\OLBPre\OLBPre.exe
Task: {71B2FCDE-FCE7-442B-A53B-9BF56ADF1144} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {753849B1-9E4C-4B9B-BF90-3B5FA891FB48} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-04-15] (Microsoft Corporation)
Task: {79AAD0B2-716C-4FD4-AB10-F2CE5FDC5AA2} - System32\Tasks\{1E62A383-47EA-4F8B-A9A1-7ABED2708697} => pcalua.exe -a "C:\ProgramData\Battle.net\Agent\Blizzard Uninstaller.exe" -c --lang= --uid=battle.net --displayname="Battle.net"
Task: {7DD317D9-D8D8-4812-BFF2-874C0259401F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-02-03] (Microsoft Corporation)
Task: {882A334A-99BF-41B8-B248-84FE4358B7D4} - System32\Tasks\{ABBAF84F-D062-43E1-B01B-79516F78051E} => pcalua.exe -a C:\Users\Rod\AppData\Local\00000000-1430085370-0000-0000-8C89A50FD868\Uninstall.exe
Task: {8BB68DAF-A68F-4D64-B231-C49219D6E22C} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {98BC4E9E-9146-4275-8FFF-45F1830837A5} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {9A9251B8-0DB4-49AE-879C-3F6B3317A7A3} - System32\Tasks\iren3006 => C:\PROGRA~2\HIGHLI~1\iren3006.exe
Task: {9D7AC1C0-5D3D-4E94-86D8-7FF0AC42B1E3} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {AB496A2B-9D57-436B-81B8-916B49B75F14} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2015-04-26] (globalUpdate) <==== ATTENTION
Task: {E044C832-B487-4A74-82C4-6ED8EB5DF63B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-14] (Adobe Systems Incorporated)
Task: {F0599474-5F57-4621-A75D-946FF7A2A93C} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-03-18] (Microsoft Corporation)
Task: {FAC019EF-9BCD-4B38-B7CF-8F8BC91CD607} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {FBD8AED1-B060-455D-A231-01A57D06F93C} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\OXJV.job => C:\Users\Rod\AppData\Roaming\OXJV.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\RTQFZORV.job => C:\Users\Rod\AppData\Roaming\RTQFZORV.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) ==============

2015-01-26 01:32 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-05-08 20:16 - 2015-02-04 01:11 - 00076152 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2013-03-15 14:22 - 2013-03-15 14:22 - 00495616 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe
2011-05-09 22:46 - 2011-05-09 22:46 - 02760192 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\QtCore4.dll
2011-05-09 22:56 - 2011-05-09 22:56 - 09856000 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\QtGui4.dll
2011-05-09 22:47 - 2011-05-09 22:47 - 00416256 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\QtXml4.dll
2013-03-15 14:22 - 2013-03-15 14:22 - 00217600 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFCommon.dll
2011-05-09 22:48 - 2011-05-09 22:48 - 00990720 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\QtNetwork4.dll
2011-05-10 14:32 - 2011-05-10 14:32 - 00731648 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\qwt5.dll
2013-10-28 16:29 - 2013-03-06 16:42 - 00389896 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2014-01-15 23:38 - 2015-03-13 18:16 - 00118472 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-05-12 11:49 - 2014-05-12 11:49 - 00222720 ____C () C:\Users\Rod\Notepade\Notepad++\NppShell_06.dll
2013-12-21 01:02 - 2014-10-03 18:36 - 00457616 _____ () C:\WINDOWS\system32\igfxTray.exe
2013-03-15 14:22 - 2013-03-15 14:22 - 00553984 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe
2013-03-15 14:22 - 2013-03-15 14:22 - 00404992 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\plugins\modApplications.dll
2013-03-15 14:22 - 2013-03-15 14:22 - 00036864 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\plugins\modFeatures.dll
2013-03-15 14:22 - 2013-03-15 14:22 - 00025088 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\plugins\modFraps.dll
2013-03-15 14:22 - 2013-03-15 14:22 - 00240128 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\plugins\modGraph.dll
2013-03-15 14:22 - 2013-03-15 14:22 - 00062464 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\plugins\modlcd.dll
2013-03-15 14:22 - 2013-03-15 14:22 - 00291328 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\plugins\modNetwork.dll
2013-03-15 14:22 - 2013-03-15 14:22 - 00184832 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\plugins\modNpu.dll
2013-03-15 14:22 - 2013-03-15 14:22 - 00211456 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\plugins\modOptions.dll
2013-03-15 14:22 - 2013-03-15 14:22 - 00064000 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\plugins\modOverview.dll
2013-03-15 14:22 - 2013-03-15 14:22 - 00317440 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\plugins\modSystemInfo.dll
2015-04-26 21:50 - 2015-04-26 21:50 - 00045438 ____C () C:\Users\Rod\AppData\Local\Temp\nstC01F.tmp
2015-04-26 21:50 - 2015-04-26 21:50 - 00098816 ____C () C:\Users\Rod\AppData\Local\Temp\nstC020.tmp
2015-04-26 21:52 - 2015-04-26 21:52 - 00123904 ____C () C:\Users\Rod\AppData\Roaming\00000000-1430077888-0000-0000-8C89A50FD868\jnsc4735.tmp
2015-04-27 19:33 - 2015-04-27 19:33 - 00139264 ____C () C:\Users\Rod\AppData\Roaming\00000000-1430077888-0000-0000-8C89A50FD868\nspF9E4.tmp
2013-10-28 14:38 - 2013-03-12 15:19 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2013-10-28 16:28 - 2013-08-05 09:49 - 00627672 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-08-05 17:48 - 2013-08-05 17:48 - 00016856 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2015-01-26 01:32 - 2015-01-26 01:32 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2015-03-27 21:45 - 2015-03-10 08:37 - 00775680 _____ () D:\Steam\SDL2.dll
2015-01-20 21:27 - 2014-12-02 02:29 - 05002752 _____ () D:\Steam\v8.dll
2015-04-17 00:08 - 2015-04-14 01:44 - 02371776 _____ () D:\Steam\video.dll
2015-01-20 21:27 - 2014-12-02 02:29 - 01612800 _____ () D:\Steam\icui18n.dll
2015-01-20 21:27 - 2014-12-02 02:29 - 01210368 _____ () D:\Steam\icuuc.dll
2015-01-20 21:27 - 2014-12-01 23:31 - 02396672 _____ () D:\Steam\libavcodec-56.dll
2015-01-20 21:27 - 2014-12-01 23:31 - 00479744 _____ () D:\Steam\libavformat-56.dll
2015-01-20 21:27 - 2014-12-01 23:31 - 00332800 _____ () D:\Steam\libavresample-2.dll
2015-01-20 21:27 - 2014-12-01 23:31 - 00442880 _____ () D:\Steam\libavutil-54.dll
2015-01-20 21:27 - 2014-12-01 23:31 - 00485888 _____ () D:\Steam\libswscale-3.dll
2015-04-17 00:08 - 2015-04-14 01:44 - 00702656 _____ () D:\Steam\bin\chromehtml.DLL
2015-03-27 21:45 - 2015-02-25 03:58 - 34641288 _____ () D:\Steam\bin\libcef.dll
2015-03-27 21:45 - 2015-02-25 03:58 - 01709960 _____ () D:\Steam\bin\ffmpegsumo.dll
2015-04-26 21:51 - 2015-04-26 21:51 - 00020992 ____C () C:\Users\Rod\AppData\Local\Temp\nsb7997.tmp\inetc.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Rod\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Rod\SkyDrive.old:ms-properties
AlternateDataStreams: C:\Users\Rod\Desktop\Arbeitsunfähigkeitsbescheinigung.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Rod\Desktop\Arbeitsunfähigkeitsbescheinigung.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Rod\Desktop\Arbeitsunfähigkeitsbescheinigung2.jpeg.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Rod\Desktop\Arbeitsunfähigkeitsbescheinigung2.jpeg.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Rod\Desktop\Gutschrift.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Rod\Desktop\Gutschrift.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Rod\Desktop\Kündigungsbestätigung.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Rod\Desktop\Kündigungsbestätigung.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1164391901-2496949349-3293824855-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Public\Pictures\Ashampoo Pictures\GreenBridge.jpg
DNS Servers: 192.168.0.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKLM\...\StartupApproved\Run32: => "BingDesktop"
HKLM\...\StartupApproved\Run32: => "YouCam Service6"
HKU\S-1-5-21-1164391901-2496949349-3293824855-1002\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-1164391901-2496949349-3293824855-1002\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-1164391901-2496949349-3293824855-1002\...\StartupApproved\Run: => "BuildNotification12"

==================== FirewallRules (whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [Wininit-Shutdown-In-Rule-TCP-RPC] => (Allow) %systemroot%\system32\wininit.exe
FirewallRules: [Wininit-Shutdown-In-Rule-TCP-RPC-EPMapper] => (Allow) %systemroot%\system32\wininit.exe
FirewallRules: [ProximityUxHost-Sharing-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\proximityuxhost.exe
FirewallRules: [ProximityUxHost-Sharing-Out-TCP-NoScope] => (Allow) %SystemRoot%\system32\proximityuxhost.exe
FirewallRules: [NETDIS-DAS-In-UDP-Active] => (Allow) %SystemRoot%\system32\dashost.exe
FirewallRules: [NETDIS-DAS-In-UDP] => (Allow) %SystemRoot%\system32\dashost.exe
FirewallRules: [EventForwarder-In-TCP] => (Allow) %SystemRoot%\system32\NetEvtFwdr.exe
FirewallRules: [TPMVSCMGR-Server-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\RmtTpmVscMgrSvr.exe
FirewallRules: [TPMVSCMGR-Server-Out-TCP-NoScope] => (Allow) %SystemRoot%\system32\RmtTpmVscMgrSvr.exe
FirewallRules: [TPMVSCMGR-Server-In-TCP] => (Allow) %SystemRoot%\system32\RmtTpmVscMgrSvr.exe
FirewallRules: [TPMVSCMGR-Server-Out-TCP] => (Allow) %SystemRoot%\system32\RmtTpmVscMgrSvr.exe
FirewallRules: [PlayTo-In-UDP-NoScope] => (Allow) %SystemRoot%\system32\mdeserver.exe
FirewallRules: [PlayTo-In-UDP-LocalSubnetScope] => (Allow) %SystemRoot%\system32\mdeserver.exe
FirewallRules: [PlayTo-In-UDP-PlayToScope] => (Allow) %SystemRoot%\system32\mdeserver.exe
FirewallRules: [PlayTo-Out-UDP-NoScope] => (Allow) %SystemRoot%\system32\mdeserver.exe
FirewallRules: [PlayTo-Out-UDP-LocalSubnetScope] => (Allow) %SystemRoot%\system32\mdeserver.exe
FirewallRules: [PlayTo-Out-UDP-PlayToScope] => (Allow) %SystemRoot%\system32\mdeserver.exe
FirewallRules: [PlayTo-In-RTSP-NoScope] => (Allow) %SystemRoot%\system32\mdeserver.exe
FirewallRules: [PlayTo-In-RTSP-LocalSubnetScope] => (Allow) %SystemRoot%\system32\mdeserver.exe
FirewallRules: [PlayTo-In-RTSP-PlayToScope] => (Allow) %SystemRoot%\system32\mdeserver.exe
FirewallRules: [WFDPRINT-DAFWSD-In-Active] => (Allow) %SystemRoot%\system32\dashost.exe
FirewallRules: [WFDPRINT-DAFWSD-Out-Active] => (Allow) %SystemRoot%\system32\dashost.exe
FirewallRules: [NETDIS-DAS-In-UDP_1] => (Allow) %SystemRoot%\system32\dashost.exe
FirewallRules: [{EFC1486F-F315-4A20-B86B-ED25C4D816E2}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{0BE1E8CC-1DFA-4729-A6CA-A9F8D87BBCAF}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{151054A0-8B6C-47C1-894B-D4F3C263B265}] => (Allow) D:\Steam\SteamApps\common\Spiral Knights\java_vm\bin\javaw.exe
FirewallRules: [{4C39F784-2637-45D4-BDAE-2E9ECA950D6A}] => (Allow) D:\Steam\SteamApps\common\Spiral Knights\java_vm\bin\javaw.exe
FirewallRules: [{7F107F5F-BCFE-4FF8-BE40-70F41E2E043B}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{0487CBB2-65D2-48F0-98B4-1224C8C89DD6}] => (Allow) D:\Steam\SteamApps\common\Spiral Knights\java_vm\bin\javaw.exe
FirewallRules: [{4FD12EB7-E109-4D6D-B4E3-0B0AB2A918AF}] => (Allow) D:\Steam\SteamApps\common\Spiral Knights\java_vm\bin\javaw.exe
FirewallRules: [{63FBE8D1-FD37-4A45-8D49-F8DCA97A24F8}] => (Allow) D:\Steam\SteamApps\common\Total War SHOGUN 2\benchmarks\benchmark_specify_properties.bat
FirewallRules: [{92693EEE-6368-4CDD-AF1D-F7E3CBEE9DBD}] => (Allow) D:\Steam\SteamApps\common\Total War SHOGUN 2\benchmarks\benchmark_specify_properties.bat
FirewallRules: [{D028ED98-4AB7-4CDD-9027-AAE64F4D611B}] => (Allow) D:\Steam\SteamApps\common\Total War SHOGUN 2\benchmarks\benchmark_specify_properties.bat
FirewallRules: [{13DD9B16-45D2-4B23-8662-0ACDB861E2BF}] => (Allow) D:\Steam\SteamApps\common\Total War SHOGUN 2\benchmarks\benchmark_specify_properties.bat
FirewallRules: [{648A645A-28EF-43F9-B2C5-0FB5DF4CC824}] => (Allow) D:\Steam\SteamApps\common\Total War SHOGUN 2\benchmarks\benchmark_current_settings.bat
FirewallRules: [{D5D879DA-177F-4EB7-A2BE-D84FB944F8B4}] => (Allow) D:\Steam\SteamApps\common\Total War SHOGUN 2\benchmarks\benchmark_current_settings.bat
FirewallRules: [{6DC7A120-CFE5-4826-B79D-06246BEE633C}] => (Allow) D:\Steam\SteamApps\common\Total War SHOGUN 2\benchmarks\benchmark_specify_properties.bat
FirewallRules: [{3030D57C-3EB0-4665-B021-36519C38AE4F}] => (Allow) D:\Steam\SteamApps\common\Total War SHOGUN 2\benchmarks\benchmark_specify_properties.bat
FirewallRules: [{74B71E0C-5738-4F48-BCFD-F9B5370E3545}] => (Allow) D:\Steam\SteamApps\common\Total War SHOGUN 2\benchmarks\benchmark_specify_properties.bat
FirewallRules: [{208CC66F-1B9A-4B6D-8AF7-0677F0035782}] => (Allow) D:\Steam\SteamApps\common\Total War SHOGUN 2\benchmarks\benchmark_specify_properties.bat
FirewallRules: [{88180F36-1A6C-4290-BA39-5E9E59FABC0E}] => (Allow) D:\Steam\SteamApps\common\Total War SHOGUN 2\data\encyclopedia\how_to_play.html
FirewallRules: [{34BE3EFE-D585-4C0D-80FC-BC37B071BAC2}] => (Allow) D:\Steam\SteamApps\common\Total War SHOGUN 2\data\encyclopedia\how_to_play.html
FirewallRules: [{0783CE96-9845-4620-8744-BAAB68C3081B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{3BCF9E8A-885B-46FE-A142-85CC0CBD349F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{8F4C6910-4DA2-4100-920F-F2B4D5E479B4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{33EC5163-E8C8-4752-912B-E6A687D8472D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{D26B888C-3C6E-4F19-949B-8B8AEE1C4543}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{EC97D1A7-C3EF-4784-95E2-6A03EDC143DD}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{125ECB47-C82B-463B-856F-42055494FC76}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{52EDF3ED-8570-4E8B-A787-6E35057E8859}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{3A85EF75-B96E-4FFD-B829-8B3A30C32674}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{4652C1E6-9DAE-4459-805B-D36D72C76125}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{2F75ECB8-7BBD-4C11-A375-7550A92784B2}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{DC98B93E-2DA1-42DF-A82E-1AAB52DE439B}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{BD95AB43-96C3-4840-8512-C5FDF39E5B3C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{3193870E-F215-4F57-A677-2DC6AEC8F8A2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{B8391E2A-92EA-465B-98CF-48742F3F1700}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{53602756-2480-45D1-B02F-48C0D1942CBB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{B0FD9F69-4AF6-47CD-B23E-E5448EC44A2B}] => (Allow) D:\Steam\SteamApps\common\Company of Heroes 2\RelicCoH2.exe
FirewallRules: [{1CBD8CA1-2CFA-4A2A-B220-A484ED7F6A04}] => (Allow) D:\Steam\SteamApps\common\Company of Heroes 2\RelicCoH2.exe
FirewallRules: [UDP Query User{7DE9C3C4-05C6-4150-8F6E-D7B50CA3BA68}C:\users\rod\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\rod\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{6B9AC464-AEAE-4A3A-AE65-1E7EDB2ED96A}C:\users\rod\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\rod\appdata\roaming\spotify\spotify.exe
FirewallRules: [{11EC9935-6FE5-4586-89A2-AAE0F606F11F}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{3206FF9B-C666-41BF-8E83-EEF4592137E8}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{4CAF4E04-C3B1-4CD4-9A9C-028F945824C5}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
FirewallRules: [{2690EFAD-C134-41CE-AD1A-6FED2643D5C6}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
FirewallRules: [{525A510F-D0D4-45DE-9366-EAEF6C6E81C6}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{0C33D89F-47CC-4B46-B8AE-C46B9BE88F13}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{3D7B0B48-7FA6-4168-B29D-D56A2F831D6D}] => (Allow) C:\Program Files\CyberLink\PowerDirector11\PDR10.EXE
FirewallRules: [{D08C112D-A8DE-403D-9109-4ECD25D9D8F0}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{A388916A-8717-4596-882C-9941419105C0}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{5ABABA98-B34B-4E30-8DC2-838DAAFDB69D}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{2E20B24C-60DF-4A09-AD35-A46C7F1C8AC4}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{C53F67CB-CECB-4EB3-85DD-016FA5035CF7}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{CB98CBA7-E62A-4725-942D-AA2C60FC1305}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{0C83D533-87F1-46AA-B0CB-A1B94E03AC0A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{91F5EDF4-43AD-49AD-BE59-F8AA90491CD8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{B317A7C9-F5AB-4CA0-A6A0-45E3FE076200}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{8004E1CC-6978-46D7-BB36-D22D05846AFD}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.524\Agent.exe
FirewallRules: [{CB2555FD-15E9-4376-B9D2-4489017C1401}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.524\Agent.exe
FirewallRules: [{0438DE13-9E88-4B3B-A10F-5622479304ED}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe
FirewallRules: [{1FD5E9EC-EAE8-4181-AABE-AAD77664EF98}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe
FirewallRules: [{B36A4AA1-79A0-48FC-AFFF-E68A52C76C84}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Agent.exe
FirewallRules: [{73BE6CC4-CCC9-44AE-9F93-408A5F136AE2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Agent.exe
FirewallRules: [{478134D3-CA72-4A50-8C13-28DB8CCD7F14}] => (Allow) D:\Diablo\Battle.net\Battle.net.exe
FirewallRules: [{CDDA107C-99A0-436A-94CB-661535D3BE00}] => (Allow) D:\Diablo\Battle.net\Battle.net.exe
FirewallRules: [{D57DE6AD-8651-464D-8CE8-C5EEC3E7CB2A}] => (Allow) D:\Diablo\Diablo III\Diablo III.exe
FirewallRules: [{37419956-F075-4496-8E02-8F839C188126}] => (Allow) D:\Diablo\Diablo III\Diablo III.exe
FirewallRules: [{20DF3ED4-C5AC-44F1-9B71-8FB59AB1FB1C}] => (Allow) D:\Diablo\StarCraft II\StarCraft II.exe
FirewallRules: [{6FE40104-B81D-4E63-9AE7-6B8123DA3C11}] => (Allow) D:\Diablo\StarCraft II\StarCraft II.exe
FirewallRules: [TCP Query User{7C181362-C9D0-46C5-A5F0-E54BE6E76E67}D:\diablo\starcraft ii\versions\base28667\sc2.exe] => (Allow) D:\diablo\starcraft ii\versions\base28667\sc2.exe
FirewallRules: [UDP Query User{E2942878-9D41-45F4-81E6-995D7E17B210}D:\diablo\starcraft ii\versions\base28667\sc2.exe] => (Allow) D:\diablo\starcraft ii\versions\base28667\sc2.exe
FirewallRules: [{6790884E-61EB-487B-846E-22512725B6DD}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2787\Agent.exe
FirewallRules: [{EAA68D18-E21C-455F-BA0F-EE8A1AB132A0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2787\Agent.exe
FirewallRules: [{B18A2A8B-97CE-4408-98FC-2B72BEEF5DE3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe
FirewallRules: [{16901FD5-2592-4BA8-A39F-604D9700AA3F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe
FirewallRules: [{290E2F11-FF1E-418D-B6C4-23E2580DC255}] => (Allow) D:\Program Files (x86)\KMSpico\KMSELDI.exe
FirewallRules: [{8E933E84-DFEF-4E41-96DD-ED42F53DDE8C}] => (Allow) D:\Program Files (x86)\KMSpico\KMSELDI.exe
FirewallRules: [{21ED68D6-7A57-482D-B3AD-944B2ED7BE4E}] => (Allow) D:\Program Files (x86)\KMSpico\AutoPico.exe
FirewallRules: [{04529AB2-DE2C-4C5A-B96E-626521BC6547}] => (Allow) D:\Program Files (x86)\KMSpico\AutoPico.exe
FirewallRules: [{85E3A8A3-0E99-412D-849B-D0D23D5C02BF}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{76A968B6-BE1C-4152-898B-FA39C004A777}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{C66B792C-228A-498E-AF89-365249347B31}] => (Allow) D:\Steam\SteamApps\common\Supreme Commander 2\bin\SupremeCommander2.exe
FirewallRules: [{6D44E7D4-843C-425E-84EE-4635B3BB5DEC}] => (Allow) D:\Steam\SteamApps\common\Supreme Commander 2\bin\SupremeCommander2.exe
FirewallRules: [{6224D34A-9CD0-4DC5-BFE8-11B619E6ED92}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{FC7EBDBF-0065-4290-ACF2-D7ECFC132536}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [TCP Query User{7C5C0FBF-3907-4637-BA6A-0D5CFD9B24C3}D:\diablo\starcraft ii\versions\base28667\sc2.exe] => (Allow) D:\diablo\starcraft ii\versions\base28667\sc2.exe
FirewallRules: [UDP Query User{99E31B09-AA15-4267-97C9-7110E606584D}D:\diablo\starcraft ii\versions\base28667\sc2.exe] => (Allow) D:\diablo\starcraft ii\versions\base28667\sc2.exe
FirewallRules: [{F4C32761-8179-4D2F-B7F8-3E0071DD2079}] => (Allow) D:\Program Files (x86)\KMSpico\AutoPico.exe
FirewallRules: [{C2384415-E56E-4C72-A11F-DF1358BFF902}] => (Allow) D:\Program Files (x86)\KMSpico\AutoPico.exe
FirewallRules: [TCP Query User{F0468C5F-CBA0-4460-8B77-1A792EB3989E}D:\program files (x86)\origin games\battlefield 3\bf3.exe] => (Allow) D:\program files (x86)\origin games\battlefield 3\bf3.exe
FirewallRules: [UDP Query User{285C2EA7-1AFB-436C-81DE-420D328DE1B1}D:\program files (x86)\origin games\battlefield 3\bf3.exe] => (Allow) D:\program files (x86)\origin games\battlefield 3\bf3.exe
FirewallRules: [{524633C6-25A5-4906-8C59-42DCB7AF471B}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{3A74A329-9F8C-49E5-AAFA-2872BAC73DB4}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{A0934EEE-E53B-4DBB-A5B5-B494730C7130}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{7E82D1F9-EA3C-4AEC-8661-31CCBDCB726A}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{0CA75E98-5397-46D2-8336-2BE1AC41A8F4}] => (Allow) D:\Program Files (x86)\KMSpico\Service_KMS.exe
FirewallRules: [{86B26EF6-EC83-4B21-8390-AD44B72BF73F}] => (Allow) D:\Program Files (x86)\KMSpico\Service_KMS.exe
FirewallRules: [TCP Query User{1EAE046E-C0FF-49C9-9162-0FE41D7E088E}D:\steam\steamapps\common\rise of nations\rise.exe] => (Allow) D:\steam\steamapps\common\rise of nations\rise.exe
FirewallRules: [UDP Query User{528F45E5-5554-4FF0-B8C7-0084D20DC2EF}D:\steam\steamapps\common\rise of nations\rise.exe] => (Allow) D:\steam\steamapps\common\rise of nations\rise.exe
FirewallRules: [{522C3BB1-1B34-41AC-A88D-1B26320CBC3D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [{363BCE44-8255-44BF-8A0F-99288CDDD3E7}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [{BD94AB80-CC8A-4193-ABA2-D107162A6079}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [{2D743E3B-660E-41B8-908F-A1BADF06CD79}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [{992A7DDA-7BEE-40EE-84E1-7499B8467349}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe
FirewallRules: [{D7AB1AFB-D301-4616-A7AF-D6A604C7C6D1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe
FirewallRules: [{7809B7A8-4253-48B8-98A4-FF6B0ADF5839}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe
FirewallRules: [{112ABEDC-1D09-4DF4-82D5-4144CDFB3AC7}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe
FirewallRules: [{E2C97174-82F9-4E8E-A292-15DD632251CE}] => (Allow) D:\Program Files (x86)\KMSpico\Service_KMS.exe
FirewallRules: [{A4452608-0B80-4AD0-A8F0-ADA1D3BB0992}] => (Allow) D:\Program Files (x86)\KMSpico\Service_KMS.exe
FirewallRules: [{0E9AFC68-93D8-4D29-A7BF-010EA12D0190}] => (Allow) LPort=1688
FirewallRules: [{6C771E3F-0FC5-47C1-ADA4-EB4084FEE87D}] => (Allow) D:\Steam\bin\steamwebhelper.exe
FirewallRules: [{085B68EE-6DFE-43E1-A3A8-EA29E2C838E1}] => (Allow) D:\Steam\bin\steamwebhelper.exe
FirewallRules: [{942F1E65-EB45-479F-A38E-FC6F41A29E55}] => (Allow) D:\Steam\SteamApps\common\Total War SHOGUN 2\Shogun2.exe
FirewallRules: [{EB568F97-B439-4EF4-9AE7-7BFCDB2C60C7}] => (Allow) D:\Steam\SteamApps\common\Total War SHOGUN 2\Shogun2.exe
FirewallRules: [{70F9A2CA-7C8E-48AB-9393-121CFD4398FC}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe
FirewallRules: [{C9A8054B-D290-4AEC-A42C-E1B22C57A68A}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe
FirewallRules: [{34E4C29F-F6B0-49A5-BC3B-C49CBF5092EE}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{7C74DC8A-3ECF-4169-822F-EEE2ED51FB55}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{B4D3E9DE-1C47-4E65-90FB-7D2A92C8ACE5}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{88D1ADB4-DD35-4B9D-93AE-D9EBA4E48CF4}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [TCP Query User{AF5F62CD-C898-4ABC-87B8-2998272A944F}D:\diablo\starcraft ii\versions\base32283\sc2.exe] => (Allow) D:\diablo\starcraft ii\versions\base32283\sc2.exe
FirewallRules: [UDP Query User{70CD513A-DDA6-4395-AA41-A1C3438EEC15}D:\diablo\starcraft ii\versions\base32283\sc2.exe] => (Allow) D:\diablo\starcraft ii\versions\base32283\sc2.exe
FirewallRules: [{7D5D425B-63E6-4F33-89D1-DA0B96342689}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{63A6DE05-3417-48EB-ABC2-7102212BE00D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{592B87CD-4FDA-453F-91DA-1E75F19DC40C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{8650B8A7-2855-4E87-9D9D-67F358C6A561}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{368D3624-962E-4DB9-BD7A-B83719BC7980}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
FirewallRules: [{89863BDB-4357-46C5-86C8-56F4A680AF3B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
FirewallRules: [{032A844F-8026-4AF9-A896-F7EEA3043AAC}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{48C088AF-2D15-484F-8491-19B8152EBA48}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{0779E5E9-3A80-4426-93C6-C3E0C558B6E8}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{D1FD8639-D5F3-4145-911C-6AB22FE34F32}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{4927F9A1-D5D6-42BA-814E-09B9CFC85F0D}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{79B02B00-2554-4A81-A8CB-708F3D9D35F2}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [TCP Query User{F6E1B078-4570-4204-9E9D-3CE086BFB9B5}D:\software\skype\phone\skype.exe] => (Allow) D:\software\skype\phone\skype.exe
FirewallRules: [UDP Query User{54AAF861-6370-48B5-A8B3-58DBE3E32BA1}D:\software\skype\phone\skype.exe] => (Allow) D:\software\skype\phone\skype.exe
FirewallRules: [TCP Query User{35CDB4D7-96C4-4AF7-BC89-A74378E37618}D:\software\skype\phone\skype.exe] => (Allow) D:\software\skype\phone\skype.exe
FirewallRules: [UDP Query User{70E5622B-8C40-4B86-8F19-FD194305DF1F}D:\software\skype\phone\skype.exe] => (Allow) D:\software\skype\phone\skype.exe
FirewallRules: [TCP Query User{8EBB2D34-D241-4B16-AC2A-C0B389EAB8F0}D:\firefox\firefox.exe] => (Block) D:\firefox\firefox.exe
FirewallRules: [UDP Query User{EE524630-D9E9-460E-9400-93E38B8A6C9A}D:\firefox\firefox.exe] => (Block) D:\firefox\firefox.exe
FirewallRules: [TCP Query User{572E1820-3C35-43EA-A79A-91D852953571}D:\firefox\firefox.exe] => (Block) D:\firefox\firefox.exe
FirewallRules: [UDP Query User{50FAD249-FD5F-4627-AE99-B7524ABB99C0}D:\firefox\firefox.exe] => (Block) D:\firefox\firefox.exe
FirewallRules: [{8B551092-4C92-42C9-8241-6395AF5FCB5B}] => (Allow) D:\Program Files (x86)\Origin Games\Syndicate (1993)\data\Game\DOSBox\LAUNCHER.exe
FirewallRules: [{E24C0EAC-D62C-44AB-B43E-1F1B455734CF}] => (Allow) D:\Program Files (x86)\Origin Games\Syndicate (1993)\data\Game\DOSBox\LAUNCHER.exe
FirewallRules: [{CC9EFEB5-8516-4CD1-82F7-22784DD92DB5}] => (Allow) D:\Programmierung\VS Express 2013\Common7\IDE\WDExpress.exe
FirewallRules: [{85EF242F-8542-4285-AF38-CDD152FCBB0A}] => (Allow) D:\Program Files (x86)\Origin Games\FIFA Manager 14\Manager14.exe
FirewallRules: [{1FEA9FE5-B3B3-4243-B7FD-8A6919F939CC}] => (Allow) D:\Program Files (x86)\Origin Games\FIFA Manager 14\Manager14.exe
FirewallRules: [{99BB33B9-4D73-4AD4-B5B7-642255E13915}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{5DCF519D-71D9-4F8A-8663-7B9241F55126}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{5757EE07-0396-430D-B9D5-30074A16BD24}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/27/2015 08:05:46 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [6]

Error: (04/27/2015 08:02:46 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (04/27/2015 07:34:13 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [6]

Error: (04/27/2015 07:33:59 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [0]

Error: (04/26/2015 09:59:31 PM) (Source: MsiInstaller) (EventID: 11309) (User: ROD)
Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt.  System error 3.  Verify that the file exists and that you can access it.

