Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: nur Laptop sendet Dos Attacke Syn und UDP Flood an Router W921v

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 17.01.2015, 09:25   #1
andto
 
nur Laptop sendet Dos Attacke Syn und UDP Flood an Router W921v - Icon16

nur Laptop sendet Dos Attacke Syn und UDP Flood an Router W921v



Guten Morgen mein Laptop sendet an meinen Router W921v Dos Attacken

ich bin neu und habe bis auf "Gmer19357.exe" (bricht ab) alle Aufgaben erledigt. Logfiles liegen vor. FRST und Fogger.

Nun zum Log des Router W921v, auffällig wurde dies nur durch verlangsamung des Internets nach immer ca. 1 Woche und Probleme beim TV. Wir haben 16000 und 2 Mediareceiver für TV netto verbleibt ne 11000er und ein lahmer Upload 700

Meldungen wie diese tauche in der Log vom Router auf: ein Ausschnitt

17.01.2015 09:03:52 DoS(Denial of Service) Angriff SYN Flood Stop wurde entdeckt. (FW101)
17.01.2015 09:03:50 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
17.01.2015 09:03:50 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
17.01.2015 09:03:50 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
17.01.2015 09:03:37 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
17.01.2015 09:03:37 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
17.01.2015 09:03:37 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
17.01.2015 09:03:37 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
17.01.2015 09:03:36 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
17.01.2015 09:03:36 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
17.01.2015 09:03:35 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
17.01.2015 09:03:35 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
17.01.2015 09:03:35 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
17.01.2015 09:03:34 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
17.01.2015 09:03:34 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
17.01.2015 09:03:34 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
17.01.2015 09:03:32 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
17.01.2015 09:03:10 192.168.2.14 Anmeldung erfolgreich. (G101)
17.01.2015 09:00:30 WLAN-Station abgemeldet: Rechnername: captivapad, Mac-Adresse: gelöscht (W001)
17.01.2015 08:57:04 IP-Adresse 192.168.2.14: Abmeldung nach Time-Out.
17.01.2015 08:56:58 DHCP ist aktiv: WLAN MAC Adresse <gelöscht> IP-Adresse <192.168.2.14> Subnetzmaske <255.255.255.0> DNS-Server <192.168.2.1> Gateway <192.168.2.1> Lease Time <1 Tage> (H001)
17.01.2015 08:56:58 DHCP ist aktiv:fe80:0000:0000:0000:0000:0000:0000:0001. (DH101)
17.01.2015 08:56:55 WLAN-Station angemeldet: Rechnername: OnePC, Mac-Adresse: gelöscht (W103)
17.01.2015 08:56:21 WLAN-Station abgemeldet: Rechnername: jennyz1, Mac-Adresse: gelöscht (W001)
17.01.2015 08:55:22 DHCP ist aktiv: WLAN MAC Adresse <gelöscht> IP-Adresse <192.168.2.12> Subnetzmaske <255.255.255.0> DNS-Server <192.168.2.1> Gateway <192.168.2.1> Lease Time <Immer> (H001)
17.01.2015 08:55:21 WLAN-Station angemeldet: Rechnername: jennyz1, Mac-Adresse: 44:74:6c:55:54:ab (W103)
17.01.2015 08:49:57 WLAN-Station abgemeldet: Rechnername: OnePC, Mac-Adresse: a4:17:31:9e:de:23 (W001)
17.01.2015 08:49:54 DHCP ist aktiv: LAN MAC Adresse <gelöscht> IP-Adresse <192.168.2.19> Subnetzmaske <255.255.255.0> DNS-Server <192.168.2.1> Gateway <192.168.2.1> Lease Time <Immer> (H001)
17.01.2015 08:49:54 WLAN-Station angemeldet: Rechnername: captivapad, Mac-Adresse: gelöscht (W103)
17.01.2015 08:49:36 DHCP ist aktiv: WLAN MAC Adresse <gelöscht> IP-Adresse <192.168.2.14> Subnetzmaske <255.255.255.0> DNS-Server <192.168.2.1> Gateway <192.168.2.1> Lease Time <1 Tage> (H001)
17.01.2015 08:49:35 DHCP ist aktiv:fe80:0000:0000:0000:0000:0000:0000:0001. (DH101)
17.01.2015 08:49:32 WLAN-Station angemeldet: Rechnername: OnePC, Mac-Adresse: gelöscht (W103)
17.01.2015 08:48:06 WLAN-Station abgemeldet: Rechnername: OnePC, Mac-Adresse: gelöscht (W001)
17.01.2015 08:43:18 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
17.01.2015 08:43:18 DoS(Denial of Service) Angriff SYN Flood Stop wurde entdeckt. (FW101)
17.01.2015 08:43:18 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
17.01.2015 08:43:17 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
17.01.2015 08:43:17 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
17.01.2015 08:43:17 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
17.01.2015 08:43:16 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
17.01.2015 08:43:16 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
17.01.2015 08:42:58 WLAN-Station abgemeldet: Rechnername: captivapad, Mac-Adresse: gelöscht (W001)
17.01.2015 08:41:50 DoS(Denial of Service) Angriff UDP flood wurde entdeckt. (FW101)
17.01.2015 08:40:59 DHCP ist aktiv:fe80:0000:0000:0000:0000:0000:0000:0001. (DH101)
17.01.2015 08:40:09 DoS(Denial of Service) Angriff SYN Flood Stop wurde entdeckt. (FW101)
17.01.2015 08:40:09 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
17.01.2015 08:40:09 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
17.01.2015 08:40:08 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
17.01.2015 08:40:06 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
17.01.2015 08:40:06 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
17.01.2015 08:40:06 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
17.01.2015 08:40:06 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
17.01.2015 08:39:50 DoS(Denial of Service) Angriff UDP flood wurde entdeckt. (FW101)

Alt 17.01.2015, 11:05   #2
schrauber
/// the machine
/// TB-Ausbilder
 

nur Laptop sendet Dos Attacke Syn und UDP Flood an Router W921v - Standard

nur Laptop sendet Dos Attacke Syn und UDP Flood an Router W921v



Hi,

Dann Poste die logs Bitte in codetags.
__________________

__________________

Alt 17.01.2015, 12:03   #3
andto
 
nur Laptop sendet Dos Attacke Syn und UDP Flood an Router W921v - Standard

nur Laptop sendet Dos Attacke Syn und UDP Flood an Router W921v



Danke für die schnelle...

Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 09:21 on 17/01/2015 (Admin)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         
FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-01-2015 01
Ran by Admin (administrator) on ONEPC on 17-01-2015 09:22:02
Running from C:\Users\Admin\Downloads
Loaded Profiles: Admin (Available profiles: Admin & Mcx1-ONEPC)
Platform: Windows 8.1 Pro with Media Center (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Electronic Arts) D:\Program Files (x86)\Origin\Origin.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
() C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Common Files\Lexware\Internettransfer\LxTrans.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Lexware\Update Manager\LxUpdateManager.exe
(Geek Software GmbH) D:\Program Files (x86)\PDF24\pdf24.exe
(Mischel Internet Security) C:\Program Files (x86)\TrojanHunter 5.6\THGuard.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_257.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_257.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-13] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531984 2015-01-07] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [517912 2013-02-15] (Acronis)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-01] (Intel Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [TransferManager] => C:\Program Files (x86)\Common Files\Lexware\Internettransfer\LxTrans.exe [444928 2014-06-29] (Haufe-Lexware GmbH & Co. KG)
HKLM-x32\...\Run: [LexwareInfoService] => C:\Program Files (x86)\Lexware\Update Manager\LxUpdateManager.exe [208424 2014-06-03] (Haufe-Lexware GmbH & Co. KG)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [6405376 2013-03-28] (Acronis)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1105848 2013-01-10] (Acronis)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2014-12-08] (Raptr, Inc)
HKLM-x32\...\Run: [PDFPrint] => d:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH)
HKLM-x32\...\Run: [THGuard] => C:\Program Files (x86)\TrojanHunter 5.6\THGuard.exe [1081808 2014-07-30] (Mischel Internet Security)
HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\Run: [SkyDrive] => C:\Users\Admin\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [277672 2014-10-09] (Microsoft Corporation)
HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\Run: [EADM] => d:\Program Files (x86)\Origin\Origin.exe [3618648 2014-12-19] (Electronic Arts)
HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\Run: [GarminExpressTrayApp] => D:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\Run: [Prime95] => C:\Users\Admin\Downloads\p95v285.win64\prime95.exe [36363264 2014-05-30] ()
HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7063832 2014-11-21] (Piriform Ltd)
HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\Run: [PeerGuardian] => C:\Program Files (x86)\PeerGuardian2\pg2.exe [1421824 2005-09-18] (Methlabs)
HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\MountPoints2: {0d48a496-850f-11e3-becb-a417319ede24} - "G:\setup_vmc_lite.exe" /checkApplicationPresence
HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\MountPoints2: {78f8706e-00e8-11e4-bf2b-a417319ede24} - "C:\WINDOWS\system32\RunDLL32.EXE" Shell32.DLL,ShellExec_RunDLL F:\start.exe
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => D:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [178632 2014-12-13] (NVIDIA Corporation)
AppInit_DLLs: , C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [178632 2014-12-13] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [165760 2014-12-13] (NVIDIA Corporation)
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk
ShortcutTarget: Netzmanager.lnk -> C:\Program Files\Netzmanager\netzmanager.exe (Deutsche Telekom AG)
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - .lnk
ShortcutTarget: Tintenwarnungen überwachen - .lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet Pro 8600 (Netzwerk).lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet Pro 8600 (Netzwerk).lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk
ShortcutTarget: Killer Network Manager.lnk -> C:\Windows\Installer\{2D7BDE37-83EC-438A-9E1F-A610594DD358}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe (Flexera Software LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SRW Download Manager.lnk
ShortcutTarget: SRW Download Manager.lnk -> C:\IgniteGT\Simraceway\SRWAgent.exe (IgniteGT)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll (Acronis)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2819443126-392552937-1277417864-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = 
SearchScopes: HKU\S-1-5-21-2819443126-392552937-1277417864-1001 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_dnldstr_14_51_ff&cd=2XzuyEtN2Y1L1Qzu0AyEtCyBtAtCzy0E0D0EtByE0AtB0FtAtN0D0Tzu0StCtDzzyEtN1L2XzutAtFyCtFtCtDtFyBtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAyEtC0A0F0DzzyBtGtAyBtDtCtG0FtC0DyBtGyDyEyDyBtGyE0ByDzy0AyDyDyDtCzyyCtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0CtDzzzz0C0AyBzytGyCyDtAyBtGyEzzyByDtGzzyEtC0BtGtA0AyB0E0Ezz0BtBtDtB0EyD2Q&cr=817908588&ir=
SearchScopes: HKU\S-1-5-21-2819443126-392552937-1277417864-1001 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_dnldstr_14_51_ff&cd=2XzuyEtN2Y1L1Qzu0AyEtCyBtAtCzy0E0D0EtByE0AtB0FtAtN0D0Tzu0StCtDzzyEtN1L2XzutAtFyCtFtCtDtFyBtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAyEtC0A0F0DzzyBtGtAyBtDtCtG0FtC0DyBtGyDyEyDyBtGyE0ByDzy0AyDyDyDtCzyyCtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0CtDzzzz0C0AyBzytGyCyDtAyBtGyEzzyByDtGzzyEtC0BtGtA0AyB0E0Ezz0BtBtDtB0EyD2Q&cr=817908588&ir=
SearchScopes: HKU\S-1-5-21-2819443126-392552937-1277417864-1001 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3331398&octid=EB_ORIGINAL_CTID&ISID=M98418E83-B3EA-43D5-8755-D677627AA14D&SearchSource=58&CUI=&UM=6&UP=SPBA41B64D-0AC7-400C-8B20-B282A96FFC62&q={searchTerms}&SSPV=
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {3746422E-4692-4429-9698-E3EB34FE07BC} hxxp://192.168.1.9:88/FSIPCam.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {960DC750-7447-4CDE-BF1C-FB33F9129654} hxxp://192.168.1.9:5000/webman/3rdparty/SurveillanceStation/object/SSObject3.cab?6.1-2909
DPF: HKLM-x32 {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} hxxp://192.168.1.117/codebase/DVM_IPCam2.ocx
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com/bin/srldetect_intel_4.5.24.0.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mpiofm0i.default-1406638029815
FF SelectedSearchEngine: Vosteran
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @IPCWebComponents -> C:\Program Files (x86)\IPCWebComponents\npIPCReg.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: synology.com/SurveillanceHelper -> C:\Program Files (x86)\Synology\SurveillanceHelper\1.0.0.3\npSurveillanceHelper.dll (Synology)
FF Plugin-x32: synology.com/SurveillancePlugin -> C:\Program Files (x86)\Synology\SurveillancePlugin\1.0.0.423\npSurveillancePlugin.dll (Synology)
FF Plugin HKU\S-1-5-21-2819443126-392552937-1277417864-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Admin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2819443126-392552937-1277417864-1001: hp.com/HPDetect -> C:\Users\Admin\AppData\Roaming\HewlettPackard\HPDetect\1.0.0.0\npHPDetect.dll (HP)
FF Plugin HKU\S-1-5-21-2819443126-392552937-1277417864-1001: synology.com/SSWebPlugin -> C:\Users\Admin\AppData\Roaming\Synology\SSWebPlugin\1.0.0.39\npSSWebPlugin.dll (Synology)
FF user.js: detected! => C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mpiofm0i.default-1406638029815\user.js
FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mpiofm0i.default-1406638029815\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mpiofm0i.default-1406638029815\searchplugins\google-maps.xml
FF Extension: npIpcam - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mpiofm0i.default-1406638029815\Extensions\npapi@n.com [2014-08-23]
FF Extension: Bitdefender QuickScan - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mpiofm0i.default-1406638029815\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2014-12-25]
FF Extension: {4bca6f1e-1ab9-44ff-9461-67bd2fbe7039} - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mpiofm0i.default-1406638029815\Extensions\{4bca6f1e-1ab9-44ff-9461-67bd2fbe7039}.xpi [2014-11-09]
FF Extension: Adblock Plus - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mpiofm0i.default-1406638029815\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-21]
FF Extension: Hotspot Shield Extension - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afproxy@anchorfree.com [2014-12-09]
FF HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mpiofm0i.default-1406638029815\extensions\cliqz@cliqz.com

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [ocbnpbkmjpgbdcgiflkgkpnkinifpgpj] - C:\Users\Admin\ChromeExtensions\ocbnpbkmjpgbdcgiflkgkpnkinifpgpj\amazon-icon-2.crx [2014-11-08]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 ADUServiceNSRT; C:\Program Files (x86)\Common Files\Nokia\ADUService\ADUService.exe [100984 2014-06-26] () [File not signed]
S4 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [448384 2014-12-03] ()
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
S4 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [614624 2014-12-10] (Futuremark)
S4 Garmin Core Update Service; D:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438616 2014-08-07] (Garmin Ltd or its subsidiaries)
S4 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2015-01-07] (NVIDIA Corporation)
S4 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [1876816 2015-01-15] (SurfRight B.V.)
S4 hshld; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [935208 2014-09-11] (AnchorFree Inc.)
S4 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [78512 2014-05-17] ()
S4 HssWd; C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [430344 2014-05-16] ()
S4 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [318568 2014-10-03] (Intel Corporation)
S4 iRacingService; D:\Program Files (x86)\iRacing\iRacingService.exe [798840 2015-01-13] (iRacing.com Motorsport Simulations, LLC
Bedford, MA 01730)
S4 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-09-17] (Intel Corporation)
S4 Lexware_Update_Service; C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe [62504 2014-06-26] (Haufe-Lexware GmbH & Co. KG)
S4 Micro Star SCM; C:\WINDOWS\SysWOW64\MSIService.exe [160768 2009-07-09] (Micro-Star International Co., Ltd.) [File not signed]
S4 Netzmanager Service; C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe [2635776 2012-07-20] (Deutsche Telekom AG) [File not signed]
S4 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2015-01-07] (NVIDIA Corporation)
S4 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19822736 2015-01-07] (NVIDIA Corporation)
S4 Origin Client Service; D:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2014-12-19] (Electronic Arts)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2014-06-13] ()
S4 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [387584 2014-09-19] (Qualcomm Atheros) [File not signed]
S4 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3275728 2014-06-24] (Paramount Software UK Ltd)
S4 Simraceway Update Service; C:\Program Files (x86)\SimracewayUpdater\SRWUpdate.exe [1630720 2013-07-11] () [File not signed]
S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3903488 2014-07-11] (Qualcomm Atheros Communications, Inc.)
R1 BfLwf; C:\Windows\system32\DRIVERS\bwcW8x64.sys [97968 2014-09-11] (Qualcomm Atheros, Inc.)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R2 hmpalert; C:\Windows\System32\drivers\hmpalert.sys [93144 2015-01-15] ()
R1 HssDRV6; C:\Windows\system32\DRIVERS\hssdrv6.sys [44744 2014-05-17] (AnchorFree Inc.)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115448 2013-11-21] (EZB Systems, Inc.)
R3 Ke2200; C:\Windows\system32\DRIVERS\e22w8x64.sys [130224 2014-03-27] (Qualcomm Atheros, Inc.)
S3 massfilter; C:\Windows\System32\drivers\massfilter.sys [11776 2009-04-09] (ZTE Incorporated) [File not signed]
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [4263936 2013-06-03] (Intel Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-01-07] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S3 pwdrvio; C:\WINDOWS\system32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [12504 2013-09-30] ()
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [79872 2013-12-02] (BlackBerry Limited)
S3 rimvndis; C:\Windows\System32\Drivers\rimvndis6_AMD64.sys [17920 2014-06-23] (Research in Motion Limited)
S3 RimVSerPort; C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
S3 SjtWinIo; C:\Windows\System32\drivers\SjtWinIo.sys [9216 2014-08-26] (SpeedJet Technology INC.)
R3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42184 2014-05-17] (Anchorfree Inc.)
S3 TelekomNM6; C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys [45664 2010-09-16] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2014-11-11] (Acronis International GmbH)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [183224 2014-11-11] (Acronis)
S3 UHSfiltv; C:\Windows\system32\drivers\UHSfiltv.sys [23552 2012-09-12] (Creative Technology Ltd.) [File not signed]
S3 usbrndis6; C:\Windows\system32\DRIVERS\usb80236.sys [20992 2013-08-22] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 AthBTPort; \SystemRoot\system32\DRIVERS\btath_flt.sys [X]
S3 BTATH_A2DP; \SystemRoot\system32\drivers\btath_a2dp.sys [X]
S3 btath_avdt; \SystemRoot\system32\drivers\btath_avdt.sys [X]
S3 BTATH_BUS; \SystemRoot\System32\drivers\btath_bus.sys [X]
S3 BTATH_HCRP; \SystemRoot\System32\drivers\btath_hcrp.sys [X]
S3 BTATH_LWFLT; \SystemRoot\system32\DRIVERS\btath_lwflt.sys [X]
S3 BTATH_RCP; \SystemRoot\System32\drivers\btath_rcp.sys [X]
S3 cpuz138; \??\C:\WINDOWS\TEMP\cpuz138\cpuz138_x64.sys [X]
S3 GPUZ; \??\C:\WINDOWS\TEMP\GPUZ.sys [X]
S3 hitmanpro37; \??\C:\WINDOWS\system32\drivers\hitmanpro37.sys [X]
S3 VMSMP; \SystemRoot\system32\DRIVERS\vmswitch.sys [X]
U3 pxldapoc; \??\C:\Users\Admin\AppData\Local\Temp\pxldapoc.sys [X]

========================== Drivers MD5 =======================

C:\Windows\System32\drivers\1394ohci.sys E1832BD9FD7E0FC2DC9FA5935DE3E8C1
C:\Windows\System32\drivers\3ware.sys AD508A1A46EC21B740AB31C28EFDFDB1
C:\Windows\System32\drivers\ACPI.sys E796AE43DDD1844281DB4D57294D17C0
C:\Windows\System32\Drivers\acpiex.sys AC8279D229398BCF05C3154ADCA86813
C:\Windows\System32\drivers\acpipagr.sys A8970D9BF23CD309E0403978A1B58F3F
C:\Windows\System32\drivers\acpipmi.sys 111A89C99C5B4F1A7BCE5F643DD86F65
C:\Windows\System32\drivers\acpitime.sys 5758387D68A20AE7D3245011B07E36E7
C:\Windows\System32\drivers\ADP80XX.SYS 7C1FDF1B48298CBA7CE4BDD4978951AD
C:\Windows\System32\DRIVERS\afcdp.sys ABCF9C80EAACE03021BB7F450EB8993F
C:\Windows\system32\drivers\afd.sys 374E27295F0A9DCAA8FC96370F9BEEA5
C:\Windows\System32\drivers\agp440.sys 7DFAEBA9AD62D20102B576D5CAC45EC8
C:\Windows\System32\DRIVERS\ahcache.sys F0CB6DB513CAC393D04A0FCE0A59E1BF
C:\Windows\System32\drivers\amdk8.sys 7589DE749DB6F71A68489DCE04158729
C:\Windows\System32\drivers\amdppm.sys B46D2D89AFF8A9490FA8C98C7A5616E3
C:\Windows\System32\drivers\amdsata.sys D2BF2F94A47D332814910FD47C6BBCD2
C:\Windows\System32\drivers\amdsbs.sys A8E04943C7BBA7219AA50400272C3C6E
C:\Windows\System32\drivers\amdxata.sys CEA5F4F27CFC08E3A44D576811B35F50
C:\Windows\system32\drivers\appid.sys 415DD71628795197F7AFC176CBADC74E
C:\Windows\System32\drivers\arcsas.sys 65045784366F7EC5FB4E71BCF923187B
C:\Windows\system32\DRIVERS\asyncmac.sys 3DB7721F06BC2FEDB25029EA23AB27DA
C:\Windows\System32\drivers\atapi.sys 74B14192CF79A72F7536B27CB8814FBD
C:\Windows\system32\DRIVERS\athwbx.sys 13BA3A9C3F97BE72F4E4B8CE348A42F6
C:\Windows\System32\drivers\bxvbda.sys A4A73F631FE2AA2826FBE4A399B04DEF
C:\Windows\System32\drivers\BasicDisplay.sys 8CC7F7E4AFCBA605921B137ED7992C68
C:\Windows\System32\drivers\BasicRender.sys 38A82F4EE8C416A6744B6D30381ED768
C:\Windows\System32\drivers\bcmfn2.sys C1ABB0F7E3BEA48A0417BDF6FF14AB21
C:\Windows\System32\Drivers\Beep.sys EC19013E4CF87609534165DF897274D6
C:\Windows\system32\DRIVERS\bwcW8x64.sys 5D19E915306F162D9E8C715BB0D4503C
C:\Windows\System32\DRIVERS\bowser.sys 6B4FFFDDC618FCF64473CAA86E305697
C:\Windows\system32\DRIVERS\btfilter.sys 239A81CC18170F3369D389DA65E74342
C:\Windows\System32\drivers\BthAvrcpTg.sys A8F23D453A424FF4DE04989C4727ECC7
C:\Windows\System32\drivers\BthEnum.sys 1104A31260CCF4318C884E0AE6C513BF
C:\Windows\System32\drivers\bthhfenum.sys 67343511D80BF3D6D9EEDB5BA8D0B06B
C:\Windows\System32\drivers\BthHFHid.sys 71FE2A48E4C93DDB9798C024880B6C07
C:\Windows\System32\drivers\BthLEEnum.sys D30C67473A2E229662D21F27EAA9AAA5
C:\Windows\System32\drivers\bthmodem.sys 07E33226AD218A2A162662A05CAFB52F
C:\Windows\System32\drivers\bthpan.sys 25BB93167DEF270188072603F92A1EF5
C:\Windows\System32\Drivers\BTHport.sys C37F4930795B771400C63C3C87E7A6C2
C:\Windows\System32\Drivers\BTHUSB.sys 08EA90955AED2D959EE67DF6EDF0E2B6
C:\Windows\System32\DRIVERS\cdfs.sys 2FA6510E33F7DEFEC03658B74101A9B9
C:\Windows\System32\drivers\cdrom.sys C6796EA22B513E3457514D92DCDB1A3D
C:\Windows\System32\drivers\circlass.sys BE9936EDD3267FAAFF94A7835867F00B
C:\Windows\System32\drivers\CLFS.sys 179A41249055D5F039F1B6703F3B6D2B
C:\Windows\System32\drivers\CmBatt.sys EF6EF85DADC3184A10D8F2F7159973CB
C:\Windows\System32\Drivers\cng.sys 114AAF528D3D87D306F3682E618E8091
C:\Windows\System32\drivers\CompositeBus.sys 03AAED827C36F35D70900558B8274905
C:\Windows\System32\drivers\condrv.sys A1FF7DFBFBE164CF92603C651D304DD2
C:\Windows\System32\drivers\csc.sys 9DBC32A45CFA67074432D2AF6C2832B6
C:\Windows\System32\drivers\dam.sys 389C998C64319CD97625B0550E52ECFA
C:\Windows\System32\drivers\dc3d.sys D06E443457FADC6B1AFAF3AA4B6936F6
C:\Windows\System32\Drivers\dfsc.sys A03F362C5557E238CBFA914689C77248
C:\Windows\System32\drivers\disk.sys 4D40C9B33F738797CF50E77CB7C53E85
C:\Windows\System32\drivers\dmvsc.sys EB70A894708D1BC176AFD690FF06085F
C:\Windows\system32\drivers\drmkaud.sys 00C594D5A1DBD22AD8B2902B9F6EFF94
C:\WINDOWS\SysWOW64\Drivers\DrvAgent64.SYS 1ED08A6264C5C92099D6D1DAE5E8F530
C:\Windows\System32\drivers\dxgkrnl.sys E1BB0B6F00F470B451AB45EA13EBA0B3
C:\Windows\System32\drivers\evbda.sys 114BCFDF367FF37C3F1B0A96AF542E4D
C:\Windows\System32\drivers\EhStorClass.sys 43531A5993380CC5113242C29D265FD9
C:\Windows\System32\drivers\EhStorTcgDrv.sys 6F8E738A9505A388B1157FDDE7B3101B
C:\Windows\System32\drivers\errdev.sys DFFFAE1442BA4076E18EED5E406FA0D3
C:\Windows\System32\Drivers\exfat.sys 7729D294A555C7AEB281ED8E4D0E01E4
C:\Windows\System32\Drivers\fastfat.sys 7C4E0D5900B2A1D11EDD626D6DDB937B
C:\Windows\System32\drivers\fdc.sys 5D8402613E778B3BD45E687A8372710B
C:\Windows\System32\drivers\fileinfo.sys BCFD8B149B3ADF92D0DB1E909CAF0265
C:\Windows\System32\drivers\filetrace.sys A1A66C4FDAFD6B0289523232AFB7D8AF
C:\Windows\System32\drivers\flpydisk.sys BE743083CF7063C486A4398E3AEFE59A
C:\Windows\System32\drivers\fltmgr.sys C1FB505A73FA2E9019D32444AB33B75A
C:\Windows\System32\DRIVERS\fltsrv.sys C06AF3D1E7CA6868A6A3064CE6907C4A
C:\Windows\System32\drivers\FsDepends.sys A7C31B168F371E8E6796219F23E354DB
C:\Windows\System32\Drivers\Fs_Rec.sys 09F460AFEDCA03F3BF6E07D1CCC9AC42
C:\Windows\System32\DRIVERS\fvevol.sys F152D55E497E12256290C43B31C7D0CE
C:\Windows\System32\drivers\fxppm.sys 9591D0B9351ED489EAFD9D1CE52A8015
C:\Windows\System32\drivers\gagp30kx.sys FC3EF65EE20D39F8749C2218DBA681CA
C:\Windows\System32\drivers\vmgencounter.sys 0BF5CAD281E25F1418E5B8875DC5ADD1
C:\Windows\System32\Drivers\msgpioclx.sys 8DF1254093B5C354CE725EB6B9B0DE19
C:\Windows\System32\drivers\HDAudBus.sys D4B7ED39C7900384D9E5C1283F1E7926
C:\Windows\System32\drivers\HidBatt.sys 10A70BC1871CD955D85CD88372724906
C:\Windows\System32\drivers\hidbth.sys 1EA1B4FABB8CC348E73CA90DBA22E104
C:\Windows\System32\drivers\hidi2c.sys C241A8BAFBBFC90176EA0F5240EACC17
C:\Windows\System32\drivers\hidir.sys 9BDDEE26255421017E161CCB9D5EDA95
C:\Windows\System32\drivers\hidusb.sys 8DB8EAB9D0C6A5DF0BDCADEA239220B4
C:\Windows\System32\drivers\hmpalert.sys CF07C0A9D38A248D036DD9C47E4D0D6E
C:\Windows\System32\drivers\HpSAMD.sys A6AACEA4C785789BDA5912AD1FEDA80D
C:\Windows\system32\DRIVERS\hssdrv6.sys 0063ACEBB5BBE8C563A6ADB09155E644
C:\Windows\System32\drivers\HTTP.sys 9DDCA7F18983C5410DEFF79F819DF93C
C:\Windows\System32\drivers\hwpolicy.sys 90656C0B3864804B090434EFC582404F
C:\Windows\System32\drivers\hyperkbd.sys 6D6F9E3BF0484967E52F7E846BFF1CA1
C:\Windows\system32\DRIVERS\HyperVideo.sys 907C870F8C31F8DDD6F090857B46AB25
C:\Windows\System32\drivers\i8042prt.sys 49EE0AE9E5B64FFBBD06D55C4984B598
C:\Windows\System32\drivers\iaLPSSi_GPIO.sys 5D90E32E36CE5D4C535D17CE08AEAF05
C:\Windows\System32\drivers\iaLPSSi_I2C.sys DD05E7E80F52ADE9AEB292819920F32C
C:\Windows\System32\drivers\iaStorA.sys 6C91E425ACE29594BD574DE38AC9B76D
C:\Windows\System32\drivers\iaStorAV.sys 08BFE413B0B4AA8DFA4B5684CE06D3DC
C:\Windows\System32\drivers\iaStorV.sys A2200C3033FA4EF249FC096A7A7D02A2
C:\Windows\system32\DRIVERS\igdkmd64.sys 076023219E918D34585B231029A44571
C:\Windows\system32\drivers\intelaud.sys FC7C456AF9B9811499EDBD10616832EE
C:\Windows\system32\drivers\RTKVHD64.sys 6BDCC85422817FA53CD705ADE312CE6A
C:\Windows\system32\DRIVERS\IntcDAud.sys 8AEEE0F4D210B61F917CFEA9653973C4
C:\Windows\System32\drivers\intelide.sys 4E448FCFFD00E8D657CD9E48D3E47157
C:\Windows\System32\drivers\intelpep.sys 7AA01AB1C110916825E6E1389F1B9AF2
C:\Windows\System32\drivers\intelppm.sys 47E74A8E53C7C24DCE38311E1451C1D9
C:\Windows\System32\DRIVERS\ipfltdrv.sys 9DB76D7F9E4E53EFE5DD8C53DE837514
C:\Windows\System32\drivers\IPMIDrv.sys 9C096BF5E10CA8BFA56F32522A89FAF1
C:\Windows\System32\drivers\ipnat.sys B7342B3C58E91107F6E946A93D9D4EFD
C:\Windows\System32\drivers\irenum.sys AE44C526AB5F8A487D941CEB57B10C97
C:\Windows\System32\drivers\isapnp.sys 8AFEEA3955AA43616A60F133B1D25F21
C:\Windows\System32\drivers\msiscsi.sys D90AB68D0FAC9F357F663670FDBB511E
C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys E489D12FF435AEEF4A5474C47D329590
C:\Windows\System32\drivers\iwdbus.sys A90C843F4FDD7A07129BA73C6BE13976
C:\Windows\System32\drivers\kbdclass.sys 5917AFE4A3F695A54B99C1849C8207FE
C:\Windows\System32\drivers\kbdhid.sys 8CD840A062F6BDF41DDE3ACB96164B72
C:\Windows\System32\drivers\kbldfltr.sys DB7A09BC90DF20F44F16F8B0F9ED3491
C:\Windows\system32\DRIVERS\kdnic.sys 813871C7D402A05F2E3A7075F9584A05
C:\Windows\system32\DRIVERS\e22w8x64.sys B7086913421815DFD28FCA62BE0F43F0
C:\Windows\System32\Drivers\ksecdd.sys 4E829B18D5BAEC29893792A3C671A847
C:\Windows\System32\Drivers\ksecpkg.sys CA3F19E4B0765135B0F3C99384C535B9
C:\Windows\system32\drivers\ksthunk.sys 11AFB527AA370B1DAFD5C36F35F6D45F
C:\Windows\system32\DRIVERS\lltdio.sys C09010B3680860131631F53E8FE7BAD8
C:\Windows\System32\drivers\lsi_sas.sys C755AE4635457AA2A11F79C0DF857ABC
C:\Windows\System32\drivers\lsi_sas2.sys ADAC09CBE7A2040B7F68B5E5C9A75141
C:\Windows\System32\drivers\lsi_sas3.sys 04D1274BB9BBCCF12BD12374002AA191
C:\Windows\System32\drivers\lsi_sss.sys 327469EEF3833D0C584B7E88A76AEC0C
C:\Windows\system32\drivers\luafv.sys DDEE191AB32DFC22C6465002ECDF5EE4
C:\Windows\System32\drivers\massfilter.sys B5E86524918EF32B32D1032E0C8E92A3
C:\Windows\system32\drivers\MBfilt64.sys 8FF2D95CBA49B405C5DE27039FF0BF35
C:\Windows\System32\drivers\megasas.sys EB5C03A070F30D64A6DF80E53B22F53F
C:\Windows\System32\drivers\megasr.sys F6F13533196DE7A582D422B0241E4363
C:\Windows\System32\drivers\HECIx64.sys 2BB3EAE2EA641515D4B205CAB29E1624
C:\Windows\System32\drivers\modem.sys 8B38C44F69259987C95135C9627E2378
C:\Windows\System32\drivers\monitor.sys 601589000CC90F0DF8DA2CC254A3CCC9
C:\Windows\System32\drivers\mouclass.sys 08374E4E5B8914DE6067CBA99F61E930
C:\Windows\System32\drivers\mouhid.sys 5FCBAB60598AE119E02B4C27DE6B99EA
C:\Windows\System32\drivers\mountmgr.sys D1D82F007A079A4D623DBD1F36EF30A1
C:\Windows\System32\drivers\mpsdrv.sys 6FC047578785B0435F4E2660946D1ADC
C:\Windows\system32\drivers\mrxdav.sys DB32958F0E704EFBF7F15161A569E39F
C:\Windows\System32\DRIVERS\mrxsmb.sys 31233271EDE50D1BBB220F78AFA60486
C:\Windows\System32\DRIVERS\mrxsmb10.sys 3E28B99198B514DFEB152EACF913025E
C:\Windows\System32\DRIVERS\mrxsmb20.sys 6276AC2AA203CF47811F6EFBBD214FBF
C:\Windows\system32\DRIVERS\bridge.sys F3C060444777A59FC63D920719E43CCD
C:\Windows\System32\Drivers\Msfs.sys D13329FBF8345B28AB30F44CC247DC08
C:\Windows\System32\drivers\msgpiowin32.sys C6B474E46F9E543B875981ED3FFE6ADD
C:\Windows\System32\drivers\mshidkmdf.sys 65C92EB9D08DB5C69F28C7FFD4E84E31
C:\Windows\System32\drivers\mshidumdf.sys 52299F086AC2DAFD100DD5DC4A8614BA
C:\Windows\System32\drivers\msisadrv.sys 36D92AF3343C3A3E57FEF11C449AEA4C
C:\Windows\system32\drivers\MSKSSRV.sys A9BBBD2BAE6142253B9195E949AC2E8D
C:\Windows\system32\DRIVERS\mslldp.sys 51B3AC0560848CD6D65AC2033E293113
C:\Windows\system32\drivers\MSPCLOCK.sys 7B2128EB875DCBC006E6A913211006D6
C:\Windows\system32\drivers\MSPQM.sys 1E88171579B218115C7A772F8DE04BD8
C:\Windows\System32\Drivers\MsRPC.sys BBE2A455053E63BECBF42C2F9B21FAE0
C:\Windows\System32\drivers\mssmbios.sys 8D6B7D515C5CBCDB75B928A0B73C3C5E
C:\Windows\system32\drivers\MSTEE.sys 115019AE01E0EB9C048530D2928AB4A2
C:\Windows\System32\drivers\MTConfig.sys 96D604A35070360F0DD4A7A8AF410B5E
C:\Windows\System32\Drivers\mup.sys 619CA29326B82372621DB2C0964D8365
C:\Windows\System32\drivers\mvumis.sys B8C35C94DCB2DFEAF03BB42131F2F77F
C:\Windows\system32\DRIVERS\nwifi.sys 008F7CED69FD5B30CBDE1E03C6F36A27
C:\Windows\System32\drivers\ndis.sys 21FE65E2E67C4E31EE95CBD1F91C4B24
C:\Windows\system32\DRIVERS\ndiscap.sys 8CECC8DA55F3274181FD1EA28AD76664
C:\Windows\system32\DRIVERS\NdisImPlatform.sys 269882812E9A68FFF1AFE1283D428322
C:\Windows\system32\DRIVERS\ndistapi.sys DC1D9F692C2AD84C214584C28501C1F7
C:\Windows\system32\DRIVERS\ndisuio.sys B832B35055BA2B7B4181861FF94D8E59
C:\Windows\System32\drivers\NdisVirtualBus.sys 1F58E48EF75F34C35D8E93A0DC535CFE
C:\Windows\system32\DRIVERS\ndiswan.sys DEC29080202D4F9F17F55E18BCFCC41A
C:\Windows\system32\DRIVERS\ndiswan.sys DEC29080202D4F9F17F55E18BCFCC41A
C:\Windows\System32\Drivers\NDProxy.sys 0BBE2FA30BAD58C9ADC01E4F84A3D2A1
C:\Windows\System32\drivers\Ndu.sys 3083926D1CC5B56EA0786527B557DD1B
C:\Windows\System32\DRIVERS\netbios.sys 42FF4975D032CAE558AE4BB8448F6E5A
C:\Windows\System32\DRIVERS\netbt.sys 0217532E19A748F0E5D569307363D5FD
C:\Windows\System32\drivers\netvsc63.sys D4DCE03870314D3354F3501F9DDD4123
C:\Windows\system32\DRIVERS\NETwew00.sys 8F72B055D8FE4DB48BBD50737E908E24
C:\Windows\System32\Drivers\Npfs.sys 8F44A2F57C9F1A19AC9C6288C10FB351
C:\Windows\System32\drivers\npsvctrig.sys CBDB4F0871C88DF930FC0E8588CA67FC
C:\Windows\System32\drivers\nsiproxy.sys 0E046FF5823B95326D10CF1B4AF23541
C:\Windows\System32\Drivers\Ntfs.sys 7F68063A5A0461E02BC860CE0E6BFDDC
C:\Windows\System32\Drivers\Null.sys EF1B290FC9F0E47CC0B537292BEE5904
C:\Windows\system32\drivers\nvhda64v.sys 554964B900AE2954B8B589B6287034AC
C:\Windows\system32\DRIVERS\nvlddmkm.sys ED4D88A04D22E6B00DB6BC8FACDBAFED
C:\Windows\System32\DRIVERS\nvpciflt.sys 34DFB4ACF03D95A51021D341CAA4E1B5
C:\Windows\System32\drivers\nvraid.sys BC6B5942AFF25EBAF62DE43C3807EDF8
C:\Windows\System32\drivers\nvstor.sys 1F43ABFFAC3D6CA356851D517392966E
C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys 4583DB78F03C4C1FCC1317F8E3C2C8F5
C:\Windows\system32\drivers\nvvad64v.sys DBFE7B2DF103F74AE51840B3C5F25FE9
C:\Windows\System32\drivers\nv_agp.sys 6934A936A7369DFE37B7DBA93F5E5E49
C:\Windows\System32\drivers\parport.sys 764B1121867B2D9B31C491668AC72B2B
C:\Windows\System32\drivers\partmgr.sys BAFF6122CFC9F95CA175AD8C348179A4
C:\Windows\System32\drivers\pci.sys 91ED124E261EA8FAA1C0FFDF2A71B0C4
C:\Windows\System32\drivers\pciide.sys 346E38FCC6859A727DD28AFAD1F0AFF4
C:\Windows\System32\drivers\pcmcia.sys 4D3BDCC1C7B40C9D7B6AD990E6DEC397
C:\Windows\System32\drivers\pcw.sys BF28771D1436C88BE1D297D3098B0F7D
C:\Windows\System32\drivers\pdc.sys ED54A75050211DC77F9B98C41E026858
C:\Windows\System32\drivers\peauth.sys 0ECEE590F2E2EF969FB74A6FC583A1E6
C:\Windows\System32\drivers\point64.sys E4799B87675C59AA1F620DE5C6F113BB
C:\Windows\system32\DRIVERS\raspptp.sys E075CC071022BD4E9BE7C024717C0E0A
C:\Windows\System32\drivers\processr.sys ECD373F9571C745894367CC2635EA44F
C:\Windows\system32\DRIVERS\pacer.sys FC0141B4A5AD6D637D883C1A89FC45C5
C:\WINDOWS\system32\pwdrvio.sys C32ECB99AD25E9A04F01C8665DF29EF8
C:\WINDOWS\system32\pwdspio.sys D619356B955EEFA642F5FF72755E8B3C
C:\Windows\system32\drivers\qwavedrv.sys 83868EB2924E6BC21A54337C65D614D1
C:\Windows\System32\DRIVERS\rasacd.sys B337B1F1E82A83E20A1743E008E25C0F
C:\Windows\system32\DRIVERS\AgileVpn.sys 3EE5097945A7F680E320953271EB2D4F
C:\Windows\system32\DRIVERS\rasl2tp.sys 1BD3022FD6E450B00DE560265638FD2A
C:\Windows\system32\DRIVERS\raspppoe.sys 5247F308C4103CDC4FE12AE1D235800A
C:\Windows\system32\DRIVERS\rassstp.sys 41F631007A158FEBB67F0E2AD1601BBA
C:\Windows\System32\DRIVERS\rdbss.sys A1A5E79C0D1352AFDC08328A623DA051
C:\Windows\System32\drivers\rdpbus.sys 6B21EBF892CD8CACB71669B35AB5DE32
C:\Windows\System32\drivers\rdpdr.sys 680C1DAE268B6FB67FA21B389A8B79EF
C:\Windows\System32\drivers\rdpvideominiport.sys BC8A79C625568DDB7DCA49D0C2741A64
C:\Windows\System32\drivers\rdyboost.sys A26AEC49F318FEE141DDDB2C5F99B3E6
C:\Windows\System32\Drivers\ReFS.sys 615DFD97DEA56CE1C3A52185A3038FF8
C:\Windows\System32\drivers\rfcomm.sys 0527EF6E23B9FAB37DDCBC479C6CFA28
C:\Windows\System32\Drivers\RimUsb_AMD64.sys 13D2E03E86B34C21D108770E0B5115BB
C:\Windows\System32\Drivers\rimvndis6_AMD64.sys A8C0368EF257B84D4E5A174FB999F7D2
C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys 344604E6913BD6E4EAEC34AF2E0943D7
C:\Windows\System32\Drivers\RootMdm.sys 9746BA79DE0CA5EB5104406A9ED62D01
C:\Windows\system32\DRIVERS\RtsPStor.sys 7BFDFD1D2244B444D7BBC55087426518
C:\Windows\system32\DRIVERS\rspndr.sys 2D05A5508F4685412F2B89E8C2189ABC
C:\Windows\System32\drivers\vms3cap.sys 1A063730F221B2746FF00457AE17E4F0
C:\Windows\System32\drivers\sbp2port.sys C624A1B32211C3166EDB3F4AB02A30B7
C:\Windows\System32\DRIVERS\scfilter.sys 13BEA6C882D4D877A5A85CA149C86BC1
C:\Windows\System32\drivers\sdbus.sys 27FF998504DEF8D29A771FBB41707C5E
C:\Windows\System32\drivers\sdstor.sys 0B1E929D11A8E358106955603FAC65E8
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\SerCx.sys DB2FF24CE0BDD15FE75870AFE312BA89
C:\Windows\System32\drivers\SerCx2.sys 0044B31F93946D5D41982314381FE431
C:\Windows\System32\drivers\serenum.sys 3CD600C089C1251BEEB4CD4CD5164F9E
C:\Windows\System32\drivers\serial.sys D864381BC9C725FAB01D94C060660166
C:\Windows\System32\drivers\sermouse.sys 148195AE95D9BC7375A08846439FDAC1
C:\Windows\System32\drivers\sfloppy.sys 472B7A5AC181C050888DB454663DD764
C:\Windows\System32\drivers\SiSRaid2.sys 2F518D13DD6F3053837FE606F1A2EA1F
C:\Windows\System32\drivers\sisraid4.sys 1AC9A200A9C49C4508F04AAFFCA34A3F
C:\Windows\System32\drivers\SjtWinIo.sys C44D3179D9EFEBD26572A9DC6DD759DE
C:\Windows\System32\DRIVERS\snapman.sys E3E56CAF0472163871B922FC7CBC9654
C:\Windows\System32\drivers\spaceport.sys D24B1945ED1F9C96DA786DBBF1E983CE
C:\Windows\System32\drivers\SpbCx.sys F337BE11071818FC3F5DC2940B6BDE34
C:\Windows\System32\DRIVERS\srv.sys 6416E79A58A8FCC33A447A4DDDD3BF04
C:\Windows\System32\DRIVERS\srv2.sys 00D8AC8E3053290BDE6EA2FB6810D2FC
C:\Windows\System32\DRIVERS\srvnet.sys D047CD668E6277FD80F0C613946F034C
C:\Windows\System32\drivers\stexstor.sys 366DEA74BBA65B362BCCFC6FC2ADFD8B
C:\Windows\System32\drivers\serscan.sys 8F3C0CCF27CFFE89424F30E9FB3381AB
C:\Windows\System32\drivers\storahci.sys 0ED2E318ABB68C1A35A8B8038BDB4C90
C:\Windows\System32\drivers\vmstorfl.sys 8B9486B64E5FC17FB9CC04CA10B77A34
C:\Windows\System32\drivers\stornvme.sys 6B06E2D11E604BE2B1A406C4CB3B90DE
C:\Windows\System32\drivers\storvsc.sys 548759755BC73DAD663250239D7E0B9F
C:\Windows\System32\drivers\storvsp.sys 03618F935379614837F915D04C45FC0E
C:\Windows\System32\drivers\swenum.sys 65454187E0F8B6C0DCECB0287D06EC43
C:\Windows\system32\DRIVERS\taphss6.sys DA0780D55E8CF724CF3EF7CCF0F0DB67
C:\Windows\System32\drivers\tcpip.sys 3C2DF97A21A9BBE6355B0A51F288EFFF
C:\Windows\system32\DRIVERS\tcpip.sys 3C2DF97A21A9BBE6355B0A51F288EFFF
C:\Windows\System32\drivers\tcpipreg.sys 41CF802064F72E55F50CA0A221FD36D4
C:\Windows\system32\DRIVERS\tdrpman.sys AC28A6FCA485821499FF018695CEDE16
C:\Windows\system32\DRIVERS\tdx.sys FFF28F9F6823EB1756C60F1649560BBF
C:\Windows\system32\DRIVERS\teamviewervpn.sys F5520DBB47C60EE83024B38720ABDA24
C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys 4283D7125BA4BD0CB50BB0F78B54257A
C:\Windows\System32\drivers\terminpt.sys 232D185D2337F141311D0CF1983E1431
C:\Windows\System32\DRIVERS\tib.sys DE604462206F7D8C203F767F425FCA8D
C:\Windows\System32\DRIVERS\tib_mounter.sys 8C750FE6DE38AF13506B99EC2F519F79
C:\Windows\system32\drivers\tpm.sys 82F909359600D3603FE852DB7F135626
C:\Windows\System32\drivers\tsusbflt.sys BF8F54CA37E9C9D6582C31C5761F8C93
C:\Windows\System32\drivers\TsUsbGD.sys 20185BEB7512EDE4EFECDFA148AC9F99
C:\Windows\system32\DRIVERS\tunnel.sys C8E0E78B5D284C2FF59BDFFDAF997242
C:\Windows\System32\drivers\uagp35.sys F6EEAD052943B5A3104C1405BB856C54
C:\Windows\System32\drivers\uaspstor.sys FE6067B1FD4E63650C667B33D080565B
C:\Windows\System32\drivers\ucx01000.sys 807F8CF3E973305FC435C61CBBEE2A49
C:\Windows\System32\DRIVERS\udfs.sys 1EC649F112896FAE33250F0B97AC5D0B
C:\Windows\System32\drivers\UEFI.sys 9578691F297E1B1F519970FE6D47CB21
C:\Windows\system32\drivers\UHSfiltv.sys E5DA87DAB3A32FA03F13FCFAE4255084
C:\Windows\System32\drivers\uliagpkx.sys 5EAB5117DDB24FC4D39E6FFFCF1837B9
C:\Windows\System32\drivers\umbus.sys DA34C39A18E60E7C3FA0630566408034
C:\Windows\System32\drivers\umpass.sys AE8294875E5446E359B1E8035D40C05E
C:\Windows\system32\drivers\usbaudio.sys DF355EB0199198728027962DCFCDE5FB
C:\Windows\System32\drivers\usbccgp.sys FF78D053A05E5A394F4E3C1816CC65A8
C:\Windows\System32\drivers\usbcir.sys 0139248F6B95CF0D837B5B46A2722D40
C:\Windows\System32\drivers\usbehci.sys 48BA326A3DBA5B5BEB5F2777F4618696
C:\Windows\System32\drivers\usbhub.sys FEF0BC107812B36849741C3211BA6B60
C:\Windows\System32\drivers\UsbHub3.sys FAA564A13576F9284546BF016D27B551
C:\Windows\System32\drivers\usbohci.sys 3019097FB6C985EF24C058090FF3BDBD
C:\Windows\System32\drivers\usbprint.sys 4D655E3B684BE9B0F7FFD8A2935C348C
C:\Windows\system32\DRIVERS\usb80236.sys F3F90825C416B264D016AA9D02C244C4
C:\Windows\System32\drivers\USBSTOR.SYS 66732C13628BDB1AB0D6FD46027327C2
C:\Windows\System32\drivers\usbuhci.sys 064260B3A5868AC894A4943543BC7AB7
C:\Windows\System32\Drivers\usbvideo.sys 5C8F604F6DC74177CDD8372D7B1ADFF0
C:\Windows\System32\drivers\USBXHCI.SYS 1A20F03700D2B2ED775E38D751EF2F63
C:\Windows\System32\drivers\vdrvroot.sys FEB26E3B8345A7E8D62F945C4AE86562
C:\Windows\System32\drivers\VerifierExt.sys A026EDEAA5EECAE0B08E2748B616D4BD
C:\Windows\System32\drivers\vhdmp.sys F6ECFD6128A16A4851CFE98D4E01B011
C:\Windows\System32\drivers\viaide.sys 06D38968028E9AB19DE9B618C7B6D199
C:\Windows\System32\drivers\Vid.sys 3CE922E34DB12D9F3C0EA856BC09687C
C:\Windows\System32\drivers\vmbus.sys 511AD3FF957A0127E6BD336FF6F89C38
C:\Windows\System32\drivers\VMBusHID.sys DA40BEA0A863CE768C940CA9723BF81F
C:\Windows\System32\drivers\vmbusr.sys 68F8C26DEA2D42E8DEC0778943433C80
C:\Windows\System32\drivers\volmgr.sys 55D7D963DE85162F1C49721E502F9744
C:\Windows\System32\drivers\volmgrx.sys CCB9E901F7254BF96D28EB1B0E5329B7
C:\Windows\System32\drivers\volsnap.sys 64CA2B4A49A8EAF495E435623ECCE7DB
C:\Windows\System32\drivers\vpci.sys EF31713EE4C7CCFE4049F7E7F15645A2
C:\Windows\System32\drivers\vpcivsp.sys ADBE96C33D1A5BB1BBAF90B4BC84F523
C:\Windows\System32\drivers\vsmraid.sys 4539F45F9F4C9757A86A56C949421E07
C:\Windows\System32\drivers\vstxraid.sys 0849B7260F26FE05EA56DED0672E2F4B
C:\Windows\System32\drivers\vwifibus.sys BE970C369E43B509C1EDA2B8FA7CECB0
C:\Windows\system32\DRIVERS\vwififlt.sys 35BF5C5F5E3C9902C98978C7640574DA
C:\Windows\system32\DRIVERS\vwifimp.sys 65ED7B9CFEA893DF7748D5FF692690DE
C:\Windows\System32\drivers\wacompen.sys 0910AB9ED404C1434E2D0376C2AD5D8B
C:\Windows\system32\DRIVERS\wanarp.sys B41F3E5780D97CFD44A717153AD9CF2C
C:\Windows\system32\DRIVERS\wanarp.sys B41F3E5780D97CFD44A717153AD9CF2C
C:\Windows\System32\drivers\WdBoot.sys 0359607177E5E9F6041136CC0A5CB0B6
C:\Windows\System32\drivers\Wdf01000.sys CB6C63FF8342B467E2EF76E98D5B934D
C:\Windows\System32\drivers\WdFilter.sys DE8D12B4C3F55FA2C5E9774314F6C58A
C:\Windows\System32\Drivers\WdNisDrv.sys 4AD874CDC812EC156265E451B6B09DAB
C:\Windows\System32\DRIVERS\wfplwfs.sys 715ABA3DD164D06457A2A3C92F6EA9D5
C:\Windows\System32\drivers\wimmount.sys 5F66B7BB330AA80067FC66149A692620
C:\Windows\System32\drivers\WinUsb.sys AC263C2F66405589528995AA41040599
C:\Windows\system32\drivers\WmBEnum.sys 680A7846370000D20D7E74917D5B7936
C:\Windows\system32\drivers\WmFilter.sys 14C35BA8189C6F65D839163AA285E954
C:\Windows\system32\drivers\WmHidLo.sys AC4331AF118A720F13C9C5CABBFE27BD
C:\Windows\System32\drivers\wmiacpi.sys 2834D9D3B4F554A39C72F00EA3F0E128
C:\Windows\system32\drivers\WmVirHid.sys 8488DD91A3EE54A8E29F02AD7BB8201E
C:\Windows\system32\drivers\WmXlCore.sys 14802B3A30AA849C97CB968CCC813BF3
C:\Windows\System32\Drivers\Wof.sys 7FC5667DF73D4B04AA457CC3A4180E09
C:\Windows\System32\DRIVERS\wpcfltr.sys A2468CC3509394A33C4C32F99563D845
C:\Windows\System32\drivers\WpdUpFltr.sys 9F2904B55F6CECCD1A8D986B5CE2609A
C:\Windows\system32\drivers\ws2ifsl.sys AE072B0339D0A18E455DC21666CAD572
C:\Windows\System32\drivers\WSDPrint.sys F586F3F1BF962FE9AE4316E0D896B22F
C:\Windows\System32\drivers\WudfPf.sys 481286719402E4BAEFEA0604AB1B5113
C:\Windows\System32\drivers\WUDFRd.sys D7B4859227B02BCC1055B279A63C937F
C:\Windows\System32\drivers\WUDFRd.sys D7B4859227B02BCC1055B279A63C937F
C:\Windows\System32\drivers\WUDFRd.sys D7B4859227B02BCC1055B279A63C937F
C:\Windows\System32\drivers\WUDFRd.sys D7B4859227B02BCC1055B279A63C937F
C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys 31DB70A61814E4F33181D48190D46845
C:\Windows\system32\DRIVERS\ZTEusbnet.sys 01CBEEA25AA78C0F0272654048D61F34
C:\Windows\system32\DRIVERS\ZTEusbnmea.sys C9ADA887BF326D8413E81FE80B1BE7EB
C:\Windows\system32\DRIVERS\ZTEusbser6k.sys 31DB70A61814E4F33181D48190D46845
C:\Windows\system32\DRIVERS\ZTEusbvoice.sys C9ADA887BF326D8413E81FE80B1BE7EB

