Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Adware reste OTL LOG auswerten

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 16.03.2015, 15:24   #1
Necromorph
 
Adware reste OTL LOG auswerten - Standard

Adware reste OTL LOG auswerten



Hi ich bin neu hier und habe gleich mal eine Frage zu einen Programm OTL nennt sich das und damit wollte ich einen scan machen weil ich mir gestern abend einen Adware Software installiert habe da ich nicht sicher bin wie ich diesen log auswerten soll wollte ich euch fragen ob ihr mir dabei helfen könntet

Hier der LogOTL Logfile:
Code:
ATTFilter
OTL logfile created on: 16.03.2015 16:10:02 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = D:\
64bit- Professional  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17690)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,90 Gb Total Physical Memory | 6,49 Gb Available Physical Memory | 82,16% Memory free
8,09 Gb Paging File | 6,61 Gb Available in Paging File | 81,65% Paging File free
Paging file location(s): c:\pagefile.sys 200 1024 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,79 Gb Total Space | 16,43 Gb Free Space | 14,70% Space Free | Partition Type: NTFS
Drive D: | 465,66 Gb Total Space | 450,55 Gb Free Space | 96,75% Space Free | Partition Type: NTFS
 
Computer Name: NECRO | User Name: MC-Necro | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - D:\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe (BlueStack Systems, Inc.)
PRC - C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe (BlueStack Systems, Inc.)
PRC - C:\Programme\ESET\ESET Smart Security\x86\ekrn.exe (ESET)
PRC - C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe (Samsung Electronics.)
PRC - C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe (Stardock Software, Inc)
PRC - C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Samsung\Samsung Magician\SAMSUNG_SSD.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (PnkBstrA) -- C:\Windows\SysNative\PnkBstrA.exe ()
SRV:64bit: - (AudioEndpointBuilder) -- C:\Windows\SysNative\AudioEndpointBuilder.dll (Microsoft Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (MsKeyboardFilter) -- C:\Windows\SysNative\KeyboardFilterSvc.dll (Microsoft Corporation)
SRV:64bit: - (WSService) -- C:\Windows\SysNative\WSService.dll (Microsoft Corporation)
SRV:64bit: - (WEPHOSTSVC) -- C:\Windows\SysNative\wephostsvc.dll (Microsoft Corporation)
SRV:64bit: - (EFS) -- C:\Windows\SysNative\efssvc.dll (Microsoft Corporation)
SRV:64bit: - (WiaRpc) -- C:\Windows\SysNative\wiarpc.dll (Microsoft Corporation)
SRV:64bit: - (svsvc) -- C:\Windows\SysNative\svsvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (fhsvc) -- C:\Windows\SysNative\fhsvc.dll (Microsoft Corporation)
SRV:64bit: - (BthHFSrv) -- C:\Windows\SysNative\BthHFSrv.dll (Microsoft Corporation)
SRV:64bit: - (LSM) -- C:\Windows\SysNative\lsm.dll (Microsoft Corporation)
SRV:64bit: - (NcaSvc) -- C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicvss) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmictimesync) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicshutdown) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicrdv) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmickvpexchange) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicheartbeat) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicguestinterface) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (smphost) -- C:\Windows\SysNative\smphost.dll (Microsoft Corporation)
SRV:64bit: - (Netlogon) -- C:\Windows\SysNative\netlogon.dll (Microsoft Corporation)
SRV:64bit: - (SystemEventsBroker) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (ScDeviceEnum) -- C:\Windows\SysNative\ScDeviceEnum.dll (Microsoft Corporation)
SRV:64bit: - (KeyIso) -- C:\Windows\SysNative\keyiso.dll (Microsoft Corporation)
SRV:64bit: - (TimeBroker) -- C:\Windows\SysNative\TimeBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (netprofm) -- C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation)
SRV:64bit: - (NcbService) -- C:\Windows\SysNative\ncbservice.dll (Microsoft Corporation)
SRV:64bit: - (Wcmsvc) -- C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation)
SRV:64bit: - (VaultSvc) -- C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation)
SRV:64bit: - (DeviceAssociationService) -- C:\Windows\SysNative\das.dll (Microsoft Corporation)
SRV:64bit: - (BrokerInfrastructure) -- C:\Windows\SysNative\bisrv.dll (Microsoft Corporation)
SRV:64bit: - (wlidsvc) -- C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
SRV:64bit: - (lfsvc) -- C:\Windows\SysNative\GeofenceMonitorService.dll (Microsoft Corporation)
SRV:64bit: - (DsmSvc) -- C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
SRV:64bit: - (NcdAutoSetup) -- C:\Windows\SysNative\NcdAutoSetup.dll (Microsoft Corporation)
SRV:64bit: - (AppReadiness) -- C:\Windows\SysNative\AppReadiness.dll (Microsoft Corporation)
SRV:64bit: - (AppXSvc) -- C:\Windows\SysNative\AppXDeploymentServer.dll (Microsoft Corporation)
SRV:64bit: - (workfolderssvc) -- C:\Windows\SysNative\workfolderssvc.dll (Microsoft Corporation)
SRV:64bit: - (igfxCUIService1.0.0.0) -- C:\Windows\SysNative\igfxCUIService.exe (Intel Corporation)
SRV:64bit: - (PrintNotify) -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV - (Origin Client Service) -- C:\Program Files (x86)\Origin\OriginClientService.exe (Electronic Arts)
SRV - (Disc Soft Lite Bus Service) -- C:\Programme\DAEMON Tools Lite\DiscSoftBusService.exe (Disc Soft Ltd)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe (AVG Technologies)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (MBAMService) -- C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation)
SRV - (StorSvc) -- C:\Windows\SysWOW64\StorSvc.dll (Microsoft Corporation)
SRV - (smphost) -- C:\Windows\SysWOW64\smphost.dll (Microsoft Corporation)
SRV - (lfsvc) -- C:\Windows\SysWOW64\GeofenceMonitorService.dll (Microsoft Corporation)
SRV - (Service KMSELDI) -- C:\Programme\KMSpico\Service_KMS.exe (@ByELDI)
SRV - (BstHdUpdaterSvc) -- C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe (BlueStack Systems, Inc.)
SRV - (BstHdLogRotatorSvc) -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe (BlueStack Systems, Inc.)
SRV - (BstHdAndroidSvc) -- C:\Program Files (x86)\BlueStacks\HD-Service.exe (BlueStack Systems, Inc.)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (ekrn) -- C:\Programme\ESET\ESET Smart Security\x86\ekrn.exe (ESET)
SRV - (PrintNotify) -- C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV - (Start8) -- C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe (Stardock Software, Inc)
SRV - (IAStorDataMgrSvc) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
SRV - (ADExchange) -- C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe (ArcSoft, Inc.)
SRV - (Launch TotalMedia Theatre 6 Driver) -- C:\Program Files (x86)\ArcSoft\TotalMedia Theatre 6\TMTLaunchDriverServer.exe (ArcSoft, Inc.)
SRV - (Intel(R) -- C:\Programme\Intel\iCLS Client\SocketHeciServer.exe (Intel(R) Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMSwissArmy) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys (Malwarebytes Corporation)
DRV:64bit: - (dtlitescsibus) -- C:\Windows\SysNative\drivers\dtlitescsibus.sys (Disc Soft Ltd)
DRV:64bit: - (WdFilter) -- C:\Windows\SysNative\drivers\WdFilter.sys (Microsoft Corporation)
DRV:64bit: - (WdNisDrv) -- C:\Windows\SysNative\drivers\WdNisDrv.sys (Microsoft Corporation)
DRV:64bit: - (WdBoot) -- C:\Windows\SysNative\drivers\WdBoot.sys (Microsoft Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\TeeDriverx64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (RTL8168) -- C:\Windows\SysNative\drivers\Rt630x64.sys (Realtek                                            )
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdWB6.sys (Advanced Micro Devices)
DRV:64bit: - (Hamachi) -- C:\Windows\SysNative\drivers\Hamdrv.sys (LogMeIn Inc.)
DRV:64bit: - (ahcache) -- C:\Windows\SysNative\drivers\ahcache.sys (Microsoft Corporation)
DRV:64bit: - (MBAMWebAccessControl) -- C:\Windows\SysNative\drivers\mwac.sys (Malwarebytes Corporation)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (WFPLWFS) -- C:\Windows\SysNative\drivers\wfplwfs.sys (Microsoft Corporation)
DRV:64bit: - (dam) -- C:\Windows\SysNative\drivers\dam.sys (Microsoft Corporation)
DRV:64bit: - (spaceport) -- C:\Windows\SysNative\drivers\spaceport.sys (Microsoft Corporation)
DRV:64bit: - (wpcfltr) -- C:\Windows\SysNative\drivers\wpcfltr.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (WSDScan) -- C:\Windows\SysNative\drivers\WSDScan.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (BthHFEnum) -- C:\Windows\SysNative\drivers\bthhfenum.sys (Microsoft Corporation)
DRV:64bit: - (netvsc) -- C:\Windows\SysNative\drivers\netvsc63.sys (Microsoft Corporation)
DRV:64bit: - (NdisImPlatform) -- C:\Windows\SysNative\drivers\NdisImPlatform.sys (Microsoft Corporation)
DRV:64bit: - (MsLldp) -- C:\Windows\SysNative\drivers\mslldp.sys (Microsoft Corporation)
DRV:64bit: - (Ndu) -- C:\Windows\SysNative\drivers\Ndu.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (intelpep) -- C:\Windows\SysNative\drivers\intelpep.sys (Microsoft Corporation)
DRV:64bit: - (pdc) -- C:\Windows\SysNative\drivers\pdc.sys (Microsoft Corporation)
DRV:64bit: - (ReFS) -- C:\Windows\SysNative\drivers\refs.sys (Microsoft Corporation)
DRV:64bit: - (USBHUB3) -- C:\Windows\SysNative\drivers\USBHUB3.SYS (Microsoft Corporation)
DRV:64bit: - (USBXHCI) -- C:\Windows\SysNative\drivers\USBXHCI.SYS (Microsoft Corporation)
DRV:64bit: - (UCX01000) -- C:\Windows\SysNative\drivers\UCX01000.SYS (Microsoft Corporation)
DRV:64bit: - (vpci) -- C:\Windows\SysNative\drivers\vpci.sys (Microsoft Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (eamonm) -- C:\Windows\SysNative\drivers\eamonm.sys (ESET)
DRV:64bit: - (edevmon) -- C:\Windows\SysNative\drivers\edevmon.sys (ESET)
DRV:64bit: - (epfw) -- C:\Windows\SysNative\drivers\epfw.sys (ESET)
DRV:64bit: - (ehdrv) -- C:\Windows\SysNative\drivers\ehdrv.sys (ESET)
DRV:64bit: - (epfwwfp) -- C:\Windows\SysNative\drivers\epfwwfp.sys (ESET)
DRV:64bit: - (EpfwLWF) -- C:\Windows\SysNative\drivers\EpfwLWF.sys (ESET)
DRV:64bit: - (intaud_WaveExtensible) -- C:\Windows\SysNative\drivers\intelaud.sys (Intel Corporation)
DRV:64bit: - (iwdbus) -- C:\Windows\SysNative\drivers\iwdbus.sys (Intel Corporation)
DRV:64bit: - (GPIOClx0101) -- C:\Windows\SysNative\drivers\msgpioclx.sys (Microsoft Corporation)
DRV:64bit: - (iaStorA) -- C:\Windows\SysNative\drivers\iaStorA.sys (Intel Corporation)
DRV:64bit: - (CLFS) -- C:\Windows\SysNative\drivers\clfs.sys (Microsoft Corporation)
DRV:64bit: - (SerCx2) -- C:\Windows\SysNative\drivers\SerCx2.sys (Microsoft Corporation)
DRV:64bit: - (VerifierExt) -- C:\Windows\SysNative\drivers\VerifierExt.sys (Microsoft Corporation)
DRV:64bit: - (sdstor) -- C:\Windows\SysNative\drivers\sdstor.sys (Microsoft Corporation)
DRV:64bit: - (stornvme) -- C:\Windows\SysNative\drivers\stornvme.sys (Microsoft Corporation)
DRV:64bit: - (BasicRender) -- C:\Windows\SysNative\drivers\BasicRender.sys (Microsoft Corporation)
DRV:64bit: - (kbldfltr) -- C:\Windows\SysNative\drivers\kbldfltr.sys (Microsoft Corporation)
DRV:64bit: - (Vid) -- C:\Windows\SysNative\drivers\Vid.sys (Microsoft Corporation)
DRV:64bit: - (vmbusr) -- C:\Windows\SysNative\drivers\vmbusr.sys (Microsoft Corporation)
DRV:64bit: - (storvsp) -- C:\Windows\SysNative\drivers\storvsp.sys (Microsoft Corporation)
DRV:64bit: - (vpcivsp) -- C:\Windows\SysNative\drivers\vpcivsp.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (Wof) -- C:\Windows\SysNative\drivers\wof.sys (Microsoft Corporation)
DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (ArcCtrl) -- C:\Windows\SysNative\drivers\ArcCtrl.sys ()
DRV:64bit: - (condrv) -- C:\Windows\SysNative\drivers\condrv.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (acpiex) -- C:\Windows\SysNative\drivers\acpiex.sys (Microsoft Corporation)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (mvumis) -- C:\Windows\SysNative\drivers\mvumis.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (msgpiowin32) -- C:\Windows\SysNative\drivers\msgpiowin32.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (LSI_SSS) -- C:\Windows\SysNative\drivers\lsi_sss.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (LSI_SAS3) -- C:\Windows\SysNative\drivers\lsi_sas3.sys (LSI Corporation)
DRV:64bit: - (ADP80XX) -- C:\Windows\SysNative\drivers\adp80xx.sys (PMC-Sierra)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (3ware) -- C:\Windows\SysNative\drivers\3ware.sys (LSI)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (EhStorTcgDrv) -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys (Microsoft Corporation)
DRV:64bit: - (EhStorClass) -- C:\Windows\SysNative\drivers\EhStorClass.sys (Microsoft Corporation)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (VSTXRAID) -- C:\Windows\SysNative\drivers\VSTXRAID.SYS (VIA Corporation)
DRV:64bit: - (UASPStor) -- C:\Windows\SysNative\drivers\uaspstor.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology, Inc.)
DRV:64bit: - (storahci) -- C:\Windows\SysNative\drivers\storahci.sys (Microsoft Corporation)
DRV:64bit: - (SpbCx) -- C:\Windows\SysNative\drivers\SpbCx.sys (Microsoft Corporation)
DRV:64bit: - (SerCx) -- C:\Windows\SysNative\drivers\SerCx.sys (Microsoft Corporation)
DRV:64bit: - (UEFI) -- C:\Windows\SysNative\drivers\uefi.sys (Microsoft Corporation)
DRV:64bit: - (WpdUpFltr) -- C:\Windows\SysNative\drivers\WpdUpFltr.sys (Microsoft Corporation)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (BasicDisplay) -- C:\Windows\SysNative\drivers\BasicDisplay.sys (Microsoft Corporation)
DRV:64bit: - (HyperVideo) -- C:\Windows\SysNative\drivers\HyperVideo.sys (Microsoft Corporation)
DRV:64bit: - (mshidumdf) -- C:\Windows\SysNative\drivers\mshidumdf.sys (Microsoft Corporation)
DRV:64bit: - (acpitime) -- C:\Windows\SysNative\drivers\acpitime.sys (Microsoft Corporation)
DRV:64bit: - (acpipagr) -- C:\Windows\SysNative\drivers\acpipagr.sys (Microsoft Corporation)
DRV:64bit: - (BthAvrcpTg) -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys (Microsoft Corporation)
DRV:64bit: - (kdnic) -- C:\Windows\SysNative\drivers\kdnic.sys (Microsoft Corporation)
DRV:64bit: - (gencounter) -- C:\Windows\SysNative\drivers\vmgencounter.sys (Microsoft Corporation)
DRV:64bit: - (npsvctrig) -- C:\Windows\SysNative\drivers\npsvctrig.sys (Microsoft Corporation)
DRV:64bit: - (bthhfhid) -- C:\Windows\SysNative\drivers\BthhfHid.sys (Microsoft Corporation)
DRV:64bit: - (hyperkbd) -- C:\Windows\SysNative\drivers\hyperkbd.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (hidi2c) -- C:\Windows\SysNative\drivers\hidi2c.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (NdisVirtualBus) -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys (Microsoft Corporation)
DRV:64bit: - (FxPPM) -- C:\Windows\SysNative\drivers\fxppm.sys (Microsoft Corporation)
DRV:64bit: - (bcmfn2) -- C:\Windows\SysNative\drivers\bcmfn2.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (iaStorAV) -- C:\Windows\SysNative\drivers\iaStorAV.sys (Intel Corporation)
DRV:64bit: - (iaLPSSi_GPIO) -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys (Intel Corporation)
DRV:64bit: - (iaLPSSi_I2C) -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys (Intel Corporation)
DRV:64bit: - (t_mouse.sys) -- C:\Windows\SysNative\drivers\t_mouse.sys ()
DRV:64bit: - (amdkmafd) -- C:\Windows\SysNative\drivers\amdkmafd.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (Revoflt) -- C:\Windows\SysNative\drivers\revoflt.sys (VS Revo Group)
DRV:64bit: - (RecFltr) -- C:\Windows\SysNative\drivers\RecFltr.sys ()
DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) Server 2003 DDK provider)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys (TuneUp Software)
DRV - (HWiNFO32) -- C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS (REALiX(tm))
DRV - (BstHdDrv) -- C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys (BlueStack Systems)
DRV - (UnlockerDriver5) -- C:\Programme\Unlocker\UnlockerDriver5.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-21-3114231556-3272972307-1787784662-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/?gfe_rd=cr&ei=q_cFVfHuJMuK-Qa2qIGIBw&gws_rd=ssl
IE - HKU\S-1-5-21-3114231556-3272972307-1787784662-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
IE - HKU\S-1-5-21-3114231556-3272972307-1787784662-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-3114231556-3272972307-1787784662-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3114231556-3272972307-1787784662-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3114231556-3272972307-1787784662-1004\..\SearchScopes\{2B525A53-40D1-437E-AF4F-FE66323C7910}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-3114231556-3272972307-1787784662-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.6.2: C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.31.2: C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.31.2: C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1216156.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.3.0: C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.6.2: C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.40.2: C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.40.2: C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
[2015.03.08 18:20:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
 