Error: (04/26/2015 09:54:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_17_0_0_169.exe, Version: 17.0.0.169, Zeitstempel: 0x5529da64
Name des fehlerhaften Moduls: USER32.dll, Version: 6.3.9600.17668, Zeitstempel: 0x54c846bb
Ausnahmecode: 0xc0000142
Fehleroffset: 0x0009e052
ID des fehlerhaften Prozesses: 0x3b00
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_17_0_0_169.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_17_0_0_169.exe1
Pfad des fehlerhaften Moduls: FlashPlayerPlugin_17_0_0_169.exe2
Berichtskennung: FlashPlayerPlugin_17_0_0_169.exe3
Vollständiger Name des fehlerhaften Pakets: FlashPlayerPlugin_17_0_0_169.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: FlashPlayerPlugin_17_0_0_169.exe5

Error: (04/26/2015 09:54:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_17_0_0_169.exe, Version: 17.0.0.169, Zeitstempel: 0x5529da64
Name des fehlerhaften Moduls: USER32.dll, Version: 6.3.9600.17668, Zeitstempel: 0x54c846bb
Ausnahmecode: 0xc0000142
Fehleroffset: 0x0009e052
ID des fehlerhaften Prozesses: 0x3710
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_17_0_0_169.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_17_0_0_169.exe1
Pfad des fehlerhaften Moduls: FlashPlayerPlugin_17_0_0_169.exe2
Berichtskennung: FlashPlayerPlugin_17_0_0_169.exe3
Vollständiger Name des fehlerhaften Pakets: FlashPlayerPlugin_17_0_0_169.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: FlashPlayerPlugin_17_0_0_169.exe5

Error: (04/26/2015 09:54:04 PM) (Source: MsiInstaller) (EventID: 11309) (User: ROD)
Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt.  System error 3.  Verify that the file exists and that you can access it.

Error: (04/26/2015 09:54:00 PM) (Source: MsiInstaller) (EventID: 11309) (User: ROD)
Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt.  System error 3.  Verify that the file exists and that you can access it.

Error: (04/26/2015 09:53:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 37.0.2.5583, Zeitstempel: 0x552ef76c
Name des fehlerhaften Moduls: mozalloc.dll, Version: 37.0.2.5583, Zeitstempel: 0x552ee9ae
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001aa1
ID des fehlerhaften Prozesses: 0x3e08
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Vollständiger Name des fehlerhaften Pakets: plugin-container.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: plugin-container.exe5


System errors:
=============
Error: (04/26/2015 09:01:58 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (04/26/2015 04:00:44 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80246013 fehlgeschlagen: Sicherheitsupdate für Windows 8.1 für x64-basierte Systeme (KB3045999)

Error: (04/26/2015 04:00:38 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80246013 fehlgeschlagen: Sicherheitsupdate für Windows 8.1 für x64-basierte Systeme (KB3045755)

Error: (04/26/2015 04:00:38 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80246013 fehlgeschlagen: Kumulatives Sicherheitsupdate für Internet Explorer 11 für Windows 8.1 für x64-Systeme (KB3038314)

Error: (04/25/2015 06:43:35 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070718 fehlgeschlagen: Kumulatives Sicherheitsupdate für Internet Explorer 11 für Windows 8.1 für x64-Systeme (KB3038314)

Error: (04/25/2015 06:43:35 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070718 fehlgeschlagen: Sicherheitsupdate für Windows 8.1 für x64-basierte Systeme (KB3045755)

Error: (04/25/2015 06:43:35 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070718 fehlgeschlagen: Sicherheitsupdate für Windows 8.1 für x64-basierte Systeme (KB3045999)

Error: (04/25/2015 06:43:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "SQL Server (MSSQLSERVER)" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (04/25/2015 02:44:40 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (04/25/2015 02:34:02 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80246013 fehlgeschlagen: Sicherheitsupdate für Windows 8.1 für x64-basierte Systeme (KB3045999)


Microsoft Office Sessions:
=========================
Error: (04/27/2015 08:05:46 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [6]

Error: (04/27/2015 08:02:46 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (04/27/2015 07:34:13 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [6]

Error: (04/27/2015 07:33:59 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [0]

Error: (04/26/2015 09:59:31 PM) (Source: MsiInstaller) (EventID: 11309) (User: ROD)
Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt.  System error 3.  Verify that the file exists and that you can access it.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (04/26/2015 09:54:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FlashPlayerPlugin_17_0_0_169.exe17.0.0.1695529da64USER32.dll6.3.9600.1766854c846bbc00001420009e0523b0001d0805ac856de3aC:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exeUSER32.dll0605ccdc-ec4e-11e4-bf59-8c89a50fd868

Error: (04/26/2015 09:54:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FlashPlayerPlugin_17_0_0_169.exe17.0.0.1695529da64USER32.dll6.3.9600.1766854c846bbc00001420009e052371001d0805ac54fffd9C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exeUSER32.dll03015063-ec4e-11e4-bf59-8c89a50fd868

Error: (04/26/2015 09:54:04 PM) (Source: MsiInstaller) (EventID: 11309) (User: ROD)
Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt.  System error 3.  Verify that the file exists and that you can access it.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (04/26/2015 09:54:00 PM) (Source: MsiInstaller) (EventID: 11309) (User: ROD)
Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt.  System error 3.  Verify that the file exists and that you can access it.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (04/26/2015 09:53:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe37.0.2.5583552ef76cmozalloc.dll37.0.2.5583552ee9ae8000000300001aa13e0801d0805aa49cfaf3D:\Firefox\plugin-container.exeD:\Firefox\mozalloc.dllf85764ad-ec4d-11e4-bf59-8c89a50fd868


CodeIntegrity Errors:
===================================
  Date: 2015-04-26 21:46:12.477
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-04-26 21:46:12.321
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-04-26 21:46:12.180
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-04-26 21:46:12.009
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-04-26 21:46:11.868
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-04-26 15:46:15.630
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-04-17 16:49:34.466
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-04-15 16:07:41.936
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-04-07 19:45:18.214
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-04-06 16:12:08.315
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-4700MQ CPU @ 2.40GHz
Percentage of memory in use: 36%
Total physical RAM: 8076.43 MB
Available physical RAM: 5096.48 MB
Total Pagefile: 9356.43 MB
Available Pagefile: 5798.79 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:57.92 GB) (Free:3.27 GB) NTFS
Drive d: (Data) (Fixed) (Total:871.51 GB) (Free:683.35 GB) NTFS
Drive e: (Recover) (Fixed) (Total:60 GB) (Free:36.58 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 59.6 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 45CDFDC5)
Partition 1: (Not Active) - (Size=871.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=60 GB) - (Type=07 NTFS)

==================== End Of Log ============================

deeprybka · 27.04.2015, 19:42

Hi Rod,
Du warst hier mal Schüler richtig? Wann hast Du denn angefangen und warum hast Du denn aufgehört?

Schritt 1

Bitte deinstalliere folgende Programme:

Software Version Updater

Versuche es bei Windows 8

mit der Windowstaste + X über

.

Sollte das nicht gehen, lade Dir bitte Revo Uninstaller

hier herunter. Entpacke die zip-Datei auf den Desktop. Anleitung

Starte die Revouninstaller.exe
Klicke auf Optionen und wähle als Sprache Deutsch.
Suche im Uninstallerfeld nach den oben angegebenen Programmen und wähle sie einzeln aus.
Klicke jedes Mal auf Uninstall.
Wähle anschließend den Modus "Moderat" aus.
Reste löschen:
Klicke auf dann auf und dann auf .

Wenn Du ein Programm nicht deinstallieren kannst, mach mit dem nächsten weiter.
Auch wenn am Ende noch Programme übrig geblieben sind, führe den nächsten Schritt aus:

Schritt 2
Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Neue MBAM Version:

Schritt 3

Download und Anleitung
Starte Malwarebytes' Anti-Malware (MBAM).
Sollte die Benutzeroberfläche noch in Englisch sein, klicke auf Settings und wähle bei Language Deutsch aus.
Unter Einstellungen/ Erkennung und Schutz setze bitte einen Haken bei "Suche nach Rootkits".
Gehe zurück zum Armaturenbrett und klicke auf "Jetzt scannen".
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben und poste mir das Log.

Schritt 4

Bitte starte FRST erneut, markiere auch die checkbox

und drücke auf Scan.
Bitte poste mir den Inhalt der beiden Logs die erstellt werden.

Dabbei · 27.04.2015, 21:15

Ist ja ein schönes Gefühlt erkannt zu werden

Ende 2013 hatte ich mit der Ausbildung bei euch angefangen gehabt. Leider hat mir einfach die Zeit gefehlt um hier richtig angreifen zu können.
Die Ausbildung zum Anwendungsentwickler fordert viel Kraft und Zeit, da ich diese gut abschließen will. Und so habe ich mich dazu entschlossen gehabt den Platz nicht weiter zu blockieren und jemend anderem die Möglichkeit zu geben bei euch zu lernen.
Vielleicht bietet Ihr mir ja eines Tages die Gelegenheit die Ausbildung abzuschließen

Zum ersten Schritt: die Deinstallation hat über Programme und Features geklappt.

Code:

ATTFilter

# AdwCleaner v4.202 - Bericht erstellt 27/04/2015 um 21:39:45
# Aktualisiert 23/04/2015 von Xplode
# Datenbank : 2015-04-27.1 [Server]
# Betriebssystem : Windows 8.1  (x64)
# Benutzername : Rod - ROD
# Gestarted von : D:\downloads\AdwCleaner_4.202.exe
# Option : Löschen

***** [ Dienste ] *****

[#] Dienst Gelöscht : globalUpdate
[#] Dienst Gelöscht : globalUpdatem
[#] Dienst Gelöscht : WindowsMangerProtect

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\WindowsMangerProtect
Ordner Gelöscht : C:\ProgramData\IHProtectUpDate
Ordner Gelöscht : C:\Program Files (x86)\globalUpdate
Ordner Gelöscht : C:\Users\Rod\AppData\Local\globalUpdate
Ordner Gelöscht : C:\Users\Rod\AppData\Local\BrowserHelper
Ordner Gelöscht : C:\Users\Rod\AppData\Roaming\00000000-1430077888-0000-0000-8C89A50FD868
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Users\Rod\AppData\Local\Temp\Uninstall.exe
Datei Gelöscht : C:\Users\Rod\Desktop\Continue Live Installation.lnk
Datei Gelöscht : C:\Users\Rod\AppData\Roaming\Mozilla\Firefox\Profiles\xz1euvt7.default\invalidprefs.js

***** [ Geplante Tasks ] *****

Task Gelöscht : globalUpdateUpdateTaskMachineCore
Task Gelöscht : globalUpdateUpdateTaskMachineUA

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [sweetsearch@gmail.com]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [quick_searchff@gmail.com]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Wert Gelöscht : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [YTDownloader]
Schlüssel Gelöscht : HKCU\Software\Mozilla\Extends
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [YTDownloader]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4AEC2270-2E5F-40C8-BE5A-E5A5264714C0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{52E8E39B-2773-448F-BC20-547CD8DA4685}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{62163814-0C94-4DC3-BA99-5E9E2420C914}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{68AEA825-D48B-4A56-87F0-6FCE988A2C48}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{6A0F07D3-F28E-4F45-8D4C-BBF8000F5BB8}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{7AF435BC-80A9-466E-938B-32E4482EBD65}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{85CEBABD-A775-41E2-8B67-FE06104F06ED}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{AE92A5AB-E575-4487-BCC0-96D333E5346C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C622315B-3049-43D4-9B41-D4B2DC2CD706}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{CDB85458-AE08-4106-B699-B946FF4A61CD}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{025EEF9C-90F5-417E-9196-09FA4AAB4C92}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{03F13205-38FF-4361-BECE-EE939A002FA2}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1FAAF6AB-B931-4D05-BA12-B0ECCCCE2D0F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
Daten Wiederhergestellt : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{4B746FD7-84D5-47E9-A957-FDEC06327FF9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\GlobalUpdate
Schlüssel Gelöscht : HKCU\Software\HomeTab
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\simplytech
Schlüssel Gelöscht : HKCU\Software\TNT2
Schlüssel Gelöscht : HKCU\Software\WajIntEnhance
Schlüssel Gelöscht : HKCU\Software\SearchProtectWS
Schlüssel Gelöscht : HKCU\Software\Linkey
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKLM\SOFTWARE\AskPartnerNetwork
Schlüssel Gelöscht : HKLM\SOFTWARE\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\GlobalUpdate
Schlüssel Gelöscht : HKLM\SOFTWARE\Iminent
Schlüssel Gelöscht : HKLM\SOFTWARE\SearchProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\SupDp
Schlüssel Gelöscht : HKLM\SOFTWARE\SupTab
Schlüssel Gelöscht : HKLM\SOFTWARE\supWindowsMangerProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\IHProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\WajIntEnhance
Schlüssel Gelöscht : HKLM\SOFTWARE\SpeedBit
Schlüssel Gelöscht : HKLM\SOFTWARE\luckysearchesSoftware
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Linkey
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Linkey
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Description
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\ShopperPro

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17416

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Mozilla Firefox v29.0.1 (de)

[xz1euvt7.default\prefs.js] - Zeile Gelöscht : user_pref("browser.newtab.url", "chrome://quick_start/content/index.html");
[xz1euvt7.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.searchengine.iconURL", "hxxp://www.luckysearches.com/web/favicon.ico");
[xz1euvt7.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.searchengine.url", "hxxp://www.luckysearches.com/web/?type=dspp&ts=1430077802&from=fsf&uid=SanDiskXSD6SB1M064G_133958401282&q={searchTerms}");
[xz1euvt7.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.crossrider.bic", "14cf74ba9a4e8638227b0ff2e1f1cc8d");
[xz1euvt7.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.quick_start.enable_search1", false);
[xz1euvt7.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);

-\\ Chromium v


*************************

AdwCleaner[R2].txt - [6860 Bytes] - [21/11/2014 00:16:17]
AdwCleaner[R3].txt - [927 Bytes] - [29/11/2014 17:00:01]
AdwCleaner[R4].txt - [1045 Bytes] - [29/11/2014 17:07:07]
AdwCleaner[R5].txt - [16450 Bytes] - [27/04/2015 21:39:01]
AdwCleaner[S2].txt - [5620 Bytes] - [21/11/2014 00:17:18]
AdwCleaner[S3].txt - [987 Bytes] - [29/11/2014 17:01:15]
AdwCleaner[S4].txt - [13742 Bytes] - [27/04/2015 21:39:45]

########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [13802  Bytes] ##########

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 27.04.2015
Suchlauf-Zeit: 21:50:33
Logdatei: MBAM-Log.txt
Administrator: Ja

Version: 2.01.6.1022
Malware Datenbank: v2015.04.27.03
Rootkit Datenbank: v2015.04.21.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: Rod

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 558369
Verstrichene Zeit: 9 Min, 31 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 6
PUP.Optional.ModGoog, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, In Quarantäne, [c5cae38e424886b0dfa1d67157ab9070], 
PUP.Optional.ModGoog, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, In Quarantäne, [c5cae38e424886b0dfa1d67157ab9070], 
PUP.Optional.CrossRider.C, HKLM\SOFTWARE\WOW6432NODE\APPDATALOW\SOFTWARE\Crossrider, In Quarantäne, [731c165b5c2ea78f51991aabe0238c74], 
PUP.Optional.Cinema.A, HKU\S-1-5-21-1164391901-2496949349-3293824855-1002\SOFTWARE\CinemaP-1.4cV16.03-nv-ie, In Quarantäne, [b1dec5aca9e12511b4d1f8f150b3ac54], 
PUP.Optional.iWebar.A, HKU\S-1-5-21-1164391901-2496949349-3293824855-1002\SOFTWARE\iWebar-nv-ie, In Quarantäne, [c9c6e19021697db90f334192be45b34d], 
PUP.Optional.ObjectBrowser.A, HKU\S-1-5-21-1164391901-2496949349-3293824855-1002\SOFTWARE\Object Browser-nv-ie, In Quarantäne, [c7c8d998454540f686b8785624df3dc3], 

Registrierungswerte: 3
PUP.Optional.MBot.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|mbot_de_611, In Quarantäne, [414e502121694aec168497542ed5d62a], 
PUP.Optional.MultiPlug.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\fovudyqe|ImagePath, C:\Users\Rod\AppData\Roaming\00000000-1430077888-0000-0000-8C89A50FD868\jnsc4735.tmp, In Quarantäne, [5b34442d34563204dd448bcd35d0669a]
PUP.Optional.MultiPlug.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\kikutuwy|ImagePath, C:\Users\Rod\AppData\Roaming\00000000-1430077888-0000-0000-8C89A50FD868\nszFE6.tmp, In Quarantäne, [6827116022682f07ee312434a1645ea2]

Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)

Ordner: 6
PUP.Optional.MultiPlug.A, C:\Users\Rod\AppData\Local\00000000-1430085370-0000-0000-8C89A50FD868, In Quarantäne, [e5aaaac79ceef442edaa0158fa0b7a86], 
PUP.Optional.GlobalUpdate.A, C:\Users\Rod\AppData\Local\Temp\comh.11522, In Quarantäne, [187772ffa7e31e1896716742709347b9], 
PUP.Optional.GlobalUpdate.A, C:\Users\Rod\AppData\Local\Temp\comh.394691, In Quarantäne, [2e616e038efc8fa763a4beeb33d09f61], 
PUP.Optional.GlobalUpdate.A, C:\Users\Rod\AppData\Local\Temp\comh.75781, In Quarantäne, [3659f47d0f7ba59130d79712a65dad53], 
PUP.Optional.ShopperPro.A, C:\Users\Public\Documents\ShopperPro, In Quarantäne, [870891e03951ff37e175873c7d86738d], 
PUP.Optional.ShopperPro.A, C:\Users\Public\Documents\ShopperPro\JsDriver, In Quarantäne, [870891e03951ff37e175873c7d86738d], 

Dateien: 51
PUP.Optional.CrossRider.A, C:\Users\Rod\AppData\Roaming\OXJV.exe, In Quarantäne, [f39c333ed7b3fd397dc8c479b650a060], 
PUP.Optional.CrossRider.A, C:\Users\Rod\AppData\Roaming\RTQFZORV.exe, In Quarantäne, [454aec859deda0966fd6d66700069b65], 
PUP.Optional.SafeSoftware, C:\$Recycle.Bin\S-1-5-21-1164391901-2496949349-3293824855-1002\$RIW8D8T.exe, In Quarantäne, [b2dd086993f710264236d96cf3135fa1], 
PUP.Optional.SupTab.A, C:\$Recycle.Bin\S-1-5-21-1164391901-2496949349-3293824855-1002\$RURQFZY\SupTab.dll, In Quarantäne, [117e630e8604bc7a068d3afd51af08f8], 
PUP.Optional.PreBackup.A, C:\Users\Rod\AppData\Local\Temp\CloudBackup3360.exe, In Quarantäne, [cbc48ce591f91620c1702f457090f60a], 
PUP.Optional.Bundle, C:\Users\Rod\AppData\Local\Temp\setup.exe, In Quarantäne, [b0df4c251b6f6bcbfbb9014d39c9916f], 
PUP.Optional.LuckySearches.A, C:\Users\Rod\AppData\Local\Temp\amt_luckysearches.exe, In Quarantäne, [f39c93ded4b6310569fdea5afb0b966a], 
Trojan.Downloader, C:\Users\Rod\AppData\Local\Temp\nstC01F.tmp, In Quarantäne, [7619f18097f3d660f5cada5f867d5da3], 
PUP.Optional.Bundle, C:\Users\Rod\AppData\Local\Temp\nstC020.tmp, In Quarantäne, [7c13a6cb4842c175742e08f1e81dd52b], 
PUP.Optional.Bundle, C:\Users\Rod\AppData\Local\Temp\sudden strike 3 arms for victory 1.4 no cd__10924_i1505121814_il1500977.exe, In Quarantäne, [e5aa68097317e84ec96d8eb32cd67987], 
PUP.Optional.CrossRider, C:\Users\Rod\AppData\Local\Temp\Install_29558\ins_cr.exe, In Quarantäne, [99f699d866240432dad0459e857c15eb], 
PUP.Optional.CrossRider, C:\Users\Rod\AppData\Local\Temp\Install_29558\ins_iwebar.exe, In Quarantäne, [573809680b7f7fb7c2e86b78837e9868], 
PUP.Optional.ModGoog, C:\Users\Rod\AppData\Local\Temp\comh.11522\GoogleCrashHandler.exe, In Quarantäne, [840b9ad7deac71c5364a0146956dea16], 
PUP.Optional.ModGoog, C:\Users\Rod\AppData\Local\Temp\comh.11522\GoogleUpdate.exe, In Quarantäne, [c5cae38e424886b0dfa1d67157ab9070], 
PUP.Optional.ModGoog, C:\Users\Rod\AppData\Local\Temp\comh.11522\GoogleUpdateBroker.exe, In Quarantäne, [cec1b8b9206a43f394ec1a2dc24048b8], 
PUP.Optional.ModGoog, C:\Users\Rod\AppData\Local\Temp\comh.11522\GoogleUpdateOnDemand.exe, In Quarantäne, [1778116090fa191d86fa0245cc367090], 
PUP.Optional.ModGoog, C:\Users\Rod\AppData\Local\Temp\comh.11522\goopdate.dll, In Quarantäne, [8a05bdb409815cda4e3293b4936fb14f], 
PUP.Optional.ModGoog, C:\Users\Rod\AppData\Local\Temp\comh.11522\goopdateres_en.dll, In Quarantäne, [513efc756921e74fdca4b88f37cbbe42], 
PUP.Optional.ModGoog, C:\Users\Rod\AppData\Local\Temp\comh.11522\npGoogleUpdate4.dll, In Quarantäne, [434c076a7c0e0b2bbbc5f750bf438c74], 
PUP.Optional.ModGoog, C:\Users\Rod\AppData\Local\Temp\comh.11522\psmachine.dll, In Quarantäne, [c8c782efabdf3df9f48c6ed9b0524eb2], 
PUP.Optional.ModGoog, C:\Users\Rod\AppData\Local\Temp\comh.11522\psuser.dll, In Quarantäne, [652a5a1715754ee85030242336cc827e], 
PUP.Optional.ModGoog, C:\Users\Rod\AppData\Local\Temp\comh.394691\GoogleCrashHandler.exe, In Quarantäne, [513e551c4149e353c8b80740a0623fc1], 
PUP.Optional.ModGoog, C:\Users\Rod\AppData\Local\Temp\comh.394691\GoogleUpdate.exe, In Quarantäne, [8c039ed36e1c7bbb384855f2e220dc24], 
PUP.Optional.ModGoog, C:\Users\Rod\AppData\Local\Temp\comh.394691\GoogleUpdateBroker.exe, In Quarantäne, [eba4ed843f4b0234235d87c09f63728e], 
PUP.Optional.ModGoog, C:\Users\Rod\AppData\Local\Temp\comh.394691\GoogleUpdateOnDemand.exe, In Quarantäne, [038c98d9cac061d57d03f552fe04d52b], 
PUP.Optional.ModGoog, C:\Users\Rod\AppData\Local\Temp\comh.394691\goopdate.dll, In Quarantäne, [b3dc6d04d7b37cba413f1f2840c258a8], 
PUP.Optional.ModGoog, C:\Users\Rod\AppData\Local\Temp\comh.394691\goopdateres_en.dll, In Quarantäne, [3e51670ae3a7c86e0a764dfa5ea4936d], 
PUP.Optional.ModGoog, C:\Users\Rod\AppData\Local\Temp\comh.394691\npGoogleUpdate4.dll, In Quarantäne, [47489fd2b3d79d99740c6adda95924dc], 
PUP.Optional.ModGoog, C:\Users\Rod\AppData\Local\Temp\comh.394691\psmachine.dll, In Quarantäne, [3659264bc5c5c86ef68aac9b27dbc040], 
PUP.Optional.ModGoog, C:\Users\Rod\AppData\Local\Temp\comh.394691\psuser.dll, In Quarantäne, [028d541dc7c32b0b1d63281fee149c64], 
PUP.Optional.ModGoog, C:\Users\Rod\AppData\Local\Temp\comh.75781\GoogleCrashHandler.exe, In Quarantäne, [1b74274aa9e14ee85b252a1d06fccf31], 
PUP.Optional.ModGoog, C:\Users\Rod\AppData\Local\Temp\comh.75781\GoogleUpdate.exe, In Quarantäne, [cec1aac7acde15212060bc8ba85a6a96], 
PUP.Optional.ModGoog, C:\Users\Rod\AppData\Local\Temp\comh.75781\GoogleUpdateBroker.exe, In Quarantäne, [117edc9516742c0a3e42301706fc02fe], 
PUP.Optional.ModGoog, C:\Users\Rod\AppData\Local\Temp\comh.75781\GoogleUpdateOnDemand.exe, In Quarantäne, [8e01b5bcf89271c51b653314788aa65a], 
PUP.Optional.ModGoog, C:\Users\Rod\AppData\Local\Temp\comh.75781\goopdate.dll, In Quarantäne, [8d028de4b5d53ff72e52bf88d2302dd3], 
PUP.Optional.ModGoog, C:\Users\Rod\AppData\Local\Temp\comh.75781\goopdateres_en.dll, In Quarantäne, [3c5395dca6e496a06917cc7bc73bed13], 
PUP.Optional.ModGoog, C:\Users\Rod\AppData\Local\Temp\comh.75781\npGoogleUpdate4.dll, In Quarantäne, [cfc01c553a500333522eb295e61c7d83], 
PUP.Optional.ModGoog, C:\Users\Rod\AppData\Local\Temp\comh.75781\psmachine.dll, In Quarantäne, [543b531e8a00bc7ab1cf4bfc6a98f808], 
PUP.Optional.ModGoog, C:\Users\Rod\AppData\Local\Temp\comh.75781\psuser.dll, In Quarantäne, [66294c25f9918caadaa6ca7df80a1ae6], 
PUP.Optional.ABEngine.A, C:\Users\Rod\AppData\Local\Temp\abengine.log, In Quarantäne, [157a9ed37218b086e15fbc17ac57cd33], 
PUP.Optional.ABEngine.A, C:\Windows\Temp\abengine.log, In Quarantäne, [840bfc758802a0969da3d8fbf2113fc1], 
PUP.Optional.MultiPlug.A, C:\Users\Rod\AppData\Local\00000000-1430085370-0000-0000-8C89A50FD868\onsyE54.tmp, In Quarantäne, [e5aaaac79ceef442edaa0158fa0b7a86], 
PUP.Optional.MultiPlug.A, C:\Users\Rod\AppData\Local\00000000-1430085370-0000-0000-8C89A50FD868\pnsdE74.exe, In Quarantäne, [e5aaaac79ceef442edaa0158fa0b7a86], 
PUP.Optional.MultiPlug.A, C:\Users\Rod\AppData\Local\00000000-1430085370-0000-0000-8C89A50FD868\rnsyE53.exe, In Quarantäne, [e5aaaac79ceef442edaa0158fa0b7a86], 
PUP.Optional.MultiPlug.A, C:\Users\Rod\AppData\Local\00000000-1430085370-0000-0000-8C89A50FD868\snsyE52.tmp, In Quarantäne, [e5aaaac79ceef442edaa0158fa0b7a86], 
PUP.Optional.MultiPlug.A, C:\Users\Rod\AppData\Local\00000000-1430085370-0000-0000-8C89A50FD868\Uninstall.exe, In Quarantäne, [e5aaaac79ceef442edaa0158fa0b7a86], 
PUP.Optional.GlobalUpdate.A, C:\Users\Rod\AppData\Local\Temp\comh.11522\GoogleUpdateHelper.msi, In Quarantäne, [187772ffa7e31e1896716742709347b9], 
PUP.Optional.GlobalUpdate.A, C:\Users\Rod\AppData\Local\Temp\comh.394691\GoogleUpdateHelper.msi, In Quarantäne, [2e616e038efc8fa763a4beeb33d09f61], 
PUP.Optional.GlobalUpdate.A, C:\Users\Rod\AppData\Local\Temp\comh.75781\GoogleUpdateHelper.msi, In Quarantäne, [3659f47d0f7ba59130d79712a65dad53], 
PUP.Optional.ShopperPro.A, C:\Users\Public\Documents\ShopperPro\JsDriver\Config.xml, In Quarantäne, [870891e03951ff37e175873c7d86738d], 
PUP.Optional.LuckySearches.A, C:\Users\Rod\AppData\Roaming\Mozilla\Firefox\Profiles\xz1euvt7.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.search.selectedEngine", "luckysearches");), Ersetzt,[6728afc2aae00e283ad80344798dec14]