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-17 09:21 - 2015-01-17 09:21 - 00049295 _____ () C:\Users\Admin\Desktop\FRST.txt
2015-01-17 08:49 - 2015-01-17 08:49 - 00380416 _____ () C:\Users\Admin\Downloads\Gmer-19357.exe
2015-01-17 08:44 - 2015-01-17 09:22 - 00049930 _____ () C:\Users\Admin\Downloads\FRST.txt
2015-01-17 08:44 - 2015-01-17 09:22 - 00000000 ____D () C:\FRST
2015-01-17 08:44 - 2015-01-17 08:45 - 00062504 _____ () C:\Users\Admin\Downloads\Addition.txt
2015-01-17 08:43 - 2015-01-17 09:21 - 00000472 _____ () C:\Users\Admin\Downloads\defogger_disable.log
2015-01-17 08:43 - 2015-01-17 08:43 - 02125824 _____ (Farbar) C:\Users\Admin\Downloads\FRST64.exe
2015-01-17 08:43 - 2015-01-17 08:43 - 00050477 _____ () C:\Users\Admin\Downloads\Defogger.exe
2015-01-17 08:43 - 2015-01-17 08:43 - 00000000 _____ () C:\Users\Admin\defogger_reenable
2015-01-16 17:10 - 2015-01-16 17:10 - 00000000 ____D () C:\Users\Admin\Downloads\TcpView-3.05
2015-01-16 17:09 - 2015-01-16 17:09 - 01179936 _____ () C:\Users\Admin\Downloads\TCPView - CHIP-Installer.exe
2015-01-16 17:09 - 2015-01-16 17:09 - 00291606 _____ () C:\Users\Admin\Downloads\TcpView-3.05.zip
2015-01-16 14:41 - 2015-01-16 14:41 - 00003657 _____ () C:\Users\Admin\Desktop\virenverdachtdatei.txt
2015-01-16 08:41 - 2015-01-16 08:41 - 02347384 _____ (ESET) C:\Users\Admin\Downloads\esetsmartinstaller_deu(1).exe
2015-01-15 06:14 - 2015-01-17 08:57 - 00000000 ____D () C:\WINDOWS\CryptoGuard
2015-01-15 06:14 - 2015-01-17 08:12 - 00000000 ____D () C:\Program Files (x86)\HitmanPro.Alert
2015-01-15 06:14 - 2015-01-15 06:37 - 00548424 _____ (SurfRight) C:\WINDOWS\system32\hmpalert.dll
2015-01-15 06:14 - 2015-01-15 06:37 - 00477008 _____ (SurfRight) C:\WINDOWS\SysWOW64\hmpalert.dll
2015-01-15 06:14 - 2015-01-15 06:37 - 00093144 _____ () C:\WINDOWS\system32\Drivers\hmpalert.sys
2015-01-15 06:14 - 2015-01-15 06:14 - 01889616 _____ (SurfRight B.V.) C:\Users\Admin\Downloads\hmpalert.exe
2015-01-15 06:14 - 2015-01-15 06:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro.Alert
2015-01-15 06:14 - 2015-01-15 06:14 - 00000000 ____D () C:\ProgramData\HitmanPro.Alert
2015-01-15 06:09 - 2015-01-15 06:09 - 00319536 _____ () C:\WINDOWS\Minidump\011515-10203-01.dmp
2015-01-15 06:08 - 2015-01-15 06:08 - 1604350282 _____ () C:\WINDOWS\MEMORY.DMP
2015-01-15 05:52 - 2015-01-15 05:52 - 00012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe
2015-01-15 05:52 - 2015-01-15 05:52 - 00000856 _____ () C:\WINDOWS\system32\.crusader
2015-01-15 05:52 - 2015-01-15 05:52 - 00000142 _____ () C:\WINDOWS\system32\bootdelete.lst
2015-01-14 20:20 - 2015-01-14 20:22 - 00000000 ____D () C:\Program Files (x86)\TrojanHunter 5.6
2015-01-14 20:20 - 2015-01-14 20:20 - 00059392 ____R () C:\WINDOWS\SysWOW64\streamhlp.dll
2015-01-14 20:20 - 2015-01-14 20:20 - 00001097 _____ () C:\Users\Admin\Desktop\TrojanHunter.lnk
2015-01-14 20:20 - 2015-01-14 20:20 - 00000000 ____D () C:\ProgramData\TrojanHunter
2015-01-14 20:20 - 2015-01-14 20:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrojanHunter
2015-01-14 20:16 - 2015-01-14 20:16 - 00000949 _____ () C:\Users\Mcx1-ONEPC\Desktop\PeerGuardian.lnk
2015-01-14 20:16 - 2015-01-14 20:16 - 00000949 _____ () C:\Users\Admin\Desktop\PeerGuardian.lnk
2015-01-14 20:16 - 2015-01-14 20:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PeerGuardian 2
2015-01-14 20:16 - 2015-01-14 20:16 - 00000000 ____D () C:\Program Files (x86)\PeerGuardian2
2015-01-14 19:44 - 2015-01-14 19:45 - 02347384 _____ (ESET) C:\Users\Admin\Downloads\esetsmartinstaller_deu.exe
2015-01-14 19:44 - 2015-01-14 19:44 - 02209056 _____ () C:\Users\Admin\Downloads\avira-eu-cleaner_de.exe
2015-01-14 19:44 - 2015-01-14 19:44 - 00002072 _____ () C:\Users\Admin\Desktop\Entfernen des Avira EU-Cleaners.lnk
2015-01-14 19:44 - 2015-01-14 19:44 - 00002016 _____ () C:\Users\Admin\Desktop\Avira EU-Cleaner.lnk
2015-01-14 19:35 - 2015-01-15 05:52 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-01-14 19:35 - 2015-01-14 19:35 - 11225840 _____ (SurfRight B.V.) C:\Users\Admin\Downloads\hitmanpro_x64.exe
2015-01-14 19:28 - 2015-01-17 08:36 - 00001336 _____ () C:\WINDOWS\setupact.log
2015-01-14 19:28 - 2015-01-14 19:28 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-01-14 17:25 - 2014-04-16 00:35 - 00028352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
2015-01-14 17:25 - 2014-04-16 00:34 - 00029888 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2015-01-14 10:15 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-01-14 10:15 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-01-14 10:15 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-01-14 10:15 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-01-14 10:15 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-01-14 10:15 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-01-14 10:15 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-01-14 10:15 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-01-14 10:15 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-01-14 10:15 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-01-14 10:15 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-01-14 10:15 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-01-14 10:15 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-01-14 10:15 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-01-14 10:15 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-01-13 14:36 - 2015-01-13 14:41 - 00000000 ____D () C:\Users\Admin\Documents\InfiniteCrisis
2015-01-13 14:36 - 2015-01-13 14:36 - 00000000 ____D () C:\Users\Admin\AppData\Local\InfiniteCrisis
2015-01-13 08:17 - 2015-01-13 12:41 - 00000000 ____D () C:\Users\Admin\AppData\Local\Turbine
2015-01-13 08:08 - 2015-01-13 08:08 - 00000000 ____D () C:\ProgramData\Turbine
2015-01-13 07:17 - 2015-01-13 07:19 - 164623600 _____ () C:\Users\Admin\Desktop\InfiniteCrisisInstaller.exe
2015-01-10 12:50 - 2015-01-10 12:50 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2015-01-10 12:49 - 2015-01-10 12:50 - 05410368 _____ (Code Laboratories, Inc.) C:\Users\Admin\Downloads\CL-Eye-Driver-5.3.0.0341.exe
2015-01-10 12:42 - 2015-01-10 12:43 - 23535342 _____ () C:\Users\Admin\Downloads\ECam-V2_0_3_0.zip
2015-01-09 17:16 - 2015-01-09 17:50 - 2840363008 _____ () C:\Users\Admin\Downloads\Image_Windows7_32+64.iso
2015-01-05 14:30 - 2015-01-05 14:30 - 01923104 _____ (CTS Games Ltd. ) C:\Users\Admin\Downloads\szone_webinst.exe
2015-01-04 19:49 - 2015-01-14 19:24 - 00067584 ___SH () C:\Users\Admin\Desktop\Thumbs.db
2015-01-04 11:54 - 2015-01-17 08:37 - 00003132 _____ () C:\WINDOWS\System32\Tasks\FRAPS
2015-01-03 16:16 - 2015-01-03 16:16 - 00000876 _____ () C:\Users\Admin\Desktop\X-Motor Racing Launcher.lnk
2015-01-03 16:16 - 2015-01-03 16:16 - 00000831 _____ () C:\Users\Admin\Desktop\X-Motor Racing.lnk
2015-01-03 16:16 - 2015-01-03 16:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\X-Motor Racing Demo
2015-01-03 16:15 - 2015-01-03 16:15 - 00000000 ____D () C:\Games
2015-01-03 16:11 - 2015-01-03 16:14 - 220323599 _____ () C:\Users\Admin\Downloads\x-motor-racing.demo.v1.48.zip
2014-12-30 13:55 - 2014-12-30 13:55 - 00003909 _____ () C:\Users\Admin\Downloads\Transformers.Rise.of.the.Dark.Spark.save100.zip
2014-12-30 13:47 - 2014-12-30 13:47 - 00000000 ____H () C:\Users\Admin\Documents\Default.rdp
2014-12-29 18:53 - 2014-12-29 18:53 - 00000000 ____D () C:\Lohnkonto
2014-12-29 17:46 - 2014-12-29 17:46 - 00002860 _____ () C:\Users\Admin\Desktop\ToppKurierMA2014.csv
2014-12-29 17:42 - 2014-12-29 17:42 - 00004266 _____ () C:\Users\Admin\Desktop\MA2014.txt
2014-12-29 17:35 - 2014-12-29 19:12 - 00000000 ____D () C:\Users\Admin\elan2014
2014-12-29 17:34 - 2014-12-29 17:34 - 00001985 _____ () C:\Users\Admin\Desktop\REHADAT_Elan_2014.lnk
2014-12-29 17:34 - 2014-12-29 17:34 - 00000000 ____D () C:\Users\Admin\elan2014start
2014-12-29 17:34 - 2014-12-29 17:34 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\REHADAT_Elan_2014
2014-12-28 15:26 - 2014-12-28 15:26 - 00000000 ____D () C:\Users\Admin\AppData\Local\Skyrim
2014-12-28 08:06 - 2014-12-28 08:06 - 00000000 ____D () C:\Users\Admin\AppData\Local\techland
2014-12-27 21:21 - 2014-12-27 21:21 - 00000222 _____ () C:\Users\Admin\Desktop\Call of Juarez Gunslinger.url
2014-12-26 08:14 - 2014-12-26 08:14 - 00003886 _____ () C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2014-12-25 14:03 - 2015-01-08 18:54 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\QuickScan
2014-12-25 09:52 - 2014-12-25 09:52 - 00003090 _____ () C:\WINDOWS\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2819443126-392552937-1277417864-1001
2014-12-24 20:00 - 2014-12-24 20:00 - 00000222 _____ () C:\Users\Admin\Desktop\Next Car Game Wreckfest.url
2014-12-24 19:03 - 2014-12-24 19:03 - 00000000 ____D () C:\Users\Admin\AppData\Local\next car game technology sneak peek
2014-12-24 19:02 - 2014-12-24 19:02 - 11754447 _____ () C:\Users\Admin\Downloads\ncg_wallpapers.zip
2014-12-24 18:26 - 2014-12-24 19:00 - 00000222 _____ () C:\Users\Admin\Desktop\Next Car Game Sneak Peek 2.0.url
2014-12-24 12:15 - 2014-12-24 12:15 - 00000221 _____ () C:\Users\Admin\Desktop\Cogs.url
2014-12-24 11:39 - 2014-12-24 11:38 - 00000444 _____ () C:\Users\Admin\Desktop\Delivery report.ext
2014-12-22 19:50 - 2015-01-17 09:10 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2819443126-392552937-1277417864-1001
2014-12-22 19:44 - 2014-12-22 19:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Copa Petrobras de Marcas
2014-12-22 19:41 - 2014-12-22 20:20 - 00000000 ____D () C:\Marcas
2014-12-22 17:33 - 2014-12-22 17:34 - 06177829 _____ () C:\Users\Admin\Downloads\Helmet&Driver.rar
2014-12-22 17:33 - 2014-12-22 17:33 - 00534227 _____ (Reiza Studios Ltda. ) C:\Users\Admin\Downloads\Marcas_v102_Setup.exe
2014-12-22 12:40 - 2015-01-17 09:17 - 01926771 _____ () C:\WINDOWS\WindowsUpdate.log
2014-12-22 12:37 - 2015-01-17 09:06 - 00005122 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for ONEPC-Admin OnePC
2014-12-22 12:34 - 2014-12-22 12:34 - 00002772 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2014-12-22 12:34 - 2014-12-22 12:34 - 00000794 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-12-22 12:34 - 2014-12-22 12:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-12-22 12:34 - 2014-12-22 12:34 - 00000000 ____D () C:\Program Files\CCleaner
2014-12-22 12:30 - 2015-01-05 14:39 - 00000000 ____D () C:\Program Files (x86)\Panda Security
2014-12-22 12:30 - 2015-01-05 14:38 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Panda Security
2014-12-22 12:30 - 2014-12-22 12:31 - 04036200 _____ (Piriform Ltd) C:\Users\Admin\Downloads\ccsetup500_slim.exe
2014-12-22 12:29 - 2015-01-05 14:38 - 00000000 ____D () C:\ProgramData\Panda Security
2014-12-22 12:15 - 2014-12-22 12:15 - 00000000 ____D () C:\WINDOWS\SysWOW64\Hotspot Shield
2014-12-21 11:49 - 2014-12-21 11:49 - 00000222 _____ () C:\Users\Admin\Desktop\The Great War 1918.url
2014-12-21 11:46 - 2014-12-21 11:46 - 00001373 _____ () C:\Users\Admin\Desktop\The Great War 1918.lnk
2014-12-21 09:44 - 2014-12-21 09:44 - 00000222 _____ () C:\Users\Admin\Desktop\Company of Heroes (New Steam Version).url
2014-12-20 11:53 - 2014-12-25 13:17 - 00000022 _____ () C:\WINDOWS\GPU-Z.INI
2014-12-20 11:43 - 2014-12-20 11:43 - 00000000 ____D () C:\Program Files (x86)\Futuremark
2014-12-20 11:40 - 2014-12-20 11:41 - 02674688 _____ () C:\Users\Admin\Downloads\Futuremark_SystemInfo_v433_installer.msi
2014-12-20 11:40 - 2014-12-20 11:40 - 00000000 ____D () C:\Users\Admin\AppData\Local\Futuremark
2014-12-20 11:33 - 2014-12-20 11:33 - 00001176 _____ () C:\Users\Public\Desktop\3DMark.lnk
2014-12-20 11:33 - 2014-12-20 11:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Futuremark
2014-12-20 11:33 - 2014-12-20 11:33 - 00000000 ____D () C:\Program Files\Futuremark
2014-12-20 11:22 - 2014-12-20 11:43 - 00000000 ____D () C:\Users\Admin\AppData\Local\Vosteran
2014-12-20 08:41 - 2014-12-20 08:41 - 00000975 _____ () C:\Users\Admin\Desktop\TechPowerUp GPU-Z.lnk
2014-12-20 08:41 - 2014-12-20 08:41 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TechPowerUp GPU-Z
2014-12-20 08:41 - 2014-12-20 08:41 - 00000000 ____D () C:\Program Files (x86)\GPU-Z
2014-12-20 08:40 - 2014-12-20 08:40 - 01577464 _____ ( ) C:\Users\Admin\Downloads\cpu-z_1.71.1-setup-en.exe
2014-12-20 08:09 - 2014-12-20 08:09 - 00001098 _____ () C:\Users\Admin\Desktop\MSI Afterburner.lnk
2014-12-20 08:08 - 2014-12-20 08:08 - 00000000 ____D () C:\Users\Admin\Downloads\MSIAfterburnerSetup400
2014-12-19 13:00 - 2015-01-03 08:38 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\vlc

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-17 09:20 - 2014-08-26 16:37 - 00000000 ____D () C:\Users\Admin\Desktop\Neues Verzeichnis
2015-01-17 09:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-01-17 08:57 - 2013-06-04 18:18 - 00000000 ____D () C:\Users\Admin\AppData\Local\CrashDumps
2015-01-17 08:56 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-01-17 08:43 - 2013-10-23 15:32 - 00000000 ____D () C:\Users\Admin
2015-01-17 08:43 - 2013-09-30 05:14 - 01780344 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-01-17 08:43 - 2013-09-30 04:58 - 00766800 _____ () C:\WINDOWS\system32\perfh007.dat
2015-01-17 08:43 - 2013-09-30 04:58 - 00160082 _____ () C:\WINDOWS\system32\perfc007.dat
2015-01-17 08:39 - 2013-06-20 18:11 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\TeamViewer
2015-01-17 08:37 - 2014-09-28 09:25 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Raptr
2015-01-17 08:37 - 2013-11-03 07:37 - 00000000 ____D () C:\Fraps
2015-01-17 08:37 - 2013-08-04 19:03 - 00000000 ____D () C:\ProgramData\Origin
2015-01-17 08:37 - 2013-06-04 07:27 - 00000000 ___DO () C:\Users\Admin\SkyDrive
2015-01-17 08:36 - 2013-11-03 10:49 - 00001130 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-17 08:36 - 2013-11-03 10:49 - 00001126 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-17 08:36 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-17 08:36 - 2013-08-22 14:25 - 00786432 ___SH () C:\WINDOWS\system32\config\BBI
2015-01-17 08:24 - 2013-11-03 16:46 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-01-17 07:52 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-01-16 08:53 - 2013-12-28 10:24 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2015-01-15 15:28 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-01-15 15:12 - 2014-10-20 16:39 - 00000000 ____D () C:\Users\Mcx1-ONEPC
2015-01-15 06:12 - 2014-10-21 11:59 - 00000000 ____D () C:\ProgramData\Netzmanager
2015-01-15 06:09 - 2014-11-28 10:25 - 32799365 _____ () C:\Simraceway.log
2015-01-15 06:09 - 2014-01-17 15:30 - 00000000 ____D () C:\WINDOWS\Minidump
2015-01-14 19:27 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-01-14 19:23 - 2013-06-27 19:03 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\TS3Client
2015-01-14 10:34 - 2013-07-12 17:28 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-14 10:31 - 2013-06-03 19:18 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-01-13 21:46 - 2013-06-04 07:07 - 00000000 ____D () C:\ProgramData\Lexware
2015-01-13 19:24 - 2013-11-03 16:46 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-01-13 18:25 - 2014-02-11 16:50 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\apsec
2015-01-13 08:17 - 2014-08-19 15:45 - 00000000 ____D () C:\Users\Admin\AppData\Local\Adobe
2015-01-13 07:07 - 2014-12-02 10:55 - 00000000 ____D () C:\Users\Admin\Documents\The Crew
2015-01-13 07:07 - 2014-03-01 12:42 - 00000000 ____D () C:\Users\Admin\Documents\DayZ
2015-01-13 07:07 - 2013-09-26 18:04 - 00000000 ____D () C:\Users\Admin\Documents\Arma 3
2015-01-12 20:56 - 2013-06-03 18:14 - 00000000 ____D () C:\Users\Admin\AppData\Local\Packages
2015-01-10 16:31 - 2013-06-27 08:14 - 00000000 ____D () C:\Users\Admin\Documents\Outlook-Dateien
2015-01-07 08:35 - 2014-06-03 10:45 - 01291280 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2015-01-07 08:35 - 2014-04-08 20:01 - 02210224 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2015-01-07 08:34 - 2014-06-03 10:45 - 01715408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2015-01-07 08:34 - 2014-04-08 20:01 - 02824504 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2015-01-06 01:08 - 2013-08-22 16:38 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-01-06 01:08 - 2013-08-22 16:38 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-05 14:39 - 2014-12-17 22:00 - 00000000 ____D () C:\WINDOWS\SysWOW64\NV
2015-01-05 14:39 - 2014-12-17 22:00 - 00000000 ____D () C:\WINDOWS\system32\NV
2015-01-05 14:39 - 2013-08-22 15:44 - 00500104 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-01-05 14:34 - 2013-08-04 19:05 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Origin
2015-01-04 19:49 - 2014-07-29 13:47 - 00000000 ____D () C:\Users\Admin\Desktop\Alte Firefox-Daten
2015-01-03 08:22 - 2013-08-22 16:36 - 00000000 __RHD () C:\Users\Public\Libraries
2014-12-31 12:14 - 2013-06-03 19:24 - 00298120 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2014-12-31 11:31 - 2013-11-30 13:20 - 00000000 ____D () C:\Users\Admin\Documents\SimCity
2014-12-28 11:52 - 2013-06-04 16:16 - 00000000 ____D () C:\Users\Admin\Documents\my games
2014-12-28 09:27 - 2013-08-26 18:03 - 00000000 ____D () C:\Users\Admin\Documents\4A Games
2014-12-27 21:21 - 2013-06-05 20:49 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-12-25 10:02 - 2014-10-05 11:21 - 00007602 _____ () C:\Users\Admin\AppData\Local\Resmon.ResmonCfg
2014-12-25 09:49 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\schemas
2014-12-25 07:33 - 2013-07-07 18:47 - 00000000 ____D () C:\Users\Admin\AppData\Local\4A Games
2014-12-23 20:23 - 2014-04-21 10:25 - 00000000 ____D () C:\Users\Admin\Downloads\recuva 8gb stick
2014-12-23 06:55 - 2013-09-12 07:56 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-12-22 12:49 - 2014-11-12 10:36 - 27590656 _____ () C:\WINDOWS\system32\vmguest.iso
2014-12-22 12:18 - 2013-11-17 08:59 - 00015512 _____ () C:\Users\Admin\Downloads\hijackthis.log
2014-12-22 12:15 - 2013-11-17 09:04 - 00000000 ____D () C:\Users\Admin\Downloads\backups
2014-12-21 08:24 - 2013-06-22 13:07 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\.rFactor
2014-12-21 08:03 - 2013-06-20 18:05 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\rFactor 2
2014-12-20 19:56 - 2014-12-02 10:55 - 00000000 ____D () C:\Users\Admin\Documents\ProfileCache
2014-12-20 18:31 - 2014-08-26 16:52 - 00000000 ____D () C:\Program Files (x86)\RivaTuner Statistics Server
2014-12-20 11:57 - 2013-08-25 15:25 - 00000000 ____D () C:\Users\Admin\Documents\3DMark
2014-12-20 11:33 - 2013-10-04 13:33 - 00000000 ____D () C:\ProgramData\Package Cache
2014-12-20 08:40 - 2014-07-15 15:20 - 00000845 _____ () C:\Users\Public\Desktop\CPUID CPU-Z.lnk
2014-12-20 08:09 - 2013-11-03 07:59 - 00000000 ____D () C:\WINDOWS\SysWOW64\directx
2014-12-20 08:09 - 2013-11-03 07:59 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner
2014-12-20 08:09 - 2013-11-03 07:59 - 00000000 ____D () C:\Program Files (x86)\MSI Afterburner
2014-12-20 06:40 - 2014-12-15 22:52 - 00000000 ____D () C:\Users\Admin\Documents\Assetto Corsa
2014-12-19 18:04 - 2014-10-05 09:33 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Simraceway
2014-12-19 13:00 - 2014-07-14 06:12 - 00001082 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-12-18 18:52 - 2014-12-05 11:15 - 00002510 _____ () C:\WINDOWS\system32\TeamViewer10_Hooks.log
2014-12-18 18:52 - 2014-12-05 11:15 - 00000983 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk

==================== Files in the root of some directories =======
2014-07-05 19:34 - 2014-07-06 05:11 - 0000154 _____ () C:\Users\Admin\AppData\Roaming\Rim.Desktop.Exception.log
2014-07-05 19:34 - 2014-11-28 10:20 - 0001937 _____ () C:\Users\Admin\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2014-07-05 19:34 - 2014-07-06 05:11 - 0000154 _____ () C:\Users\Admin\AppData\Roaming\Rim.DesktopHelper.Exception.log
2014-04-13 13:44 - 2014-10-23 09:10 - 0000000 _____ () C:\Users\Admin\AppData\Local\BluetoothPresent.flag
2014-04-13 13:44 - 2014-10-23 09:10 - 0000000 _____ () C:\Users\Admin\AppData\Local\Driver_Jupiter_01Present.flag
2014-04-13 13:44 - 2014-10-23 09:10 - 0000000 _____ () C:\Users\Admin\AppData\Local\Driver_LOM_8161Present.flag
2014-11-09 07:59 - 2014-11-09 08:00 - 0318088 _____ () C:\Users\Admin\AppData\Local\HDGraph.log
2014-04-13 13:41 - 2014-04-13 13:43 - 0000078 _____ () C:\Users\Admin\AppData\Local\killertool.log
2014-01-04 17:12 - 2014-11-10 16:33 - 0000600 _____ () C:\Users\Admin\AppData\Local\PUTTY.RND
2014-10-05 11:21 - 2014-12-25 10:02 - 0007602 _____ () C:\Users\Admin\AppData\Local\Resmon.ResmonCfg
2013-09-09 14:29 - 2013-09-09 14:29 - 0000057 _____ () C:\ProgramData\Ament.ini

Some content of TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\hmpalert_update.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

==================== BCD ================================

Windows-Start-Manager
---------------------
Bezeichner              {bootmgr}
device                  partition=\Device\HarddiskVolume1
description             Windows Boot Manager
locale                  de-DE
inherit                 {globalsettings}
integrityservices       Enable
default                 {current}
resumeobject            {abc97fa6-3bf7-11e3-aef0-dbb9fd509566}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30

Windows-Startladeprogramm
-------------------------
Bezeichner              {current}
device                  partition=C:
path                    \WINDOWS\system32\winload.exe
description             Windows 8.1
locale                  de-DE
inherit                 {bootloadersettings}
recoverysequence        {fbe88233-3bf7-11e3-aef0-dbb9fd509566}
integrityservices       Enable
recoveryenabled         Yes
allowedinmemorysettings 0x15000075
osdevice                partition=C:
systemroot              \WINDOWS
resumeobject            {abc97fa6-3bf7-11e3-aef0-dbb9fd509566}
nx                      OptIn
bootmenupolicy          Standard
hypervisorlaunchtype    Off

Windows-Startladeprogramm
-------------------------
Bezeichner              {e990b581-cc78-11e2-b6a3-d09594044607}
device                  ramdisk=[\Device\HarddiskVolume1]\Recovery\e990b581-cc78-11e2-b6a3-d09594044607\Winre.wim,{e990b582-cc78-11e2-b6a3-d09594044607}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
locale                  de-DE
inherit                 {bootloadersettings}
displaymessage          Recovery
displaymessageoverride  Recovery
osdevice                ramdisk=[\Device\HarddiskVolume1]\Recovery\e990b581-cc78-11e2-b6a3-d09594044607\Winre.wim,{e990b582-cc78-11e2-b6a3-d09594044607}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes

Windows-Startladeprogramm
-------------------------
Bezeichner              {fbe88233-3bf7-11e3-aef0-dbb9fd509566}
device                  ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{fbe88234-3bf7-11e3-aef0-dbb9fd509566}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
locale                  de-DE
inherit                 {bootloadersettings}
displaymessage          Recovery
osdevice                ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{fbe88234-3bf7-11e3-aef0-dbb9fd509566}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes

Wiederaufnahme aus dem Ruhezustand
----------------------------------
Bezeichner              {abc97fa6-3bf7-11e3-aef0-dbb9fd509566}
device                  partition=C:
path                    \WINDOWS\system32\winresume.exe
description             Windows Resume Application
locale                  de-DE
inherit                 {resumeloadersettings}
recoverysequence        {fbe88233-3bf7-11e3-aef0-dbb9fd509566}
recoveryenabled         Yes
allowedinmemorysettings 0x15000075
filedevice              partition=C:
filepath                \hiberfil.sys
bootmenupolicy          Standard
debugoptionenabled      No

Wiederaufnahme aus dem Ruhezustand
----------------------------------
Bezeichner              {e990b57f-cc78-11e2-b6a3-d09594044607}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  de-DE
inherit                 {resumeloadersettings}
recoverysequence        {e990b581-cc78-11e2-b6a3-d09594044607}
recoveryenabled         Yes
allowedinmemorysettings 0x15000075
filedevice              partition=C:
filepath                \hiberfil.sys
bootmenupolicy          Standard
debugoptionenabled      No

Windows-Speichertestprogramm
----------------------------
Bezeichner              {memdiag}
device                  partition=\Device\HarddiskVolume1
path                    \boot\memtest.exe
description             Windows-Speicherdiagnose
locale                  de-DE
inherit                 {globalsettings}
badmemoryaccess         Yes

EMS-Einstellungen
-----------------
Bezeichner              {emssettings}
bootems                 No

Debuggereinstellungen
---------------------
Bezeichner              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM-Defekte
-----------
Bezeichner              {badmemory}

Globale Einstellungen
---------------------
Bezeichner              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Startladeprogramm-Einstellungen
-------------------------------
Bezeichner              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Hypervisoreinstellungen
-------------------
Bezeichner              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Einstellungen zur Ladeprogrammfortsetzung
-----------------------------------------
Bezeichner              {resumeloadersettings}
inherit                 {globalsettings}

Ger„teoptionen
--------------
Bezeichner              {e990b582-cc78-11e2-b6a3-d09594044607}
description             Windows Recovery
ramdisksdidevice        partition=\Device\HarddiskVolume1
ramdisksdipath          \Recovery\e990b581-cc78-11e2-b6a3-d09594044607\boot.sdi

Ger„teoptionen
--------------
Bezeichner              {e990b583-cc78-11e2-b6a3-d09594044607}
description             Windows Setup
ramdisksdidevice        partition=C:
ramdisksdipath          \$WINDOWS.~BT\Sources\SafeOS\boot.sdi

Ger„teoptionen
--------------
Bezeichner              {fbe88234-3bf7-11e3-aef0-dbb9fd509566}
description             Windows Recovery
ramdisksdidevice        partition=\Device\HarddiskVolume1
ramdisksdipath          \Recovery\WindowsRE\boot.sdi



LastRegBack: 2015-01-16 03:34

==================== End Of Log ============================
         
--- --- ---

gmer ältere version ging dann durch

Code:
ATTFilter
GMER 2.0.18444 - hxxp://www.gmer.net
Rootkit scan 2015-01-17 12:08:06
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\00000044 SSD2SC480G726A104-46827799 rev.524ABBF0 447,13GB
Running: gmer-2.0.18444.exe; Driver: C:\Users\Admin\AppData\Local\Temp\pxldapoc.sys


---- Threads - GMER 2.0 ----

Thread   C:\WINDOWS\system32\csrss.exe [664:3396]                                                                                                                  fffff960009442d0
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:6164]                                                                                            000000005d99cb88
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:6176]                                                                                            000000005d4211d4
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:6180]                                                                                            0000000060cac724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:6188]                                                                                            0000000060cac724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:6192]                                                                                            0000000060cac724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:6196]                                                                                            0000000060cac724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:6200]                                                                                            0000000060cac724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:6204]                                                                                            0000000060cac724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:6208]                                                                                            0000000060cac724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:6212]                                                                                            0000000060cac724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:6216]                                                                                            0000000060cac724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:6220]                                                                                            0000000060cac724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:6224]                                                                                            0000000060cac724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:6228]                                                                                            0000000060cac724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:6232]                                                                                            0000000060cac724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:6236]                                                                                            0000000060cac724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:6240]                                                                                            0000000060cac724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:6244]                                                                                            0000000060cac724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:6248]                                                                                            0000000060cac724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:6264]                                                                                            0000000060cac724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:6272]                                                                                            0000000060cac724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:6276]                                                                                            0000000060cac724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:6280]                                                                                            0000000060cac724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:6284]                                                                                            0000000060cac724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:6292]                                                                                            0000000060cac724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:6296]                                                                                            0000000060cac724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:6300]                                                                                            0000000060cac724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:6320]                                                                                            0000000060cac724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:6336]                                                                                            000000005d4211d4
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:6340]                                                                                            000000005d4211d4
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:6360]                                                                                            0000000060cac724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:6416]                                                                                            0000000060cac724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:6420]                                                                                            0000000060cac724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:6424]                                                                                            0000000060cac724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:6428]                                                                                            0000000060cac724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:6432]                                                                                            0000000060cac724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:6436]                                                                                            0000000060cac724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:6440]                                                                                            0000000060cac724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:6480]                                                                                            0000000060cac724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:6496]                                                                                            0000000060cac724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:6500]                                                                                            0000000060cac724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:6548]                                                                                            0000000060cac724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:6596]                                                                                            0000000060cac724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:6600]                                                                                            0000000060cac724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:6784]                                                                                            0000000060cac724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:6788]                                                                                            000000005d4211d4
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:3964]                                                                                            000000007453cf40
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:4892]                                                                                            00000000744b28d0
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:1632]                                                                                            0000000076f64e40
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:2180]                                                                                            0000000060cac724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:3804]                                                                                            0000000060cac724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:2856]                                                                                            0000000060cac724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:6404]                                                                                            0000000060cac724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:2920]                                                                                            0000000060cac724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:5148]                                                                                            0000000060cac724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:4560]                                                                                            0000000060cac724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:4840]                                                                                            0000000060cac724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:6816]                                                                                            0000000060c174d6
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:3700]                                                                                            0000000076f64e40
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:6288]                                                                                            0000000060cac724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:5132]                                                                                            0000000076f64e40
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:1328]                                                                                            0000000060cac724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:2976]                                                                                            0000000076f64e40
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:7436]                                                                                            0000000076f64e40
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:7456]                                                                                            0000000076f64e40
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:7548]                                                                                            0000000076f64e40
---- Processes - GMER 2.0 ----

Library  ? (*** suspicious ***) @ C:\Windows\System32\skydrive.exe [4188]                                                                                          00007ffa17310000
Library  C:\Program (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE [7008]  000000005a430000
Library  C:\Program (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE [7008]  0000000054410000
Library  C:\Program (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE [7008]  0000000053540000
Library  ? (*** suspicious ***) @ C:\Program Files\Windows Media Player\wmpnetwk.exe [6780]                                                                        00007ffa1cfd0000

---- EOF - GMER 2.0 ----
         
--- --- ---
__________________

Geändert von andto (17.01.2015 um 12:12 Uhr) Grund: gmer log nachgereicht

Alt 17.01.2015, 18:10   #4
schrauber
/// the machine
/// TB-Ausbilder
 

nur Laptop sendet Dos Attacke Syn und UDP Flood an Router W921v - Standard

nur Laptop sendet Dos Attacke Syn und UDP Flood an Router W921v



Addition.txt von FRST fehlt noch.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 17.01.2015, 21:38   #5
andto
 
nur Laptop sendet Dos Attacke Syn und UDP Flood an Router W921v - Standard

nur Laptop sendet Dos Attacke Syn und UDP Flood an Router W921v



Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-01-2015 01
Ran by Admin at 2015-01-17 09:22:25
Running from C:\Users\Admin\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 CAT 3 - West - v4.0 (HKLM-x32\...\{D3D02004-0977-4BB1-8FE8-8BC4230DCEEC}}_is1) (Version:  - Eutechnyx, Ltd)
3DMark (HKLM-x32\...\{7330098c-3669-4f39-9e82-4221d489db39}) (Version: 1.4.828.0 - Futuremark)
3DMark (Version: 1.4.828.0 - Futuremark) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.0.3.13070 - Adobe Systems Inc.)
Adobe Connect 9 Add-in (HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\Adobe Connect 9 Add-in) (Version: 11,9,959,0 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
Alan Wake (HKLM-x32\...\Steam App 108710) (Version:  - Remedy Entertainment)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Arma 3 (HKLM-x32\...\Steam App 107410) (Version:  - Bohemia Interactive)
Assetto Corsa - Technology Preview Version 0.9.9 (HKLM-x32\...\{29826B4C-ADEF-4729-90D7-5011FD1C2B5E}_is1) (Version: 0.9.9 - Kunos Simulazioni)
Assetto Corsa (HKLM-x32\...\Steam App 244210) (Version:  - Kunos Simulazioni)
Battery Calibration (HKLM-x32\...\{619FA785-489B-4D22-911F-82D6EDF5BDB0}) (Version: 1.0.1405.0701 - Micro-Star International Co., Ltd.)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.4.2.23831 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.5.1 - EA Digital Illusions CE AB)
Call of Duty: Advanced Warfare (HKLM-x32\...\Steam App 209650) (Version:  - Sledgehammer Games)
Call of Duty: Black Ops II - Zombies (HKLM-x32\...\Steam App 212910) (Version:  - )
Call of Duty: Black Ops II (HKLM-x32\...\Steam App 202970) (Version:  - Treyarch)
Call of Duty: Ghosts - Multiplayer (HKLM-x32\...\Steam App 209170) (Version:  - )
Call of Juarez Gunslinger (HKLM-x32\...\Steam App 204450) (Version:  - Techland)
CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
Cogs (HKLM-x32\...\Steam App 26500) (Version:  - Lazy 8 Studios)
Company of Heroes (New Steam Version) (HKLM-x32\...\Steam App 228200) (Version:  - Relic)
Company of Heroes 2 (HKLM-x32\...\Steam App 231430) (Version:  - Relic Entertainment)
CPUID CPU-Z 1.71.1 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
Crysis®3 (HKLM-x32\...\{4198AE83-A3C6-4C41-85C8-EC63E990696E}) (Version: 1.0.0.0 - Electronic Arts)
dakota.ag (HKLM-x32\...\dakota.ag) (Version: 6.0.30 - ITSG GmbH)
dakota.ag (x32 Version: 6.0.30 - ITSG GmbH) Hidden
DayZ (HKLM-x32\...\Steam App 221100) (Version:  - Bohemia Interactive)
DGS-1500-28 (HKLM-x32\...\{A0EBA397-F8F2-43A8-BF90-BFB06720EFB4}) (Version: 1.0.0.7 - D-Link)
D-Link SmartConsole Utility (HKLM-x32\...\InstallShield_{4FCE40BB-5BD6-43C9-8DAD-5B0551D8DF0C}) (Version: 3.00.10 - D-Link)
D-Link SmartConsole Utility (x32 Version: 3.00.10 - D-Link) Hidden
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
Elevated Installer (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
Emergency Download Driver (HKLM-x32\...\{9ED72246-E35D-4B03-8369-605E82465A29}) (Version: 1.1.5.1416 - Nokia)
eMule (HKLM-x32\...\eMule) (Version:  - )
Far Cry 3 (HKLM-x32\...\{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}) (Version: 1.04 - Ubisoft)
Far Cry 4 (HKLM-x32\...\Uplay Install 420) (Version:  - Ubisoft)
FileViewPro (HKLM\...\{29938C06-6962-4C27-A94C-25E4F424A665}_is1) (Version: 1.5 - Solvusoft Corporation)
FileZilla Client 3.9.0.6 (HKLM-x32\...\FileZilla Client) (Version: 3.9.0.6 - Tim Kosse)
FOSCAM Client (HKLM-x32\...\{9F9CDA0B-2291-4061-85C4-441A75BE6713}) (Version: 1.4.13 - FOSCAM)
Fraps (HKLM-x32\...\Fraps) (Version:  - )
Free Audio CD to MP3 Converter version 1.3.12.1228 (HKLM-x32\...\Free Audio CD to MP3 Converter_is1) (Version: 1.3.12.1228 - DVDVideoSoft Ltd.)
Free YouTube Download version 3.2.49.1122 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.49.1122 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.39.604 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.39.604 - DVDVideoSoft Ltd.)
FreeCommander XE (HKLM-x32\...\FreeCommander XE_is1) (Version: Preview - Marek Jasinski)
Fuse Drivers x64 (HKLM-x32\...\{06904B2B-5000-4C58-9471-256BA1A303BE}) (Version: 11.34.1 - Nokia)
Futuremark SystemInfo (HKLM-x32\...\{2FE4C157-30AD-47F3-9D93-D9A2AFF25D3F}) (Version: 4.33.485.0 - Futuremark)
Game Copa Petrobras de Marcas version 1.02 (HKLM-x32\...\{A5075C60-242E-432B-B935-31C90D127DA9}}_is1) (Version: 1.02 - Reiza Studios Ltda.)
Garmin Express (HKLM-x32\...\{b43ffffb-1adc-4bcb-b277-7844ebff94da}) (Version: 3.2.17.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GRID Autosport (HKLM-x32\...\Steam App 255220) (Version:  - Codemasters Racing)
Half-Life 2 (HKLM-x32\...\Steam App 220) (Version:  - Valve)
HitmanPro.Alert (HKLM\...\HitmanPro.Alert) (Version: 2.6.5.77 - SurfRight B.V.)
Hotspot Shield 3.42 (HKLM-x32\...\HotspotShield) (Version: 3.42 - AnchorFree Inc.)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet Pro 8600 - Grundlegende Software für das Gerät (HKLM\...\{D2D05FDB-4EDA-462D-8DB6-E0B9AD4FA25F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Hilfe (HKLM-x32\...\{FDE820DD-CC88-4395-AD5C-801365B8F316}) (Version: 28.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
HPDetect (HKLM-x32\...\{CCCDD476-98F9-4B06-91DB-23F27CEC3BE1}) (Version: 1.0.0.0 - HP)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel(R) Driver Update Utility 2.0 (x32 Version: 2.0.0.29 - Intel) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3958 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.0.1030 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)
IPCamSetup (HKLM-x32\...\{02C39DE9-B03A-4FE7-89F9-61E224FE65CC}) (Version: 1.00.0000 - FOSCAM)
IPCWebComponents 3.1.0.5 (HKLM-x32\...\{4740E1B2-51CF-4083-8976-D6B3B5A5064F}_is1) (Version: 3.1.0.5 - )
iRacing.com Race Simulation (HKLM-x32\...\{CBBB3C80-76F5-42B5-92A6-C4BF84796DCB}) (Version: 1.01.0485 - iRacing.com Motorsport Simulations)
iSpy (HKLM-x32\...\{067B0B45-5718-4AF1-AAAB-A8D0894183A0}) (Version: 5.6.8 - iSpy)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Lexware Elster (HKLM-x32\...\{CEF3D480-E4A5-4962-BCF5-D72F355B4E98}) (Version: 14.02.00.0015 - Haufe-Lexware GmbH & Co.KG)
Lexware financial office 2014 (x32 Version: 18.51.00.0199 - Haufe-Lexware GmbH & Co.KG) Hidden
Lexware financial office plus 2014 (HKLM-x32\...\{cceb5f5e-fa2f-4632-aa50-1dffce083c79}) (Version: 18.0.0.98 - Haufe-Lexware GmbH & Co.KG)
Lexware Info Service (HKLM-x32\...\{C5F9841A-CE4B-4D57-AB97-D7A82910E1F6}) (Version: 4.51.00.0091 - Haufe-Lexware GmbH & Co.KG)
Lexware Installations Dienst (HKLM-x32\...\{1071B240-540B-420C-A40F-EF0AF5CD4892}) (Version: 3.51.00.0022 - Haufe-Lexware GmbH & Co.KG)
Lexware online banking (HKLM-x32\...\{7F603892-89C9-4EC4-9236-7AD4A798EA41}) (Version: 21.00.00.0039 - Haufe-Lexware GmbH & Co.KG)
Lexware PDF-Export 5 (x32 Version: 5.00.00.0005 - Haufe-Lexware GmbH & Co.KG) Hidden
LinuxLive USB Creator (HKLM-x32\...\LinuxLive USB Creator) (Version: 2.8 - Thibaut Lauziere)
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 5.2 - Paramount Software (UK) Ltd.)
Macrium Reflect Free Edition (Version: 5.3.7086 - Paramount Software (UK) Ltd.) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Memory Cleaner 2.00 (HKLM-x32\...\MemClean) (Version: 2.00 - KoshyJohn.com)
Metro 2033 Redux (HKLM-x32\...\Steam App 286690) (Version:  - 4A GAMES)
Metro: Last Light Redux (HKLM-x32\...\Steam App 287390) (Version:  - 4A Games)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 15.0.4675.1003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM-x32\...\{95140000-0137-0407-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
Mozilla Thunderbird 17.0.6 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 17.0.6 (x86 de)) (Version: 17.0.6 - Mozilla)
Mozilla Thunderbird 24.0.1 (x86 de) (HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\Mozilla Thunderbird 24.0.1 (x86 de)) (Version: 24.0.1 - Mozilla)
MSI Afterburner 4.0.0 (HKLM-x32\...\Afterburner) (Version: 4.0.0 - MSI Co., LTD)
MSI Kombustor 2.5.0 (HKLM-x32\...\{0B7C79A5-5CB2-4ABD-A9C1-92A6213CE8DD}_is1) (Version:  - MSI Co., LTD)
Need for Speed™ Rivals (HKLM-x32\...\{E0A32336-AA27-4053-99B2-C3380B7B95AC}) (Version: 1.4.0.0 - Electronic Arts)
Nero 9 Lite (HKLM-x32\...\{f50f5bef-c397-4ef8-a24c-4d151e4c22ec}) (Version:  - Nero AG)
Nero Burning ROM 2014 (HKLM-x32\...\{A4DC74AA-F4DF-48B9-AA4B-C30CA0DBCA33}) (Version: 15.0.04600 - Nero AG)
Nero Info (HKLM-x32\...\{B791E0AB-87A9-41A4-8D98-D13C2E37D928}) (Version: 15.1.0030 - Nero AG)
Netzmanager (HKLM-x32\...\Netzmanager) (Version: 1.081 - Deutsche Telekom AG)
Netzmanager (Version: 1.081 - Deutsche Telekom AG, Marmiko IT-Solutions GmbH) Hidden
Next Car Game Sneak Peek 2.0 (HKLM-x32\...\Steam App 272860) (Version:  - Bugbear)
Next Car Game: Wreckfest (HKLM-x32\...\Steam App 228380) (Version:  - Bugbear)
Nokia Software Recovery Tool (HKLM-x32\...\{637CB9CC-5F9E-40C1-ACF2-979733241E3E}) (Version: 1.4.3 - Nokia)
NVIDIA GeForce Experience 2.2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.09 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 9.3.1.4482 - Electronic Arts, Inc.)
PDF24 Creator 6.9.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PeerGuardian 2.0 (HKLM-x32\...\PeerGuardian_is1) (Version: 2.0.6.4 - Methlabs Productions)
Prerequisite installer (x32 Version: 15.0.0005 - Nero AG) Hidden
Puddle (HKLM-x32\...\Steam App 222140) (Version:  - Neko Entertainment)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Qualcomm Atheros Bandwidth Control Filter Driver (Version: 1.1.47.1374 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer E220x Drivers (Version: 1.1.47.1374 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer Performance Suite (HKLM-x32\...\{D675B346-8CDB-4C8E-804E-17FC9F62CEA5}) (Version: 1.1.47.1374 - Qualcomm Atheros)
Qualcomm Atheros Killer Wireless-N Drivers (Version: 1.1.47.1374 - Qualcomm Atheros) Hidden
Qualcomm Atheros Network Manager (Version: 1.1.47.1374 - Qualcomm Atheros) Hidden
RACE 07 (HKLM-x32\...\Steam App 8600) (Version:  - SimBin)
Race Injection (HKLM-x32\...\Steam App 44680) (Version:  - SimBin Studios AB)
RaceRoom Racing Experience  (HKLM-x32\...\Steam App 211500) (Version:  - SimBin Studios AB)
RaceRoom Racing Experience Launcher (HKLM-x32\...\{1FD9F07F-7BBF-4C91-B3F0-A23714A3A913}_is1) (Version: 1.0 - SimBin)
Raptr (HKLM-x32\...\Raptr) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6690 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.28123 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
rFactor2 (HKLM-x32\...\rFactor2) (Version:  - )
RivaTuner Statistics Server 6.2.0 (HKLM-x32\...\RTSS) (Version: 6.2.0 - Unwinder)
Roadkil's Unstoppable Copier Version 5.2 (HKLM-x32\...\{A306FD29-7D3A-4287-91AC-9A0180931395}_is1) (Version:  - Roadkil.Net)
SHIELD Streaming (Version: 3.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.18.14 - NVIDIA Corporation) Hidden
SimCity 2000 Special Edition (HKLM-x32\...\{59D2C751-F7BE-4E9F-9C8C-1F16013802C7}) (Version: 2.0.0.1 - Electronic Arts)
SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 4.0.86.0859 - Electronic Arts)
Simraceway 28.92 (HKLM-x32\...\Simraceway) (Version: 28.92 - Simraceway)
SSWebPlugin (HKLM-x32\...\{8E545090-944A-4AAE-8B20-23DF1786F17D}) (Version: 1.0.0.39 - Synology)
Starbound (HKLM-x32\...\Steam App 211820) (Version:  - )
StormFall (HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\StormFall) (Version:  - StormFall) <==== ATTENTION!
Studie zur Verbesserung von HP Officejet Pro 8600 Produkten (HKLM\...\{B9824225-2055-4700-BCD4-64B25EC88264}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
SurveillanceHelper (HKLM-x32\...\{E8236305-76A1-4AE2-A35C-2498D6876912}) (Version: 1.0.0.3 - Synology)
SurveillancePlugin (HKLM-x32\...\{B4637DBD-7E8E-46D4-BC9C-EC1C9F1DC561}) (Version: 1.0.0.423 - Synology)
sv.net (HKLM-x32\...\sv.net) (Version: 14.1 - ITSG GmbH)
System Requirements Lab for Intel (HKLM-x32\...\{04C4B49D-45D9-4A28-9ED1-B45CBD99B8C7}) (Version: 4.5.24.0 - Husdawg, LLC)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.36897 - TeamViewer)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version:  - TechPowerUp)
The Bureau: XCOM Declassified (HKLM-x32\...\Steam App 65930) (Version:  - 2K Marin)
The Crew (Worldwide) (HKLM-x32\...\Uplay Install 413) (Version:  - Ubisoft)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Evil Within Demo (HKLM-x32\...\Steam App 329960) (Version:  - Tango Gameworks)
The Great War 1918 (HKLM-x32\...\Steam App 314420) (Version:  - Relic Entertainment)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.51a - Ghisler Software GmbH)
Transformers: Fall of Cybertron (HKLM-x32\...\Steam App 213120) (Version:  - Mercenary Technologies)
TRANSFORMERS: Rise of the Dark Spark (HKLM-x32\...\Steam App 245760) (Version:  - Edge of Reality)
TreeSize Free V3.2.1 (HKLM-x32\...\TreeSize Free_is1) (Version: 3.2.1 - JAM Software)
TrojanHunter 5.6 (HKLM-x32\...\TrojanHunter_is1) (Version: 5.6 - Bytelayer AB)
True Image 2013 (HKLM-x32\...\{4AA75223-6CBF-46F4-8EE4-7BF0591089F7}Visible) (Version: 16.0.6514 - Acronis)
True Image 2013 (x32 Version: 16.0.6514 - Acronis) Hidden
True Image 2013 Plus Pack (HKLM-x32\...\{1547FF3D-F82F-46AE-819B-78C7BB3D53EC}) (Version: 16.0.6514 - Acronis)
UltraISO Premium V9.6 (HKLM-x32\...\UltraISO_is1) (Version:  - )
Unity Web Player (HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Uplay (HKLM-x32\...\Uplay) (Version: 4.5 - Ubisoft)
USB Serial Port Driver (HKLM-x32\...\{281A7FBF-9E98-4639-AC73-D205BBF979AA}) (Version: 1.1.4.1416 - Nokia)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
War Thunder (HKLM-x32\...\Steam App 236390) (Version:  - Gaijin Entertainment)
Watch_Dogs (HKLM-x32\...\Uplay Install 274) (Version:  - Ubisoft)
Windows Phone app for desktop (HKLM-x32\...\{19773614-FC22-4ACC-AAA3-E6BDA81ACF92}) (Version: 1.1.2726.0 - Microsoft Corporation)
Windows Phone app for desktop (HKLM-x32\...\{9C4D79B6-238E-49D8-AEBC-26384EBDE6B3}) (Version: 1.0.1720.1 - Microsoft Corporation)
Windows-Treiberpaket - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows-Treiberpaket - Lexmark International Printer  (07/06/2012 2.1.5.0) (HKLM\...\BF11496524DAA0EE0B3DE7C870A7D17BC97C0B14) (Version: 07/06/2012 2.1.5.0 - Lexmark International)
Windows-Treiberpaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
WinToUSB version 1.4 (HKLM-x32\...\WinToUSB_is1) (Version: 1.4 - The EasyUEFI Development Team.)
WinUsb CoInstallers (HKLM-x32\...\{B7D4B08A-9D89-4369-B51C-92CF8C03D2F8}) (Version: 1.1.8.1406 - Nokia)
WinUSB Compatible ID Drivers (HKLM-x32\...\{C97989C1-551F-4F41-A069-2A49567FD36B}) (Version: 1.1.6.1416 - Nokia)
WinUSB Drivers ext (HKLM-x32\...\{0ED6AC75-474D-4511-B198-05B8C99F6B8B}) (Version: 1.1.7.1416 - Nokia)
Wolfenstein: The New Order German Edition (HKLM-x32\...\Steam App 288570) (Version:  - MachineGames)
WRC 4 FIA WORLD RALLY CHAMPIONSHIP (HKLM-x32\...\Steam App 256330) (Version:  - Milestone S.r.l.)
X-Motor Racing Demo (HKLM-x32\...\X-Motor Racing Demo_is1) (Version:  - Exotypos)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2819443126-392552937-1277417864-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-2819443126-392552937-1277417864-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Admin\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points  =========================

28-12-2014 08:06:02 DirectX wurde installiert
04-01-2015 14:53:21 Geplanter Prüfpunkt
12-01-2015 18:14:24 Geplanter Prüfpunkt
15-01-2015 05:51:28 Prüfpunkt von HitmanPro