O1 HOSTS File: ([2013.08.22 14:25:41 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MouseDriver] C:\Windows\SysNative\TiltWheelMouse.exe (Pixart Imaging Inc)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe (BlueStack Systems, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-3114231556-3272972307-1787784662-1004..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (Disc Soft Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found
O9:64bit: - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.169.185.161 83.169.185.225
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8E887280-384E-4E94-85D5-23EDDD707C66}: DhcpNameServer = 83.169.185.161 83.169.185.225
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27:64bit: - HKLM IFEO\AcroRd32.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies)
O27:64bit: - HKLM IFEO\bf4.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies)
O27:64bit: - HKLM IFEO\bf4_x86.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies)
O27:64bit: - HKLM IFEO\bfh.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies)
O27:64bit: - HKLM IFEO\crysis3.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies)
O27:64bit: - HKLM IFEO\dtlite.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies)
O27:64bit: - HKLM IFEO\origin.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies)
O27:64bit: - HKLM IFEO\originer.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies)
O27:64bit: - HKLM IFEO\skype.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies)
O27:64bit: - HKLM IFEO\tm server.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies)
O27:64bit: - HKLM IFEO\ulaunchtmt6.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies)
O27:64bit: - HKLM IFEO\utotalmediatheatre6.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies)
O27 - HKLM IFEO\AcroRd32.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies)
O27 - HKLM IFEO\bf4.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies)
O27 - HKLM IFEO\bf4_x86.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies)
O27 - HKLM IFEO\bfh.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies)
O27 - HKLM IFEO\crysis3.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies)
O27 - HKLM IFEO\dtlite.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies)
O27 - HKLM IFEO\origin.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies)
O27 - HKLM IFEO\originer.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies)
O27 - HKLM IFEO\skype.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies)
O27 - HKLM IFEO\tm server.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies)
O27 - HKLM IFEO\ulaunchtmt6.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies)
O27 - HKLM IFEO\utotalmediatheatre6.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2015.03.15 21:44:21 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{789ce035-c4aa-11e4-82cc-74d435bb1459}\Shell - "" = AutoRun
O33 - MountPoints2\{789ce035-c4aa-11e4-82cc-74d435bb1459}\Shell\AutoRun\command - "" = "G:\Setup.exe" 
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2015.03.16 15:56:25 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2015.03.16 15:16:36 | 000,129,752 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2015.03.16 15:16:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
[2015.03.16 15:16:25 | 000,093,400 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2015.03.16 15:16:25 | 000,064,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2015.03.16 15:16:25 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2015.03.16 15:16:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ Malwarebytes Anti-Malware 
[2015.03.16 15:16:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2015.03.15 23:10:42 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2015.03.15 23:10:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Sidebar
[2015.03.15 23:10:40 | 000,041,784 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\TURegOpt.exe
[2015.03.15 23:10:40 | 000,030,520 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\authuitu.dll
[2015.03.15 23:10:40 | 000,025,912 | ---- | C] (AVG Technologies) -- C:\Windows\SysWow64\authuitu.dll
[2015.03.15 23:10:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2015.03.15 22:25:29 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2015.03.15 21:43:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2015.03.15 21:40:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2015.03.15 20:47:42 | 000,000,000 | ---D | C] -- C:\Users\MC-Necro\AppData\Roaming\03D40274-1426448862-05BB-1406-590700080009
[2015.03.15 20:45:45 | 000,000,000 | ---D | C] -- C:\ProgramData\atjs
[2015.03.15 20:45:44 | 000,000,000 | ---D | C] -- C:\Users\MC-Necro\AppData\Roaming\lz5X1XA
[2015.03.15 20:45:44 | 000,000,000 | ---D | C] -- C:\Users\MC-Necro\AppData\Roaming\7eTwD7u
[2015.03.15 20:45:43 | 000,000,000 | ---D | C] -- C:\Users\MC-Necro\AppData\Roaming\oVy5zhI
[2015.03.12 19:35:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2015.03.12 19:35:25 | 000,098,216 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2015.03.12 19:34:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2015.03.11 13:01:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CHIP Updater
[2015.03.11 12:54:46 | 000,933,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\calc.exe
[2015.03.11 12:54:45 | 000,816,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\calc.exe
[2015.03.11 12:54:42 | 000,264,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdFilter.sys
[2015.03.11 12:54:42 | 000,114,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdNisDrv.sys
[2015.03.11 12:54:42 | 000,044,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdBoot.sys
[2015.03.11 12:54:41 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winshfhc.dll
[2015.03.11 12:54:40 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winshfhc.dll
[2015.03.11 12:54:14 | 000,723,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SHCore.dll
[2015.03.11 12:54:14 | 000,560,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SHCore.dll
[2015.03.11 12:54:10 | 003,097,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msftedit.dll
[2015.03.11 12:54:10 | 002,484,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msftedit.dll
[2015.03.11 12:54:10 | 000,358,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2015.03.11 12:54:10 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\photowiz.dll
[2015.03.11 12:54:10 | 000,301,056 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2015.03.11 12:54:10 | 000,290,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\photowiz.dll
[2015.03.11 12:54:10 | 000,044,032 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2015.03.11 12:54:10 | 000,035,840 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2015.03.11 12:54:09 | 002,257,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dwmcore.dll
[2015.03.11 12:54:09 | 001,943,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dwmcore.dll
[2015.03.11 12:54:09 | 001,091,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2015.03.11 12:54:09 | 000,864,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2015.03.11 12:54:08 | 004,298,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_47.dll
[2015.03.11 12:54:08 | 003,551,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_47.dll
[2015.03.11 12:54:08 | 001,488,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42u.dll
[2015.03.11 12:54:08 | 001,464,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42.dll
[2015.03.11 12:54:08 | 001,230,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll
[2015.03.11 12:54:08 | 001,204,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll
[2015.03.11 12:54:08 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\atlthunk.dll
[2015.03.11 12:54:07 | 002,773,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2015.03.11 12:54:07 | 002,459,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2015.03.11 12:54:07 | 000,971,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSShared.dll
[2015.03.11 12:54:07 | 000,811,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSShared.dll
[2015.03.11 12:54:07 | 000,274,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.ApplicationModel.Store.TestingFramework.dll
[2015.03.11 12:54:07 | 000,210,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
[2015.03.11 12:54:07 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\StorageContextHandler.dll
[2015.03.11 12:54:07 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\StorageContextHandler.dll
[2015.03.11 12:54:06 | 007,472,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2015.03.11 12:54:06 | 001,733,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2015.03.11 12:54:01 | 003,547,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2015.03.11 12:54:01 | 000,346,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\eappcfg.dll
[2015.03.11 12:54:01 | 000,339,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\eapphost.dll
[2015.03.11 12:54:01 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\eapp3hst.dll
[2015.03.11 12:54:01 | 000,278,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\eappcfg.dll
[2015.03.11 12:54:01 | 000,266,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\eapphost.dll
[2015.03.11 12:54:01 | 000,250,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\eapp3hst.dll
[2015.03.11 12:54:01 | 000,203,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ubpm.dll
[2015.03.11 12:54:01 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
[2015.03.11 12:54:01 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\eappgnui.dll
[2015.03.11 12:54:01 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\eappgnui.dll
[2015.03.11 12:53:50 | 006,035,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2015.03.11 12:53:49 | 002,865,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\actxprxy.dll
[2015.03.11 12:53:49 | 002,125,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2015.03.11 12:53:49 | 002,052,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2015.03.11 12:53:49 | 000,816,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2015.03.11 12:53:49 | 000,814,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2015.03.11 12:53:49 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2015.03.11 12:53:49 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2015.03.11 12:53:49 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2015.03.11 12:53:49 | 000,664,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2015.03.11 12:53:49 | 000,584,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2015.03.11 12:53:49 | 000,316,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2015.03.11 12:53:49 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2015.03.11 12:53:49 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2015.03.11 12:53:49 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2015.03.11 12:53:49 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2015.03.11 12:53:49 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2015.03.11 12:53:49 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2015.03.11 12:53:47 | 002,501,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2015.03.11 12:53:47 | 002,207,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2015.03.11 12:53:47 | 001,763,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2015.03.11 12:53:47 | 001,090,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MrmCoreR.dll
[2015.03.11 12:53:47 | 000,791,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MrmCoreR.dll
[2015.03.11 12:53:47 | 000,402,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2015.03.11 12:53:47 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2015.03.11 12:53:47 | 000,046,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\LockScreenContentServer.exe
[2015.03.11 12:53:43 | 001,384,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msctf.dll
[2015.03.09 16:33:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lame For Audacity
[2015.03.09 16:25:47 | 000,000,000 | ---D | C] -- C:\Users\MC-Necro\AppData\Roaming\Audacity
[2015.03.09 16:25:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity
[2015.03.09 13:56:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Medieval Software
[2015.03.09 13:56:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Medieval Software
[2015.03.08 18:18:41 | 000,000,000 | ---D | C] -- C:\Users\MC-Necro\AppData\Roaming\DVDVideoSoft
[2015.03.07 11:50:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Steam
[2015.03.07 11:50:41 | 000,000,000 | ---D | C] -- C:\Users\MC-Necro\Documents\My Games
[2015.03.07 11:47:54 | 000,000,000 | ---D | C] -- C:\Users\MC-Necro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Black_Box
[2015.03.07 11:25:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BioShock Infinite
[2015.03.07 10:39:03 | 000,000,000 | ---D | C] -- C:\Users\MC-Necro\AppData\Roaming\vlc
[2015.03.07 10:32:09 | 000,030,352 | ---- | C] (Disc Soft Ltd) -- C:\Windows\SysNative\drivers\dtlitescsibus.sys
[2015.03.07 10:32:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2015.03.07 10:32:08 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2015.03.07 10:29:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2015.03.04 21:44:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VirusTotalUploader2
[2015.03.04 21:44:49 | 000,000,000 | ---D | C] -- C:\Users\MC-Necro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirusTotal Uploader 2.2
[2015.03.04 21:44:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VirusTotal Uploader 2.2