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-04-2015 01
Ran by Rod (administrator) on ROD on 27-04-2015 22:07:57
Running from D:\downloads
Loaded Profiles: Rod & MSSQLFDLauncher$AUSBILDUNG (Available profiles: Rod & MSSQL$AUSBILDUNG & MSSQLSERVER & MSSQLFDLauncher$AUSBILDUNG)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\SCM\MSIService.exe
(Microsoft Corporation) D:\SQL\MSSQL11.AUSBILDUNG\MSSQL\Binn\sqlservr.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) D:\SQL\MSSQL11.AUSBILDUNG\MSSQL\Binn\fdlauncher.exe
(Microsoft Corporation) D:\SQL\MSSQL11.AUSBILDUNG\MSSQL\Binn\fdhost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(MSI) C:\Program Files (x86)\SCM\SCM.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
() C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Geek Software GmbH) D:\Software\PDF24\PDF24\pdf24.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(Mozilla Corporation) D:\Firefox\firefox.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Malwarebytes Corporation) D:\ Malwarebytes Anti-Malware \mbam.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13538376 2013-05-21] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1308232 2013-05-20] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2859344 2013-04-30] (ELAN Microelectronics Corp.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286704 2013-03-22] (Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [Radio Manager] => C:\Program Files (x86)\SCM\Radio Manager.exe [403848 2013-05-14] (MSI)
HKLM\...\Run: [SCM] => C:\Program Files (x86)\SCM\SCM.exe [399776 2013-05-14] (MSI)
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2673296 2015-03-28] (NVIDIA Corporation)
HKLM\...\Run: [IgfxTray] => C:\WINDOWS\system32\igfxtray.exe [457616 2014-10-03] ()
HKLM\...\Run: [HotKeysCmds] => "C:\WINDOWS\system32\hkcmd.exe"
HKLM\...\Run: [Persistence] => "C:\WINDOWS\system32\igfxpers.exe"
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111576 2013-08-05] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [490760 2013-09-23] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-11] (CyberLink Corp.)
HKLM-x32\...\Run: [PDFPrint] => D:\Software\PDF24\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => E:\SuddenStrike3\Reader\Reader_sl.exe [40048 2007-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware  (cleanup)] => C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \mbamdor.exe [54072 2015-04-14] (Malwarebytes Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKLM\...\Policies\Explorer: [ConfirmFileDelete] 1
HKU\S-1-5-21-1164391901-2496949349-3293824855-1002\...\Run: [Spotify Web Helper] => C:\Users\Rod\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2018360 2015-04-03] (Spotify Ltd)
HKU\S-1-5-21-1164391901-2496949349-3293824855-1002\...\Run: [BuildNotification12] => "D:\VS2013\Common7\IDE\BuildNotificationApp.exe"
HKU\S-1-5-21-1164391901-2496949349-3293824855-1002\...\Run: [Spotify] => C:\Users\Rod\AppData\Roaming\Spotify\Spotify.exe [7112248 2015-04-03] (Spotify Ltd)
HKU\S-1-5-21-1164391901-2496949349-3293824855-1002\...\MountPoints2: H - "H:\SETUP.EXE" 
HKU\S-1-5-21-1164391901-2496949349-3293824855-1002\...\MountPoints2: I - "I:\autorun.exe" 
HKU\S-1-5-21-1164391901-2496949349-3293824855-1002\...\MountPoints2: {61f6dd93-d3e6-11e3-bede-8c89a50fd868} - "G:\autorun.exe" 
HKU\S-1-5-21-1164391901-2496949349-3293824855-1002\...\MountPoints2: {dc1b46f1-676a-11e4-bf0e-8c89a50fd868} - "G:\autorun.exe" 
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [178512 2015-03-13] (NVIDIA Corporation)
AppInit_DLLs: , C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [178512 2015-03-13] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [164568 2015-03-13] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Qualcomm Atheros Killer Network Manager.lnk [2013-10-28]
ShortcutTarget: Qualcomm Atheros Killer Network Manager.lnk -> C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe ()
Startup: C:\Users\Rod\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2015-01-26]
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-03-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-03-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-03-10] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
URLSearchHook: [S-1-5-80-4129702732-3888187158-186309658-1063465230-1591156635] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-03-10] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll [2014-10-16] (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-03-10] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-10-16] (Oracle Corporation)
BHO-x32: Adobe PDF Reader -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23] (Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-03-04] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-10-16] (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-03-10] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-10-16] (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Rod\AppData\Roaming\Mozilla\Firefox\Profiles\xz1euvt7.default
FF Homepage: hxxp://google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-14] ()
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2014-12-03] (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-10-16] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-10-16] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] ()
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2014-12-03] (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-03-12] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-03-12] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-10-16] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-10-16] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-02-17] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-01-26] (Microsoft Corporation)
FF SearchPlugin: C:\Users\Rod\AppData\Roaming\Mozilla\Firefox\Profiles\xz1euvt7.default\searchplugins\gmx-suche.xml [2015-03-10]
FF Extension: Ghostery - C:\Users\Rod\AppData\Roaming\Mozilla\Firefox\Profiles\xz1euvt7.default\Extensions\firefox@ghostery.com.xpi [2014-11-23]
FF Extension: CookieCuller - C:\Users\Rod\AppData\Roaming\Mozilla\Firefox\Profiles\xz1euvt7.default\Extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460}.xpi [2014-11-23]
FF Extension: Adblock Plus - C:\Users\Rod\AppData\Roaming\Mozilla\Firefox\Profiles\xz1euvt7.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-06-05]
StartMenuInternet: FIREFOX.EXE - D:\Firefox\firefox.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [5632 2014-03-11] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2719928 2015-03-18] (Microsoft Corporation)
R2 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [74712 2013-03-11] (CyberLink)
R2 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [316376 2013-03-11] (CyberLink)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152144 2015-03-28] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-03-22] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [329104 2014-10-03] (Intel Corporation)
R2 Intel(R) Bluetooth Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [160712 2013-03-11] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-03-12] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
S2 MBAMService; D:\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 Micro Star SCM; C:\Program Files (x86)\SCM\MSIService.exe [160768 2013-05-14] (Micro-Star International Co., Ltd.) [File not signed]
R2 MSSQL$AUSBILDUNG; d:\SQL\MSSQL11.AUSBILDUNG\MSSQL\Binn\sqlservr.exe [191064 2012-02-11] (Microsoft Corporation)
R3 MSSQLFDLauncher$AUSBILDUNG; d:\SQL\MSSQL11.AUSBILDUNG\MSSQL\Binn\fdlauncher.exe [49752 2012-02-11] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-03-29] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1878672 2015-03-28] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [22995600 2015-03-28] (NVIDIA Corporation)
S3 Origin Client Service; D:\Origin\OriginClientService.exe [1931632 2015-04-17] (Electronic Arts)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76152 2015-02-04] ()
R2 Qualcomm Atheros Killer Service; C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe [495616 2013-03-15] () [File not signed]
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2013-03-06] ()
S2 SkypeUpdate; D:\Software\Skype\Updater\Updater.exe [315488 2015-02-18] (Skype Technologies)
S4 SQLAgent$AUSBILDUNG; d:\SQL\MSSQL11.AUSBILDUNG\MSSQL\Binn\SQLAGENT.EXE [597080 2012-02-11] (Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH)
S3 VsEtwService120; D:\Programmierung\VS Express 2013\Common7\Packages\Debugger\Services\VsEtwService.exe [89232 2014-07-22] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3376880 2013-03-29] (Intel® Corporation)
S2 fovudyqe; No ImagePath
S2 kikutuwy; No ImagePath
S2 MSSQLSERVER; "C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe" -sMSSQLSERVER [X]
S4 SQLSERVERAGENT; "C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE" -i MSSQLSERVER [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [310728 2015-01-19] ()
S1 BfLwf; C:\Windows\system32\DRIVERS\bwcW8x64.sys [74096 2013-03-15] (Qualcomm Atheros, Inc.)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsfw.sys [1366328 2013-04-01] (Motorola Solutions, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R3 clwvd6; C:\Windows\system32\DRIVERS\clwvd6.sys [41704 2013-10-29] (CyberLink Corporation)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [76744 2013-03-11] (Intel Corporation)
R3 Ke2200; C:\Windows\system32\DRIVERS\e22w8x64.sys [174448 2013-03-15] (Qualcomm Atheros, Inc.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [42696 2015-01-19] ()
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [136408 2015-04-27] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3589600 2013-09-25] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [3545056 2013-04-18] (Intel Corporation)
R1 nvkflt; C:\Windows\system32\DRIVERS\nvkflt.sys [299664 2015-03-13] (NVIDIA Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-03-28] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
U0 pexgba; C:\Windows\System32\drivers\dwvfem.sys [79064 2015-04-27] (Malwarebytes Corporation)
S4 RsFx0200; C:\Windows\System32\DRIVERS\RsFx0200.sys [334936 2012-02-11] (Microsoft Corporation)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [448072 2013-02-01] (RTS Corporation)
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [226304 2014-10-29] (Microsoft Corporation)
S3 UHSfiltv; C:\Windows\system32\drivers\UHSfiltv.sys [23552 2012-09-12] (Creative Technology Ltd.)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
S3 clwvd; \SystemRoot\system32\DRIVERS\clwvd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-27 22:05 - 2015-04-27 22:05 - 00079064 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\dwvfem.sys
2015-04-26 22:25 - 2015-04-26 22:25 - 00000778 ____C () C:\Users\Rod\Desktop\Sudden Strike 2.lnk
2015-04-26 22:25 - 2015-04-26 22:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameTop.com
2015-04-26 22:07 - 2015-04-26 22:07 - 00003146 _____ () C:\WINDOWS\System32\Tasks\{ABBAF84F-D062-43E1-B01B-79516F78051E}
2015-04-26 21:59 - 2015-04-27 21:59 - 00001686 _____ () C:\WINDOWS\Tasks\RTQFZORV.job
2015-04-26 21:59 - 2015-04-27 21:59 - 00001334 _____ () C:\WINDOWS\Tasks\OXJV.job
2015-04-26 21:59 - 2015-04-26 21:59 - 00004678 _____ () C:\WINDOWS\System32\Tasks\RTQFZORV
2015-04-26 21:59 - 2015-04-26 21:59 - 00004328 _____ () C:\WINDOWS\System32\Tasks\OXJV
2015-04-26 21:51 - 2015-04-26 21:51 - 00000000 ___DC () C:\Users\Rod\AppData\Local\CrashRpt
2015-04-26 21:48 - 2015-04-26 21:48 - 00003970 _____ () C:\WINDOWS\System32\Tasks\LaunchPreSignup
2015-04-26 21:45 - 2015-04-26 21:45 - 00003086 _____ () C:\WINDOWS\System32\Tasks\iren3006
2015-04-26 21:37 - 2015-04-26 21:37 - 00000000 ___DC () C:\Users\Rod\Documents\Fireglow Games
2015-04-15 15:48 - 2015-04-15 15:48 - 00424651 ____C () C:\Users\Rod\Desktop\Kündigungsbestätigung.jpeg
2015-04-15 15:47 - 2015-04-15 15:46 - 00292022 ____C () C:\Users\Rod\Desktop\Gutschrift.jpeg
2015-04-15 15:17 - 2015-03-14 10:54 - 00133256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-04-15 15:17 - 2015-03-14 03:56 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-04-15 15:17 - 2015-03-14 03:56 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-04-15 15:17 - 2015-03-14 03:51 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wu.upgrade.ps.dll
2015-04-15 15:17 - 2015-03-14 03:37 - 00267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2015-04-15 15:17 - 2015-03-14 03:14 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2015-04-15 15:17 - 2015-03-14 02:22 - 03678720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-04-15 15:17 - 2015-03-14 02:12 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-04-15 15:17 - 2015-03-14 02:12 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-04-15 15:17 - 2015-03-14 02:09 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2015-04-15 15:17 - 2015-03-14 02:08 - 00408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-04-15 15:17 - 2015-03-14 02:08 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-04-15 15:17 - 2015-03-14 02:06 - 02373632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-04-15 15:17 - 2015-03-14 02:06 - 00891392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-04-15 15:17 - 2015-03-14 02:02 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-04-15 15:17 - 2015-03-14 02:02 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-04-15 15:17 - 2015-03-14 01:59 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-04-15 15:17 - 2015-03-14 01:59 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-04-15 15:17 - 2015-03-13 06:32 - 24980480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-04-15 15:17 - 2015-03-13 06:08 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-04-15 15:17 - 2015-03-13 06:07 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-04-15 15:17 - 2015-03-13 05:53 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-04-15 15:17 - 2015-03-13 05:50 - 06025216 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-04-15 15:17 - 2015-03-13 05:42 - 19695616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-04-15 15:17 - 2015-03-13 05:28 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-04-15 15:17 - 2015-03-13 05:26 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-04-15 15:17 - 2015-03-13 05:22 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-04-15 15:17 - 2015-03-13 05:17 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-04-15 15:17 - 2015-03-13 05:16 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-04-15 15:17 - 2015-03-13 05:08 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-04-15 15:17 - 2015-03-13 05:07 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-04-15 15:17 - 2015-03-13 05:00 - 14397440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-04-15 15:17 - 2015-03-13 04:50 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-04-15 15:17 - 2015-03-13 04:49 - 04305408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-04-15 15:17 - 2015-03-13 04:45 - 02358784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-04-15 15:17 - 2015-03-13 04:44 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-04-15 15:17 - 2015-03-13 04:34 - 12825600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-04-15 15:17 - 2015-03-13 04:33 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-04-15 15:17 - 2015-03-13 04:22 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-04-15 15:17 - 2015-03-13 04:20 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-04-15 15:17 - 2015-03-13 04:16 - 01311232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-04-15 15:17 - 2015-03-13 04:14 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-04-15 15:17 - 2015-02-21 01:49 - 00780800 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2015-04-15 15:16 - 2015-03-23 00:45 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-04-15 15:16 - 2015-03-23 00:09 - 01111552 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-04-15 15:16 - 2015-03-23 00:09 - 00957440 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-04-15 15:16 - 2015-03-23 00:09 - 00769024 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-04-15 15:16 - 2015-03-23 00:09 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-04-15 15:16 - 2015-03-23 00:09 - 00419328 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-04-15 15:16 - 2015-03-23 00:09 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-04-15 15:16 - 2015-03-04 12:25 - 00377152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2015-04-15 15:16 - 2015-03-04 05:04 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\clfsw32.dll
2015-04-15 15:16 - 2015-03-04 04:19 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clfsw32.dll
2015-04-15 15:16 - 2015-02-24 10:32 - 00991552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2015-04-04 15:07 - 2015-04-05 09:54 - 00000000 ___SD () C:\WINDOWS\system32\GWX
2015-04-04 15:07 - 2015-04-04 15:07 - 00000000 ___SD () C:\WINDOWS\SysWOW64\GWX
2015-03-30 20:35 - 2015-03-30 20:35 - 00000000 ____D () C:\WINDOWS\SysWOW64\NV
2015-03-30 20:35 - 2015-03-30 20:35 - 00000000 ____D () C:\WINDOWS\system32\NV
2015-03-30 20:34 - 2015-03-13 21:41 - 32114888 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2015-03-30 20:34 - 2015-03-13 21:41 - 25460880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2015-03-30 20:34 - 2015-03-13 21:41 - 24775368 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2015-03-30 20:34 - 2015-03-13 21:41 - 20466376 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2015-03-30 20:34 - 2015-03-13 21:41 - 18580512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2015-03-30 20:34 - 2015-03-13 21:41 - 17258024 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2015-03-30 20:34 - 2015-03-13 21:41 - 16022016 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2015-03-30 20:34 - 2015-03-13 21:41 - 13297144 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2015-03-30 20:34 - 2015-03-13 21:41 - 13210080 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2015-03-30 20:34 - 2015-03-13 21:41 - 10775080 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2015-03-30 20:34 - 2015-03-13 21:41 - 10715864 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2015-03-30 20:34 - 2015-03-13 21:41 - 10262160 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2015-03-30 20:34 - 2015-03-13 21:41 - 03611792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2015-03-30 20:34 - 2015-03-13 21:41 - 03249352 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2015-03-30 20:34 - 2015-03-13 21:41 - 01896136 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6434788.dll
2015-03-30 20:34 - 2015-03-13 21:41 - 01557648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6434788.dll
2015-03-30 20:34 - 2015-03-13 21:41 - 00970384 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2015-03-30 20:34 - 2015-03-13 21:41 - 00944784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2015-03-30 20:34 - 2015-03-13 21:41 - 00930448 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2015-03-30 20:34 - 2015-03-13 21:41 - 00909512 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2015-03-30 20:34 - 2015-03-13 21:41 - 00496272 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2015-03-30 20:34 - 2015-03-13 21:41 - 00400584 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2015-03-30 20:34 - 2015-03-13 21:41 - 00390288 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2015-03-30 20:34 - 2015-03-13 21:41 - 00354112 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2015-03-30 20:34 - 2015-03-13 21:41 - 00346824 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2015-03-30 20:34 - 2015-03-13 21:41 - 00306208 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2015-03-30 20:34 - 2015-03-13 21:41 - 00299664 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvkflt.sys
2015-03-30 20:34 - 2015-03-13 21:41 - 00032456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvpciflt.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-27 22:07 - 2014-11-20 22:33 - 00000000 ____D () C:\FRST
2015-04-27 22:02 - 2014-01-15 23:38 - 01565329 _____ () C:\WINDOWS\WindowsUpdate.log
2015-04-27 22:02 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-04-27 22:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-04-27 21:52 - 2013-12-27 19:31 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1164391901-2496949349-3293824855-1002
2015-04-27 21:48 - 2014-11-22 13:50 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-04-27 21:47 - 2014-11-22 13:50 - 00000641 ____C () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-04-27 21:47 - 2014-11-22 13:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-04-27 21:47 - 2013-11-14 09:27 - 02435178 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-04-27 21:47 - 2013-11-14 09:11 - 01025694 _____ () C:\WINDOWS\system32\perfh007.dat
2015-04-27 21:47 - 2013-11-14 09:11 - 00247972 _____ () C:\WINDOWS\system32\perfc007.dat
2015-04-27 21:41 - 2014-11-08 15:57 - 00033219 _____ () C:\WINDOWS\setupact.log
2015-04-27 21:41 - 2014-01-31 21:27 - 00000000 __DOC () C:\Users\Rod\SkyDrive
2015-04-27 21:41 - 2013-10-28 14:55 - 00000000 ____D () C:\ProgramData\Bigfoot Networks
2015-04-27 21:40 - 2013-11-14 00:18 - 00047094 _____ () C:\WINDOWS\PFRO.log
2015-04-27 21:40 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-04-27 21:40 - 2013-08-22 15:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-04-27 21:39 - 2014-11-21 00:14 - 00000000 ____D () C:\AdwCleaner
2015-04-27 19:37 - 2014-05-09 18:45 - 00003902 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{08CD4898-E756-4FC0-8031-743705B1BC35}
2015-04-27 00:13 - 2013-12-28 16:01 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-04-26 22:23 - 2014-11-22 13:50 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-04-26 22:02 - 2013-08-22 17:36 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy
2015-04-26 21:54 - 2014-06-03 23:00 - 00000614 ____C () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-04-26 21:54 - 2014-06-03 23:00 - 00000614 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-04-26 21:54 - 2014-01-15 23:55 - 00001458 ____C () C:\Users\Rod\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-04-26 21:54 - 2013-10-29 10:40 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Welcome.lnk
2015-04-26 21:54 - 2013-10-29 10:40 - 00002449 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MEDIONhome.lnk
2015-04-26 21:52 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Common Files\System
2015-04-26 18:37 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-04-26 18:13 - 2013-12-29 00:10 - 00000000 ___DC () C:\Users\Rod\AppData\Roaming\Skype
2015-04-17 16:47 - 2013-12-29 00:10 - 00000000 ____D () C:\ProgramData\Skype
2015-04-17 00:20 - 2014-01-15 20:44 - 00000000 ____D () C:\ProgramData\Origin
2015-04-17 00:03 - 2014-04-01 12:53 - 00000000 ___DC () C:\Users\Rod\AppData\Local\Battle.net
2015-04-16 23:17 - 2015-01-26 01:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-04-16 23:17 - 2015-01-26 01:32 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-04-16 17:57 - 2013-12-28 00:49 - 00000000 ___DC () C:\Users\Rod\AppData\Local\Spotify
2015-04-16 17:51 - 2013-12-28 00:45 - 00000000 ___DC () C:\Users\Rod\AppData\Roaming\Spotify
2015-04-16 16:43 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-04-16 16:35 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppCompat
2015-04-15 23:46 - 2013-12-27 21:16 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-04-15 23:44 - 2013-03-22 19:03 - 128913832 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-04-15 23:41 - 2014-12-17 18:24 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-04-15 23:41 - 2014-07-15 04:28 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-04-15 15:48 - 2014-05-06 18:49 - 00223744 __SHC () C:\Users\Rod\Desktop\Thumbs.db
2015-04-15 15:16 - 2014-11-12 20:21 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaext.dll
2015-04-14 23:13 - 2013-08-22 17:36 - 00000000 __RDC () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-04-14 23:13 - 2013-08-22 17:36 - 00000000 __RDC () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-04-14 23:13 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Defender
2015-04-14 23:13 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-04-14 21:28 - 2015-01-13 21:13 - 18178736 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2015-04-14 21:28 - 2013-12-28 16:01 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-04-14 09:38 - 2014-11-22 13:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-04-14 09:37 - 2014-11-22 13:50 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-04-14 09:37 - 2014-11-22 13:50 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-04-14 01:24 - 2013-08-22 17:38 - 00792056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-04-14 01:24 - 2013-08-22 17:38 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-13 03:04 - 2015-03-15 21:35 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Games
2015-04-10 19:02 - 2015-01-09 22:49 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2015-04-07 21:43 - 2014-02-06 19:04 - 00000000 ___DC () C:\Users\Rod\Documents\Visual Studio 2013
2015-04-03 11:58 - 2013-12-28 00:49 - 00001840 ____C () C:\Users\Rod\Desktop\Spotify.lnk
2015-04-03 11:58 - 2013-12-28 00:49 - 00001826 ____C () C:\Users\Rod\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2015-03-31 20:03 - 2013-08-22 16:44 - 00514440 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-03-30 20:35 - 2014-10-18 11:21 - 00000000 ____D () C:\Temp
2015-03-30 20:35 - 2014-01-15 23:38 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-03-30 20:35 - 2014-01-15 23:38 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-03-30 20:09 - 2013-12-28 18:54 - 00001401 ____C () C:\Users\Public\Desktop\GeForce Experience.lnk
2015-03-29 15:15 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2015-03-28 08:30 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2015-03-28 08:30 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\FileManager
2015-03-28 08:30 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\Camera
2015-03-28 05:44 - 2014-06-02 18:30 - 01316000 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2015-03-28 05:44 - 2013-12-28 17:02 - 01316000 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2015-03-28 05:43 - 2014-06-02 18:30 - 01756424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2015-03-28 05:43 - 2013-12-28 17:02 - 01570672 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2015-03-28 04:59 - 2013-08-22 17:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories