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0AA1F179-FA10-46AF-9EAF-C6933A770D59} - \Seagate_Install_Launch No Task File <==== ATTENTION
Task: {1887A53C-F03A-4C3F-8FEC-01CA1DB6EA08} - System32\Tasks\Microsoft Office 15 Sync Maintenance for ONEPC-Admin OnePC => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-11-04] (Microsoft Corporation)
Task: {19395FDD-F5F0-447C-A834-FC9D8D1674EE} - \HPCustParticipation HP Officejet Pro 8600 No Task File <==== ATTENTION
Task: {203982B8-C446-4F4F-8EF0-0BF4BC3A8952} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-11-12] (Microsoft Corporation)
Task: {287F3197-7998-470F-B04D-6E2A296FABCB} - \GoogleUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {3036B396-15F3-4430-98A9-337AB8481398} - \GoogleUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {338EF201-1E25-40B3-98AE-3CFE691E881A} - \Microsoft_MKC_Logon_Task_itype.exe No Task File <==== ATTENTION
Task: {3AA151C0-7079-4BD8-89B0-609D22DCA726} - \Microsoft_Hardware_Launch_mousekeyboardcenter_exe No Task File <==== ATTENTION
Task: {41EED3EA-2A03-4192-87D2-5C3782189C28} - \User_Feed_Synchronization-{DF772C42-9DA6-4A07-A576-E2DAD94F2096} No Task File <==== ATTENTION
Task: {51474427-D684-45F5-8DB5-C0732E75E7CA} - \{26CC40C6-7AF6-4A6A-B384-369B1AFDBE66} No Task File <==== ATTENTION
Task: {57F7813B-623C-48B4-A6C2-525117AC3F7C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {619D129F-4304-4C73-A121-6730E9FA3027} - \CreateChoiceProcessTask No Task File <==== ATTENTION
Task: {7015B8D7-DDB2-4A32-8E32-10F221DF0882} - \Microsoft_Hardware_Launch_itype_exe No Task File <==== ATTENTION
Task: {796504CA-79C5-458A-9541-3173FACB30C1} - \Core Temp Autostart Admin No Task File <==== ATTENTION
Task: {7B229291-634C-4B5B-8CA2-0FF9C5D4E72C} - \Microsoft_Hardware_Launch_ipoint_exe No Task File <==== ATTENTION
Task: {88FA4920-C21E-4BB0-ACB3-1E00E1C234E1} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation)
Task: {8DECFF88-F9C4-4FF9-974B-245F72E1A9D6} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-01-14] (Microsoft Corporation)
Task: {A669484B-2B77-435D-A374-7A47988CF89F} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2819443126-392552937-1277417864-1001 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe
Task: {B86FCF37-6A96-4790-8328-5F8CC3E35BAB} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [2013-10-16] (Nero AG)
Task: {BA578D76-4613-45AB-8355-C0E4E3AA2CBC} - \MSIAfterburner No Task File <==== ATTENTION
Task: {C5050D0C-D39A-4B60-92FD-B5AA00AE652F} - \Microsoft_MKC_Logon_Task_ipoint.exe No Task File <==== ATTENTION
Task: {D8E1604D-4461-4BEF-B40D-5AC569CD1890} - \GarminUpdaterTask No Task File <==== ATTENTION
Task: {E30E0525-FD4D-468D-B8B6-3BD9F61056C3} - \HP AR Program Upload - c8ac4278ca3949a487036fae545744fe5052aa724f0240da89d05ea85040bf29 No Task File <==== ATTENTION
Task: {E551B41C-005D-431F-9533-76BFA25BCAC2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-11-21] (Piriform Ltd)
Task: {F0548ACB-7990-4C42-BD97-653F71BDB95B} - System32\Tasks\FRAPS => C:\Fraps\fraps.exe [2013-02-26] (Beepa P/L)
Task: {F8BAAB94-6F81-4DEF-BE85-6B3592734D8B} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-13] (Adobe Systems Incorporated)
Task: {FA3CDBEE-0CC7-4B6A-9DA9-4D2154F03A36} - System32\Tasks\Microsoft\Windows\Media Center\Extender\Update media permissions for Mcx1-ONEPC => C:\Windows\ehome\McxTask.exe [2013-09-30] (Microsoft Corporation)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-06-20 18:09 - 2014-12-15 11:45 - 00020240 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\TeamViewer_PrintProcessor.dll
2014-03-22 09:08 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-08-10 21:00 - 2014-06-13 14:17 - 00076888 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2014-05-01 20:29 - 2014-05-01 20:29 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2013-03-27 22:39 - 2013-03-27 22:39 - 00021824 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\x64\ti_managers_proxy_stub.dll
2014-11-25 08:19 - 2014-11-25 08:19 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\ErrorReporting.dll
2014-09-19 14:48 - 2014-09-19 14:48 - 00330240 _____ () C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
2014-11-22 01:03 - 2014-11-22 01:03 - 00053248 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2014-12-19 09:41 - 2014-12-19 09:41 - 01007104 _____ () D:\Program Files (x86)\Origin\platforms\qwindows.dll
2014-12-19 09:40 - 2014-12-19 09:40 - 00023552 _____ () D:\Program Files (x86)\Origin\imageformats\qgif.dll
2014-12-19 09:40 - 2014-12-19 09:40 - 00024576 _____ () D:\Program Files (x86)\Origin\imageformats\qico.dll
2014-12-19 09:40 - 2014-12-19 09:40 - 00216576 _____ () D:\Program Files (x86)\Origin\imageformats\qjpeg.dll
2014-12-19 09:40 - 2014-12-19 09:40 - 00261120 _____ () D:\Program Files (x86)\Origin\imageformats\qmng.dll
2014-12-19 09:40 - 2014-12-19 09:40 - 00019456 _____ () D:\Program Files (x86)\Origin\imageformats\qtga.dll
2014-12-19 09:40 - 2014-12-19 09:40 - 00337408 _____ () D:\Program Files (x86)\Origin\imageformats\qtiff.dll
2014-12-19 09:40 - 2014-12-19 09:40 - 00018944 _____ () D:\Program Files (x86)\Origin\imageformats\qwbmp.dll
2013-09-26 11:20 - 2013-09-26 11:20 - 00176168 _____ () C:\Program Files (x86)\Lexware\Update Manager\Haufe.Core.Diagnostics.Logging.Targets.Etw.dll
2013-09-26 11:20 - 2013-09-26 11:20 - 00043048 _____ () C:\Program Files (x86)\Lexware\Update Manager\Haufe.Core.Diagnostics.Etw.dll
2010-11-22 23:56 - 2010-11-22 23:56 - 00087040 _____ () C:\Program Files (x86)\Raptr\_ctypes.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00043008 _____ () C:\Program Files (x86)\Raptr\_socket.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00805376 _____ () C:\Program Files (x86)\Raptr\_ssl.pyd
2014-05-14 00:26 - 2014-05-14 00:26 - 05812736 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtGui.pyd
2014-05-14 00:26 - 2014-05-14 00:26 - 00067584 _____ () C:\Program Files (x86)\Raptr\sip.pyd
2014-05-14 00:26 - 2014-05-14 00:26 - 01662464 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtCore.pyd
2014-05-14 00:26 - 2014-05-14 00:26 - 00494592 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtNetwork.pyd
2010-11-22 23:57 - 2010-11-22 23:57 - 00096256 _____ () C:\Program Files (x86)\Raptr\win32api.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00110592 _____ () C:\Program Files (x86)\Raptr\pywintypes26.dll
2010-11-22 23:56 - 2010-11-22 23:56 - 00010240 _____ () C:\Program Files (x86)\Raptr\select.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00356864 _____ () C:\Program Files (x86)\Raptr\_hashlib.pyd
2010-11-22 23:57 - 2010-11-22 23:57 - 00036352 _____ () C:\Program Files (x86)\Raptr\win32process.pyd
2010-11-22 23:57 - 2010-11-22 23:57 - 00111104 _____ () C:\Program Files (x86)\Raptr\win32file.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00044544 _____ () C:\Program Files (x86)\Raptr\_sqlite3.pyd
2011-02-15 19:17 - 2011-02-15 19:17 - 00417501 _____ () C:\Program Files (x86)\Raptr\sqlite3.dll
2010-11-22 23:57 - 2010-11-22 23:57 - 00167936 _____ () C:\Program Files (x86)\Raptr\win32gui.pyd
2014-05-14 00:26 - 2014-05-14 00:26 - 00313856 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtWebKit.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00127488 _____ () C:\Program Files (x86)\Raptr\pyexpat.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00009216 _____ () C:\Program Files (x86)\Raptr\winsound.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00354304 _____ () C:\Program Files (x86)\Raptr\pythoncom26.dll
2010-11-22 23:57 - 2010-11-22 23:57 - 00016384 _____ () C:\Program Files (x86)\Raptr\win32trace.pyd
2014-08-14 01:37 - 2014-08-14 01:37 - 00113171 _____ () C:\Program Files (x86)\Raptr\libvlc.dll
2014-08-14 01:37 - 2014-08-14 01:37 - 02396691 _____ () C:\Program Files (x86)\Raptr\libvlccore.dll
2010-11-22 23:56 - 2010-11-22 23:56 - 00583680 _____ () C:\Program Files (x86)\Raptr\unicodedata.pyd
2011-11-21 03:20 - 2011-11-21 03:20 - 01949696 _____ () C:\Program Files (x86)\Raptr\libtorrent.pyd
2010-11-22 23:57 - 2010-11-22 23:57 - 00263168 _____ () C:\Program Files (x86)\Raptr\win32com.shell.shell.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00324608 _____ () C:\Program Files (x86)\Raptr\PIL._imaging.pyd
2013-11-21 01:05 - 2013-11-21 01:05 - 00256000 _____ () C:\Program Files (x86)\Raptr\amd_ags.dll
2010-11-22 23:57 - 2010-11-22 23:57 - 00141312 _____ () C:\Program Files (x86)\Raptr\gobject._gobject.pyd
2014-06-18 01:56 - 2014-06-18 01:56 - 02717595 _____ () C:\Program Files (x86)\Raptr\heliotrope._purple.pyd
2011-02-15 19:17 - 2011-02-15 19:17 - 01213633 _____ () C:\Program Files (x86)\Raptr\libxml2-2.dll
2010-11-23 00:06 - 2010-11-23 00:06 - 00055808 _____ () C:\Program Files (x86)\Raptr\zlib1.dll
2013-05-10 00:52 - 2013-05-10 00:52 - 00495680 _____ () C:\Program Files (x86)\Raptr\plugins\libaim.dll
2013-05-10 00:52 - 2013-05-10 00:52 - 01183699 _____ () C:\Program Files (x86)\Raptr\liboscar.dll
2013-05-10 00:52 - 2013-05-10 00:52 - 00483306 _____ () C:\Program Files (x86)\Raptr\plugins\libicq.dll
2013-05-03 19:57 - 2013-05-03 19:57 - 00655356 _____ () C:\Program Files (x86)\Raptr\plugins\libirc.dll
2013-05-03 19:56 - 2013-05-03 19:56 - 01306387 _____ () C:\Program Files (x86)\Raptr\plugins\libmsn.dll
2013-05-03 19:56 - 2013-05-03 19:56 - 00565461 _____ () C:\Program Files (x86)\Raptr\plugins\libxmpp.dll
2013-05-03 19:57 - 2013-05-03 19:57 - 01640221 _____ () C:\Program Files (x86)\Raptr\libjabber.dll
2013-05-03 19:56 - 2013-05-03 19:56 - 00506276 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoo.dll
2013-05-03 19:57 - 2013-05-03 19:57 - 01053730 _____ () C:\Program Files (x86)\Raptr\libymsg.dll
2013-05-03 19:57 - 2013-05-03 19:57 - 00497782 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoojp.dll
2013-05-03 19:57 - 2013-05-03 19:57 - 00603326 _____ () C:\Program Files (x86)\Raptr\plugins\ssl-nss.dll
2013-05-03 19:57 - 2013-05-03 19:57 - 00474199 _____ () C:\Program Files (x86)\Raptr\plugins\ssl.dll
2014-12-09 07:16 - 2014-12-09 07:16 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-11-21 05:49 - 2014-11-21 05:49 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Admin\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AcrSch2Svc => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: ADUServiceNSRT => 2
MSCONFIG\Services: afcdpsrv => 2
MSCONFIG\Services: BEService => 3
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: Futuremark SystemInfo Service => 3
MSCONFIG\Services: Garmin Core Update Service => 3
MSCONFIG\Services: GfExperienceService => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: hmpalertsvc => 2
MSCONFIG\Services: hshld => 2
MSCONFIG\Services: HssTrayService => 3
MSCONFIG\Services: HssWd => 2
MSCONFIG\Services: IAStorDataMgrSvc => 2
MSCONFIG\Services: ICCS => 3
MSCONFIG\Services: igfxCUIService1.0.0.0 => 2
MSCONFIG\Services: Intel(R) Capability Licensing Service Interface => 2
MSCONFIG\Services: iRacingService => 2
MSCONFIG\Services: jhi_service => 2
MSCONFIG\Services: Lexware_Update_Service => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: Micro Star SCM => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NAUpdate => 2
MSCONFIG\Services: Netzmanager Service => 2
MSCONFIG\Services: NvNetworkService => 2
MSCONFIG\Services: NvStreamSvc => 2
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: Origin Client Service => 3
MSCONFIG\Services: Qualcomm Atheros Killer Service V2 => 2
MSCONFIG\Services: ReflectService.exe => 2
MSCONFIG\Services: Simraceway Update Service => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: syncagentsrv => 2
MSCONFIG\Services: TeamViewer => 2
MSCONFIG\Services: UNS => 2
HKLM\...\StartupApproved\StartupFolder: => "SRW Download Manager.lnk"
HKLM\...\StartupApproved\Run: => "Acronis Scheduler2 Service"
HKLM\...\StartupApproved\Run32: => "IAStorIcon"
HKLM\...\StartupApproved\Run32: => "AcronisTibMounterMonitor"
HKLM\...\StartupApproved\Run32: => "TrueImageMonitor.exe"
HKLM\...\StartupApproved\Run32: => "EaseUS EPM tray"
HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\StartupApproved\StartupFolder: => "Tintenwarnungen überwachen - HP Officejet Pro 8600 (Netzwerk).lnk"
HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\StartupApproved\StartupFolder: => "An OneNote senden.lnk"
HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\StartupApproved\StartupFolder: => "Tintenwarnungen überwachen - .lnk"
HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\StartupApproved\Run: => "GarminExpressTrayApp"
HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\StartupApproved\Run: => "Uploader"
HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\StartupApproved\Run: => "Prime95"

========================= Accounts: ==========================

Admin (S-1-5-21-2819443126-392552937-1277417864-1001 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-2819443126-392552937-1277417864-500 - Administrator - Disabled)
fbwuser2B82 (S-1-5-21-2819443126-392552937-1277417864-1007 - Limited - Enabled)
fbwuser6E92 (S-1-5-21-2819443126-392552937-1277417864-1008 - Limited - Enabled)
fbwuserADE8 (S-1-5-21-2819443126-392552937-1277417864-1005 - Limited - Enabled)
fbwuserB171 (S-1-5-21-2819443126-392552937-1277417864-1006 - Limited - Enabled)
fbwuserB705 (S-1-5-21-2819443126-392552937-1277417864-1010 - Limited - Enabled)
fbwuserF7BE (S-1-5-21-2819443126-392552937-1277417864-1009 - Limited - Enabled)
Gast (S-1-5-21-2819443126-392552937-1277417864-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2819443126-392552937-1277417864-1012 - Limited - Enabled)
Mcx1-ONEPC (S-1-5-21-2819443126-392552937-1277417864-1004 - Limited - Enabled) => C:\Users\Mcx1-ONEPC

==================== Faulty Device Manager Devices =============

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: High Definition Audio-Controller
Description: High Definition Audio-Controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: HDAudBus
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Microsoft Bluetooth-Auflistung
Description: Microsoft Bluetooth-Auflistung
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Microsoft
Service: BthEnum
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Virtueller Microsoft-Adapter für direktes WiFi #3
Description: Virtueller Microsoft-Adapter für direktes WiFi
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/17/2015 08:57:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Gmer-19357.exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83
Name des fehlerhaften Moduls: Gmer-19357.exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000011aa
ID des fehlerhaften Prozesses: 0xbe4
Startzeit der fehlerhaften Anwendung: 0xGmer-19357.exe0
Pfad der fehlerhaften Anwendung: Gmer-19357.exe1
Pfad des fehlerhaften Moduls: Gmer-19357.exe2
Berichtskennung: Gmer-19357.exe3
Vollständiger Name des fehlerhaften Pakets: Gmer-19357.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Gmer-19357.exe5

Error: (01/17/2015 08:56:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: rundll32.exe_winethc.dll, Version: 6.3.9600.17415, Zeitstempel: 0x54504eb8
Name des fehlerhaften Moduls: USER32.dll, Version: 6.3.9600.17476, Zeitstempel: 0x54516b13
Ausnahmecode: 0xc0000142
Fehleroffset: 0x00000000000ec5a0
ID des fehlerhaften Prozesses: 0x1838
Startzeit der fehlerhaften Anwendung: 0xrundll32.exe_winethc.dll0
Pfad der fehlerhaften Anwendung: rundll32.exe_winethc.dll1
Pfad des fehlerhaften Moduls: rundll32.exe_winethc.dll2
Berichtskennung: rundll32.exe_winethc.dll3
Vollständiger Name des fehlerhaften Pakets: rundll32.exe_winethc.dll4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: rundll32.exe_winethc.dll5

Error: (01/17/2015 08:55:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Gmer-19357.exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83
Name des fehlerhaften Moduls: Gmer-19357.exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000011aa
ID des fehlerhaften Prozesses: 0x1d54
Startzeit der fehlerhaften Anwendung: 0xGmer-19357.exe0
Pfad der fehlerhaften Anwendung: Gmer-19357.exe1
Pfad des fehlerhaften Moduls: Gmer-19357.exe2
Berichtskennung: Gmer-19357.exe3
Vollständiger Name des fehlerhaften Pakets: Gmer-19357.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Gmer-19357.exe5

Error: (01/17/2015 08:54:34 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Gmer-19357.exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83
Name des fehlerhaften Moduls: Gmer-19357.exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000011aa
ID des fehlerhaften Prozesses: 0x76c
Startzeit der fehlerhaften Anwendung: 0xGmer-19357.exe0
Pfad der fehlerhaften Anwendung: Gmer-19357.exe1
Pfad des fehlerhaften Moduls: Gmer-19357.exe2
Berichtskennung: Gmer-19357.exe3
Vollständiger Name des fehlerhaften Pakets: Gmer-19357.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Gmer-19357.exe5

Error: (01/17/2015 08:54:13 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.

Error: (01/17/2015 08:54:13 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.

Error: (01/17/2015 08:50:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Gmer-19357.exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83
Name des fehlerhaften Moduls: Gmer-19357.exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000011aa
ID des fehlerhaften Prozesses: 0x1f90
Startzeit der fehlerhaften Anwendung: 0xGmer-19357.exe0
Pfad der fehlerhaften Anwendung: Gmer-19357.exe1
Pfad des fehlerhaften Moduls: Gmer-19357.exe2
Berichtskennung: Gmer-19357.exe3
Vollständiger Name des fehlerhaften Pakets: Gmer-19357.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Gmer-19357.exe5

Error: (01/16/2015 05:25:44 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.

Error: (01/16/2015 05:25:44 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.

Error: (01/16/2015 05:09:50 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.


System errors:
=============
Error: (01/17/2015 08:36:22 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Der Dienst Gruppenrichtlinienclient konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden.

Error: (01/17/2015 08:15:29 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Windows Defender-Netzwerkinspektionsdienst" ist vom Dienst "Treiber für Windows Defender-Netzwerkinspektionssystem" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (01/17/2015 08:15:29 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Treiber für Windows Defender-Netzwerkinspektionssystem" ist vom Dienst "Basisfiltermodul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (01/17/2015 08:14:29 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Windows Defender-Netzwerkinspektionsdienst" ist vom Dienst "Treiber für Windows Defender-Netzwerkinspektionssystem" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (01/17/2015 08:14:29 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Treiber für Windows Defender-Netzwerkinspektionssystem" ist vom Dienst "Basisfiltermodul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (01/17/2015 08:13:40 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Windows Defender-Netzwerkinspektionsdienst" ist vom Dienst "Treiber für Windows Defender-Netzwerkinspektionssystem" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (01/17/2015 08:13:40 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Treiber für Windows Defender-Netzwerkinspektionssystem" ist vom Dienst "Basisfiltermodul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (01/17/2015 08:12:41 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Windows Defender-Netzwerkinspektionsdienst" ist vom Dienst "Treiber für Windows Defender-Netzwerkinspektionssystem" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (01/17/2015 08:12:41 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Treiber für Windows Defender-Netzwerkinspektionssystem" ist vom Dienst "Basisfiltermodul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (01/17/2015 08:11:58 AM) (Source: DCOM) (EventID: 10010) (User: ONEPC)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}


Microsoft Office Sessions:
=========================
Error: (01/17/2015 08:57:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Gmer-19357.exe2.1.19357.052e7ea83Gmer-19357.exe2.1.19357.052e7ea83c0000005000011aabe401d0322b383542daC:\Users\Admin\Downloads\Gmer-19357.exeC:\Users\Admin\Downloads\Gmer-19357.exe80290772-9e1e-11e4-bffd-a417319ede24

Error: (01/17/2015 08:56:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: rundll32.exe_winethc.dll6.3.9600.1741554504eb8USER32.dll6.3.9600.1747654516b13c000014200000000000ec5a0183801d0322b169eadd0C:\WINDOWS\System32\rundll32.exeUSER32.dll5452e9d3-9e1e-11e4-bffd-a417319ede24

Error: (01/17/2015 08:55:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Gmer-19357.exe2.1.19357.052e7ea83Gmer-19357.exe2.1.19357.052e7ea83c0000005000011aa1d5401d0322af12514b2C:\Users\Admin\Downloads\Gmer-19357.exeC:\Users\Admin\Downloads\Gmer-19357.exe392e1f27-9e1e-11e4-bffd-a417319ede24

Error: (01/17/2015 08:54:34 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Gmer-19357.exe2.1.19357.052e7ea83Gmer-19357.exe2.1.19357.052e7ea83c0000005000011aa76c01d0322acac9c6a0C:\Users\Admin\Downloads\Gmer-19357.exeC:\Users\Admin\Downloads\Gmer-19357.exe12e78c55-9e1e-11e4-bffd-a417319ede24

Error: (01/17/2015 08:54:13 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifestC:\Users\Admin\Downloads\esetsmartinstaller_deu(1).exe

Error: (01/17/2015 08:54:13 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifestC:\Users\Admin\Downloads\esetsmartinstaller_deu.exe

Error: (01/17/2015 08:50:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Gmer-19357.exe2.1.19357.052e7ea83Gmer-19357.exe2.1.19357.052e7ea83c0000005000011aa1f9001d0322a3096c0b2C:\Users\Admin\Downloads\Gmer-19357.exeC:\Users\Admin\Downloads\Gmer-19357.exe789c3bd7-9e1d-11e4-bffd-a417319ede24

Error: (01/16/2015 05:25:44 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifestC:\Users\Admin\Downloads\esetsmartinstaller_deu.exe

Error: (01/16/2015 05:25:44 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifestC:\Users\Admin\Downloads\esetsmartinstaller_deu(1).exe

Error: (01/16/2015 05:09:50 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifestC:\Users\Admin\Downloads\esetsmartinstaller_deu(1).exe


CodeIntegrity Errors:
===================================
  Date: 2015-01-17 08:38:50.628
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-17 08:37:13.378
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-17 08:37:02.549
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\hmpalert.dll that did not meet the Windows signing level requirements.

  Date: 2015-01-17 08:36:56.127
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-17 08:36:53.330
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\NisSrv.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\hmpalert.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-17 08:36:49.177
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\hmpalert.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-17 08:14:57.301
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-17 08:12:32.033
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\hmpalert.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-17 07:52:03.116
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\hmpalert.dll that did not meet the Windows signing level requirements.

  Date: 2015-01-17 07:51:55.202
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-3630QM CPU @ 2.40GHz
Percentage of memory in use: 21%
Total physical RAM: 16276.89 MB
Available physical RAM: 12839.71 MB
Total Pagefile: 32660.89 MB
Available Pagefile: 29557.85 MB
Total Virtual: 131072 MB
Available Virtual: 131071.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:446.79 GB) (Free:128.83 GB) NTFS
Drive d: (Volume) (Fixed) (Total:931.39 GB) (Free:217.49 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 447.1 GB) (Disk ID: 003DE352)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=446.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 000ABBCC)

Partition: GPT Partition Type.

==================== End Of Log ============================
         
ging eh nicht in alles wegen begrenzung auf 12..... irgendwas an zeichen...


Geändert von andto (17.01.2015 um 21:39 Uhr) Grund: ohje in Brocken....

Alt 17.01.2015, 23:43   #6
schrauber
/// the machine
/// TB-Ausbilder
 

nur Laptop sendet Dos Attacke Syn und UDP Flood an Router W921v - Standard

nur Laptop sendet Dos Attacke Syn und UDP Flood an Router W921v



Lade Dir bitte von hier Revo Uninstaller Download Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
  • Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den Programmen:

    StormFall


  • Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

 






Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
--> nur Laptop sendet Dos Attacke Syn und UDP Flood an Router W921v

Alt 18.01.2015, 10:54   #7
andto
 
nur Laptop sendet Dos Attacke Syn und UDP Flood an Router W921v - Standard

nur Laptop sendet Dos Attacke Syn und UDP Flood an Router W921v



Achtung das abarbeiten mit einem Programm führt zum Verlust der WLan und Netzwerk anbindung es scheint das dort etwas gelöscht wird. Ich habe den Wiederherstellungspunkt genutzt und bin wieder Stand heute morgen 07:00 "stormfall" aber nun muss ich erst prüfen was wird da weggenommen aber wichtig für den Zugang zum Internet beinhaltet. Vielen Dank


1. REVO Check
2. Malwarebyte Check
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 18.01.2015
Suchlauf-Zeit: 09:19:43
Logdatei: 
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2015.01.18.04
Rootkit Datenbank: v2015.01.14.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: Admin

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 416779
Verstrichene Zeit: 7 Min, 27 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 0
(Keine schädliche Elemente erkannt)

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)
         
3. Adware nur Ergebnis nicht gelöscht da es vorhin zum Netzwerkabbruch führte und dann die Wiederherstellung griff
AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v4.108 - Bericht erstellt am 18/01/2015 um 07:05:51
# Aktualisiert 17/01/2015 von Xplode
# Database : 2015-01-13.2 [Live]
# Betriebssystem : Windows 8.1 Pro with Media Center  (64 bits)
# Benutzername : Admin - ONEPC
# Gestartet von : C:\Users\Admin\Downloads\AdwCleaner_4.108(1).exe
# Option : Suchen

***** [ Dienste ] *****

Dienst Gefunden : hshld
Dienst Gefunden : hsstrayservice
Dienst Gefunden : hsswd

***** [ Dateien / Ordner ] *****

Datei Gefunden : C:\Users\Public\Desktop\Hotspot Shield.lnk
Datei Gefunden : C:\Users\Public\Desktop\Hotspot Shield.lnk
Datei Gefunden : C:\WINDOWS\System32\drivers\hssdrv6.sys
Datei Gefunden : C:\WINDOWS\System32\drivers\taphss6.sys
Ordner Gefunden : C:\Program Files (x86)\hotspot shield
Ordner Gefunden : C:\ProgramData\hotspot shield
Ordner Gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\hotspot shield
Ordner Gefunden : C:\Users\Admin\AppData\Local\CrashRpt
Ordner Gefunden : C:\Users\Admin\AppData\Local\eSupport.com
Ordner Gefunden : C:\Users\Admin\AppData\Local\PackageAware
Ordner Gefunden : C:\Users\Admin\AppData\Roaming\hotspot shield
Ordner Gefunden : C:\Users\Admin\AppData\Roaming\RHEng
Ordner Gefunden : C:\Users\Admin\AppData\Roaming\Solvusoft
Ordner Gefunden : C:\WINDOWS\SysWOW64\hotspot shield

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gefunden : HKCU\Software\anchorfree
Schlüssel Gefunden : HKCU\Software\eSupport.com
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}
Schlüssel Gefunden : HKCU\Software\OCS
Schlüssel Gefunden : [x64] HKCU\Software\anchorfree
Schlüssel Gefunden : [x64] HKCU\Software\eSupport.com
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}
Schlüssel Gefunden : [x64] HKCU\Software\OCS
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gefunden : HKLM\SOFTWARE\hotspotshield
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\hotspotshield
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Steam App 228200
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v34.0.5 (x86 de)

[mpiofm0i.default-1406638029815] - Zeile gefunden : user_pref("browser.search.selectedEngine", "Vosteran");
[mpiofm0i.default-1406638029815] - Zeile gefunden : user_pref("extensions.srchvstrn.hmpgUrl", "hxxp://Vosteran.com/?f=1&a=vst_dnldstr_14_51_ff&cd=2XzuyEtN2Y1L1Qzu0AyEtCyBtAtCzy0E0D0EtByE0AtB0FtAtN0D0Tzu0StCtDzzyEtN1L2XzutAtFyCtFtCtDtFyBtN1L1CzutCyEtBzy[...]
[mpiofm0i.default-1406638029815] - Zeile gefunden : user_pref("extensions.srchvstrn.newTabUrl", "hxxp://Vosteran.com/?f=2&a=vst_dnldstr_14_51_ff&cd=2XzuyEtN2Y1L1Qzu0AyEtCyBtAtCzy0E0D0EtByE0AtB0FtAtN0D0Tzu0StCtDzzyEtN1L2XzutAtFyCtFtCtDtFyBtN1L1CzutCyEtB[...]
[mpiofm0i.default-1406638029815] - Zeile gefunden : user_pref("extensions.srchvstrn.prtnrId", "WSE_Vosteran");
[mpiofm0i.default-1406638029815] - Zeile gefunden : user_pref("extensions.srchvstrn.srchPrvdr", "Vosteran");
[mpiofm0i.default-1406638029815] - Zeile gefunden : user_pref("extensions.srchvstrn.tlbrSrchUrl", "hxxp://Vosteran.com/?f=3&a=vst_dnldstr_14_51_ff&cd=2XzuyEtN2Y1L1Qzu0AyEtCyBtAtCzy0E0D0EtByE0AtB0FtAtN0D0Tzu0StCtDzzyEtN1L2XzutAtFyCtFtCtDtFyBtN1L1CzutCyE[...]

*************************

AdwCleaner[R0].txt - [3862 octets] - [17/01/2015 13:14:26]
AdwCleaner[R1].txt - [3765 octets] - [18/01/2015 07:05:51]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [3825 octets] ##########
         

4. JRT Protokoll

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 8.1 Pro with Media Center x64
Ran by Admin on 18.01.2015 at  9:34:43,94
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully stopped: [Service] hshld 
Successfully deleted: [Service] hshld 
Successfully stopped: [Service] hsstrayservice 
Successfully deleted: [Service] hsstrayservice 
Successfully stopped: [Service] hsswd 
Successfully deleted: [Service] hsswd 



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\hotspot shield"
Successfully deleted: [Folder] "C:\Users\Admin\AppData\Roaming\hotspot shield"
Successfully deleted: [Folder] "C:\Program Files (x86)\hotspot shield"



~~~ FireFox

Successfully deleted the following from C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\mpiofm0i.default-1406638029815\prefs.js

user_pref("browser.search.selectedEngine", "Vosteran");
user_pref("extensions.srchvstrn.hmpgUrl", "hxxp://Vosteran.com/?f=1&a=vst_dnldstr_14_51_ff&cd=2XzuyEtN2Y1L1Qzu0AyEtCyBtAtCzy0E0D0EtByE0AtB0FtAtN0D0Tzu0StCtDzzyEtN1L2XzutAtFyCt
user_pref("extensions.srchvstrn.newTabUrl", "hxxp://Vosteran.com/?f=2&a=vst_dnldstr_14_51_ff&cd=2XzuyEtN2Y1L1Qzu0AyEtCyBtAtCzy0E0D0EtByE0AtB0FtAtN0D0Tzu0StCtDzzyEtN1L2XzutAtFy
user_pref("extensions.srchvstrn.prtnrId", "WSE_Vosteran");
user_pref("extensions.srchvstrn.srchPrvdr", "Vosteran");
user_pref("extensions.srchvstrn.tlbrSrchUrl", "hxxp://Vosteran.com/?f=3&a=vst_dnldstr_14_51_ff&cd=2XzuyEtN2Y1L1Qzu0AyEtCyBtAtCzy0E0D0EtByE0AtB0FtAtN0D0Tzu0StCtDzzyEtN1L2XzutAt
Emptied folder: C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\mpiofm0i.default-1406638029815\minidumps [8 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 18.01.2015 at  9:40:30,79
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
Ich muss feststellen das Adware beim Bereinigen dazu führt das keine Netzwerkfähigkeit besteht egal ob WLan oder Kabel. Die dateien von anchorfree und hotspotshield können doch nicht dafür verantwortlich sein. Oder???

siehe code von adware... klar da is noch vosteran was drauf aber das sieht nicht nach dem Übeltäter für das Abschalten des Netzwerkes verantwortlich zu sein

und ein neues FRST


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-01-2015
Ran by Admin (administrator) on ONEPC on 18-01-2015 10:11:30
Running from C:\Users\Admin\Downloads
Loaded Profiles: Admin (Available profiles: Admin & Mcx1-ONEPC)
Platform: Windows 8.1 Pro with Media Center (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
() C:\Program Files (x86)\Common Files\Nokia\ADUService\ADUService.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(iRacing.com Motorsport Simulations, LLC
Bedford, MA 01730) D:\Program Files (x86)\iRacing\iRacingService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe
(Micro-Star International Co., Ltd.) C:\Windows\SysWOW64\MSIService.exe
(Deutsche Telekom AG) C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Qualcomm Atheros) C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe
() C:\Program Files (x86)\SimracewayUpdater\SRWUpdate.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Beepa P/L) C:\Fraps\fraps.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
() C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
(Deutsche Telekom AG) C:\Program Files\Netzmanager\netzmanager.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Common Files\Lexware\Internettransfer\LxTrans.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Lexware\Update Manager\LxUpdateManager.exe
(Geek Software GmbH) D:\Program Files (x86)\PDF24\pdf24.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe
(Mischel Internet Security) C:\Program Files (x86)\TrojanHunter 5.6\THGuard.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Beepa P/L) C:\Fraps\fraps64.dat
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officec2rclient.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-13] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531984 2015-01-07] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [517912 2013-02-15] (Acronis)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-01] (Intel Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [TransferManager] => C:\Program Files (x86)\Common Files\Lexware\Internettransfer\LxTrans.exe [444928 2014-06-29] (Haufe-Lexware GmbH & Co. KG)
HKLM-x32\...\Run: [LexwareInfoService] => C:\Program Files (x86)\Lexware\Update Manager\LxUpdateManager.exe [208424 2014-06-03] (Haufe-Lexware GmbH & Co. KG)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [6405376 2013-03-28] (Acronis)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1105848 2013-01-10] (Acronis)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2014-12-08] (Raptr, Inc)
HKLM-x32\...\Run: [PDFPrint] => d:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH)
HKLM-x32\...\Run: [THGuard] => C:\Program Files (x86)\TrojanHunter 5.6\THGuard.exe [1081808 2014-07-30] (Mischel Internet Security)
HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\Run: [SkyDrive] => C:\Users\Admin\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [277672 2014-10-09] (Microsoft Corporation)
HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\Run: [EADM] => d:\Program Files (x86)\Origin\Origin.exe [3618648 2014-12-19] (Electronic Arts)
HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\Run: [GarminExpressTrayApp] => D:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\Run: [Prime95] => C:\Users\Admin\Downloads\p95v285.win64\prime95.exe [36363264 2014-05-30] ()
HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7063832 2014-11-21] (Piriform Ltd)
HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\Run: [PeerGuardian] => C:\Program Files (x86)\PeerGuardian2\pg2.exe [1421824 2005-09-18] (Methlabs)
HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\MountPoints2: {0d48a496-850f-11e3-becb-a417319ede24} - "G:\setup_vmc_lite.exe" /checkApplicationPresence
HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\MountPoints2: {78f8706e-00e8-11e4-bf2b-a417319ede24} - "C:\WINDOWS\system32\RunDLL32.EXE" Shell32.DLL,ShellExec_RunDLL F:\start.exe
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => D:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [178632 2014-12-13] (NVIDIA Corporation)
AppInit_DLLs: , C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [178632 2014-12-13] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [165760 2014-12-13] (NVIDIA Corporation)
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk
ShortcutTarget: Netzmanager.lnk -> C:\Program Files\Netzmanager\netzmanager.exe (Deutsche Telekom AG)
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - .lnk
ShortcutTarget: Tintenwarnungen überwachen - .lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet Pro 8600 (Netzwerk).lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet Pro 8600 (Netzwerk).lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk
ShortcutTarget: Killer Network Manager.lnk -> C:\Windows\Installer\{2D7BDE37-83EC-438A-9E1F-A610594DD358}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe (Flexera Software LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SRW Download Manager.lnk
ShortcutTarget: SRW Download Manager.lnk -> C:\IgniteGT\Simraceway\SRWAgent.exe (IgniteGT)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll (Acronis)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2819443126-392552937-1277417864-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = 
SearchScopes: HKU\S-1-5-21-2819443126-392552937-1277417864-1001 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {3746422E-4692-4429-9698-E3EB34FE07BC} hxxp://192.168.1.9:88/FSIPCam.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {960DC750-7447-4CDE-BF1C-FB33F9129654} hxxp://192.168.1.9:5000/webman/3rdparty/SurveillanceStation/object/SSObject3.cab?6.1-2909
DPF: HKLM-x32 {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} hxxp://192.168.1.117/codebase/DVM_IPCam2.ocx
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com/bin/srldetect_intel_4.5.24.0.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mpiofm0i.default-1406638029815
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @IPCWebComponents -> C:\Program Files (x86)\IPCWebComponents\npIPCReg.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: synology.com/SurveillanceHelper -> C:\Program Files (x86)\Synology\SurveillanceHelper\1.0.0.3\npSurveillanceHelper.dll (Synology)
FF Plugin-x32: synology.com/SurveillancePlugin -> C:\Program Files (x86)\Synology\SurveillancePlugin\1.0.0.423\npSurveillancePlugin.dll (Synology)
FF Plugin HKU\S-1-5-21-2819443126-392552937-1277417864-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Admin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2819443126-392552937-1277417864-1001: hp.com/HPDetect -> C:\Users\Admin\AppData\Roaming\HewlettPackard\HPDetect\1.0.0.0\npHPDetect.dll (HP)
FF Plugin HKU\S-1-5-21-2819443126-392552937-1277417864-1001: synology.com/SSWebPlugin -> C:\Users\Admin\AppData\Roaming\Synology\SSWebPlugin\1.0.0.39\npSSWebPlugin.dll (Synology)
FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mpiofm0i.default-1406638029815\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mpiofm0i.default-1406638029815\searchplugins\google-maps.xml
FF Extension: npIpcam - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mpiofm0i.default-1406638029815\Extensions\npapi@n.com [2014-08-23]
FF Extension: Bitdefender QuickScan - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mpiofm0i.default-1406638029815\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2014-12-25]
FF Extension: {4bca6f1e-1ab9-44ff-9461-67bd2fbe7039} - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mpiofm0i.default-1406638029815\Extensions\{4bca6f1e-1ab9-44ff-9461-67bd2fbe7039}.xpi [2014-11-09]
FF Extension: Adblock Plus - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mpiofm0i.default-1406638029815\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-21]
FF Extension: Hotspot Shield Extension - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afproxy@anchorfree.com [2014-12-09]
FF HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mpiofm0i.default-1406638029815\extensions\cliqz@cliqz.com

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [ocbnpbkmjpgbdcgiflkgkpnkinifpgpj] - C:\Users\Admin\ChromeExtensions\ocbnpbkmjpgbdcgiflkgkpnkinifpgpj\amazon-icon-2.crx [2014-11-08]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ADUServiceNSRT; C:\Program Files (x86)\Common Files\Nokia\ADUService\ADUService.exe [100984 2014-06-26] () [File not signed]
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [448384 2014-12-03] ()
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [614624 2014-12-10] (Futuremark)
S3 Garmin Core Update Service; D:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438616 2014-08-07] (Garmin Ltd or its subsidiaries)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2015-01-07] (NVIDIA Corporation)
R2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [1876816 2015-01-15] (SurfRight B.V.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [318568 2014-10-03] (Intel Corporation)
R2 iRacingService; D:\Program Files (x86)\iRacing\iRacingService.exe [798840 2015-01-13] (iRacing.com Motorsport Simulations, LLC
Bedford, MA 01730)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-09-17] (Intel Corporation)
R2 Lexware_Update_Service; C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe [62504 2014-06-26] (Haufe-Lexware GmbH & Co. KG)
R2 Micro Star SCM; C:\WINDOWS\SysWOW64\MSIService.exe [160768 2009-07-09] (Micro-Star International Co., Ltd.) [File not signed]
R2 Netzmanager Service; C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe [2635776 2012-07-20] (Deutsche Telekom AG) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2015-01-07] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19822736 2015-01-07] (NVIDIA Corporation)
S3 Origin Client Service; D:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2014-12-19] (Electronic Arts)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2014-06-13] ()
R2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [387584 2014-09-19] (Qualcomm Atheros) [File not signed]
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3275728 2014-06-24] (Paramount Software UK Ltd)
R2 Simraceway Update Service; C:\Program Files (x86)\SimracewayUpdater\SRWUpdate.exe [1630720 2013-07-11] () [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3905536 2014-08-22] (Qualcomm Atheros Communications, Inc.)
R1 BfLwf; C:\Windows\system32\DRIVERS\bwcW8x64.sys [97968 2014-09-11] (Qualcomm Atheros, Inc.)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R2 hmpalert; C:\Windows\System32\drivers\hmpalert.sys [93144 2015-01-15] ()
R1 HssDRV6; C:\Windows\system32\DRIVERS\hssdrv6.sys [44744 2014-05-17] (AnchorFree Inc.)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115448 2013-11-21] (EZB Systems, Inc.)
R3 Ke2200; C:\Windows\system32\DRIVERS\e22w8x64.sys [130224 2014-03-27] (Qualcomm Atheros, Inc.)
S3 massfilter; C:\Windows\System32\drivers\massfilter.sys [11776 2009-04-09] (ZTE Incorporated) [File not signed]
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-18] (Malwarebytes Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [4263936 2013-06-03] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-01-07] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S3 pwdrvio; C:\WINDOWS\system32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [12504 2013-09-30] ()
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [79872 2013-12-02] (BlackBerry Limited)
S3 rimvndis; C:\Windows\System32\Drivers\rimvndis6_AMD64.sys [17920 2014-06-23] (Research in Motion Limited)
S3 RimVSerPort; C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
S3 SjtWinIo; C:\Windows\System32\drivers\SjtWinIo.sys [9216 2014-08-26] (SpeedJet Technology INC.)
S3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42184 2014-05-17] (Anchorfree Inc.)
R3 TelekomNM6; C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys [45664 2010-09-16] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2014-11-11] (Acronis International GmbH)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [183224 2014-11-11] (Acronis)
S3 UHSfiltv; C:\Windows\system32\drivers\UHSfiltv.sys [23552 2012-09-12] (Creative Technology Ltd.) [File not signed]
S3 usbrndis6; C:\Windows\system32\DRIVERS\usb80236.sys [20992 2013-08-22] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 AthBTPort; \SystemRoot\system32\DRIVERS\btath_flt.sys [X]
S3 BTATH_A2DP; \SystemRoot\system32\drivers\btath_a2dp.sys [X]
S3 btath_avdt; \SystemRoot\system32\drivers\btath_avdt.sys [X]
S3 BTATH_BUS; \SystemRoot\System32\drivers\btath_bus.sys [X]
S3 BTATH_HCRP; \SystemRoot\System32\drivers\btath_hcrp.sys [X]
S3 BTATH_LWFLT; \SystemRoot\system32\DRIVERS\btath_lwflt.sys [X]
S3 BTATH_RCP; \SystemRoot\System32\drivers\btath_rcp.sys [X]
S3 cpuz138; \??\C:\WINDOWS\TEMP\cpuz138\cpuz138_x64.sys [X]
S3 GPUZ; \??\C:\WINDOWS\TEMP\GPUZ.sys [X]
S3 hitmanpro37; \??\C:\WINDOWS\system32\drivers\hitmanpro37.sys [X]
U3 pxldapoc; \??\C:\Users\Admin\AppData\Local\Temp\pxldapoc.sys [X]
S3 VMSMP; \SystemRoot\system32\DRIVERS\vmswitch.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-18 10:11 - 2015-01-18 10:11 - 00000000 ____D () C:\Users\Admin\Downloads\FRST-OlderVersion
2015-01-18 09:40 - 2015-01-18 09:40 - 00002251 _____ () C:\Users\Admin\Desktop\JRT.txt
2015-01-18 09:34 - 2015-01-18 09:34 - 01707939 _____ (Thisisu) C:\Users\Admin\Downloads\JRT.exe
2015-01-18 09:34 - 2015-01-18 09:34 - 00000000 ____D () C:\WINDOWS\ERUNT
2015-01-18 09:31 - 2015-01-18 09:31 - 02186752 _____ () C:\Users\Admin\Downloads\AdwCleaner_4.108(1).exe
2015-01-18 09:18 - 2015-01-18 09:39 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-01-18 09:18 - 2015-01-18 09:18 - 00001114 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-01-18 09:18 - 2015-01-18 09:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-01-18 09:18 - 2015-01-18 09:18 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-01-18 09:18 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-01-18 09:18 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-01-18 09:18 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-01-18 09:10 - 2015-01-18 09:11 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Admin\Downloads\mbam-setup-2.0.4.1028(1).exe
2015-01-18 09:00 - 2015-01-18 09:00 - 00000000 ____D () C:\WINDOWS\LastGood
2015-01-18 08:52 - 2014-08-22 09:00 - 03905536 _____ (Qualcomm Atheros Communications, Inc.) C:\WINDOWS\system32\Drivers\athwbx.sys
2015-01-18 08:34 - 2015-01-18 08:34 - 00000000 ____D () C:\Dell
2015-01-18 07:30 - 2015-01-18 07:30 - 00000000 ____D () C:\WINDOWS\LastGood.Tmp
2015-01-18 07:26 - 2015-01-18 07:26 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Synaptics
2015-01-18 07:21 - 2015-01-18 08:23 - 00029758 _____ () C:\WINDOWS\DPINST.LOG
2015-01-18 07:21 - 2015-01-18 07:21 - 00001342 _____ () C:\WINDOWS\Synaptics.log
2015-01-18 07:21 - 2015-01-18 07:21 - 00000000 ____D () C:\Program Files\Synaptics
2015-01-18 07:10 - 2015-01-18 07:10 - 00003707 _____ () C:\Users\Admin\Desktop\AdwCleaner[S0].txt
2015-01-18 07:04 - 2015-01-18 07:04 - 00001220 _____ () C:\Users\Admin\Desktop\Malwarebytes Anti-Malware180120150700.txt
2015-01-18 06:50 - 2015-01-18 09:02 - 00001280 _____ () C:\Users\Admin\Desktop\Revo Uninstaller.lnk
2015-01-18 06:50 - 2015-01-18 09:02 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-01-18 06:50 - 2015-01-18 06:50 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Admin\Downloads\revosetup95.exe
2015-01-17 13:14 - 2015-01-18 09:32 - 00000000 ____D () C:\AdwCleaner
2015-01-17 13:14 - 2015-01-17 13:14 - 02186752 _____ () C:\Users\Admin\Downloads\AdwCleaner_4.108.exe
2015-01-17 13:12 - 2015-01-17 13:12 - 00380416 _____ () C:\Users\Admin\Downloads\dsz5321w.exe
2015-01-17 12:42 - 2015-01-17 13:05 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-01-17 12:41 - 2015-01-17 13:05 - 00000000 ____D () C:\Users\Admin\Desktop\mbar
2015-01-17 12:40 - 2015-01-17 12:41 - 16448208 _____ (Malwarebytes Corp.) C:\Users\Admin\Downloads\mbar-1.08.2.1001.exe
2015-01-17 12:17 - 2015-01-17 12:17 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-01-17 12:16 - 2015-01-17 12:16 - 02347384 _____ (ESET) C:\Users\Admin\Downloads\esetsmartinstaller_deu(2).exe
2015-01-17 12:08 - 2015-01-17 12:08 - 00013401 _____ () C:\Users\Admin\Downloads\gmerversion2018444.log
2015-01-17 09:48 - 2015-01-18 09:53 - 00002176 _____ () C:\WINDOWS\PFRO.log
2015-01-17 09:47 - 2015-01-17 09:47 - 00009952 _____ () C:\Users\Admin\Desktop\malwarebytestestversion2041028.txt
2015-01-17 09:45 - 2015-01-17 09:45 - 00365568 _____ () C:\Users\Admin\Downloads\gmer-2.0.18444.exe
2015-01-17 09:38 - 2015-01-17 09:38 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Admin\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-17 09:32 - 2015-01-17 09:32 - 00085001 _____ () C:\Users\Admin\Desktop\Resultminitoolbox.txt
2015-01-17 09:31 - 2015-01-17 09:32 - 00084965 _____ () C:\Users\Admin\Downloads\Result.txt
2015-01-17 09:31 - 2015-01-17 09:31 - 00401920 _____ (Farbar) C:\Users\Admin\Downloads\MiniToolBox.exe
2015-01-17 09:23 - 2015-01-17 09:23 - 00126319 _____ () C:\Users\Admin\Downloads\Shortcut.txt
2015-01-17 09:21 - 2015-01-17 09:21 - 00049295 _____ () C:\Users\Admin\Desktop\FRST.txt
2015-01-17 08:49 - 2015-01-17 08:49 - 00380416 _____ () C:\Users\Admin\Downloads\Gmer-19357.exe
2015-01-17 08:44 - 2015-01-18 10:11 - 00026308 _____ () C:\Users\Admin\Downloads\FRST.txt
2015-01-17 08:44 - 2015-01-18 10:11 - 00000000 ____D () C:\FRST
2015-01-17 08:44 - 2015-01-17 09:23 - 00060300 _____ () C:\Users\Admin\Downloads\Addition.txt
2015-01-17 08:43 - 2015-01-18 10:11 - 02126336 _____ (Farbar) C:\Users\Admin\Downloads\FRST64.exe
2015-01-17 08:43 - 2015-01-18 10:09 - 00000472 _____ () C:\Users\Admin\Downloads\defogger_disable.log
2015-01-17 08:43 - 2015-01-17 08:43 - 00050477 _____ () C:\Users\Admin\Downloads\Defogger.exe
2015-01-17 08:43 - 2015-01-17 08:43 - 00000000 _____ () C:\Users\Admin\defogger_reenable
2015-01-16 17:10 - 2015-01-16 17:10 - 00000000 ____D () C:\Users\Admin\Downloads\TcpView-3.05
2015-01-16 17:09 - 2015-01-16 17:09 - 01179936 _____ () C:\Users\Admin\Downloads\TCPView - CHIP-Installer.exe
2015-01-16 17:09 - 2015-01-16 17:09 - 00291606 _____ () C:\Users\Admin\Downloads\TcpView-3.05.zip
2015-01-16 14:41 - 2015-01-16 14:41 - 00003657 _____ () C:\Users\Admin\Desktop\virenverdachtdatei.txt
2015-01-16 08:41 - 2015-01-16 08:41 - 02347384 _____ (ESET) C:\Users\Admin\Downloads\esetsmartinstaller_deu(1).exe
2015-01-15 06:14 - 2015-01-18 10:01 - 00000000 ____D () C:\WINDOWS\CryptoGuard
2015-01-15 06:14 - 2015-01-17 08:12 - 00000000 ____D () C:\Program Files (x86)\HitmanPro.Alert
2015-01-15 06:14 - 2015-01-15 06:37 - 00548424 _____ (SurfRight) C:\WINDOWS\system32\hmpalert.dll
2015-01-15 06:14 - 2015-01-15 06:37 - 00477008 _____ (SurfRight) C:\WINDOWS\SysWOW64\hmpalert.dll
2015-01-15 06:14 - 2015-01-15 06:37 - 00093144 _____ () C:\WINDOWS\system32\Drivers\hmpalert.sys
2015-01-15 06:14 - 2015-01-15 06:14 - 01889616 _____ (SurfRight B.V.) C:\Users\Admin\Downloads\hmpalert.exe
2015-01-15 06:14 - 2015-01-15 06:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro.Alert
2015-01-15 06:14 - 2015-01-15 06:14 - 00000000 ____D () C:\ProgramData\HitmanPro.Alert
2015-01-15 06:09 - 2015-01-15 06:09 - 00319536 _____ () C:\WINDOWS\Minidump\011515-10203-01.dmp
2015-01-15 06:08 - 2015-01-15 06:08 - 1604350282 _____ () C:\WINDOWS\MEMORY.DMP
2015-01-15 05:52 - 2015-01-15 05:52 - 00012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe
2015-01-15 05:52 - 2015-01-15 05:52 - 00000856 _____ () C:\WINDOWS\system32\.crusader
2015-01-15 05:52 - 2015-01-15 05:52 - 00000142 _____ () C:\WINDOWS\system32\bootdelete.lst
2015-01-14 20:20 - 2015-01-14 20:22 - 00000000 ____D () C:\Program Files (x86)\TrojanHunter 5.6
2015-01-14 20:20 - 2015-01-14 20:20 - 00059392 ____R () C:\WINDOWS\SysWOW64\streamhlp.dll
2015-01-14 20:20 - 2015-01-14 20:20 - 00001097 _____ () C:\Users\Admin\Desktop\TrojanHunter.lnk
2015-01-14 20:20 - 2015-01-14 20:20 - 00000000 ____D () C:\ProgramData\TrojanHunter
2015-01-14 20:20 - 2015-01-14 20:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrojanHunter
2015-01-14 20:16 - 2015-01-14 20:16 - 00000949 _____ () C:\Users\Mcx1-ONEPC\Desktop\PeerGuardian.lnk
2015-01-14 20:16 - 2015-01-14 20:16 - 00000949 _____ () C:\Users\Admin\Desktop\PeerGuardian.lnk
2015-01-14 20:16 - 2015-01-14 20:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PeerGuardian 2
2015-01-14 20:16 - 2015-01-14 20:16 - 00000000 ____D () C:\Program Files (x86)\PeerGuardian2
2015-01-14 19:44 - 2015-01-14 19:45 - 02347384 _____ (ESET) C:\Users\Admin\Downloads\esetsmartinstaller_deu.exe
2015-01-14 19:44 - 2015-01-14 19:44 - 02209056 _____ () C:\Users\Admin\Downloads\avira-eu-cleaner_de.exe
2015-01-14 19:44 - 2015-01-14 19:44 - 00002072 _____ () C:\Users\Admin\Desktop\Entfernen des Avira EU-Cleaners.lnk
2015-01-14 19:44 - 2015-01-14 19:44 - 00002016 _____ () C:\Users\Admin\Desktop\Avira EU-Cleaner.lnk
2015-01-14 19:35 - 2015-01-15 05:52 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-01-14 19:35 - 2015-01-14 19:35 - 11225840 _____ (SurfRight B.V.) C:\Users\Admin\Downloads\hitmanpro_x64.exe
2015-01-14 19:28 - 2015-01-18 09:53 - 00004921 _____ () C:\WINDOWS\setupact.log
2015-01-14 19:28 - 2015-01-14 19:28 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-01-14 17:25 - 2014-04-16 00:35 - 00028352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
2015-01-14 17:25 - 2014-04-16 00:34 - 00029888 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2015-01-14 10:15 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-01-14 10:15 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-01-14 10:15 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-01-14 10:15 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-01-14 10:15 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-01-14 10:15 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-01-14 10:15 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-01-14 10:15 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-01-14 10:15 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-01-14 10:15 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-01-14 10:15 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-01-14 10:15 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-01-14 10:15 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-01-14 10:15 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-01-14 10:15 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-01-13 14:36 - 2015-01-13 14:41 - 00000000 ____D () C:\Users\Admin\Documents\InfiniteCrisis
2015-01-13 14:36 - 2015-01-13 14:36 - 00000000 ____D () C:\Users\Admin\AppData\Local\InfiniteCrisis
2015-01-13 08:17 - 2015-01-13 12:41 - 00000000 ____D () C:\Users\Admin\AppData\Local\Turbine
2015-01-13 08:08 - 2015-01-13 08:08 - 00000000 ____D () C:\ProgramData\Turbine
2015-01-13 07:17 - 2015-01-13 07:19 - 164623600 _____ () C:\Users\Admin\Desktop\InfiniteCrisisInstaller.exe
2015-01-10 12:50 - 2015-01-10 12:50 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2015-01-10 12:49 - 2015-01-10 12:50 - 05410368 _____ (Code Laboratories, Inc.) C:\Users\Admin\Downloads\CL-Eye-Driver-5.3.0.0341.exe
2015-01-10 12:42 - 2015-01-10 12:43 - 23535342 _____ () C:\Users\Admin\Downloads\ECam-V2_0_3_0.zip
2015-01-09 17:16 - 2015-01-09 17:50 - 2840363008 _____ () C:\Users\Admin\Downloads\Image_Windows7_32+64.iso
2015-01-05 14:30 - 2015-01-05 14:30 - 01923104 _____ (CTS Games Ltd. ) C:\Users\Admin\Downloads\szone_webinst.exe
2015-01-04 19:49 - 2015-01-18 06:46 - 00067584 ___SH () C:\Users\Admin\Desktop\Thumbs.db
2015-01-04 11:54 - 2015-01-18 09:56 - 00003132 _____ () C:\WINDOWS\System32\Tasks\FRAPS
2015-01-03 16:16 - 2015-01-03 16:16 - 00000876 _____ () C:\Users\Admin\Desktop\X-Motor Racing Launcher.lnk
2015-01-03 16:16 - 2015-01-03 16:16 - 00000831 _____ () C:\Users\Admin\Desktop\X-Motor Racing.lnk
2015-01-03 16:16 - 2015-01-03 16:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\X-Motor Racing Demo
2015-01-03 16:15 - 2015-01-03 16:15 - 00000000 ____D () C:\Games
2015-01-03 16:11 - 2015-01-03 16:14 - 220323599 _____ () C:\Users\Admin\Downloads\x-motor-racing.demo.v1.48.zip
2014-12-30 13:55 - 2014-12-30 13:55 - 00003909 _____ () C:\Users\Admin\Downloads\Transformers.Rise.of.the.Dark.Spark.save100.zip
2014-12-30 13:47 - 2014-12-30 13:47 - 00000000 ____H () C:\Users\Admin\Documents\Default.rdp
2014-12-29 18:53 - 2014-12-29 18:53 - 00000000 ____D () C:\Lohnkonto
2014-12-29 17:46 - 2014-12-29 17:46 - 00002860 _____ () C:\Users\Admin\Desktop\ToppKurierMA2014.csv
2014-12-29 17:42 - 2014-12-29 17:42 - 00004266 _____ () C:\Users\Admin\Desktop\MA2014.txt
2014-12-29 17:35 - 2014-12-29 19:12 - 00000000 ____D () C:\Users\Admin\elan2014
2014-12-29 17:34 - 2014-12-29 17:34 - 00001985 _____ () C:\Users\Admin\Desktop\REHADAT_Elan_2014.lnk
2014-12-29 17:34 - 2014-12-29 17:34 - 00000000 ____D () C:\Users\Admin\elan2014start
2014-12-29 17:34 - 2014-12-29 17:34 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\REHADAT_Elan_2014
2014-12-28 15:26 - 2014-12-28 15:26 - 00000000 ____D () C:\Users\Admin\AppData\Local\Skyrim
2014-12-28 08:06 - 2014-12-28 08:06 - 00000000 ____D () C:\Users\Admin\AppData\Local\techland
2014-12-27 21:21 - 2014-12-27 21:21 - 00000222 _____ () C:\Users\Admin\Desktop\Call of Juarez Gunslinger.url
2014-12-26 08:14 - 2014-12-26 08:14 - 00003886 _____ () C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2014-12-25 14:03 - 2015-01-08 18:54 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\QuickScan
2014-12-25 09:52 - 2014-12-25 09:52 - 00003090 _____ () C:\WINDOWS\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2819443126-392552937-1277417864-1001
2014-12-24 20:00 - 2014-12-24 20:00 - 00000222 _____ () C:\Users\Admin\Desktop\Next Car Game Wreckfest.url
2014-12-24 19:03 - 2014-12-24 19:03 - 00000000 ____D () C:\Users\Admin\AppData\Local\next car game technology sneak peek
2014-12-24 19:02 - 2014-12-24 19:02 - 11754447 _____ () C:\Users\Admin\Downloads\ncg_wallpapers.zip
2014-12-24 18:26 - 2014-12-24 19:00 - 00000222 _____ () C:\Users\Admin\Desktop\Next Car Game Sneak Peek 2.0.url
2014-12-24 12:15 - 2014-12-24 12:15 - 00000221 _____ () C:\Users\Admin\Desktop\Cogs.url
2014-12-24 11:39 - 2014-12-24 11:38 - 00000444 _____ () C:\Users\Admin\Desktop\Delivery report.ext
2014-12-22 19:50 - 2015-01-18 10:06 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2819443126-392552937-1277417864-1001
2014-12-22 19:44 - 2014-12-22 19:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Copa Petrobras de Marcas
2014-12-22 19:41 - 2014-12-22 20:20 - 00000000 ____D () C:\Marcas
2014-12-22 17:33 - 2014-12-22 17:34 - 06177829 _____ () C:\Users\Admin\Downloads\Helmet&Driver.rar
2014-12-22 17:33 - 2014-12-22 17:33 - 00534227 _____ (Reiza Studios Ltda. ) C:\Users\Admin\Downloads\Marcas_v102_Setup.exe
2014-12-22 12:40 - 2015-01-18 09:53 - 01214316 _____ () C:\WINDOWS\WindowsUpdate.log
2014-12-22 12:37 - 2015-01-18 10:07 - 00005124 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for ONEPC-Admin OnePC
2014-12-22 12:34 - 2014-12-22 12:34 - 00002772 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2014-12-22 12:34 - 2014-12-22 12:34 - 00000794 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-12-22 12:34 - 2014-12-22 12:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-12-22 12:34 - 2014-12-22 12:34 - 00000000 ____D () C:\Program Files\CCleaner
2014-12-22 12:30 - 2015-01-05 14:39 - 00000000 ____D () C:\Program Files (x86)\Panda Security
2014-12-22 12:30 - 2015-01-05 14:38 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Panda Security
2014-12-22 12:30 - 2014-12-22 12:31 - 04036200 _____ (Piriform Ltd) C:\Users\Admin\Downloads\ccsetup500_slim.exe
2014-12-22 12:29 - 2015-01-05 14:38 - 00000000 ____D () C:\ProgramData\Panda Security
2014-12-21 11:49 - 2014-12-21 11:49 - 00000222 _____ () C:\Users\Admin\Desktop\The Great War 1918.url
2014-12-21 11:46 - 2014-12-21 11:46 - 00001373 _____ () C:\Users\Admin\Desktop\The Great War 1918.lnk
2014-12-21 09:44 - 2014-12-21 09:44 - 00000222 _____ () C:\Users\Admin\Desktop\Company of Heroes (New Steam Version).url
2014-12-20 11:53 - 2014-12-25 13:17 - 00000022 _____ () C:\WINDOWS\GPU-Z.INI
2014-12-20 11:43 - 2014-12-20 11:43 - 00000000 ____D () C:\Program Files (x86)\Futuremark
2014-12-20 11:40 - 2014-12-20 11:41 - 02674688 _____ () C:\Users\Admin\Downloads\Futuremark_SystemInfo_v433_installer.msi
2014-12-20 11:40 - 2014-12-20 11:40 - 00000000 ____D () C:\Users\Admin\AppData\Local\Futuremark
2014-12-20 11:33 - 2014-12-20 11:33 - 00001176 _____ () C:\Users\Public\Desktop\3DMark.lnk
2014-12-20 11:33 - 2014-12-20 11:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Futuremark
2014-12-20 11:33 - 2014-12-20 11:33 - 00000000 ____D () C:\Program Files\Futuremark
2014-12-20 08:41 - 2014-12-20 08:41 - 00000975 _____ () C:\Users\Admin\Desktop\TechPowerUp GPU-Z.lnk
2014-12-20 08:41 - 2014-12-20 08:41 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TechPowerUp GPU-Z
2014-12-20 08:41 - 2014-12-20 08:41 - 00000000 ____D () C:\Program Files (x86)\GPU-Z
2014-12-20 08:40 - 2014-12-20 08:40 - 01577464 _____ ( ) C:\Users\Admin\Downloads\cpu-z_1.71.1-setup-en.exe
2014-12-20 08:09 - 2014-12-20 08:09 - 00001098 _____ () C:\Users\Admin\Desktop\MSI Afterburner.lnk
2014-12-20 08:08 - 2014-12-20 08:08 - 00000000 ____D () C:\Users\Admin\Downloads\MSIAfterburnerSetup400
2014-12-19 13:00 - 2015-01-03 08:38 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\vlc

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-18 10:10 - 2013-06-04 18:18 - 00000000 ____D () C:\Users\Admin\AppData\Local\CrashDumps
2015-01-18 09:59 - 2013-09-30 05:14 - 01780344 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-01-18 09:59 - 2013-09-30 04:58 - 00766800 _____ () C:\WINDOWS\system32\perfh007.dat
2015-01-18 09:59 - 2013-09-30 04:58 - 00160082 _____ () C:\WINDOWS\system32\perfc007.dat
2015-01-18 09:59 - 2013-08-04 19:03 - 00000000 ____D () C:\ProgramData\Origin
2015-01-18 09:57 - 2014-09-28 09:25 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Raptr
2015-01-18 09:56 - 2013-11-03 10:49 - 00001126 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-18 09:56 - 2013-11-03 07:37 - 00000000 ____D () C:\Fraps
2015-01-18 09:56 - 2013-06-04 07:27 - 00000000 __RDO () C:\Users\Admin\SkyDrive
2015-01-18 09:53 - 2014-11-28 10:25 - 32799773 _____ () C:\Simraceway.log
2015-01-18 09:53 - 2013-11-03 10:49 - 00001130 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-18 09:53 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-18 09:52 - 2013-08-22 14:25 - 00786432 ___SH () C:\WINDOWS\system32\config\BBI
2015-01-18 09:24 - 2013-11-03 16:46 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-01-18 09:03 - 2014-08-03 04:32 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\StormFall
2015-01-18 08:47 - 2013-10-23 15:32 - 00000000 ____D () C:\Users\Admin
2015-01-18 08:45 - 2014-11-26 09:05 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\RHEng
2015-01-18 08:45 - 2014-10-21 11:59 - 00000000 ____D () C:\ProgramData\Netzmanager
2015-01-18 08:45 - 2014-10-20 16:39 - 00000000 ____D () C:\Users\Mcx1-ONEPC
2015-01-18 08:45 - 2014-10-11 15:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotspot Shield
2015-01-18 08:45 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\registration
2015-01-18 08:45 - 2013-06-03 18:27 - 00000000 ____D () C:\WINDOWS\tmpdrv
2015-01-18 08:38 - 2014-04-13 13:41 - 00000132 _____ () C:\Users\Admin\AppData\Local\killertool.log
2015-01-18 07:25 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-01-18 07:19 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-01-17 09:48 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\IME
2015-01-17 09:20 - 2014-08-26 16:37 - 00000000 ____D () C:\Users\Admin\Desktop\Neues Verzeichnis
2015-01-17 09:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-01-17 08:39 - 2013-06-20 18:11 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\TeamViewer
2015-01-16 08:53 - 2013-12-28 10:24 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2015-01-15 15:28 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-01-15 06:09 - 2014-01-17 15:30 - 00000000 ____D () C:\WINDOWS\Minidump
2015-01-14 19:27 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-01-14 19:23 - 2013-06-27 19:03 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\TS3Client
2015-01-14 10:34 - 2013-07-12 17:28 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-14 10:31 - 2013-06-03 19:18 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-01-13 21:46 - 2013-06-04 07:07 - 00000000 ____D () C:\ProgramData\Lexware
2015-01-13 19:24 - 2013-11-03 16:46 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-01-13 18:25 - 2014-02-11 16:50 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\apsec
2015-01-13 08:17 - 2014-08-19 15:45 - 00000000 ____D () C:\Users\Admin\AppData\Local\Adobe
2015-01-13 07:07 - 2014-12-02 10:55 - 00000000 ____D () C:\Users\Admin\Documents\The Crew
2015-01-13 07:07 - 2014-03-01 12:42 - 00000000 ____D () C:\Users\Admin\Documents\DayZ
2015-01-13 07:07 - 2013-09-26 18:04 - 00000000 ____D () C:\Users\Admin\Documents\Arma 3
2015-01-12 20:56 - 2013-06-03 18:14 - 00000000 ____D () C:\Users\Admin\AppData\Local\Packages
2015-01-10 16:31 - 2013-06-27 08:14 - 00000000 ____D () C:\Users\Admin\Documents\Outlook-Dateien
2015-01-07 08:35 - 2014-06-03 10:45 - 01291280 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2015-01-07 08:35 - 2014-04-08 20:01 - 02210224 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2015-01-07 08:34 - 2014-06-03 10:45 - 01715408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2015-01-07 08:34 - 2014-04-08 20:01 - 02824504 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2015-01-06 01:08 - 2013-08-22 16:38 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-01-06 01:08 - 2013-08-22 16:38 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-05 14:39 - 2014-12-17 22:00 - 00000000 ____D () C:\WINDOWS\SysWOW64\NV
2015-01-05 14:39 - 2014-12-17 22:00 - 00000000 ____D () C:\WINDOWS\system32\NV
2015-01-05 14:39 - 2013-08-22 15:44 - 00500104 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-01-05 14:34 - 2013-08-04 19:05 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Origin
2015-01-04 19:49 - 2014-07-29 13:47 - 00000000 ____D () C:\Users\Admin\Desktop\Alte Firefox-Daten
2015-01-03 08:22 - 2013-08-22 16:36 - 00000000 __RHD () C:\Users\Public\Libraries
2014-12-31 12:14 - 2013-06-03 19:24 - 00298120 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2014-12-31 11:31 - 2013-11-30 13:20 - 00000000 ____D () C:\Users\Admin\Documents\SimCity
2014-12-28 11:52 - 2013-06-04 16:16 - 00000000 ____D () C:\Users\Admin\Documents\my games
2014-12-28 09:27 - 2013-08-26 18:03 - 00000000 ____D () C:\Users\Admin\Documents\4A Games
2014-12-27 21:21 - 2013-06-05 20:49 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-12-25 10:02 - 2014-10-05 11:21 - 00007602 _____ () C:\Users\Admin\AppData\Local\Resmon.ResmonCfg
2014-12-25 09:49 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\schemas
2014-12-25 07:33 - 2013-07-07 18:47 - 00000000 ____D () C:\Users\Admin\AppData\Local\4A Games
2014-12-23 20:23 - 2014-04-21 10:25 - 00000000 ____D () C:\Users\Admin\Downloads\recuva 8gb stick
2014-12-23 06:55 - 2013-09-12 07:56 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-12-22 12:49 - 2014-11-12 10:36 - 27590656 _____ () C:\WINDOWS\system32\vmguest.iso
2014-12-22 12:18 - 2013-11-17 08:59 - 00015512 _____ () C:\Users\Admin\Downloads\hijackthis.log
2014-12-22 12:15 - 2013-11-17 09:04 - 00000000 ____D () C:\Users\Admin\Downloads\backups
2014-12-21 08:24 - 2013-06-22 13:07 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\.rFactor
2014-12-21 08:03 - 2013-06-20 18:05 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\rFactor 2
2014-12-20 19:56 - 2014-12-02 10:55 - 00000000 ____D () C:\Users\Admin\Documents\ProfileCache
2014-12-20 18:31 - 2014-08-26 16:52 - 00000000 ____D () C:\Program Files (x86)\RivaTuner Statistics Server
2014-12-20 11:57 - 2013-08-25 15:25 - 00000000 ____D () C:\Users\Admin\Documents\3DMark
2014-12-20 11:33 - 2013-10-04 13:33 - 00000000 ____D () C:\ProgramData\Package Cache
2014-12-20 08:40 - 2014-07-15 15:20 - 00000845 _____ () C:\Users\Public\Desktop\CPUID CPU-Z.lnk
2014-12-20 08:09 - 2013-11-03 07:59 - 00000000 ____D () C:\WINDOWS\SysWOW64\directx
2014-12-20 08:09 - 2013-11-03 07:59 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner
2014-12-20 08:09 - 2013-11-03 07:59 - 00000000 ____D () C:\Program Files (x86)\MSI Afterburner
2014-12-20 06:40 - 2014-12-15 22:52 - 00000000 ____D () C:\Users\Admin\Documents\Assetto Corsa
2014-12-19 18:04 - 2014-10-05 09:33 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Simraceway
2014-12-19 13:00 - 2014-07-14 06:12 - 00001082 _____ () C:\Users\Public\Desktop\VLC media player.lnk

==================== Files in the root of some directories =======
2014-07-05 19:34 - 2014-07-06 05:11 - 0000154 _____ () C:\Users\Admin\AppData\Roaming\Rim.Desktop.Exception.log
2014-07-05 19:34 - 2014-11-28 10:20 - 0001937 _____ () C:\Users\Admin\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2014-07-05 19:34 - 2014-07-06 05:11 - 0000154 _____ () C:\Users\Admin\AppData\Roaming\Rim.DesktopHelper.Exception.log
2014-04-13 13:44 - 2014-10-23 09:10 - 0000000 _____ () C:\Users\Admin\AppData\Local\BluetoothPresent.flag
2014-04-13 13:44 - 2014-10-23 09:10 - 0000000 _____ () C:\Users\Admin\AppData\Local\Driver_Jupiter_01Present.flag
2014-04-13 13:44 - 2014-10-23 09:10 - 0000000 _____ () C:\Users\Admin\AppData\Local\Driver_LOM_8161Present.flag
2014-11-09 07:59 - 2014-11-09 08:00 - 0318088 _____ () C:\Users\Admin\AppData\Local\HDGraph.log
2014-04-13 13:41 - 2015-01-18 08:38 - 0000132 _____ () C:\Users\Admin\AppData\Local\killertool.log
2014-01-04 17:12 - 2014-11-10 16:33 - 0000600 _____ () C:\Users\Admin\AppData\Local\PUTTY.RND
2014-10-05 11:21 - 2014-12-25 10:02 - 0007602 _____ () C:\Users\Admin\AppData\Local\Resmon.ResmonCfg
2013-09-09 14:29 - 2013-09-09 14:29 - 0000057 _____ () C:\ProgramData\Ament.ini

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-18 10:06

==================== End Of Log ============================
         
--- --- ---

--- --- ---

Geändert von andto (18.01.2015 um 09:49 Uhr) Grund: auf der Suche nach dem Störer ;)

Alt 18.01.2015, 15:06   #8
schrauber
/// the machine
/// TB-Ausbilder
 

nur Laptop sendet Dos Attacke Syn und UDP Flood an Router W921v - Standard

nur Laptop sendet Dos Attacke Syn und UDP Flood an Router W921v



Ich habs mal dem Entwickler gemeldet.



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 18.01.2015, 17:03   #9
andto
 
nur Laptop sendet Dos Attacke Syn und UDP Flood an Router W921v - Standard

nur Laptop sendet Dos Attacke Syn und UDP Flood an Router W921v



der hotspotroutingtreiber hssdrv6.sys muss bleiben da sonst das Internet nicht mehr funktioniert oder ersetzt werden. Kenn aber den Hintergrund nicht. Treiber sind alle da aber es verbindet sich dann eben nicht... aktuell ist er drauf aber den taphss6.sys hab ich umbenannt und belassen, könnt ihn ohne Problem auch löschen.

Code:
ATTFilter
 Results of screen317's Security Check version 0.99.93  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Windows Defender   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 iSpy     
 Call of Duty: Ghosts - Multiplayer 
 Java 7 Update 67  
 Java 8 Update 25  
 Java version 32-bit out of Date! 
 Adobe Flash Player 	16.0.0.257  
 Adobe Reader XI  
 Mozilla Firefox (34.0.5) 
 Mozilla Thunderbird 17.0.6 Thunderbird out of Date!  
````````Process Check: objlist.exe by Laurent````````  
 Windows Defender MSMpEng.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````
         