[2015.02.28 17:23:32 | 000,000,000 | ---D | C] -- C:\Users\MC-Necro\AppData\Local\Stardock_Corporation
[2015.02.28 16:45:52 | 000,000,000 | ---D | C] -- C:\Users\MC-Necro\AppData\Local\Stardock
[2015.02.28 16:45:51 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Stardock
[2015.02.28 16:45:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stardock
[2015.02.28 16:45:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Stardock
[2015.02.28 16:22:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Stardock
[2015.02.28 15:49:44 | 000,000,000 | ---D | C] -- C:\Users\MC-Necro\AppData\Roaming\App Launcher Gadget
[2015.02.28 15:46:33 | 000,000,000 | ---D | C] -- C:\Users\MC-Necro\AppData\Local\Clipboarder
[2015.02.28 13:10:05 | 000,080,488 | ---- | C] (ArcSoft Inc.) -- C:\Windows\SysNative\MMCEDT6.exe
[2015.02.28 13:10:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft TotalMedia Theatre 6
[2015.02.28 13:09:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ArcSoft
[2015.02.27 19:39:41 | 000,000,000 | ---D | C] -- C:\Users\MC-Necro\AppData\Roaming\XMedia Recode
[2015.02.27 19:05:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
[2015.02.27 19:05:03 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID
[2015.02.27 18:42:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XMedia Recode
[2015.02.27 18:42:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\XMedia Recode
[2015.02.21 20:44:24 | 002,084,864 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\AudDesign.dll
[2015.02.21 20:44:24 | 001,986,560 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\AudFile.dll
[2015.02.21 20:44:24 | 001,212,416 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\AudioInfos.dll
[2015.02.21 20:44:24 | 000,479,232 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\AudioVisu.dll
[2015.02.21 20:44:24 | 000,458,752 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\AudPlayer.dll
[2015.02.21 20:44:24 | 000,454,656 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\AudioRecord.dll
[2015.02.21 20:44:24 | 000,417,792 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\AudDisplay.dll
[2015.02.21 20:44:24 | 000,348,160 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\WMAFile.dll
[2015.02.21 20:44:24 | 000,224,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\TABCTL32.OCX
[2015.02.21 20:44:24 | 000,164,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\COMCT232.OCX
[2015.02.21 20:44:24 | 000,119,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VB6FR.DLL
[2015.02.21 20:44:24 | 000,115,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msinet.OCX
[2015.02.21 20:44:24 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VB6STKIT.DLL
[2015.02.21 20:44:24 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetfr.DLL
[2015.02.21 20:44:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Audio Pack
[2015.02.21 20:44:23 | 001,081,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mscomctl.ocx
[2015.02.21 20:44:23 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFC71.dll
[2015.02.21 20:44:23 | 000,662,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCOMCT2.OCX
[2015.02.21 20:44:23 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr70.dll
[2015.02.21 20:44:23 | 000,152,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\COMDLG32.OCX
[2015.02.21 20:44:23 | 000,141,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCMCFR.DLL
[2015.02.21 20:44:23 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Mscc2fr.dll
[2015.02.21 20:44:23 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CMDLGFR.DLL
[2015.02.21 20:44:23 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\TABCTFR.DLL
[2015.02.21 20:44:23 | 000,000,000 | ---D | C] -- C:\Users\MC-Necro\AppData\Roaming\FreeAudioPack
[2015.02.21 20:44:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free mp3 Wma Converter
[2015.02.21 10:38:07 | 000,000,000 | ---D | C] -- C:\Users\MC-Necro\AppData\Roaming\Rename Expert
[2015.02.21 10:37:40 | 006,441,984 | ---- | C] (Debenu Pty Ltd) -- C:\Windows\SysWow64\DebenuPDFLibraryLite1011.dll
[2015.02.21 10:37:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rename Expert
[2015.02.21 10:37:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rename Expert
[2015.02.14 21:22:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2015.03.16 16:06:09 | 001,780,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2015.03.16 16:06:09 | 000,765,378 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2015.03.16 16:06:09 | 000,723,316 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2015.03.16 16:06:09 | 000,159,696 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2015.03.16 16:06:09 | 000,135,930 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2015.03.16 16:02:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015.03.16 16:00:13 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2015.03.16 16:00:08 | 016,777,216 | -HS- | M] () -- C:\swapfile.sys
[2015.03.16 15:18:38 | 000,001,130 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2015.03.16 15:16:27 | 000,001,134 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2015.03.15 21:44:21 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2015.03.15 20:53:42 | 000,000,004 | ---- | M] () -- C:\Windows\SysWow64\029B560A371F4E00AB32838EBC01B9E7
[2015.03.15 20:45:48 | 000,000,080 | ---- | M] () -- C:\Users\MC-Necro\AppData\Local\recently-fix.db
[2015.03.15 16:51:53 | 000,226,680 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2015.03.15 16:51:47 | 000,214,392 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2015.03.13 12:57:27 | 000,338,160 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2015.03.12 19:35:04 | 000,098,216 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2015.03.09 22:30:14 | 000,005,487 | ---- | M] () -- C:\Users\MC-Necro\AppData\Roaming\XRNF
[2015.03.09 22:30:14 | 000,005,487 | ---- | M] () -- C:\Users\MC-Necro\AppData\Roaming\DNDQ
[2015.03.09 15:19:05 | 000,271,256 | ---- | M] () -- C:\Users\MC-Necro\Desktop\Hübsch.jpg
[2015.03.07 11:47:54 | 000,001,508 | ---- | M] () -- C:\Users\MC-Necro\Desktop\BioShock Infinite.lnk
[2015.03.07 10:32:09 | 000,030,352 | ---- | M] (Disc Soft Ltd) -- C:\Windows\SysNative\drivers\dtlitescsibus.sys
[2015.03.04 22:24:42 | 000,792,032 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2015.03.04 22:24:42 | 000,178,144 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2015.02.28 15:55:53 | 000,000,119 | ---- | M] () -- C:\Users\MC-Necro\AppData\Roaming\System Monitor II_UptimeRecord.ini
[2015.02.28 14:17:34 | 000,000,460 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2015.02.28 13:10:05 | 000,002,426 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TotalMedia Server.lnk
[2015.02.27 19:03:20 | 000,007,597 | ---- | M] () -- C:\Users\MC-Necro\AppData\Local\Resmon.ResmonCfg
[2015.02.25 09:25:02 | 000,041,784 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\TURegOpt.exe
[2015.02.25 09:24:52 | 000,030,520 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\authuitu.dll
[2015.02.25 09:24:52 | 000,025,912 | ---- | M] (AVG Technologies) -- C:\Windows\SysWow64\authuitu.dll
[2015.02.21 01:27:45 | 000,128,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2015.02.21 00:58:53 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2015.02.21 00:32:48 | 000,076,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2015.02.20 04:03:49 | 000,358,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2015.02.20 03:58:26 | 000,044,032 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2015.02.20 03:49:19 | 000,584,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2015.02.20 03:47:56 | 000,088,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2015.02.20 03:35:01 | 000,816,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2015.02.20 03:34:24 | 000,814,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2015.02.20 03:32:34 | 006,035,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2015.02.20 03:20:15 | 000,301,056 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2015.02.20 03:15:32 | 000,035,840 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2015.02.20 03:07:24 | 000,145,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2015.02.20 03:06:44 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2015.02.20 03:05:05 | 000,316,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2015.02.20 02:56:47 | 000,664,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2015.02.20 02:49:28 | 000,801,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2015.02.20 02:46:45 | 002,125,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2015.02.20 02:29:00 | 002,865,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\actxprxy.dll
[2015.02.20 02:24:21 | 002,052,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2015.02.20 02:03:34 | 000,800,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2015.02.20 01:55:38 | 000,710,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2015.03.16 15:16:27 | 000,001,134 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2015.03.15 23:10:39 | 000,002,249 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2015.lnk
[2015.03.15 21:44:21 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2015.03.15 20:53:42 | 000,000,004 | ---- | C] () -- C:\Windows\SysWow64\029B560A371F4E00AB32838EBC01B9E7
[2015.03.15 20:45:48 | 000,000,080 | ---- | C] () -- C:\Users\MC-Necro\AppData\Local\recently-fix.db
[2015.03.11 12:54:15 | 000,396,419 | ---- | C] () -- C:\Windows\SysNative\ApnDatabase.xml
[2015.03.09 22:30:14 | 000,005,487 | ---- | C] () -- C:\Users\MC-Necro\AppData\Roaming\XRNF
[2015.03.09 22:30:14 | 000,005,487 | ---- | C] () -- C:\Users\MC-Necro\AppData\Roaming\DNDQ
[2015.03.09 16:25:45 | 000,001,051 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
[2015.03.09 15:19:05 | 000,271,256 | ---- | C] () -- C:\Users\MC-Necro\Desktop\Hübsch.jpg
[2015.03.08 12:00:38 | 000,338,160 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2015.03.07 11:47:54 | 000,001,508 | ---- | C] () -- C:\Users\MC-Necro\Desktop\BioShock Infinite.lnk
[2015.02.28 15:55:53 | 000,000,119 | ---- | C] () -- C:\Users\MC-Necro\AppData\Roaming\System Monitor II_UptimeRecord.ini
[2015.02.28 14:17:34 | 000,000,460 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2015.02.28 13:10:30 | 016,777,216 | -HS- | C] () -- C:\swapfile.sys
[2015.02.28 13:10:06 | 000,002,158 | ---- | C] () -- C:\Windows\SysNative\drivers\win81Logo.inf
[2015.02.28 13:10:05 | 003,315,392 | ---- | C] () -- C:\Windows\SysNative\drivers\ArcCtrl.sys
[2015.02.28 13:10:05 | 000,009,883 | ---- | C] () -- C:\Windows\SysNative\drivers\win81_64logo.cat
[2015.02.28 13:10:05 | 000,002,426 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TotalMedia Server.lnk
[2015.02.21 20:44:24 | 000,116,296 | ---- | C] () -- C:\Windows\SysWow64\NCTWMAProfiles.prx
[2015.02.21 20:44:23 | 000,484,352 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2015.02.13 16:40:42 | 000,000,290 | ---- | C] () -- C:\Users\MC-Necro\AppData\Local\4C9D2FA9_stp.CIS.part
[2015.02.13 16:40:41 | 000,118,724 | ---- | C] () -- C:\Users\MC-Necro\AppData\Local\4C9D2FA9_stp.CIS
[2015.02.13 16:40:34 | 000,000,234 | ---- | C] () -- C:\Users\MC-Necro\AppData\Local\024F379A_stp.CIS.part
[2015.02.13 16:40:33 | 000,197,360 | ---- | C] () -- C:\Users\MC-Necro\AppData\Local\024F379A_stp.CIS
[2015.01.25 17:12:14 | 000,001,248 | ---- | C] () -- C:\Users\MC-Necro\AppData\Roaming\CZWL
[2015.01.10 11:14:41 | 000,107,008 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2015.01.10 11:14:38 | 000,046,080 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2015.01.09 20:34:58 | 000,226,680 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2015.01.09 20:34:57 | 000,076,152 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2015.01.09 18:17:43 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2015.01.09 18:07:25 | 001,804,472 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2015.01.09 18:06:26 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2015.01.09 18:00:29 | 000,207,400 | R--- | C] () -- C:\Windows\GSetup.exe
[2015.01.09 18:00:29 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2015.01.09 17:55:41 | 000,004,608 | ---- | C] () -- C:\Windows\SECOH-QAD.exe
[2015.01.09 17:55:41 | 000,003,584 | ---- | C] () -- C:\Windows\SECOH-QAD.dll
[2015.01.09 12:48:16 | 000,007,597 | ---- | C] () -- C:\Users\MC-Necro\AppData\Local\Resmon.ResmonCfg
[2014.11.21 03:25:30 | 000,123,392 | ---- | C] () -- C:\Windows\SysWow64\amdhdl32.dll
[2014.11.20 21:35:00 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2014.10.03 17:36:30 | 000,186,368 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2014.10.03 17:36:28 | 016,810,624 | ---- | C] () -- C:\Windows\SysWow64\igd11dxva32.dll
[2014.07.21 22:04:58 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2014.07.21 22:04:58 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2014.07.21 22:04:46 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2014.07.21 22:04:04 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe
[2014.07.21 22:04:04 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe
[2014.03.18 11:13:02 | 000,002,255 | ---- | C] () -- C:\Windows\SysWow64\WimBootCompress.ini
[2013.08.22 16:36:43 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2013.08.22 16:36:42 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2013.08.22 15:46:23 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2013.08.22 08:01:23 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2013.08.22 00:55:20 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2013.08.22 00:52:39 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
 