==================== Files in the root of some directories =======

2015-01-25 18:12 - 2015-01-25 18:12 - 0002086 ____C () C:\Users\Rod\AppData\Roaming\OXJV
2015-03-09 23:30 - 2015-03-09 23:30 - 0005487 ____C () C:\Users\Rod\AppData\Roaming\RTQFZORV
2014-11-02 20:53 - 2014-11-02 20:53 - 0000218 ____C () C:\Users\Rod\AppData\Local\recently-used.xbel
2013-12-28 16:08 - 2014-10-04 12:47 - 0007623 ____C () C:\Users\Rod\AppData\Local\Resmon.ResmonCfg
2013-10-28 14:52 - 2013-10-28 14:52 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-03-07 17:36 - 2015-03-07 17:36 - 0091734 _____ () C:\ProgramData\dxdiag.txt
2013-10-28 16:30 - 2013-10-28 16:30 - 0000104 _____ () C:\ProgramData\{01FB4998-33C4-4431-85ED-079E3EEFE75D}.log
2013-10-28 16:30 - 2013-10-28 16:30 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2013-10-28 16:27 - 2013-10-28 16:28 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2013-10-28 16:30 - 2013-10-28 16:30 - 0000111 _____ () C:\ProgramData\{39337565-330E-4ab6-A9AE-AC81E0720B10}.log
2013-10-28 16:29 - 2013-10-28 16:29 - 0000032 _____ () C:\ProgramData\{551F492A-01B0-4DC4-866F-875EC4EDC0A8}.log
2013-10-28 16:26 - 2013-10-28 16:26 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2013-10-28 16:29 - 2013-10-28 16:29 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log
2013-10-28 16:27 - 2013-10-28 16:27 - 0000110 _____ () C:\ProgramData\{E3739848-5329-48E3-8D28-5BBD6E8BE384}.log
2013-10-28 16:28 - 2013-10-28 16:28 - 0000110 _____ () C:\ProgramData\{E3D04529-6EDB-11D8-A372-0050BAE317E1}.log

Some content of TEMP:
====================
C:\Users\Rod\AppData\Local\Temp\AppLauncher.exe
C:\Users\Rod\AppData\Local\Temp\comver.dll
C:\Users\Rod\AppData\Local\Temp\everesthome220.exe
C:\Users\Rod\AppData\Local\Temp\gkey.exe
C:\Users\Rod\AppData\Local\Temp\pkeyui.exe
C:\Users\Rod\AppData\Local\Temp\Quarantine.exe
C:\Users\Rod\AppData\Local\Temp\sdan.exe
C:\Users\Rod\AppData\Local\Temp\sdapk.exe
C:\Users\Rod\AppData\Local\Temp\sdaspwn.exe
C:\Users\Rod\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Rod\AppData\Local\Temp\sqlite3.dll
C:\Users\Rod\AppData\Local\Temp\tu17p84.exe
C:\Users\Rod\AppData\Local\Temp\wabk.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-25 21:19

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

Dabbei · 27.04.2015, 21:18

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-04-2015 01
Ran by Rod at 2015-04-27 22:08:18
Running from D:\downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1164391901-2496949349-3293824855-500 - Administrator - Disabled)
Gast (S-1-5-21-1164391901-2496949349-3293824855-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1164391901-2496949349-3293824855-1006 - Limited - Enabled)
Rod (S-1-5-21-1164391901-2496949349-3293824855-1002 - Administrator - Enabled) => C:\Users\Rod

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader 8.1.0 - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-A81000000003}) (Version: 8.1.0 - Adobe Systems Incorporated)
Ashampoo AppLauncher (Medion) v.1.0.0 (HKLM-x32\...\Ashampoo AppLauncher (Medion)_is1) (Version: 1.0.0 - Ashampoo GmbH & Co. KG)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.6.2 - EA Digital Illusions CE AB)
Behaviors SDK (Windows Phone) for Visual Studio 2013 (x32 Version: 12.0.50716.0 - Microsoft Corporation) Hidden
Behaviors SDK (Windows) for Visual Studio 2013 (x32 Version: 12.0.50429.0 - Microsoft Corporation) Hidden
Build Tools - amd64 (Version: 12.0.31101 - Microsoft Corporation) Hidden
Build Tools - x86 (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden
Build Tools Language Resources - amd64 (Version: 12.0.31101 - Microsoft Corporation) Hidden
Build Tools Language Resources - x86 (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
CDBurnerXP (HKLM-x32\...\{909A791A-DBB0-432F-BC0E-D0C81925E340}) (Version: 4.5.3.4746 - Canneverbe Limited)
Company of Heroes (HKLM-x32\...\Steam App 4560) (Version:  - Relic Entertainment)
Company of Heroes 2 (HKLM-x32\...\Steam App 231430) (Version:  - Relic Entertainment)
Contents (x32 Version: 16.0.0.106 - Corel Corporation) Hidden
CyberLink Home Cinema 10 (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
CyberLink PowerDirector 11 (Version: 11.0.0.3215 - CyberLink Corp.) Hidden
CyberLink PowerRecover (HKLM-x32\...\InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.7.0.2103 - CyberLink Corp.)
CyberLink PowerRecover (Version: 5.7.0.2103 - CyberLink Corp.) Hidden
Dia (nur entfernen) (HKLM-x32\...\Dia) (Version:  - )
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
Entity Framework 6.1.1 Tools  for Visual Studio 2013 (HKLM-x32\...\{85253F13-EE42-4850-A3A5-79B90E92D7AC}) (Version: 12.0.30610.0 - Microsoft Corporation)
Entity Framework Designer für Visual Studio 2012 - DEU (HKLM-x32\...\{B2BDC072-BE01-432D-B281-30891D597FBB}) (Version: 11.1.30729.00 - Microsoft Corporation)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
ETDWare PS/2-X64 11.13.0.2_WHQL (HKLM\...\Elantech) (Version: 11.13.0.2 - ELAN Microelectronic Corp.)
Europa Universalis IV (HKLM-x32\...\Steam App 236850) (Version:  - Paradox Development Studio)
EVEREST Home Edition v2.20 (HKLM-x32\...\EVEREST Home Edition_is1) (Version: 2.20 - Lavalys Inc)
Fotogalleri (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Free Window Registry Repair (HKLM-x32\...\Free Window Registry Repair) (Version:  - )
FUSSBALL MANAGER 14 (HKLM-x32\...\{5FC27E1E-08C0-4346-A321-ED2D31FAE936}) (Version: 1.0.0.0 - Electronic Arts)
Galeria de Fotografias (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
ICA (x32 Version: 16.0.0.106 - Corel Corporation) Hidden
IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb) (Version:  - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version:  - )
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1323 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3960 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{302600C1-6BDF-4FD1-1303-148929CC1385}) (Version: 3.0.1303.0326 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.5.0.1066 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{c59bceea-23ab-4e2e-bfa6-625dd1e26dd1}) (Version: 16.0.2 - Intel Corporation)
IPM_VS_Pro (x32 Version: 16.0 - Corel Corporation) Hidden
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java SE Development Kit 8 Update 20 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180200}) (Version: 8.0.200.26 - Oracle Corporation)
KB9X Radio Switch Driver (HKLM\...\5AADE1068CF70DD983F763B20CF2CAAB72883915) (Version: 1.1.0.0 - ENE TECHNOLOGY INC.)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK - DEU Lang Pack (HKLM-x32\...\{21B0F482-5EF9-45DA-8840-340AFE705A6C}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (Deutsch) (HKLM-x32\...\{CBD7095F-7211-43FD-9FE7-FB08D753AF79}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Help Viewer 1.0 Language Pack - DEU (HKLM\...\Microsoft Help Viewer 1.0 Language Pack - DEU) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Help Viewer 1.1 Language Pack - DEU (HKLM\...\Microsoft Help Viewer 1.1 Language Pack - DEU) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Help Viewer 2.0 (HKLM-x32\...\Microsoft Help Viewer 2.0) (Version: 2.0.50727 - Microsoft Corporation)
Microsoft Help Viewer 2.0 Language Pack - DEU (HKLM-x32\...\Microsoft Help Viewer 2.0 Language Pack - DEU) (Version: 2.0.50727 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Help Viewer 2.1 Sprachpaket - DEU (HKLM-x32\...\Microsoft Help Viewer 2.1 Sprachpaket - DEU) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Office 365 ProPlus - de-de (HKLM\...\O365ProPlusRetail - de-de) (Version: 15.0.4711.1002 - Microsoft Corporation)
Microsoft Report Viewer 2012-Laufzeit (HKLM-x32\...\{F2C6E9F1-8F35-42A0-A9CA-E6C94D92A86C}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Silverlight 5 SDK - DEU (HKLM-x32\...\{F351AA2C-723C-4CFE-A7CB-8E43AB164F7F}) (Version: 5.0.61118.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{5973B12E-5FC1-4EF6-B63B-49C1C4AF2AAA}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2012 (64-Bit) (HKLM\...\Microsoft SQL Server SQLServer2012) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{58FED865-4F13-408D-A5BF-996019C4B936}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (x64) (HKLM\...\{A6BA243E-85A3-4635-A269-32949C98AC7F}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{6C026A91-640F-4A23-8B68-05D589CC6F18}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Setup (English) (HKLM\...\{8CB0713F-CFE0-445D-BCB2-538465860E1A}) (Version: 11.1.3128.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL Compiler Service  (HKLM\...\{55FABD1D-8BE6-4A1A-958D-52B15F1DFEF0}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM\...\{90E8C2E5-198C-4923-BC06-AF13E5FA964D}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM-x32\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012-Richtlinien  (HKLM-x32\...\{1D4E365F-F39C-48BA-A995-CAEDFDA29AD1}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2014 Express LocalDB  (HKLM\...\{AB8DE9BA-19E1-446A-BCFA-6B3DA9751E21}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 DEU (HKLM-x32\...\{0125D081-30D0-4A97-82A8-C28D444B6256}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 DEU (HKLM\...\{C3EAE456-7E7A-451F-80EF-F34C7A13C558}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools – Database Projects – Web installer entry point (HKLM-x32\...\{18558FE7-A87A-4063-9732-95E9E1420828}) (Version: 10.3.20116.0 - Microsoft Corporation)
Microsoft SQL Server Data Tools - DEU (11.1.20828.01) (HKLM-x32\...\{E511AE89-54BB-481D-BC4A-1B1F1E1B7693}) (Version: 11.1.20828.01 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (12.0.41012.0) (HKLM-x32\...\{AC8E0CF4-42A1-4151-B684-97CF6FD726CF}) (Version: 12.0.41012.0 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - DEU (11.1.20828.01) (HKLM-x32\...\{00C84D22-DB8F-4159-BF70-682B8EA56A1E}) (Version: 11.1.20828.01 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - DEU (12.0.30919.1) (HKLM-x32\...\{BCB8A870-2B3D-4CC0-87D6-F931E065AC0C}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) (HKLM-x32\...\{6781FF9B-E87D-4A03-9373-A55A288B83FA}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{A282A232-780C-45E2-A5E5-9B61D74DCC6E}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{4701DEDE-1888-49E0-BAE5-857875924CA2}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{05FF8209-C4F1-4C77-BC28-791653156D20}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{8C06D6DB-A391-4686-B050-99CC522A7843}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{4AEB505C-95E1-4964-9B64-8D27F3186D30}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM-x32\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU (HKLM\...\{3C983A67-DFB2-3D3D-AD9E-CA1A5A09FD18}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Shell (Integrated) - DEU (HKLM-x32\...\{B28DC16A-5394-3761-B143-450AE92516BB}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Shell (Isolated) - DEU (HKLM-x32\...\{987AE03F-234A-3623-BD28-6B31FD1D3AB3}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Express 2013 for Windows Desktop - ENU with Update 4 (HKLM-x32\...\{b8a9dbc1-1fd4-4103-a83b-a2896f193ea0}) (Version: 12.0.31101.0 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications Design-Time 3.0 - DEU Language Pack (HKLM-x32\...\{38F74A0E-357B-336C-B614-FE59F4BC62A0}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications Design-Time 3.0 (HKLM-x32\...\{5A03C202-08B4-3F1D-9A60-A4F53EF1B636}) (Version: 10.0.40220 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications x86 Runtime 3.0 - DEU Language Pack (HKLM-x32\...\{96D7B7B6-424F-3A52-8E8D-32CF2615DBD2}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications x86 Runtime 3.0 (HKLM-x32\...\{191A6F65-6878-398D-A272-EF011B80F371}) (Version: 10.0.40220 - Microsoft Corporation)
Microsoft Web Deploy 3.5 (HKLM\...\{69A998C5-00A9-42CA-AB4E-C31CFFCD9251}) (Version: 3.1237.1763 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Firefox 37.0.2 (x86 de) (HKU\S-1-5-21-1164391901-2496949349-3293824855-1002\...\Mozilla Firefox 37.0.2 (x86 de)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.9 - Notepad++ Team)
NVIDIA GeForce Experience 2.4.1.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.1.21 - NVIDIA Corporation)
NVIDIA Grafiktreiber 347.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.88 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4711.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4711.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4711.1002 - Microsoft Corporation) Hidden
Open XML SDK 2.5 for Microsoft Office (x32 Version: 2.5.5631 - Microsoft Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 9.5.3.636 - Electronic Arts, Inc.)
Paket zur Festlegung von Zielversionen für Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM-x32\...\{D5409B11-EF28-37A1-AE7A-6051A5BAD923}) (Version: 4.5.50932 - Microsoft Corporation)
PDF24 Creator 6.9.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PowreShellIntegration.Notifications (x32 Version: 2.5.21003.1603 - Microsoft Corporation) Hidden
Prerequisites for SSDT  (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
Prerequisites for SSDT  (HKLM-x32\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation)
Protegere (HKLM-x32\...\Protegere) (Version:  - )
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.994 - Even Balance, Inc.)
Python Tools Redirection Template (x32 Version: 1.1 - Microsoft Corporation) Hidden
Qualcomm Atheros Killer Network Manager (HKLM-x32\...\InstallShield_{DF446558-ADF7-4884-9B2D-281979CCE71F}) (Version: 6.1.0.550 - Qualcomm Atheros)
Qualcomm Atheros Killer Network Manager (Version: 6.1.0.550 - Qualcomm Atheros) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6914 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{BCDA54F6-C4B6-4519-A09E-FA064A6B4098}) (Version: 6.2.9200.21219 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Rise of Nations: Extended Edition (HKLM-x32\...\Steam App 287450) (Version:  - SkyBox Labs)
SCM (HKLM\...\{EDF24C5B-2E36-4089-B96A-329B15A74649}) (Version: 11.013.05146 -  )
Setup (x32 Version: 16.0.0.106 - Corel Corporation) Hidden
Share (x32 Version: 16.0.0.106 - Corel Corporation) Hidden
Share64 (Version: 16.0.0.106 - Corel Corporation) Hidden
SharePoint Client Components (Version: 15.0.4481.1505 - Microsoft Corporation) Hidden
SHIELD Streaming (Version: 4.1.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.4.1.21 - NVIDIA Corporation) Hidden
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
SmartSound Common Data (HKLM-x32\...\InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}) (Version: 1.1.0 - SmartSound Software Inc.)
SmartSound Common Data (x32 Version: 1.1.0 - SmartSound Software Inc.) Hidden
SmartSound Quicktracks 5 (HKLM-x32\...\InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.6 - SmartSound Software Inc.)
SmartSound Quicktracks 5 (x32 Version: 5.1.6 - SmartSound Software Inc.) Hidden
Spiral Knights (HKLM-x32\...\Steam App 99900) (Version:  - Three Rings)
Spotify (HKU\S-1-5-21-1164391901-2496949349-3293824855-1002\...\Spotify) (Version: 1.0.3.101.gbfa97dfe - Spotify AB)
SQL Server 2012 BI Development Studio (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Client Tools (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Common Files (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Services (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Shared (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Full text search (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Management Studio (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 SQL Data Quality Common (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
Sql Server Customer Experience Improvement Program (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Sudden Strike 2 (HKLM-x32\...\Sudden Strike 2_is1) (Version: 1.0 - Media Contact LLC)
Supreme Commander 2 (HKLM-x32\...\Steam App 40100) (Version:  - Gas Powered Games)
Syndicate (HKLM-x32\...\{64CFBAAB-46F7-4628-8D9B-E656A8C11CDB}) (Version: 2.0.0.3 - Electronic Arts)
Team Explorer for Microsoft Visual Studio 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
TeamSpeak 3 Client (HKU\S-1-5-21-1164391901-2496949349-3293824855-1002\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.36897 - TeamViewer)
Total War: SHOGUN 2 (HKLM-x32\...\Steam App 34330) (Version:  - The Creative Assembly)
TypeScript Power Tool (x32 Version: 1.0.5.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2013 (x32 Version: 1.0.5.0 - Microsoft Corporation) Hidden
Unterstützungsdateien für Microsoft SQL Server 2008-Setup  (HKLM\...\{6AF73222-EE90-434C-AE7E-B96F70A68D89}) (Version: 10.1.2731.0 - Microsoft Corporation)
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Visual Studio 2010 Prerequisites - English (HKLM\...\{53952792-BF16-300E-ADF2-E7E4367E00CF}) (Version: 10.0.40219 - Microsoft Corporation)
Visual Studio 2013 Update 4 (KB2829760) (HKLM-x32\...\{53d408db-eb91-43fb-9d8f-167681c19763}) (Version: 12.0.31101 - Microsoft Corporation)
VS Update core components (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden
VSClassic (x32 Version: 16.0.0.106 - Corel Corporation) Hidden
VSHelp (x32 Version: 16.0.0.106 - Corel Corporation) Hidden
VSPro (x32 Version: 16.0.0.106 - Corel Corporation) Hidden
WCF RIA Services V1.0 SP2 (HKLM-x32\...\{5D8DD6A8-C4D7-4554-93F9-F1CC28C72600}) (Version: 4.1.62812.0 - Microsoft Corporation)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1164391901-2496949349-3293824855-1002_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)

==================== Restore Points  =========================

26-04-2015 21:09:26 Geplanter Prüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2014-11-23 01:37 - 00000035 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0D2ED2D9-ECE3-444E-9D45-5D5BCBCD7D7B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-02-03] (Microsoft Corporation)
Task: {10146EE2-D0FE-40EC-8017-890C940753E9} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {263B42A9-202C-438F-88B0-AA5594A81CB7} - System32\Tasks\OXJV => C:\Users\Rod\AppData\Roaming\OXJV.exe <==== ATTENTION
Task: {28CD03C0-1C6F-41E7-90FF-213BDC2B86F4} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {326646C5-E4B9-4C85-8794-5BD27A0921D5} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: {4BA0862F-A95A-473A-AB09-E9588C5056F9} - System32\Tasks\Dolby Selector => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [2012-08-31] (Dolby Laboratories Inc.)
Task: {52143E63-AF6D-4D2B-9179-F3CAEE2FC345} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-03-10] (Microsoft Corporation)
Task: {5A55966A-ABBD-4005-AB03-93E1F89036B6} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-03-10] (Microsoft Corporation)
Task: {5D1A4B91-7D76-4850-9F7D-32031EA7B175} - System32\Tasks\RTQFZORV => C:\Users\Rod\AppData\Roaming\RTQFZORV.exe <==== ATTENTION
Task: {672EC4B1-9424-4EB9-B21B-6F6B83A321C5} - \AutoPico Daily Restart No Task File <==== ATTENTION
Task: {71ACAD82-B89F-4C6D-BF05-412CB8F79F9E} - System32\Tasks\LaunchPreSignup => C:\Program Files (x86)\OLBPre\OLBPre.exe
Task: {71B2FCDE-FCE7-442B-A53B-9BF56ADF1144} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {753849B1-9E4C-4B9B-BF90-3B5FA891FB48} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-04-15] (Microsoft Corporation)
Task: {79AAD0B2-716C-4FD4-AB10-F2CE5FDC5AA2} - System32\Tasks\{1E62A383-47EA-4F8B-A9A1-7ABED2708697} => pcalua.exe -a "C:\ProgramData\Battle.net\Agent\Blizzard Uninstaller.exe" -c --lang= --uid=battle.net --displayname="Battle.net"
Task: {7DD317D9-D8D8-4812-BFF2-874C0259401F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-02-03] (Microsoft Corporation)
Task: {882A334A-99BF-41B8-B248-84FE4358B7D4} - System32\Tasks\{ABBAF84F-D062-43E1-B01B-79516F78051E} => pcalua.exe -a C:\Users\Rod\AppData\Local\00000000-1430085370-0000-0000-8C89A50FD868\Uninstall.exe
Task: {8BB68DAF-A68F-4D64-B231-C49219D6E22C} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {98BC4E9E-9146-4275-8FFF-45F1830837A5} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {9A9251B8-0DB4-49AE-879C-3F6B3317A7A3} - System32\Tasks\iren3006 => C:\PROGRA~2\HIGHLI~1\iren3006.exe
Task: {9D7AC1C0-5D3D-4E94-86D8-7FF0AC42B1E3} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {E044C832-B487-4A74-82C4-6ED8EB5DF63B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-14] (Adobe Systems Incorporated)
Task: {F0599474-5F57-4621-A75D-946FF7A2A93C} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-03-18] (Microsoft Corporation)
Task: {FAC019EF-9BCD-4B38-B7CF-8F8BC91CD607} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {FBD8AED1-B060-455D-A231-01A57D06F93C} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\OXJV.job => C:\Users\Rod\AppData\Roaming\OXJV.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\RTQFZORV.job => C:\Users\Rod\AppData\Roaming\RTQFZORV.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) ==============

2014-01-15 23:38 - 2015-03-13 18:16 - 00118472 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-01-26 01:32 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-05-08 20:16 - 2015-02-04 01:11 - 00076152 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2013-03-15 14:22 - 2013-03-15 14:22 - 00495616 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe
2011-05-09 22:46 - 2011-05-09 22:46 - 02760192 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\QtCore4.dll
2011-05-09 22:56 - 2011-05-09 22:56 - 09856000 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\QtGui4.dll
2011-05-09 22:47 - 2011-05-09 22:47 - 00416256 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\QtXml4.dll
2013-03-15 14:22 - 2013-03-15 14:22 - 00217600 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFCommon.dll
2011-05-09 22:48 - 2011-05-09 22:48 - 00990720 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\QtNetwork4.dll
2011-05-10 14:32 - 2011-05-10 14:32 - 00731648 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\qwt5.dll
2013-10-28 16:29 - 2013-03-06 16:42 - 00389896 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2013-12-21 01:02 - 2014-10-03 18:36 - 00457616 _____ () C:\WINDOWS\system32\igfxTray.exe
2013-03-15 14:22 - 2013-03-15 14:22 - 00553984 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe
2013-03-15 14:22 - 2013-03-15 14:22 - 00404992 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\plugins\modApplications.dll
2013-03-15 14:22 - 2013-03-15 14:22 - 00036864 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\plugins\modFeatures.dll
2013-03-15 14:22 - 2013-03-15 14:22 - 00025088 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\plugins\modFraps.dll
2013-03-15 14:22 - 2013-03-15 14:22 - 00240128 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\plugins\modGraph.dll
2013-03-15 14:22 - 2013-03-15 14:22 - 00062464 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\plugins\modlcd.dll
2013-03-15 14:22 - 2013-03-15 14:22 - 00291328 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\plugins\modNetwork.dll
2013-03-15 14:22 - 2013-03-15 14:22 - 00184832 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\plugins\modNpu.dll
2013-03-15 14:22 - 2013-03-15 14:22 - 00211456 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\plugins\modOptions.dll
2013-03-15 14:22 - 2013-03-15 14:22 - 00064000 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\plugins\modOverview.dll
2013-03-15 14:22 - 2013-03-15 14:22 - 00317440 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\plugins\modSystemInfo.dll
2013-10-28 16:28 - 2013-08-05 09:49 - 00627672 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-08-05 17:48 - 2013-08-05 17:48 - 00016856 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2015-01-26 01:32 - 2015-01-26 01:32 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2013-10-28 14:38 - 2013-03-12 15:19 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Rod\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Rod\SkyDrive.old:ms-properties
AlternateDataStreams: C:\Users\Rod\Desktop\Arbeitsunfähigkeitsbescheinigung.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Rod\Desktop\Arbeitsunfähigkeitsbescheinigung.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Rod\Desktop\Arbeitsunfähigkeitsbescheinigung2.jpeg.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Rod\Desktop\Arbeitsunfähigkeitsbescheinigung2.jpeg.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Rod\Desktop\Gutschrift.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Rod\Desktop\Gutschrift.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Rod\Desktop\Kündigungsbestätigung.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Rod\Desktop\Kündigungsbestätigung.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1164391901-2496949349-3293824855-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Public\Pictures\Ashampoo Pictures\GreenBridge.jpg
DNS Servers: 192.168.0.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKLM\...\StartupApproved\Run32: => "BingDesktop"
HKLM\...\StartupApproved\Run32: => "YouCam Service6"
HKU\S-1-5-21-1164391901-2496949349-3293824855-1002\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-1164391901-2496949349-3293824855-1002\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-1164391901-2496949349-3293824855-1002\...\StartupApproved\Run: => "BuildNotification12"