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-01-2015
Ran by Admin (administrator) on ONEPC on 18-01-2015 17:01:38
Running from C:\Users\Admin\Downloads
Loaded Profiles: Admin (Available profiles: Admin & Mcx1-ONEPC)
Platform: Windows 8.1 Pro with Media Center (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
() C:\Program Files (x86)\Common Files\Nokia\ADUService\ADUService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(iRacing.com Motorsport Simulations, LLC
Bedford, MA 01730) D:\Program Files (x86)\iRacing\iRacingService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe
(Deutsche Telekom AG) C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Qualcomm Atheros) C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe
() C:\Program Files (x86)\SimracewayUpdater\SRWUpdate.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Beepa P/L) C:\Fraps\fraps.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
() C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
(Deutsche Telekom AG) C:\Program Files\Netzmanager\netzmanager.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Common Files\Lexware\Internettransfer\LxTrans.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Lexware\Update Manager\LxUpdateManager.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe
(Geek Software GmbH) D:\Program Files (x86)\PDF24\pdf24.exe
(Mischel Internet Security) C:\Program Files (x86)\TrojanHunter 5.6\THGuard.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe
(Beepa P/L) C:\Fraps\fraps64.dat
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
() C:\Users\Admin\Downloads\SecurityCheck.exe
() C:\Users\Admin\Desktop\SecurityCheck.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(ESET) C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe
() C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\msosync.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-13] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531984 2015-01-07] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-01] (Intel Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [TransferManager] => C:\Program Files (x86)\Common Files\Lexware\Internettransfer\LxTrans.exe [444928 2014-06-29] (Haufe-Lexware GmbH & Co. KG)
HKLM-x32\...\Run: [LexwareInfoService] => C:\Program Files (x86)\Lexware\Update Manager\LxUpdateManager.exe [208424 2014-06-03] (Haufe-Lexware GmbH & Co. KG)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2014-12-08] (Raptr, Inc)
HKLM-x32\...\Run: [PDFPrint] => d:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH)
HKLM-x32\...\Run: [THGuard] => C:\Program Files (x86)\TrojanHunter 5.6\THGuard.exe [1081808 2014-07-30] (Mischel Internet Security)
HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\Run: [SkyDrive] => C:\Users\Admin\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [277672 2014-10-09] (Microsoft Corporation)
HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\Run: [EADM] => d:\Program Files (x86)\Origin\Origin.exe [3618648 2014-12-19] (Electronic Arts)
HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\Run: [Prime95] => C:\Users\Admin\Downloads\p95v285.win64\prime95.exe [36363264 2014-05-30] ()
HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7063832 2014-11-21] (Piriform Ltd)
HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\Run: [PeerGuardian] => C:\Program Files (x86)\PeerGuardian2\pg2.exe [1421824 2005-09-18] (Methlabs)
HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\MountPoints2: {0d48a496-850f-11e3-becb-a417319ede24} - "G:\setup_vmc_lite.exe" /checkApplicationPresence
HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\MountPoints2: {78f8706e-00e8-11e4-bf2b-a417319ede24} - "C:\WINDOWS\system32\RunDLL32.EXE" Shell32.DLL,ShellExec_RunDLL F:\start.exe
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => "D:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [178632 2014-12-13] (NVIDIA Corporation)
AppInit_DLLs: , C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [178632 2014-12-13] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [165760 2014-12-13] (NVIDIA Corporation)
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk
ShortcutTarget: Netzmanager.lnk -> C:\Program Files\Netzmanager\netzmanager.exe (Deutsche Telekom AG)
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - .lnk
ShortcutTarget: Tintenwarnungen überwachen - .lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet Pro 8600 (Netzwerk).lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet Pro 8600 (Netzwerk).lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk
ShortcutTarget: Killer Network Manager.lnk -> C:\Windows\Installer\{2D7BDE37-83EC-438A-9E1F-A610594DD358}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe (Flexera Software LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SRW Download Manager.lnk
ShortcutTarget: SRW Download Manager.lnk -> C:\IgniteGT\Simraceway\SRWAgent.exe (IgniteGT)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2819443126-392552937-1277417864-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {3746422E-4692-4429-9698-E3EB34FE07BC} hxxp://192.168.1.9:88/FSIPCam.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {960DC750-7447-4CDE-BF1C-FB33F9129654} hxxp://192.168.1.9:5000/webman/3rdparty/SurveillanceStation/object/SSObject3.cab?6.1-2909
DPF: HKLM-x32 {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} hxxp://192.168.1.117/codebase/DVM_IPCam2.ocx
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com/bin/srldetect_intel_4.5.24.0.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mpiofm0i.default-1406638029815
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @IPCWebComponents -> C:\Program Files (x86)\IPCWebComponents\npIPCReg.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: synology.com/SurveillanceHelper -> C:\Program Files (x86)\Synology\SurveillanceHelper\1.0.0.3\npSurveillanceHelper.dll (Synology)
FF Plugin-x32: synology.com/SurveillancePlugin -> C:\Program Files (x86)\Synology\SurveillancePlugin\1.0.0.423\npSurveillancePlugin.dll (Synology)
FF Plugin HKU\S-1-5-21-2819443126-392552937-1277417864-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Admin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2819443126-392552937-1277417864-1001: hp.com/HPDetect -> C:\Users\Admin\AppData\Roaming\HewlettPackard\HPDetect\1.0.0.0\npHPDetect.dll (HP)
FF Plugin HKU\S-1-5-21-2819443126-392552937-1277417864-1001: synology.com/SSWebPlugin -> C:\Users\Admin\AppData\Roaming\Synology\SSWebPlugin\1.0.0.39\npSSWebPlugin.dll (Synology)
FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mpiofm0i.default-1406638029815\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mpiofm0i.default-1406638029815\searchplugins\google-maps.xml
FF Extension: npIpcam - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mpiofm0i.default-1406638029815\Extensions\npapi@n.com [2014-08-23]
FF Extension: Bitdefender QuickScan - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mpiofm0i.default-1406638029815\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2014-12-25]
FF Extension: {4bca6f1e-1ab9-44ff-9461-67bd2fbe7039} - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mpiofm0i.default-1406638029815\Extensions\{4bca6f1e-1ab9-44ff-9461-67bd2fbe7039}.xpi [2014-11-09]
FF Extension: Adblock Plus - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mpiofm0i.default-1406638029815\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-21]
FF Extension: Hotspot Shield Extension - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afproxy@anchorfree.com [2015-01-18]
FF HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mpiofm0i.default-1406638029815\extensions\cliqz@cliqz.com

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [ocbnpbkmjpgbdcgiflkgkpnkinifpgpj] - C:\Users\Admin\ChromeExtensions\ocbnpbkmjpgbdcgiflkgkpnkinifpgpj\amazon-icon-2.crx [2014-11-08]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ADUServiceNSRT; C:\Program Files (x86)\Common Files\Nokia\ADUService\ADUService.exe [100984 2014-06-26] () [File not signed]
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [448384 2014-12-03] ()
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [614624 2014-12-10] (Futuremark)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2015-01-07] (NVIDIA Corporation)
R2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [1876816 2015-01-15] (SurfRight B.V.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [318568 2014-10-03] (Intel Corporation)
R2 iRacingService; D:\Program Files (x86)\iRacing\iRacingService.exe [798840 2015-01-13] (iRacing.com Motorsport Simulations, LLC
Bedford, MA 01730)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-09-17] (Intel Corporation)
R2 Lexware_Update_Service; C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe [62504 2014-06-26] (Haufe-Lexware GmbH & Co. KG)
R2 Netzmanager Service; C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe [2635776 2012-07-20] (Deutsche Telekom AG) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2015-01-07] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19822736 2015-01-07] (NVIDIA Corporation)
S3 Origin Client Service; D:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2014-12-19] (Electronic Arts)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2014-06-13] ()
R2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [387584 2014-09-19] (Qualcomm Atheros) [File not signed]
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3275728 2014-06-24] (Paramount Software UK Ltd)
R2 Simraceway Update Service; C:\Program Files (x86)\SimracewayUpdater\SRWUpdate.exe [1630720 2013-07-11] () [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
S2 Micro Star SCM; C:\WINDOWS\SysWOW64\MSIService.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3905536 2014-08-22] (Qualcomm Atheros Communications, Inc.)
R1 BfLwf; C:\Windows\system32\DRIVERS\bwcW8x64.sys [97968 2014-09-11] (Qualcomm Atheros, Inc.)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R2 hmpalert; C:\Windows\System32\drivers\hmpalert.sys [93144 2015-01-15] ()
R1 HssDRV6; C:\Windows\system32\DRIVERS\hssdrv6.sys [44744 2014-05-17] (AnchorFree Inc.)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115448 2013-11-21] (EZB Systems, Inc.)
R3 Ke2200; C:\Windows\system32\DRIVERS\e22w8x64.sys [130224 2014-03-27] (Qualcomm Atheros, Inc.)
S3 massfilter; C:\Windows\System32\drivers\massfilter.sys [11776 2009-04-09] (ZTE Incorporated) [File not signed]
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-18] (Malwarebytes Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [4263936 2013-06-03] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-01-07] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S3 pwdrvio; C:\WINDOWS\system32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [12504 2013-09-30] ()
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [79872 2013-12-02] (BlackBerry Limited)
S3 rimvndis; C:\Windows\System32\Drivers\rimvndis6_AMD64.sys [17920 2014-06-23] (Research in Motion Limited)
S3 RimVSerPort; C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
S3 SjtWinIo; C:\Windows\System32\drivers\SjtWinIo.sys [9216 2014-08-26] (SpeedJet Technology INC.)
R3 TelekomNM6; C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys [45664 2010-09-16] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)
S3 UHSfiltv; C:\Windows\system32\drivers\UHSfiltv.sys [23552 2012-09-12] (Creative Technology Ltd.) [File not signed]
S3 usbrndis6; C:\Windows\system32\DRIVERS\usb80236.sys [20992 2013-08-22] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 AthBTPort; \SystemRoot\system32\DRIVERS\btath_flt.sys [X]
S3 BTATH_A2DP; \SystemRoot\system32\drivers\btath_a2dp.sys [X]
S3 btath_avdt; \SystemRoot\system32\drivers\btath_avdt.sys [X]
S3 BTATH_BUS; \SystemRoot\System32\drivers\btath_bus.sys [X]
S3 BTATH_HCRP; \SystemRoot\System32\drivers\btath_hcrp.sys [X]
S3 BTATH_LWFLT; \SystemRoot\system32\DRIVERS\btath_lwflt.sys [X]
S3 BTATH_RCP; \SystemRoot\System32\drivers\btath_rcp.sys [X]
S3 cpuz138; \??\C:\WINDOWS\TEMP\cpuz138\cpuz138_x64.sys [X]
S3 GPUZ; \??\C:\WINDOWS\TEMP\GPUZ.sys [X]
S3 hitmanpro37; \??\C:\WINDOWS\system32\drivers\hitmanpro37.sys [X]
S3 pxldapoc; \??\C:\Users\Admin\AppData\Local\Temp\pxldapoc.sys [X]
S3 taphss6; \SystemRoot\system32\DRIVERS\taphss6.sys [X]
S3 VMSMP; \SystemRoot\system32\DRIVERS\vmswitch.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-18 16:42 - 2015-01-18 16:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-18 16:27 - 2015-01-18 16:14 - 00852504 _____ () C:\Users\Admin\Desktop\SecurityCheck.exe
2015-01-18 16:14 - 2015-01-18 16:14 - 00852504 _____ () C:\Users\Admin\Downloads\SecurityCheck.exe
2015-01-18 16:09 - 2015-01-18 16:09 - 02347384 _____ (ESET) C:\Users\Admin\Downloads\esetsmartinstaller_deu(3).exe
2015-01-18 10:11 - 2015-01-18 10:11 - 00000000 ____D () C:\Users\Admin\Downloads\FRST-OlderVersion
2015-01-18 09:40 - 2015-01-18 09:40 - 00002251 _____ () C:\Users\Admin\Desktop\JRT.txt
2015-01-18 09:34 - 2015-01-18 09:34 - 01707939 _____ (Thisisu) C:\Users\Admin\Downloads\JRT.exe
2015-01-18 09:34 - 2015-01-18 09:34 - 00000000 ____D () C:\WINDOWS\ERUNT
2015-01-18 09:31 - 2015-01-18 09:31 - 02186752 _____ () C:\Users\Admin\Downloads\AdwCleaner_4.108(1).exe
2015-01-18 09:18 - 2015-01-18 09:39 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-01-18 09:18 - 2015-01-18 09:18 - 00001114 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-01-18 09:18 - 2015-01-18 09:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-01-18 09:18 - 2015-01-18 09:18 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-01-18 09:18 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-01-18 09:18 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-01-18 09:18 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-01-18 09:10 - 2015-01-18 09:11 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Admin\Downloads\mbam-setup-2.0.4.1028(1).exe
2015-01-18 09:00 - 2015-01-18 09:00 - 00000000 ____D () C:\WINDOWS\LastGood
2015-01-18 08:52 - 2014-08-22 09:00 - 03905536 _____ (Qualcomm Atheros Communications, Inc.) C:\WINDOWS\system32\Drivers\athwbx.sys
2015-01-18 08:34 - 2015-01-18 08:34 - 00000000 ____D () C:\Dell
2015-01-18 07:30 - 2015-01-18 07:30 - 00000000 ____D () C:\WINDOWS\LastGood.Tmp
2015-01-18 07:26 - 2015-01-18 07:26 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Synaptics
2015-01-18 07:21 - 2015-01-18 08:23 - 00029758 _____ () C:\WINDOWS\DPINST.LOG
2015-01-18 07:21 - 2015-01-18 07:21 - 00001342 _____ () C:\WINDOWS\Synaptics.log
2015-01-18 07:21 - 2015-01-18 07:21 - 00000000 ____D () C:\Program Files\Synaptics
2015-01-18 07:10 - 2015-01-18 07:10 - 00003707 _____ () C:\Users\Admin\Desktop\AdwCleaner[S0].txt
2015-01-18 07:04 - 2015-01-18 07:04 - 00001220 _____ () C:\Users\Admin\Desktop\Malwarebytes Anti-Malware180120150700.txt
2015-01-18 06:50 - 2015-01-18 09:02 - 00001280 _____ () C:\Users\Admin\Desktop\Revo Uninstaller.lnk
2015-01-18 06:50 - 2015-01-18 09:02 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-01-18 06:50 - 2015-01-18 06:50 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Admin\Downloads\revosetup95.exe
2015-01-17 13:14 - 2015-01-18 14:53 - 00000000 ____D () C:\AdwCleaner
2015-01-17 13:14 - 2015-01-17 13:14 - 02186752 _____ () C:\Users\Admin\Downloads\AdwCleaner_4.108.exe
2015-01-17 13:12 - 2015-01-17 13:12 - 00380416 _____ () C:\Users\Admin\Downloads\dsz5321w.exe
2015-01-17 12:42 - 2015-01-17 13:05 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-01-17 12:41 - 2015-01-17 13:05 - 00000000 ____D () C:\Users\Admin\Desktop\mbar
2015-01-17 12:40 - 2015-01-17 12:41 - 16448208 _____ (Malwarebytes Corp.) C:\Users\Admin\Downloads\mbar-1.08.2.1001.exe
2015-01-17 12:17 - 2015-01-17 12:17 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-01-17 12:16 - 2015-01-17 12:16 - 02347384 _____ (ESET) C:\Users\Admin\Downloads\esetsmartinstaller_deu(2).exe
2015-01-17 12:08 - 2015-01-17 12:08 - 00013401 _____ () C:\Users\Admin\Downloads\gmerversion2018444.log
2015-01-17 09:48 - 2015-01-18 12:41 - 00004036 _____ () C:\WINDOWS\PFRO.log
2015-01-17 09:47 - 2015-01-17 09:47 - 00009952 _____ () C:\Users\Admin\Desktop\malwarebytestestversion2041028.txt
2015-01-17 09:45 - 2015-01-17 09:45 - 00365568 _____ () C:\Users\Admin\Downloads\gmer-2.0.18444.exe
2015-01-17 09:38 - 2015-01-17 09:38 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Admin\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-17 09:32 - 2015-01-17 09:32 - 00085001 _____ () C:\Users\Admin\Desktop\Resultminitoolbox.txt
2015-01-17 09:31 - 2015-01-17 09:32 - 00084965 _____ () C:\Users\Admin\Downloads\Result.txt
2015-01-17 09:31 - 2015-01-17 09:31 - 00401920 _____ (Farbar) C:\Users\Admin\Downloads\MiniToolBox.exe
2015-01-17 09:23 - 2015-01-17 09:23 - 00126319 _____ () C:\Users\Admin\Downloads\Shortcut.txt
2015-01-17 09:21 - 2015-01-17 09:21 - 00049295 _____ () C:\Users\Admin\Desktop\FRST.txt
2015-01-17 08:49 - 2015-01-17 08:49 - 00380416 _____ () C:\Users\Admin\Downloads\Gmer-19357.exe
2015-01-17 08:44 - 2015-01-18 17:01 - 00024861 _____ () C:\Users\Admin\Downloads\FRST.txt
2015-01-17 08:44 - 2015-01-18 17:01 - 00000000 ____D () C:\FRST
2015-01-17 08:44 - 2015-01-17 09:23 - 00060300 _____ () C:\Users\Admin\Downloads\Addition.txt
2015-01-17 08:43 - 2015-01-18 10:11 - 02126336 _____ (Farbar) C:\Users\Admin\Downloads\FRST64.exe
2015-01-17 08:43 - 2015-01-18 10:09 - 00000472 _____ () C:\Users\Admin\Downloads\defogger_disable.log
2015-01-17 08:43 - 2015-01-17 08:43 - 00050477 _____ () C:\Users\Admin\Downloads\Defogger.exe
2015-01-17 08:43 - 2015-01-17 08:43 - 00000000 _____ () C:\Users\Admin\defogger_reenable
2015-01-16 17:10 - 2015-01-16 17:10 - 00000000 ____D () C:\Users\Admin\Downloads\TcpView-3.05
2015-01-16 17:09 - 2015-01-16 17:09 - 01179936 _____ () C:\Users\Admin\Downloads\TCPView - CHIP-Installer.exe
2015-01-16 17:09 - 2015-01-16 17:09 - 00291606 _____ () C:\Users\Admin\Downloads\TcpView-3.05.zip
2015-01-16 14:41 - 2015-01-16 14:41 - 00003657 _____ () C:\Users\Admin\Desktop\virenverdachtdatei.txt
2015-01-16 08:41 - 2015-01-16 08:41 - 02347384 _____ (ESET) C:\Users\Admin\Downloads\esetsmartinstaller_deu(1).exe
2015-01-15 06:14 - 2015-01-18 15:44 - 00000000 ____D () C:\WINDOWS\CryptoGuard
2015-01-15 06:14 - 2015-01-17 08:12 - 00000000 ____D () C:\Program Files (x86)\HitmanPro.Alert
2015-01-15 06:14 - 2015-01-15 06:37 - 00548424 _____ (SurfRight) C:\WINDOWS\system32\hmpalert.dll
2015-01-15 06:14 - 2015-01-15 06:37 - 00477008 _____ (SurfRight) C:\WINDOWS\SysWOW64\hmpalert.dll
2015-01-15 06:14 - 2015-01-15 06:37 - 00093144 _____ () C:\WINDOWS\system32\Drivers\hmpalert.sys
2015-01-15 06:14 - 2015-01-15 06:14 - 01889616 _____ (SurfRight B.V.) C:\Users\Admin\Downloads\hmpalert.exe
2015-01-15 06:14 - 2015-01-15 06:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro.Alert
2015-01-15 06:14 - 2015-01-15 06:14 - 00000000 ____D () C:\ProgramData\HitmanPro.Alert
2015-01-15 06:09 - 2015-01-15 06:09 - 00319536 _____ () C:\WINDOWS\Minidump\011515-10203-01.dmp
2015-01-15 06:08 - 2015-01-15 06:08 - 1604350282 _____ () C:\WINDOWS\MEMORY.DMP
2015-01-15 05:52 - 2015-01-15 05:52 - 00012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe
2015-01-15 05:52 - 2015-01-15 05:52 - 00000856 _____ () C:\WINDOWS\system32\.crusader
2015-01-15 05:52 - 2015-01-15 05:52 - 00000142 _____ () C:\WINDOWS\system32\bootdelete.lst
2015-01-14 20:20 - 2015-01-14 20:22 - 00000000 ____D () C:\Program Files (x86)\TrojanHunter 5.6
2015-01-14 20:20 - 2015-01-14 20:20 - 00059392 ____R () C:\WINDOWS\SysWOW64\streamhlp.dll
2015-01-14 20:20 - 2015-01-14 20:20 - 00001097 _____ () C:\Users\Admin\Desktop\TrojanHunter.lnk
2015-01-14 20:20 - 2015-01-14 20:20 - 00000000 ____D () C:\ProgramData\TrojanHunter
2015-01-14 20:20 - 2015-01-14 20:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrojanHunter
2015-01-14 20:16 - 2015-01-14 20:16 - 00000949 _____ () C:\Users\Mcx1-ONEPC\Desktop\PeerGuardian.lnk
2015-01-14 20:16 - 2015-01-14 20:16 - 00000949 _____ () C:\Users\Admin\Desktop\PeerGuardian.lnk
2015-01-14 20:16 - 2015-01-14 20:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PeerGuardian 2
2015-01-14 20:16 - 2015-01-14 20:16 - 00000000 ____D () C:\Program Files (x86)\PeerGuardian2
2015-01-14 19:44 - 2015-01-14 19:45 - 02347384 _____ (ESET) C:\Users\Admin\Downloads\esetsmartinstaller_deu.exe
2015-01-14 19:44 - 2015-01-14 19:44 - 02209056 _____ () C:\Users\Admin\Downloads\avira-eu-cleaner_de.exe
2015-01-14 19:44 - 2015-01-14 19:44 - 00002072 _____ () C:\Users\Admin\Desktop\Entfernen des Avira EU-Cleaners.lnk
2015-01-14 19:44 - 2015-01-14 19:44 - 00002016 _____ () C:\Users\Admin\Desktop\Avira EU-Cleaner.lnk
2015-01-14 19:35 - 2015-01-15 05:52 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-01-14 19:35 - 2015-01-14 19:35 - 11225840 _____ (SurfRight B.V.) C:\Users\Admin\Downloads\hitmanpro_x64.exe
2015-01-14 19:28 - 2015-01-18 15:11 - 00006769 _____ () C:\WINDOWS\setupact.log
2015-01-14 19:28 - 2015-01-14 19:28 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-01-14 17:25 - 2014-04-16 00:35 - 00028352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
2015-01-14 17:25 - 2014-04-16 00:34 - 00029888 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2015-01-14 10:15 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-01-14 10:15 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-01-14 10:15 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-01-14 10:15 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-01-14 10:15 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-01-14 10:15 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-01-14 10:15 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-01-14 10:15 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-01-14 10:15 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-01-14 10:15 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-01-14 10:15 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-01-14 10:15 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-01-14 10:15 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-01-14 10:15 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-01-14 10:15 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-01-13 14:36 - 2015-01-13 14:41 - 00000000 ____D () C:\Users\Admin\Documents\InfiniteCrisis
2015-01-13 14:36 - 2015-01-13 14:36 - 00000000 ____D () C:\Users\Admin\AppData\Local\InfiniteCrisis
2015-01-13 08:17 - 2015-01-13 12:41 - 00000000 ____D () C:\Users\Admin\AppData\Local\Turbine
2015-01-13 08:08 - 2015-01-13 08:08 - 00000000 ____D () C:\ProgramData\Turbine
2015-01-13 07:17 - 2015-01-13 07:19 - 164623600 _____ () C:\Users\Admin\Desktop\InfiniteCrisisInstaller.exe
2015-01-10 12:50 - 2015-01-10 12:50 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2015-01-10 12:49 - 2015-01-10 12:50 - 05410368 _____ (Code Laboratories, Inc.) C:\Users\Admin\Downloads\CL-Eye-Driver-5.3.0.0341.exe
2015-01-10 12:42 - 2015-01-10 12:43 - 23535342 _____ () C:\Users\Admin\Downloads\ECam-V2_0_3_0.zip
2015-01-09 17:16 - 2015-01-09 17:50 - 2840363008 _____ () C:\Users\Admin\Downloads\Image_Windows7_32+64.iso
2015-01-05 14:30 - 2015-01-05 14:30 - 01923104 _____ (CTS Games Ltd. ) C:\Users\Admin\Downloads\szone_webinst.exe
2015-01-04 19:49 - 2015-01-18 14:23 - 00070144 ___SH () C:\Users\Admin\Desktop\Thumbs.db
2015-01-04 11:54 - 2015-01-18 15:36 - 00003132 _____ () C:\WINDOWS\System32\Tasks\FRAPS
2015-01-03 16:16 - 2015-01-03 16:16 - 00000876 _____ () C:\Users\Admin\Desktop\X-Motor Racing Launcher.lnk
2015-01-03 16:16 - 2015-01-03 16:16 - 00000831 _____ () C:\Users\Admin\Desktop\X-Motor Racing.lnk
2015-01-03 16:16 - 2015-01-03 16:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\X-Motor Racing Demo
2015-01-03 16:15 - 2015-01-03 16:15 - 00000000 ____D () C:\Games
2015-01-03 16:11 - 2015-01-03 16:14 - 220323599 _____ () C:\Users\Admin\Downloads\x-motor-racing.demo.v1.48.zip
2014-12-30 13:55 - 2014-12-30 13:55 - 00003909 _____ () C:\Users\Admin\Downloads\Transformers.Rise.of.the.Dark.Spark.save100.zip
2014-12-30 13:47 - 2014-12-30 13:47 - 00000000 ____H () C:\Users\Admin\Documents\Default.rdp
2014-12-29 18:53 - 2014-12-29 18:53 - 00000000 ____D () C:\Lohnkonto
2014-12-29 17:46 - 2014-12-29 17:46 - 00002860 _____ () C:\Users\Admin\Desktop\ToppKurierMA2014.csv
2014-12-29 17:42 - 2014-12-29 17:42 - 00004266 _____ () C:\Users\Admin\Desktop\MA2014.txt
2014-12-29 17:35 - 2014-12-29 19:12 - 00000000 ____D () C:\Users\Admin\elan2014
2014-12-29 17:34 - 2014-12-29 17:34 - 00001985 _____ () C:\Users\Admin\Desktop\REHADAT_Elan_2014.lnk
2014-12-29 17:34 - 2014-12-29 17:34 - 00000000 ____D () C:\Users\Admin\elan2014start
2014-12-29 17:34 - 2014-12-29 17:34 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\REHADAT_Elan_2014
2014-12-28 15:26 - 2014-12-28 15:26 - 00000000 ____D () C:\Users\Admin\AppData\Local\Skyrim
2014-12-28 08:06 - 2014-12-28 08:06 - 00000000 ____D () C:\Users\Admin\AppData\Local\techland
2014-12-27 21:21 - 2014-12-27 21:21 - 00000222 _____ () C:\Users\Admin\Desktop\Call of Juarez Gunslinger.url
2014-12-26 08:14 - 2014-12-26 08:14 - 00003886 _____ () C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2014-12-25 14:03 - 2015-01-08 18:54 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\QuickScan
2014-12-25 09:52 - 2014-12-25 09:52 - 00003090 _____ () C:\WINDOWS\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2819443126-392552937-1277417864-1001
2014-12-24 20:00 - 2014-12-24 20:00 - 00000222 _____ () C:\Users\Admin\Desktop\Next Car Game Wreckfest.url
2014-12-24 19:03 - 2014-12-24 19:03 - 00000000 ____D () C:\Users\Admin\AppData\Local\next car game technology sneak peek
2014-12-24 19:02 - 2014-12-24 19:02 - 11754447 _____ () C:\Users\Admin\Downloads\ncg_wallpapers.zip
2014-12-24 18:26 - 2014-12-24 19:00 - 00000222 _____ () C:\Users\Admin\Desktop\Next Car Game Sneak Peek 2.0.url
2014-12-24 12:15 - 2014-12-24 12:15 - 00000221 _____ () C:\Users\Admin\Desktop\Cogs.url
2014-12-24 11:39 - 2014-12-24 11:38 - 00000444 _____ () C:\Users\Admin\Desktop\Delivery report.ext
2014-12-22 19:50 - 2015-01-18 12:56 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2819443126-392552937-1277417864-1001
2014-12-22 17:33 - 2014-12-22 17:34 - 06177829 _____ () C:\Users\Admin\Downloads\Helmet&Driver.rar
2014-12-22 17:33 - 2014-12-22 17:33 - 00534227 _____ (Reiza Studios Ltda. ) C:\Users\Admin\Downloads\Marcas_v102_Setup.exe
2014-12-22 12:40 - 2015-01-18 15:21 - 01514677 _____ () C:\WINDOWS\WindowsUpdate.log
2014-12-22 12:37 - 2015-01-18 16:56 - 00005124 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for ONEPC-Admin OnePC
2014-12-22 12:34 - 2014-12-22 12:34 - 00002772 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2014-12-22 12:34 - 2014-12-22 12:34 - 00000794 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-12-22 12:34 - 2014-12-22 12:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-12-22 12:34 - 2014-12-22 12:34 - 00000000 ____D () C:\Program Files\CCleaner
2014-12-22 12:30 - 2015-01-05 14:39 - 00000000 ____D () C:\Program Files (x86)\Panda Security
2014-12-22 12:30 - 2015-01-05 14:38 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Panda Security
2014-12-22 12:30 - 2014-12-22 12:31 - 04036200 _____ (Piriform Ltd) C:\Users\Admin\Downloads\ccsetup500_slim.exe
2014-12-22 12:29 - 2015-01-05 14:38 - 00000000 ____D () C:\ProgramData\Panda Security
2014-12-21 11:49 - 2014-12-21 11:49 - 00000222 _____ () C:\Users\Admin\Desktop\The Great War 1918.url
2014-12-21 11:46 - 2014-12-21 11:46 - 00001373 _____ () C:\Users\Admin\Desktop\The Great War 1918.lnk
2014-12-21 09:44 - 2014-12-21 09:44 - 00000222 _____ () C:\Users\Admin\Desktop\Company of Heroes (New Steam Version).url
2014-12-20 11:53 - 2014-12-25 13:17 - 00000022 _____ () C:\WINDOWS\GPU-Z.INI
2014-12-20 11:43 - 2014-12-20 11:43 - 00000000 ____D () C:\Program Files (x86)\Futuremark
2014-12-20 11:40 - 2014-12-20 11:41 - 02674688 _____ () C:\Users\Admin\Downloads\Futuremark_SystemInfo_v433_installer.msi
2014-12-20 11:40 - 2014-12-20 11:40 - 00000000 ____D () C:\Users\Admin\AppData\Local\Futuremark
2014-12-20 11:33 - 2014-12-20 11:33 - 00001176 _____ () C:\Users\Public\Desktop\3DMark.lnk
2014-12-20 11:33 - 2014-12-20 11:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Futuremark
2014-12-20 11:33 - 2014-12-20 11:33 - 00000000 ____D () C:\Program Files\Futuremark
2014-12-20 08:41 - 2014-12-20 08:41 - 00000975 _____ () C:\Users\Admin\Desktop\TechPowerUp GPU-Z.lnk
2014-12-20 08:41 - 2014-12-20 08:41 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TechPowerUp GPU-Z
2014-12-20 08:41 - 2014-12-20 08:41 - 00000000 ____D () C:\Program Files (x86)\GPU-Z
2014-12-20 08:40 - 2014-12-20 08:40 - 01577464 _____ ( ) C:\Users\Admin\Downloads\cpu-z_1.71.1-setup-en.exe
2014-12-20 08:09 - 2014-12-20 08:09 - 00001098 _____ () C:\Users\Admin\Desktop\MSI Afterburner.lnk
2014-12-20 08:08 - 2014-12-20 08:08 - 00000000 ____D () C:\Users\Admin\Downloads\MSIAfterburnerSetup400
2014-12-19 13:00 - 2015-01-03 08:38 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\vlc

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-18 17:00 - 2014-07-29 06:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-18 16:34 - 2013-08-04 19:03 - 00000000 ____D () C:\ProgramData\Origin
2015-01-18 16:29 - 2013-11-03 10:49 - 00001130 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-18 16:24 - 2013-11-03 16:46 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-01-18 15:37 - 2014-09-28 09:25 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Raptr
2015-01-18 15:36 - 2013-11-03 10:49 - 00001126 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-18 15:36 - 2013-11-03 07:37 - 00000000 ____D () C:\Fraps
2015-01-18 15:36 - 2013-06-04 07:27 - 00000000 ___DO () C:\Users\Admin\SkyDrive
2015-01-18 15:18 - 2013-09-30 05:14 - 01780344 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-01-18 15:18 - 2013-09-30 04:58 - 00766800 _____ () C:\WINDOWS\system32\perfh007.dat
2015-01-18 15:18 - 2013-09-30 04:58 - 00160082 _____ () C:\WINDOWS\system32\perfc007.dat
2015-01-18 15:11 - 2014-11-28 10:25 - 32800283 _____ () C:\Simraceway.log
2015-01-18 15:11 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-18 15:10 - 2013-08-22 14:25 - 00786432 ___SH () C:\WINDOWS\system32\config\BBI
2015-01-18 11:25 - 2013-06-04 18:18 - 00000000 ____D () C:\Users\Admin\AppData\Local\CrashDumps
2015-01-18 11:16 - 2014-04-13 18:20 - 00000000 ____D () C:\Users\Admin\Documents\Garmin
2015-01-18 11:16 - 2014-04-13 18:19 - 00000000 ____D () C:\Program Files (x86)\Garmin
2015-01-18 11:16 - 2014-04-13 18:16 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Garmin
2015-01-18 11:16 - 2014-04-13 18:16 - 00000000 ____D () C:\Users\Admin\AppData\Local\Garmin
2015-01-18 11:16 - 2014-04-13 18:16 - 00000000 ____D () C:\ProgramData\Garmin
2015-01-18 11:16 - 2013-10-04 13:33 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-18 11:06 - 2014-11-15 10:45 - 00000000 ____D () C:\ProgramData\eMule
2015-01-18 10:56 - 2013-06-03 18:28 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-01-18 10:46 - 2013-10-23 15:32 - 00000000 ____D () C:\Users\Admin
2015-01-18 10:33 - 2014-10-21 11:59 - 00000000 ____D () C:\ProgramData\Netzmanager
2015-01-18 10:33 - 2014-10-20 16:39 - 00000000 ____D () C:\Users\Mcx1-ONEPC
2015-01-18 10:32 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\registration
2015-01-18 09:03 - 2014-08-03 04:32 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\StormFall
2015-01-18 08:45 - 2013-06-03 18:27 - 00000000 ____D () C:\WINDOWS\tmpdrv
2015-01-18 08:38 - 2014-04-13 13:41 - 00000132 _____ () C:\Users\Admin\AppData\Local\killertool.log
2015-01-18 07:25 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-01-18 07:19 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-01-17 09:48 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\IME
2015-01-17 09:20 - 2014-08-26 16:37 - 00000000 ____D () C:\Users\Admin\Desktop\Neues Verzeichnis
2015-01-17 09:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-01-17 08:39 - 2013-06-20 18:11 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\TeamViewer
2015-01-16 08:53 - 2013-12-28 10:24 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2015-01-15 15:28 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-01-15 06:09 - 2014-01-17 15:30 - 00000000 ____D () C:\WINDOWS\Minidump
2015-01-14 19:27 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-01-14 19:23 - 2013-06-27 19:03 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\TS3Client
2015-01-14 10:34 - 2013-07-12 17:28 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-14 10:31 - 2013-06-03 19:18 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-01-13 21:46 - 2013-06-04 07:07 - 00000000 ____D () C:\ProgramData\Lexware
2015-01-13 19:24 - 2013-11-03 16:46 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-01-13 18:25 - 2014-02-11 16:50 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\apsec
2015-01-13 08:17 - 2014-08-19 15:45 - 00000000 ____D () C:\Users\Admin\AppData\Local\Adobe
2015-01-13 07:07 - 2014-12-02 10:55 - 00000000 ____D () C:\Users\Admin\Documents\The Crew
2015-01-13 07:07 - 2014-03-01 12:42 - 00000000 ____D () C:\Users\Admin\Documents\DayZ
2015-01-13 07:07 - 2013-09-26 18:04 - 00000000 ____D () C:\Users\Admin\Documents\Arma 3
2015-01-12 20:56 - 2013-06-03 18:14 - 00000000 ____D () C:\Users\Admin\AppData\Local\Packages
2015-01-10 16:31 - 2013-06-27 08:14 - 00000000 ____D () C:\Users\Admin\Documents\Outlook-Dateien
2015-01-07 08:35 - 2014-06-03 10:45 - 01291280 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2015-01-07 08:35 - 2014-04-08 20:01 - 02210224 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2015-01-07 08:34 - 2014-06-03 10:45 - 01715408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2015-01-07 08:34 - 2014-04-08 20:01 - 02824504 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2015-01-06 01:08 - 2013-08-22 16:38 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-01-06 01:08 - 2013-08-22 16:38 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-05 14:39 - 2014-12-17 22:00 - 00000000 ____D () C:\WINDOWS\SysWOW64\NV
2015-01-05 14:39 - 2014-12-17 22:00 - 00000000 ____D () C:\WINDOWS\system32\NV
2015-01-05 14:39 - 2013-08-22 15:44 - 00500104 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-01-05 14:34 - 2013-08-04 19:05 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Origin
2015-01-04 19:49 - 2014-07-29 13:47 - 00000000 ____D () C:\Users\Admin\Desktop\Alte Firefox-Daten
2015-01-03 08:22 - 2013-08-22 16:36 - 00000000 __RHD () C:\Users\Public\Libraries
2014-12-31 12:14 - 2013-06-03 19:24 - 00298120 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2014-12-31 11:31 - 2013-11-30 13:20 - 00000000 ____D () C:\Users\Admin\Documents\SimCity
2014-12-28 11:52 - 2013-06-04 16:16 - 00000000 ____D () C:\Users\Admin\Documents\my games
2014-12-28 09:27 - 2013-08-26 18:03 - 00000000 ____D () C:\Users\Admin\Documents\4A Games
2014-12-27 21:21 - 2013-06-05 20:49 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-12-25 10:02 - 2014-10-05 11:21 - 00007602 _____ () C:\Users\Admin\AppData\Local\Resmon.ResmonCfg
2014-12-25 09:49 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\schemas
2014-12-25 07:33 - 2013-07-07 18:47 - 00000000 ____D () C:\Users\Admin\AppData\Local\4A Games
2014-12-23 20:23 - 2014-04-21 10:25 - 00000000 ____D () C:\Users\Admin\Downloads\recuva 8gb stick
2014-12-23 06:55 - 2013-09-12 07:56 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-12-22 12:49 - 2014-11-12 10:36 - 27590656 _____ () C:\WINDOWS\system32\vmguest.iso
2014-12-22 12:18 - 2013-11-17 08:59 - 00015512 _____ () C:\Users\Admin\Downloads\hijackthis.log
2014-12-22 12:15 - 2013-11-17 09:04 - 00000000 ____D () C:\Users\Admin\Downloads\backups
2014-12-21 08:24 - 2013-06-22 13:07 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\.rFactor
2014-12-21 08:03 - 2013-06-20 18:05 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\rFactor 2
2014-12-20 19:56 - 2014-12-02 10:55 - 00000000 ____D () C:\Users\Admin\Documents\ProfileCache
2014-12-20 18:31 - 2014-08-26 16:52 - 00000000 ____D () C:\Program Files (x86)\RivaTuner Statistics Server
2014-12-20 11:57 - 2013-08-25 15:25 - 00000000 ____D () C:\Users\Admin\Documents\3DMark
2014-12-20 08:40 - 2014-07-15 15:20 - 00000845 _____ () C:\Users\Public\Desktop\CPUID CPU-Z.lnk
2014-12-20 08:09 - 2013-11-03 07:59 - 00000000 ____D () C:\WINDOWS\SysWOW64\directx
2014-12-20 08:09 - 2013-11-03 07:59 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner
2014-12-20 08:09 - 2013-11-03 07:59 - 00000000 ____D () C:\Program Files (x86)\MSI Afterburner
2014-12-20 06:40 - 2014-12-15 22:52 - 00000000 ____D () C:\Users\Admin\Documents\Assetto Corsa
2014-12-19 18:04 - 2014-10-05 09:33 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Simraceway
2014-12-19 13:00 - 2014-07-14 06:12 - 00001082 _____ () C:\Users\Public\Desktop\VLC media player.lnk

==================== Files in the root of some directories =======
2014-07-05 19:34 - 2014-07-06 05:11 - 0000154 _____ () C:\Users\Admin\AppData\Roaming\Rim.Desktop.Exception.log
2014-07-05 19:34 - 2014-11-28 10:20 - 0001937 _____ () C:\Users\Admin\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2014-07-05 19:34 - 2014-07-06 05:11 - 0000154 _____ () C:\Users\Admin\AppData\Roaming\Rim.DesktopHelper.Exception.log
2014-04-13 13:44 - 2014-10-23 09:10 - 0000000 _____ () C:\Users\Admin\AppData\Local\BluetoothPresent.flag
2014-04-13 13:44 - 2014-10-23 09:10 - 0000000 _____ () C:\Users\Admin\AppData\Local\Driver_Jupiter_01Present.flag
2014-04-13 13:44 - 2014-10-23 09:10 - 0000000 _____ () C:\Users\Admin\AppData\Local\Driver_LOM_8161Present.flag
2014-11-09 07:59 - 2014-11-09 08:00 - 0318088 _____ () C:\Users\Admin\AppData\Local\HDGraph.log
2014-04-13 13:41 - 2015-01-18 08:38 - 0000132 _____ () C:\Users\Admin\AppData\Local\killertool.log
2014-01-04 17:12 - 2014-11-10 16:33 - 0000600 _____ () C:\Users\Admin\AppData\Local\PUTTY.RND
2014-10-05 11:21 - 2014-12-25 10:02 - 0007602 _____ () C:\Users\Admin\AppData\Local\Resmon.ResmonCfg
2013-09-09 14:29 - 2013-09-09 14:29 - 0000057 _____ () C:\ProgramData\Ament.ini

Some content of TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\917b0b87-3358-4e79-93de-3dfc2fc99ed0.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-18 15:22

==================== End Of Log ============================
         
--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-01-2015
Ran by Admin at 2015-01-18 17:02:00
Running from C:\Users\Admin\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 CAT 3 - West - v4.0 (HKLM-x32\...\{D3D02004-0977-4BB1-8FE8-8BC4230DCEEC}}_is1) (Version:  - Eutechnyx, Ltd)
3DMark (HKLM-x32\...\{7330098c-3669-4f39-9e82-4221d489db39}) (Version: 1.4.828.0 - Futuremark)
3DMark (Version: 1.4.828.0 - Futuremark) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.0.3.13070 - Adobe Systems Inc.)
Adobe Connect 9 Add-in (HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\Adobe Connect 9 Add-in) (Version: 11,9,959,0 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
Alan Wake (HKLM-x32\...\Steam App 108710) (Version:  - Remedy Entertainment)
Arma 3 (HKLM-x32\...\Steam App 107410) (Version:  - Bohemia Interactive)
Assetto Corsa - Technology Preview Version 0.9.9 (HKLM-x32\...\{29826B4C-ADEF-4729-90D7-5011FD1C2B5E}_is1) (Version: 0.9.9 - Kunos Simulazioni)
Assetto Corsa (HKLM-x32\...\Steam App 244210) (Version:  - Kunos Simulazioni)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.4.2.23831 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.5.1 - EA Digital Illusions CE AB)
Call of Duty: Advanced Warfare (HKLM-x32\...\Steam App 209650) (Version:  - Sledgehammer Games)
Call of Duty: Black Ops II - Zombies (HKLM-x32\...\Steam App 212910) (Version:  - )
Call of Duty: Black Ops II (HKLM-x32\...\Steam App 202970) (Version:  - Treyarch)
Call of Duty: Ghosts - Multiplayer (HKLM-x32\...\Steam App 209170) (Version:  - )
Call of Juarez Gunslinger (HKLM-x32\...\Steam App 204450) (Version:  - Techland)
CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
Cogs (HKLM-x32\...\Steam App 26500) (Version:  - Lazy 8 Studios)
Company of Heroes 2 (HKLM-x32\...\Steam App 231430) (Version:  - Relic Entertainment)
CPUID CPU-Z 1.71.1 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
Crysis®3 (HKLM-x32\...\{4198AE83-A3C6-4C41-85C8-EC63E990696E}) (Version: 1.0.0.0 - Electronic Arts)
dakota.ag (HKLM-x32\...\dakota.ag) (Version: 6.0.30 - ITSG GmbH)
dakota.ag (x32 Version: 6.0.30 - ITSG GmbH) Hidden
DayZ (HKLM-x32\...\Steam App 221100) (Version:  - Bohemia Interactive)
DGS-1500-28 (HKLM-x32\...\{A0EBA397-F8F2-43A8-BF90-BFB06720EFB4}) (Version: 1.0.0.7 - D-Link)
D-Link SmartConsole Utility (HKLM-x32\...\InstallShield_{4FCE40BB-5BD6-43C9-8DAD-5B0551D8DF0C}) (Version: 3.00.10 - D-Link)
D-Link SmartConsole Utility (x32 Version: 3.00.10 - D-Link) Hidden
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
Emergency Download Driver (HKLM-x32\...\{9ED72246-E35D-4B03-8369-605E82465A29}) (Version: 1.1.5.1416 - Nokia)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Far Cry 3 (HKLM-x32\...\{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}) (Version: 1.04 - Ubisoft)
Far Cry 4 (HKLM-x32\...\Uplay Install 420) (Version:  - Ubisoft)
FileViewPro (HKLM\...\{29938C06-6962-4C27-A94C-25E4F424A665}_is1) (Version: 1.5 - Solvusoft Corporation)
FileZilla Client 3.9.0.6 (HKLM-x32\...\FileZilla Client) (Version: 3.9.0.6 - Tim Kosse)
FOSCAM Client (HKLM-x32\...\{9F9CDA0B-2291-4061-85C4-441A75BE6713}) (Version: 1.4.13 - FOSCAM)
Fraps (HKLM-x32\...\Fraps) (Version:  - )
Free Audio CD to MP3 Converter version 1.3.12.1228 (HKLM-x32\...\Free Audio CD to MP3 Converter_is1) (Version: 1.3.12.1228 - DVDVideoSoft Ltd.)
Free YouTube Download version 3.2.49.1122 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.49.1122 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.39.604 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.39.604 - DVDVideoSoft Ltd.)
FreeCommander XE (HKLM-x32\...\FreeCommander XE_is1) (Version: Preview - Marek Jasinski)
Fuse Drivers x64 (HKLM-x32\...\{06904B2B-5000-4C58-9471-256BA1A303BE}) (Version: 11.34.1 - Nokia)
Futuremark SystemInfo (HKLM-x32\...\{2FE4C157-30AD-47F3-9D93-D9A2AFF25D3F}) (Version: 4.33.485.0 - Futuremark)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GRID Autosport (HKLM-x32\...\Steam App 255220) (Version:  - Codemasters Racing)
Half-Life 2 (HKLM-x32\...\Steam App 220) (Version:  - Valve)
HitmanPro.Alert (HKLM\...\HitmanPro.Alert) (Version: 2.6.5.77 - SurfRight B.V.)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet Pro 8600 - Grundlegende Software für das Gerät (HKLM\...\{D2D05FDB-4EDA-462D-8DB6-E0B9AD4FA25F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Hilfe (HKLM-x32\...\{FDE820DD-CC88-4395-AD5C-801365B8F316}) (Version: 28.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
HPDetect (HKLM-x32\...\{CCCDD476-98F9-4B06-91DB-23F27CEC3BE1}) (Version: 1.0.0.0 - HP)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel(R) Driver Update Utility 2.0 (x32 Version: 2.0.0.29 - Intel) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3958 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.0.1030 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)
IPCamSetup (HKLM-x32\...\{02C39DE9-B03A-4FE7-89F9-61E224FE65CC}) (Version: 1.00.0000 - FOSCAM)
IPCWebComponents 3.1.0.5 (HKLM-x32\...\{4740E1B2-51CF-4083-8976-D6B3B5A5064F}_is1) (Version: 3.1.0.5 - )
iRacing.com Race Simulation (HKLM-x32\...\{CBBB3C80-76F5-42B5-92A6-C4BF84796DCB}) (Version: 1.01.0485 - iRacing.com Motorsport Simulations)
iSpy (HKLM-x32\...\{067B0B45-5718-4AF1-AAAB-A8D0894183A0}) (Version: 5.6.8 - iSpy)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Lexware Elster (HKLM-x32\...\{CEF3D480-E4A5-4962-BCF5-D72F355B4E98}) (Version: 14.02.00.0015 - Haufe-Lexware GmbH & Co.KG)
Lexware financial office 2014 (x32 Version: 18.51.00.0199 - Haufe-Lexware GmbH & Co.KG) Hidden
Lexware financial office plus 2014 (HKLM-x32\...\{cceb5f5e-fa2f-4632-aa50-1dffce083c79}) (Version: 18.0.0.98 - Haufe-Lexware GmbH & Co.KG)
Lexware Info Service (HKLM-x32\...\{C5F9841A-CE4B-4D57-AB97-D7A82910E1F6}) (Version: 4.51.00.0091 - Haufe-Lexware GmbH & Co.KG)
Lexware Installations Dienst (HKLM-x32\...\{1071B240-540B-420C-A40F-EF0AF5CD4892}) (Version: 3.51.00.0022 - Haufe-Lexware GmbH & Co.KG)
Lexware online banking (HKLM-x32\...\{7F603892-89C9-4EC4-9236-7AD4A798EA41}) (Version: 21.00.00.0039 - Haufe-Lexware GmbH & Co.KG)
Lexware PDF-Export 5 (x32 Version: 5.00.00.0005 - Haufe-Lexware GmbH & Co.KG) Hidden
LinuxLive USB Creator (HKLM-x32\...\LinuxLive USB Creator) (Version: 2.8 - Thibaut Lauziere)
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 5.2 - Paramount Software (UK) Ltd.)
Macrium Reflect Free Edition (Version: 5.3.7086 - Paramount Software (UK) Ltd.) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Metro 2033 Redux (HKLM-x32\...\Steam App 286690) (Version:  - 4A GAMES)
Metro: Last Light Redux (HKLM-x32\...\Steam App 287390) (Version:  - 4A Games)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 15.0.4675.1003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM-x32\...\{95140000-0137-0407-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Mozilla Firefox 35.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0 (x86 de)) (Version: 35.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
Mozilla Thunderbird 17.0.6 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 17.0.6 (x86 de)) (Version: 17.0.6 - Mozilla)
Mozilla Thunderbird 24.0.1 (x86 de) (HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\Mozilla Thunderbird 24.0.1 (x86 de)) (Version: 24.0.1 - Mozilla)
MSI Afterburner 4.0.0 (HKLM-x32\...\Afterburner) (Version: 4.0.0 - MSI Co., LTD)
MSI Kombustor 2.5.0 (HKLM-x32\...\{0B7C79A5-5CB2-4ABD-A9C1-92A6213CE8DD}_is1) (Version:  - MSI Co., LTD)
Need for Speed™ Rivals (HKLM-x32\...\{E0A32336-AA27-4053-99B2-C3380B7B95AC}) (Version: 1.4.0.0 - Electronic Arts)
Nero 9 Lite (HKLM-x32\...\{f50f5bef-c397-4ef8-a24c-4d151e4c22ec}) (Version:  - Nero AG)
Nero Burning ROM 2014 (HKLM-x32\...\{A4DC74AA-F4DF-48B9-AA4B-C30CA0DBCA33}) (Version: 15.0.04600 - Nero AG)
Nero Info (HKLM-x32\...\{B791E0AB-87A9-41A4-8D98-D13C2E37D928}) (Version: 15.1.0030 - Nero AG)
Netzmanager (HKLM-x32\...\Netzmanager) (Version: 1.081 - Deutsche Telekom AG)
Netzmanager (Version: 1.081 - Deutsche Telekom AG, Marmiko IT-Solutions GmbH) Hidden
Next Car Game Sneak Peek 2.0 (HKLM-x32\...\Steam App 272860) (Version:  - Bugbear)
Next Car Game: Wreckfest (HKLM-x32\...\Steam App 228380) (Version:  - Bugbear)
Nokia Software Recovery Tool (HKLM-x32\...\{637CB9CC-5F9E-40C1-ACF2-979733241E3E}) (Version: 1.4.3 - Nokia)
NVIDIA GeForce Experience 2.2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.09 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 9.3.1.4482 - Electronic Arts, Inc.)
PDF24 Creator 6.9.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PeerGuardian 2.0 (HKLM-x32\...\PeerGuardian_is1) (Version: 2.0.6.4 - Methlabs Productions)
Prerequisite installer (x32 Version: 15.0.0005 - Nero AG) Hidden
Puddle (HKLM-x32\...\Steam App 222140) (Version:  - Neko Entertainment)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Qualcomm Atheros Bandwidth Control Filter Driver (Version: 1.1.47.1374 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer E220x Drivers (Version: 1.1.47.1374 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer Performance Suite (HKLM-x32\...\{D675B346-8CDB-4C8E-804E-17FC9F62CEA5}) (Version: 1.1.47.1374 - Qualcomm Atheros)
Qualcomm Atheros Killer Wireless-N Drivers (Version: 1.1.47.1374 - Qualcomm Atheros) Hidden
Qualcomm Atheros Network Manager (Version: 1.1.47.1374 - Qualcomm Atheros) Hidden
RACE 07 (HKLM-x32\...\Steam App 8600) (Version:  - SimBin)
Race Injection (HKLM-x32\...\Steam App 44680) (Version:  - SimBin Studios AB)
RaceRoom Racing Experience  (HKLM-x32\...\Steam App 211500) (Version:  - SimBin Studios AB)
RaceRoom Racing Experience Launcher (HKLM-x32\...\{1FD9F07F-7BBF-4C91-B3F0-A23714A3A913}_is1) (Version: 1.0 - SimBin)
Raptr (HKLM-x32\...\Raptr) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6690 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.28123 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
rFactor2 (HKLM-x32\...\rFactor2) (Version:  - )
RivaTuner Statistics Server 6.2.0 (HKLM-x32\...\RTSS) (Version: 6.2.0 - Unwinder)
Roadkil's Unstoppable Copier Version 5.2 (HKLM-x32\...\{A306FD29-7D3A-4287-91AC-9A0180931395}_is1) (Version:  - Roadkil.Net)
SHIELD Streaming (Version: 3.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.18.14 - NVIDIA Corporation) Hidden
SimCity 2000 Special Edition (HKLM-x32\...\{59D2C751-F7BE-4E9F-9C8C-1F16013802C7}) (Version: 2.0.0.1 - Electronic Arts)
SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 4.0.86.0859 - Electronic Arts)
Simraceway 28.92 (HKLM-x32\...\Simraceway) (Version: 28.92 - Simraceway)
SSWebPlugin (HKLM-x32\...\{8E545090-944A-4AAE-8B20-23DF1786F17D}) (Version: 1.0.0.39 - Synology)
Starbound (HKLM-x32\...\Steam App 211820) (Version:  - )
Studie zur Verbesserung von HP Officejet Pro 8600 Produkten (HKLM\...\{B9824225-2055-4700-BCD4-64B25EC88264}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
SurveillanceHelper (HKLM-x32\...\{E8236305-76A1-4AE2-A35C-2498D6876912}) (Version: 1.0.0.3 - Synology)
SurveillancePlugin (HKLM-x32\...\{B4637DBD-7E8E-46D4-BC9C-EC1C9F1DC561}) (Version: 1.0.0.423 - Synology)
sv.net (HKLM-x32\...\sv.net) (Version: 14.1 - ITSG GmbH)
System Requirements Lab for Intel (HKLM-x32\...\{04C4B49D-45D9-4A28-9ED1-B45CBD99B8C7}) (Version: 4.5.24.0 - Husdawg, LLC)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.36897 - TeamViewer)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version:  - TechPowerUp)
The Bureau: XCOM Declassified (HKLM-x32\...\Steam App 65930) (Version:  - 2K Marin)
The Crew (Worldwide) (HKLM-x32\...\Uplay Install 413) (Version:  - Ubisoft)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Evil Within Demo (HKLM-x32\...\Steam App 329960) (Version:  - Tango Gameworks)
The Great War 1918 (HKLM-x32\...\Steam App 314420) (Version:  - Relic Entertainment)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.51a - Ghisler Software GmbH)
Transformers: Fall of Cybertron (HKLM-x32\...\Steam App 213120) (Version:  - Mercenary Technologies)
TRANSFORMERS: Rise of the Dark Spark (HKLM-x32\...\Steam App 245760) (Version:  - Edge of Reality)
TreeSize Free V3.2.1 (HKLM-x32\...\TreeSize Free_is1) (Version: 3.2.1 - JAM Software)
TrojanHunter 5.6 (HKLM-x32\...\TrojanHunter_is1) (Version: 5.6 - Bytelayer AB)
UltraISO Premium V9.6 (HKLM-x32\...\UltraISO_is1) (Version:  - )
Unity Web Player (HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Uplay (HKLM-x32\...\Uplay) (Version: 4.5 - Ubisoft)
USB Serial Port Driver (HKLM-x32\...\{281A7FBF-9E98-4639-AC73-D205BBF979AA}) (Version: 1.1.4.1416 - Nokia)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
War Thunder (HKLM-x32\...\Steam App 236390) (Version:  - Gaijin Entertainment)
Watch_Dogs (HKLM-x32\...\Uplay Install 274) (Version:  - Ubisoft)
Windows Phone app for desktop (HKLM-x32\...\{19773614-FC22-4ACC-AAA3-E6BDA81ACF92}) (Version: 1.1.2726.0 - Microsoft Corporation)
Windows Phone app for desktop (HKLM-x32\...\{9C4D79B6-238E-49D8-AEBC-26384EBDE6B3}) (Version: 1.0.1720.1 - Microsoft Corporation)
Windows-Treiberpaket - Lexmark International Printer  (07/06/2012 2.1.5.0) (HKLM\...\BF11496524DAA0EE0B3DE7C870A7D17BC97C0B14) (Version: 07/06/2012 2.1.5.0 - Lexmark International)
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
WinToUSB version 1.4 (HKLM-x32\...\WinToUSB_is1) (Version: 1.4 - The EasyUEFI Development Team.)
WinUsb CoInstallers (HKLM-x32\...\{B7D4B08A-9D89-4369-B51C-92CF8C03D2F8}) (Version: 1.1.8.1406 - Nokia)
WinUSB Compatible ID Drivers (HKLM-x32\...\{C97989C1-551F-4F41-A069-2A49567FD36B}) (Version: 1.1.6.1416 - Nokia)
WinUSB Drivers ext (HKLM-x32\...\{0ED6AC75-474D-4511-B198-05B8C99F6B8B}) (Version: 1.1.7.1416 - Nokia)
Wolfenstein: The New Order German Edition (HKLM-x32\...\Steam App 288570) (Version:  - MachineGames)
WRC 4 FIA WORLD RALLY CHAMPIONSHIP (HKLM-x32\...\Steam App 256330) (Version:  - Milestone S.r.l.)
X-Motor Racing Demo (HKLM-x32\...\X-Motor Racing Demo_is1) (Version:  - Exotypos)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2819443126-392552937-1277417864-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-2819443126-392552937-1277417864-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Admin\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points  =========================

12-01-2015 18:14:24 Geplanter Prüfpunkt
15-01-2015 05:51:28 Prüfpunkt von HitmanPro
18-01-2015 06:52:26 Revo Uninstaller's restore point - StormFall
18-01-2015 08:43:29 Wiederherstellungsvorgang
18-01-2015 10:16:34 18012015 vor adware benutzung 
18-01-2015 10:31:28 Wiederherstellungsvorgang
18-01-2015 11:50:21 voradwareanchorundhotspot

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0AA1F179-FA10-46AF-9EAF-C6933A770D59} - \Seagate_Install_Launch No Task File <==== ATTENTION
Task: {1887A53C-F03A-4C3F-8FEC-01CA1DB6EA08} - System32\Tasks\Microsoft Office 15 Sync Maintenance for ONEPC-Admin OnePC => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-11-04] (Microsoft Corporation)
Task: {19395FDD-F5F0-447C-A834-FC9D8D1674EE} - \HPCustParticipation HP Officejet Pro 8600 No Task File <==== ATTENTION
Task: {203982B8-C446-4F4F-8EF0-0BF4BC3A8952} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-11-12] (Microsoft Corporation)
Task: {287F3197-7998-470F-B04D-6E2A296FABCB} - \GoogleUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {3036B396-15F3-4430-98A9-337AB8481398} - \GoogleUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {338EF201-1E25-40B3-98AE-3CFE691E881A} - \Microsoft_MKC_Logon_Task_itype.exe No Task File <==== ATTENTION
Task: {3AA151C0-7079-4BD8-89B0-609D22DCA726} - \Microsoft_Hardware_Launch_mousekeyboardcenter_exe No Task File <==== ATTENTION
Task: {41EED3EA-2A03-4192-87D2-5C3782189C28} - \User_Feed_Synchronization-{DF772C42-9DA6-4A07-A576-E2DAD94F2096} No Task File <==== ATTENTION
Task: {51474427-D684-45F5-8DB5-C0732E75E7CA} - \{26CC40C6-7AF6-4A6A-B384-369B1AFDBE66} No Task File <==== ATTENTION
Task: {57F7813B-623C-48B4-A6C2-525117AC3F7C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {619D129F-4304-4C73-A121-6730E9FA3027} - \CreateChoiceProcessTask No Task File <==== ATTENTION
Task: {67D83E09-F3E9-4E45-9914-2AD631C2A390} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-01-14] (Microsoft Corporation)
Task: {7015B8D7-DDB2-4A32-8E32-10F221DF0882} - \Microsoft_Hardware_Launch_itype_exe No Task File <==== ATTENTION
Task: {796504CA-79C5-458A-9541-3173FACB30C1} - \Core Temp Autostart Admin No Task File <==== ATTENTION
Task: {7B229291-634C-4B5B-8CA2-0FF9C5D4E72C} - \Microsoft_Hardware_Launch_ipoint_exe No Task File <==== ATTENTION
Task: {88FA4920-C21E-4BB0-ACB3-1E00E1C234E1} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation)
Task: {A669484B-2B77-435D-A374-7A47988CF89F} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2819443126-392552937-1277417864-1001 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe
Task: {B86FCF37-6A96-4790-8328-5F8CC3E35BAB} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [2013-10-16] (Nero AG)
Task: {BA578D76-4613-45AB-8355-C0E4E3AA2CBC} - \MSIAfterburner No Task File <==== ATTENTION
Task: {C323255A-0539-4900-8D63-355881C27817} - System32\Tasks\FRAPS => C:\Fraps\fraps.exe [2013-02-26] (Beepa P/L)
Task: {C5050D0C-D39A-4B60-92FD-B5AA00AE652F} - \Microsoft_MKC_Logon_Task_ipoint.exe No Task File <==== ATTENTION
Task: {E30E0525-FD4D-468D-B8B6-3BD9F61056C3} - \HP AR Program Upload - c8ac4278ca3949a487036fae545744fe5052aa724f0240da89d05ea85040bf29 No Task File <==== ATTENTION
Task: {E551B41C-005D-431F-9533-76BFA25BCAC2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-11-21] (Piriform Ltd)
Task: {F8BAAB94-6F81-4DEF-BE85-6B3592734D8B} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-13] (Adobe Systems Incorporated)
Task: {FA3CDBEE-0CC7-4B6A-9DA9-4D2154F03A36} - System32\Tasks\Microsoft\Windows\Media Center\Extender\Update media permissions for Mcx1-ONEPC => C:\Windows\ehome\McxTask.exe [2013-09-30] (Microsoft Corporation)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-04-08 20:01 - 2014-12-13 09:03 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-06-20 18:09 - 2014-12-15 11:45 - 00020240 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\TeamViewer_PrintProcessor.dll
2014-06-26 14:04 - 2014-06-26 14:04 - 00100984 _____ () C:\Program Files (x86)\Common Files\Nokia\ADUService\ADUService.exe
2014-03-22 09:08 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2010-10-19 08:31 - 2010-10-19 08:31 - 00205312 _____ () C:\Program Files\Netzmanager\NMInfraIS2\driver64\SoftplugLib.DLL
2013-08-10 21:00 - 2014-06-13 14:17 - 00076888 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2013-07-11 22:04 - 2013-07-11 22:04 - 01630720 _____ () C:\Program Files (x86)\SimracewayUpdater\SRWUpdate.exe
2014-05-01 20:29 - 2014-05-01 20:29 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2014-11-25 08:19 - 2014-11-25 08:19 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\ErrorReporting.dll
2014-09-19 14:48 - 2014-09-19 14:48 - 00330240 _____ () C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
2014-11-22 01:03 - 2014-11-22 01:03 - 00053248 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2015-01-18 16:14 - 2015-01-18 16:14 - 00852504 _____ () C:\Users\Admin\Downloads\SecurityCheck.exe
2015-01-18 16:27 - 2015-01-18 16:14 - 00852504 _____ () C:\Users\Admin\Desktop\SecurityCheck.exe
2015-01-17 12:17 - 2014-06-26 07:44 - 00358144 _____ () C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
2013-07-11 22:03 - 2013-07-11 22:03 - 00252832 _____ () C:\Program Files (x86)\SimracewayUpdater\PATCHW32.dll
2015-01-15 15:06 - 2015-01-15 15:06 - 00016384 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PSIClient\c89a3da49bf7bd161745f4228277ea00\PSIClient.ni.dll
2013-06-03 18:28 - 2012-07-18 04:55 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2013-09-26 11:20 - 2013-09-26 11:20 - 00176168 _____ () C:\Program Files (x86)\Lexware\Update Manager\Haufe.Core.Diagnostics.Logging.Targets.Etw.dll
2013-09-26 11:20 - 2013-09-26 11:20 - 00043048 _____ () C:\Program Files (x86)\Lexware\Update Manager\Haufe.Core.Diagnostics.Etw.dll
2010-11-22 23:56 - 2010-11-22 23:56 - 00087040 _____ () C:\Program Files (x86)\Raptr\_ctypes.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00043008 _____ () C:\Program Files (x86)\Raptr\_socket.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00805376 _____ () C:\Program Files (x86)\Raptr\_ssl.pyd
2014-05-14 00:26 - 2014-05-14 00:26 - 05812736 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtGui.pyd
2014-05-14 00:26 - 2014-05-14 00:26 - 00067584 _____ () C:\Program Files (x86)\Raptr\sip.pyd
2014-05-14 00:26 - 2014-05-14 00:26 - 01662464 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtCore.pyd
2014-05-14 00:26 - 2014-05-14 00:26 - 00494592 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtNetwork.pyd
2010-11-22 23:57 - 2010-11-22 23:57 - 00096256 _____ () C:\Program Files (x86)\Raptr\win32api.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00110592 _____ () C:\Program Files (x86)\Raptr\pywintypes26.dll
2010-11-22 23:56 - 2010-11-22 23:56 - 00010240 _____ () C:\Program Files (x86)\Raptr\select.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00356864 _____ () C:\Program Files (x86)\Raptr\_hashlib.pyd
2010-11-22 23:57 - 2010-11-22 23:57 - 00036352 _____ () C:\Program Files (x86)\Raptr\win32process.pyd
2010-11-22 23:57 - 2010-11-22 23:57 - 00111104 _____ () C:\Program Files (x86)\Raptr\win32file.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00044544 _____ () C:\Program Files (x86)\Raptr\_sqlite3.pyd
2011-02-15 19:17 - 2011-02-15 19:17 - 00417501 _____ () C:\Program Files (x86)\Raptr\sqlite3.dll
2010-11-22 23:57 - 2010-11-22 23:57 - 00167936 _____ () C:\Program Files (x86)\Raptr\win32gui.pyd
2014-05-14 00:26 - 2014-05-14 00:26 - 00313856 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtWebKit.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00127488 _____ () C:\Program Files (x86)\Raptr\pyexpat.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00009216 _____ () C:\Program Files (x86)\Raptr\winsound.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00354304 _____ () C:\Program Files (x86)\Raptr\pythoncom26.dll
2010-11-22 23:57 - 2010-11-22 23:57 - 00016384 _____ () C:\Program Files (x86)\Raptr\win32trace.pyd
2014-08-14 01:37 - 2014-08-14 01:37 - 00113171 _____ () C:\Program Files (x86)\Raptr\libvlc.dll
2014-08-14 01:37 - 2014-08-14 01:37 - 02396691 _____ () C:\Program Files (x86)\Raptr\libvlccore.dll
2010-11-22 23:56 - 2010-11-22 23:56 - 00583680 _____ () C:\Program Files (x86)\Raptr\unicodedata.pyd
2011-11-21 03:20 - 2011-11-21 03:20 - 01949696 _____ () C:\Program Files (x86)\Raptr\libtorrent.pyd
2010-11-22 23:57 - 2010-11-22 23:57 - 00263168 _____ () C:\Program Files (x86)\Raptr\win32com.shell.shell.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00324608 _____ () C:\Program Files (x86)\Raptr\PIL._imaging.pyd
2013-11-21 01:05 - 2013-11-21 01:05 - 00256000 _____ () C:\Program Files (x86)\Raptr\amd_ags.dll
2010-11-22 23:57 - 2010-11-22 23:57 - 00141312 _____ () C:\Program Files (x86)\Raptr\gobject._gobject.pyd
2014-06-18 01:56 - 2014-06-18 01:56 - 02717595 _____ () C:\Program Files (x86)\Raptr\heliotrope._purple.pyd
2011-02-15 19:17 - 2011-02-15 19:17 - 01213633 _____ () C:\Program Files (x86)\Raptr\libxml2-2.dll
2010-11-23 00:06 - 2010-11-23 00:06 - 00055808 _____ () C:\Program Files (x86)\Raptr\zlib1.dll
2013-05-10 00:52 - 2013-05-10 00:52 - 00495680 _____ () C:\Program Files (x86)\Raptr\plugins\libaim.dll
2013-05-10 00:52 - 2013-05-10 00:52 - 01183699 _____ () C:\Program Files (x86)\Raptr\liboscar.dll
2013-05-10 00:52 - 2013-05-10 00:52 - 00483306 _____ () C:\Program Files (x86)\Raptr\plugins\libicq.dll
2013-05-03 19:57 - 2013-05-03 19:57 - 00655356 _____ () C:\Program Files (x86)\Raptr\plugins\libirc.dll
2013-05-03 19:56 - 2013-05-03 19:56 - 01306387 _____ () C:\Program Files (x86)\Raptr\plugins\libmsn.dll
2013-05-03 19:56 - 2013-05-03 19:56 - 00565461 _____ () C:\Program Files (x86)\Raptr\plugins\libxmpp.dll
2013-05-03 19:57 - 2013-05-03 19:57 - 01640221 _____ () C:\Program Files (x86)\Raptr\libjabber.dll
2013-05-03 19:56 - 2013-05-03 19:56 - 00506276 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoo.dll
2013-05-03 19:57 - 2013-05-03 19:57 - 01053730 _____ () C:\Program Files (x86)\Raptr\libymsg.dll
2013-05-03 19:57 - 2013-05-03 19:57 - 00497782 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoojp.dll
2013-05-03 19:57 - 2013-05-03 19:57 - 00603326 _____ () C:\Program Files (x86)\Raptr\plugins\ssl-nss.dll
2013-05-03 19:57 - 2013-05-03 19:57 - 00474199 _____ () C:\Program Files (x86)\Raptr\plugins\ssl.dll
2014-11-21 05:49 - 2014-11-21 05:49 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
2014-10-16 10:15 - 2014-10-16 10:15 - 00035328 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2014-05-24 17:41 - 2014-05-24 17:41 - 00091648 _____ () C:\Program Files (x86)\FileZilla FTP Client\libgcc_s_sjlj-1.dll
2014-05-24 17:41 - 2014-05-24 17:41 - 00892416 _____ () C:\Program Files (x86)\FileZilla FTP Client\libstdc++-6.dll
2014-11-21 05:47 - 2014-11-21 05:47 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll
2015-01-18 16:42 - 2015-01-18 16:42 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Admin\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "SRW Download Manager.lnk"
HKLM\...\StartupApproved\Run: => "Acronis Scheduler2 Service"
HKLM\...\StartupApproved\Run32: => "IAStorIcon"
HKLM\...\StartupApproved\Run32: => "AcronisTibMounterMonitor"
HKLM\...\StartupApproved\Run32: => "TrueImageMonitor.exe"
HKLM\...\StartupApproved\Run32: => "EaseUS EPM tray"
HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\StartupApproved\StartupFolder: => "Tintenwarnungen überwachen - HP Officejet Pro 8600 (Netzwerk).lnk"
HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\StartupApproved\StartupFolder: => "An OneNote senden.lnk"
HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\StartupApproved\StartupFolder: => "Tintenwarnungen überwachen - .lnk"
HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\StartupApproved\Run: => "GarminExpressTrayApp"
HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\StartupApproved\Run: => "Uploader"
HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\StartupApproved\Run: => "Prime95"

========================= Accounts: ==========================

Admin (S-1-5-21-2819443126-392552937-1277417864-1001 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-2819443126-392552937-1277417864-500 - Administrator - Disabled)
fbwuser2B82 (S-1-5-21-2819443126-392552937-1277417864-1007 - Limited - Enabled)
fbwuser6E92 (S-1-5-21-2819443126-392552937-1277417864-1008 - Limited - Enabled)
fbwuserADE8 (S-1-5-21-2819443126-392552937-1277417864-1005 - Limited - Enabled)
fbwuserB171 (S-1-5-21-2819443126-392552937-1277417864-1006 - Limited - Enabled)
fbwuserB705 (S-1-5-21-2819443126-392552937-1277417864-1010 - Limited - Enabled)
fbwuserF7BE (S-1-5-21-2819443126-392552937-1277417864-1009 - Limited - Enabled)
Gast (S-1-5-21-2819443126-392552937-1277417864-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2819443126-392552937-1277417864-1012 - Limited - Enabled)
Mcx1-ONEPC (S-1-5-21-2819443126-392552937-1277417864-1004 - Limited - Enabled) => C:\Users\Mcx1-ONEPC

==================== Faulty Device Manager Devices =============

Name: Microsoft Bluetooth-Auflistung
Description: Microsoft Bluetooth-Auflistung
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Microsoft
Service: BthEnum
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/18/2015 04:32:52 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.

Error: (01/18/2015 04:32:51 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.

Error: (01/18/2015 04:32:49 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.

Error: (01/18/2015 04:27:46 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.

Error: (01/18/2015 02:52:57 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.

Error: (01/18/2015 02:52:57 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.

Error: (01/18/2015 02:52:56 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.

Error: (01/18/2015 11:56:20 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.

Error: (01/18/2015 11:26:32 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ONEPC)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail“ ist folgender Fehler aufgetreten: -2144927151. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (01/18/2015 11:26:28 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ONEPC)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail“ ist folgender Fehler aufgetreten: -2144927151. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.


System errors:
=============
Error: (01/18/2015 03:11:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Micro Star SCM" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/18/2015 03:05:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Micro Star SCM" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/18/2015 02:35:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Micro Star SCM" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/18/2015 00:41:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Micro Star SCM" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/18/2015 00:40:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (01/18/2015 00:40:30 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Management and Security Application User Notification Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (01/18/2015 00:40:30 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Nero Update" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (01/18/2015 00:40:30 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Rapid Storage-Technologie" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (01/18/2015 00:40:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (01/18/2015 00:40:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.


Microsoft Office Sessions:
=========================
Error: (01/18/2015 04:32:52 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifestC:\Users\Admin\Downloads\esetsmartinstaller_deu(3).exe

Error: (01/18/2015 04:32:51 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifestC:\Users\Admin\Downloads\esetsmartinstaller_deu(3).exe

Error: (01/18/2015 04:32:49 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifestC:\Users\Admin\Downloads\esetsmartinstaller_deu(3).exe

Error: (01/18/2015 04:27:46 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifestC:\Users\Admin\Downloads\esetsmartinstaller_deu(3).exe

Error: (01/18/2015 02:52:57 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifestC:\Users\Admin\Downloads\esetsmartinstaller_deu(1).exe

Error: (01/18/2015 02:52:57 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifestC:\Users\Admin\Downloads\esetsmartinstaller_deu.exe

Error: (01/18/2015 02:52:56 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifestC:\Users\Admin\Downloads\esetsmartinstaller_deu(2).exe

Error: (01/18/2015 11:56:20 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (01/18/2015 11:26:32 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ONEPC)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2144927151

Error: (01/18/2015 11:26:28 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ONEPC)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2144927151


CodeIntegrity Errors:
===================================
  Date: 2015-01-18 16:46:31.004
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\hmpalert.dll that did not meet the Windows signing level requirements.

  Date: 2015-01-18 16:19:03.859
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\hmpalert.dll that did not meet the Windows signing level requirements.

  Date: 2015-01-18 15:56:22.960
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\hmpalert.dll that did not meet the Windows signing level requirements.

  Date: 2015-01-18 15:36:44.510
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-18 15:22:13.269
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\hmpalert.dll that did not meet the Windows signing level requirements.

  Date: 2015-01-18 15:22:12.112
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\hmpalert.dll that did not meet the Microsoft signing level requirements.

  Date: 2015-01-18 15:22:11.972
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\hmpalert.dll that did not meet the Microsoft signing level requirements.

  Date: 2015-01-18 15:22:11.815
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\hmpalert.dll that did not meet the Microsoft signing level requirements.

  Date: 2015-01-18 15:22:11.644
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\SysWOW64\hmpalert.dll that did not meet the Microsoft signing level requirements.

  Date: 2015-01-18 15:13:23.999
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-3630QM CPU @ 2.40GHz
Percentage of memory in use: 18%
Total physical RAM: 16276.89 MB
Available physical RAM: 13274.06 MB
Total Pagefile: 32660.89 MB
Available Pagefile: 29112.84 MB
Total Virtual: 131072 MB
Available Virtual: 131071.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:446.79 GB) (Free:147.13 GB) NTFS
Drive d: (Volume) (Fixed) (Total:931.39 GB) (Free:217.55 GB) NTFS
Drive g: () (Removable) (Total:3.63 GB) (Free:1.94 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 447.1 GB) (Disk ID: 003DE352)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=446.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 000ABBCC)

Partition: GPT Partition Type.

========================================================
Disk: 2 (Size: 3.6 GB) (Disk ID: 1CB9B741)
Partition 1: (Not Active) - (Size=3.6 GB) - (Type=0B)

==================== End Of Log ============================
         
weiteres in Arbeit................................................................................................................................................ ........................ ich liefere nach..... Eset läuft noch....

Alt 18.01.2015, 19:40   #10
schrauber
/// the machine
/// TB-Ausbilder
 

nur Laptop sendet Dos Attacke Syn und UDP Flood an Router W921v - Standard

nur Laptop sendet Dos Attacke Syn und UDP Flood an Router W921v



Hotspotshield einfach deinstallieren?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 19.01.2015, 06:29   #11
andto
 
nur Laptop sendet Dos Attacke Syn und UDP Flood an Router W921v - Standard

nur Laptop sendet Dos Attacke Syn und UDP Flood an Router W921v



Zitat:
Zitat von schrauber Beitrag anzeigen
Hotspotshield einfach deinstallieren?
Guten Morgen,
schon längst runter nur noch dieser besagte Treiber der auch im Zusammenhang mit der Netzwerkfähigkeit steht. ich check mal einen anderen Rechner ob der diese Dateien auch besitzt auf dem nie dieses Programm installiert war

hier nun noch der fehlende Scan von eset

Code:
ATTFilter
C:\Users\Admin\AppData\Local\Temp\DMR\dmr_72.exe	Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung
C:\Users\Admin\Downloads\TCPView - CHIP-Installer.exe	Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung
         

neueste info: anderer rechner hat keine tap und hss sysen und laufen auch.... wenn ich meine aber umbenenne oder lösche geht mein Rechner nicht ins internet. insbesondere der hss von hotspotshield... ist das internet darüber verbunden worden und muss das nun entknotet werden.... würg....

Geändert von andto (19.01.2015 um 06:51 Uhr)

Alt 19.01.2015, 15:21   #12
schrauber
/// the machine
/// TB-Ausbilder
 

nur Laptop sendet Dos Attacke Syn und UDP Flood an Router W921v - Standard

nur Laptop sendet Dos Attacke Syn und UDP Flood an Router W921v



Du hast also einen zweiten Rechner? Dann bitte auf diesem AdwCleaner löschen lassen. Wenn Internet nicht geht, bitte einen Scan mit FRST machen und das Log über den andern PC hier posten.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 19.01.2015, 16:05   #13
andto
 
nur Laptop sendet Dos Attacke Syn und UDP Flood an Router W921v - Standard

nur Laptop sendet Dos Attacke Syn und UDP Flood an Router W921v




FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-01-2015
Ran by Admin (administrator) on ONEPC on 19-01-2015 15:57:23
Running from C:\Users\Admin\Downloads
Loaded Profiles: Admin (Available profiles: Admin & Mcx1-ONEPC)
Platform: Windows 8.1 Pro with Media Center (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
() C:\Program Files (x86)\Common Files\Nokia\ADUService\ADUService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(iRacing.com Motorsport Simulations, LLC
Bedford, MA 01730) D:\Program Files (x86)\iRacing\iRacingService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe
(Deutsche Telekom AG) C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Qualcomm Atheros) C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe
() C:\Program Files (x86)\SimracewayUpdater\SRWUpdate.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Users\Admin\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Electronic Arts) D:\Program Files (x86)\Origin\Origin.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
() C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
(Deutsche Telekom AG) C:\Program Files\Netzmanager\netzmanager.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Common Files\Lexware\Internettransfer\LxTrans.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Lexware\Update Manager\LxUpdateManager.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Common Files\Lexware\LxWebAccess\LxWebAccess.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe
(Geek Software GmbH) D:\Program Files (x86)\PDF24\pdf24.exe
(Mischel Internet Security) C:\Program Files (x86)\TrojanHunter 5.6\THGuard.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-13] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531984 2015-01-07] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-01] (Intel Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [TransferManager] => C:\Program Files (x86)\Common Files\Lexware\Internettransfer\LxTrans.exe [444928 2014-06-29] (Haufe-Lexware GmbH & Co. KG)
HKLM-x32\...\Run: [LexwareInfoService] => C:\Program Files (x86)\Lexware\Update Manager\LxUpdateManager.exe [208424 2014-06-03] (Haufe-Lexware GmbH & Co. KG)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2014-12-08] (Raptr, Inc)
HKLM-x32\...\Run: [PDFPrint] => d:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH)
HKLM-x32\...\Run: [THGuard] => C:\Program Files (x86)\TrojanHunter 5.6\THGuard.exe [1081808 2014-07-30] (Mischel Internet Security)
HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\Run: [SkyDrive] => C:\Users\Admin\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [277672 2014-10-09] (Microsoft Corporation)
HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\Run: [EADM] => d:\Program Files (x86)\Origin\Origin.exe [3618648 2014-12-19] (Electronic Arts)
HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\Run: [Prime95] => C:\Users\Admin\Downloads\p95v285.win64\prime95.exe [36363264 2014-05-30] ()
HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7063832 2014-11-21] (Piriform Ltd)
HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\Run: [PeerGuardian] => C:\Program Files (x86)\PeerGuardian2\pg2.exe [1421824 2005-09-18] (Methlabs)
HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\MountPoints2: {0d48a496-850f-11e3-becb-a417319ede24} - "G:\setup_vmc_lite.exe" /checkApplicationPresence
HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\MountPoints2: {78f8706e-00e8-11e4-bf2b-a417319ede24} - "C:\WINDOWS\system32\RunDLL32.EXE" Shell32.DLL,ShellExec_RunDLL F:\start.exe
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => "D:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [178632 2014-12-13] (NVIDIA Corporation)
AppInit_DLLs: , C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [178632 2014-12-13] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [165760 2014-12-13] (NVIDIA Corporation)
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk
ShortcutTarget: Netzmanager.lnk -> C:\Program Files\Netzmanager\netzmanager.exe (Deutsche Telekom AG)
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - .lnk
ShortcutTarget: Tintenwarnungen überwachen - .lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet Pro 8600 (Netzwerk).lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet Pro 8600 (Netzwerk).lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk
ShortcutTarget: Killer Network Manager.lnk -> C:\Windows\Installer\{2D7BDE37-83EC-438A-9E1F-A610594DD358}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe (Flexera Software LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SRW Download Manager.lnk
ShortcutTarget: SRW Download Manager.lnk -> C:\IgniteGT\Simraceway\SRWAgent.exe (IgniteGT)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2819443126-392552937-1277417864-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {3746422E-4692-4429-9698-E3EB34FE07BC} hxxp://192.168.1.9:88/FSIPCam.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {960DC750-7447-4CDE-BF1C-FB33F9129654} hxxp://192.168.1.9:5000/webman/3rdparty/SurveillanceStation/object/SSObject3.cab?6.1-2909
DPF: HKLM-x32 {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} hxxp://192.168.1.117/codebase/DVM_IPCam2.ocx
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com/bin/srldetect_intel_4.5.24.0.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b1nx067f.default-1421664205499
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @IPCWebComponents -> C:\Program Files (x86)\IPCWebComponents\npIPCReg.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: synology.com/SurveillanceHelper -> C:\Program Files (x86)\Synology\SurveillanceHelper\1.0.0.3\npSurveillanceHelper.dll (Synology)
FF Plugin-x32: synology.com/SurveillancePlugin -> C:\Program Files (x86)\Synology\SurveillancePlugin\1.0.0.423\npSurveillancePlugin.dll (Synology)
FF Plugin HKU\S-1-5-21-2819443126-392552937-1277417864-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Admin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2819443126-392552937-1277417864-1001: hp.com/HPDetect -> C:\Users\Admin\AppData\Roaming\HewlettPackard\HPDetect\1.0.0.0\npHPDetect.dll (HP)
FF Plugin HKU\S-1-5-21-2819443126-392552937-1277417864-1001: synology.com/SSWebPlugin -> C:\Users\Admin\AppData\Roaming\Synology\SSWebPlugin\1.0.0.39\npSSWebPlugin.dll (Synology)
FF Extension: Hotspot Shield Extension - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afproxy@anchorfree.com [2015-01-18]
FF HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mpiofm0i.default-1406638029815\extensions\cliqz@cliqz.com