========== ZeroAccess Check ==========
 
[2015.01.09 18:30:32 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2015.02.12 18:40:58 | 022,291,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2015.02.12 18:34:06 | 019,731,824 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2014.10.29 02:19:43 | 001,013,760 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2014.10.29 01:59:23 | 000,786,944 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2014.10.29 02:16:01 | 000,512,512 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2015.03.15 20:47:42 | 000,000,000 | ---D | M] -- C:\Users\MC-Necro\AppData\Roaming\03D40274-1426448862-05BB-1406-590700080009
[2015.03.15 21:16:21 | 000,000,000 | ---D | M] -- C:\Users\MC-Necro\AppData\Roaming\7eTwD7u
[2015.01.09 19:38:22 | 000,000,000 | ---D | M] -- C:\Users\MC-Necro\AppData\Roaming\Abelssoft
[2015.01.10 10:45:56 | 000,000,000 | ---D | M] -- C:\Users\MC-Necro\AppData\Roaming\AMD
[2015.02.28 15:52:56 | 000,000,000 | ---D | M] -- C:\Users\MC-Necro\AppData\Roaming\App Launcher Gadget
[2015.03.14 21:16:24 | 000,000,000 | ---D | M] -- C:\Users\MC-Necro\AppData\Roaming\Audacity
[2015.01.09 19:42:12 | 000,000,000 | ---D | M] -- C:\Users\MC-Necro\AppData\Roaming\AVG
[2015.03.07 11:22:15 | 000,000,000 | ---D | M] -- C:\Users\MC-Necro\AppData\Roaming\DAEMON Tools Lite
[2015.03.14 21:00:16 | 000,000,000 | ---D | M] -- C:\Users\MC-Necro\AppData\Roaming\DVDVideoSoft
[2015.01.09 19:10:39 | 000,000,000 | ---D | M] -- C:\Users\MC-Necro\AppData\Roaming\ESET
[2015.02.21 20:44:23 | 000,000,000 | ---D | M] -- C:\Users\MC-Necro\AppData\Roaming\FreeAudioPack
[2015.02.04 16:11:53 | 000,000,000 | ---D | M] -- C:\Users\MC-Necro\AppData\Roaming\ImgBurn
[2015.01.09 18:23:27 | 000,000,000 | ---D | M] -- C:\Users\MC-Necro\AppData\Roaming\IObit
[2015.03.15 21:16:21 | 000,000,000 | ---D | M] -- C:\Users\MC-Necro\AppData\Roaming\lz5X1XA
[2015.01.08 21:03:37 | 000,000,000 | ---D | M] -- C:\Users\MC-Necro\AppData\Roaming\Origin
[2015.03.15 21:16:21 | 000,000,000 | ---D | M] -- C:\Users\MC-Necro\AppData\Roaming\oVy5zhI
[2015.02.21 10:38:07 | 000,000,000 | ---D | M] -- C:\Users\MC-Necro\AppData\Roaming\Rename Expert
[2015.01.09 18:57:09 | 000,000,000 | ---D | M] -- C:\Users\MC-Necro\AppData\Roaming\Samsung
[2015.02.27 19:39:41 | 000,000,000 | ---D | M] -- C:\Users\MC-Necro\AppData\Roaming\XMedia Recode
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---

ExtrasOTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 16.03.2015 16:10:02 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = D:\
64bit- Professional  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17690)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,90 Gb Total Physical Memory | 6,49 Gb Available Physical Memory | 82,16% Memory free
8,09 Gb Paging File | 6,61 Gb Available in Paging File | 81,65% Paging File free
Paging file location(s): c:\pagefile.sys 200 1024 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,79 Gb Total Space | 16,43 Gb Free Space | 14,70% Space Free | Partition Type: NTFS
Drive D: | 465,66 Gb Total Space | 450,55 Gb Free Space | 96,75% Space Free | Partition Type: NTFS
 
Computer Name: NECRO | User Name: MC-Necro | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3114231556-3272972307-1787784662-1004\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = AC 1C AE C5 46 9F CE 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" =  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0277605E-AED8-46AA-85A3-70C79C5676B3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{161E68B2-2457-45F8-A8A1-345AF9067847}" = rport=27000 | protocol=6 | dir=out | name=theforestunlockport | 
"{28CEC358-F766-43AA-B626-A3670029F13C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3C57BF24-1173-4033-8CB7-AFB24A8EFAAE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3FDD967D-2C8F-47D1-B37F-C58B26A0D071}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | 
"{6659D1ED-AA31-4471-9ADE-00E6089F43CB}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{6D3F5BA9-981A-4DFF-BF7A-8CE810EC3B79}" = lport=1688 | protocol=6 | dir=in | name=kms emulator port | 
"{7710C7D8-76FA-4715-9216-3CD2466F28E2}" = lport=27015 | protocol=6 | dir=in | name=garrysmodunlockedport | 
"{7ACCF0A4-EB9E-4478-9D7B-E3E12958C75C}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{7EA61F90-7620-440C-8E06-04F64171A4EB}" = rport=27015 | protocol=6 | dir=out | name=garrysmodunlockedport | 
"{86DB5451-14AA-47F3-AA5F-65E321C9C56D}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{878074FC-6C68-42ED-839D-27AAF264E82C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C16F00C7-7DE3-403F-A94E-F689A64567BB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F38B6BE5-5A00-49EE-AD11-EDD3C30D8B4E}" = lport=27000 | protocol=6 | dir=in | name=theforestunlockport | 
"{FDDCCC72-0F38-4D57-B59A-243E5C4F76D6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{088B47AB-5503-497C-922D-7A5900E5E3D2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{1024AA11-C11A-4AF2-93FE-C2A06D5E4939}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{111CA0A9-31A0-4DBB-BBFA-55BEBC6C49A8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1290B03A-08F8-4BEC-B78E-74871B23FAF8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{12B01FB9-7833-4A3D-BCEF-E9DA2440602C}" = dir=out | name=@{microsoft.bingnews_3.0.2.233_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/brandedapptitle} | 
"{136EBEB1-1452-4A08-B4BF-7DB97E579980}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{1ACC5C54-53D4-42AB-BE3A-EFE9B7D2D241}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{1B7B4B6A-6B15-43BD-A787-AC2213573BA4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1C06427B-3322-42B8-920F-FC5591F658D4}" = dir=out | name=@{microsoft.zunemusic_2.2.705.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} | 
"{22BD07E5-86C9-45F5-ADC3-0A0FFB5F71D7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{252C53DA-F233-46D3-B947-012EBC8AF49D}" = dir=out | name=windows_ie_ac_001 | 
"{294E46EC-C695-45D3-9214-D6BC71B2A612}" = dir=out | name=@{microsoft.binghealthandfitness_3.0.2.233_x64__8wekyb3d8bbwe?ms-resource://microsoft.binghealthandfitness/resources/apptitle} | 
"{2F4B92DF-D3C3-4B69-A308-5A8EF322F1B8}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 
"{361F6240-A103-4813-A178-47BEA4B5647F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{36895411-55D3-4766-89E3-256AAEF61942}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{381C11D7-F975-4CE2-9785-3F3C2A8C6D25}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 4\bf4.exe | 
"{38E74A3E-B785-458A-8BD8-4F5267EB38BA}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 4\bf4_x86.exe | 
"{3C2D4BF0-86D6-434D-B250-B8D0D3CE7744}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 4\bf4.exe | 
"{3C83B618-E566-4EAA-8002-97828F793DF4}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 4\bf4.exe | 
"{3D80B395-4A61-4E3F-894F-C5BE17297F3E}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{409B5FB6-D455-4F3C-AC9C-88DB330462E7}" = dir=out | name=@{microsoft.bingsports_3.0.2.233_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/brandedapptitle} | 
"{41E40A22-0D84-4DD5-9878-BBA934F249BD}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 
"{4282FE99-8560-4BC7-9576-5F3ED84E263F}" = dir=in | name=checkpoint.vpn | 
"{53FF68D6-C598-46F8-86B1-8CF03E55C7E4}" = protocol=6 | dir=out | app=system | 
"{5438D2DB-CCEF-4D21-B235-C0CAD63C4567}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 
"{548DCF8C-BFF2-4BA4-AA88-FBAF9AC8BCC6}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{54E90E93-5503-4826-A69D-472BA44026BA}" = dir=out | name=@{microsoft.bingtravel_3.0.2.233_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/brandedapptitle} | 
"{55E1B5A1-7E51-44DF-A578-8698E813E138}" = dir=in | name=@{microsoft.windowsreadinglist_6.3.9654.20349_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} | 
"{560448D6-095C-4907-B046-AC7F710701A7}" = dir=in | name=sonicwall.mobileconnect | 
"{58D90B63-0115-4C3D-AC14-6C2D14619E14}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{5A26885D-E389-414C-8138-AFE98FB85617}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 
"{5A851E45-49C2-4444-8D1A-3D54CA17C89C}" = dir=out | name=@{microsoft.bingfinance_3.0.2.234_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/brandedapptitle} | 
"{5F4632C0-D5B1-40C3-B0D9-E3A759C81B9E}" = dir=out | name=sonicwall.mobileconnect | 
"{63DA6731-D415-4DBD-9805-F653B5E818CE}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{65B4F8AC-4945-4C82-A622-EDBA406AD40B}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 4\bf4_x86.exe | 
"{67BA14E5-123E-4400-9BE2-05902F81DD15}" = dir=in | name=onenote | 
"{74F9C710-3A3E-43D4-AF80-009BD1B3118F}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{754A93B5-2DAE-4CDF-B0C4-04E8CC0EEAC3}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | 
"{758EA4A8-F53F-48F5-870C-A0E9D08C8DD9}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 4\bf4.exe | 
"{7C841C5F-F8E9-45C7-8851-D58D28C25750}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{7EBCE277-2E46-4940-81B2-60F28D3563A0}" = dir=out | name=onenote | 
"{82E40E86-443A-4A02-B3C5-75B8362760EF}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 4\bf4_x86.exe | 
"{8BC8C3C6-0FD6-4A1A-B091-21325E2C12C3}" = dir=out | name=@{microsoft.bingweather_3.0.2.233_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | 
"{95CAA85C-DD55-4C22-9573-65105B8A155B}" = protocol=17 | dir=in | app=c:\program files\kmspico\service_kms.exe | 
"{96AF78DF-816E-4E36-AFD8-92BD4E489019}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{9D203CB9-54FF-459D-9A41-F886862029C6}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{9D624963-25E0-41AF-AE03-D8C8A8AE1083}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{9E3D57FC-7C37-4424-9352-4831E97D029D}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{A5DF2E30-EB6D-45AF-806C-838E716845CF}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{AA4CAF7E-47F7-424D-949B-138E43807DD4}" = protocol=6 | dir=in | app=c:\program files\kmspico\service_kms.exe | 
"{ABE2A200-6C43-4A5B-A487-9CE316CF684D}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 
"{B437196D-1EEC-4AE8-92A9-9D2140B6D12B}" = dir=out | name=skype | 
"{BCA5388C-EBAC-4B83-A7F1-90955214035D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{C4A194E8-80D1-407C-9028-565DD823AEEC}" = dir=out | name=windows_ie_ac_001 | 
"{CA42EF05-B6CB-4993-BF94-F4304AA822D5}" = dir=out | name=@{microsoft.windowsreadinglist_6.3.9654.20349_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} | 
"{CC646C2A-A530-43F3-B19D-DBE90C682560}" = dir=out | name=@{microsoft.bingmaps_2.0.2530.2317_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | 
"{D5ECB9A6-CAD5-4C81-A4A9-F3B51BE39998}" = protocol=58 | dir=in | app=system | 
"{D6980480-941A-4DF6-AB81-3734ECD3D779}" = dir=out | name=junipernetworks.junospulsevpn | 
"{D6B57275-7717-4321-BE9C-6B3F074D6F3D}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{D76EB107-C16A-4E68-BC7A-F1382F08FE0C}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{D85CA9A3-62D9-45B3-B368-370AC1D89A2C}" = dir=out | name=@{microsoft.xboxlivegames_2.0.139.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | 
"{DB59588E-ED90-4C47-A7B5-7929DD0C0BD2}" = dir=out | name=checkpoint.vpn | 
"{DDCA365C-1321-4E14-B6CA-A4BA0E883506}" = dir=in | name=skype | 
"{DF3973E2-CFB5-4A1A-8398-B685BA9E6196}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{E403890D-1355-4394-9120-61BC860C410E}" = dir=out | name=@{microsoft.zunevideo_2.2.705.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} | 
"{EC799E33-72BA-42D7-9127-DEFE68F9799D}" = dir=in | name=junipernetworks.junospulsevpn | 