==================== FirewallRules (whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [Wininit-Shutdown-In-Rule-TCP-RPC] => (Allow) %systemroot%\system32\wininit.exe
FirewallRules: [Wininit-Shutdown-In-Rule-TCP-RPC-EPMapper] => (Allow) %systemroot%\system32\wininit.exe
FirewallRules: [ProximityUxHost-Sharing-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\proximityuxhost.exe
FirewallRules: [ProximityUxHost-Sharing-Out-TCP-NoScope] => (Allow) %SystemRoot%\system32\proximityuxhost.exe
FirewallRules: [NETDIS-DAS-In-UDP-Active] => (Allow) %SystemRoot%\system32\dashost.exe
FirewallRules: [NETDIS-DAS-In-UDP] => (Allow) %SystemRoot%\system32\dashost.exe
FirewallRules: [EventForwarder-In-TCP] => (Allow) %SystemRoot%\system32\NetEvtFwdr.exe
FirewallRules: [TPMVSCMGR-Server-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\RmtTpmVscMgrSvr.exe
FirewallRules: [TPMVSCMGR-Server-Out-TCP-NoScope] => (Allow) %SystemRoot%\system32\RmtTpmVscMgrSvr.exe
FirewallRules: [TPMVSCMGR-Server-In-TCP] => (Allow) %SystemRoot%\system32\RmtTpmVscMgrSvr.exe
FirewallRules: [TPMVSCMGR-Server-Out-TCP] => (Allow) %SystemRoot%\system32\RmtTpmVscMgrSvr.exe
FirewallRules: [PlayTo-In-UDP-NoScope] => (Allow) %SystemRoot%\system32\mdeserver.exe
FirewallRules: [PlayTo-In-UDP-LocalSubnetScope] => (Allow) %SystemRoot%\system32\mdeserver.exe
FirewallRules: [PlayTo-In-UDP-PlayToScope] => (Allow) %SystemRoot%\system32\mdeserver.exe
FirewallRules: [PlayTo-Out-UDP-NoScope] => (Allow) %SystemRoot%\system32\mdeserver.exe
FirewallRules: [PlayTo-Out-UDP-LocalSubnetScope] => (Allow) %SystemRoot%\system32\mdeserver.exe
FirewallRules: [PlayTo-Out-UDP-PlayToScope] => (Allow) %SystemRoot%\system32\mdeserver.exe
FirewallRules: [PlayTo-In-RTSP-NoScope] => (Allow) %SystemRoot%\system32\mdeserver.exe
FirewallRules: [PlayTo-In-RTSP-LocalSubnetScope] => (Allow) %SystemRoot%\system32\mdeserver.exe
FirewallRules: [PlayTo-In-RTSP-PlayToScope] => (Allow) %SystemRoot%\system32\mdeserver.exe
FirewallRules: [WFDPRINT-DAFWSD-In-Active] => (Allow) %SystemRoot%\system32\dashost.exe
FirewallRules: [WFDPRINT-DAFWSD-Out-Active] => (Allow) %SystemRoot%\system32\dashost.exe
FirewallRules: [NETDIS-DAS-In-UDP_1] => (Allow) %SystemRoot%\system32\dashost.exe
FirewallRules: [{EFC1486F-F315-4A20-B86B-ED25C4D816E2}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{0BE1E8CC-1DFA-4729-A6CA-A9F8D87BBCAF}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{151054A0-8B6C-47C1-894B-D4F3C263B265}] => (Allow) D:\Steam\SteamApps\common\Spiral Knights\java_vm\bin\javaw.exe
FirewallRules: [{4C39F784-2637-45D4-BDAE-2E9ECA950D6A}] => (Allow) D:\Steam\SteamApps\common\Spiral Knights\java_vm\bin\javaw.exe
FirewallRules: [{7F107F5F-BCFE-4FF8-BE40-70F41E2E043B}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{0487CBB2-65D2-48F0-98B4-1224C8C89DD6}] => (Allow) D:\Steam\SteamApps\common\Spiral Knights\java_vm\bin\javaw.exe
FirewallRules: [{4FD12EB7-E109-4D6D-B4E3-0B0AB2A918AF}] => (Allow) D:\Steam\SteamApps\common\Spiral Knights\java_vm\bin\javaw.exe
FirewallRules: [{63FBE8D1-FD37-4A45-8D49-F8DCA97A24F8}] => (Allow) D:\Steam\SteamApps\common\Total War SHOGUN 2\benchmarks\benchmark_specify_properties.bat
FirewallRules: [{92693EEE-6368-4CDD-AF1D-F7E3CBEE9DBD}] => (Allow) D:\Steam\SteamApps\common\Total War SHOGUN 2\benchmarks\benchmark_specify_properties.bat
FirewallRules: [{D028ED98-4AB7-4CDD-9027-AAE64F4D611B}] => (Allow) D:\Steam\SteamApps\common\Total War SHOGUN 2\benchmarks\benchmark_specify_properties.bat
FirewallRules: [{13DD9B16-45D2-4B23-8662-0ACDB861E2BF}] => (Allow) D:\Steam\SteamApps\common\Total War SHOGUN 2\benchmarks\benchmark_specify_properties.bat
FirewallRules: [{648A645A-28EF-43F9-B2C5-0FB5DF4CC824}] => (Allow) D:\Steam\SteamApps\common\Total War SHOGUN 2\benchmarks\benchmark_current_settings.bat
FirewallRules: [{D5D879DA-177F-4EB7-A2BE-D84FB944F8B4}] => (Allow) D:\Steam\SteamApps\common\Total War SHOGUN 2\benchmarks\benchmark_current_settings.bat
FirewallRules: [{6DC7A120-CFE5-4826-B79D-06246BEE633C}] => (Allow) D:\Steam\SteamApps\common\Total War SHOGUN 2\benchmarks\benchmark_specify_properties.bat
FirewallRules: [{3030D57C-3EB0-4665-B021-36519C38AE4F}] => (Allow) D:\Steam\SteamApps\common\Total War SHOGUN 2\benchmarks\benchmark_specify_properties.bat
FirewallRules: [{74B71E0C-5738-4F48-BCFD-F9B5370E3545}] => (Allow) D:\Steam\SteamApps\common\Total War SHOGUN 2\benchmarks\benchmark_specify_properties.bat
FirewallRules: [{208CC66F-1B9A-4B6D-8AF7-0677F0035782}] => (Allow) D:\Steam\SteamApps\common\Total War SHOGUN 2\benchmarks\benchmark_specify_properties.bat
FirewallRules: [{88180F36-1A6C-4290-BA39-5E9E59FABC0E}] => (Allow) D:\Steam\SteamApps\common\Total War SHOGUN 2\data\encyclopedia\how_to_play.html
FirewallRules: [{34BE3EFE-D585-4C0D-80FC-BC37B071BAC2}] => (Allow) D:\Steam\SteamApps\common\Total War SHOGUN 2\data\encyclopedia\how_to_play.html
FirewallRules: [{0783CE96-9845-4620-8744-BAAB68C3081B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{3BCF9E8A-885B-46FE-A142-85CC0CBD349F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{8F4C6910-4DA2-4100-920F-F2B4D5E479B4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{33EC5163-E8C8-4752-912B-E6A687D8472D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{D26B888C-3C6E-4F19-949B-8B8AEE1C4543}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{EC97D1A7-C3EF-4784-95E2-6A03EDC143DD}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{125ECB47-C82B-463B-856F-42055494FC76}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{52EDF3ED-8570-4E8B-A787-6E35057E8859}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{3A85EF75-B96E-4FFD-B829-8B3A30C32674}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{4652C1E6-9DAE-4459-805B-D36D72C76125}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{2F75ECB8-7BBD-4C11-A375-7550A92784B2}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{DC98B93E-2DA1-42DF-A82E-1AAB52DE439B}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{BD95AB43-96C3-4840-8512-C5FDF39E5B3C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{3193870E-F215-4F57-A677-2DC6AEC8F8A2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{B8391E2A-92EA-465B-98CF-48742F3F1700}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{53602756-2480-45D1-B02F-48C0D1942CBB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{B0FD9F69-4AF6-47CD-B23E-E5448EC44A2B}] => (Allow) D:\Steam\SteamApps\common\Company of Heroes 2\RelicCoH2.exe
FirewallRules: [{1CBD8CA1-2CFA-4A2A-B220-A484ED7F6A04}] => (Allow) D:\Steam\SteamApps\common\Company of Heroes 2\RelicCoH2.exe
FirewallRules: [UDP Query User{7DE9C3C4-05C6-4150-8F6E-D7B50CA3BA68}C:\users\rod\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\rod\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{6B9AC464-AEAE-4A3A-AE65-1E7EDB2ED96A}C:\users\rod\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\rod\appdata\roaming\spotify\spotify.exe
FirewallRules: [{11EC9935-6FE5-4586-89A2-AAE0F606F11F}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{3206FF9B-C666-41BF-8E83-EEF4592137E8}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{4CAF4E04-C3B1-4CD4-9A9C-028F945824C5}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
FirewallRules: [{2690EFAD-C134-41CE-AD1A-6FED2643D5C6}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
FirewallRules: [{525A510F-D0D4-45DE-9366-EAEF6C6E81C6}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{0C33D89F-47CC-4B46-B8AE-C46B9BE88F13}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{3D7B0B48-7FA6-4168-B29D-D56A2F831D6D}] => (Allow) C:\Program Files\CyberLink\PowerDirector11\PDR10.EXE
FirewallRules: [{D08C112D-A8DE-403D-9109-4ECD25D9D8F0}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{A388916A-8717-4596-882C-9941419105C0}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{5ABABA98-B34B-4E30-8DC2-838DAAFDB69D}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{2E20B24C-60DF-4A09-AD35-A46C7F1C8AC4}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{C53F67CB-CECB-4EB3-85DD-016FA5035CF7}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{CB98CBA7-E62A-4725-942D-AA2C60FC1305}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{0C83D533-87F1-46AA-B0CB-A1B94E03AC0A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{91F5EDF4-43AD-49AD-BE59-F8AA90491CD8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{B317A7C9-F5AB-4CA0-A6A0-45E3FE076200}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{8004E1CC-6978-46D7-BB36-D22D05846AFD}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.524\Agent.exe
FirewallRules: [{CB2555FD-15E9-4376-B9D2-4489017C1401}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.524\Agent.exe
FirewallRules: [{0438DE13-9E88-4B3B-A10F-5622479304ED}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe
FirewallRules: [{1FD5E9EC-EAE8-4181-AABE-AAD77664EF98}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe
FirewallRules: [{B36A4AA1-79A0-48FC-AFFF-E68A52C76C84}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Agent.exe
FirewallRules: [{73BE6CC4-CCC9-44AE-9F93-408A5F136AE2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Agent.exe
FirewallRules: [{478134D3-CA72-4A50-8C13-28DB8CCD7F14}] => (Allow) D:\Diablo\Battle.net\Battle.net.exe
FirewallRules: [{CDDA107C-99A0-436A-94CB-661535D3BE00}] => (Allow) D:\Diablo\Battle.net\Battle.net.exe
FirewallRules: [{D57DE6AD-8651-464D-8CE8-C5EEC3E7CB2A}] => (Allow) D:\Diablo\Diablo III\Diablo III.exe
FirewallRules: [{37419956-F075-4496-8E02-8F839C188126}] => (Allow) D:\Diablo\Diablo III\Diablo III.exe
FirewallRules: [{20DF3ED4-C5AC-44F1-9B71-8FB59AB1FB1C}] => (Allow) D:\Diablo\StarCraft II\StarCraft II.exe
FirewallRules: [{6FE40104-B81D-4E63-9AE7-6B8123DA3C11}] => (Allow) D:\Diablo\StarCraft II\StarCraft II.exe
FirewallRules: [TCP Query User{7C181362-C9D0-46C5-A5F0-E54BE6E76E67}D:\diablo\starcraft ii\versions\base28667\sc2.exe] => (Allow) D:\diablo\starcraft ii\versions\base28667\sc2.exe
FirewallRules: [UDP Query User{E2942878-9D41-45F4-81E6-995D7E17B210}D:\diablo\starcraft ii\versions\base28667\sc2.exe] => (Allow) D:\diablo\starcraft ii\versions\base28667\sc2.exe
FirewallRules: [{6790884E-61EB-487B-846E-22512725B6DD}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2787\Agent.exe
FirewallRules: [{EAA68D18-E21C-455F-BA0F-EE8A1AB132A0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2787\Agent.exe
FirewallRules: [{B18A2A8B-97CE-4408-98FC-2B72BEEF5DE3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe
FirewallRules: [{16901FD5-2592-4BA8-A39F-604D9700AA3F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe
FirewallRules: [{290E2F11-FF1E-418D-B6C4-23E2580DC255}] => (Allow) D:\Program Files (x86)\KMSpico\KMSELDI.exe
FirewallRules: [{8E933E84-DFEF-4E41-96DD-ED42F53DDE8C}] => (Allow) D:\Program Files (x86)\KMSpico\KMSELDI.exe
FirewallRules: [{21ED68D6-7A57-482D-B3AD-944B2ED7BE4E}] => (Allow) D:\Program Files (x86)\KMSpico\AutoPico.exe
FirewallRules: [{04529AB2-DE2C-4C5A-B96E-626521BC6547}] => (Allow) D:\Program Files (x86)\KMSpico\AutoPico.exe
FirewallRules: [{85E3A8A3-0E99-412D-849B-D0D23D5C02BF}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{76A968B6-BE1C-4152-898B-FA39C004A777}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{C66B792C-228A-498E-AF89-365249347B31}] => (Allow) D:\Steam\SteamApps\common\Supreme Commander 2\bin\SupremeCommander2.exe
FirewallRules: [{6D44E7D4-843C-425E-84EE-4635B3BB5DEC}] => (Allow) D:\Steam\SteamApps\common\Supreme Commander 2\bin\SupremeCommander2.exe
FirewallRules: [{6224D34A-9CD0-4DC5-BFE8-11B619E6ED92}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{FC7EBDBF-0065-4290-ACF2-D7ECFC132536}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [TCP Query User{7C5C0FBF-3907-4637-BA6A-0D5CFD9B24C3}D:\diablo\starcraft ii\versions\base28667\sc2.exe] => (Allow) D:\diablo\starcraft ii\versions\base28667\sc2.exe
FirewallRules: [UDP Query User{99E31B09-AA15-4267-97C9-7110E606584D}D:\diablo\starcraft ii\versions\base28667\sc2.exe] => (Allow) D:\diablo\starcraft ii\versions\base28667\sc2.exe
FirewallRules: [{F4C32761-8179-4D2F-B7F8-3E0071DD2079}] => (Allow) D:\Program Files (x86)\KMSpico\AutoPico.exe
FirewallRules: [{C2384415-E56E-4C72-A11F-DF1358BFF902}] => (Allow) D:\Program Files (x86)\KMSpico\AutoPico.exe
FirewallRules: [TCP Query User{F0468C5F-CBA0-4460-8B77-1A792EB3989E}D:\program files (x86)\origin games\battlefield 3\bf3.exe] => (Allow) D:\program files (x86)\origin games\battlefield 3\bf3.exe
FirewallRules: [UDP Query User{285C2EA7-1AFB-436C-81DE-420D328DE1B1}D:\program files (x86)\origin games\battlefield 3\bf3.exe] => (Allow) D:\program files (x86)\origin games\battlefield 3\bf3.exe
FirewallRules: [{524633C6-25A5-4906-8C59-42DCB7AF471B}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{3A74A329-9F8C-49E5-AAFA-2872BAC73DB4}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{A0934EEE-E53B-4DBB-A5B5-B494730C7130}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{7E82D1F9-EA3C-4AEC-8661-31CCBDCB726A}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{0CA75E98-5397-46D2-8336-2BE1AC41A8F4}] => (Allow) D:\Program Files (x86)\KMSpico\Service_KMS.exe
FirewallRules: [{86B26EF6-EC83-4B21-8390-AD44B72BF73F}] => (Allow) D:\Program Files (x86)\KMSpico\Service_KMS.exe
FirewallRules: [TCP Query User{1EAE046E-C0FF-49C9-9162-0FE41D7E088E}D:\steam\steamapps\common\rise of nations\rise.exe] => (Allow) D:\steam\steamapps\common\rise of nations\rise.exe
FirewallRules: [UDP Query User{528F45E5-5554-4FF0-B8C7-0084D20DC2EF}D:\steam\steamapps\common\rise of nations\rise.exe] => (Allow) D:\steam\steamapps\common\rise of nations\rise.exe
FirewallRules: [{522C3BB1-1B34-41AC-A88D-1B26320CBC3D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [{363BCE44-8255-44BF-8A0F-99288CDDD3E7}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [{BD94AB80-CC8A-4193-ABA2-D107162A6079}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [{2D743E3B-660E-41B8-908F-A1BADF06CD79}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [{992A7DDA-7BEE-40EE-84E1-7499B8467349}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe
FirewallRules: [{D7AB1AFB-D301-4616-A7AF-D6A604C7C6D1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe
FirewallRules: [{7809B7A8-4253-48B8-98A4-FF6B0ADF5839}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe
FirewallRules: [{112ABEDC-1D09-4DF4-82D5-4144CDFB3AC7}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe
FirewallRules: [{E2C97174-82F9-4E8E-A292-15DD632251CE}] => (Allow) D:\Program Files (x86)\KMSpico\Service_KMS.exe
FirewallRules: [{A4452608-0B80-4AD0-A8F0-ADA1D3BB0992}] => (Allow) D:\Program Files (x86)\KMSpico\Service_KMS.exe
FirewallRules: [{0E9AFC68-93D8-4D29-A7BF-010EA12D0190}] => (Allow) LPort=1688
FirewallRules: [{6C771E3F-0FC5-47C1-ADA4-EB4084FEE87D}] => (Allow) D:\Steam\bin\steamwebhelper.exe
FirewallRules: [{085B68EE-6DFE-43E1-A3A8-EA29E2C838E1}] => (Allow) D:\Steam\bin\steamwebhelper.exe
FirewallRules: [{942F1E65-EB45-479F-A38E-FC6F41A29E55}] => (Allow) D:\Steam\SteamApps\common\Total War SHOGUN 2\Shogun2.exe
FirewallRules: [{EB568F97-B439-4EF4-9AE7-7BFCDB2C60C7}] => (Allow) D:\Steam\SteamApps\common\Total War SHOGUN 2\Shogun2.exe
FirewallRules: [{70F9A2CA-7C8E-48AB-9393-121CFD4398FC}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe
FirewallRules: [{C9A8054B-D290-4AEC-A42C-E1B22C57A68A}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe
FirewallRules: [{34E4C29F-F6B0-49A5-BC3B-C49CBF5092EE}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{7C74DC8A-3ECF-4169-822F-EEE2ED51FB55}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{B4D3E9DE-1C47-4E65-90FB-7D2A92C8ACE5}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{88D1ADB4-DD35-4B9D-93AE-D9EBA4E48CF4}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [TCP Query User{AF5F62CD-C898-4ABC-87B8-2998272A944F}D:\diablo\starcraft ii\versions\base32283\sc2.exe] => (Allow) D:\diablo\starcraft ii\versions\base32283\sc2.exe
FirewallRules: [UDP Query User{70CD513A-DDA6-4395-AA41-A1C3438EEC15}D:\diablo\starcraft ii\versions\base32283\sc2.exe] => (Allow) D:\diablo\starcraft ii\versions\base32283\sc2.exe
FirewallRules: [{7D5D425B-63E6-4F33-89D1-DA0B96342689}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{63A6DE05-3417-48EB-ABC2-7102212BE00D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{592B87CD-4FDA-453F-91DA-1E75F19DC40C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{8650B8A7-2855-4E87-9D9D-67F358C6A561}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{368D3624-962E-4DB9-BD7A-B83719BC7980}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
FirewallRules: [{89863BDB-4357-46C5-86C8-56F4A680AF3B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
FirewallRules: [{032A844F-8026-4AF9-A896-F7EEA3043AAC}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{48C088AF-2D15-484F-8491-19B8152EBA48}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{0779E5E9-3A80-4426-93C6-C3E0C558B6E8}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{D1FD8639-D5F3-4145-911C-6AB22FE34F32}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{4927F9A1-D5D6-42BA-814E-09B9CFC85F0D}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{79B02B00-2554-4A81-A8CB-708F3D9D35F2}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [TCP Query User{F6E1B078-4570-4204-9E9D-3CE086BFB9B5}D:\software\skype\phone\skype.exe] => (Allow) D:\software\skype\phone\skype.exe
FirewallRules: [UDP Query User{54AAF861-6370-48B5-A8B3-58DBE3E32BA1}D:\software\skype\phone\skype.exe] => (Allow) D:\software\skype\phone\skype.exe
FirewallRules: [TCP Query User{35CDB4D7-96C4-4AF7-BC89-A74378E37618}D:\software\skype\phone\skype.exe] => (Allow) D:\software\skype\phone\skype.exe
FirewallRules: [UDP Query User{70E5622B-8C40-4B86-8F19-FD194305DF1F}D:\software\skype\phone\skype.exe] => (Allow) D:\software\skype\phone\skype.exe
FirewallRules: [TCP Query User{8EBB2D34-D241-4B16-AC2A-C0B389EAB8F0}D:\firefox\firefox.exe] => (Block) D:\firefox\firefox.exe
FirewallRules: [UDP Query User{EE524630-D9E9-460E-9400-93E38B8A6C9A}D:\firefox\firefox.exe] => (Block) D:\firefox\firefox.exe
FirewallRules: [TCP Query User{572E1820-3C35-43EA-A79A-91D852953571}D:\firefox\firefox.exe] => (Block) D:\firefox\firefox.exe
FirewallRules: [UDP Query User{50FAD249-FD5F-4627-AE99-B7524ABB99C0}D:\firefox\firefox.exe] => (Block) D:\firefox\firefox.exe
FirewallRules: [{8B551092-4C92-42C9-8241-6395AF5FCB5B}] => (Allow) D:\Program Files (x86)\Origin Games\Syndicate (1993)\data\Game\DOSBox\LAUNCHER.exe
FirewallRules: [{E24C0EAC-D62C-44AB-B43E-1F1B455734CF}] => (Allow) D:\Program Files (x86)\Origin Games\Syndicate (1993)\data\Game\DOSBox\LAUNCHER.exe
FirewallRules: [{CC9EFEB5-8516-4CD1-82F7-22784DD92DB5}] => (Allow) D:\Programmierung\VS Express 2013\Common7\IDE\WDExpress.exe
FirewallRules: [{85EF242F-8542-4285-AF38-CDD152FCBB0A}] => (Allow) D:\Program Files (x86)\Origin Games\FIFA Manager 14\Manager14.exe
FirewallRules: [{1FEA9FE5-B3B3-4243-B7FD-8A6919F939CC}] => (Allow) D:\Program Files (x86)\Origin Games\FIFA Manager 14\Manager14.exe
FirewallRules: [{99BB33B9-4D73-4AD4-B5B7-642255E13915}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{5DCF519D-71D9-4F8A-8663-7B9241F55126}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{5757EE07-0396-430D-B9D5-30074A16BD24}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/27/2015 09:51:29 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.

Error: (04/27/2015 09:51:24 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1". Fehler in Manifest- oder Richtliniendatei "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" in Zeile  UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition: UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.

Error: (04/27/2015 09:50:29 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (04/27/2015 08:31:42 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [6]

Error: (04/27/2015 08:05:46 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [6]

Error: (04/27/2015 08:02:46 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (04/27/2015 07:34:13 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [6]

Error: (04/27/2015 07:33:59 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [0]

Error: (04/26/2015 09:59:31 PM) (Source: MsiInstaller) (EventID: 11309) (User: ROD)
Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt.  System error 3.  Verify that the file exists and that you can access it.

Error: (04/26/2015 09:54:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_17_0_0_169.exe, Version: 17.0.0.169, Zeitstempel: 0x5529da64
Name des fehlerhaften Moduls: USER32.dll, Version: 6.3.9600.17668, Zeitstempel: 0x54c846bb
Ausnahmecode: 0xc0000142
Fehleroffset: 0x0009e052
ID des fehlerhaften Prozesses: 0x3b00
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_17_0_0_169.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_17_0_0_169.exe1
Pfad des fehlerhaften Moduls: FlashPlayerPlugin_17_0_0_169.exe2
Berichtskennung: FlashPlayerPlugin_17_0_0_169.exe3
Vollständiger Name des fehlerhaften Pakets: FlashPlayerPlugin_17_0_0_169.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: FlashPlayerPlugin_17_0_0_169.exe5


System errors:
=============
Error: (04/27/2015 09:43:09 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070718 fehlgeschlagen: Sicherheitsupdate für Windows 8.1 für x64-basierte Systeme (KB3045755)

Error: (04/27/2015 09:43:09 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070718 fehlgeschlagen: Sicherheitsupdate für Windows 8.1 für x64-basierte Systeme (KB3045999)

Error: (04/27/2015 09:41:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "SQL Server (MSSQLSERVER)" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (04/27/2015 09:41:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Shortcut Overlap" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (04/27/2015 09:41:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Area Single Spaced" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (04/27/2015 09:40:38 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.

Modulpfad: C:\WINDOWS\System32\IWMSSvc.dll

Error: (04/27/2015 09:40:38 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.

Modulpfad: C:\WINDOWS\System32\IWMSSvc.dll

Error: (04/27/2015 09:40:16 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: 
%%1056

Error: (04/27/2015 09:40:01 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.

Modulpfad: C:\WINDOWS\System32\IWMSSvc.dll

Error: (04/27/2015 09:39:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.


Microsoft Office Sessions:
=========================
Error: (04/27/2015 09:51:29 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifestc:\program files (x86)\eset\eset online scanner\ESETSmartInstaller.exe

Error: (04/27/2015 09:51:24 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"c:\program files\microsoft office 15\root\office15\lync.exe.Manifestc:\program files\microsoft office 15\root\office15\UccApi.DLL1

Error: (04/27/2015 09:50:29 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\12.0\Debugger\target\armv4i\vsgraphicsremoteengine.exe

Error: (04/27/2015 08:31:42 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [6]

Error: (04/27/2015 08:05:46 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [6]

Error: (04/27/2015 08:02:46 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (04/27/2015 07:34:13 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [6]

Error: (04/27/2015 07:33:59 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [0]

Error: (04/26/2015 09:59:31 PM) (Source: MsiInstaller) (EventID: 11309) (User: ROD)
Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt.  System error 3.  Verify that the file exists and that you can access it.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (04/26/2015 09:54:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FlashPlayerPlugin_17_0_0_169.exe17.0.0.1695529da64USER32.dll6.3.9600.1766854c846bbc00001420009e0523b0001d0805ac856de3aC:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exeUSER32.dll0605ccdc-ec4e-11e4-bf59-8c89a50fd868


CodeIntegrity Errors:
===================================
  Date: 2015-04-27 21:41:59.857
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-04-27 21:41:59.732
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-04-27 21:41:59.592
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-04-26 21:46:12.477
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-04-26 21:46:12.321
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-04-26 21:46:12.180
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-04-26 21:46:12.009
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-04-26 21:46:11.868
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-04-26 15:46:15.630
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-04-17 16:49:34.466
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-4700MQ CPU @ 2.40GHz
Percentage of memory in use: 32%
Total physical RAM: 8076.43 MB
Available physical RAM: 5454.86 MB
Total Pagefile: 9356.43 MB
Available Pagefile: 6005.39 MB
Total Virtual: 131072 MB
Available Virtual: 131071.82 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:57.92 GB) (Free:2.52 GB) NTFS
Drive d: (Data) (Fixed) (Total:871.51 GB) (Free:683.29 GB) NTFS
Drive e: (Recover) (Fixed) (Total:60 GB) (Free:36.58 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 59.6 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 45CDFDC5)
Partition 1: (Not Active) - (Size=871.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=60 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Die Logs sind ja mal übertrieben lang

was ich da wohl wieder angestellt habe...

Bedanke mich jetzt schon mal für die Hilfe

Danke, danke, danke

Gruß Rod.

deeprybka · 28.04.2015, 11:43

Hi,

Schritt 1

Drücke bitte die

+ R Taste und schreibe notepad in das Ausführen Fenster.
Klicke auf OK und kopiere nun den Text aus der Codebox in das leere Textdokument:

Code:

ATTFilter

CloseProcesses:
C:\PROGRA~2\HIGHLI~1\
C:\Program Files (x86)\OLBPre
C:\Users\Rod\AppData\Roaming\OXJV.exe 
C:\Users\Rod\AppData\Roaming\RTQFZORV.exe 
Task: {263B42A9-202C-438F-88B0-AA5594A81CB7} - System32\Tasks\OXJV => C:\Users\Rod\AppData\Roaming\OXJV.exe 
Task: {5D1A4B91-7D76-4850-9F7D-32031EA7B175} - System32\Tasks\RTQFZORV => C:\Users\Rod\AppData\Roaming\RTQFZORV.exe 
Task: {672EC4B1-9424-4EB9-B21B-6F6B83A321C5} - \AutoPico Daily Restart No Task File 
Task: {71ACAD82-B89F-4C6D-BF05-412CB8F79F9E} - System32\Tasks\LaunchPreSignup => C:\Program Files (x86)\OLBPre\OLBPre.exe
Task: {9A9251B8-0DB4-49AE-879C-3F6B3317A7A3} - System32\Tasks\iren3006 => C:\PROGRA~2\HIGHLI~1\iren3006.exe
Task: C:\WINDOWS\Tasks\OXJV.job => C:\Users\Rod\AppData\Roaming\OXJV.exe 
Task: C:\WINDOWS\Tasks\RTQFZORV.job => C:\Users\Rod\AppData\Roaming\RTQFZORV.exe    
URLSearchHook: [S-1-5-80-4129702732-3888187158-186309658-1063465230-1591156635] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
2015-01-25 18:12 - 2015-01-25 18:12 - 0002086 ____C () C:\Users\Rod\AppData\Roaming\OXJV
2015-03-09 23:30 - 2015-03-09 23:30 - 0005487 ____C () C:\Users\Rod\AppData\Roaming\RTQFZORV
EmptyTemp:

Speichere dieses bitte als Fixlist.txt in das Verzeichnis ab, in dem sich auch die FRST-Anwendung befindet.

Starte FRST und drücke auf den Fix-Button.
Das Tool erstellt eine "Fixlog.txt" -Datei.
Poste mir bitte deren Inhalt.