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [ocbnpbkmjpgbdcgiflkgkpnkinifpgpj] - C:\Users\Admin\ChromeExtensions\ocbnpbkmjpgbdcgiflkgkpnkinifpgpj\amazon-icon-2.crx [2014-11-08]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ADUServiceNSRT; C:\Program Files (x86)\Common Files\Nokia\ADUService\ADUService.exe [100984 2014-06-26] () [File not signed]
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [448384 2014-12-03] ()
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [614624 2014-12-10] (Futuremark)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2015-01-07] (NVIDIA Corporation)
R2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [1876816 2015-01-15] (SurfRight B.V.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [318568 2014-10-03] (Intel Corporation)
R2 iRacingService; D:\Program Files (x86)\iRacing\iRacingService.exe [798840 2015-01-13] (iRacing.com Motorsport Simulations, LLC
Bedford, MA 01730)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-09-17] (Intel Corporation)
R2 Lexware_Update_Service; C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe [62504 2014-06-26] (Haufe-Lexware GmbH & Co. KG)
R2 Netzmanager Service; C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe [2635776 2012-07-20] (Deutsche Telekom AG) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2015-01-07] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19822736 2015-01-07] (NVIDIA Corporation)
S3 Origin Client Service; D:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2014-12-19] (Electronic Arts)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2014-06-13] ()
R2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [387584 2014-09-19] (Qualcomm Atheros) [File not signed]
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3275728 2014-06-24] (Paramount Software UK Ltd)
R2 Simraceway Update Service; C:\Program Files (x86)\SimracewayUpdater\SRWUpdate.exe [1630720 2013-07-11] () [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
S2 Micro Star SCM; C:\WINDOWS\SysWOW64\MSIService.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3905536 2014-08-22] (Qualcomm Atheros Communications, Inc.)
R1 BfLwf; C:\Windows\system32\DRIVERS\bwcW8x64.sys [97968 2014-09-11] (Qualcomm Atheros, Inc.)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R2 hmpalert; C:\Windows\System32\drivers\hmpalert.sys [93144 2015-01-15] ()
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115448 2013-11-21] (EZB Systems, Inc.)
R3 Ke2200; C:\Windows\system32\DRIVERS\e22w8x64.sys [130224 2014-03-27] (Qualcomm Atheros, Inc.)
S3 massfilter; C:\Windows\System32\drivers\massfilter.sys [11776 2009-04-09] (ZTE Incorporated) [File not signed]
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-18] (Malwarebytes Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [4263936 2013-06-03] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-01-07] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S3 pwdrvio; C:\WINDOWS\system32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [12504 2013-09-30] ()
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [79872 2013-12-02] (BlackBerry Limited)
S3 rimvndis; C:\Windows\System32\Drivers\rimvndis6_AMD64.sys [17920 2014-06-23] (Research in Motion Limited)
S3 RimVSerPort; C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
S3 SjtWinIo; C:\Windows\System32\drivers\SjtWinIo.sys [9216 2014-08-26] (SpeedJet Technology INC.)
R3 TelekomNM6; C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys [45664 2010-09-16] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)
S3 UHSfiltv; C:\Windows\system32\drivers\UHSfiltv.sys [23552 2012-09-12] (Creative Technology Ltd.) [File not signed]
S3 usbrndis6; C:\Windows\system32\DRIVERS\usb80236.sys [20992 2013-08-22] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 AthBTPort; \SystemRoot\system32\DRIVERS\btath_flt.sys [X]
S3 BTATH_A2DP; \SystemRoot\system32\drivers\btath_a2dp.sys [X]
S3 btath_avdt; \SystemRoot\system32\drivers\btath_avdt.sys [X]
S3 BTATH_BUS; \SystemRoot\System32\drivers\btath_bus.sys [X]
S3 BTATH_HCRP; \SystemRoot\System32\drivers\btath_hcrp.sys [X]
S3 BTATH_LWFLT; \SystemRoot\system32\DRIVERS\btath_lwflt.sys [X]
S3 BTATH_RCP; \SystemRoot\System32\drivers\btath_rcp.sys [X]
S3 cpuz138; \??\C:\WINDOWS\TEMP\cpuz138\cpuz138_x64.sys [X]
S3 GPUZ; \??\C:\WINDOWS\TEMP\GPUZ.sys [X]
S3 hitmanpro37; \??\C:\WINDOWS\system32\drivers\hitmanpro37.sys [X]
S1 HssDRV6; \SystemRoot\system32\DRIVERS\hssdrv6.sys [X]
S3 pxldapoc; \??\C:\Users\Admin\AppData\Local\Temp\pxldapoc.sys [X]
S3 taphss6; \SystemRoot\system32\DRIVERS\taphss6.sys [X]
S3 VMSMP; \SystemRoot\system32\DRIVERS\vmswitch.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-19 15:12 - 2015-01-19 15:12 - 00001171 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-19 15:12 - 2015-01-19 15:12 - 00001159 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-01-19 15:12 - 2015-01-19 15:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-19 15:10 - 2015-01-19 15:10 - 00243728 _____ () C:\Users\Admin\Downloads\Firefox Setup Stub 35_0.exe
2015-01-19 15:09 - 2015-01-19 15:09 - 00001410 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-19 07:02 - 2015-01-19 07:02 - 00000636 _____ () C:\Users\Admin\Desktop\JRT.txt
2015-01-19 06:57 - 2015-01-19 06:57 - 01707939 _____ (Thisisu) C:\Users\Admin\Downloads\JRT(1).exe
2015-01-18 16:42 - 2015-01-19 15:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-18 16:27 - 2015-01-18 16:14 - 00852504 _____ () C:\Users\Admin\Desktop\SecurityCheck.exe
2015-01-18 16:14 - 2015-01-18 16:14 - 00852504 _____ () C:\Users\Admin\Downloads\SecurityCheck.exe
2015-01-18 16:09 - 2015-01-18 16:09 - 02347384 _____ (ESET) C:\Users\Admin\Downloads\esetsmartinstaller_deu(3).exe
2015-01-18 10:11 - 2015-01-18 10:11 - 00000000 ____D () C:\Users\Admin\Downloads\FRST-OlderVersion
2015-01-18 09:34 - 2015-01-18 09:34 - 01707939 _____ (Thisisu) C:\Users\Admin\Downloads\JRT.exe
2015-01-18 09:34 - 2015-01-18 09:34 - 00000000 ____D () C:\WINDOWS\ERUNT
2015-01-18 09:31 - 2015-01-18 09:31 - 02186752 _____ () C:\Users\Admin\Downloads\AdwCleaner_4.108(1).exe
2015-01-18 09:18 - 2015-01-18 09:39 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-01-18 09:18 - 2015-01-18 09:18 - 00001114 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-01-18 09:18 - 2015-01-18 09:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-01-18 09:18 - 2015-01-18 09:18 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-01-18 09:18 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-01-18 09:18 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-01-18 09:18 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-01-18 09:10 - 2015-01-18 09:11 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Admin\Downloads\mbam-setup-2.0.4.1028(1).exe
2015-01-18 08:52 - 2014-08-22 09:00 - 03905536 _____ (Qualcomm Atheros Communications, Inc.) C:\WINDOWS\system32\Drivers\athwbx.sys
2015-01-18 08:34 - 2015-01-18 08:34 - 00000000 ____D () C:\Dell
2015-01-18 07:26 - 2015-01-18 07:26 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Synaptics
2015-01-18 07:21 - 2015-01-18 08:23 - 00029758 _____ () C:\WINDOWS\DPINST.LOG
2015-01-18 07:21 - 2015-01-18 07:21 - 00001342 _____ () C:\WINDOWS\Synaptics.log
2015-01-18 07:21 - 2015-01-18 07:21 - 00000000 ____D () C:\Program Files\Synaptics
2015-01-18 07:10 - 2015-01-18 07:10 - 00003707 _____ () C:\Users\Admin\Desktop\AdwCleaner[S0].txt
2015-01-18 07:04 - 2015-01-18 07:04 - 00001220 _____ () C:\Users\Admin\Desktop\Malwarebytes Anti-Malware180120150700.txt
2015-01-18 06:50 - 2015-01-19 14:29 - 00001280 _____ () C:\Users\Admin\Desktop\Revo Uninstaller.lnk
2015-01-18 06:50 - 2015-01-19 14:29 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-01-18 06:50 - 2015-01-18 06:50 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Admin\Downloads\revosetup95.exe
2015-01-17 13:14 - 2015-01-19 15:54 - 00000000 ____D () C:\AdwCleaner
2015-01-17 13:14 - 2015-01-17 13:14 - 02186752 _____ () C:\Users\Admin\Downloads\AdwCleaner_4.108.exe
2015-01-17 13:12 - 2015-01-17 13:12 - 00380416 _____ () C:\Users\Admin\Downloads\dsz5321w.exe
2015-01-17 12:42 - 2015-01-17 13:05 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-01-17 12:41 - 2015-01-17 13:05 - 00000000 ____D () C:\Users\Admin\Desktop\mbar
2015-01-17 12:40 - 2015-01-17 12:41 - 16448208 _____ (Malwarebytes Corp.) C:\Users\Admin\Downloads\mbar-1.08.2.1001.exe
2015-01-17 12:16 - 2015-01-17 12:16 - 02347384 _____ (ESET) C:\Users\Admin\Downloads\esetsmartinstaller_deu(2).exe
2015-01-17 12:08 - 2015-01-17 12:08 - 00013401 _____ () C:\Users\Admin\Downloads\gmerversion2018444.log
2015-01-17 09:48 - 2015-01-19 15:54 - 00004924 _____ () C:\WINDOWS\PFRO.log
2015-01-17 09:47 - 2015-01-17 09:47 - 00009952 _____ () C:\Users\Admin\Desktop\malwarebytestestversion2041028.txt
2015-01-17 09:45 - 2015-01-17 09:45 - 00365568 _____ () C:\Users\Admin\Downloads\gmer-2.0.18444.exe
2015-01-17 09:38 - 2015-01-17 09:38 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Admin\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-17 09:32 - 2015-01-17 09:32 - 00085001 _____ () C:\Users\Admin\Desktop\Resultminitoolbox.txt
2015-01-17 09:31 - 2015-01-17 09:32 - 00084965 _____ () C:\Users\Admin\Downloads\Result.txt
2015-01-17 09:31 - 2015-01-17 09:31 - 00401920 _____ (Farbar) C:\Users\Admin\Downloads\MiniToolBox.exe
2015-01-17 09:23 - 2015-01-17 09:23 - 00126319 _____ () C:\Users\Admin\Downloads\Shortcut.txt
2015-01-17 09:21 - 2015-01-17 09:21 - 00049295 _____ () C:\Users\Admin\Desktop\FRST.txt
2015-01-17 08:49 - 2015-01-17 08:49 - 00380416 _____ () C:\Users\Admin\Downloads\Gmer-19357.exe
2015-01-17 08:44 - 2015-01-19 15:57 - 00023106 _____ () C:\Users\Admin\Downloads\FRST.txt
2015-01-17 08:44 - 2015-01-19 15:57 - 00000000 ____D () C:\FRST
2015-01-17 08:44 - 2015-01-18 17:02 - 00057121 _____ () C:\Users\Admin\Downloads\Addition.txt
2015-01-17 08:43 - 2015-01-18 10:11 - 02126336 _____ (Farbar) C:\Users\Admin\Downloads\FRST64.exe
2015-01-17 08:43 - 2015-01-18 10:09 - 00000472 _____ () C:\Users\Admin\Downloads\defogger_disable.log
2015-01-17 08:43 - 2015-01-17 08:43 - 00050477 _____ () C:\Users\Admin\Downloads\Defogger.exe
2015-01-17 08:43 - 2015-01-17 08:43 - 00000000 _____ () C:\Users\Admin\defogger_reenable
2015-01-16 17:10 - 2015-01-16 17:10 - 00000000 ____D () C:\Users\Admin\Downloads\TcpView-3.05
2015-01-16 17:09 - 2015-01-16 17:09 - 01179936 _____ () C:\Users\Admin\Downloads\TCPView - CHIP-Installer.exe
2015-01-16 17:09 - 2015-01-16 17:09 - 00291606 _____ () C:\Users\Admin\Downloads\TcpView-3.05.zip
2015-01-16 14:41 - 2015-01-16 14:41 - 00003657 _____ () C:\Users\Admin\Desktop\virenverdachtdatei.txt
2015-01-16 08:41 - 2015-01-16 08:41 - 02347384 _____ (ESET) C:\Users\Admin\Downloads\esetsmartinstaller_deu(1).exe
2015-01-15 06:14 - 2015-01-19 15:54 - 00000000 ____D () C:\WINDOWS\CryptoGuard
2015-01-15 06:14 - 2015-01-17 08:12 - 00000000 ____D () C:\Program Files (x86)\HitmanPro.Alert
2015-01-15 06:14 - 2015-01-15 06:37 - 00548424 _____ (SurfRight) C:\WINDOWS\system32\hmpalert.dll
2015-01-15 06:14 - 2015-01-15 06:37 - 00477008 _____ (SurfRight) C:\WINDOWS\SysWOW64\hmpalert.dll
2015-01-15 06:14 - 2015-01-15 06:37 - 00093144 _____ () C:\WINDOWS\system32\Drivers\hmpalert.sys
2015-01-15 06:14 - 2015-01-15 06:14 - 01889616 _____ (SurfRight B.V.) C:\Users\Admin\Downloads\hmpalert.exe
2015-01-15 06:14 - 2015-01-15 06:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro.Alert
2015-01-15 06:14 - 2015-01-15 06:14 - 00000000 ____D () C:\ProgramData\HitmanPro.Alert
2015-01-15 06:09 - 2015-01-15 06:09 - 00319536 _____ () C:\WINDOWS\Minidump\011515-10203-01.dmp
2015-01-15 06:08 - 2015-01-15 06:08 - 1604350282 _____ () C:\WINDOWS\MEMORY.DMP
2015-01-15 05:52 - 2015-01-15 05:52 - 00012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe
2015-01-15 05:52 - 2015-01-15 05:52 - 00000856 _____ () C:\WINDOWS\system32\.crusader
2015-01-15 05:52 - 2015-01-15 05:52 - 00000142 _____ () C:\WINDOWS\system32\bootdelete.lst
2015-01-14 20:20 - 2015-01-14 20:22 - 00000000 ____D () C:\Program Files (x86)\TrojanHunter 5.6
2015-01-14 20:20 - 2015-01-14 20:20 - 00059392 ____R () C:\WINDOWS\SysWOW64\streamhlp.dll
2015-01-14 20:20 - 2015-01-14 20:20 - 00001097 _____ () C:\Users\Admin\Desktop\TrojanHunter.lnk
2015-01-14 20:20 - 2015-01-14 20:20 - 00000000 ____D () C:\ProgramData\TrojanHunter
2015-01-14 20:20 - 2015-01-14 20:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrojanHunter
2015-01-14 20:16 - 2015-01-14 20:16 - 00000949 _____ () C:\Users\Mcx1-ONEPC\Desktop\PeerGuardian.lnk
2015-01-14 20:16 - 2015-01-14 20:16 - 00000949 _____ () C:\Users\Admin\Desktop\PeerGuardian.lnk
2015-01-14 20:16 - 2015-01-14 20:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PeerGuardian 2
2015-01-14 20:16 - 2015-01-14 20:16 - 00000000 ____D () C:\Program Files (x86)\PeerGuardian2
2015-01-14 19:44 - 2015-01-14 19:45 - 02347384 _____ (ESET) C:\Users\Admin\Downloads\esetsmartinstaller_deu.exe
2015-01-14 19:44 - 2015-01-14 19:44 - 02209056 _____ () C:\Users\Admin\Downloads\avira-eu-cleaner_de.exe
2015-01-14 19:44 - 2015-01-14 19:44 - 00002072 _____ () C:\Users\Admin\Desktop\Entfernen des Avira EU-Cleaners.lnk
2015-01-14 19:44 - 2015-01-14 19:44 - 00002016 _____ () C:\Users\Admin\Desktop\Avira EU-Cleaner.lnk
2015-01-14 19:35 - 2015-01-15 05:52 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-01-14 19:35 - 2015-01-14 19:35 - 11225840 _____ (SurfRight B.V.) C:\Users\Admin\Downloads\hitmanpro_x64.exe
2015-01-14 19:28 - 2015-01-19 15:54 - 00008155 _____ () C:\WINDOWS\setupact.log
2015-01-14 19:28 - 2015-01-14 19:28 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-01-14 17:25 - 2014-04-16 00:35 - 00028352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
2015-01-14 17:25 - 2014-04-16 00:34 - 00029888 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2015-01-14 10:15 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-01-14 10:15 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-01-14 10:15 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-01-14 10:15 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-01-14 10:15 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-01-14 10:15 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-01-14 10:15 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-01-14 10:15 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-01-14 10:15 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-01-14 10:15 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-01-14 10:15 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-01-14 10:15 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-01-14 10:15 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-01-14 10:15 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-01-14 10:15 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-01-13 14:36 - 2015-01-13 14:41 - 00000000 ____D () C:\Users\Admin\Documents\InfiniteCrisis
2015-01-13 14:36 - 2015-01-13 14:36 - 00000000 ____D () C:\Users\Admin\AppData\Local\InfiniteCrisis
2015-01-13 08:17 - 2015-01-13 12:41 - 00000000 ____D () C:\Users\Admin\AppData\Local\Turbine
2015-01-13 08:08 - 2015-01-13 08:08 - 00000000 ____D () C:\ProgramData\Turbine
2015-01-13 07:17 - 2015-01-13 07:19 - 164623600 _____ () C:\Users\Admin\Desktop\InfiniteCrisisInstaller.exe
2015-01-10 12:50 - 2015-01-10 12:50 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2015-01-10 12:49 - 2015-01-10 12:50 - 05410368 _____ (Code Laboratories, Inc.) C:\Users\Admin\Downloads\CL-Eye-Driver-5.3.0.0341.exe
2015-01-10 12:42 - 2015-01-10 12:43 - 23535342 _____ () C:\Users\Admin\Downloads\ECam-V2_0_3_0.zip
2015-01-09 17:16 - 2015-01-09 17:50 - 2840363008 _____ () C:\Users\Admin\Downloads\Image_Windows7_32+64.iso
2015-01-05 14:30 - 2015-01-05 14:30 - 01923104 _____ (CTS Games Ltd. ) C:\Users\Admin\Downloads\szone_webinst.exe
2015-01-04 19:49 - 2015-01-18 14:23 - 00070144 ___SH () C:\Users\Admin\Desktop\Thumbs.db
2015-01-03 16:16 - 2015-01-03 16:16 - 00000876 _____ () C:\Users\Admin\Desktop\X-Motor Racing Launcher.lnk
2015-01-03 16:16 - 2015-01-03 16:16 - 00000831 _____ () C:\Users\Admin\Desktop\X-Motor Racing.lnk
2015-01-03 16:16 - 2015-01-03 16:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\X-Motor Racing Demo
2015-01-03 16:15 - 2015-01-03 16:15 - 00000000 ____D () C:\Games
2015-01-03 16:11 - 2015-01-03 16:14 - 220323599 _____ () C:\Users\Admin\Downloads\x-motor-racing.demo.v1.48.zip
2014-12-30 13:55 - 2014-12-30 13:55 - 00003909 _____ () C:\Users\Admin\Downloads\Transformers.Rise.of.the.Dark.Spark.save100.zip
2014-12-30 13:47 - 2014-12-30 13:47 - 00000000 ____H () C:\Users\Admin\Documents\Default.rdp
2014-12-29 18:53 - 2014-12-29 18:53 - 00000000 ____D () C:\Lohnkonto
2014-12-29 17:46 - 2014-12-29 17:46 - 00002860 _____ () C:\Users\Admin\Desktop\ToppKurierMA2014.csv
2014-12-29 17:42 - 2014-12-29 17:42 - 00004266 _____ () C:\Users\Admin\Desktop\MA2014.txt
2014-12-29 17:35 - 2014-12-29 19:12 - 00000000 ____D () C:\Users\Admin\elan2014
2014-12-29 17:34 - 2014-12-29 17:34 - 00001985 _____ () C:\Users\Admin\Desktop\REHADAT_Elan_2014.lnk
2014-12-29 17:34 - 2014-12-29 17:34 - 00000000 ____D () C:\Users\Admin\elan2014start
2014-12-29 17:34 - 2014-12-29 17:34 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\REHADAT_Elan_2014
2014-12-28 15:26 - 2014-12-28 15:26 - 00000000 ____D () C:\Users\Admin\AppData\Local\Skyrim
2014-12-28 08:06 - 2014-12-28 08:06 - 00000000 ____D () C:\Users\Admin\AppData\Local\techland
2014-12-27 21:21 - 2014-12-27 21:21 - 00000222 _____ () C:\Users\Admin\Desktop\Call of Juarez Gunslinger.url
2014-12-26 08:14 - 2014-12-26 08:14 - 00003886 _____ () C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2014-12-25 14:03 - 2015-01-19 11:40 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\QuickScan
2014-12-25 09:52 - 2014-12-25 09:52 - 00003090 _____ () C:\WINDOWS\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2819443126-392552937-1277417864-1001
2014-12-24 20:00 - 2014-12-24 20:00 - 00000222 _____ () C:\Users\Admin\Desktop\Next Car Game Wreckfest.url
2014-12-24 19:03 - 2014-12-24 19:03 - 00000000 ____D () C:\Users\Admin\AppData\Local\next car game technology sneak peek
2014-12-24 19:02 - 2014-12-24 19:02 - 11754447 _____ () C:\Users\Admin\Downloads\ncg_wallpapers.zip
2014-12-24 18:26 - 2014-12-24 19:00 - 00000222 _____ () C:\Users\Admin\Desktop\Next Car Game Sneak Peek 2.0.url
2014-12-24 12:15 - 2014-12-24 12:15 - 00000221 _____ () C:\Users\Admin\Desktop\Cogs.url
2014-12-24 11:39 - 2014-12-24 11:38 - 00000444 _____ () C:\Users\Admin\Desktop\Delivery report.ext
2014-12-22 19:50 - 2015-01-19 15:24 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2819443126-392552937-1277417864-1001
2014-12-22 17:33 - 2014-12-22 17:34 - 06177829 _____ () C:\Users\Admin\Downloads\Helmet&Driver.rar
2014-12-22 17:33 - 2014-12-22 17:33 - 00534227 _____ (Reiza Studios Ltda. ) C:\Users\Admin\Downloads\Marcas_v102_Setup.exe
2014-12-22 12:40 - 2015-01-19 15:55 - 01741671 _____ () C:\WINDOWS\WindowsUpdate.log
2014-12-22 12:37 - 2015-01-19 15:20 - 00005124 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for ONEPC-Admin OnePC
2014-12-22 12:34 - 2014-12-22 12:34 - 00002772 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2014-12-22 12:34 - 2014-12-22 12:34 - 00000794 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-12-22 12:34 - 2014-12-22 12:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-12-22 12:34 - 2014-12-22 12:34 - 00000000 ____D () C:\Program Files\CCleaner
2014-12-22 12:30 - 2015-01-05 14:39 - 00000000 ____D () C:\Program Files (x86)\Panda Security
2014-12-22 12:30 - 2015-01-05 14:38 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Panda Security
2014-12-22 12:30 - 2014-12-22 12:31 - 04036200 _____ (Piriform Ltd) C:\Users\Admin\Downloads\ccsetup500_slim.exe
2014-12-22 12:29 - 2015-01-05 14:38 - 00000000 ____D () C:\ProgramData\Panda Security
2014-12-21 11:49 - 2014-12-21 11:49 - 00000222 _____ () C:\Users\Admin\Desktop\The Great War 1918.url
2014-12-21 11:46 - 2014-12-21 11:46 - 00001373 _____ () C:\Users\Admin\Desktop\The Great War 1918.lnk
2014-12-21 09:44 - 2014-12-21 09:44 - 00000222 _____ () C:\Users\Admin\Desktop\Company of Heroes (New Steam Version).url
2014-12-20 11:53 - 2014-12-25 13:17 - 00000022 _____ () C:\WINDOWS\GPU-Z.INI
2014-12-20 11:43 - 2014-12-20 11:43 - 00000000 ____D () C:\Program Files (x86)\Futuremark
2014-12-20 11:40 - 2014-12-20 11:41 - 02674688 _____ () C:\Users\Admin\Downloads\Futuremark_SystemInfo_v433_installer.msi
2014-12-20 11:40 - 2014-12-20 11:40 - 00000000 ____D () C:\Users\Admin\AppData\Local\Futuremark
2014-12-20 11:33 - 2014-12-20 11:33 - 00001176 _____ () C:\Users\Public\Desktop\3DMark.lnk
2014-12-20 11:33 - 2014-12-20 11:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Futuremark
2014-12-20 11:33 - 2014-12-20 11:33 - 00000000 ____D () C:\Program Files\Futuremark
2014-12-20 08:41 - 2014-12-20 08:41 - 00000975 _____ () C:\Users\Admin\Desktop\TechPowerUp GPU-Z.lnk
2014-12-20 08:41 - 2014-12-20 08:41 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TechPowerUp GPU-Z
2014-12-20 08:41 - 2014-12-20 08:41 - 00000000 ____D () C:\Program Files (x86)\GPU-Z
2014-12-20 08:40 - 2014-12-20 08:40 - 01577464 _____ ( ) C:\Users\Admin\Downloads\cpu-z_1.71.1-setup-en.exe
2014-12-20 08:09 - 2014-12-20 08:09 - 00001098 _____ () C:\Users\Admin\Desktop\MSI Afterburner.lnk
2014-12-20 08:08 - 2014-12-20 08:08 - 00000000 ____D () C:\Users\Admin\Downloads\MSIAfterburnerSetup400

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-19 15:55 - 2013-11-03 10:49 - 00001126 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-19 15:55 - 2013-06-04 07:27 - 00000000 __RDO () C:\Users\Admin\SkyDrive
2015-01-19 15:54 - 2014-11-28 10:25 - 32800589 _____ () C:\Simraceway.log
2015-01-19 15:54 - 2013-11-03 10:49 - 00001130 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-19 15:54 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-19 15:54 - 2013-08-22 14:25 - 00786432 ___SH () C:\WINDOWS\system32\config\BBI
2015-01-19 15:24 - 2013-11-03 16:46 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-01-19 15:09 - 2014-09-28 09:25 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Raptr
2015-01-19 15:09 - 2013-11-03 07:37 - 00000000 ____D () C:\Fraps
2015-01-19 15:09 - 2013-08-04 19:03 - 00000000 ____D () C:\ProgramData\Origin
2015-01-19 14:52 - 2013-09-30 05:14 - 01780344 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-01-19 14:52 - 2013-09-30 04:58 - 00766800 _____ () C:\WINDOWS\system32\perfh007.dat
2015-01-19 14:52 - 2013-09-30 04:58 - 00160082 _____ () C:\WINDOWS\system32\perfc007.dat
2015-01-19 14:44 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-01-19 09:46 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-01-19 06:58 - 2013-06-04 18:18 - 00000000 ____D () C:\Users\Admin\AppData\Local\CrashDumps
2015-01-19 06:18 - 2013-12-28 10:24 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2015-01-18 11:16 - 2014-04-13 18:20 - 00000000 ____D () C:\Users\Admin\Documents\Garmin
2015-01-18 11:16 - 2014-04-13 18:19 - 00000000 ____D () C:\Program Files (x86)\Garmin
2015-01-18 11:16 - 2014-04-13 18:16 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Garmin
2015-01-18 11:16 - 2014-04-13 18:16 - 00000000 ____D () C:\Users\Admin\AppData\Local\Garmin
2015-01-18 11:16 - 2014-04-13 18:16 - 00000000 ____D () C:\ProgramData\Garmin
2015-01-18 11:16 - 2013-10-04 13:33 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-18 11:06 - 2014-11-15 10:45 - 00000000 ____D () C:\ProgramData\eMule
2015-01-18 10:56 - 2013-06-03 18:28 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-01-18 10:46 - 2013-10-23 15:32 - 00000000 ____D () C:\Users\Admin
2015-01-18 10:33 - 2014-10-21 11:59 - 00000000 ____D () C:\ProgramData\Netzmanager
2015-01-18 10:33 - 2014-10-20 16:39 - 00000000 ____D () C:\Users\Mcx1-ONEPC
2015-01-18 10:32 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\registration
2015-01-18 09:03 - 2014-08-03 04:32 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\StormFall
2015-01-18 08:45 - 2013-06-03 18:27 - 00000000 ____D () C:\WINDOWS\tmpdrv
2015-01-18 08:38 - 2014-04-13 13:41 - 00000132 _____ () C:\Users\Admin\AppData\Local\killertool.log
2015-01-18 07:25 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-01-18 07:19 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-01-17 09:48 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\IME
2015-01-17 09:20 - 2014-08-26 16:37 - 00000000 ____D () C:\Users\Admin\Desktop\Neues Verzeichnis
2015-01-17 08:39 - 2013-06-20 18:11 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\TeamViewer
2015-01-15 15:28 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-01-15 06:09 - 2014-01-17 15:30 - 00000000 ____D () C:\WINDOWS\Minidump
2015-01-14 19:23 - 2013-06-27 19:03 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\TS3Client
2015-01-14 10:34 - 2013-07-12 17:28 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-14 10:31 - 2013-06-03 19:18 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-01-13 21:46 - 2013-06-04 07:07 - 00000000 ____D () C:\ProgramData\Lexware
2015-01-13 19:24 - 2013-11-03 16:46 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-01-13 18:25 - 2014-02-11 16:50 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\apsec
2015-01-13 08:17 - 2014-08-19 15:45 - 00000000 ____D () C:\Users\Admin\AppData\Local\Adobe
2015-01-13 07:07 - 2014-12-02 10:55 - 00000000 ____D () C:\Users\Admin\Documents\The Crew
2015-01-13 07:07 - 2014-03-01 12:42 - 00000000 ____D () C:\Users\Admin\Documents\DayZ
2015-01-13 07:07 - 2013-09-26 18:04 - 00000000 ____D () C:\Users\Admin\Documents\Arma 3
2015-01-12 20:56 - 2013-06-03 18:14 - 00000000 ____D () C:\Users\Admin\AppData\Local\Packages
2015-01-10 16:31 - 2013-06-27 08:14 - 00000000 ____D () C:\Users\Admin\Documents\Outlook-Dateien
2015-01-07 08:35 - 2014-06-03 10:45 - 01291280 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2015-01-07 08:35 - 2014-04-08 20:01 - 02210224 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2015-01-07 08:34 - 2014-06-03 10:45 - 01715408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2015-01-07 08:34 - 2014-04-08 20:01 - 02824504 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2015-01-06 01:08 - 2013-08-22 16:38 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-01-06 01:08 - 2013-08-22 16:38 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-05 14:39 - 2014-12-17 22:00 - 00000000 ____D () C:\WINDOWS\SysWOW64\NV
2015-01-05 14:39 - 2014-12-17 22:00 - 00000000 ____D () C:\WINDOWS\system32\NV
2015-01-05 14:39 - 2013-08-22 15:44 - 00500104 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-01-05 14:34 - 2013-08-04 19:05 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Origin
2015-01-03 08:38 - 2014-12-19 13:00 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\vlc
2015-01-03 08:22 - 2013-08-22 16:36 - 00000000 __RHD () C:\Users\Public\Libraries
2014-12-31 12:14 - 2013-06-03 19:24 - 00298120 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2014-12-31 11:31 - 2013-11-30 13:20 - 00000000 ____D () C:\Users\Admin\Documents\SimCity
2014-12-28 11:52 - 2013-06-04 16:16 - 00000000 ____D () C:\Users\Admin\Documents\my games
2014-12-28 09:27 - 2013-08-26 18:03 - 00000000 ____D () C:\Users\Admin\Documents\4A Games
2014-12-27 21:21 - 2013-06-05 20:49 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-12-25 10:02 - 2014-10-05 11:21 - 00007602 _____ () C:\Users\Admin\AppData\Local\Resmon.ResmonCfg
2014-12-25 09:49 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\schemas
2014-12-25 07:33 - 2013-07-07 18:47 - 00000000 ____D () C:\Users\Admin\AppData\Local\4A Games
2014-12-23 20:23 - 2014-04-21 10:25 - 00000000 ____D () C:\Users\Admin\Downloads\recuva 8gb stick
2014-12-23 06:55 - 2013-09-12 07:56 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-12-22 12:49 - 2014-11-12 10:36 - 27590656 _____ () C:\WINDOWS\system32\vmguest.iso
2014-12-22 12:18 - 2013-11-17 08:59 - 00015512 _____ () C:\Users\Admin\Downloads\hijackthis.log
2014-12-22 12:15 - 2013-11-17 09:04 - 00000000 ____D () C:\Users\Admin\Downloads\backups
2014-12-21 08:24 - 2013-06-22 13:07 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\.rFactor
2014-12-21 08:03 - 2013-06-20 18:05 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\rFactor 2
2014-12-20 19:56 - 2014-12-02 10:55 - 00000000 ____D () C:\Users\Admin\Documents\ProfileCache
2014-12-20 18:31 - 2014-08-26 16:52 - 00000000 ____D () C:\Program Files (x86)\RivaTuner Statistics Server
2014-12-20 11:57 - 2013-08-25 15:25 - 00000000 ____D () C:\Users\Admin\Documents\3DMark
2014-12-20 08:40 - 2014-07-15 15:20 - 00000845 _____ () C:\Users\Public\Desktop\CPUID CPU-Z.lnk
2014-12-20 08:09 - 2013-11-03 07:59 - 00000000 ____D () C:\WINDOWS\SysWOW64\directx
2014-12-20 08:09 - 2013-11-03 07:59 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner
2014-12-20 08:09 - 2013-11-03 07:59 - 00000000 ____D () C:\Program Files (x86)\MSI Afterburner
2014-12-20 06:40 - 2014-12-15 22:52 - 00000000 ____D () C:\Users\Admin\Documents\Assetto Corsa

==================== Files in the root of some directories =======
2014-07-05 19:34 - 2014-07-06 05:11 - 0000154 _____ () C:\Users\Admin\AppData\Roaming\Rim.Desktop.Exception.log
2014-07-05 19:34 - 2014-11-28 10:20 - 0001937 _____ () C:\Users\Admin\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2014-07-05 19:34 - 2014-07-06 05:11 - 0000154 _____ () C:\Users\Admin\AppData\Roaming\Rim.DesktopHelper.Exception.log
2014-04-13 13:44 - 2014-10-23 09:10 - 0000000 _____ () C:\Users\Admin\AppData\Local\BluetoothPresent.flag
2014-04-13 13:44 - 2014-10-23 09:10 - 0000000 _____ () C:\Users\Admin\AppData\Local\Driver_Jupiter_01Present.flag
2014-04-13 13:44 - 2014-10-23 09:10 - 0000000 _____ () C:\Users\Admin\AppData\Local\Driver_LOM_8161Present.flag
2014-11-09 07:59 - 2014-11-09 08:00 - 0318088 _____ () C:\Users\Admin\AppData\Local\HDGraph.log
2014-04-13 13:41 - 2015-01-18 08:38 - 0000132 _____ () C:\Users\Admin\AppData\Local\killertool.log
2014-01-04 17:12 - 2014-11-10 16:33 - 0000600 _____ () C:\Users\Admin\AppData\Local\PUTTY.RND
2014-10-05 11:21 - 2014-12-25 10:02 - 0007602 _____ () C:\Users\Admin\AppData\Local\Resmon.ResmonCfg
2013-09-09 14:29 - 2013-09-09 14:29 - 0000057 _____ () C:\ProgramData\Ament.ini

Some content of TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\917b0b87-3358-4e79-93de-3dfc2fc99ed0.exe
C:\Users\Admin\AppData\Local\Temp\Quarantine.exe
C:\Users\Admin\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-18 15:22

==================== End Of Log ============================
         
--- --- ---

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-01-2015
Ran by Admin at 2015-01-19 15:57:57
Running from C:\Users\Admin\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 CAT 3 - West - v4.0 (HKLM-x32\...\{D3D02004-0977-4BB1-8FE8-8BC4230DCEEC}}_is1) (Version:  - Eutechnyx, Ltd)
3DMark (HKLM-x32\...\{7330098c-3669-4f39-9e82-4221d489db39}) (Version: 1.4.828.0 - Futuremark)
3DMark (Version: 1.4.828.0 - Futuremark) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.0.3.13070 - Adobe Systems Inc.)
Adobe Connect 9 Add-in (HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\Adobe Connect 9 Add-in) (Version: 11,9,959,0 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
Alan Wake (HKLM-x32\...\Steam App 108710) (Version:  - Remedy Entertainment)
Arma 3 (HKLM-x32\...\Steam App 107410) (Version:  - Bohemia Interactive)
Assetto Corsa - Technology Preview Version 0.9.9 (HKLM-x32\...\{29826B4C-ADEF-4729-90D7-5011FD1C2B5E}_is1) (Version: 0.9.9 - Kunos Simulazioni)
Assetto Corsa (HKLM-x32\...\Steam App 244210) (Version:  - Kunos Simulazioni)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.4.2.23831 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.5.1 - EA Digital Illusions CE AB)
Call of Duty: Advanced Warfare (HKLM-x32\...\Steam App 209650) (Version:  - Sledgehammer Games)
Call of Duty: Black Ops II - Zombies (HKLM-x32\...\Steam App 212910) (Version:  - )
Call of Duty: Black Ops II (HKLM-x32\...\Steam App 202970) (Version:  - Treyarch)
Call of Duty: Ghosts - Multiplayer (HKLM-x32\...\Steam App 209170) (Version:  - )
Call of Juarez Gunslinger (HKLM-x32\...\Steam App 204450) (Version:  - Techland)
CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
Cogs (HKLM-x32\...\Steam App 26500) (Version:  - Lazy 8 Studios)
Company of Heroes 2 (HKLM-x32\...\Steam App 231430) (Version:  - Relic Entertainment)
CPUID CPU-Z 1.71.1 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
Crysis®3 (HKLM-x32\...\{4198AE83-A3C6-4C41-85C8-EC63E990696E}) (Version: 1.0.0.0 - Electronic Arts)
dakota.ag (HKLM-x32\...\dakota.ag) (Version: 6.0.30 - ITSG GmbH)
dakota.ag (x32 Version: 6.0.30 - ITSG GmbH) Hidden
DayZ (HKLM-x32\...\Steam App 221100) (Version:  - Bohemia Interactive)
DGS-1500-28 (HKLM-x32\...\{A0EBA397-F8F2-43A8-BF90-BFB06720EFB4}) (Version: 1.0.0.7 - D-Link)
D-Link SmartConsole Utility (HKLM-x32\...\InstallShield_{4FCE40BB-5BD6-43C9-8DAD-5B0551D8DF0C}) (Version: 3.00.10 - D-Link)
D-Link SmartConsole Utility (x32 Version: 3.00.10 - D-Link) Hidden
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
Emergency Download Driver (HKLM-x32\...\{9ED72246-E35D-4B03-8369-605E82465A29}) (Version: 1.1.5.1416 - Nokia)
Far Cry 3 (HKLM-x32\...\{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}) (Version: 1.04 - Ubisoft)
Far Cry 4 (HKLM-x32\...\Uplay Install 420) (Version:  - Ubisoft)
FileViewPro (HKLM\...\{29938C06-6962-4C27-A94C-25E4F424A665}_is1) (Version: 1.5 - Solvusoft Corporation)
FileZilla Client 3.9.0.6 (HKLM-x32\...\FileZilla Client) (Version: 3.9.0.6 - Tim Kosse)
FOSCAM Client (HKLM-x32\...\{9F9CDA0B-2291-4061-85C4-441A75BE6713}) (Version: 1.4.13 - FOSCAM)
Fraps (HKLM-x32\...\Fraps) (Version:  - )
Free Audio CD to MP3 Converter version 1.3.12.1228 (HKLM-x32\...\Free Audio CD to MP3 Converter_is1) (Version: 1.3.12.1228 - DVDVideoSoft Ltd.)
Free YouTube Download version 3.2.49.1122 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.49.1122 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.39.604 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.39.604 - DVDVideoSoft Ltd.)
FreeCommander XE (HKLM-x32\...\FreeCommander XE_is1) (Version: Preview - Marek Jasinski)
Fuse Drivers x64 (HKLM-x32\...\{06904B2B-5000-4C58-9471-256BA1A303BE}) (Version: 11.34.1 - Nokia)
Futuremark SystemInfo (HKLM-x32\...\{2FE4C157-30AD-47F3-9D93-D9A2AFF25D3F}) (Version: 4.33.485.0 - Futuremark)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GRID Autosport (HKLM-x32\...\Steam App 255220) (Version:  - Codemasters Racing)
Half-Life 2 (HKLM-x32\...\Steam App 220) (Version:  - Valve)
HitmanPro.Alert (HKLM\...\HitmanPro.Alert) (Version: 2.6.5.77 - SurfRight B.V.)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet Pro 8600 - Grundlegende Software für das Gerät (HKLM\...\{D2D05FDB-4EDA-462D-8DB6-E0B9AD4FA25F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Hilfe (HKLM-x32\...\{FDE820DD-CC88-4395-AD5C-801365B8F316}) (Version: 28.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
HPDetect (HKLM-x32\...\{CCCDD476-98F9-4B06-91DB-23F27CEC3BE1}) (Version: 1.0.0.0 - HP)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel(R) Driver Update Utility 2.0 (x32 Version: 2.0.0.29 - Intel) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3958 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.0.1030 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)
IPCamSetup (HKLM-x32\...\{02C39DE9-B03A-4FE7-89F9-61E224FE65CC}) (Version: 1.00.0000 - FOSCAM)
IPCWebComponents 3.1.0.5 (HKLM-x32\...\{4740E1B2-51CF-4083-8976-D6B3B5A5064F}_is1) (Version: 3.1.0.5 - )
iRacing.com Race Simulation (HKLM-x32\...\{CBBB3C80-76F5-42B5-92A6-C4BF84796DCB}) (Version: 1.01.0485 - iRacing.com Motorsport Simulations)
iSpy (HKLM-x32\...\{067B0B45-5718-4AF1-AAAB-A8D0894183A0}) (Version: 5.6.8 - iSpy)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Lexware Elster (HKLM-x32\...\{CEF3D480-E4A5-4962-BCF5-D72F355B4E98}) (Version: 14.02.00.0015 - Haufe-Lexware GmbH & Co.KG)
Lexware financial office 2014 (x32 Version: 18.51.00.0199 - Haufe-Lexware GmbH & Co.KG) Hidden
Lexware financial office plus 2014 (HKLM-x32\...\{cceb5f5e-fa2f-4632-aa50-1dffce083c79}) (Version: 18.0.0.98 - Haufe-Lexware GmbH & Co.KG)
Lexware Info Service (HKLM-x32\...\{C5F9841A-CE4B-4D57-AB97-D7A82910E1F6}) (Version: 4.51.00.0091 - Haufe-Lexware GmbH & Co.KG)
Lexware Installations Dienst (HKLM-x32\...\{1071B240-540B-420C-A40F-EF0AF5CD4892}) (Version: 3.51.00.0022 - Haufe-Lexware GmbH & Co.KG)
Lexware online banking (HKLM-x32\...\{7F603892-89C9-4EC4-9236-7AD4A798EA41}) (Version: 21.00.00.0039 - Haufe-Lexware GmbH & Co.KG)
Lexware PDF-Export 5 (x32 Version: 5.00.00.0005 - Haufe-Lexware GmbH & Co.KG) Hidden
LinuxLive USB Creator (HKLM-x32\...\LinuxLive USB Creator) (Version: 2.8 - Thibaut Lauziere)
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 5.2 - Paramount Software (UK) Ltd.)
Macrium Reflect Free Edition (Version: 5.3.7086 - Paramount Software (UK) Ltd.) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Metro 2033 Redux (HKLM-x32\...\Steam App 286690) (Version:  - 4A GAMES)
Metro: Last Light Redux (HKLM-x32\...\Steam App 287390) (Version:  - 4A Games)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 15.0.4675.1003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM-x32\...\{95140000-0137-0407-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Mozilla Firefox 35.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0 (x86 de)) (Version: 35.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0 - Mozilla)
Mozilla Thunderbird 17.0.6 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 17.0.6 (x86 de)) (Version: 17.0.6 - Mozilla)
Mozilla Thunderbird 24.0.1 (x86 de) (HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\Mozilla Thunderbird 24.0.1 (x86 de)) (Version: 24.0.1 - Mozilla)
MSI Afterburner 4.0.0 (HKLM-x32\...\Afterburner) (Version: 4.0.0 - MSI Co., LTD)
MSI Kombustor 2.5.0 (HKLM-x32\...\{0B7C79A5-5CB2-4ABD-A9C1-92A6213CE8DD}_is1) (Version:  - MSI Co., LTD)
Need for Speed™ Rivals (HKLM-x32\...\{E0A32336-AA27-4053-99B2-C3380B7B95AC}) (Version: 1.4.0.0 - Electronic Arts)
Nero 9 Lite (HKLM-x32\...\{f50f5bef-c397-4ef8-a24c-4d151e4c22ec}) (Version:  - Nero AG)
Nero Burning ROM 2014 (HKLM-x32\...\{A4DC74AA-F4DF-48B9-AA4B-C30CA0DBCA33}) (Version: 15.0.04600 - Nero AG)
Nero Info (HKLM-x32\...\{B791E0AB-87A9-41A4-8D98-D13C2E37D928}) (Version: 15.1.0030 - Nero AG)
Netzmanager (HKLM-x32\...\Netzmanager) (Version: 1.081 - Deutsche Telekom AG)
Netzmanager (Version: 1.081 - Deutsche Telekom AG, Marmiko IT-Solutions GmbH) Hidden
Next Car Game Sneak Peek 2.0 (HKLM-x32\...\Steam App 272860) (Version:  - Bugbear)
Next Car Game: Wreckfest (HKLM-x32\...\Steam App 228380) (Version:  - Bugbear)
Nokia Software Recovery Tool (HKLM-x32\...\{637CB9CC-5F9E-40C1-ACF2-979733241E3E}) (Version: 1.4.3 - Nokia)
NVIDIA GeForce Experience 2.2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.09 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 9.3.1.4482 - Electronic Arts, Inc.)
PDF24 Creator 6.9.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PeerGuardian 2.0 (HKLM-x32\...\PeerGuardian_is1) (Version: 2.0.6.4 - Methlabs Productions)
Prerequisite installer (x32 Version: 15.0.0005 - Nero AG) Hidden
Puddle (HKLM-x32\...\Steam App 222140) (Version:  - Neko Entertainment)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Qualcomm Atheros Bandwidth Control Filter Driver (Version: 1.1.47.1374 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer E220x Drivers (Version: 1.1.47.1374 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer Performance Suite (HKLM-x32\...\{D675B346-8CDB-4C8E-804E-17FC9F62CEA5}) (Version: 1.1.47.1374 - Qualcomm Atheros)
Qualcomm Atheros Killer Wireless-N Drivers (Version: 1.1.47.1374 - Qualcomm Atheros) Hidden
Qualcomm Atheros Network Manager (Version: 1.1.47.1374 - Qualcomm Atheros) Hidden
RACE 07 (HKLM-x32\...\Steam App 8600) (Version:  - SimBin)
Race Injection (HKLM-x32\...\Steam App 44680) (Version:  - SimBin Studios AB)
RaceRoom Racing Experience  (HKLM-x32\...\Steam App 211500) (Version:  - SimBin Studios AB)
RaceRoom Racing Experience Launcher (HKLM-x32\...\{1FD9F07F-7BBF-4C91-B3F0-A23714A3A913}_is1) (Version: 1.0 - SimBin)
Raptr (HKLM-x32\...\Raptr) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6690 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.28123 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
rFactor2 (HKLM-x32\...\rFactor2) (Version:  - )
RivaTuner Statistics Server 6.2.0 (HKLM-x32\...\RTSS) (Version: 6.2.0 - Unwinder)
Roadkil's Unstoppable Copier Version 5.2 (HKLM-x32\...\{A306FD29-7D3A-4287-91AC-9A0180931395}_is1) (Version:  - Roadkil.Net)
SHIELD Streaming (Version: 3.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.18.14 - NVIDIA Corporation) Hidden
SimCity 2000 Special Edition (HKLM-x32\...\{59D2C751-F7BE-4E9F-9C8C-1F16013802C7}) (Version: 2.0.0.1 - Electronic Arts)
SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 4.0.86.0859 - Electronic Arts)
Simraceway 28.92 (HKLM-x32\...\Simraceway) (Version: 28.92 - Simraceway)
SSWebPlugin (HKLM-x32\...\{8E545090-944A-4AAE-8B20-23DF1786F17D}) (Version: 1.0.0.39 - Synology)
Starbound (HKLM-x32\...\Steam App 211820) (Version:  - )
Studie zur Verbesserung von HP Officejet Pro 8600 Produkten (HKLM\...\{B9824225-2055-4700-BCD4-64B25EC88264}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
SurveillanceHelper (HKLM-x32\...\{E8236305-76A1-4AE2-A35C-2498D6876912}) (Version: 1.0.0.3 - Synology)
SurveillancePlugin (HKLM-x32\...\{B4637DBD-7E8E-46D4-BC9C-EC1C9F1DC561}) (Version: 1.0.0.423 - Synology)
sv.net (HKLM-x32\...\sv.net) (Version: 14.1 - ITSG GmbH)
System Requirements Lab for Intel (HKLM-x32\...\{04C4B49D-45D9-4A28-9ED1-B45CBD99B8C7}) (Version: 4.5.24.0 - Husdawg, LLC)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.36897 - TeamViewer)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version:  - TechPowerUp)
The Bureau: XCOM Declassified (HKLM-x32\...\Steam App 65930) (Version:  - 2K Marin)
The Crew (Worldwide) (HKLM-x32\...\Uplay Install 413) (Version:  - Ubisoft)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Evil Within Demo (HKLM-x32\...\Steam App 329960) (Version:  - Tango Gameworks)
The Great War 1918 (HKLM-x32\...\Steam App 314420) (Version:  - Relic Entertainment)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.51a - Ghisler Software GmbH)
Transformers: Fall of Cybertron (HKLM-x32\...\Steam App 213120) (Version:  - Mercenary Technologies)
TRANSFORMERS: Rise of the Dark Spark (HKLM-x32\...\Steam App 245760) (Version:  - Edge of Reality)
TreeSize Free V3.2.1 (HKLM-x32\...\TreeSize Free_is1) (Version: 3.2.1 - JAM Software)
TrojanHunter 5.6 (HKLM-x32\...\TrojanHunter_is1) (Version: 5.6 - Bytelayer AB)
UltraISO Premium V9.6 (HKLM-x32\...\UltraISO_is1) (Version:  - )
Unity Web Player (HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Uplay (HKLM-x32\...\Uplay) (Version: 4.5 - Ubisoft)
USB Serial Port Driver (HKLM-x32\...\{281A7FBF-9E98-4639-AC73-D205BBF979AA}) (Version: 1.1.4.1416 - Nokia)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
War Thunder (HKLM-x32\...\Steam App 236390) (Version:  - Gaijin Entertainment)
Watch_Dogs (HKLM-x32\...\Uplay Install 274) (Version:  - Ubisoft)
Windows Phone app for desktop (HKLM-x32\...\{19773614-FC22-4ACC-AAA3-E6BDA81ACF92}) (Version: 1.1.2726.0 - Microsoft Corporation)
Windows Phone app for desktop (HKLM-x32\...\{9C4D79B6-238E-49D8-AEBC-26384EBDE6B3}) (Version: 1.0.1720.1 - Microsoft Corporation)
Windows-Treiberpaket - Lexmark International Printer  (07/06/2012 2.1.5.0) (HKLM\...\BF11496524DAA0EE0B3DE7C870A7D17BC97C0B14) (Version: 07/06/2012 2.1.5.0 - Lexmark International)
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
WinToUSB version 1.4 (HKLM-x32\...\WinToUSB_is1) (Version: 1.4 - The EasyUEFI Development Team.)
WinUsb CoInstallers (HKLM-x32\...\{B7D4B08A-9D89-4369-B51C-92CF8C03D2F8}) (Version: 1.1.8.1406 - Nokia)
WinUSB Compatible ID Drivers (HKLM-x32\...\{C97989C1-551F-4F41-A069-2A49567FD36B}) (Version: 1.1.6.1416 - Nokia)
WinUSB Drivers ext (HKLM-x32\...\{0ED6AC75-474D-4511-B198-05B8C99F6B8B}) (Version: 1.1.7.1416 - Nokia)
Wolfenstein: The New Order German Edition (HKLM-x32\...\Steam App 288570) (Version:  - MachineGames)
WRC 4 FIA WORLD RALLY CHAMPIONSHIP (HKLM-x32\...\Steam App 256330) (Version:  - Milestone S.r.l.)
X-Motor Racing Demo (HKLM-x32\...\X-Motor Racing Demo_is1) (Version:  - Exotypos)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2819443126-392552937-1277417864-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-2819443126-392552937-1277417864-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Admin\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points  =========================

12-01-2015 18:14:24 Geplanter Prüfpunkt
15-01-2015 05:51:28 Prüfpunkt von HitmanPro
18-01-2015 06:52:26 Revo Uninstaller's restore point - StormFall
18-01-2015 08:43:29 Wiederherstellungsvorgang
18-01-2015 10:16:34 18012015 vor adware benutzung 
18-01-2015 10:31:28 Wiederherstellungsvorgang
18-01-2015 11:50:21 voradwareanchorundhotspot
19-01-2015 14:37:35 Windows Modules Installer