"{EF6BD61D-A00A-4575-B6FE-1F400F1988CF}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 
"{F64300AD-D559-4000-BD45-0997BCC8E70A}" = dir=out | name=f5.vpn.client | 
"{F77E5446-4378-4E99-8B7A-7061AAAEA193}" = dir=in | name=f5.vpn.client | 
"{F78A42BF-FD4A-472B-957A-CFB62721C4AB}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 4\bf4_x86.exe | 
"{F833EF53-2F1F-4ED6-8991-A4586097FEC7}" = dir=out | name=@{microsoft.bingfoodanddrink_3.0.2.229_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfoodanddrink/resources/apptitlewithbranding} | 
"{FC5C4028-1630-47B8-93BA-77F8436A9F46}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"TCP Query User{99EFA947-C485-43D3-922C-C8A6B8499A77}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"UDP Query User{87B80F33-F8FD-419B-A925-EED3D08469F2}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1CEAC85D-2590-4760-800F-8DE5E91F3700}" = Intel(R) Management Engine Components
"{1D1CB210-D05E-5BF4-F998-2B1903EE4323}" = AMD Accelerated Video Transcoding
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86418031F0}" = Java 8 Update 31 (64-bit)
"{2EDC2FA3-1F34-34E5-9085-588C9EFD1CC6}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
"{3DE97849-544D-4D68-9255-11DF6F9F10D8}" = Intel® Trusted Connect Service Client
"{409CB30E-E457-4008-9B1A-ED1B9EA21140}" = Intel(R) Rapid Storage Technology
"{4B3EF5E6-9A2C-0A1B-C61C-B1FD444B84BC}" = ccc-utility64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 3.1.2
"{75F06437-40F4-4A65-BC65-FC194D6B7EBA}" = ESET Smart Security
"{764384C5-BCA9-307C-9AAC-FD443662686A}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1" = KMSpico
"{B7CC660E-F31D-490C-BD2A-2CB2EC5A5E3A}" = Intel(R) Chipset Device Software
"{B9C27F57-AB84-425F-9D00-E18C5D65C18D}" = Intel(R) Rapid Storage Technology
"{D4FC649C-0247-4873-930D-D9E6904DCAF5}" = Intel(R) Management Engine Components
"{E1CBE9A2-1323-488E-9F3B-736DF6399F38}" = Intel(R) Management Engine Components
"{E7ACB435-E0B4-4770-77DE-ED38887CD133}" = AMD Fuel
"{F2A7CE36-57BF-5C86-952D-90DBF3746D82}" = AMD Catalyst Install Manager
"DAEMON Tools Lite" = DAEMON Tools Lite
"jdownloader2" = JDownloader 2
"Start8_is1" = Stardock Start8
"Unlocker" = Unlocker 1.9.2
"VLC media player" = VLC media player
"WinRAR archiver" = WinRAR 5.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{070232F8-068B-1FF6-B5C4-F8F38E09C7E1}" = CCC Help Turkish
"{089F13E8-FE1E-9E10-8394-59EB3144C5EA}" = Catalyst Control Center Graphics Previews Common
"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{104DE091-6C4F-C5A9-F619-5D6C965A0296}" = CCC Help Chinese Traditional
"{11087D24-567D-7D88-69C6-D7A08B5F4C47}" = Catalyst Control Center - Branding
"{16D24066-E53C-9C3E-21BB-8E16BF0BF1B2}" = CCC Help Dutch
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{24784631-F22D-9570-2C7D-C893CFA0815E}" = CCC Help Swedish
"{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}" = Skype™ 7.0
"{25A3B953-1423-3F15-640E-B620DD0F419A}" = Catalyst Control Center - Branding
"{26A24AE4-039D-4CA4-87B4-2F83218040F0}" = Java 8 Update 40
"{285C9F30-3BF8-697B-BD1D-353435E94B78}" = CCC Help Hungarian
"{29967A7C-6E18-91CD-BBE4-9C09F401E950}" = CCC Help Italian
"{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1" = Samsung Magician
"{2B656071-B4F5-5EED-1CEA-8357D5D89756}" = CCC Help Thai
"{2F82B501-6358-476E-A9AC-A6DABD2E52F9}" = BioShock Infinite
"{316F6900-121C-EAE3-06B5-6D033DAD6B46}" = CCC Help Hungarian
"{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
"{3D312F2B-705E-4367-0E43-637742582226}" = CCC Help Chinese Traditional
"{40AF58D5-D86D-8D3C-5D39-882C8ABB6249}" = CCC Help Japanese
"{47B9191A-C6F9-463F-7651-8C915A56CCA7}" = CCC Help Norwegian
"{491B10A8-E797-6E1A-E8F0-CC5ED4A697BF}" = CCC Help Czech
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F34C608-AC66-DBD9-02B3-07F2A3714AB0}" = CCC Help Danish
"{5232358C-7C23-4319-8271-E43F924196AC}" = ArcSoft TotalMedia Theatre 6
"{523885CC-D186-A675-CE46-C02D13CD285A}" = CCC Help German
"{54D05374-2428-7BE0-58CD-CE8031163DE6}" = CCC Help Russian
"{5993537E-0B1C-2656-DE59-3B52AACCA4C8}" = CCC Help French
"{5C6AFE98-08BF-086A-300D-18F77D284966}" = CCC Help Swedish
"{5C757800-27E8-2AE3-889A-8B959AE689F8}" = CCC Help Japanese
"{5D2B5E19-C333-4519-3D32-AAB8EEE9ACA4}" = AMD Catalyst Control Center
"{5D3EC645-B957-36A1-068A-FE8450963669}" = CCC Help Spanish
"{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{61B90A4D-8CC9-2FED-2495-AC8C9467C984}" = CCC Help Norwegian
"{6BC24106-5BED-9E52-E484-1CD9CB444DD0}" = CCC Help English
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7410FDD9-8CFF-04DB-E8DC-66BA97935C0C}" = CCC Help Polish
"{78BE8723-7889-33EB-46C5-E068E4A9A754}" = CCC Help Russian
"{7C5B13DA-6A68-86C7-ED29-610CA0F49555}" = CCC Help French
"{80680785-2EE1-053F-9CD3-4B2C904596EE}" = Catalyst Control Center InstallProxy
"{85FC260B-5951-4278-95BF-E8F40802E49E}" = AVG PC TuneUp 2015 (de-DE)
"{88547073-C566-4895-9005-EBE98EA3F7C7}" = Samsung Kies3
"{8DCCC556-265B-478A-8B32-C12DA988BA74}" = BlueStacks Notification Center
"{95B8F519-8C35-9010-A63C-51B3E0EE8D4E}" = CCC Help Dutch
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DC1BBD7-B625-7B3F-DC5B-519A17E5A509}" = CCC Help Greek
"{a1909659-0a08-4554-8af1-2175904903a1}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
"{A3806AB7-AB46-7672-A825-F9AE0DE6910A}" = CCC Help Finnish
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A996C182-3724-4DF1-A4BC-66154FE57DFE}" = AVG PC TuneUp 2015
"{ABADE36E-EC37-413B-8179-B432AD3FACE7}" = Battlefield 4™
"{AC76BA86-0804-1033-1959-001802114130}" = Adobe Refresh Manager
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.10) - Deutsch
"{B079957C-3276-4B9F-DB08-D1CA8C090D9E}" = CCC Help Greek
"{B12BE177-DC00-5746-3AB9-91CD090AF555}" = Catalyst Control Center Localization All
"{B175520C-86A2-35A7-8619-86DC379688B9}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
"{B96D2269-568B-4CBF-9332-12FAE8B158F7}" = Medieval CUE Splitter
"{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
"{BE862892-0337-B30D-A2A3-9296BA9E2B4D}" = Catalyst Control Center Localization All
"{BF5509A0-250A-25EA-0C19-61505E9EBA13}" = CCC Help Chinese Standard
"{C4401B9F-F462-44F3-B96E-390AF4DC0EE6}_is1" = Rename Expert 5.6.0
"{C4EE2BA3-EEA5-9650-86E0-0405ECA5C22C}" = CCC Help Thai
"{C69EA753-0D3F-E48B-8C98-7F6310DC29B8}" = CCC Help German
"{D0E4CC40-2731-4737-F184-E422D113EE1D}" = CCC Help Italian
"{DDA3C325-47B2-4730-9672-BF3771C08799}_is1" = XMedia Recode Version 3.2.1.7
"{E1E6EEEA-F7CF-1AD4-F404-7EFA1E5E8365}" = CCC Help Portuguese
"{e48a2f61-851a-4155-82f9-af1b04db8c3b}" = Intel® Chipsatz-Gerätesoftware
"{E70BF0B0-1AD5-E7B7-6448-B66F20E76701}" = CCC Help Korean
"{EB766D4A-C56C-946D-F74D-43C78FE4521E}" = CCC Help Korean
"{EBE23E56-BA76-02E9-1C6A-8D9043C7E887}" = CCC Help Finnish
"{ED0D7699-1943-0C29-7465-6530F8DE2DA2}" = CCC Help Polish
"{EDA5BB56-AAF4-6889-AD8E-E25A17BD140B}" = CCC Help Czech
"{EE6909C4-C751-7C0D-B295-90CD93E68817}" = CCC Help Turkish
"{EEF14371-2D24-5A2D-0EF2-22010DB4CFA6}" = CCC Help Danish
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4F3CB7B-2F62-F6EF-07EA-81143A463B31}" = CCC Help Chinese Standard
"{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}" = Realtek Ethernet Controller All-In-One Windows Driver
"{F825EA58-D723-06A1-4F5F-620934DA66AB}" = CCC Help Spanish
"{FDD69799-37B2-9ACE-F70C-ABD1F96FD04C}" = CCC Help Portuguese
"{FDF2FE33-426D-45C2-4E70-76C162F1B790}" = CCC Help English
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Shockwave Player" = Adobe Shockwave Player 12.1
"AIDA64 Extreme_is1" = AIDA64 Extreme v5.00
"Audacity_is1" = Audacity 2.0.6
"AVG PC TuneUp" = AVG PC TuneUp 2015
"Battlelog Web Plugins" = Battlelog Web Plugins
"BlueStacks App Player" = BlueStacks App Player
"CHIP Updater_is1" = CHIP Updater
"Driver Booster_is1" = Driver Booster 2.1
"ESN Sonar-0.70.4" = ESN Sonar
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 2.2
"Google Chrome" = Google Chrome
"ImgBurn" = ImgBurn
"InstallShield_{5232358C-7C23-4319-8271-E43F924196AC}" = ArcSoft TotalMedia Theatre 6
"InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}" = Samsung Kies3
"LAME_is1" = LAME v3.99.3 (for Windows)
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware Version 2.0.4.1028
"Origin" = Origin
"RTSS" = RivaTuner Statistics Server 6.3.0
"VTUploader" = VirusTotal Uploader 2.2
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3114231556-3272972307-1787784662-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 15.03.2015 18:06:38 | Computer Name = Necro | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
 "System Writer".  Details: AddLegacyDriverFiles: Unable to back up image of binary
 Microsoft-Verbindungsschichterkennungsprotokoll.  System Error: Zugriff verweigert
.
 
Error - 15.03.2015 18:07:15 | Computer Name = Necro | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
 "System Writer".  Details: AddLegacyDriverFiles: Unable to back up image of binary
 Microsoft-Verbindungsschichterkennungsprotokoll.  System Error: Zugriff verweigert
.
 
Error - 15.03.2015 18:10:02 | Computer Name = Necro | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
 "System Writer".  Details: AddLegacyDriverFiles: Unable to back up image of binary
 Microsoft-Verbindungsschichterkennungsprotokoll.  System Error: Zugriff verweigert
.
 