Schritt 2

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Dabbei · 29.04.2015, 20:13

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-04-2015 01
Ran by Rod at 2015-04-28 21:37:29 Run:1
Running from D:\FRST
Loaded Profiles: Rod & MSSQLFDLauncher$AUSBILDUNG (Available profiles: Rod & MSSQL$AUSBILDUNG & MSSQLSERVER & MSSQLFDLauncher$AUSBILDUNG)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CloseProcesses:
C:\PROGRA~2\HIGHLI~1\
C:\Program Files (x86)\OLBPre
C:\Users\Rod\AppData\Roaming\OXJV.exe 
C:\Users\Rod\AppData\Roaming\RTQFZORV.exe 
Task: {263B42A9-202C-438F-88B0-AA5594A81CB7} - System32\Tasks\OXJV => C:\Users\Rod\AppData\Roaming\OXJV.exe 
Task: {5D1A4B91-7D76-4850-9F7D-32031EA7B175} - System32\Tasks\RTQFZORV => C:\Users\Rod\AppData\Roaming\RTQFZORV.exe 
Task: {672EC4B1-9424-4EB9-B21B-6F6B83A321C5} - \AutoPico Daily Restart No Task File 
Task: {71ACAD82-B89F-4C6D-BF05-412CB8F79F9E} - System32\Tasks\LaunchPreSignup => C:\Program Files (x86)\OLBPre\OLBPre.exe
Task: {9A9251B8-0DB4-49AE-879C-3F6B3317A7A3} - System32\Tasks\iren3006 => C:\PROGRA~2\HIGHLI~1\iren3006.exe
Task: C:\WINDOWS\Tasks\OXJV.job => C:\Users\Rod\AppData\Roaming\OXJV.exe 
Task: C:\WINDOWS\Tasks\RTQFZORV.job => C:\Users\Rod\AppData\Roaming\RTQFZORV.exe    
URLSearchHook: [S-1-5-80-4129702732-3888187158-186309658-1063465230-1591156635] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
2015-01-25 18:12 - 2015-01-25 18:12 - 0002086 ____C () C:\Users\Rod\AppData\Roaming\OXJV
2015-03-09 23:30 - 2015-03-09 23:30 - 0005487 ____C () C:\Users\Rod\AppData\Roaming\RTQFZORV
EmptyTemp:
*****************

Processes closed successfully.
"C:\PROGRA~2\HIGHLI~1" => File/Directory not found.
"C:\Program Files (x86)\OLBPre" => File/Directory not found.
"C:\Users\Rod\AppData\Roaming\OXJV.exe" => File/Directory not found.
"C:\Users\Rod\AppData\Roaming\RTQFZORV.exe" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{263B42A9-202C-438F-88B0-AA5594A81CB7}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{263B42A9-202C-438F-88B0-AA5594A81CB7}" => Key Deleted successfully.
C:\Windows\System32\Tasks\OXJV => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OXJV" => Key Deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5D1A4B91-7D76-4850-9F7D-32031EA7B175}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5D1A4B91-7D76-4850-9F7D-32031EA7B175}" => Key Deleted successfully.
C:\Windows\System32\Tasks\RTQFZORV => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RTQFZORV" => Key Deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{672EC4B1-9424-4EB9-B21B-6F6B83A321C5}" => Key Deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{672EC4B1-9424-4EB9-B21B-6F6B83A321C5}" => Key Deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoPico Daily Restart" => Key Deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{71ACAD82-B89F-4C6D-BF05-412CB8F79F9E}" => Key Deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{71ACAD82-B89F-4C6D-BF05-412CB8F79F9E}" => Key Deleted successfully.
C:\Windows\System32\Tasks\LaunchPreSignup => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchPreSignup" => Key Deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9A9251B8-0DB4-49AE-879C-3F6B3317A7A3}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9A9251B8-0DB4-49AE-879C-3F6B3317A7A3}" => Key Deleted successfully.
C:\Windows\System32\Tasks\iren3006 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\iren3006" => Key Deleted successfully.
C:\WINDOWS\Tasks\OXJV.job => Moved successfully.
C:\WINDOWS\Tasks\RTQFZORV.job => Moved successfully.
Error setting Default URLSearchHook.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
C:\Users\Rod\AppData\Roaming\OXJV => Moved successfully.
C:\Users\Rod\AppData\Roaming\RTQFZORV => Moved successfully.

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=e97ad1642605524daa4de954f38f0a33
# engine=23621
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-04-29 06:46:30
# local_time=2015-04-29 08:46:30 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 11486 7415582 0 0
# scanned=22814
# found=50
# cleaned=0
# scan_time=787
sh=0119B4C28815D7986DA549D5F7DCA0718A9E3FD8 ft=1 fh=4311010adafd499b vn="Win32/Adware.Flinject.A Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-1164391901-2496949349-3293824855-1002\$R8KIRG7\iren3006.exe"
sh=939B21F512271F69A1314537EDA7E36E67A2F986 ft=1 fh=9c223bc841c582d4 vn="Variante von Win32/BrowseFox.O evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\BrowseStudio\BrowseStudiobho.dll.vir"
sh=C5296A740EB04BD99EDECB9853DDEBD89B8AD6F8 ft=1 fh=876a650d98d684c3 vn="Win32/BrowseFox.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\BrowseStudio\BrowseStudioUninstall.exe.vir"
sh=221B4DAF74A5CED357D6B223F81E7A17F582091A ft=0 fh=0000000000000000 vn="Win32/BrowseFox.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\BrowseStudio\fappblnaebeochecpgnolonpeplcpkig.crx.vir"
sh=95679E3C98E4D4F10AD89244D91D175EE6490F8D ft=1 fh=f19a7cc00e78f468 vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\BrowseStudio\updateBrowseStudio.exe.vir"
sh=1C2A3A666E37E2BBC9041402F8F784BE8EFB31A1 ft=1 fh=f95250e0d84663f9 vn="Variante von Win32/BrowseFox.R evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\BrowseStudio\bin\BrowseStudio.BOAS.exe.vir"
sh=0E6C29DA6DF452F0A62133C6475EFFDD58F75DC8 ft=1 fh=6fc2e13c885f308d vn="Variante von Win32/BrowseFox.R evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\BrowseStudio\bin\BrowseStudio.BOASHelper.exe.vir"
sh=4E4935E108B950F945514DF0019B90131112E513 ft=1 fh=056e264f0a72f1a8 vn="Variante von Win32/BrowseFox.R evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\BrowseStudio\bin\BrowseStudio.BOASPRT.exe.vir"
sh=EF371B5F320A3ADDE26CD4BA80FF9DD39F7CB59B ft=1 fh=aa7fa733190423e7 vn="Variante von Win32/BrowseFox.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\BrowseStudio\bin\BrowseStudio.BrowserAdapter.exe.vir"
sh=978FA8D7314725DC951738F14557C728AA86579C ft=1 fh=eecb16060e6cc2ca vn="Variante von Win64/BrowseFox.CN evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\BrowseStudio\bin\BrowseStudio.BrowserAdapter64.exe.vir"
sh=45705544264DEFE90D0ACBFDA6DE133C44C04E77 ft=1 fh=4f34355b7b9714bb vn="Variante von Win64/BrowseFox.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\BrowseStudio\bin\BrowseStudio.PurBrowse64.exe.vir"
sh=227CFCF48FDC780E3BEE2D65BC1670161F21DAA8 ft=1 fh=1f4525fe4247ee47 vn="Variante von Win32/BrowseFox.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\BrowseStudio\bin\e8294a7e84424f3a8722.dll.vir"
sh=36510B41809931F7A672CBA0B33863A8F3F96B02 ft=1 fh=63efc40bf9887e4f vn="Variante von Win64/BrowseFox.CI evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\BrowseStudio\bin\e8294a7e84424f3a872264.dll.vir"
sh=A599323F314033F3BD430AC5CC0A759F31FDD2A1 ft=1 fh=96fc4ee6b45b4736 vn="Variante von Win32/BrowseFox.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\BrowseStudio\bin\fd74c1d11ac343f98336.dll.vir"
sh=D275B394E34C9E5924C7E7E214B04A8871E07199 ft=1 fh=3336dc66e4518c16 vn="Variante von Win64/BrowseFox.CI evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\BrowseStudio\bin\fd74c1d11ac343f9833664.dll.vir"
sh=710C65AC673FD19B4C9C9DA69A9059FE59368E6A ft=1 fh=f06dcf6d996d1e30 vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\BrowseStudio\bin\tmp543C.tmp.vir"
sh=95679E3C98E4D4F10AD89244D91D175EE6490F8D ft=1 fh=f19a7cc00e78f468 vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\BrowseStudio\bin\utilBrowseStudio.exe.vir"
sh=F079AAB25F8AE9312498362AB81D273F8D9145DC ft=1 fh=3a485f6566824d04 vn="Variante von Win32/BrowseFox.M evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\BrowseStudio\bin\{e8294a7e-8442-4f3a-8722-cb5c3f67ed67}.dll.vir"
sh=BD43EE03CB1B95B49314E33DC4FD33B14E29BB2A ft=1 fh=45fda734b9247bd1 vn="Variante von Win64/BrowseFox.CK evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\BrowseStudio\bin\{e8294a7e-8442-4f3a-8722-cb5c3f67ed67}64.dll.vir"
sh=C0433EFD72613CD7068E68160DF3F8F0F61C2608 ft=1 fh=5cedc113c00d1463 vn="Variante von Win32/BrowseFox.M evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\BrowseStudio\bin\{fd74c1d1-1ac3-43f9-8336-32679dc7de45}.dll.vir"
sh=0BED9C7BED8A2D1251D96CAE2A547D649C1293CE ft=1 fh=185c9bec62bc8811 vn="Variante von Win64/BrowseFox.CK evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\BrowseStudio\bin\{fd74c1d1-1ac3-43f9-8336-32679dc7de45}64.dll.vir"
sh=538191D09C8ED40684D244D913A28824C99925BB ft=1 fh=6d9a3141c9479aa2 vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\BrowseStudio\bin\plugins\BrowseStudio.BOAS.dll.vir"
sh=291C6A05C33C2A27A29235B71B63AB34493468F5 ft=1 fh=d600138a36790101 vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\BrowseStudio\bin\plugins\BrowseStudio.Bromon.dll.vir"
sh=8821B29158DA40D912E5E2CA08E3776BEF0DDFF3 ft=1 fh=3e352043df671262 vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\BrowseStudio\bin\plugins\BrowseStudio.BroStats.dll.vir"
sh=8A9AA201DBEC057F0F8C6C1019A52FF45A53AF3E ft=1 fh=3b9c2524ccb2d803 vn="Variante von MSIL/BrowseFox.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\BrowseStudio\bin\plugins\BrowseStudio.BrowserAdapter.dll.vir"
sh=A56C97157CB55524B9FA52276CBC0468B0C45841 ft=1 fh=0c290ede7eb347bd vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\BrowseStudio\bin\plugins\BrowseStudio.CompatibilityChecker.dll.vir"
sh=668640640703402481A6E684F8474D701169A1E6 ft=1 fh=e4df0748a43ca480 vn="Variante von MSIL/BrowseFox.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\BrowseStudio\bin\plugins\BrowseStudio.FFUpdate.dll.vir"
sh=9ECF404F76A363E9AA902E052E9D18238CD84F4E ft=1 fh=44a78eb20660d99e vn="Variante von MSIL/BrowseFox.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\BrowseStudio\bin\plugins\BrowseStudio.GCUpdate.dll.vir"
sh=D1333E21A162120436F46F13EB16A2D7D9F4B249 ft=1 fh=cccea6d8b39dc1fa vn="Variante von MSIL/BrowseFox.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\BrowseStudio\bin\plugins\BrowseStudio.IEUpdate.dll.vir"
sh=55F5B2A9C7E7E609F784935AAFD3B38278FBD42E ft=1 fh=ae97ee50e773c9a4 vn="Variante von MSIL/BrowseFox.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\BrowseStudio\bin\plugins\BrowseStudio.PurBrowseG.dll.vir"
sh=01C53FBC0030066FE9032FEC431D9EA26B5811CC ft=1 fh=af8c82510ee8e748 vn="Win32/AlteredSoftware.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe.vir"
sh=0E7CC420B0BE38296EF8516DC3786361119F1F5F ft=1 fh=02f58beb2edcfbd2 vn="Win32/AlteredSoftware.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleCrashHandler.exe.vir"
sh=01C53FBC0030066FE9032FEC431D9EA26B5811CC ft=1 fh=af8c82510ee8e748 vn="Win32/AlteredSoftware.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdate.exe.vir"
sh=A565AA91F7873179776579995E9F4D2B2894AE5A ft=1 fh=22e3a81795d8fb05 vn="Variante von Win32/AlteredSoftware.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdateBroker.exe.vir"
sh=F1A0D0D29F924A24AF0F0521CF6F9A9150A10ECC ft=1 fh=22e3a817befc6b5a vn="Variante von Win32/AlteredSoftware.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdateOnDemand.exe.vir"
sh=8B4D2CF381FC34517780B846B74C82724D263A30 ft=1 fh=c71c001192caf50d vn="Variante von Win32/AlteredSoftware.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\goopdate.dll.vir"
sh=E89CED694CBF421D4C9AF42C599CD849AFEC0B99 ft=1 fh=d9cdf1c8ff17595a vn="Variante von Win32/AlteredSoftware.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\goopdateres_en.dll.vir"
sh=A6E841F2C767FA5FEE629D2B812799CFA94AEACC ft=1 fh=c71c0011fea7552e vn="Variante von Win32/AlteredSoftware.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll.vir"
sh=EDB4A6C7E75E18ACB805418EFFD78267BB2F37C4 ft=1 fh=c71c001126306ac8 vn="Variante von Win32/AlteredSoftware.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\psmachine.dll.vir"
sh=399CE73FBD27EABB303FD899656E3C66C55B3F29 ft=1 fh=c71c001160921a34 vn="Variante von Win32/AlteredSoftware.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\psuser.dll.vir"
sh=2B55DF509EC5D62C5FB44E14E63AAC90371B917F ft=1 fh=918bb53878474d1f vn="Variante von Win32/ELEX.AV evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\IePluginServices\PluginService.exe.vir"
sh=E5CDD06C50650131591DAE0945340AA6ADC55E02 ft=1 fh=aaaec5f7af2e8f4b vn="Variante von Win32/ELEX.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe.vir"
sh=13DD73E313B325C7D1F21FCEA1A673D3DD438051 ft=1 fh=59581b7c00edaceb vn="Win32/Adware.ConvertAd.KF Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rod\AppData\Roaming\00000000-1430077888-0000-0000-8C89A50FD868\jnsc4735.tmp.vir"
sh=F88958D87A1247BE1E43DD8361239931668E6600 ft=1 fh=c71c001125a78e55 vn="Win32/Adware.ConvertAd.KD Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rod\AppData\Roaming\00000000-1430077888-0000-0000-8C89A50FD868\nszFE6.tmp.vir"
sh=5E826D812C57CA7D93B68DBC7B4051AB9B3160AE ft=1 fh=30130f1336968a56 vn="Variante von Win32/Adware.ConvertAd.JN Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rod\AppData\Roaming\00000000-1430077888-0000-0000-8C89A50FD868\rnsa3501.exe.vir"
sh=156A001522A35FE6D9F9766031C2D0B67F3B64EB ft=1 fh=60e904dedd99f1e5 vn="Win32/Adware.ConvertAd.KB Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rod\AppData\Roaming\00000000-1430077888-0000-0000-8C89A50FD868\vnsoC028.tmp.vir"
sh=1D9AE65A97C417A8083FB38EFDB8022EAE3A9698 ft=1 fh=8dd7dc1cf3445b5c vn="Variante von Win32/Adware.Synatix.A Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rod\AppData\Roaming\Security System 2\uninstaller.exe.vir"
sh=9413821E4285C46DAF48156B472065FC2D763FE8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Rod\AppData\Roaming\OXJV.xBAD"
sh=96EDAD94BE1A45EC7D5E7D67B97FE20C1DE1D676 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Rod\AppData\Roaming\RTQFZORV.xBAD"
sh=EDC992101E82AFB41F681F3664DA2CEBC63BA672 ft=1 fh=7758d943a858e24b vn="Variante von Win32/SpeedBit.F evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\Common Files\System\SysMenu.dll"

deeprybka · 29.04.2015, 20:24

Hi,
warum ist ESET abgebrochen worden?

Schritt 1

Drücke bitte die

+ R Taste und schreibe notepad in das Ausführen Fenster.
Klicke auf OK und kopiere nun den Text aus der Codebox in das leere Textdokument:

Code:

ATTFilter

C:\Program Files\Common Files\System

Speichere dieses bitte als Fixlist.txt in das Verzeichnis ab, in dem sich auch die FRST-Anwendung befindet.

Starte FRST und drücke auf den Fix-Button.
Das Tool erstellt eine "Fixlog.txt" -Datei.
Poste mir bitte deren Inhalt.

Schritt 2

Bitte starte FRST erneut, markiere auch die checkbox

und drücke auf Scan.
Bitte poste mir den Inhalt der beiden Logs die erstellt werden.

Dabbei · 29.04.2015, 20:41

Hm, gute Frage. Habe es Nachts durchlaufen lassen.

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 29-04-2015
Ran by Rod at 2015-04-29 21:37:49 Run:2
Running from D:\FRST
Loaded Profiles: Rod (Available profiles: Rod & MSSQL$AUSBILDUNG & MSSQLSERVER & MSSQLFDLauncher$AUSBILDUNG)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Program Files\Common Files\System
*****************

C:\Program Files\Common Files\System => Moved successfully.

==== End of Fixlog 21:37:49 ====

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-04-2015
Ran by Rod (administrator) on ROD on 29-04-2015 21:38:16
Running from D:\FRST
Loaded Profiles: Rod (Available profiles: Rod & MSSQL$AUSBILDUNG & MSSQLSERVER & MSSQLFDLauncher$AUSBILDUNG)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Mozilla Corporation) D:\Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13538376 2013-05-21] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1308232 2013-05-20] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2859344 2013-04-30] (ELAN Microelectronics Corp.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286704 2013-03-22] (Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [Radio Manager] => C:\Program Files (x86)\SCM\Radio Manager.exe [403848 2013-05-14] (MSI)
HKLM\...\Run: [SCM] => C:\Program Files (x86)\SCM\SCM.exe [399776 2013-05-14] (MSI)
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2673296 2015-03-28] (NVIDIA Corporation)
HKLM\...\Run: [IgfxTray] => C:\WINDOWS\system32\igfxtray.exe [457616 2014-10-03] ()
HKLM\...\Run: [HotKeysCmds] => "C:\WINDOWS\system32\hkcmd.exe"
HKLM\...\Run: [Persistence] => "C:\WINDOWS\system32\igfxpers.exe"
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111576 2013-08-05] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [490760 2013-09-23] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-11] (CyberLink Corp.)
HKLM-x32\...\Run: [PDFPrint] => D:\Software\PDF24\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => E:\SuddenStrike3\Reader\Reader_sl.exe [40048 2007-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware  (cleanup)] => C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \mbamdor.exe [54072 2015-04-14] (Malwarebytes Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKLM\...\Policies\Explorer: [ConfirmFileDelete] 1
HKU\S-1-5-21-1164391901-2496949349-3293824855-1002\...\Run: [Spotify Web Helper] => C:\Users\Rod\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2018360 2015-04-03] (Spotify Ltd)
HKU\S-1-5-21-1164391901-2496949349-3293824855-1002\...\Run: [BuildNotification12] => "D:\VS2013\Common7\IDE\BuildNotificationApp.exe"
HKU\S-1-5-21-1164391901-2496949349-3293824855-1002\...\Run: [Spotify] => C:\Users\Rod\AppData\Roaming\Spotify\Spotify.exe [7112248 2015-04-03] (Spotify Ltd)
HKU\S-1-5-21-1164391901-2496949349-3293824855-1002\...\MountPoints2: H - "H:\SETUP.EXE" 
HKU\S-1-5-21-1164391901-2496949349-3293824855-1002\...\MountPoints2: I - "I:\autorun.exe" 
HKU\S-1-5-21-1164391901-2496949349-3293824855-1002\...\MountPoints2: {61f6dd93-d3e6-11e3-bede-8c89a50fd868} - "G:\autorun.exe" 
HKU\S-1-5-21-1164391901-2496949349-3293824855-1002\...\MountPoints2: {dc1b46f1-676a-11e4-bf0e-8c89a50fd868} - "G:\autorun.exe" 
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [178512 2015-03-13] (NVIDIA Corporation)
AppInit_DLLs: , C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [178512 2015-03-13] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [164568 2015-03-13] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Qualcomm Atheros Killer Network Manager.lnk [2013-10-28]
ShortcutTarget: Qualcomm Atheros Killer Network Manager.lnk -> C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe ()
Startup: C:\Users\Rod\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2015-01-26]
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-03-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-03-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-03-10] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-03-10] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll [2014-10-16] (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-03-10] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-10-16] (Oracle Corporation)
BHO-x32: Adobe PDF Reader -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23] (Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-03-04] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-10-16] (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-03-10] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-10-16] (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Rod\AppData\Roaming\Mozilla\Firefox\Profiles\xz1euvt7.default
FF SelectedSearchEngine: luckysearches
FF Homepage: hxxp://google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-14] ()
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2014-12-03] (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-10-16] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-10-16] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] ()
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2014-12-03] (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-03-12] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-03-12] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-10-16] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-10-16] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-02-17] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-01-26] (Microsoft Corporation)
FF SearchPlugin: C:\Users\Rod\AppData\Roaming\Mozilla\Firefox\Profiles\xz1euvt7.default\searchplugins\gmx-suche.xml [2015-03-10]
FF Extension: Ghostery - C:\Users\Rod\AppData\Roaming\Mozilla\Firefox\Profiles\xz1euvt7.default\Extensions\firefox@ghostery.com.xpi [2014-11-23]
FF Extension: CookieCuller - C:\Users\Rod\AppData\Roaming\Mozilla\Firefox\Profiles\xz1euvt7.default\Extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460}.xpi [2014-11-23]
FF Extension: Adblock Plus - C:\Users\Rod\AppData\Roaming\Mozilla\Firefox\Profiles\xz1euvt7.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-06-05]
StartMenuInternet: FIREFOX.EXE - D:\Firefox\firefox.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [5632 2014-03-11] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2719928 2015-03-18] (Microsoft Corporation)
S2 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [74712 2013-03-11] (CyberLink)
S2 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [316376 2013-03-11] (CyberLink)
S2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152144 2015-03-28] (NVIDIA Corporation)
S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-03-22] (Intel Corporation)
S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [329104 2014-10-03] (Intel Corporation)
S2 Intel(R) Bluetooth Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [160712 2013-03-11] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-03-12] (Intel Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
S2 MBAMService; D:\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S2 Micro Star SCM; C:\Program Files (x86)\SCM\MSIService.exe [160768 2013-05-14] (Micro-Star International Co., Ltd.) [File not signed]
S2 MSSQL$AUSBILDUNG; d:\SQL\MSSQL11.AUSBILDUNG\MSSQL\Binn\sqlservr.exe [191064 2012-02-11] (Microsoft Corporation)
S3 MSSQLFDLauncher$AUSBILDUNG; d:\SQL\MSSQL11.AUSBILDUNG\MSSQL\Binn\fdlauncher.exe [49752 2012-02-11] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-03-29] ()
S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1878672 2015-03-28] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [22995600 2015-03-28] (NVIDIA Corporation)
S3 Origin Client Service; D:\Origin\OriginClientService.exe [1931632 2015-04-17] (Electronic Arts)
S2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76152 2015-02-04] ()
S2 Qualcomm Atheros Killer Service; C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe [495616 2013-03-15] () [File not signed]
S2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2013-03-06] ()
S2 SkypeUpdate; D:\Software\Skype\Updater\Updater.exe [315488 2015-02-18] (Skype Technologies)
S4 SQLAgent$AUSBILDUNG; d:\SQL\MSSQL11.AUSBILDUNG\MSSQL\Binn\SQLAGENT.EXE [597080 2012-02-11] (Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH)
S3 VsEtwService120; D:\Programmierung\VS Express 2013\Common7\Packages\Debugger\Services\VsEtwService.exe [89232 2014-07-22] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3376880 2013-03-29] (Intel® Corporation)
S2 fovudyqe; No ImagePath
S2 kikutuwy; No ImagePath
S2 MSSQLSERVER; "C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe" -sMSSQLSERVER [X]
S4 SQLSERVERAGENT; "C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE" -i MSSQLSERVER [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [310728 2015-01-19] ()
S1 BfLwf; C:\Windows\system32\DRIVERS\bwcW8x64.sys [74096 2013-03-15] (Qualcomm Atheros, Inc.)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsfw.sys [1366328 2013-04-01] (Motorola Solutions, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R3 clwvd6; C:\Windows\system32\DRIVERS\clwvd6.sys [41704 2013-10-29] (CyberLink Corporation)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [76744 2013-03-11] (Intel Corporation)
R3 Ke2200; C:\Windows\system32\DRIVERS\e22w8x64.sys [174448 2013-03-15] (Qualcomm Atheros, Inc.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [42696 2015-01-19] ()
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [136408 2015-04-27] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3589600 2013-09-25] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [3545056 2013-04-18] (Intel Corporation)
R1 nvkflt; C:\Windows\system32\DRIVERS\nvkflt.sys [299664 2015-03-13] (NVIDIA Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-03-28] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
U0 pexgba; C:\Windows\System32\drivers\dwvfem.sys [79064 2015-04-27] (Malwarebytes Corporation)
S4 RsFx0200; C:\Windows\System32\DRIVERS\RsFx0200.sys [334936 2012-02-11] (Microsoft Corporation)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [448072 2013-02-01] (RTS Corporation)
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [226304 2014-10-29] (Microsoft Corporation)
S3 UHSfiltv; C:\Windows\system32\drivers\UHSfiltv.sys [23552 2012-09-12] (Creative Technology Ltd.)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
S3 clwvd; \SystemRoot\system32\DRIVERS\clwvd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-29 20:28 - 2015-04-29 20:28 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-04-28 23:05 - 2015-04-28 23:05 - 00000000 ____D () C:\ProgramData\DownloadManager
2015-04-27 23:23 - 2015-04-27 23:23 - 00001113 ____C () C:\Users\Rod\Desktop\game - Verknüpfung.lnk
2015-04-27 22:05 - 2015-04-27 22:05 - 00079064 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\dwvfem.sys
2015-04-26 22:25 - 2015-04-26 22:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameTop.com
2015-04-26 22:07 - 2015-04-26 22:07 - 00003146 _____ () C:\WINDOWS\System32\Tasks\{ABBAF84F-D062-43E1-B01B-79516F78051E}
2015-04-26 21:51 - 2015-04-26 21:51 - 00000000 ___DC () C:\Users\Rod\AppData\Local\CrashRpt
2015-04-26 21:37 - 2015-04-26 21:37 - 00000000 ___DC () C:\Users\Rod\Documents\Fireglow Games
2015-04-15 15:17 - 2015-03-14 10:54 - 00133256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-04-15 15:17 - 2015-03-14 03:56 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-04-15 15:17 - 2015-03-14 03:56 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-04-15 15:17 - 2015-03-14 03:51 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wu.upgrade.ps.dll
2015-04-15 15:17 - 2015-03-14 03:37 - 00267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2015-04-15 15:17 - 2015-03-14 03:14 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2015-04-15 15:17 - 2015-03-14 02:22 - 03678720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-04-15 15:17 - 2015-03-14 02:12 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-04-15 15:17 - 2015-03-14 02:12 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-04-15 15:17 - 2015-03-14 02:09 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2015-04-15 15:17 - 2015-03-14 02:08 - 00408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-04-15 15:17 - 2015-03-14 02:08 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-04-15 15:17 - 2015-03-14 02:06 - 02373632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-04-15 15:17 - 2015-03-14 02:06 - 00891392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-04-15 15:17 - 2015-03-14 02:02 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-04-15 15:17 - 2015-03-14 02:02 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-04-15 15:17 - 2015-03-14 01:59 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-04-15 15:17 - 2015-03-14 01:59 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-04-15 15:17 - 2015-03-13 06:32 - 24980480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-04-15 15:17 - 2015-03-13 06:08 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-04-15 15:17 - 2015-03-13 06:07 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-04-15 15:17 - 2015-03-13 05:53 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-04-15 15:17 - 2015-03-13 05:50 - 06025216 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-04-15 15:17 - 2015-03-13 05:42 - 19695616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-04-15 15:17 - 2015-03-13 05:28 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-04-15 15:17 - 2015-03-13 05:26 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-04-15 15:17 - 2015-03-13 05:22 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-04-15 15:17 - 2015-03-13 05:17 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-04-15 15:17 - 2015-03-13 05:16 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-04-15 15:17 - 2015-03-13 05:08 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-04-15 15:17 - 2015-03-13 05:07 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-04-15 15:17 - 2015-03-13 05:00 - 14397440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-04-15 15:17 - 2015-03-13 04:50 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-04-15 15:17 - 2015-03-13 04:49 - 04305408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-04-15 15:17 - 2015-03-13 04:45 - 02358784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-04-15 15:17 - 2015-03-13 04:44 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-04-15 15:17 - 2015-03-13 04:34 - 12825600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-04-15 15:17 - 2015-03-13 04:33 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-04-15 15:17 - 2015-03-13 04:22 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-04-15 15:17 - 2015-03-13 04:20 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-04-15 15:17 - 2015-03-13 04:16 - 01311232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-04-15 15:17 - 2015-03-13 04:14 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-04-15 15:17 - 2015-02-21 01:49 - 00780800 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2015-04-15 15:16 - 2015-03-23 00:45 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-04-15 15:16 - 2015-03-23 00:09 - 01111552 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-04-15 15:16 - 2015-03-23 00:09 - 00957440 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-04-15 15:16 - 2015-03-23 00:09 - 00769024 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-04-15 15:16 - 2015-03-23 00:09 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-04-15 15:16 - 2015-03-23 00:09 - 00419328 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-04-15 15:16 - 2015-03-23 00:09 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-04-15 15:16 - 2015-03-04 12:25 - 00377152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2015-04-15 15:16 - 2015-03-04 05:04 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\clfsw32.dll
2015-04-15 15:16 - 2015-03-04 04:19 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clfsw32.dll
2015-04-15 15:16 - 2015-02-24 10:32 - 00991552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2015-04-04 15:07 - 2015-04-05 09:54 - 00000000 ___SD () C:\WINDOWS\system32\GWX
2015-04-04 15:07 - 2015-04-04 15:07 - 00000000 ___SD () C:\WINDOWS\SysWOW64\GWX
2015-03-30 20:35 - 2015-03-30 20:35 - 00000000 ____D () C:\WINDOWS\SysWOW64\NV
2015-03-30 20:35 - 2015-03-30 20:35 - 00000000 ____D () C:\WINDOWS\system32\NV
2015-03-30 20:34 - 2015-03-13 21:41 - 32114888 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2015-03-30 20:34 - 2015-03-13 21:41 - 25460880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2015-03-30 20:34 - 2015-03-13 21:41 - 24775368 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2015-03-30 20:34 - 2015-03-13 21:41 - 20466376 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2015-03-30 20:34 - 2015-03-13 21:41 - 18580512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2015-03-30 20:34 - 2015-03-13 21:41 - 17258024 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2015-03-30 20:34 - 2015-03-13 21:41 - 16022016 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2015-03-30 20:34 - 2015-03-13 21:41 - 13297144 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2015-03-30 20:34 - 2015-03-13 21:41 - 13210080 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2015-03-30 20:34 - 2015-03-13 21:41 - 10775080 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2015-03-30 20:34 - 2015-03-13 21:41 - 10715864 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2015-03-30 20:34 - 2015-03-13 21:41 - 10262160 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2015-03-30 20:34 - 2015-03-13 21:41 - 03611792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2015-03-30 20:34 - 2015-03-13 21:41 - 03249352 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2015-03-30 20:34 - 2015-03-13 21:41 - 01896136 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6434788.dll
2015-03-30 20:34 - 2015-03-13 21:41 - 01557648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6434788.dll
2015-03-30 20:34 - 2015-03-13 21:41 - 00970384 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2015-03-30 20:34 - 2015-03-13 21:41 - 00944784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2015-03-30 20:34 - 2015-03-13 21:41 - 00930448 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2015-03-30 20:34 - 2015-03-13 21:41 - 00909512 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2015-03-30 20:34 - 2015-03-13 21:41 - 00496272 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2015-03-30 20:34 - 2015-03-13 21:41 - 00400584 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2015-03-30 20:34 - 2015-03-13 21:41 - 00390288 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2015-03-30 20:34 - 2015-03-13 21:41 - 00354112 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2015-03-30 20:34 - 2015-03-13 21:41 - 00346824 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2015-03-30 20:34 - 2015-03-13 21:41 - 00306208 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2015-03-30 20:34 - 2015-03-13 21:41 - 00299664 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvkflt.sys
2015-03-30 20:34 - 2015-03-13 21:41 - 00032456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvpciflt.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-29 21:38 - 2014-11-20 22:33 - 00000000 ____D () C:\FRST
2015-04-29 21:13 - 2013-12-28 16:01 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-04-29 21:02 - 2014-01-15 23:38 - 01206854 _____ () C:\WINDOWS\WindowsUpdate.log
2015-04-29 21:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-04-29 19:57 - 2014-05-09 18:45 - 00003902 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{08CD4898-E756-4FC0-8031-743705B1BC35}
2015-04-29 17:35 - 2014-01-31 21:27 - 00000000 __DOC () C:\Users\Rod\SkyDrive
2015-04-29 02:25 - 2013-12-27 19:24 - 00000000 ___DC () C:\Users\Rod\AppData\Local\VirtualStore
2015-04-28 23:09 - 2013-11-14 09:27 - 02435178 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-04-28 23:09 - 2013-11-14 09:11 - 01025694 _____ () C:\WINDOWS\system32\perfh007.dat
2015-04-28 23:09 - 2013-11-14 09:11 - 00247972 _____ () C:\WINDOWS\system32\perfc007.dat
2015-04-28 23:05 - 2014-11-08 15:57 - 00034014 _____ () C:\WINDOWS\setupact.log
2015-04-28 22:51 - 2013-12-28 16:08 - 00007668 ____C () C:\Users\Rod\AppData\Local\Resmon.ResmonCfg
2015-04-27 22:43 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-04-27 22:35 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-04-27 22:34 - 2013-12-27 19:31 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1164391901-2496949349-3293824855-1002
2015-04-27 21:48 - 2014-11-22 13:50 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-04-27 21:47 - 2014-11-22 13:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-04-27 21:41 - 2013-10-28 14:55 - 00000000 ____D () C:\ProgramData\Bigfoot Networks
2015-04-27 21:40 - 2013-11-14 00:18 - 00047094 _____ () C:\WINDOWS\PFRO.log
2015-04-27 21:40 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-04-27 21:40 - 2013-08-22 15:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-04-27 21:39 - 2014-11-21 00:14 - 00000000 ____D () C:\AdwCleaner
2015-04-26 22:23 - 2014-11-22 13:50 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-04-26 22:02 - 2013-08-22 17:36 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy
2015-04-26 21:54 - 2014-06-03 23:00 - 00000614 ____C () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-04-26 21:54 - 2014-06-03 23:00 - 00000614 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-04-26 21:54 - 2014-01-15 23:55 - 00001458 ____C () C:\Users\Rod\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-04-26 21:54 - 2013-10-29 10:40 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Welcome.lnk
2015-04-26 21:54 - 2013-10-29 10:40 - 00002449 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MEDIONhome.lnk
2015-04-26 18:37 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-04-26 18:13 - 2013-12-29 00:10 - 00000000 ___DC () C:\Users\Rod\AppData\Roaming\Skype
2015-04-17 16:47 - 2013-12-29 00:10 - 00000000 ____D () C:\ProgramData\Skype
2015-04-17 00:20 - 2014-01-15 20:44 - 00000000 ____D () C:\ProgramData\Origin
2015-04-17 00:03 - 2014-04-01 12:53 - 00000000 ___DC () C:\Users\Rod\AppData\Local\Battle.net
2015-04-16 23:17 - 2015-01-26 01:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-04-16 23:17 - 2015-01-26 01:32 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-04-16 17:57 - 2013-12-28 00:49 - 00000000 ___DC () C:\Users\Rod\AppData\Local\Spotify
2015-04-16 17:51 - 2013-12-28 00:45 - 00000000 ___DC () C:\Users\Rod\AppData\Roaming\Spotify
2015-04-16 16:35 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppCompat
2015-04-15 23:46 - 2013-12-27 21:16 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-04-15 23:44 - 2013-03-22 19:03 - 128913832 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-04-15 23:41 - 2014-12-17 18:24 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-04-15 23:41 - 2014-07-15 04:28 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-04-15 15:48 - 2014-05-06 18:49 - 00223744 __SHC () C:\Users\Rod\Desktop\Thumbs.db
2015-04-15 15:16 - 2014-11-12 20:21 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaext.dll
2015-04-14 23:13 - 2013-08-22 17:36 - 00000000 __RDC () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-04-14 23:13 - 2013-08-22 17:36 - 00000000 __RDC () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-04-14 23:13 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Defender
2015-04-14 23:13 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-04-14 21:28 - 2015-01-13 21:13 - 18178736 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2015-04-14 21:28 - 2013-12-28 16:01 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-04-14 09:38 - 2014-11-22 13:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-04-14 09:37 - 2014-11-22 13:50 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-04-14 09:37 - 2014-11-22 13:50 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-04-14 01:24 - 2013-08-22 17:38 - 00792056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-04-14 01:24 - 2013-08-22 17:38 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-13 03:04 - 2015-03-15 21:35 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Games
2015-04-10 19:02 - 2015-01-09 22:49 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2015-04-07 21:43 - 2014-02-06 19:04 - 00000000 ___DC () C:\Users\Rod\Documents\Visual Studio 2013
2015-04-03 11:58 - 2013-12-28 00:49 - 00001840 ____C () C:\Users\Rod\Desktop\Spotify.lnk
2015-04-03 11:58 - 2013-12-28 00:49 - 00001826 ____C () C:\Users\Rod\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2015-03-31 20:03 - 2013-08-22 16:44 - 00514440 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-03-30 20:35 - 2014-10-18 11:21 - 00000000 ____D () C:\Temp
2015-03-30 20:35 - 2014-01-15 23:38 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-03-30 20:35 - 2014-01-15 23:38 - 00000000 ____D () C:\Program Files\NVIDIA Corporation