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0AA1F179-FA10-46AF-9EAF-C6933A770D59} - \Seagate_Install_Launch No Task File <==== ATTENTION
Task: {1887A53C-F03A-4C3F-8FEC-01CA1DB6EA08} - System32\Tasks\Microsoft Office 15 Sync Maintenance for ONEPC-Admin OnePC => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-11-04] (Microsoft Corporation)
Task: {19395FDD-F5F0-447C-A834-FC9D8D1674EE} - \HPCustParticipation HP Officejet Pro 8600 No Task File <==== ATTENTION
Task: {203982B8-C446-4F4F-8EF0-0BF4BC3A8952} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-11-12] (Microsoft Corporation)
Task: {287F3197-7998-470F-B04D-6E2A296FABCB} - \GoogleUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {3036B396-15F3-4430-98A9-337AB8481398} - \GoogleUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {338EF201-1E25-40B3-98AE-3CFE691E881A} - \Microsoft_MKC_Logon_Task_itype.exe No Task File <==== ATTENTION
Task: {3AA151C0-7079-4BD8-89B0-609D22DCA726} - \Microsoft_Hardware_Launch_mousekeyboardcenter_exe No Task File <==== ATTENTION
Task: {41EED3EA-2A03-4192-87D2-5C3782189C28} - \User_Feed_Synchronization-{DF772C42-9DA6-4A07-A576-E2DAD94F2096} No Task File <==== ATTENTION
Task: {51474427-D684-45F5-8DB5-C0732E75E7CA} - \{26CC40C6-7AF6-4A6A-B384-369B1AFDBE66} No Task File <==== ATTENTION
Task: {57F7813B-623C-48B4-A6C2-525117AC3F7C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {619D129F-4304-4C73-A121-6730E9FA3027} - \CreateChoiceProcessTask No Task File <==== ATTENTION
Task: {7015B8D7-DDB2-4A32-8E32-10F221DF0882} - \Microsoft_Hardware_Launch_itype_exe No Task File <==== ATTENTION
Task: {796504CA-79C5-458A-9541-3173FACB30C1} - \Core Temp Autostart Admin No Task File <==== ATTENTION
Task: {7B229291-634C-4B5B-8CA2-0FF9C5D4E72C} - \Microsoft_Hardware_Launch_ipoint_exe No Task File <==== ATTENTION
Task: {88FA4920-C21E-4BB0-ACB3-1E00E1C234E1} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation)
Task: {A669484B-2B77-435D-A374-7A47988CF89F} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2819443126-392552937-1277417864-1001 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe
Task: {B86FCF37-6A96-4790-8328-5F8CC3E35BAB} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [2013-10-16] (Nero AG)
Task: {BA578D76-4613-45AB-8355-C0E4E3AA2CBC} - \MSIAfterburner No Task File <==== ATTENTION
Task: {C5050D0C-D39A-4B60-92FD-B5AA00AE652F} - \Microsoft_MKC_Logon_Task_ipoint.exe No Task File <==== ATTENTION
Task: {DC360E21-3D9B-4D74-95B7-03FF62E69138} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-01-14] (Microsoft Corporation)
Task: {E30E0525-FD4D-468D-B8B6-3BD9F61056C3} - \HP AR Program Upload - c8ac4278ca3949a487036fae545744fe5052aa724f0240da89d05ea85040bf29 No Task File <==== ATTENTION
Task: {E551B41C-005D-431F-9533-76BFA25BCAC2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-11-21] (Piriform Ltd)
Task: {F8BAAB94-6F81-4DEF-BE85-6B3592734D8B} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-13] (Adobe Systems Incorporated)
Task: {FA3CDBEE-0CC7-4B6A-9DA9-4D2154F03A36} - System32\Tasks\Microsoft\Windows\Media Center\Extender\Update media permissions for Mcx1-ONEPC => C:\Windows\ehome\McxTask.exe [2013-09-30] (Microsoft Corporation)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-04-08 20:01 - 2014-12-13 09:03 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-06-20 18:09 - 2014-12-15 11:45 - 00020240 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\TeamViewer_PrintProcessor.dll
2014-06-26 14:04 - 2014-06-26 14:04 - 00100984 _____ () C:\Program Files (x86)\Common Files\Nokia\ADUService\ADUService.exe
2014-03-22 09:08 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2010-10-19 08:31 - 2010-10-19 08:31 - 00205312 _____ () C:\Program Files\Netzmanager\NMInfraIS2\driver64\SoftplugLib.DLL
2013-08-10 21:00 - 2014-06-13 14:17 - 00076888 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2013-07-11 22:04 - 2013-07-11 22:04 - 01630720 _____ () C:\Program Files (x86)\SimracewayUpdater\SRWUpdate.exe
2014-05-01 20:29 - 2014-05-01 20:29 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2014-09-19 14:48 - 2014-09-19 14:48 - 00330240 _____ () C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
2014-11-22 01:03 - 2014-11-22 01:03 - 00053248 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2013-07-11 22:03 - 2013-07-11 22:03 - 00252832 _____ () C:\Program Files (x86)\SimracewayUpdater\PATCHW32.dll
2014-12-19 09:41 - 2014-12-19 09:41 - 01007104 _____ () D:\Program Files (x86)\Origin\platforms\qwindows.dll
2014-12-19 09:40 - 2014-12-19 09:40 - 00023552 _____ () D:\Program Files (x86)\Origin\imageformats\qgif.dll
2014-12-19 09:40 - 2014-12-19 09:40 - 00024576 _____ () D:\Program Files (x86)\Origin\imageformats\qico.dll
2014-12-19 09:40 - 2014-12-19 09:40 - 00216576 _____ () D:\Program Files (x86)\Origin\imageformats\qjpeg.dll
2014-12-19 09:40 - 2014-12-19 09:40 - 00261120 _____ () D:\Program Files (x86)\Origin\imageformats\qmng.dll
2014-12-19 09:40 - 2014-12-19 09:40 - 00019456 _____ () D:\Program Files (x86)\Origin\imageformats\qtga.dll
2014-12-19 09:40 - 2014-12-19 09:40 - 00337408 _____ () D:\Program Files (x86)\Origin\imageformats\qtiff.dll
2014-12-19 09:40 - 2014-12-19 09:40 - 00018944 _____ () D:\Program Files (x86)\Origin\imageformats\qwbmp.dll
2013-09-26 11:20 - 2013-09-26 11:20 - 00176168 _____ () C:\Program Files (x86)\Lexware\Update Manager\Haufe.Core.Diagnostics.Logging.Targets.Etw.dll
2013-09-26 11:20 - 2013-09-26 11:20 - 00043048 _____ () C:\Program Files (x86)\Lexware\Update Manager\Haufe.Core.Diagnostics.Etw.dll
2010-11-22 23:56 - 2010-11-22 23:56 - 00087040 _____ () C:\Program Files (x86)\Raptr\_ctypes.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00043008 _____ () C:\Program Files (x86)\Raptr\_socket.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00805376 _____ () C:\Program Files (x86)\Raptr\_ssl.pyd
2014-05-14 00:26 - 2014-05-14 00:26 - 05812736 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtGui.pyd
2014-05-14 00:26 - 2014-05-14 00:26 - 00067584 _____ () C:\Program Files (x86)\Raptr\sip.pyd
2014-05-14 00:26 - 2014-05-14 00:26 - 01662464 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtCore.pyd
2014-05-14 00:26 - 2014-05-14 00:26 - 00494592 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtNetwork.pyd
2010-11-22 23:57 - 2010-11-22 23:57 - 00096256 _____ () C:\Program Files (x86)\Raptr\win32api.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00110592 _____ () C:\Program Files (x86)\Raptr\pywintypes26.dll
2010-11-22 23:56 - 2010-11-22 23:56 - 00010240 _____ () C:\Program Files (x86)\Raptr\select.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00356864 _____ () C:\Program Files (x86)\Raptr\_hashlib.pyd
2010-11-22 23:57 - 2010-11-22 23:57 - 00036352 _____ () C:\Program Files (x86)\Raptr\win32process.pyd
2010-11-22 23:57 - 2010-11-22 23:57 - 00111104 _____ () C:\Program Files (x86)\Raptr\win32file.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00044544 _____ () C:\Program Files (x86)\Raptr\_sqlite3.pyd
2011-02-15 19:17 - 2011-02-15 19:17 - 00417501 _____ () C:\Program Files (x86)\Raptr\sqlite3.dll
2010-11-22 23:57 - 2010-11-22 23:57 - 00167936 _____ () C:\Program Files (x86)\Raptr\win32gui.pyd
2014-05-14 00:26 - 2014-05-14 00:26 - 00313856 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtWebKit.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00127488 _____ () C:\Program Files (x86)\Raptr\pyexpat.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00009216 _____ () C:\Program Files (x86)\Raptr\winsound.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00354304 _____ () C:\Program Files (x86)\Raptr\pythoncom26.dll
2010-11-22 23:57 - 2010-11-22 23:57 - 00016384 _____ () C:\Program Files (x86)\Raptr\win32trace.pyd
2014-08-14 01:37 - 2014-08-14 01:37 - 00113171 _____ () C:\Program Files (x86)\Raptr\libvlc.dll
2014-08-14 01:37 - 2014-08-14 01:37 - 02396691 _____ () C:\Program Files (x86)\Raptr\libvlccore.dll
2010-11-22 23:56 - 2010-11-22 23:56 - 00583680 _____ () C:\Program Files (x86)\Raptr\unicodedata.pyd
2010-11-22 23:57 - 2010-11-22 23:57 - 00141312 _____ () C:\Program Files (x86)\Raptr\gobject._gobject.pyd
2014-06-18 01:56 - 2014-06-18 01:56 - 02717595 _____ () C:\Program Files (x86)\Raptr\heliotrope._purple.pyd
2011-02-15 19:17 - 2011-02-15 19:17 - 01213633 _____ () C:\Program Files (x86)\Raptr\libxml2-2.dll
2010-11-23 00:06 - 2010-11-23 00:06 - 00055808 _____ () C:\Program Files (x86)\Raptr\zlib1.dll
2013-05-10 00:52 - 2013-05-10 00:52 - 00495680 _____ () C:\Program Files (x86)\Raptr\plugins\libaim.dll
2013-05-10 00:52 - 2013-05-10 00:52 - 01183699 _____ () C:\Program Files (x86)\Raptr\liboscar.dll
2013-05-10 00:52 - 2013-05-10 00:52 - 00483306 _____ () C:\Program Files (x86)\Raptr\plugins\libicq.dll
2013-05-03 19:57 - 2013-05-03 19:57 - 00655356 _____ () C:\Program Files (x86)\Raptr\plugins\libirc.dll
2013-05-03 19:56 - 2013-05-03 19:56 - 01306387 _____ () C:\Program Files (x86)\Raptr\plugins\libmsn.dll
2013-05-03 19:56 - 2013-05-03 19:56 - 00565461 _____ () C:\Program Files (x86)\Raptr\plugins\libxmpp.dll
2013-05-03 19:57 - 2013-05-03 19:57 - 01640221 _____ () C:\Program Files (x86)\Raptr\libjabber.dll
2013-05-03 19:56 - 2013-05-03 19:56 - 00506276 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoo.dll
2013-05-03 19:57 - 2013-05-03 19:57 - 01053730 _____ () C:\Program Files (x86)\Raptr\libymsg.dll
2013-05-03 19:57 - 2013-05-03 19:57 - 00497782 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoojp.dll
2013-05-03 19:57 - 2013-05-03 19:57 - 00603326 _____ () C:\Program Files (x86)\Raptr\plugins\ssl-nss.dll
2013-05-03 19:57 - 2013-05-03 19:57 - 00474199 _____ () C:\Program Files (x86)\Raptr\plugins\ssl.dll
2015-01-15 15:06 - 2015-01-15 15:06 - 00016384 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PSIClient\c89a3da49bf7bd161745f4228277ea00\PSIClient.ni.dll
2013-06-03 18:28 - 2012-07-18 04:55 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Admin\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "SRW Download Manager.lnk"
HKLM\...\StartupApproved\Run: => "Acronis Scheduler2 Service"
HKLM\...\StartupApproved\Run32: => "IAStorIcon"
HKLM\...\StartupApproved\Run32: => "AcronisTibMounterMonitor"
HKLM\...\StartupApproved\Run32: => "TrueImageMonitor.exe"
HKLM\...\StartupApproved\Run32: => "EaseUS EPM tray"
HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\StartupApproved\StartupFolder: => "Tintenwarnungen überwachen - HP Officejet Pro 8600 (Netzwerk).lnk"
HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\StartupApproved\StartupFolder: => "An OneNote senden.lnk"
HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\StartupApproved\StartupFolder: => "Tintenwarnungen überwachen - .lnk"
HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\StartupApproved\Run: => "GarminExpressTrayApp"
HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\StartupApproved\Run: => "Uploader"
HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\StartupApproved\Run: => "Prime95"

========================= Accounts: ==========================

Admin (S-1-5-21-2819443126-392552937-1277417864-1001 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-2819443126-392552937-1277417864-500 - Administrator - Disabled)
fbwuser2B82 (S-1-5-21-2819443126-392552937-1277417864-1007 - Limited - Enabled)
fbwuser6E92 (S-1-5-21-2819443126-392552937-1277417864-1008 - Limited - Enabled)
fbwuserADE8 (S-1-5-21-2819443126-392552937-1277417864-1005 - Limited - Enabled)
fbwuserB171 (S-1-5-21-2819443126-392552937-1277417864-1006 - Limited - Enabled)
fbwuserB705 (S-1-5-21-2819443126-392552937-1277417864-1010 - Limited - Enabled)
fbwuserF7BE (S-1-5-21-2819443126-392552937-1277417864-1009 - Limited - Enabled)
Gast (S-1-5-21-2819443126-392552937-1277417864-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2819443126-392552937-1277417864-1012 - Limited - Enabled)
Mcx1-ONEPC (S-1-5-21-2819443126-392552937-1277417864-1004 - Limited - Enabled) => C:\Users\Mcx1-ONEPC

==================== Faulty Device Manager Devices =============

Name: Microsoft Bluetooth-Auflistung
Description: Microsoft Bluetooth-Auflistung
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Microsoft
Service: BthEnum
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/19/2015 02:29:16 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.

Error: (01/19/2015 09:45:25 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ONEPC)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail“ ist folgender Fehler aufgetreten: -2144927151. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (01/19/2015 09:45:22 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ONEPC)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail“ ist folgender Fehler aufgetreten: -2144927151. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.


System errors:
=============
Error: (01/19/2015 03:54:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Micro Star SCM" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/19/2015 02:45:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Micro Star SCM" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/19/2015 02:44:58 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Superfetch" wurde mit folgendem Fehler beendet: 
%%1062

Error: (01/19/2015 02:38:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Micro Star SCM" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/19/2015 02:28:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Micro Star SCM" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/19/2015 02:21:49 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen.

Error: (01/19/2015 11:45:20 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Micro Star SCM" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/19/2015 11:44:49 AM) (Source: DCOM) (EventID: 10010) (User: ONEPC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (01/19/2015 11:44:49 AM) (Source: DCOM) (EventID: 10010) (User: ONEPC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (01/19/2015 11:16:12 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Micro Star SCM" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2


Microsoft Office Sessions:
=========================
Error: (01/19/2015 02:29:16 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifestC:\Users\Admin\Downloads\esetsmartinstaller_deu(3).exe

Error: (01/19/2015 09:45:25 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ONEPC)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2144927151

Error: (01/19/2015 09:45:22 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ONEPC)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2144927151


CodeIntegrity Errors:
===================================
  Date: 2015-01-19 15:57:19.901
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-19 15:57:05.614
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-19 15:55:08.273
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\hmpalert.dll that did not meet the Windows signing level requirements.

  Date: 2015-01-19 15:55:07.429
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-19 15:55:04.520
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\NisSrv.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\hmpalert.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-19 15:55:03.442
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\hmpalert.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-19 15:51:38.668
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-19 15:19:19.513
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\hmpalert.dll that did not meet the Windows signing level requirements.

  Date: 2015-01-19 15:11:12.538
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-19 14:47:36.018
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-3630QM CPU @ 2.40GHz
Percentage of memory in use: 14%
Total physical RAM: 16276.89 MB
Available physical RAM: 13948.19 MB
Total Pagefile: 32660.89 MB
Available Pagefile: 29839.08 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:446.79 GB) (Free:146.53 GB) NTFS
Drive d: (Volume) (Fixed) (Total:931.39 GB) (Free:217.57 GB) NTFS
Drive g: () (Removable) (Total:3.63 GB) (Free:1.94 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 447.1 GB) (Disk ID: 003DE352)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=446.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 000ABBCC)

Partition: GPT Partition Type.

========================================================
Disk: 2 (Size: 3.6 GB) (Disk ID: 1CB9B741)
Partition 1: (Not Active) - (Size=3.6 GB) - (Type=0B)

==================== End Of Log ============================
         
Code:
ATTFilter
# AdwCleaner v4.108 - Bericht erstellt am 19/01/2015 um 15:54:25
# Aktualisiert 17/01/2015 von Xplode
# Database : 2015-01-18.1 [Live]
# Betriebssystem : Windows 8.1 Pro with Media Center  (64 bits)
# Benutzername : Admin - ONEPC
# Gestartet von : C:\Users\Admin\Downloads\AdwCleaner_4.108(1).exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Datei Gelöscht : C:\WINDOWS\System32\drivers\taphss6.sys
Datei Gelöscht : C:\WINDOWS\System32\drivers\hssdrv6.sys

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v35.0 (x86 de)


*************************

AdwCleaner[R0].txt - [3862 octets] - [17/01/2015 13:14:26]
AdwCleaner[R1].txt - [7617 octets] - [18/01/2015 07:05:51]
AdwCleaner[R2].txt - [2151 octets] - [18/01/2015 10:14:13]
AdwCleaner[R3].txt - [2115 octets] - [18/01/2015 11:30:26]
AdwCleaner[R4].txt - [1913 octets] - [18/01/2015 12:38:12]
AdwCleaner[R5].txt - [1313 octets] - [18/01/2015 14:53:01]
AdwCleaner[R6].txt - [1316 octets] - [19/01/2015 15:51:41]
AdwCleaner[R7].txt - [1434 octets] - [19/01/2015 15:53:22]
AdwCleaner[S0].txt - [7707 octets] - [18/01/2015 07:06:43]
AdwCleaner[S1].txt - [1828 octets] - [18/01/2015 12:40:30]
AdwCleaner[S2].txt - [1355 octets] - [19/01/2015 15:54:25]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1415 octets] ##########
         

Alt 19.01.2015, 19:43   #14
schrauber
/// the machine
/// TB-Ausbilder
 

nur Laptop sendet Dos Attacke Syn und UDP Flood an Router W921v - Standard

nur Laptop sendet Dos Attacke Syn und UDP Flood an Router W921v



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
Task: {0AA1F179-FA10-46AF-9EAF-C6933A770D59} - \Seagate_Install_Launch No Task File <==== ATTENTION

Task: {19395FDD-F5F0-447C-A834-FC9D8D1674EE} - \HPCustParticipation HP Officejet Pro 8600 No Task File <==== ATTENTION

Task: {287F3197-7998-470F-B04D-6E2A296FABCB} - \GoogleUpdateTaskMachineUA No Task File <==== ATTENTION

Task: {3036B396-15F3-4430-98A9-337AB8481398} - \GoogleUpdateTaskMachineCore No Task File <==== ATTENTION

Task: {338EF201-1E25-40B3-98AE-3CFE691E881A} - \Microsoft_MKC_Logon_Task_itype.exe No Task File <==== ATTENTION

Task: {3AA151C0-7079-4BD8-89B0-609D22DCA726} - \Microsoft_Hardware_Launch_mousekeyboardcenter_exe No Task File <==== ATTENTION

Task: {41EED3EA-2A03-4192-87D2-5C3782189C28} - \User_Feed_Synchronization-{DF772C42-9DA6-4A07-A576-E2DAD94F2096} No Task File <==== ATTENTION

Task: {51474427-D684-45F5-8DB5-C0732E75E7CA} - \{26CC40C6-7AF6-4A6A-B384-369B1AFDBE66} No Task File <==== ATTENTION

Task: {619D129F-4304-4C73-A121-6730E9FA3027} - \CreateChoiceProcessTask No Task File <==== ATTENTION

Task: {7015B8D7-DDB2-4A32-8E32-10F221DF0882} - \Microsoft_Hardware_Launch_itype_exe No Task File <==== ATTENTION

Task: {796504CA-79C5-458A-9541-3173FACB30C1} - \Core Temp Autostart Admin No Task File <==== ATTENTION

Task: {7B229291-634C-4B5B-8CA2-0FF9C5D4E72C} - \Microsoft_Hardware_Launch_ipoint_exe No Task File <==== ATTENTION

Task: {BA578D76-4613-45AB-8355-C0E4E3AA2CBC} - \MSIAfterburner No Task File <==== ATTENTION

Task: {C5050D0C-D39A-4B60-92FD-B5AA00AE652F} - \Microsoft_MKC_Logon_Task_ipoint.exe No Task File <==== ATTENTION

Task: {E30E0525-FD4D-468D-B8B6-3BD9F61056C3} - \HP AR Program Upload - c8ac4278ca3949a487036fae545744fe5052aa724f0240da89d05ea85040bf29 No Task File <==== ATTENTION
HKU\S-1-5-21-2819443126-392552937-1277417864-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
cmd: ipconfig /flushdns
cmd: netsh winsock reset
cmd: ipconfig /renew
Emptytemp:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 20.01.2015, 16:08   #15
andto
 
nur Laptop sendet Dos Attacke Syn und UDP Flood an Router W921v - Standard

nur Laptop sendet Dos Attacke Syn und UDP Flood an Router W921v



Internet geht wieder ABER.... nicht nach diesem Lauf sondern ich hab im WLAN Adapter den Client von anchor entfernt also den hotspotshield und dann noch mal alle clients etc raus und alles neu rein und schwupp bin ich wieder online... ich vermute das wir zwar die ganzen leichen entfernen aber der Dienst im Adapter nicht gelöscht und wieder auf normal umgestellt wurde. ich kann das eben nur mit meinen Worten wieder geben aber nun bin ich online ohne hssdrv6.sys und tapas und wir können weiter auf fehlersuche gehen. ich beobachte mal meine Router Log txt. denn die war heute noch voll während der online zeit meines Lappis...


FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-01-2015
Ran by Admin (administrator) on ONEPC on 19-01-2015 20:11:51
Running from C:\Users\Admin\Downloads
Loaded Profiles: Admin (Available profiles: Admin & Mcx1-ONEPC & Classic .NET AppPool & .NET v4.5 & .NET v2.0 & .NET v4.5 Classic & .NET v2.0 Classic)
Platform: Windows 8.1 Pro with Media Center (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
() C:\Program Files (x86)\Common Files\Nokia\ADUService\ADUService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\inetinfo.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(iRacing.com Motorsport Simulations, LLC
Bedford, MA 01730) D:\Program Files (x86)\iRacing\iRacingService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Deutsche Telekom AG) C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Qualcomm Atheros) C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe
(Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE
() C:\Program Files (x86)\SimracewayUpdater\SRWUpdate.exe
(Microsoft Corporation) C:\Windows\System32\snmp.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\System32\mqtgsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\System32\vmms.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Users\Admin\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17477_none_fa2b7d3b9b36c7b4\TiWorker.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Electronic Arts) D:\Program Files (x86)\Origin\Origin.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
() C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
(Deutsche Telekom AG) C:\Program Files\Netzmanager\netzmanager.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Common Files\Lexware\Internettransfer\LxTrans.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Lexware\Update Manager\LxUpdateManager.exe
(Geek Software GmbH) D:\Program Files (x86)\PDF24\pdf24.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe
(Mischel Internet Security) C:\Program Files (x86)\TrojanHunter 5.6\THGuard.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-13] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531984 2015-01-07] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [MsmqIntCert] => "C:\WINDOWS\System32\regsvr32.exe" /s "C:\WINDOWS\System32\mqrt.dll"
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-01] (Intel Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [TransferManager] => C:\Program Files (x86)\Common Files\Lexware\Internettransfer\LxTrans.exe [444928 2014-06-29] (Haufe-Lexware GmbH & Co. KG)
HKLM-x32\...\Run: [LexwareInfoService] => C:\Program Files (x86)\Lexware\Update Manager\LxUpdateManager.exe [208424 2014-06-03] (Haufe-Lexware GmbH & Co. KG)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2014-12-08] (Raptr, Inc)
HKLM-x32\...\Run: [PDFPrint] => d:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH)
HKLM-x32\...\Run: [THGuard] => C:\Program Files (x86)\TrojanHunter 5.6\THGuard.exe [1081808 2014-07-30] (Mischel Internet Security)
HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\Run: [SkyDrive] => C:\Users\Admin\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [277672 2014-10-09] (Microsoft Corporation)
HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\Run: [EADM] => d:\Program Files (x86)\Origin\Origin.exe [3618648 2014-12-19] (Electronic Arts)
HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\Run: [Prime95] => C:\Users\Admin\Downloads\p95v285.win64\prime95.exe [36363264 2014-05-30] ()
HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7063832 2014-11-21] (Piriform Ltd)
HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\Run: [PeerGuardian] => C:\Program Files (x86)\PeerGuardian2\pg2.exe [1421824 2005-09-18] (Methlabs)
HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\MountPoints2: {0d48a496-850f-11e3-becb-a417319ede24} - "G:\setup_vmc_lite.exe" /checkApplicationPresence
HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\MountPoints2: {78f8706e-00e8-11e4-bf2b-a417319ede24} - "C:\WINDOWS\system32\RunDLL32.EXE" Shell32.DLL,ShellExec_RunDLL F:\start.exe
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => "D:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [178632 2014-12-13] (NVIDIA Corporation)
AppInit_DLLs: , C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [178632 2014-12-13] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [165760 2014-12-13] (NVIDIA Corporation)
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk
ShortcutTarget: Netzmanager.lnk -> C:\Program Files\Netzmanager\netzmanager.exe (Deutsche Telekom AG)
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - .lnk
ShortcutTarget: Tintenwarnungen überwachen - .lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet Pro 8600 (Netzwerk).lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet Pro 8600 (Netzwerk).lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk
ShortcutTarget: Killer Network Manager.lnk -> C:\Windows\Installer\{2D7BDE37-83EC-438A-9E1F-A610594DD358}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe (Flexera Software LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SRW Download Manager.lnk
ShortcutTarget: SRW Download Manager.lnk -> C:\IgniteGT\Simraceway\SRWAgent.exe (IgniteGT)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {3746422E-4692-4429-9698-E3EB34FE07BC} hxxp://192.168.1.9:88/FSIPCam.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {960DC750-7447-4CDE-BF1C-FB33F9129654} hxxp://192.168.1.9:5000/webman/3rdparty/SurveillanceStation/object/SSObject3.cab?6.1-2909
DPF: HKLM-x32 {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} hxxp://192.168.1.117/codebase/DVM_IPCam2.ocx
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com/bin/srldetect_intel_4.5.24.0.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b1nx067f.default-1421664205499
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @IPCWebComponents -> C:\Program Files (x86)\IPCWebComponents\npIPCReg.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: synology.com/SurveillanceHelper -> C:\Program Files (x86)\Synology\SurveillanceHelper\1.0.0.3\npSurveillanceHelper.dll (Synology)
FF Plugin-x32: synology.com/SurveillancePlugin -> C:\Program Files (x86)\Synology\SurveillancePlugin\1.0.0.423\npSurveillancePlugin.dll (Synology)
FF Plugin HKU\S-1-5-21-2819443126-392552937-1277417864-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Admin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2819443126-392552937-1277417864-1001: hp.com/HPDetect -> C:\Users\Admin\AppData\Roaming\HewlettPackard\HPDetect\1.0.0.0\npHPDetect.dll (HP)
FF Plugin HKU\S-1-5-21-2819443126-392552937-1277417864-1001: synology.com/SSWebPlugin -> C:\Users\Admin\AppData\Roaming\Synology\SSWebPlugin\1.0.0.39\npSSWebPlugin.dll (Synology)
FF Extension: Hotspot Shield Extension - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afproxy@anchorfree.com [2015-01-18]
FF HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mpiofm0i.default-1406638029815\extensions\cliqz@cliqz.com

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [ocbnpbkmjpgbdcgiflkgkpnkinifpgpj] - C:\Users\Admin\ChromeExtensions\ocbnpbkmjpgbdcgiflkgkpnkinifpgpj\amazon-icon-2.crx [2014-11-08]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ADUServiceNSRT; C:\Program Files (x86)\Common Files\Nokia\ADUService\ADUService.exe [100984 2014-06-26] () [File not signed]
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [448384 2014-12-03] ()
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [5632 2015-01-19] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
S3 DsRoleSvc; C:\Windows\system32\dsrolesrv.dll [280064 2015-01-19] (Microsoft Corporation)
R2 ftpsvc; C:\Windows\system32\inetsrv\ftpsvc.dll [372736 2015-01-19] (Microsoft Corporation)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [614624 2014-12-10] (Futuremark)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2015-01-07] (NVIDIA Corporation)
R2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [1876816 2015-01-15] (SurfRight B.V.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [318568 2014-10-03] (Intel Corporation)
R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [16896 2015-01-19] (Microsoft Corporation)
U2 iprip; C:\Windows\System32\iprip.dll [34816 2015-01-19] (Microsoft Corporation)
R2 iRacingService; D:\Program Files (x86)\iRacing\iRacingService.exe [798840 2015-01-13] (iRacing.com Motorsport Simulations, LLC
Bedford, MA 01730)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-09-17] (Intel Corporation)
R2 Lexware_Update_Service; C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe [62504 2014-06-26] (Haufe-Lexware GmbH & Co. KG)
R2 LPDSVC; C:\Windows\system32\lpdsvc.dll [48128 2015-01-19] (Microsoft Corporation)
R2 MSMQ; C:\Windows\system32\mqsvc.exe [25600 2015-01-19] (Microsoft Corporation)
R2 MSMQTriggers; C:\Windows\system32\mqtgsvc.exe [168448 2015-01-19] (Microsoft Corporation)
R2 Netzmanager Service; C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe [2635776 2012-07-20] (Deutsche Telekom AG) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2015-01-07] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19822736 2015-01-07] (NVIDIA Corporation)
S3 Origin Client Service; D:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2014-12-19] (Electronic Arts)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2014-06-13] ()
R2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [387584 2014-09-19] (Qualcomm Atheros) [File not signed]
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3275728 2014-06-24] (Paramount Software UK Ltd)
R2 simptcp; C:\Windows\SysWOW64\tcpsvcs.exe [10240 2014-10-29] (Microsoft Corporation)
R2 Simraceway Update Service; C:\Program Files (x86)\SimracewayUpdater\SRWUpdate.exe [1630720 2013-07-11] () [File not signed]
R2 SNMP; C:\Windows\System32\snmp.exe [50688 2015-01-19] (Microsoft Corporation)
R2 SNMP; C:\Windows\SysWOW64\snmp.exe [46080 2015-01-19] (Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH)
S4 TlntSvr; C:\Windows\System32\tlntsvr.exe [146944 2015-01-19] (Microsoft Corporation)
R2 vmms; C:\Windows\system32\vmms.exe [13784576 2015-01-19] (Microsoft Corporation)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2015-01-19] (Microsoft Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [546304 2015-01-19] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
S3 WMSVC; C:\Windows\system32\inetsrv\wmsvc.exe [10752 2015-01-19] (Microsoft Corporation)
S2 Micro Star SCM; C:\WINDOWS\SysWOW64\MSIService.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3905536 2014-08-22] (Qualcomm Atheros Communications, Inc.)
R1 BfLwf; C:\Windows\system32\DRIVERS\bwcW8x64.sys [97968 2014-09-11] (Qualcomm Atheros, Inc.)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R2 hmpalert; C:\Windows\System32\drivers\hmpalert.sys [93144 2015-01-15] ()
R1 hvservice; C:\Windows\System32\drivers\hvservice.sys [68960 2015-01-19] (Microsoft Corporation)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115448 2013-11-21] (EZB Systems, Inc.)
R3 Ke2200; C:\Windows\system32\DRIVERS\e22w8x64.sys [130224 2014-03-27] (Qualcomm Atheros, Inc.)
S3 lunparser; C:\Windows\System32\drivers\lunparser.sys [19456 2015-01-19] (Microsoft Corporation)
S3 massfilter; C:\Windows\System32\drivers\massfilter.sys [11776 2009-04-09] (ZTE Incorporated) [File not signed]
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-18] (Malwarebytes Corporation)
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [173568 2015-01-19] (Microsoft Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [4263936 2013-06-03] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-01-07] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S3 passthruparser; C:\Windows\System32\drivers\passthruparser.sys [22016 2015-01-19] (Microsoft Corporation)
S3 pvhdparser; C:\Windows\System32\drivers\pvhdparser.sys [27136 2015-01-19] (Microsoft Corporation)
S3 pwdrvio; C:\WINDOWS\system32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [12504 2013-09-30] ()
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [79872 2013-12-02] (BlackBerry Limited)
S3 rimvndis; C:\Windows\System32\Drivers\rimvndis6_AMD64.sys [17920 2014-06-23] (Research in Motion Limited)
S3 RimVSerPort; C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
S3 SjtWinIo; C:\Windows\System32\drivers\SjtWinIo.sys [9216 2014-08-26] (SpeedJet Technology INC.)
R3 TelekomNM6; C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys [45664 2010-09-16] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)
S3 UHSfiltv; C:\Windows\system32\drivers\UHSfiltv.sys [23552 2012-09-12] (Creative Technology Ltd.) [File not signed]
S3 usbrndis6; C:\Windows\system32\DRIVERS\usb80236.sys [20992 2013-08-22] (Microsoft Corporation)
S3 vhdparser; C:\Windows\System32\drivers\vhdparser.sys [18944 2015-01-19] (Microsoft Corporation)
R3 VMSMP; C:\Windows\system32\DRIVERS\vmswitch.sys [688640 2014-10-08] (Microsoft Corporation)
S3 VMSP; C:\Windows\system32\DRIVERS\vmswitch.sys [688640 2014-10-08] (Microsoft Corporation)
S3 VMSVSF; C:\Windows\system32\DRIVERS\vmswitch.sys [688640 2014-10-08] (Microsoft Corporation)
S3 VMSVSP; C:\Windows\system32\DRIVERS\vmswitch.sys [688640 2014-10-08] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 AthBTPort; \SystemRoot\system32\DRIVERS\btath_flt.sys [X]
S3 BTATH_A2DP; \SystemRoot\system32\drivers\btath_a2dp.sys [X]
S3 btath_avdt; \SystemRoot\system32\drivers\btath_avdt.sys [X]
S3 BTATH_BUS; \SystemRoot\System32\drivers\btath_bus.sys [X]
S3 BTATH_HCRP; \SystemRoot\System32\drivers\btath_hcrp.sys [X]
S3 BTATH_LWFLT; \SystemRoot\system32\DRIVERS\btath_lwflt.sys [X]
S3 BTATH_RCP; \SystemRoot\System32\drivers\btath_rcp.sys [X]
S3 cpuz138; \??\C:\WINDOWS\TEMP\cpuz138\cpuz138_x64.sys [X]
S3 GPUZ; \??\C:\WINDOWS\TEMP\GPUZ.sys [X]
S3 hitmanpro37; \??\C:\WINDOWS\system32\drivers\hitmanpro37.sys [X]
S1 HssDRV6; \SystemRoot\system32\DRIVERS\hssdrv6.sys [X]
S3 pxldapoc; \??\C:\Users\Admin\AppData\Local\Temp\pxldapoc.sys [X]
S3 taphss6; \SystemRoot\system32\DRIVERS\taphss6.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-19 18:40 - 2015-01-19 18:41 - 00094809 _____ () C:\WINDOWS\iis.log
2015-01-19 18:40 - 2015-01-19 18:40 - 00000020 ___SH () C:\Users\Classic .NET AppPool\ntuser.ini
2015-01-19 18:40 - 2015-01-19 18:40 - 00000020 ___SH () C:\Users\.NET v4.5\ntuser.ini
2015-01-19 18:40 - 2015-01-19 18:40 - 00000020 ___SH () C:\Users\.NET v4.5 Classic\ntuser.ini
2015-01-19 18:40 - 2015-01-19 18:40 - 00000020 ___SH () C:\Users\.NET v2.0\ntuser.ini
2015-01-19 18:40 - 2015-01-19 18:40 - 00000020 ___SH () C:\Users\.NET v2.0 Classic\ntuser.ini
2015-01-19 18:40 - 2015-01-19 18:40 - 00000000 _SHDL () C:\Users\Classic .NET AppPool\Vorlagen
2015-01-19 18:40 - 2015-01-19 18:40 - 00000000 _SHDL () C:\Users\Classic .NET AppPool\Startmenü
2015-01-19 18:40 - 2015-01-19 18:40 - 00000000 _SHDL () C:\Users\Classic .NET AppPool\Netzwerkumgebung
2015-01-19 18:40 - 2015-01-19 18:40 - 00000000 _SHDL () C:\Users\Classic .NET AppPool\Lokale Einstellungen
2015-01-19 18:40 - 2015-01-19 18:40 - 00000000 _SHDL () C:\Users\Classic .NET AppPool\Eigene Dateien
2015-01-19 18:40 - 2015-01-19 18:40 - 00000000 _SHDL () C:\Users\Classic .NET AppPool\Druckumgebung
2015-01-19 18:40 - 2015-01-19 18:40 - 00000000 _SHDL () C:\Users\Classic .NET AppPool\Documents\Eigene Musik
2015-01-19 18:40 - 2015-01-19 18:40 - 00000000 _SHDL () C:\Users\Classic .NET AppPool\Documents\Eigene Bilder
2015-01-19 18:40 - 2015-01-19 18:40 - 00000000 _SHDL () C:\Users\Classic .NET AppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-01-19 18:40 - 2015-01-19 18:40 - 00000000 _SHDL () C:\Users\Classic .NET AppPool\AppData\Local\Verlauf
2015-01-19 18:40 - 2015-01-19 18:40 - 00000000 _SHDL () C:\Users\Classic .NET AppPool\AppData\Local\Anwendungsdaten
2015-01-19 18:40 - 2015-01-19 18:40 - 00000000 _SHDL () C:\Users\Classic .NET AppPool\Anwendungsdaten
2015-01-19 18:40 - 2015-01-19 18:40 - 00000000 _SHDL () C:\Users\.NET v4.5\Vorlagen
2015-01-19 18:40 - 2015-01-19 18:40 - 00000000 _SHDL () C:\Users\.NET v4.5\Startmenü
2015-01-19 18:40 - 2015-01-19 18:40 - 00000000 _SHDL () C:\Users\.NET v4.5\Netzwerkumgebung
2015-01-19 18:40 - 2015-01-19 18:40 - 00000000 _SHDL () C:\Users\.NET v4.5\Lokale Einstellungen
2015-01-19 18:40 - 2015-01-19 18:40 - 00000000 _SHDL () C:\Users\.NET v4.5\Eigene Dateien
2015-01-19 18:40 - 2015-01-19 18:40 - 00000000 _SHDL () C:\Users\.NET v4.5\Druckumgebung
2015-01-19 18:40 - 2015-01-19 18:40 - 00000000 _SHDL () C:\Users\.NET v4.5\Documents\Eigene Musik
2015-01-19 18:40 - 2015-01-19 18:40 - 00000000 _SHDL () C:\Users\.NET v4.5\Documents\Eigene Bilder
2015-01-19 18:40 - 2015-01-19 18:40 - 00000000 _SHDL () C:\Users\.NET v4.5\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-01-19 18:40 - 2015-01-19 18:40 - 00000000 _SHDL () C:\Users\.NET v4.5\AppData\Local\Verlauf
2015-01-19 18:40 - 2015-01-19 18:40 - 00000000 _SHDL () C:\Users\.NET v4.5\AppData\Local\Anwendungsdaten
2015-01-19 18:40 - 2015-01-19 18:40 - 00000000 _SHDL () C:\Users\.NET v4.5\Anwendungsdaten
2015-01-19 18:40 - 2015-01-19 18:40 - 00000000 _SHDL () C:\Users\.NET v4.5 Classic\Vorlagen
2015-01-19 18:40 - 2015-01-19 18:40 - 00000000 _SHDL () C:\Users\.NET v4.5 Classic\Startmenü
2015-01-19 18:40 - 2015-01-19 18:40 - 00000000 _SHDL () C:\Users\.NET v4.5 Classic\Netzwerkumgebung
2015-01-19 18:40 - 2015-01-19 18:40 - 00000000 _SHDL () C:\Users\.NET v4.5 Classic\Lokale Einstellungen
2015-01-19 18:40 - 2015-01-19 18:40 - 00000000 _SHDL () C:\Users\.NET v4.5 Classic\Eigene Dateien
2015-01-19 18:40 - 2015-01-19 18:40 - 00000000 _SHDL () C:\Users\.NET v4.5 Classic\Druckumgebung
2015-01-19 18:40 - 2015-01-19 18:40 - 00000000 _SHDL () C:\Users\.NET v4.5 Classic\Documents\Eigene Musik
2015-01-19 18:40 - 2015-01-19 18:40 - 00000000 _SHDL () C:\Users\.NET v4.5 Classic\Documents\Eigene Bilder
2015-01-19 18:40 - 2015-01-19 18:40 - 00000000 _SHDL () C:\Users\.NET v4.5 Classic\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-01-19 18:40 - 2015-01-19 18:40 - 00000000 _SHDL () C:\Users\.NET v4.5 Classic\AppData\Local\Verlauf
2015-01-19 18:40 - 2015-01-19 18:40 - 00000000 _SHDL () C:\Users\.NET v4.5 Classic\AppData\Local\Anwendungsdaten
2015-01-19 18:40 - 2015-01-19 18:40 - 00000000 _SHDL () C:\Users\.NET v4.5 Classic\Anwendungsdaten
2015-01-19 18:40 - 2015-01-19 18:40 - 00000000 _SHDL () C:\Users\.NET v2.0\Vorlagen
2015-01-19 18:40 - 2015-01-19 18:40 - 00000000 _SHDL () C:\Users\.NET v2.0\Startmenü
2015-01-19 18:40 - 2015-01-19 18:40 - 00000000 _SHDL () C:\Users\.NET v2.0\Netzwerkumgebung
2015-01-19 18:40 - 2015-01-19 18:40 - 00000000 _SHDL () C:\Users\.NET v2.0\Lokale Einstellungen
2015-01-19 18:40 - 2015-01-19 18:40 - 00000000 _SHDL () C:\Users\.NET v2.0\Eigene Dateien
2015-01-19 18:40 - 2015-01-19 18:40 - 00000000 _SHDL () C:\Users\.NET v2.0\Druckumgebung
2015-01-19 18:40 - 2015-01-19 18:40 - 00000000 _SHDL () C:\Users\.NET v2.0\Documents\Eigene Musik
2015-01-19 18:40 - 2015-01-19 18:40 - 00000000 _SHDL () C:\Users\.NET v2.0\Documents\Eigene Bilder
2015-01-19 18:40 - 2015-01-19 18:40 - 00000000 _SHDL () C:\Users\.NET v2.0\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-01-19 18:40 - 2015-01-19 18:40 - 00000000 _SHDL () C:\Users\.NET v2.0\AppData\Local\Verlauf
2015-01-19 18:40 - 2015-01-19 18:40 - 00000000 _SHDL () C:\Users\.NET v2.0\AppData\Local\Anwendungsdaten
2015-01-19 18:40 - 2015-01-19 18:40 - 00000000 _SHDL () C:\Users\.NET v2.0\Anwendungsdaten
2015-01-19 18:40 - 2015-01-19 18:40 - 00000000 _SHDL () C:\Users\.NET v2.0 Classic\Vorlagen
2015-01-19 18:40 - 2015-01-19 18:40 - 00000000 _SHDL () C:\Users\.NET v2.0 Classic\Startmenü
2015-01-19 18:40 - 2015-01-19 18:40 - 00000000 _SHDL () C:\Users\.NET v2.0 Classic\Netzwerkumgebung
2015-01-19 18:40 - 2015-01-19 18:40 - 00000000 _SHDL () C:\Users\.NET v2.0 Classic\Lokale Einstellungen
2015-01-19 18:40 - 2015-01-19 18:40 - 00000000 _SHDL () C:\Users\.NET v2.0 Classic\Eigene Dateien
2015-01-19 18:40 - 2015-01-19 18:40 - 00000000 _SHDL () C:\Users\.NET v2.0 Classic\Druckumgebung
2015-01-19 18:40 - 2015-01-19 18:40 - 00000000 _SHDL () C:\Users\.NET v2.0 Classic\Documents\Eigene Musik
2015-01-19 18:40 - 2015-01-19 18:40 - 00000000 _SHDL () C:\Users\.NET v2.0 Classic\Documents\Eigene Bilder
2015-01-19 18:40 - 2015-01-19 18:40 - 00000000 _SHDL () C:\Users\.NET v2.0 Classic\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-01-19 18:40 - 2015-01-19 18:40 - 00000000 _SHDL () C:\Users\.NET v2.0 Classic\AppData\Local\Verlauf
2015-01-19 18:40 - 2015-01-19 18:40 - 00000000 _SHDL () C:\Users\.NET v2.0 Classic\AppData\Local\Anwendungsdaten
2015-01-19 18:40 - 2015-01-19 18:40 - 00000000 _SHDL () C:\Users\.NET v2.0 Classic\Anwendungsdaten
2015-01-19 18:40 - 2015-01-19 18:40 - 00000000 ____D () C:\Users\Classic .NET AppPool
2015-01-19 18:40 - 2015-01-19 18:40 - 00000000 ____D () C:\Users\.NET v4.5 Classic
2015-01-19 18:40 - 2015-01-19 18:40 - 00000000 ____D () C:\Users\.NET v4.5
2015-01-19 18:40 - 2015-01-19 18:40 - 00000000 ____D () C:\Users\.NET v2.0 Classic
2015-01-19 18:40 - 2015-01-19 18:40 - 00000000 ____D () C:\Users\.NET v2.0
2015-01-19 18:40 - 2014-11-29 09:23 - 00000000 ___RD () C:\Users\Classic .NET AppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-01-19 18:40 - 2014-11-29 09:23 - 00000000 ___RD () C:\Users\Classic .NET AppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-19 18:40 - 2014-11-29 09:23 - 00000000 ___RD () C:\Users\Classic .NET AppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-01-19 18:40 - 2014-11-29 09:23 - 00000000 ___RD () C:\Users\.NET v4.5\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-01-19 18:40 - 2014-11-29 09:23 - 00000000 ___RD () C:\Users\.NET v4.5\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-19 18:40 - 2014-11-29 09:23 - 00000000 ___RD () C:\Users\.NET v4.5\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-01-19 18:40 - 2014-11-29 09:23 - 00000000 ___RD () C:\Users\.NET v4.5 Classic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-01-19 18:40 - 2014-11-29 09:23 - 00000000 ___RD () C:\Users\.NET v4.5 Classic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-19 18:40 - 2014-11-29 09:23 - 00000000 ___RD () C:\Users\.NET v4.5 Classic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-01-19 18:40 - 2014-11-29 09:23 - 00000000 ___RD () C:\Users\.NET v2.0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-01-19 18:40 - 2014-11-29 09:23 - 00000000 ___RD () C:\Users\.NET v2.0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-19 18:40 - 2014-11-29 09:23 - 00000000 ___RD () C:\Users\.NET v2.0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-01-19 18:40 - 2014-11-29 09:23 - 00000000 ___RD () C:\Users\.NET v2.0 Classic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-01-19 18:40 - 2014-11-29 09:23 - 00000000 ___RD () C:\Users\.NET v2.0 Classic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-19 18:40 - 2014-11-29 09:23 - 00000000 ___RD () C:\Users\.NET v2.0 Classic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-01-19 18:40 - 2014-05-23 15:11 - 00000000 ____D () C:\Users\Classic .NET AppPool\AppData\Roaming\Macromedia
2015-01-19 18:40 - 2014-05-23 15:11 - 00000000 ____D () C:\Users\.NET v4.5\AppData\Roaming\Macromedia
2015-01-19 18:40 - 2014-05-23 15:11 - 00000000 ____D () C:\Users\.NET v4.5 Classic\AppData\Roaming\Macromedia
2015-01-19 18:40 - 2014-05-23 15:11 - 00000000 ____D () C:\Users\.NET v2.0\AppData\Roaming\Macromedia
2015-01-19 18:40 - 2014-05-23 15:11 - 00000000 ____D () C:\Users\.NET v2.0 Classic\AppData\Roaming\Macromedia
2015-01-19 18:40 - 2014-05-07 15:18 - 00000000 ____D () C:\Users\Classic .NET AppPool\AppData\Roaming\Garmin
2015-01-19 18:40 - 2014-05-07 15:18 - 00000000 ____D () C:\Users\.NET v4.5\AppData\Roaming\Garmin
2015-01-19 18:40 - 2014-05-07 15:18 - 00000000 ____D () C:\Users\.NET v4.5 Classic\AppData\Roaming\Garmin
2015-01-19 18:40 - 2014-05-07 15:18 - 00000000 ____D () C:\Users\.NET v2.0\AppData\Roaming\Garmin
2015-01-19 18:40 - 2014-05-07 15:18 - 00000000 ____D () C:\Users\.NET v2.0 Classic\AppData\Roaming\Garmin
2015-01-19 18:40 - 2014-02-22 05:37 - 00000369 _____ () C:\Users\Classic .NET AppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-01-19 18:40 - 2014-02-22 05:37 - 00000369 _____ () C:\Users\Classic .NET AppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-01-19 18:40 - 2014-02-22 05:37 - 00000369 _____ () C:\Users\.NET v4.5\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-01-19 18:40 - 2014-02-22 05:37 - 00000369 _____ () C:\Users\.NET v4.5\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-01-19 18:40 - 2014-02-22 05:37 - 00000369 _____ () C:\Users\.NET v4.5 Classic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-01-19 18:40 - 2014-02-22 05:37 - 00000369 _____ () C:\Users\.NET v4.5 Classic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-01-19 18:40 - 2014-02-22 05:37 - 00000369 _____ () C:\Users\.NET v2.0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-01-19 18:40 - 2014-02-22 05:37 - 00000369 _____ () C:\Users\.NET v2.0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-01-19 18:40 - 2014-02-22 05:37 - 00000369 _____ () C:\Users\.NET v2.0 Classic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-01-19 18:40 - 2014-02-22 05:37 - 00000369 _____ () C:\Users\.NET v2.0 Classic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-01-19 18:40 - 2013-08-22 16:36 - 00000000 ____D () C:\Users\Classic .NET AppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-01-19 18:40 - 2013-08-22 16:36 - 00000000 ____D () C:\Users\.NET v4.5\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-01-19 18:40 - 2013-08-22 16:36 - 00000000 ____D () C:\Users\.NET v4.5 Classic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-01-19 18:40 - 2013-08-22 16:36 - 00000000 ____D () C:\Users\.NET v2.0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-01-19 18:40 - 2013-08-22 16:36 - 00000000 ____D () C:\Users\.NET v2.0 Classic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-01-19 18:37 - 2015-01-19 18:37 - 00000862 _____ () C:\WINDOWS\system32\termcap
2015-01-19 18:37 - 2015-01-19 18:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IIS
2015-01-19 18:37 - 2015-01-19 18:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hyper-V Management Tools
2015-01-19 18:37 - 2015-01-19 18:37 - 00000000 ____D () C:\WINDOWS\vmguest
2015-01-19 18:37 - 2015-01-19 18:37 - 00000000 ____D () C:\WINDOWS\SysWOW64\BestPractices
2015-01-19 18:37 - 2015-01-19 18:37 - 00000000 ____D () C:\WINDOWS\system32\msmq
2015-01-19 18:37 - 2015-01-19 18:37 - 00000000 ____D () C:\WINDOWS\system32\BestPractices
2015-01-19 18:37 - 2015-01-19 18:37 - 00000000 ____D () C:\WINDOWS\ADAM
2015-01-19 18:37 - 2015-01-19 18:37 - 00000000 ____D () C:\Program Files\Windows Identity Foundation
2015-01-19 18:37 - 2015-01-19 18:37 - 00000000 ____D () C:\Program Files\Hyper-V
2015-01-19 18:37 - 2015-01-19 18:37 - 00000000 ____D () C:\Program Files\CMAK
2015-01-19 18:37 - 2015-01-19 18:37 - 00000000 ____D () C:\Program Files (x86)\CMAK
2015-01-19 18:37 - 2015-01-19 18:37 - 00000000 ____D () C:\inetpub
2015-01-19 16:58 - 2015-01-15 06:08 - 1604350282 _____ () C:\Users\Admin\Downloads\MEMORY.DMP
2015-01-19 15:12 - 2015-01-19 15:12 - 00001171 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-19 15:12 - 2015-01-19 15:12 - 00001159 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-01-19 15:12 - 2015-01-19 15:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-19 15:10 - 2015-01-19 15:10 - 00243728 _____ () C:\Users\Admin\Downloads\Firefox Setup Stub 35_0.exe
2015-01-19 15:09 - 2015-01-19 15:09 - 00001410 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-19 07:02 - 2015-01-19 07:02 - 00000636 _____ () C:\Users\Admin\Desktop\JRT.txt
2015-01-19 06:57 - 2015-01-19 06:57 - 01707939 _____ (Thisisu) C:\Users\Admin\Downloads\JRT(1).exe
2015-01-18 16:42 - 2015-01-19 15:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-18 16:27 - 2015-01-18 16:14 - 00852504 _____ () C:\Users\Admin\Desktop\SecurityCheck.exe
2015-01-18 16:14 - 2015-01-18 16:14 - 00852504 _____ () C:\Users\Admin\Downloads\SecurityCheck.exe
2015-01-18 16:09 - 2015-01-18 16:09 - 02347384 _____ (ESET) C:\Users\Admin\Downloads\esetsmartinstaller_deu(3).exe
2015-01-18 10:11 - 2015-01-18 10:11 - 00000000 ____D () C:\Users\Admin\Downloads\FRST-OlderVersion
2015-01-18 09:34 - 2015-01-18 09:34 - 01707939 _____ (Thisisu) C:\Users\Admin\Downloads\JRT.exe
2015-01-18 09:34 - 2015-01-18 09:34 - 00000000 ____D () C:\WINDOWS\ERUNT
2015-01-18 09:31 - 2015-01-18 09:31 - 02186752 _____ () C:\Users\Admin\Downloads\AdwCleaner_4.108(1).exe
2015-01-18 09:18 - 2015-01-18 09:39 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-01-18 09:18 - 2015-01-18 09:18 - 00001114 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-01-18 09:18 - 2015-01-18 09:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-01-18 09:18 - 2015-01-18 09:18 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-01-18 09:18 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-01-18 09:18 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-01-18 09:18 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-01-18 09:10 - 2015-01-18 09:11 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Admin\Downloads\mbam-setup-2.0.4.1028(1).exe
2015-01-18 08:52 - 2014-08-22 09:00 - 03905536 _____ (Qualcomm Atheros Communications, Inc.) C:\WINDOWS\system32\Drivers\athwbx.sys
2015-01-18 08:34 - 2015-01-18 08:34 - 00000000 ____D () C:\Dell
2015-01-18 07:26 - 2015-01-18 07:26 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Synaptics
2015-01-18 07:21 - 2015-01-18 08:23 - 00029758 _____ () C:\WINDOWS\DPINST.LOG
2015-01-18 07:21 - 2015-01-18 07:21 - 00001342 _____ () C:\WINDOWS\Synaptics.log
2015-01-18 07:21 - 2015-01-18 07:21 - 00000000 ____D () C:\Program Files\Synaptics
2015-01-18 07:10 - 2015-01-18 07:10 - 00003707 _____ () C:\Users\Admin\Desktop\AdwCleaner[S0].txt
2015-01-18 07:04 - 2015-01-18 07:04 - 00001220 _____ () C:\Users\Admin\Desktop\Malwarebytes Anti-Malware180120150700.txt
2015-01-18 06:50 - 2015-01-19 14:29 - 00001280 _____ () C:\Users\Admin\Desktop\Revo Uninstaller.lnk
2015-01-18 06:50 - 2015-01-19 14:29 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-01-18 06:50 - 2015-01-18 06:50 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Admin\Downloads\revosetup95.exe
2015-01-17 13:14 - 2015-01-19 15:54 - 00000000 ____D () C:\AdwCleaner
2015-01-17 13:14 - 2015-01-17 13:14 - 02186752 _____ () C:\Users\Admin\Downloads\AdwCleaner_4.108.exe
2015-01-17 13:12 - 2015-01-17 13:12 - 00380416 _____ () C:\Users\Admin\Downloads\dsz5321w.exe
2015-01-17 12:42 - 2015-01-17 13:05 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-01-17 12:41 - 2015-01-17 13:05 - 00000000 ____D () C:\Users\Admin\Desktop\mbar
2015-01-17 12:40 - 2015-01-17 12:41 - 16448208 _____ (Malwarebytes Corp.) C:\Users\Admin\Downloads\mbar-1.08.2.1001.exe
2015-01-17 12:16 - 2015-01-17 12:16 - 02347384 _____ (ESET) C:\Users\Admin\Downloads\esetsmartinstaller_deu(2).exe
2015-01-17 12:08 - 2015-01-17 12:08 - 00013401 _____ () C:\Users\Admin\Downloads\gmerversion2018444.log
2015-01-17 09:48 - 2015-01-19 20:08 - 00005584 _____ () C:\WINDOWS\PFRO.log
2015-01-17 09:47 - 2015-01-17 09:47 - 00009952 _____ () C:\Users\Admin\Desktop\malwarebytestestversion2041028.txt
2015-01-17 09:45 - 2015-01-17 09:45 - 00365568 _____ () C:\Users\Admin\Downloads\gmer-2.0.18444.exe
2015-01-17 09:38 - 2015-01-17 09:38 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Admin\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-17 09:32 - 2015-01-17 09:32 - 00085001 _____ () C:\Users\Admin\Desktop\Resultminitoolbox.txt
2015-01-17 09:31 - 2015-01-17 09:32 - 00084965 _____ () C:\Users\Admin\Downloads\Result.txt
2015-01-17 09:31 - 2015-01-17 09:31 - 00401920 _____ (Farbar) C:\Users\Admin\Downloads\MiniToolBox.exe
2015-01-17 09:23 - 2015-01-17 09:23 - 00126319 _____ () C:\Users\Admin\Downloads\Shortcut.txt
2015-01-17 09:21 - 2015-01-17 09:21 - 00049295 _____ () C:\Users\Admin\Desktop\FRST.txt
2015-01-17 08:49 - 2015-01-17 08:49 - 00380416 _____ () C:\Users\Admin\Downloads\Gmer-19357.exe
2015-01-17 08:44 - 2015-01-19 20:11 - 00025659 _____ () C:\Users\Admin\Downloads\FRST.txt
2015-01-17 08:44 - 2015-01-19 20:11 - 00000000 ____D () C:\FRST
2015-01-17 08:44 - 2015-01-19 15:58 - 00045186 _____ () C:\Users\Admin\Downloads\Addition.txt
2015-01-17 08:43 - 2015-01-18 10:11 - 02126336 _____ (Farbar) C:\Users\Admin\Downloads\FRST64.exe
2015-01-17 08:43 - 2015-01-18 10:09 - 00000472 _____ () C:\Users\Admin\Downloads\defogger_disable.log
2015-01-17 08:43 - 2015-01-17 08:43 - 00050477 _____ () C:\Users\Admin\Downloads\Defogger.exe
2015-01-17 08:43 - 2015-01-17 08:43 - 00000000 _____ () C:\Users\Admin\defogger_reenable
2015-01-16 17:10 - 2015-01-16 17:10 - 00000000 ____D () C:\Users\Admin\Downloads\TcpView-3.05
2015-01-16 17:09 - 2015-01-16 17:09 - 01179936 _____ () C:\Users\Admin\Downloads\TCPView - CHIP-Installer.exe
2015-01-16 17:09 - 2015-01-16 17:09 - 00291606 _____ () C:\Users\Admin\Downloads\TcpView-3.05.zip
2015-01-16 14:41 - 2015-01-16 14:41 - 00003657 _____ () C:\Users\Admin\Desktop\virenverdachtdatei.txt
2015-01-16 08:41 - 2015-01-16 08:41 - 02347384 _____ (ESET) C:\Users\Admin\Downloads\esetsmartinstaller_deu(1).exe
2015-01-15 06:14 - 2015-01-19 20:05 - 00000000 ____D () C:\WINDOWS\CryptoGuard
2015-01-15 06:14 - 2015-01-17 08:12 - 00000000 ____D () C:\Program Files (x86)\HitmanPro.Alert
2015-01-15 06:14 - 2015-01-15 06:37 - 00548424 _____ (SurfRight) C:\WINDOWS\system32\hmpalert.dll
2015-01-15 06:14 - 2015-01-15 06:37 - 00477008 _____ (SurfRight) C:\WINDOWS\SysWOW64\hmpalert.dll
2015-01-15 06:14 - 2015-01-15 06:37 - 00093144 _____ () C:\WINDOWS\system32\Drivers\hmpalert.sys
2015-01-15 06:14 - 2015-01-15 06:14 - 01889616 _____ (SurfRight B.V.) C:\Users\Admin\Downloads\hmpalert.exe
2015-01-15 06:14 - 2015-01-15 06:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro.Alert
2015-01-15 06:14 - 2015-01-15 06:14 - 00000000 ____D () C:\ProgramData\HitmanPro.Alert
2015-01-15 06:09 - 2015-01-15 06:09 - 00319536 _____ () C:\WINDOWS\Minidump\011515-10203-01.dmp
2015-01-15 06:08 - 2015-01-15 06:08 - 1604350282 _____ () C:\WINDOWS\MEMORY.DMP
2015-01-15 05:52 - 2015-01-15 05:52 - 00012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe
2015-01-15 05:52 - 2015-01-15 05:52 - 00000856 _____ () C:\WINDOWS\system32\.crusader
2015-01-15 05:52 - 2015-01-15 05:52 - 00000142 _____ () C:\WINDOWS\system32\bootdelete.lst
2015-01-14 20:20 - 2015-01-14 20:22 - 00000000 ____D () C:\Program Files (x86)\TrojanHunter 5.6
2015-01-14 20:20 - 2015-01-14 20:20 - 00059392 ____R () C:\WINDOWS\SysWOW64\streamhlp.dll
2015-01-14 20:20 - 2015-01-14 20:20 - 00001097 _____ () C:\Users\Admin\Desktop\TrojanHunter.lnk
2015-01-14 20:20 - 2015-01-14 20:20 - 00000000 ____D () C:\ProgramData\TrojanHunter
2015-01-14 20:20 - 2015-01-14 20:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrojanHunter
2015-01-14 20:16 - 2015-01-14 20:16 - 00000949 _____ () C:\Users\Mcx1-ONEPC\Desktop\PeerGuardian.lnk
2015-01-14 20:16 - 2015-01-14 20:16 - 00000949 _____ () C:\Users\Admin\Desktop\PeerGuardian.lnk
2015-01-14 20:16 - 2015-01-14 20:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PeerGuardian 2
2015-01-14 20:16 - 2015-01-14 20:16 - 00000000 ____D () C:\Program Files (x86)\PeerGuardian2
2015-01-14 19:44 - 2015-01-14 19:45 - 02347384 _____ (ESET) C:\Users\Admin\Downloads\esetsmartinstaller_deu.exe
2015-01-14 19:44 - 2015-01-14 19:44 - 02209056 _____ () C:\Users\Admin\Downloads\avira-eu-cleaner_de.exe
2015-01-14 19:44 - 2015-01-14 19:44 - 00002072 _____ () C:\Users\Admin\Desktop\Entfernen des Avira EU-Cleaners.lnk
2015-01-14 19:44 - 2015-01-14 19:44 - 00002016 _____ () C:\Users\Admin\Desktop\Avira EU-Cleaner.lnk
2015-01-14 19:35 - 2015-01-15 05:52 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-01-14 19:35 - 2015-01-14 19:35 - 11225840 _____ (SurfRight B.V.) C:\Users\Admin\Downloads\hitmanpro_x64.exe
2015-01-14 19:28 - 2015-01-19 20:08 - 00009541 _____ () C:\WINDOWS\setupact.log
2015-01-14 19:28 - 2015-01-14 19:28 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-01-14 17:25 - 2014-04-16 00:35 - 00028352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
2015-01-14 17:25 - 2014-04-16 00:34 - 00029888 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2015-01-14 10:15 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-01-14 10:15 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-01-14 10:15 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-01-14 10:15 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-01-14 10:15 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-01-14 10:15 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-01-14 10:15 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-01-14 10:15 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-01-14 10:15 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-01-14 10:15 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-01-14 10:15 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-01-14 10:15 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-01-14 10:15 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-01-14 10:15 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-01-14 10:15 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-01-13 14:36 - 2015-01-13 14:41 - 00000000 ____D () C:\Users\Admin\Documents\InfiniteCrisis
2015-01-13 14:36 - 2015-01-13 14:36 - 00000000 ____D () C:\Users\Admin\AppData\Local\InfiniteCrisis
2015-01-13 08:17 - 2015-01-13 12:41 - 00000000 ____D () C:\Users\Admin\AppData\Local\Turbine
2015-01-13 08:08 - 2015-01-13 08:08 - 00000000 ____D () C:\ProgramData\Turbine
2015-01-13 07:17 - 2015-01-13 07:19 - 164623600 _____ () C:\Users\Admin\Desktop\InfiniteCrisisInstaller.exe
2015-01-10 12:50 - 2015-01-10 12:50 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2015-01-10 12:49 - 2015-01-10 12:50 - 05410368 _____ (Code Laboratories, Inc.) C:\Users\Admin\Downloads\CL-Eye-Driver-5.3.0.0341.exe
2015-01-10 12:42 - 2015-01-10 12:43 - 23535342 _____ () C:\Users\Admin\Downloads\ECam-V2_0_3_0.zip
2015-01-09 17:16 - 2015-01-09 17:50 - 2840363008 _____ () C:\Users\Admin\Downloads\Image_Windows7_32+64.iso
2015-01-05 14:30 - 2015-01-05 14:30 - 01923104 _____ (CTS Games Ltd. ) C:\Users\Admin\Downloads\szone_webinst.exe
2015-01-04 19:49 - 2015-01-19 20:09 - 00070144 ___SH () C:\Users\Admin\Desktop\Thumbs.db
2015-01-03 16:16 - 2015-01-03 16:16 - 00000876 _____ () C:\Users\Admin\Desktop\X-Motor Racing Launcher.lnk
2015-01-03 16:16 - 2015-01-03 16:16 - 00000831 _____ () C:\Users\Admin\Desktop\X-Motor Racing.lnk
2015-01-03 16:16 - 2015-01-03 16:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\X-Motor Racing Demo
2015-01-03 16:15 - 2015-01-03 16:15 - 00000000 ____D () C:\Games
2015-01-03 16:11 - 2015-01-03 16:14 - 220323599 _____ () C:\Users\Admin\Downloads\x-motor-racing.demo.v1.48.zip
2014-12-30 13:55 - 2014-12-30 13:55 - 00003909 _____ () C:\Users\Admin\Downloads\Transformers.Rise.of.the.Dark.Spark.save100.zip
2014-12-30 13:47 - 2014-12-30 13:47 - 00000000 ____H () C:\Users\Admin\Documents\Default.rdp
2014-12-29 18:53 - 2014-12-29 18:53 - 00000000 ____D () C:\Lohnkonto
2014-12-29 17:46 - 2014-12-29 17:46 - 00002860 _____ () C:\Users\Admin\Desktop\ToppKurierMA2014.csv
2014-12-29 17:42 - 2014-12-29 17:42 - 00004266 _____ () C:\Users\Admin\Desktop\MA2014.txt
2014-12-29 17:35 - 2014-12-29 19:12 - 00000000 ____D () C:\Users\Admin\elan2014
2014-12-29 17:34 - 2014-12-29 17:34 - 00001985 _____ () C:\Users\Admin\Desktop\REHADAT_Elan_2014.lnk
2014-12-29 17:34 - 2014-12-29 17:34 - 00000000 ____D () C:\Users\Admin\elan2014start
2014-12-29 17:34 - 2014-12-29 17:34 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\REHADAT_Elan_2014
2014-12-28 15:26 - 2014-12-28 15:26 - 00000000 ____D () C:\Users\Admin\AppData\Local\Skyrim
2014-12-28 08:06 - 2014-12-28 08:06 - 00000000 ____D () C:\Users\Admin\AppData\Local\techland
2014-12-27 21:21 - 2014-12-27 21:21 - 00000222 _____ () C:\Users\Admin\Desktop\Call of Juarez Gunslinger.url
2014-12-26 08:14 - 2014-12-26 08:14 - 00003886 _____ () C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2014-12-25 14:03 - 2015-01-19 11:40 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\QuickScan
2014-12-25 09:52 - 2014-12-25 09:52 - 00003090 _____ () C:\WINDOWS\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2819443126-392552937-1277417864-1001
2014-12-24 20:00 - 2014-12-24 20:00 - 00000222 _____ () C:\Users\Admin\Desktop\Next Car Game Wreckfest.url
2014-12-24 19:03 - 2014-12-24 19:03 - 00000000 ____D () C:\Users\Admin\AppData\Local\next car game technology sneak peek
2014-12-24 19:02 - 2014-12-24 19:02 - 11754447 _____ () C:\Users\Admin\Downloads\ncg_wallpapers.zip
2014-12-24 18:26 - 2014-12-24 19:00 - 00000222 _____ () C:\Users\Admin\Desktop\Next Car Game Sneak Peek 2.0.url
2014-12-24 12:15 - 2014-12-24 12:15 - 00000221 _____ () C:\Users\Admin\Desktop\Cogs.url
2014-12-24 11:39 - 2014-12-24 11:38 - 00000444 _____ () C:\Users\Admin\Desktop\Delivery report.ext
2014-12-22 19:50 - 2015-01-19 18:55 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2819443126-392552937-1277417864-1001
2014-12-22 17:33 - 2014-12-22 17:34 - 06177829 _____ () C:\Users\Admin\Downloads\Helmet&Driver.rar
2014-12-22 17:33 - 2014-12-22 17:33 - 00534227 _____ (Reiza Studios Ltda. ) C:\Users\Admin\Downloads\Marcas_v102_Setup.exe
2014-12-22 12:40 - 2015-01-19 20:09 - 01919859 _____ () C:\WINDOWS\WindowsUpdate.log
2014-12-22 12:37 - 2015-01-19 20:01 - 00005124 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for ONEPC-Admin OnePC
2014-12-22 12:34 - 2014-12-22 12:34 - 00002772 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2014-12-22 12:34 - 2014-12-22 12:34 - 00000794 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-12-22 12:34 - 2014-12-22 12:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-12-22 12:34 - 2014-12-22 12:34 - 00000000 ____D () C:\Program Files\CCleaner
2014-12-22 12:30 - 2015-01-05 14:39 - 00000000 ____D () C:\Program Files (x86)\Panda Security
2014-12-22 12:30 - 2015-01-05 14:38 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Panda Security
2014-12-22 12:30 - 2014-12-22 12:31 - 04036200 _____ (Piriform Ltd) C:\Users\Admin\Downloads\ccsetup500_slim.exe
2014-12-22 12:29 - 2015-01-05 14:38 - 00000000 ____D () C:\ProgramData\Panda Security
2014-12-21 11:49 - 2014-12-21 11:49 - 00000222 _____ () C:\Users\Admin\Desktop\The Great War 1918.url
2014-12-21 11:46 - 2014-12-21 11:46 - 00001373 _____ () C:\Users\Admin\Desktop\The Great War 1918.lnk
2014-12-21 09:44 - 2014-12-21 09:44 - 00000222 _____ () C:\Users\Admin\Desktop\Company of Heroes (New Steam Version).url
2014-12-20 11:53 - 2014-12-25 13:17 - 00000022 _____ () C:\WINDOWS\GPU-Z.INI
2014-12-20 11:43 - 2014-12-20 11:43 - 00000000 ____D () C:\Program Files (x86)\Futuremark
2014-12-20 11:40 - 2014-12-20 11:41 - 02674688 _____ () C:\Users\Admin\Downloads\Futuremark_SystemInfo_v433_installer.msi
2014-12-20 11:40 - 2014-12-20 11:40 - 00000000 ____D () C:\Users\Admin\AppData\Local\Futuremark
2014-12-20 11:33 - 2014-12-20 11:33 - 00001176 _____ () C:\Users\Public\Desktop\3DMark.lnk
2014-12-20 11:33 - 2014-12-20 11:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Futuremark
2014-12-20 11:33 - 2014-12-20 11:33 - 00000000 ____D () C:\Program Files\Futuremark
2014-12-20 08:41 - 2014-12-20 08:41 - 00000975 _____ () C:\Users\Admin\Desktop\TechPowerUp GPU-Z.lnk
2014-12-20 08:41 - 2014-12-20 08:41 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TechPowerUp GPU-Z
2014-12-20 08:41 - 2014-12-20 08:41 - 00000000 ____D () C:\Program Files (x86)\GPU-Z
2014-12-20 08:40 - 2014-12-20 08:40 - 01577464 _____ ( ) C:\Users\Admin\Downloads\cpu-z_1.71.1-setup-en.exe
2014-12-20 08:09 - 2014-12-20 08:09 - 00001098 _____ () C:\Users\Admin\Desktop\MSI Afterburner.lnk
2014-12-20 08:08 - 2014-12-20 08:08 - 00000000 ____D () C:\Users\Admin\Downloads\MSIAfterburnerSetup400