Error - 15.03.2015 18:15:45 | Computer Name = Necro | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: igfxCUIService.exe, Version: 6.15.10.3960,
 Zeitstempel: 0x54299ab0  Name des fehlerhaften Moduls: igfxCUIService.exe, Version:
 6.15.10.3960, Zeitstempel: 0x54299ab0  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000000000017719
ID
 des fehlerhaften Prozesses: 0x20c  Startzeit der fehlerhaften Anwendung: 0x01d05f6d927984c2
Pfad
 der fehlerhaften Anwendung: C:\Windows\system32\igfxCUIService.exe  Pfad des fehlerhaften
 Moduls: C:\Windows\system32\igfxCUIService.exe  Berichtskennung: d2c183c4-cb60-11e4-82de-74d435bb1459
Vollständiger
 Name des fehlerhaften Pakets:   Anwendungs-ID, die relativ zum fehlerhaften Paket
 ist: 
 
Error - 16.03.2015 10:11:51 | Computer Name = Necro | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: igfxCUIService.exe, Version: 6.15.10.3960,
 Zeitstempel: 0x54299ab0  Name des fehlerhaften Moduls: igfxCUIService.exe, Version:
 6.15.10.3960, Zeitstempel: 0x54299ab0  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000000000017719
ID
 des fehlerhaften Prozesses: 0x210  Startzeit der fehlerhaften Anwendung: 0x01d05ff322b00179
Pfad
 der fehlerhaften Anwendung: C:\Windows\system32\igfxCUIService.exe  Pfad des fehlerhaften
 Moduls: C:\Windows\system32\igfxCUIService.exe  Berichtskennung: 63be54ae-cbe6-11e4-82df-74d435bb1459
Vollständiger
 Name des fehlerhaften Pakets:   Anwendungs-ID, die relativ zum fehlerhaften Paket
 ist: 
 
Error - 16.03.2015 10:22:00 | Computer Name = Necro | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: igfxCUIService.exe, Version: 6.15.10.3960,
 Zeitstempel: 0x54299ab0  Name des fehlerhaften Moduls: igfxCUIService.exe, Version:
 6.15.10.3960, Zeitstempel: 0x54299ab0  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000000000017719
ID
 des fehlerhaften Prozesses: 0x214  Startzeit der fehlerhaften Anwendung: 0x01d05ff48c4c921c
Pfad
 der fehlerhaften Anwendung: C:\Windows\system32\igfxCUIService.exe  Pfad des fehlerhaften
 Moduls: C:\Windows\system32\igfxCUIService.exe  Berichtskennung: cee82fd0-cbe7-11e4-82e0-74d435bb1459
Vollständiger
 Name des fehlerhaften Pakets:   Anwendungs-ID, die relativ zum fehlerhaften Paket
 ist: 
 
Error - 16.03.2015 10:24:35 | Computer Name = Necro | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: igfxCUIService.exe, Version: 6.15.10.3960,
 Zeitstempel: 0x54299ab0  Name des fehlerhaften Moduls: igfxCUIService.exe, Version:
 6.15.10.3960, Zeitstempel: 0x54299ab0  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000000000017719
ID
 des fehlerhaften Prozesses: 0x1c4  Startzeit der fehlerhaften Anwendung: 0x01d05ff4e8b83ee7
Pfad
 der fehlerhaften Anwendung: C:\Windows\system32\igfxCUIService.exe  Pfad des fehlerhaften
 Moduls: C:\Windows\system32\igfxCUIService.exe  Berichtskennung: 2b0f9217-cbe8-11e4-82e1-74d435bb1459
Vollständiger
 Name des fehlerhaften Pakets:   Anwendungs-ID, die relativ zum fehlerhaften Paket
 ist: 
 
Error - 16.03.2015 10:47:52 | Computer Name = Necro | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: igfxCUIService.exe, Version: 6.15.10.3960,
 Zeitstempel: 0x54299ab0  Name des fehlerhaften Moduls: igfxCUIService.exe, Version:
 6.15.10.3960, Zeitstempel: 0x54299ab0  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000000000017719
ID
 des fehlerhaften Prozesses: 0x214  Startzeit der fehlerhaften Anwendung: 0x01d05ff829f9c65c
Pfad
 der fehlerhaften Anwendung: C:\Windows\system32\igfxCUIService.exe  Pfad des fehlerhaften
 Moduls: C:\Windows\system32\igfxCUIService.exe  Berichtskennung: 6b95f0e4-cbeb-11e4-82e3-74d435bb1459
Vollständiger
 Name des fehlerhaften Pakets:   Anwendungs-ID, die relativ zum fehlerhaften Paket
 ist: 
 
Error - 16.03.2015 11:00:12 | Computer Name = Necro | Source = BstHdAndroidSvc | ID = 0
Description = Der Dienst kann nicht gestartet werden. System.ApplicationException:
 Cannot start service.  Service did not stop gracefully the last time it was run.

   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)     bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object
 state)
 
Error - 16.03.2015 11:00:14 | Computer Name = Necro | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: igfxCUIService.exe, Version: 6.15.10.3960,
 Zeitstempel: 0x54299ab0  Name des fehlerhaften Moduls: igfxCUIService.exe, Version:
 6.15.10.3960, Zeitstempel: 0x54299ab0  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000000000017719
ID
 des fehlerhaften Prozesses: 0x214  Startzeit der fehlerhaften Anwendung: 0x01d05ff9e5732db8
Pfad
 der fehlerhaften Anwendung: C:\Windows\system32\igfxCUIService.exe  Pfad des fehlerhaften
 Moduls: C:\Windows\system32\igfxCUIService.exe  Berichtskennung: 25e87a21-cbed-11e4-82e4-74d435bb1459
Vollständiger
 Name des fehlerhaften Pakets:   Anwendungs-ID, die relativ zum fehlerhaften Paket
 ist: 
 
[ System Events ]
Error - 16.03.2015 10:59:31 | Computer Name = Necro | Source = Service Control Manager | ID = 7034
Description = Dienst "MBAMScheduler" wurde unerwartet beendet. Dies ist bereits 
1 Mal passiert.
 
Error - 16.03.2015 10:59:31 | Computer Name = Necro | Source = Service Control Manager | ID = 7034
Description = Dienst "PnkBstrA" wurde unerwartet beendet. Dies ist bereits 1 Mal
 passiert.
 
Error - 16.03.2015 10:59:31 | Computer Name = Necro | Source = Service Control Manager | ID = 7034
Description = Dienst "MBAMService" wurde unerwartet beendet. Dies ist bereits 1 
Mal passiert.
 
Error - 16.03.2015 10:59:31 | Computer Name = Necro | Source = Service Control Manager | ID = 7034
Description = Dienst "AVG PC TuneUp Service" wurde unerwartet beendet. Dies ist 
bereits 1 Mal passiert.
 
Error - 16.03.2015 10:59:31 | Computer Name = Necro | Source = Service Control Manager | ID = 7034
Description = Dienst "BlueStacks Android Service" wurde unerwartet beendet. Dies
 ist bereits 1 Mal passiert.
 
Error - 16.03.2015 10:59:31 | Computer Name = Necro | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0"
 wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen
 werden in 0 Millisekunden durchgeführt: Neustart des Diensts.
 
Error - 16.03.2015 10:59:31 | Computer Name = Necro | Source = Service Control Manager | ID = 7034
Description = Dienst "Intel(R) Rapid Storage Technology" wurde unerwartet beendet.
 Dies ist bereits 1 Mal passiert.
 
Error - 16.03.2015 10:59:31 | Computer Name = Necro | Source = Service Control Manager | ID = 7034
Description = Dienst "Intel(R) Dynamic Application Loader Host Interface Service"
 wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
 
Error - 16.03.2015 11:00:12 | Computer Name = Necro | Source = Service Control Manager | ID = 7023
Description = Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler
 beendet:   %%1064
 
Error - 16.03.2015 11:00:13 | Computer Name = Necro | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Intel(R) HD Graphics Control Panel Service" wurde mit 
folgendem Fehler beendet:   %%2147500037
 
 
< End of report >
         
--- --- ---

Alt 16.03.2015, 15:25   #2
M-K-D-B
/// TB-Ausbilder
 
Adware reste OTL LOG auswerten - Standard

Adware reste OTL LOG auswerten






Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.


Bitte beachte folgende Hinweise:
  • Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
  • Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
  • Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo. Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
  • Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
  • Bitte beachten: Download bei filepony.de: So ladet Ihr unsere Tools richtig!
  • Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!


Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:
So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke aauf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Danke für deine Mitarbeit!




Was für Adware hast du dir denn installiert?


OTL ist veraltet, wir verwenden FRST:


Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 16.03.2015, 15:45   #3
Necromorph
 
Adware reste OTL LOG auswerten - Standard

Adware reste OTL LOG auswerten



FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by MC-Necro (administrator) on NECRO on 16-03-2015 16:32:59
Running from C:\Users\MC-Necro\Desktop
Loaded Profiles: MC-Necro (Available profiles: MC-Necro)
Platform: Windows 8.1 Pro (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe
(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8_64.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(AVG Technologies) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(AVG Technologies) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Samsung Electronics.) C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7660760 2015-01-09] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2014-04-11] (Intel Corporation)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5595336 2014-10-01] (ESET)
HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2013-04-09] (Pixart Imaging Inc)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [843480 2014-10-08] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-02-10] (Oracle Corporation)
HKU\S-1-5-21-3114231556-3272972307-1787784662-1004\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [5583120 2015-02-26] (Disc Soft Ltd)
HKU\S-1-5-21-3114231556-3272972307-1787784662-1004\...\MountPoints2: {789ce035-c4aa-11e4-82cc-74d435bb1459} - "G:\Setup.exe" 
IFEO\AcroRd32.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\bf4.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\bf4_x86.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\bfh.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\crysis3.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\dtlite.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\origin.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\originer.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\skype.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\tm server.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\ulaunchtmt6.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\utotalmediatheatre6.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TotalMedia Server.lnk
ShortcutTarget: TotalMedia Server.lnk -> C:\Program Files (x86)\ArcSoft\TotalMedia Theatre 6\TotalMedia Server\TM Server.exe (ArcSoft Inc.)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-3114231556-3272972307-1787784662-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
HKU\S-1-5-21-3114231556-3272972307-1787784662-1004\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/?gfe_rd=cr&ei=q_cFVfHuJMuK-Qa2qIGIBw&gws_rd=ssl
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-23] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-23] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-12] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-12] (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 83.169.185.161 83.169.185.225
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2014-12-03] (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-23] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-23] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1216156.dll [2015-01-09] (Adobe Systems, Inc.)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2014-12-03] (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-12] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-12] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)