==================== Files in the root of some directories =======

2014-11-02 20:53 - 2014-11-02 20:53 - 0000218 ____C () C:\Users\Rod\AppData\Local\recently-used.xbel
2013-12-28 16:08 - 2015-04-28 22:51 - 0007668 ____C () C:\Users\Rod\AppData\Local\Resmon.ResmonCfg
2013-10-28 14:52 - 2013-10-28 14:52 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-03-07 17:36 - 2015-03-07 17:36 - 0091734 _____ () C:\ProgramData\dxdiag.txt
2013-10-28 16:30 - 2013-10-28 16:30 - 0000104 _____ () C:\ProgramData\{01FB4998-33C4-4431-85ED-079E3EEFE75D}.log
2013-10-28 16:30 - 2013-10-28 16:30 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2013-10-28 16:27 - 2013-10-28 16:28 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2013-10-28 16:30 - 2013-10-28 16:30 - 0000111 _____ () C:\ProgramData\{39337565-330E-4ab6-A9AE-AC81E0720B10}.log
2013-10-28 16:29 - 2013-10-28 16:29 - 0000032 _____ () C:\ProgramData\{551F492A-01B0-4DC4-866F-875EC4EDC0A8}.log
2013-10-28 16:26 - 2013-10-28 16:26 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2013-10-28 16:29 - 2013-10-28 16:29 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log
2013-10-28 16:27 - 2013-10-28 16:27 - 0000110 _____ () C:\ProgramData\{E3739848-5329-48E3-8D28-5BBD6E8BE384}.log
2013-10-28 16:28 - 2013-10-28 16:28 - 0000110 _____ () C:\ProgramData\{E3D04529-6EDB-11D8-A372-0050BAE317E1}.log

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-27 22:34

==================== End Of Log ============================

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-04-2015
Ran by Rod at 2015-04-29 21:38:43
Running from D:\FRST
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1164391901-2496949349-3293824855-500 - Administrator - Disabled)
Gast (S-1-5-21-1164391901-2496949349-3293824855-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1164391901-2496949349-3293824855-1006 - Limited - Enabled)
Rod (S-1-5-21-1164391901-2496949349-3293824855-1002 - Administrator - Enabled) => C:\Users\Rod

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader 8.1.0 - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-A81000000003}) (Version: 8.1.0 - Adobe Systems Incorporated)
Ashampoo AppLauncher (Medion) v.1.0.0 (HKLM-x32\...\Ashampoo AppLauncher (Medion)_is1) (Version: 1.0.0 - Ashampoo GmbH & Co. KG)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.6.2 - EA Digital Illusions CE AB)
Behaviors SDK (Windows Phone) for Visual Studio 2013 (x32 Version: 12.0.50716.0 - Microsoft Corporation) Hidden
Behaviors SDK (Windows) for Visual Studio 2013 (x32 Version: 12.0.50429.0 - Microsoft Corporation) Hidden
Build Tools - amd64 (Version: 12.0.31101 - Microsoft Corporation) Hidden
Build Tools - x86 (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden
Build Tools Language Resources - amd64 (Version: 12.0.31101 - Microsoft Corporation) Hidden
Build Tools Language Resources - x86 (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
CDBurnerXP (HKLM-x32\...\{909A791A-DBB0-432F-BC0E-D0C81925E340}) (Version: 4.5.3.4746 - Canneverbe Limited)
Company of Heroes (HKLM-x32\...\Steam App 4560) (Version:  - Relic Entertainment)
Company of Heroes 2 (HKLM-x32\...\Steam App 231430) (Version:  - Relic Entertainment)
Contents (x32 Version: 16.0.0.106 - Corel Corporation) Hidden
CyberLink Home Cinema 10 (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
CyberLink PowerDirector 11 (Version: 11.0.0.3215 - CyberLink Corp.) Hidden
CyberLink PowerRecover (HKLM-x32\...\InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.7.0.2103 - CyberLink Corp.)
CyberLink PowerRecover (Version: 5.7.0.2103 - CyberLink Corp.) Hidden
Dia (nur entfernen) (HKLM-x32\...\Dia) (Version:  - )
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
Entity Framework 6.1.1 Tools  for Visual Studio 2013 (HKLM-x32\...\{85253F13-EE42-4850-A3A5-79B90E92D7AC}) (Version: 12.0.30610.0 - Microsoft Corporation)
Entity Framework Designer für Visual Studio 2012 - DEU (HKLM-x32\...\{B2BDC072-BE01-432D-B281-30891D597FBB}) (Version: 11.1.30729.00 - Microsoft Corporation)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
ETDWare PS/2-X64 11.13.0.2_WHQL (HKLM\...\Elantech) (Version: 11.13.0.2 - ELAN Microelectronic Corp.)
Europa Universalis IV (HKLM-x32\...\Steam App 236850) (Version:  - Paradox Development Studio)
EVEREST Home Edition v2.20 (HKLM-x32\...\EVEREST Home Edition_is1) (Version: 2.20 - Lavalys Inc)
Fotogalleri (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Free Window Registry Repair (HKLM-x32\...\Free Window Registry Repair) (Version:  - )
FUSSBALL MANAGER 14 (HKLM-x32\...\{5FC27E1E-08C0-4346-A321-ED2D31FAE936}) (Version: 1.0.0.0 - Electronic Arts)
Galeria de Fotografias (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
ICA (x32 Version: 16.0.0.106 - Corel Corporation) Hidden
IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb) (Version:  - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version:  - )
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1323 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3960 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{302600C1-6BDF-4FD1-1303-148929CC1385}) (Version: 3.0.1303.0326 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.5.0.1066 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{c59bceea-23ab-4e2e-bfa6-625dd1e26dd1}) (Version: 16.0.2 - Intel Corporation)
IPM_VS_Pro (x32 Version: 16.0 - Corel Corporation) Hidden
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java SE Development Kit 8 Update 20 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180200}) (Version: 8.0.200.26 - Oracle Corporation)
KB9X Radio Switch Driver (HKLM\...\5AADE1068CF70DD983F763B20CF2CAAB72883915) (Version: 1.1.0.0 - ENE TECHNOLOGY INC.)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK - DEU Lang Pack (HKLM-x32\...\{21B0F482-5EF9-45DA-8840-340AFE705A6C}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (Deutsch) (HKLM-x32\...\{CBD7095F-7211-43FD-9FE7-FB08D753AF79}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Help Viewer 1.0 Language Pack - DEU (HKLM\...\Microsoft Help Viewer 1.0 Language Pack - DEU) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Help Viewer 1.1 Language Pack - DEU (HKLM\...\Microsoft Help Viewer 1.1 Language Pack - DEU) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Help Viewer 2.0 (HKLM-x32\...\Microsoft Help Viewer 2.0) (Version: 2.0.50727 - Microsoft Corporation)
Microsoft Help Viewer 2.0 Language Pack - DEU (HKLM-x32\...\Microsoft Help Viewer 2.0 Language Pack - DEU) (Version: 2.0.50727 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Help Viewer 2.1 Sprachpaket - DEU (HKLM-x32\...\Microsoft Help Viewer 2.1 Sprachpaket - DEU) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Office 365 ProPlus - de-de (HKLM\...\O365ProPlusRetail - de-de) (Version: 15.0.4711.1002 - Microsoft Corporation)
Microsoft Report Viewer 2012-Laufzeit (HKLM-x32\...\{F2C6E9F1-8F35-42A0-A9CA-E6C94D92A86C}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Silverlight 5 SDK - DEU (HKLM-x32\...\{F351AA2C-723C-4CFE-A7CB-8E43AB164F7F}) (Version: 5.0.61118.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{5973B12E-5FC1-4EF6-B63B-49C1C4AF2AAA}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2012 (64-Bit) (HKLM\...\Microsoft SQL Server SQLServer2012) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{58FED865-4F13-408D-A5BF-996019C4B936}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (x64) (HKLM\...\{A6BA243E-85A3-4635-A269-32949C98AC7F}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{6C026A91-640F-4A23-8B68-05D589CC6F18}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Setup (English) (HKLM\...\{8CB0713F-CFE0-445D-BCB2-538465860E1A}) (Version: 11.1.3128.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL Compiler Service  (HKLM\...\{55FABD1D-8BE6-4A1A-958D-52B15F1DFEF0}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM\...\{90E8C2E5-198C-4923-BC06-AF13E5FA964D}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM-x32\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012-Richtlinien  (HKLM-x32\...\{1D4E365F-F39C-48BA-A995-CAEDFDA29AD1}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2014 Express LocalDB  (HKLM\...\{AB8DE9BA-19E1-446A-BCFA-6B3DA9751E21}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 DEU (HKLM-x32\...\{0125D081-30D0-4A97-82A8-C28D444B6256}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 DEU (HKLM\...\{C3EAE456-7E7A-451F-80EF-F34C7A13C558}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools – Database Projects – Web installer entry point (HKLM-x32\...\{18558FE7-A87A-4063-9732-95E9E1420828}) (Version: 10.3.20116.0 - Microsoft Corporation)
Microsoft SQL Server Data Tools - DEU (11.1.20828.01) (HKLM-x32\...\{E511AE89-54BB-481D-BC4A-1B1F1E1B7693}) (Version: 11.1.20828.01 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (12.0.41012.0) (HKLM-x32\...\{AC8E0CF4-42A1-4151-B684-97CF6FD726CF}) (Version: 12.0.41012.0 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - DEU (11.1.20828.01) (HKLM-x32\...\{00C84D22-DB8F-4159-BF70-682B8EA56A1E}) (Version: 11.1.20828.01 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - DEU (12.0.30919.1) (HKLM-x32\...\{BCB8A870-2B3D-4CC0-87D6-F931E065AC0C}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) (HKLM-x32\...\{6781FF9B-E87D-4A03-9373-A55A288B83FA}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{A282A232-780C-45E2-A5E5-9B61D74DCC6E}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{4701DEDE-1888-49E0-BAE5-857875924CA2}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{05FF8209-C4F1-4C77-BC28-791653156D20}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{8C06D6DB-A391-4686-B050-99CC522A7843}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{4AEB505C-95E1-4964-9B64-8D27F3186D30}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM-x32\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU (HKLM\...\{3C983A67-DFB2-3D3D-AD9E-CA1A5A09FD18}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Shell (Integrated) - DEU (HKLM-x32\...\{B28DC16A-5394-3761-B143-450AE92516BB}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Shell (Isolated) - DEU (HKLM-x32\...\{987AE03F-234A-3623-BD28-6B31FD1D3AB3}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Express 2013 for Windows Desktop - ENU with Update 4 (HKLM-x32\...\{b8a9dbc1-1fd4-4103-a83b-a2896f193ea0}) (Version: 12.0.31101.0 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications Design-Time 3.0 - DEU Language Pack (HKLM-x32\...\{38F74A0E-357B-336C-B614-FE59F4BC62A0}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications Design-Time 3.0 (HKLM-x32\...\{5A03C202-08B4-3F1D-9A60-A4F53EF1B636}) (Version: 10.0.40220 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications x86 Runtime 3.0 - DEU Language Pack (HKLM-x32\...\{96D7B7B6-424F-3A52-8E8D-32CF2615DBD2}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications x86 Runtime 3.0 (HKLM-x32\...\{191A6F65-6878-398D-A272-EF011B80F371}) (Version: 10.0.40220 - Microsoft Corporation)
Microsoft Web Deploy 3.5 (HKLM\...\{69A998C5-00A9-42CA-AB4E-C31CFFCD9251}) (Version: 3.1237.1763 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Firefox 37.0.2 (x86 de) (HKU\S-1-5-21-1164391901-2496949349-3293824855-1002\...\Mozilla Firefox 37.0.2 (x86 de)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.9 - Notepad++ Team)
NVIDIA GeForce Experience 2.4.1.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.1.21 - NVIDIA Corporation)
NVIDIA Grafiktreiber 347.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.88 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4711.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4711.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4711.1002 - Microsoft Corporation) Hidden
Open XML SDK 2.5 for Microsoft Office (x32 Version: 2.5.5631 - Microsoft Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 9.5.3.636 - Electronic Arts, Inc.)
Paket zur Festlegung von Zielversionen für Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM-x32\...\{D5409B11-EF28-37A1-AE7A-6051A5BAD923}) (Version: 4.5.50932 - Microsoft Corporation)
PDF24 Creator 6.9.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PowreShellIntegration.Notifications (x32 Version: 2.5.21003.1603 - Microsoft Corporation) Hidden
Prerequisites for SSDT  (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
Prerequisites for SSDT  (HKLM-x32\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation)
Protegere (HKLM-x32\...\Protegere) (Version:  - )
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.994 - Even Balance, Inc.)
Python Tools Redirection Template (x32 Version: 1.1 - Microsoft Corporation) Hidden
Qualcomm Atheros Killer Network Manager (HKLM-x32\...\InstallShield_{DF446558-ADF7-4884-9B2D-281979CCE71F}) (Version: 6.1.0.550 - Qualcomm Atheros)
Qualcomm Atheros Killer Network Manager (Version: 6.1.0.550 - Qualcomm Atheros) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6914 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{BCDA54F6-C4B6-4519-A09E-FA064A6B4098}) (Version: 6.2.9200.21219 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Rise of Nations: Extended Edition (HKLM-x32\...\Steam App 287450) (Version:  - SkyBox Labs)
SCM (HKLM\...\{EDF24C5B-2E36-4089-B96A-329B15A74649}) (Version: 11.013.05146 -  )
Setup (x32 Version: 16.0.0.106 - Corel Corporation) Hidden
Share (x32 Version: 16.0.0.106 - Corel Corporation) Hidden
Share64 (Version: 16.0.0.106 - Corel Corporation) Hidden
SharePoint Client Components (Version: 15.0.4481.1505 - Microsoft Corporation) Hidden
SHIELD Streaming (Version: 4.1.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.4.1.21 - NVIDIA Corporation) Hidden
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
SmartSound Common Data (HKLM-x32\...\InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}) (Version: 1.1.0 - SmartSound Software Inc.)
SmartSound Common Data (x32 Version: 1.1.0 - SmartSound Software Inc.) Hidden
SmartSound Quicktracks 5 (HKLM-x32\...\InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.6 - SmartSound Software Inc.)
SmartSound Quicktracks 5 (x32 Version: 5.1.6 - SmartSound Software Inc.) Hidden
Spiral Knights (HKLM-x32\...\Steam App 99900) (Version:  - Three Rings)
Spotify (HKU\S-1-5-21-1164391901-2496949349-3293824855-1002\...\Spotify) (Version: 1.0.3.101.gbfa97dfe - Spotify AB)
SQL Server 2012 BI Development Studio (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Client Tools (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Common Files (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Services (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Shared (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Full text search (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Management Studio (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 SQL Data Quality Common (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
Sql Server Customer Experience Improvement Program (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Sudden Strike 2 (HKLM-x32\...\Sudden Strike 2_is1) (Version: 1.0 - Media Contact LLC)
Supreme Commander 2 (HKLM-x32\...\Steam App 40100) (Version:  - Gas Powered Games)
Syndicate (HKLM-x32\...\{64CFBAAB-46F7-4628-8D9B-E656A8C11CDB}) (Version: 2.0.0.3 - Electronic Arts)
Team Explorer for Microsoft Visual Studio 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
TeamSpeak 3 Client (HKU\S-1-5-21-1164391901-2496949349-3293824855-1002\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.36897 - TeamViewer)
Total War: SHOGUN 2 (HKLM-x32\...\Steam App 34330) (Version:  - The Creative Assembly)
TypeScript Power Tool (x32 Version: 1.0.5.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2013 (x32 Version: 1.0.5.0 - Microsoft Corporation) Hidden
Unterstützungsdateien für Microsoft SQL Server 2008-Setup  (HKLM\...\{6AF73222-EE90-434C-AE7E-B96F70A68D89}) (Version: 10.1.2731.0 - Microsoft Corporation)
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Visual Studio 2010 Prerequisites - English (HKLM\...\{53952792-BF16-300E-ADF2-E7E4367E00CF}) (Version: 10.0.40219 - Microsoft Corporation)
Visual Studio 2013 Update 4 (KB2829760) (HKLM-x32\...\{53d408db-eb91-43fb-9d8f-167681c19763}) (Version: 12.0.31101 - Microsoft Corporation)
VS Update core components (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden
VSClassic (x32 Version: 16.0.0.106 - Corel Corporation) Hidden
VSHelp (x32 Version: 16.0.0.106 - Corel Corporation) Hidden
VSPro (x32 Version: 16.0.0.106 - Corel Corporation) Hidden
WCF RIA Services V1.0 SP2 (HKLM-x32\...\{5D8DD6A8-C4D7-4554-93F9-F1CC28C72600}) (Version: 4.1.62812.0 - Microsoft Corporation)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1164391901-2496949349-3293824855-1002_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)

==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2014-11-23 01:37 - 00000035 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {06A82CF6-E0BC-4768-A415-1616BFB5326E} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-04-15] (Microsoft Corporation)
Task: {0D2ED2D9-ECE3-444E-9D45-5D5BCBCD7D7B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-02-03] (Microsoft Corporation)
Task: {10146EE2-D0FE-40EC-8017-890C940753E9} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {28CD03C0-1C6F-41E7-90FF-213BDC2B86F4} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {326646C5-E4B9-4C85-8794-5BD27A0921D5} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: {4BA0862F-A95A-473A-AB09-E9588C5056F9} - System32\Tasks\Dolby Selector => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [2012-08-31] (Dolby Laboratories Inc.)
Task: {52143E63-AF6D-4D2B-9179-F3CAEE2FC345} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-03-10] (Microsoft Corporation)
Task: {5A55966A-ABBD-4005-AB03-93E1F89036B6} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-03-10] (Microsoft Corporation)
Task: {71B2FCDE-FCE7-442B-A53B-9BF56ADF1144} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {79AAD0B2-716C-4FD4-AB10-F2CE5FDC5AA2} - System32\Tasks\{1E62A383-47EA-4F8B-A9A1-7ABED2708697} => pcalua.exe -a "C:\ProgramData\Battle.net\Agent\Blizzard Uninstaller.exe" -c --lang= --uid=battle.net --displayname="Battle.net"
Task: {7DD317D9-D8D8-4812-BFF2-874C0259401F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-02-03] (Microsoft Corporation)
Task: {882A334A-99BF-41B8-B248-84FE4358B7D4} - System32\Tasks\{ABBAF84F-D062-43E1-B01B-79516F78051E} => pcalua.exe -a C:\Users\Rod\AppData\Local\00000000-1430085370-0000-0000-8C89A50FD868\Uninstall.exe
Task: {8BB68DAF-A68F-4D64-B231-C49219D6E22C} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {98BC4E9E-9146-4275-8FFF-45F1830837A5} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {9D7AC1C0-5D3D-4E94-86D8-7FF0AC42B1E3} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {E044C832-B487-4A74-82C4-6ED8EB5DF63B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-14] (Adobe Systems Incorporated)
Task: {F0599474-5F57-4621-A75D-946FF7A2A93C} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-03-18] (Microsoft Corporation)
Task: {FAC019EF-9BCD-4B38-B7CF-8F8BC91CD607} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {FBD8AED1-B060-455D-A231-01A57D06F93C} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) ==============