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-19 20:10 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\inetsrv
2015-01-19 20:09 - 2014-11-12 10:36 - 27590656 _____ () C:\WINDOWS\system32\vmguest.iso
2015-01-19 20:09 - 2013-08-04 19:03 - 00000000 ____D () C:\ProgramData\Origin
2015-01-19 20:09 - 2013-06-04 07:27 - 00000000 __RDO () C:\Users\Admin\SkyDrive
2015-01-19 20:08 - 2014-11-28 10:25 - 32800895 _____ () C:\Simraceway.log
2015-01-19 20:08 - 2013-11-03 10:49 - 00001126 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-19 20:08 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-19 20:07 - 2013-08-22 14:25 - 00786432 ___SH () C:\WINDOWS\system32\config\BBI
2015-01-19 20:05 - 2013-09-30 05:14 - 02192756 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-01-19 20:05 - 2013-09-30 04:58 - 00926386 _____ () C:\WINDOWS\system32\perfh007.dat
2015-01-19 20:05 - 2013-09-30 04:58 - 00222270 _____ () C:\WINDOWS\system32\perfc007.dat
2015-01-19 19:44 - 2013-11-03 10:49 - 00001130 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-19 19:43 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-01-19 19:43 - 2013-06-04 18:18 - 00000000 ____D () C:\Users\Admin\AppData\Local\CrashDumps
2015-01-19 19:43 - 2013-06-03 18:14 - 00000000 ____D () C:\Users\Admin\AppData\Local\Packages
2015-01-19 19:24 - 2013-11-03 16:46 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-01-19 19:00 - 2013-12-28 10:24 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2015-01-19 18:40 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\registration
2015-01-19 18:40 - 2013-06-03 18:44 - 02127216 _____ () C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2015-01-19 18:37 - 2014-11-29 08:50 - 13784576 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmms.exe
2015-01-19 18:37 - 2014-11-29 08:50 - 06287360 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmwp.exe
2015-01-19 18:37 - 2014-11-29 08:50 - 03684864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdsai.dll
2015-01-19 18:37 - 2014-11-29 08:50 - 00236032 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsec.dll
2015-01-19 18:37 - 2014-11-29 08:50 - 00233984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqad.dll
2015-01-19 18:37 - 2014-11-29 08:50 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqsec.dll
2015-01-19 18:37 - 2014-11-29 08:50 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqad.dll
2015-01-19 18:37 - 2014-11-29 08:50 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqcmiplugin.dll
2015-01-19 18:37 - 2014-11-29 08:49 - 00704000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Wnv.sys
2015-01-19 18:37 - 2014-11-29 08:49 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\vsconfig.dll
2015-01-19 18:37 - 2014-11-29 08:49 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqcmiplugin.dll
2015-01-19 18:37 - 2014-11-29 08:49 - 00126976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqmigplugin.dll
2015-01-19 18:37 - 2014-11-29 08:48 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisRtl.dll
2015-01-19 18:37 - 2014-11-29 08:48 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisRtl.dll
2015-01-19 18:37 - 2014-11-29 08:48 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqmigplugin.dll
2015-01-19 18:37 - 2014-11-29 08:48 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wnvapi.dll
2015-01-19 18:37 - 2014-11-29 08:48 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ahadmin.dll
2015-01-19 18:37 - 2014-11-29 08:48 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\RdvGpuInfo.dll
2015-01-19 18:37 - 2014-11-29 08:48 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\admwprox.dll
2015-01-19 18:37 - 2014-11-29 08:48 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\admwprox.dll
2015-01-19 18:37 - 2014-11-29 08:48 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ahadmin.dll
2015-01-19 18:37 - 2014-11-29 08:48 - 00017920 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisreset.exe
2015-01-19 18:37 - 2014-11-29 08:48 - 00015872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisreset.exe
2015-01-19 18:37 - 2014-11-29 08:48 - 00015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wamregps.dll
2015-01-19 18:37 - 2014-11-29 08:48 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisrstap.dll
2015-01-19 18:37 - 2014-11-29 08:48 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wamregps.dll
2015-01-19 18:37 - 2014-11-29 08:48 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisrstap.dll
2015-01-19 18:37 - 2014-09-15 05:04 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpdsvc.dll
2015-01-19 18:37 - 2014-09-15 05:04 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\lprmon.dll
2015-01-19 18:37 - 2014-05-16 06:41 - 00023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\infoadmn.dll
2015-01-19 18:37 - 2014-05-16 06:41 - 00017920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\infoadmn.dll
2015-01-19 18:37 - 2014-05-16 06:41 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\infoctrs.dll
2015-01-19 18:37 - 2014-05-16 06:41 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\infoctrs.dll
2015-01-19 18:37 - 2014-04-21 12:08 - 01429336 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2015-01-19 18:37 - 2014-04-21 12:08 - 01390936 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2015-01-19 18:37 - 2014-04-21 12:08 - 01378648 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2015-01-19 18:37 - 2014-04-21 12:08 - 01263960 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2015-01-19 18:37 - 2014-04-21 12:08 - 00981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\adprop.dll
2015-01-19 18:37 - 2014-04-21 12:08 - 00421376 _____ (Microsoft Corporation) C:\WINDOWS\system32\synthnic.dll
2015-01-19 18:37 - 2014-04-21 12:08 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmulatedNic.dll
2015-01-19 18:37 - 2014-04-21 12:05 - 00598528 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcdiag.exe
2015-01-19 18:37 - 2014-04-21 12:05 - 00423936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcdiag.exe
2015-01-19 18:37 - 2014-04-21 12:05 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\system32\synthstor.dll
2015-01-19 18:37 - 2014-04-21 12:05 - 00280064 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsrolesrv.dll
2015-01-19 18:37 - 2014-04-21 12:04 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdparser.sys
2015-01-19 18:37 - 2014-04-14 08:52 - 00068960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2015-01-19 18:37 - 2014-04-14 08:52 - 00019808 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdhvcom.dll
2015-01-19 18:37 - 2013-12-14 08:45 - 00257536 _____ (Microsoft Corporation) C:\WINDOWS\system32\synthfcvdev.dll
2015-01-19 18:37 - 2013-09-30 05:11 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pvhdparser.sys
2015-01-19 18:37 - 2013-09-30 04:58 - 00000000 ____D () C:\WINDOWS\system32\de
2015-01-19 18:37 - 2013-08-22 16:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-19 18:37 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\inetsrv
2015-01-19 18:37 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\schemas
2015-01-19 18:37 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2015-01-19 18:37 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-01-19 18:37 - 2013-08-22 12:48 - 00014688 _____ () C:\WINDOWS\system32\sbresources.dll
2015-01-19 18:37 - 2013-08-22 12:46 - 01466522 _____ () C:\WINDOWS\system32\WindowsVirtualization.V2.mof
2015-01-19 18:37 - 2013-08-22 12:44 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.tlb
2015-01-19 18:37 - 2013-08-22 12:44 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa30.tlb
2015-01-19 18:37 - 2013-08-22 12:44 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa20.tlb
2015-01-19 18:37 - 2013-08-22 12:44 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa10.tlb
2015-01-19 18:37 - 2013-08-22 12:44 - 00004608 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdsmsg.dll
2015-01-19 18:37 - 2013-08-22 12:40 - 00173568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mqac.sys
2015-01-19 18:37 - 2013-08-22 12:39 - 00022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\passthruparser.sys
2015-01-19 18:37 - 2013-08-22 12:39 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\lunparser.sys
2015-01-19 18:37 - 2013-08-22 12:38 - 00039739 _____ () C:\WINDOWS\system32\hypervisor.mof
2015-01-19 18:37 - 2013-08-22 12:35 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqutil.dll
2015-01-19 18:37 - 2013-08-22 12:34 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdsatq.dll
2015-01-19 18:37 - 2013-08-22 12:34 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\adamssip.dll
2015-01-19 18:37 - 2013-08-22 12:33 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\evntcmd.exe
2015-01-19 18:37 - 2013-08-22 12:33 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdsperf.dll
2015-01-19 18:37 - 2013-08-22 12:33 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\snmpmib.dll
2015-01-19 18:37 - 2013-08-22 12:32 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdsa.dll
2015-01-19 18:37 - 2013-08-22 12:32 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsvc.exe
2015-01-19 18:37 - 2013-08-22 12:32 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\lprhelp.dll
2015-01-19 18:37 - 2013-08-22 12:32 - 00022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\simptcp.dll
2015-01-19 18:37 - 2013-08-22 12:32 - 00010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsamain.exe
2015-01-19 18:37 - 2013-08-22 12:31 - 00121856 _____ (Microsoft Corporation) C:\WINDOWS\system32\evntwin.exe
2015-01-19 18:37 - 2013-08-22 12:31 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\evntagnt.dll
2015-01-19 18:37 - 2013-08-22 12:31 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\snmp.exe
2015-01-19 18:37 - 2013-08-22 12:31 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\TFTP.EXE
2015-01-19 18:37 - 2013-08-22 12:31 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64mib.dll
2015-01-19 18:37 - 2013-08-22 12:31 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\lprmonui.dll
2015-01-19 18:37 - 2013-08-22 12:31 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpr.exe
2015-01-19 18:37 - 2013-08-22 12:31 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpq.exe
2015-01-19 18:37 - 2013-08-22 12:29 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsadb.dll
2015-01-19 18:37 - 2013-08-22 12:29 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdskcc.dll
2015-01-19 18:37 - 2013-08-22 12:27 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\lmmib2.dll
2015-01-19 18:37 - 2013-08-22 12:26 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqbkup.exe
2015-01-19 18:37 - 2013-08-22 12:25 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsmgmt.exe
2015-01-19 18:37 - 2013-08-22 12:25 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\iprip.dll
2015-01-19 18:37 - 2013-08-22 12:25 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspperf.dll
2015-01-19 18:37 - 2013-08-22 12:22 - 00332288 _____ (Microsoft Corporation) C:\WINDOWS\system32\repadmin.exe
2015-01-19 18:37 - 2013-08-22 12:22 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetProj.exe
2015-01-19 18:37 - 2013-08-22 12:20 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdsbsrv.dll
2015-01-19 18:37 - 2013-08-22 12:20 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\hostmib.dll
2015-01-19 18:37 - 2013-08-22 12:20 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqcertui.dll
2015-01-19 18:37 - 2013-08-22 12:17 - 00146944 _____ (Microsoft Corporation) C:\WINDOWS\system32\tlntsvr.exe
2015-01-19 18:37 - 2013-08-22 12:13 - 00046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsacls.exe
2015-01-19 18:37 - 2013-08-22 12:12 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\csvde.exe
2015-01-19 18:37 - 2013-08-22 12:11 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ldifde.exe
2015-01-19 18:37 - 2013-08-22 12:10 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ldp.exe
2015-01-19 18:37 - 2013-08-22 12:05 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdsetup.dll
2015-01-19 18:37 - 2013-08-22 11:59 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\HyperVSysprepProvider.dll
2015-01-19 18:37 - 2013-08-22 11:53 - 00302080 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.dll
2015-01-19 18:37 - 2013-08-22 11:53 - 00229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsuiwiz.dll
2015-01-19 18:37 - 2013-08-22 11:51 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqtrig.dll
2015-01-19 18:37 - 2013-08-22 11:45 - 00133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\telnet.exe
2015-01-19 18:37 - 2013-08-22 11:45 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDEWSProxy.DLL
2015-01-19 18:37 - 2013-08-22 11:44 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\CRPPresentation.dll
2015-01-19 18:37 - 2013-08-22 11:41 - 00168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqtgsvc.exe
2015-01-19 18:37 - 2013-08-22 11:39 - 00323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\schmmgmt.dll
2015-01-19 18:37 - 2013-08-22 11:36 - 00101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\tlntsess.exe
2015-01-19 18:37 - 2013-08-22 11:36 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqise.dll
2015-01-19 18:37 - 2013-08-22 11:35 - 00759808 _____ (Microsoft Corporation) C:\WINDOWS\system32\adsiedit.dll
2015-01-19 18:37 - 2013-08-22 11:35 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteFileBrowse.dll
2015-01-19 18:37 - 2013-08-22 11:34 - 00251904 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsdbutil.exe
2015-01-19 18:37 - 2013-08-22 11:33 - 01093632 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsadmin.dll
2015-01-19 18:37 - 2013-08-22 11:31 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\system32\snmpsnap.dll
2015-01-19 18:37 - 2013-08-22 11:27 - 00062464 _____ (Microsoft Corporation) C:\WINDOWS\system32\tlntadmn.exe
2015-01-19 18:37 - 2013-08-22 11:25 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDRCWSProxy.DLL
2015-01-19 18:37 - 2013-08-22 11:24 - 01227264 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetProjW.dll
2015-01-19 18:37 - 2013-08-22 11:23 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqrt.dll
2015-01-19 18:37 - 2013-08-22 11:19 - 00788992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsnap.dll
2015-01-19 18:37 - 2013-08-22 11:16 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMCNative.dll
2015-01-19 18:37 - 2013-08-22 11:10 - 01408512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqqm.dll
2015-01-19 18:37 - 2013-08-22 10:53 - 00033280 _____ () C:\WINDOWS\system32\ActivationVdev.dll
2015-01-19 18:37 - 2013-08-22 10:50 - 00122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqlogmgr.dll
2015-01-19 18:37 - 2013-08-22 10:39 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmbusvdev.dll
2015-01-19 18:37 - 2013-08-22 10:38 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmprox.dll
2015-01-19 18:37 - 2013-08-22 10:38 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmwpctrl.dll
2015-01-19 18:37 - 2013-08-22 10:34 - 00204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmickvpexchange.dll
2015-01-19 18:37 - 2013-08-22 10:33 - 00170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmicshutdown.dll
2015-01-19 18:37 - 2013-08-22 10:33 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmicguestinterface.dll
2015-01-19 18:37 - 2013-08-22 10:33 - 00141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmictimesync.dll
2015-01-19 18:37 - 2013-08-22 10:31 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmicheartbeat.dll
2015-01-19 18:37 - 2013-08-22 10:30 - 00151552 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmicvss.dll
2015-01-19 18:37 - 2013-08-22 10:29 - 00151552 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmicrdv.dll
2015-01-19 18:37 - 2013-08-22 10:19 - 02159616 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdp4vs.dll
2015-01-19 18:37 - 2013-08-22 09:29 - 00144646 _____ () C:\WINDOWS\system32\dssite.msc
2015-01-19 18:37 - 2013-08-22 09:29 - 00144380 _____ () C:\WINDOWS\system32\adsiedit.msc
2015-01-19 18:37 - 2013-08-22 09:25 - 00533504 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmconnect.exe
2015-01-19 18:37 - 2013-08-22 08:35 - 00144967 _____ () C:\WINDOWS\system32\virtmgmt.msc
2015-01-19 18:37 - 2013-08-22 07:59 - 00047974 _____ () C:\WINDOWS\system32\IIsScHlp.wsc
2015-01-19 18:37 - 2013-08-22 07:59 - 00041401 _____ () C:\WINDOWS\system32\IIsExt.vbs
2015-01-19 18:37 - 2013-08-22 07:59 - 00009096 _____ () C:\WINDOWS\system32\msmqtrc.mof
2015-01-19 18:37 - 2013-08-22 07:58 - 00107882 _____ () C:\WINDOWS\system32\mib_ii.mib
2015-01-19 18:37 - 2013-08-22 07:58 - 00048593 _____ () C:\WINDOWS\system32\hostmib.mib
2015-01-19 18:37 - 2013-08-22 07:58 - 00034317 _____ () C:\WINDOWS\system32\msiprip2.mib
2015-01-19 18:37 - 2013-08-22 07:58 - 00030448 _____ () C:\WINDOWS\system32\mcastmib.mib
2015-01-19 18:37 - 2013-08-22 07:58 - 00026236 _____ () C:\WINDOWS\system32\wins.mib
2015-01-19 18:37 - 2013-08-22 07:58 - 00026100 _____ () C:\WINDOWS\system32\lmmib2.mib
2015-01-19 18:37 - 2013-08-22 07:58 - 00022462 _____ () C:\WINDOWS\system32\rfc2571.mib
2015-01-19 18:37 - 2013-08-22 07:58 - 00021271 _____ () C:\WINDOWS\system32\http.mib
2015-01-19 18:37 - 2013-08-22 07:58 - 00015799 _____ () C:\WINDOWS\system32\ipforwd.mib
2015-01-19 18:37 - 2013-08-22 07:58 - 00015032 _____ () C:\WINDOWS\system32\authserv.mib
2015-01-19 18:37 - 2013-08-22 07:58 - 00014032 _____ () C:\WINDOWS\system32\accserv.mib
2015-01-19 18:37 - 2013-08-22 07:58 - 00013767 _____ () C:\WINDOWS\system32\msipbtp.mib
2015-01-19 18:37 - 2013-08-22 07:58 - 00006179 _____ () C:\WINDOWS\system32\ftp.mib
2015-01-19 18:37 - 2013-08-22 07:58 - 00004597 _____ () C:\WINDOWS\system32\dhcp.mib
2015-01-19 18:37 - 2013-08-22 07:58 - 00004411 _____ () C:\WINDOWS\system32\smi.mib
2015-01-19 18:37 - 2013-08-22 05:16 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa.tlb
2015-01-19 18:37 - 2013-08-22 05:16 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa30.tlb
2015-01-19 18:37 - 2013-08-22 05:16 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa20.tlb
2015-01-19 18:37 - 2013-08-22 05:16 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa10.tlb
2015-01-19 18:37 - 2013-08-22 05:06 - 00563712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqutil.dll
2015-01-19 18:37 - 2013-08-22 05:05 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\snmpmib.dll
2015-01-19 18:37 - 2013-08-22 05:04 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evntcmd.exe
2015-01-19 18:37 - 2013-08-22 05:04 - 00019968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdsperf.dll
2015-01-19 18:37 - 2013-08-22 05:03 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evntagnt.dll
2015-01-19 18:37 - 2013-08-22 05:03 - 00046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\snmp.exe
2015-01-19 18:37 - 2013-08-22 05:02 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evntwin.exe
2015-01-19 18:37 - 2013-08-22 05:00 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lmmib2.dll
2015-01-19 18:37 - 2013-08-22 04:59 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsmgmt.exe
2015-01-19 18:37 - 2013-08-22 04:59 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspperf.dll
2015-01-19 18:37 - 2013-08-22 04:56 - 00254976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\repadmin.exe
2015-01-19 18:37 - 2013-08-22 04:54 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqcertui.dll
2015-01-19 18:37 - 2013-08-22 04:53 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hostmib.dll
2015-01-19 18:37 - 2013-08-22 04:48 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsacls.exe
2015-01-19 18:37 - 2013-08-22 04:46 - 00069120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ldifde.exe
2015-01-19 18:37 - 2013-08-22 04:46 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\csvde.exe
2015-01-19 18:37 - 2013-08-22 04:31 - 00253440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa.dll
2015-01-19 18:37 - 2013-08-22 04:29 - 00165888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqtrig.dll
2015-01-19 18:37 - 2013-08-22 04:25 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSDEWSProxy.DLL
2015-01-19 18:37 - 2013-08-22 04:19 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqise.dll
2015-01-19 18:37 - 2013-08-22 04:17 - 00217600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsdbutil.exe
2015-01-19 18:37 - 2013-08-22 04:15 - 00181248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\snmpsnap.dll
2015-01-19 18:37 - 2013-08-22 04:09 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSDRCWSProxy.DLL
2015-01-19 18:37 - 2013-08-22 04:08 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqrt.dll
2015-01-19 18:37 - 2013-08-22 04:05 - 00606720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqsnap.dll
2015-01-19 18:37 - 2013-08-22 04:03 - 00363008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SMCNative.dll
2015-01-19 18:37 - 2013-08-22 02:39 - 01140224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Windows.Smc.dll
2015-01-19 18:37 - 2013-08-22 02:39 - 00033614 _____ () C:\WINDOWS\system32\ScanManagement.msc
2015-01-19 18:37 - 2013-08-22 00:55 - 00009096 _____ () C:\WINDOWS\SysWOW64\msmqtrc.mof
2015-01-19 18:37 - 2013-08-22 00:54 - 00047974 _____ () C:\WINDOWS\SysWOW64\IIsScHlp.wsc
2015-01-19 18:37 - 2013-08-22 00:54 - 00041401 _____ () C:\WINDOWS\SysWOW64\IIsExt.vbs
2015-01-19 18:37 - 2013-08-22 00:53 - 00107882 _____ () C:\WINDOWS\SysWOW64\mib_ii.mib
2015-01-19 18:37 - 2013-08-22 00:53 - 00048593 _____ () C:\WINDOWS\SysWOW64\hostmib.mib
2015-01-19 18:37 - 2013-08-22 00:53 - 00034317 _____ () C:\WINDOWS\SysWOW64\msiprip2.mib
2015-01-19 18:37 - 2013-08-22 00:53 - 00030448 _____ () C:\WINDOWS\SysWOW64\mcastmib.mib
2015-01-19 18:37 - 2013-08-22 00:53 - 00026236 _____ () C:\WINDOWS\SysWOW64\wins.mib
2015-01-19 18:37 - 2013-08-22 00:53 - 00026100 _____ () C:\WINDOWS\SysWOW64\lmmib2.mib
2015-01-19 18:37 - 2013-08-22 00:53 - 00022462 _____ () C:\WINDOWS\SysWOW64\rfc2571.mib
2015-01-19 18:37 - 2013-08-22 00:53 - 00021271 _____ () C:\WINDOWS\SysWOW64\http.mib
2015-01-19 18:37 - 2013-08-22 00:53 - 00015799 _____ () C:\WINDOWS\SysWOW64\ipforwd.mib
2015-01-19 18:37 - 2013-08-22 00:53 - 00015032 _____ () C:\WINDOWS\SysWOW64\authserv.mib
2015-01-19 18:37 - 2013-08-22 00:53 - 00014032 _____ () C:\WINDOWS\SysWOW64\accserv.mib
2015-01-19 18:37 - 2013-08-22 00:53 - 00013767 _____ () C:\WINDOWS\SysWOW64\msipbtp.mib
2015-01-19 18:37 - 2013-08-22 00:53 - 00006179 _____ () C:\WINDOWS\SysWOW64\ftp.mib
2015-01-19 18:37 - 2013-08-22 00:53 - 00004597 _____ () C:\WINDOWS\SysWOW64\dhcp.mib
2015-01-19 18:37 - 2013-08-22 00:53 - 00004411 _____ () C:\WINDOWS\SysWOW64\smi.mib
2015-01-19 18:37 - 2012-07-26 11:27 - 00000000 ____D () C:\WINDOWS\system32\0407
2015-01-19 18:37 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-01-19 15:09 - 2014-09-28 09:25 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Raptr
2015-01-19 15:09 - 2013-11-03 07:37 - 00000000 ____D () C:\Fraps
2015-01-19 09:46 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-01-18 11:16 - 2014-04-13 18:20 - 00000000 ____D () C:\Users\Admin\Documents\Garmin
2015-01-18 11:16 - 2014-04-13 18:19 - 00000000 ____D () C:\Program Files (x86)\Garmin
2015-01-18 11:16 - 2014-04-13 18:16 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Garmin
2015-01-18 11:16 - 2014-04-13 18:16 - 00000000 ____D () C:\Users\Admin\AppData\Local\Garmin
2015-01-18 11:16 - 2014-04-13 18:16 - 00000000 ____D () C:\ProgramData\Garmin
2015-01-18 11:16 - 2013-10-04 13:33 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-18 11:06 - 2014-11-15 10:45 - 00000000 ____D () C:\ProgramData\eMule
2015-01-18 10:56 - 2013-06-03 18:28 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-01-18 10:46 - 2013-10-23 15:32 - 00000000 ____D () C:\Users\Admin
2015-01-18 10:33 - 2014-10-21 11:59 - 00000000 ____D () C:\ProgramData\Netzmanager
2015-01-18 10:33 - 2014-10-20 16:39 - 00000000 ____D () C:\Users\Mcx1-ONEPC
2015-01-18 09:03 - 2014-08-03 04:32 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\StormFall
2015-01-18 08:45 - 2013-06-03 18:27 - 00000000 ____D () C:\WINDOWS\tmpdrv
2015-01-18 08:38 - 2014-04-13 13:41 - 00000132 _____ () C:\Users\Admin\AppData\Local\killertool.log
2015-01-18 07:25 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-01-17 09:48 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\IME
2015-01-17 09:20 - 2014-08-26 16:37 - 00000000 ____D () C:\Users\Admin\Desktop\Neues Verzeichnis
2015-01-17 08:39 - 2013-06-20 18:11 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\TeamViewer
2015-01-15 15:28 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-01-15 06:09 - 2014-01-17 15:30 - 00000000 ____D () C:\WINDOWS\Minidump
2015-01-14 19:23 - 2013-06-27 19:03 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\TS3Client
2015-01-14 10:34 - 2013-07-12 17:28 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-14 10:31 - 2013-06-03 19:18 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-01-13 21:46 - 2013-06-04 07:07 - 00000000 ____D () C:\ProgramData\Lexware
2015-01-13 19:24 - 2013-11-03 16:46 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-01-13 18:25 - 2014-02-11 16:50 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\apsec
2015-01-13 08:17 - 2014-08-19 15:45 - 00000000 ____D () C:\Users\Admin\AppData\Local\Adobe
2015-01-13 07:07 - 2014-12-02 10:55 - 00000000 ____D () C:\Users\Admin\Documents\The Crew
2015-01-13 07:07 - 2014-03-01 12:42 - 00000000 ____D () C:\Users\Admin\Documents\DayZ
2015-01-13 07:07 - 2013-09-26 18:04 - 00000000 ____D () C:\Users\Admin\Documents\Arma 3
2015-01-10 16:31 - 2013-06-27 08:14 - 00000000 ____D () C:\Users\Admin\Documents\Outlook-Dateien
2015-01-07 08:35 - 2014-06-03 10:45 - 01291280 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2015-01-07 08:35 - 2014-04-08 20:01 - 02210224 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2015-01-07 08:34 - 2014-06-03 10:45 - 01715408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2015-01-07 08:34 - 2014-04-08 20:01 - 02824504 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2015-01-06 01:08 - 2013-08-22 16:38 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-01-06 01:08 - 2013-08-22 16:38 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-05 14:39 - 2014-12-17 22:00 - 00000000 ____D () C:\WINDOWS\SysWOW64\NV
2015-01-05 14:39 - 2014-12-17 22:00 - 00000000 ____D () C:\WINDOWS\system32\NV
2015-01-05 14:39 - 2013-08-22 15:44 - 00500104 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-01-05 14:34 - 2013-08-04 19:05 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Origin
2015-01-03 08:38 - 2014-12-19 13:00 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\vlc
2015-01-03 08:22 - 2013-08-22 16:36 - 00000000 __RHD () C:\Users\Public\Libraries
2014-12-31 12:14 - 2013-06-03 19:24 - 00298120 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2014-12-31 11:31 - 2013-11-30 13:20 - 00000000 ____D () C:\Users\Admin\Documents\SimCity
2014-12-28 11:52 - 2013-06-04 16:16 - 00000000 ____D () C:\Users\Admin\Documents\my games
2014-12-28 09:27 - 2013-08-26 18:03 - 00000000 ____D () C:\Users\Admin\Documents\4A Games
2014-12-27 21:21 - 2013-06-05 20:49 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-12-25 10:02 - 2014-10-05 11:21 - 00007602 _____ () C:\Users\Admin\AppData\Local\Resmon.ResmonCfg
2014-12-25 07:33 - 2013-07-07 18:47 - 00000000 ____D () C:\Users\Admin\AppData\Local\4A Games
2014-12-23 20:23 - 2014-04-21 10:25 - 00000000 ____D () C:\Users\Admin\Downloads\recuva 8gb stick
2014-12-23 06:55 - 2013-09-12 07:56 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-12-22 12:18 - 2013-11-17 08:59 - 00015512 _____ () C:\Users\Admin\Downloads\hijackthis.log
2014-12-22 12:15 - 2013-11-17 09:04 - 00000000 ____D () C:\Users\Admin\Downloads\backups
2014-12-21 08:24 - 2013-06-22 13:07 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\.rFactor
2014-12-21 08:03 - 2013-06-20 18:05 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\rFactor 2
2014-12-20 19:56 - 2014-12-02 10:55 - 00000000 ____D () C:\Users\Admin\Documents\ProfileCache
2014-12-20 18:31 - 2014-08-26 16:52 - 00000000 ____D () C:\Program Files (x86)\RivaTuner Statistics Server
2014-12-20 11:57 - 2013-08-25 15:25 - 00000000 ____D () C:\Users\Admin\Documents\3DMark
2014-12-20 08:40 - 2014-07-15 15:20 - 00000845 _____ () C:\Users\Public\Desktop\CPUID CPU-Z.lnk
2014-12-20 08:09 - 2013-11-03 07:59 - 00000000 ____D () C:\WINDOWS\SysWOW64\directx
2014-12-20 08:09 - 2013-11-03 07:59 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner
2014-12-20 08:09 - 2013-11-03 07:59 - 00000000 ____D () C:\Program Files (x86)\MSI Afterburner
2014-12-20 06:40 - 2014-12-15 22:52 - 00000000 ____D () C:\Users\Admin\Documents\Assetto Corsa

==================== Files in the root of some directories =======
2014-07-05 19:34 - 2014-07-06 05:11 - 0000154 _____ () C:\Users\Admin\AppData\Roaming\Rim.Desktop.Exception.log
2014-07-05 19:34 - 2014-11-28 10:20 - 0001937 _____ () C:\Users\Admin\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2014-07-05 19:34 - 2014-07-06 05:11 - 0000154 _____ () C:\Users\Admin\AppData\Roaming\Rim.DesktopHelper.Exception.log
2014-04-13 13:44 - 2014-10-23 09:10 - 0000000 _____ () C:\Users\Admin\AppData\Local\BluetoothPresent.flag
2014-04-13 13:44 - 2014-10-23 09:10 - 0000000 _____ () C:\Users\Admin\AppData\Local\Driver_Jupiter_01Present.flag
2014-04-13 13:44 - 2014-10-23 09:10 - 0000000 _____ () C:\Users\Admin\AppData\Local\Driver_LOM_8161Present.flag
2014-11-09 07:59 - 2014-11-09 08:00 - 0318088 _____ () C:\Users\Admin\AppData\Local\HDGraph.log
2014-04-13 13:41 - 2015-01-18 08:38 - 0000132 _____ () C:\Users\Admin\AppData\Local\killertool.log
2014-01-04 17:12 - 2014-11-10 16:33 - 0000600 _____ () C:\Users\Admin\AppData\Local\PUTTY.RND
2014-10-05 11:21 - 2014-12-25 10:02 - 0007602 _____ () C:\Users\Admin\AppData\Local\Resmon.ResmonCfg
2013-09-09 14:29 - 2013-09-09 14:29 - 0000057 _____ () C:\ProgramData\Ament.ini

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-18 15:22

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---
hier ein Link für das Bild vom netzwerkdienst hotspotshield der immer noch zu installieren ginge

https://onedrive.live.com/?cid=9f32aba1b2778102&id=9F32ABA1B2778102!164273&v=3&ithint=photo,jpg&authkey=!ABihEqmw3jPHlF4

Guten Morgen und täglich grüsst das Murmeltier

hab aber den Netzmanager deinstalliert wegen der doppelten Anmeldung um das zu beobachten.... aber 6:55 kam noch mal ein angriff da war schon der Netzmanager weg...


Code:
ATTFilter
20.01.2015  06:55:33 DoS(Denial of Service) Angriff UDP flood wurde entdeckt. (FW101)
20.01.2015  06:51:53 Doppelte Benutzeranmeldung von IP-Adresse 192.168.2.14
20.01.2015  06:51:37 DoS(Denial of Service) Angriff SYN Flood Stop wurde entdeckt. (FW101)
20.01.2015  06:51:36 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
20.01.2015  06:51:36 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
20.01.2015  06:51:36 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
20.01.2015  06:51:35 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
20.01.2015  06:51:24 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
20.01.2015  06:51:23 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
20.01.2015  06:51:23 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
20.01.2015  06:51:22 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
20.01.2015  06:51:21 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
20.01.2015  06:51:21 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
20.01.2015  06:51:21 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
20.01.2015  06:51:20 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
20.01.2015  06:51:20 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
20.01.2015  06:51:20 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
20.01.2015  06:51:20 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
20.01.2015  06:51:20 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
20.01.2015  06:51:19 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
20.01.2015  06:50:57 192.168.2.14 Anmeldung erfolgreich. (G101)
20.01.2015  06:46:45 DoS(Denial of Service) Angriff SYN Flood Stop wurde entdeckt. (FW101)
20.01.2015  06:46:44 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
20.01.2015  06:46:44 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
20.01.2015  06:46:44 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
20.01.2015  06:46:43 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
20.01.2015  06:46:43 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
20.01.2015  06:46:43 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
20.01.2015  06:46:42 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
20.01.2015  06:46:42 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
20.01.2015  06:46:42 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
20.01.2015  06:46:41 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
20.01.2015  06:46:41 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
20.01.2015  06:46:40 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
20.01.2015  06:46:39 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
20.01.2015  06:46:39 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
20.01.2015  06:46:39 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
20.01.2015  06:43:37 DoS(Denial of Service) Angriff SYN Flood Stop wurde entdeckt. (FW101)
20.01.2015  06:43:37 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
20.01.2015  06:43:37 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
20.01.2015  06:43:37 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
20.01.2015  06:43:37 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
20.01.2015  06:43:36 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
20.01.2015  06:43:36 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
20.01.2015  06:43:28 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
20.01.2015  06:43:28 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
20.01.2015  06:43:28 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
20.01.2015  06:43:28 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
20.01.2015  06:43:28 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
20.01.2015  06:43:28 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
20.01.2015  06:41:51 DoS(Denial of Service) Angriff SYN Flood Stop wurde entdeckt. (FW101)
20.01.2015  06:41:29 DoS(Denial of Service) Angriff SYN Flood Stop wurde entdeckt. (FW101)
20.01.2015  06:41:28 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
20.01.2015  06:41:28 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
20.01.2015  06:41:27 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
20.01.2015  06:41:24 DoS(Denial of Service) Angriff SYN Flood Stop wurde entdeckt. (FW101)
20.01.2015  06:41:24 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
20.01.2015  06:41:24 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
20.01.2015  06:36:35 DoS(Denial of Service) Angriff SYN Flood Stop wurde entdeckt. (FW101)
20.01.2015  06:36:34 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
20.01.2015  06:36:34 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
20.01.2015  06:36:34 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
20.01.2015  06:36:34 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
20.01.2015  06:36:33 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
20.01.2015  06:36:33 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
20.01.2015  06:36:33 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
20.01.2015  06:36:33 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
20.01.2015  06:36:32 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
20.01.2015  06:36:32 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
20.01.2015  06:36:32 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
20.01.2015  06:36:32 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
20.01.2015  06:36:32 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
20.01.2015  06:36:32 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
20.01.2015  06:36:32 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
20.01.2015  06:36:31 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
20.01.2015  06:36:31 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
20.01.2015  06:36:30 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
20.01.2015  06:36:30 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
20.01.2015  06:36:30 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
20.01.2015  06:36:29 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
20.01.2015  06:36:29 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
20.01.2015  06:31:47 DoS(Denial of Service) Angriff SYN Flood Stop wurde entdeckt. (FW101)
20.01.2015  06:31:47 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
20.01.2015  06:31:47 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
20.01.2015  06:31:46 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
20.01.2015  06:31:46 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
20.01.2015  06:31:46 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
20.01.2015  06:31:46 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
20.01.2015  06:31:45 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
20.01.2015  06:31:45 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
20.01.2015  06:31:45 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
20.01.2015  06:31:45 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
20.01.2015  06:31:35 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
20.01.2015  06:31:33 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
20.01.2015  06:31:33 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
20.01.2015  06:31:32 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
20.01.2015  06:31:32 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
20.01.2015  06:31:32 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
20.01.2015  06:31:30 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
20.01.2015  06:31:30 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
20.01.2015  06:31:30 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
20.01.2015  06:31:30 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
20.01.2015  06:31:29 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
20.01.2015  06:31:29 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
20.01.2015  06:29:45 Doppelte Benutzeranmeldung von IP-Adresse 192.168.2.14
20.01.2015  06:28:47 Doppelte Benutzeranmeldung von IP-Adresse 192.168.2.14
20.01.2015  06:28:37 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
20.01.2015  06:28:37 DoS(Denial of Service) Angriff SYN Flood Stop wurde entdeckt. (FW101)
20.01.2015  06:28:37 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
20.01.2015  06:28:36 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
20.01.2015  06:28:36 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
20.01.2015  06:28:35 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
20.01.2015  06:28:35 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
20.01.2015  06:28:35 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
20.01.2015  06:28:34 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101)
20.01.2015  06:28:01 DHCP ist aktiv: LAN MAC Adresse <DC:D3:21:CF:D2:08> IP-Adresse <192.168.2.3> Subnetzmaske <255.255.255.0> DNS-Server <192.168.2.1> Gateway <192.168.2.1> Lease Time <Immer> (H001)
20.01.2015  06:27:49 Doppelte Benutzeranmeldung von IP-Adresse 192.168.2.14
20.01.2015  06:27:49 DHCP ist aktiv: LAN MAC Adresse <DC:D3:21:CF:D2:08> IP-Adresse <192.168.2.3> Subnetzmaske <255.255.255.0> DNS-Server <192.168.2.1> Gateway <192.168.2.1> Lease Time <Immer> (H001)
20.01.2015  06:27:48 DHCP ist aktiv: LAN MAC Adresse <DC:D3:21:CF:D2:08> IP-Adresse <192.168.2.3> Subnetzmaske <255.255.255.0> DNS-Server <192.168.2.1> Gateway <192.168.2.1> Lease Time <Immer> (H001)
20.01.2015  06:27:35 DHCP ist aktiv: LAN MAC Adresse <DC:D3:21:CF:D2:08> IP-Adresse <192.168.2.3> Subnetzmaske <255.255.255.0> DNS-Server <192.168.2.1> Gateway <192.168.2.1> Lease Time <Immer> (H001)
20.01.2015  06:26:51 Doppelte Benutzeranmeldung von IP-Adresse 192.168.2.14
20.01.2015  06:25:54 Doppelte Benutzeranmeldung von IP-Adresse 192.168.2.14
20.01.2015  06:24:56 Doppelte Benutzeranmeldung von IP-Adresse 192.168.2.14
20.01.2015  06:24:00 Doppelte Benutzeranmeldung von IP-Adresse 192.168.2.14
20.01.2015  06:23:00 Doppelte Benutzeranmeldung von IP-Adresse 192.168.2.14
20.01.2015  06:22:03 Doppelte Benutzeranmeldung von IP-Adresse 192.168.2.14
20.01.2015  06:21:05 Doppelte Benutzeranmeldung von IP-Adresse 192.168.2.14
         
ergänzung 16:07 Uhr : jeder anruf(raus)(rein nicht)(IP Telefonie) ist ein Flood ... hab mal probetelefonieren gemacht... muaaah das weiss nicht mal die Telekom... intern macht nix nur externes telefonieren... Ohje ... aber wir bleiben dran... mal sehn was wir noch rausfinden, vielleicht setzen wir uns Siebe auf und schützen uns vor Ausserirdischen Strahlungen Spass beiseite ...

Geändert von andto (19.01.2015 um 22:01 Uhr)

Antwort

Themen zu nur Laptop sendet Dos Attacke Syn und UDP Flood an Router W921v
abmeldung, aktiv, angemeldet, angriff, anmeldung, attacke, denial of service, dos, entdeck, gelöscht, gmer, griff, guten, interne, laptop, logfiles, morgen, netto, neu, probleme, rechner, router, service, syn flood, udp, upload, w921v, woche



Ähnliche Themen: nur Laptop sendet Dos Attacke Syn und UDP Flood an Router W921v


  1. Laptop über LAN an Router Internet bricht ab
    Log-Analyse und Auswertung - 24.02.2015 (16)
  2. Laptop langsamer seit DDOS Attacke
    Log-Analyse und Auswertung - 27.01.2015 (9)
  3. Speedport W921V mit Devolo Probleme bei Internetverbindung
    Alles rund um Windows - 07.01.2015 (28)
  4. SYN-Flood Attacken gegen Router (High Ping und Speedprobleme)
    Plagegeister aller Art und deren Bekämpfung - 15.04.2013 (0)
  5. SYN Flood Problem
    Plagegeister aller Art und deren Bekämpfung - 22.05.2012 (1)
  6. Syn Flood Attacken gegen Router
    Plagegeister aller Art und deren Bekämpfung - 02.03.2012 (11)
  7. SYN Flood im Routerlog
    Log-Analyse und Auswertung - 30.05.2011 (2)
  8. Syn Flood T Sinus DSL 130 Router
    Mülltonne - 13.02.2011 (1)
  9. SYN Flood to Host
    Log-Analyse und Auswertung - 26.07.2010 (7)
  10. BDS/Flood.IRC.2
    Log-Analyse und Auswertung - 11.01.2010 (3)
  11. udp flood / smurf
    Überwachung, Datenschutz und Spam - 17.08.2009 (4)
  12. SYN-Flood-Problem
    Plagegeister aller Art und deren Bekämpfung - 11.01.2008 (0)
  13. Laptop blockiert Router für andere PCs
    Log-Analyse und Auswertung - 04.01.2008 (0)
  14. Internet geht auf einem PC nicht mehr, Laptop (am gleichen Router angeschlossen) geht
    Plagegeister aller Art und deren Bekämpfung - 04.12.2007 (0)
  15. Router <-> Windows (OK) / Router <-> Linux (nicht OK)
    Netzwerk und Hardware - 23.04.2007 (13)
  16. Problem mit Laptop+Router (falsche IP?) - HILFE!!
    Netzwerk und Hardware - 31.07.2005 (11)
  17. irc/flood.cm?
    Plagegeister aller Art und deren Bekämpfung - 08.01.2004 (2)

Zum Thema nur Laptop sendet Dos Attacke Syn und UDP Flood an Router W921v - Guten Morgen mein Laptop sendet an meinen Router W921v Dos Attacken ich bin neu und habe bis auf "Gmer19357.exe" (bricht ab) alle Aufgaben erledigt. Logfiles liegen vor. FRST und Fogger. - nur Laptop sendet Dos Attacke Syn und UDP Flood an Router W921v...
Archiv
Du betrachtest: nur Laptop sendet Dos Attacke Syn und UDP Flood an Router W921v auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.