2014-05-12 11:49 - 2014-05-12 11:49 - 00222720 ____C () C:\Users\Rod\Notepade\Notepad++\NppShell_06.dll
2015-01-26 01:32 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-01-26 01:32 - 2015-01-26 01:32 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Rod\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Rod\SkyDrive.old:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1164391901-2496949349-3293824855-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Public\Pictures\Ashampoo Pictures\GreenBridge.jpg
DNS Servers: 192.168.0.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKLM\...\StartupApproved\Run32: => "BingDesktop"
HKLM\...\StartupApproved\Run32: => "YouCam Service6"
HKU\S-1-5-21-1164391901-2496949349-3293824855-1002\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-1164391901-2496949349-3293824855-1002\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-1164391901-2496949349-3293824855-1002\...\StartupApproved\Run: => "BuildNotification12"

==================== FirewallRules (whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [Wininit-Shutdown-In-Rule-TCP-RPC] => (Allow) %systemroot%\system32\wininit.exe
FirewallRules: [Wininit-Shutdown-In-Rule-TCP-RPC-EPMapper] => (Allow) %systemroot%\system32\wininit.exe
FirewallRules: [ProximityUxHost-Sharing-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\proximityuxhost.exe
FirewallRules: [ProximityUxHost-Sharing-Out-TCP-NoScope] => (Allow) %SystemRoot%\system32\proximityuxhost.exe
FirewallRules: [NETDIS-DAS-In-UDP-Active] => (Allow) %SystemRoot%\system32\dashost.exe
FirewallRules: [NETDIS-DAS-In-UDP] => (Allow) %SystemRoot%\system32\dashost.exe
FirewallRules: [EventForwarder-In-TCP] => (Allow) %SystemRoot%\system32\NetEvtFwdr.exe
FirewallRules: [TPMVSCMGR-Server-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\RmtTpmVscMgrSvr.exe
FirewallRules: [TPMVSCMGR-Server-Out-TCP-NoScope] => (Allow) %SystemRoot%\system32\RmtTpmVscMgrSvr.exe
FirewallRules: [TPMVSCMGR-Server-In-TCP] => (Allow) %SystemRoot%\system32\RmtTpmVscMgrSvr.exe
FirewallRules: [TPMVSCMGR-Server-Out-TCP] => (Allow) %SystemRoot%\system32\RmtTpmVscMgrSvr.exe
FirewallRules: [PlayTo-In-UDP-NoScope] => (Allow) %SystemRoot%\system32\mdeserver.exe
FirewallRules: [PlayTo-In-UDP-LocalSubnetScope] => (Allow) %SystemRoot%\system32\mdeserver.exe
FirewallRules: [PlayTo-In-UDP-PlayToScope] => (Allow) %SystemRoot%\system32\mdeserver.exe
FirewallRules: [PlayTo-Out-UDP-NoScope] => (Allow) %SystemRoot%\system32\mdeserver.exe
FirewallRules: [PlayTo-Out-UDP-LocalSubnetScope] => (Allow) %SystemRoot%\system32\mdeserver.exe
FirewallRules: [PlayTo-Out-UDP-PlayToScope] => (Allow) %SystemRoot%\system32\mdeserver.exe
FirewallRules: [PlayTo-In-RTSP-NoScope] => (Allow) %SystemRoot%\system32\mdeserver.exe
FirewallRules: [PlayTo-In-RTSP-LocalSubnetScope] => (Allow) %SystemRoot%\system32\mdeserver.exe
FirewallRules: [PlayTo-In-RTSP-PlayToScope] => (Allow) %SystemRoot%\system32\mdeserver.exe
FirewallRules: [WFDPRINT-DAFWSD-In-Active] => (Allow) %SystemRoot%\system32\dashost.exe
FirewallRules: [WFDPRINT-DAFWSD-Out-Active] => (Allow) %SystemRoot%\system32\dashost.exe
FirewallRules: [NETDIS-DAS-In-UDP_1] => (Allow) %SystemRoot%\system32\dashost.exe
FirewallRules: [{EFC1486F-F315-4A20-B86B-ED25C4D816E2}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{0BE1E8CC-1DFA-4729-A6CA-A9F8D87BBCAF}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{151054A0-8B6C-47C1-894B-D4F3C263B265}] => (Allow) D:\Steam\SteamApps\common\Spiral Knights\java_vm\bin\javaw.exe
FirewallRules: [{4C39F784-2637-45D4-BDAE-2E9ECA950D6A}] => (Allow) D:\Steam\SteamApps\common\Spiral Knights\java_vm\bin\javaw.exe
FirewallRules: [{7F107F5F-BCFE-4FF8-BE40-70F41E2E043B}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{0487CBB2-65D2-48F0-98B4-1224C8C89DD6}] => (Allow) D:\Steam\SteamApps\common\Spiral Knights\java_vm\bin\javaw.exe
FirewallRules: [{4FD12EB7-E109-4D6D-B4E3-0B0AB2A918AF}] => (Allow) D:\Steam\SteamApps\common\Spiral Knights\java_vm\bin\javaw.exe
FirewallRules: [{63FBE8D1-FD37-4A45-8D49-F8DCA97A24F8}] => (Allow) D:\Steam\SteamApps\common\Total War SHOGUN 2\benchmarks\benchmark_specify_properties.bat
FirewallRules: [{92693EEE-6368-4CDD-AF1D-F7E3CBEE9DBD}] => (Allow) D:\Steam\SteamApps\common\Total War SHOGUN 2\benchmarks\benchmark_specify_properties.bat
FirewallRules: [{D028ED98-4AB7-4CDD-9027-AAE64F4D611B}] => (Allow) D:\Steam\SteamApps\common\Total War SHOGUN 2\benchmarks\benchmark_specify_properties.bat
FirewallRules: [{13DD9B16-45D2-4B23-8662-0ACDB861E2BF}] => (Allow) D:\Steam\SteamApps\common\Total War SHOGUN 2\benchmarks\benchmark_specify_properties.bat
FirewallRules: [{648A645A-28EF-43F9-B2C5-0FB5DF4CC824}] => (Allow) D:\Steam\SteamApps\common\Total War SHOGUN 2\benchmarks\benchmark_current_settings.bat
FirewallRules: [{D5D879DA-177F-4EB7-A2BE-D84FB944F8B4}] => (Allow) D:\Steam\SteamApps\common\Total War SHOGUN 2\benchmarks\benchmark_current_settings.bat
FirewallRules: [{6DC7A120-CFE5-4826-B79D-06246BEE633C}] => (Allow) D:\Steam\SteamApps\common\Total War SHOGUN 2\benchmarks\benchmark_specify_properties.bat
FirewallRules: [{3030D57C-3EB0-4665-B021-36519C38AE4F}] => (Allow) D:\Steam\SteamApps\common\Total War SHOGUN 2\benchmarks\benchmark_specify_properties.bat
FirewallRules: [{74B71E0C-5738-4F48-BCFD-F9B5370E3545}] => (Allow) D:\Steam\SteamApps\common\Total War SHOGUN 2\benchmarks\benchmark_specify_properties.bat
FirewallRules: [{208CC66F-1B9A-4B6D-8AF7-0677F0035782}] => (Allow) D:\Steam\SteamApps\common\Total War SHOGUN 2\benchmarks\benchmark_specify_properties.bat
FirewallRules: [{88180F36-1A6C-4290-BA39-5E9E59FABC0E}] => (Allow) D:\Steam\SteamApps\common\Total War SHOGUN 2\data\encyclopedia\how_to_play.html
FirewallRules: [{34BE3EFE-D585-4C0D-80FC-BC37B071BAC2}] => (Allow) D:\Steam\SteamApps\common\Total War SHOGUN 2\data\encyclopedia\how_to_play.html
FirewallRules: [{0783CE96-9845-4620-8744-BAAB68C3081B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{3BCF9E8A-885B-46FE-A142-85CC0CBD349F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{8F4C6910-4DA2-4100-920F-F2B4D5E479B4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{33EC5163-E8C8-4752-912B-E6A687D8472D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{D26B888C-3C6E-4F19-949B-8B8AEE1C4543}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{EC97D1A7-C3EF-4784-95E2-6A03EDC143DD}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{125ECB47-C82B-463B-856F-42055494FC76}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{52EDF3ED-8570-4E8B-A787-6E35057E8859}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{3A85EF75-B96E-4FFD-B829-8B3A30C32674}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{4652C1E6-9DAE-4459-805B-D36D72C76125}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{2F75ECB8-7BBD-4C11-A375-7550A92784B2}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{DC98B93E-2DA1-42DF-A82E-1AAB52DE439B}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{BD95AB43-96C3-4840-8512-C5FDF39E5B3C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{3193870E-F215-4F57-A677-2DC6AEC8F8A2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{B8391E2A-92EA-465B-98CF-48742F3F1700}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{53602756-2480-45D1-B02F-48C0D1942CBB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{B0FD9F69-4AF6-47CD-B23E-E5448EC44A2B}] => (Allow) D:\Steam\SteamApps\common\Company of Heroes 2\RelicCoH2.exe
FirewallRules: [{1CBD8CA1-2CFA-4A2A-B220-A484ED7F6A04}] => (Allow) D:\Steam\SteamApps\common\Company of Heroes 2\RelicCoH2.exe
FirewallRules: [UDP Query User{7DE9C3C4-05C6-4150-8F6E-D7B50CA3BA68}C:\users\rod\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\rod\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{6B9AC464-AEAE-4A3A-AE65-1E7EDB2ED96A}C:\users\rod\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\rod\appdata\roaming\spotify\spotify.exe
FirewallRules: [{11EC9935-6FE5-4586-89A2-AAE0F606F11F}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{3206FF9B-C666-41BF-8E83-EEF4592137E8}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{4CAF4E04-C3B1-4CD4-9A9C-028F945824C5}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
FirewallRules: [{2690EFAD-C134-41CE-AD1A-6FED2643D5C6}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
FirewallRules: [{525A510F-D0D4-45DE-9366-EAEF6C6E81C6}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{0C33D89F-47CC-4B46-B8AE-C46B9BE88F13}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{3D7B0B48-7FA6-4168-B29D-D56A2F831D6D}] => (Allow) C:\Program Files\CyberLink\PowerDirector11\PDR10.EXE
FirewallRules: [{D08C112D-A8DE-403D-9109-4ECD25D9D8F0}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{A388916A-8717-4596-882C-9941419105C0}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{5ABABA98-B34B-4E30-8DC2-838DAAFDB69D}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{2E20B24C-60DF-4A09-AD35-A46C7F1C8AC4}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{C53F67CB-CECB-4EB3-85DD-016FA5035CF7}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{CB98CBA7-E62A-4725-942D-AA2C60FC1305}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{0C83D533-87F1-46AA-B0CB-A1B94E03AC0A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{91F5EDF4-43AD-49AD-BE59-F8AA90491CD8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{B317A7C9-F5AB-4CA0-A6A0-45E3FE076200}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{8004E1CC-6978-46D7-BB36-D22D05846AFD}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.524\Agent.exe
FirewallRules: [{CB2555FD-15E9-4376-B9D2-4489017C1401}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.524\Agent.exe
FirewallRules: [{0438DE13-9E88-4B3B-A10F-5622479304ED}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe
FirewallRules: [{1FD5E9EC-EAE8-4181-AABE-AAD77664EF98}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe
FirewallRules: [{B36A4AA1-79A0-48FC-AFFF-E68A52C76C84}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Agent.exe
FirewallRules: [{73BE6CC4-CCC9-44AE-9F93-408A5F136AE2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Agent.exe
FirewallRules: [{478134D3-CA72-4A50-8C13-28DB8CCD7F14}] => (Allow) D:\Diablo\Battle.net\Battle.net.exe
FirewallRules: [{CDDA107C-99A0-436A-94CB-661535D3BE00}] => (Allow) D:\Diablo\Battle.net\Battle.net.exe
FirewallRules: [{D57DE6AD-8651-464D-8CE8-C5EEC3E7CB2A}] => (Allow) D:\Diablo\Diablo III\Diablo III.exe
FirewallRules: [{37419956-F075-4496-8E02-8F839C188126}] => (Allow) D:\Diablo\Diablo III\Diablo III.exe
FirewallRules: [{20DF3ED4-C5AC-44F1-9B71-8FB59AB1FB1C}] => (Allow) D:\Diablo\StarCraft II\StarCraft II.exe
FirewallRules: [{6FE40104-B81D-4E63-9AE7-6B8123DA3C11}] => (Allow) D:\Diablo\StarCraft II\StarCraft II.exe
FirewallRules: [TCP Query User{7C181362-C9D0-46C5-A5F0-E54BE6E76E67}D:\diablo\starcraft ii\versions\base28667\sc2.exe] => (Allow) D:\diablo\starcraft ii\versions\base28667\sc2.exe
FirewallRules: [UDP Query User{E2942878-9D41-45F4-81E6-995D7E17B210}D:\diablo\starcraft ii\versions\base28667\sc2.exe] => (Allow) D:\diablo\starcraft ii\versions\base28667\sc2.exe
FirewallRules: [{6790884E-61EB-487B-846E-22512725B6DD}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2787\Agent.exe
FirewallRules: [{EAA68D18-E21C-455F-BA0F-EE8A1AB132A0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2787\Agent.exe
FirewallRules: [{B18A2A8B-97CE-4408-98FC-2B72BEEF5DE3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe
FirewallRules: [{16901FD5-2592-4BA8-A39F-604D9700AA3F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe
FirewallRules: [{290E2F11-FF1E-418D-B6C4-23E2580DC255}] => (Allow) D:\Program Files (x86)\KMSpico\KMSELDI.exe
FirewallRules: [{8E933E84-DFEF-4E41-96DD-ED42F53DDE8C}] => (Allow) D:\Program Files (x86)\KMSpico\KMSELDI.exe
FirewallRules: [{21ED68D6-7A57-482D-B3AD-944B2ED7BE4E}] => (Allow) D:\Program Files (x86)\KMSpico\AutoPico.exe
FirewallRules: [{04529AB2-DE2C-4C5A-B96E-626521BC6547}] => (Allow) D:\Program Files (x86)\KMSpico\AutoPico.exe
FirewallRules: [{85E3A8A3-0E99-412D-849B-D0D23D5C02BF}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{76A968B6-BE1C-4152-898B-FA39C004A777}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{C66B792C-228A-498E-AF89-365249347B31}] => (Allow) D:\Steam\SteamApps\common\Supreme Commander 2\bin\SupremeCommander2.exe
FirewallRules: [{6D44E7D4-843C-425E-84EE-4635B3BB5DEC}] => (Allow) D:\Steam\SteamApps\common\Supreme Commander 2\bin\SupremeCommander2.exe
FirewallRules: [{6224D34A-9CD0-4DC5-BFE8-11B619E6ED92}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{FC7EBDBF-0065-4290-ACF2-D7ECFC132536}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [TCP Query User{7C5C0FBF-3907-4637-BA6A-0D5CFD9B24C3}D:\diablo\starcraft ii\versions\base28667\sc2.exe] => (Allow) D:\diablo\starcraft ii\versions\base28667\sc2.exe
FirewallRules: [UDP Query User{99E31B09-AA15-4267-97C9-7110E606584D}D:\diablo\starcraft ii\versions\base28667\sc2.exe] => (Allow) D:\diablo\starcraft ii\versions\base28667\sc2.exe
FirewallRules: [{F4C32761-8179-4D2F-B7F8-3E0071DD2079}] => (Allow) D:\Program Files (x86)\KMSpico\AutoPico.exe
FirewallRules: [{C2384415-E56E-4C72-A11F-DF1358BFF902}] => (Allow) D:\Program Files (x86)\KMSpico\AutoPico.exe
FirewallRules: [TCP Query User{F0468C5F-CBA0-4460-8B77-1A792EB3989E}D:\program files (x86)\origin games\battlefield 3\bf3.exe] => (Allow) D:\program files (x86)\origin games\battlefield 3\bf3.exe
FirewallRules: [UDP Query User{285C2EA7-1AFB-436C-81DE-420D328DE1B1}D:\program files (x86)\origin games\battlefield 3\bf3.exe] => (Allow) D:\program files (x86)\origin games\battlefield 3\bf3.exe
FirewallRules: [{524633C6-25A5-4906-8C59-42DCB7AF471B}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{3A74A329-9F8C-49E5-AAFA-2872BAC73DB4}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{A0934EEE-E53B-4DBB-A5B5-B494730C7130}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{7E82D1F9-EA3C-4AEC-8661-31CCBDCB726A}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{0CA75E98-5397-46D2-8336-2BE1AC41A8F4}] => (Allow) D:\Program Files (x86)\KMSpico\Service_KMS.exe
FirewallRules: [{86B26EF6-EC83-4B21-8390-AD44B72BF73F}] => (Allow) D:\Program Files (x86)\KMSpico\Service_KMS.exe
FirewallRules: [TCP Query User{1EAE046E-C0FF-49C9-9162-0FE41D7E088E}D:\steam\steamapps\common\rise of nations\rise.exe] => (Allow) D:\steam\steamapps\common\rise of nations\rise.exe
FirewallRules: [UDP Query User{528F45E5-5554-4FF0-B8C7-0084D20DC2EF}D:\steam\steamapps\common\rise of nations\rise.exe] => (Allow) D:\steam\steamapps\common\rise of nations\rise.exe
FirewallRules: [{522C3BB1-1B34-41AC-A88D-1B26320CBC3D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [{363BCE44-8255-44BF-8A0F-99288CDDD3E7}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [{BD94AB80-CC8A-4193-ABA2-D107162A6079}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [{2D743E3B-660E-41B8-908F-A1BADF06CD79}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [{992A7DDA-7BEE-40EE-84E1-7499B8467349}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe
FirewallRules: [{D7AB1AFB-D301-4616-A7AF-D6A604C7C6D1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe
FirewallRules: [{7809B7A8-4253-48B8-98A4-FF6B0ADF5839}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe
FirewallRules: [{112ABEDC-1D09-4DF4-82D5-4144CDFB3AC7}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe
FirewallRules: [{E2C97174-82F9-4E8E-A292-15DD632251CE}] => (Allow) D:\Program Files (x86)\KMSpico\Service_KMS.exe
FirewallRules: [{A4452608-0B80-4AD0-A8F0-ADA1D3BB0992}] => (Allow) D:\Program Files (x86)\KMSpico\Service_KMS.exe
FirewallRules: [{0E9AFC68-93D8-4D29-A7BF-010EA12D0190}] => (Allow) LPort=1688
FirewallRules: [{6C771E3F-0FC5-47C1-ADA4-EB4084FEE87D}] => (Allow) D:\Steam\bin\steamwebhelper.exe
FirewallRules: [{085B68EE-6DFE-43E1-A3A8-EA29E2C838E1}] => (Allow) D:\Steam\bin\steamwebhelper.exe
FirewallRules: [{942F1E65-EB45-479F-A38E-FC6F41A29E55}] => (Allow) D:\Steam\SteamApps\common\Total War SHOGUN 2\Shogun2.exe
FirewallRules: [{EB568F97-B439-4EF4-9AE7-7BFCDB2C60C7}] => (Allow) D:\Steam\SteamApps\common\Total War SHOGUN 2\Shogun2.exe
FirewallRules: [{70F9A2CA-7C8E-48AB-9393-121CFD4398FC}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe
FirewallRules: [{C9A8054B-D290-4AEC-A42C-E1B22C57A68A}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe
FirewallRules: [{34E4C29F-F6B0-49A5-BC3B-C49CBF5092EE}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{7C74DC8A-3ECF-4169-822F-EEE2ED51FB55}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{B4D3E9DE-1C47-4E65-90FB-7D2A92C8ACE5}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{88D1ADB4-DD35-4B9D-93AE-D9EBA4E48CF4}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [TCP Query User{AF5F62CD-C898-4ABC-87B8-2998272A944F}D:\diablo\starcraft ii\versions\base32283\sc2.exe] => (Allow) D:\diablo\starcraft ii\versions\base32283\sc2.exe
FirewallRules: [UDP Query User{70CD513A-DDA6-4395-AA41-A1C3438EEC15}D:\diablo\starcraft ii\versions\base32283\sc2.exe] => (Allow) D:\diablo\starcraft ii\versions\base32283\sc2.exe
FirewallRules: [{7D5D425B-63E6-4F33-89D1-DA0B96342689}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{63A6DE05-3417-48EB-ABC2-7102212BE00D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{592B87CD-4FDA-453F-91DA-1E75F19DC40C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{8650B8A7-2855-4E87-9D9D-67F358C6A561}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{368D3624-962E-4DB9-BD7A-B83719BC7980}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
FirewallRules: [{89863BDB-4357-46C5-86C8-56F4A680AF3B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
FirewallRules: [{032A844F-8026-4AF9-A896-F7EEA3043AAC}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{48C088AF-2D15-484F-8491-19B8152EBA48}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{0779E5E9-3A80-4426-93C6-C3E0C558B6E8}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{D1FD8639-D5F3-4145-911C-6AB22FE34F32}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{4927F9A1-D5D6-42BA-814E-09B9CFC85F0D}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{79B02B00-2554-4A81-A8CB-708F3D9D35F2}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [TCP Query User{F6E1B078-4570-4204-9E9D-3CE086BFB9B5}D:\software\skype\phone\skype.exe] => (Allow) D:\software\skype\phone\skype.exe
FirewallRules: [UDP Query User{54AAF861-6370-48B5-A8B3-58DBE3E32BA1}D:\software\skype\phone\skype.exe] => (Allow) D:\software\skype\phone\skype.exe
FirewallRules: [TCP Query User{35CDB4D7-96C4-4AF7-BC89-A74378E37618}D:\software\skype\phone\skype.exe] => (Allow) D:\software\skype\phone\skype.exe
FirewallRules: [UDP Query User{70E5622B-8C40-4B86-8F19-FD194305DF1F}D:\software\skype\phone\skype.exe] => (Allow) D:\software\skype\phone\skype.exe
FirewallRules: [TCP Query User{8EBB2D34-D241-4B16-AC2A-C0B389EAB8F0}D:\firefox\firefox.exe] => (Block) D:\firefox\firefox.exe
FirewallRules: [UDP Query User{EE524630-D9E9-460E-9400-93E38B8A6C9A}D:\firefox\firefox.exe] => (Block) D:\firefox\firefox.exe
FirewallRules: [TCP Query User{572E1820-3C35-43EA-A79A-91D852953571}D:\firefox\firefox.exe] => (Block) D:\firefox\firefox.exe
FirewallRules: [UDP Query User{50FAD249-FD5F-4627-AE99-B7524ABB99C0}D:\firefox\firefox.exe] => (Block) D:\firefox\firefox.exe
FirewallRules: [{8B551092-4C92-42C9-8241-6395AF5FCB5B}] => (Allow) D:\Program Files (x86)\Origin Games\Syndicate (1993)\data\Game\DOSBox\LAUNCHER.exe
FirewallRules: [{E24C0EAC-D62C-44AB-B43E-1F1B455734CF}] => (Allow) D:\Program Files (x86)\Origin Games\Syndicate (1993)\data\Game\DOSBox\LAUNCHER.exe
FirewallRules: [{CC9EFEB5-8516-4CD1-82F7-22784DD92DB5}] => (Allow) D:\Programmierung\VS Express 2013\Common7\IDE\WDExpress.exe
FirewallRules: [{85EF242F-8542-4285-AF38-CDD152FCBB0A}] => (Allow) D:\Program Files (x86)\Origin Games\FIFA Manager 14\Manager14.exe
FirewallRules: [{1FEA9FE5-B3B3-4243-B7FD-8A6919F939CC}] => (Allow) D:\Program Files (x86)\Origin Games\FIFA Manager 14\Manager14.exe
FirewallRules: [{99BB33B9-4D73-4AD4-B5B7-642255E13915}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{5DCF519D-71D9-4F8A-8663-7B9241F55126}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{5757EE07-0396-430D-B9D5-30074A16BD24}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/29/2015 08:46:51 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.

Error: (04/29/2015 08:28:26 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.

Error: (04/29/2015 08:28:25 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.

Error: (04/29/2015 08:28:22 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.

Error: (04/29/2015 03:15:39 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.

Error: (04/29/2015 03:14:41 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1". Fehler in Manifest- oder Richtliniendatei "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" in Zeile  UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition: UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.

Error: (04/29/2015 03:10:46 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.

Error: (04/29/2015 03:09:17 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1". Fehler in Manifest- oder Richtliniendatei "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" in Zeile  UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition: UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.

Error: (04/28/2015 09:44:11 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.

Error: (04/28/2015 09:43:15 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.


System errors:
=============
Error: (04/29/2015 05:36:55 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.

Modulpfad: C:\WINDOWS\System32\IWMSSvc.dll

Error: (04/29/2015 05:10:31 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.

Modulpfad: C:\WINDOWS\System32\IWMSSvc.dll

Error: (04/29/2015 03:10:14 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Bluetooth Device Monitor erreicht.

Error: (04/29/2015 03:09:44 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Bluetooth Device Monitor erreicht.

Error: (04/28/2015 11:48:58 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "MARINA-PC",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{BEC9A54D-03E0-46BA-B70A-9E1AE4528ED8}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (04/28/2015 09:37:32 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Druckwarteschlange" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (04/28/2015 09:37:32 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Display Driver Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/28/2015 09:37:32 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "SQL Full-text Filter Daemon Launcher (AUSBILDUNG)" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/28/2015 09:37:32 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.

Error: (04/28/2015 09:37:32 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Bluetooth OBEX Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


Microsoft Office Sessions:
=========================
Error: (04/29/2015 08:46:51 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (04/29/2015 08:28:26 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifestD:\downloads\esetsmartinstaller_deu.exe

Error: (04/29/2015 08:28:25 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifestD:\downloads\esetsmartinstaller_deu.exe

Error: (04/29/2015 08:28:22 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifestD:\downloads\esetsmartinstaller_deu.exe

Error: (04/29/2015 03:15:39 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (04/29/2015 03:14:41 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"C:\Program Files\Microsoft Office 15\root\office15\lync.exe.ManifestC:\Program Files\Microsoft Office 15\root\office15\UccApi.DLL1

Error: (04/29/2015 03:10:46 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (04/29/2015 03:09:17 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"C:\Program Files\Microsoft Office 15\root\office15\lync.exe.ManifestC:\Program Files\Microsoft Office 15\root\office15\UccApi.DLL1

Error: (04/28/2015 09:44:11 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (04/28/2015 09:43:15 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifestD:\esetsmartinstaller_deu.exe


CodeIntegrity Errors:
===================================
  Date: 2015-04-27 21:41:59.857
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-04-27 21:41:59.732
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-04-27 21:41:59.592
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-04-26 21:46:12.477
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-04-26 21:46:12.321
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-04-26 21:46:12.180
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-04-26 21:46:12.009
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-04-26 21:46:11.868
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-04-26 15:46:15.630
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-04-17 16:49:34.466
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-4700MQ CPU @ 2.40GHz
Percentage of memory in use: 28%
Total physical RAM: 8076.43 MB
Available physical RAM: 5813.28 MB
Total Pagefile: 9356.43 MB
Available Pagefile: 6700.32 MB
Total Virtual: 131072 MB
Available Virtual: 131071.83 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:57.92 GB) (Free:3.51 GB) NTFS
Drive d: (Data) (Fixed) (Total:871.51 GB) (Free:683.16 GB) NTFS
Drive e: (Recover) (Fixed) (Total:60 GB) (Free:36.58 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 59.6 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 45CDFDC5)
Partition 1: (Not Active) - (Size=871.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=60 GB) - (Type=07 NTFS)

==================== End Of Log ============================

deeprybka · 29.04.2015, 20:44

Bitte Scan wiederholen.

Dabbei · 30.04.2015, 16:09

Nehme an ESET ist gemeint

...und action, dauert paar Stündchen.

29.04.2015, 20:44	#14
deeprybka /// TB-Ausbilder /// Anleitungs-Guru	Software Bundler Bitte Scan wiederholen. __________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Software Bundler

Plagegeister aller Art und deren Bekämpfung: Software Bundler