Chrome: 
=======
CHR HomePage: Profile 2 -> hxxp://www.google.de/
CHR StartupUrls: Profile 2 -> "hxxp://www.youtube.com/?gl=DE&hl=de"
CHR Profile: C:\Users\MC-Necro\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\MC-Necro\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-15]
CHR Extension: (Google Docs) - C:\Users\MC-Necro\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-15]
CHR Extension: (Google Drive) - C:\Users\MC-Necro\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-15]
CHR Extension: (YouTube) - C:\Users\MC-Necro\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-15]
CHR Extension: (Google Search) - C:\Users\MC-Necro\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-15]
CHR Extension: (Google Sheets) - C:\Users\MC-Necro\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-15]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\MC-Necro\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-15]
CHR Extension: (Google Wallet) - C:\Users\MC-Necro\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-15]
CHR Extension: (Gmail) - C:\Users\MC-Necro\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-15]
CHR Profile: C:\Users\MC-Necro\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Extension: (Magic Actions for YouTube™) - C:\Users\MC-Necro\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2015-03-15]
CHR Extension: (Google Drive) - C:\Users\MC-Necro\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-15]
CHR Extension: (MEGA) - C:\Users\MC-Necro\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod [2015-03-15]
CHR Extension: (YouTube) - C:\Users\MC-Necro\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-15]
CHR Extension: (Video Download Helper) - C:\Users\MC-Necro\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\cfmncdagnglibjiglbmchedcmainibbh [2015-03-15]
CHR Extension: (Google Search) - C:\Users\MC-Necro\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-15]
CHR Extension: (Click&Clean) - C:\Users\MC-Necro\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghgabhipcejejjmhhchfonmamedcbeod [2015-03-15]
CHR Extension: (WEB.DE MailCheck) - C:\Users\MC-Necro\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\jaogepninmlbinccpbiakcgiolijlllo [2015-03-15]
CHR Extension: (Downloads) - C:\Users\MC-Necro\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\jfchnphgogjhineanplmfkofljiagjfb [2015-03-15]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\MC-Necro\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-15]
CHR Extension: (Google Wallet) - C:\Users\MC-Necro\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-15]
CHR Extension: (Adblock Pro) - C:\Users\MC-Necro\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ocifcklkibdehekfnmflempfgjhbedch [2015-03-15]
CHR Extension: (Gmail) - C:\Users\MC-Necro\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-15]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 ADExchange; C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [44736 2014-03-11] (ArcSoft, Inc.)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [409304 2014-10-08] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [388824 2014-10-08] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [782040 2014-10-08] (BlueStack Systems, Inc.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
S4 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1272592 2015-02-26] (Disc Soft Ltd)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1349576 2014-10-01] (ESET)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-04-11] (Intel Corporation)
S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [329104 2014-10-03] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-03-20] (Intel Corporation)
S4 Launch TotalMedia Theatre 6 Driver; C:\Program Files (x86)\ArcSoft\TotalMedia Theatre 6\TMTLaunchDriverServer.exe [608256 2014-03-04] (ArcSoft, Inc.) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S4 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1930608 2015-03-12] (Electronic Arts)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2015-01-12] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2015-02-06] ()
S4 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [966336 2014-10-10] (@ByELDI) [File not signed]
R2 Start8; C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe [143288 2014-06-19] (Stardock Software, Inc)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2604856 2015-02-25] (AVG Technologies)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R1 ArcCtrl; C:\Windows\System32\drivers\ArcCtrl.sys [3315392 2013-11-20] ()
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2015-01-09] (Advanced Micro Devices)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-10-08] (BlueStack Systems)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30352 2015-03-07] (Disc Soft Ltd)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [243440 2014-09-22] (ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [241368 2014-09-22] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [169280 2014-09-22] (ESET)
R2 epfw; C:\Windows\system32\DRIVERS\epfw.sys [222280 2014-09-22] (ESET)
R1 EpfwLWF; C:\Windows\system32\DRIVERS\EpfwLWF.sys [44632 2014-09-22] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [63160 2014-09-22] (ESET)
S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45112 2014-12-13] (LogMeIn Inc.)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-01-09] (REALiX(tm))
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-16] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2015-01-30] (Intel Corporation)
S3 RecFltr; C:\Windows\system32\drivers\RecFltr.sys [45440 2007-01-18] ()
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [14112 2015-01-13] (TuneUp Software)
R3 t_mouse.sys; C:\Windows\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] ()
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [71680 2014-04-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
S3 atillk64; \??\D:\ati_winflash_2.6.7\atillk64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-16 16:32 - 2015-03-16 16:33 - 00020748 _____ () C:\Users\MC-Necro\Desktop\FRST.txt
2015-03-16 16:32 - 2015-03-16 16:30 - 02095616 _____ (Farbar) C:\Users\MC-Necro\Desktop\FRST64.exe
2015-03-16 16:30 - 2015-03-16 16:32 - 00000000 ____D () C:\FRST
2015-03-16 15:56 - 2015-03-16 15:59 - 00000000 ____D () C:\AdwCleaner
2015-03-16 15:54 - 2015-03-16 16:01 - 00007393 _____ () C:\Users\MC-Necro\Desktop\hijackthis.log
2015-03-16 15:16 - 2015-03-16 16:00 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-16 15:16 - 2015-03-16 15:16 - 00001134 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-03-16 15:16 - 2015-03-16 15:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-03-16 15:16 - 2015-03-16 15:16 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-16 15:16 - 2015-03-16 15:16 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-03-16 15:16 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-16 15:16 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-16 15:16 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-16 15:11 - 2015-03-16 15:21 - 00000790 _____ () C:\Windows\PFRO.log
2015-03-15 23:21 - 2015-03-16 16:00 - 00000580 _____ () C:\Windows\setupact.log
2015-03-15 23:21 - 2015-03-15 23:21 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-15 23:10 - 2015-03-15 23:10 - 00002249 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2015.lnk
2015-03-15 23:10 - 2015-03-15 23:10 - 00000000 ____D () C:\Program Files\Windows Sidebar
2015-03-15 23:10 - 2015-03-15 23:10 - 00000000 ____D () C:\Program Files (x86)\Windows Sidebar
2015-03-15 23:10 - 2015-03-15 23:10 - 00000000 ____D () C:\Program Files (x86)\AVG
2015-03-15 23:10 - 2015-02-25 09:25 - 00041784 _____ (AVG Technologies) C:\Windows\system32\TURegOpt.exe
2015-03-15 23:10 - 2015-02-25 09:24 - 00030520 _____ (AVG Technologies) C:\Windows\system32\authuitu.dll
2015-03-15 23:10 - 2015-02-25 09:24 - 00025912 _____ (AVG Technologies) C:\Windows\SysWOW64\authuitu.dll
2015-03-15 22:25 - 2015-03-15 22:25 - 00000000 ____D () C:\Windows\system32\appmgmt
2015-03-15 21:44 - 2015-03-15 21:44 - 00000000 _____ () C:\autoexec.bat
2015-03-15 21:43 - 2015-03-15 22:10 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2015-03-15 21:42 - 2015-03-15 21:42 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\MC-Necro\Downloads\SpyHunter4.exe
2015-03-15 21:40 - 2015-03-15 21:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-03-15 20:53 - 2015-03-15 20:53 - 00000004 _____ () C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-03-15 20:47 - 2015-03-15 20:47 - 00000000 ____D () C:\Users\MC-Necro\AppData\Roaming\03D40274-1426448862-05BB-1406-590700080009
2015-03-15 20:45 - 2015-03-15 21:16 - 00000000 ____D () C:\Users\MC-Necro\AppData\Roaming\oVy5zhI
2015-03-15 20:45 - 2015-03-15 21:16 - 00000000 ____D () C:\Users\MC-Necro\AppData\Roaming\lz5X1XA
2015-03-15 20:45 - 2015-03-15 21:16 - 00000000 ____D () C:\Users\MC-Necro\AppData\Roaming\7eTwD7u
2015-03-15 20:45 - 2015-03-15 20:45 - 00003288 _____ () C:\Windows\System32\Tasks\vTTqXYNrbiacuyp
2015-03-15 20:45 - 2015-03-15 20:45 - 00003246 _____ () C:\Windows\System32\Tasks\uUQqUdnfXquU7Cu
2015-03-15 20:45 - 2015-03-15 20:45 - 00003244 _____ () C:\Windows\System32\Tasks\OpBYzDpilE2DECl
2015-03-15 20:45 - 2015-03-15 20:45 - 00000080 _____ () C:\Users\MC-Necro\AppData\Local\recently-fix.db
2015-03-15 20:45 - 2015-03-15 20:45 - 00000000 ____D () C:\ProgramData\atjs
2015-03-12 19:35 - 2015-03-12 19:35 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-03-12 19:34 - 2015-03-12 19:34 - 00000000 ____D () C:\Program Files (x86)\Java
2015-03-11 13:01 - 2015-03-11 13:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CHIP Updater
2015-03-11 12:54 - 2015-03-06 03:53 - 00430080 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-11 12:54 - 2015-03-06 03:33 - 00358912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-11 12:54 - 2015-02-26 00:26 - 04178944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-11 12:54 - 2015-02-20 04:03 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-11 12:54 - 2015-02-20 03:58 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-11 12:54 - 2015-02-20 03:20 - 00301056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-11 12:54 - 2015-02-20 03:15 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-11 12:54 - 2015-02-07 00:09 - 00396419 _____ () C:\Windows\system32\ApnDatabase.xml
2015-03-11 12:54 - 2015-02-06 02:28 - 02257408 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-03-11 12:54 - 2015-02-06 02:08 - 01943040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-03-11 12:54 - 2015-02-05 21:24 - 01113920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-03-11 12:54 - 2015-02-04 00:58 - 00264000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2015-03-11 12:54 - 2015-02-04 00:58 - 00114496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys
2015-03-11 12:54 - 2015-02-04 00:58 - 00044024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2015-03-11 12:54 - 2015-02-03 01:03 - 03551744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll
2015-03-11 12:54 - 2015-02-03 01:02 - 04298240 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll
2015-03-11 12:54 - 2015-02-03 00:53 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\winshfhc.dll
2015-03-11 12:54 - 2015-02-03 00:53 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winshfhc.dll
2015-03-11 12:54 - 2015-01-31 00:42 - 03097600 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2015-03-11 12:54 - 2015-01-31 00:29 - 02484224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2015-03-11 12:54 - 2015-01-31 00:20 - 00203264 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-11 12:54 - 2015-01-30 04:01 - 00097792 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\hidbth.sys
2015-03-11 12:54 - 2015-01-30 03:03 - 01488896 _____ (Microsoft Corporation) C:\Windows\system32\mfc42u.dll
2015-03-11 12:54 - 2015-01-30 03:03 - 01464832 _____ (Microsoft Corporation) C:\Windows\system32\mfc42.dll
2015-03-11 12:54 - 2015-01-30 03:02 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\eappgnui.dll
2015-03-11 12:54 - 2015-01-30 02:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42u.dll
2015-03-11 12:54 - 2015-01-30 02:42 - 01204224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42.dll
2015-03-11 12:54 - 2015-01-30 02:40 - 00091648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappgnui.dll
2015-03-11 12:54 - 2015-01-30 02:37 - 00331776 _____ (Microsoft Corporation) C:\Windows\system32\eapp3hst.dll
2015-03-11 12:54 - 2015-01-30 02:29 - 00035840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\atlthunk.dll
2015-03-11 12:54 - 2015-01-30 02:24 - 00339456 _____ (Microsoft Corporation) C:\Windows\system32\eapphost.dll
2015-03-11 12:54 - 2015-01-30 02:24 - 00250880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapp3hst.dll
2015-03-11 12:54 - 2015-01-30 02:16 - 00266752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapphost.dll
2015-03-11 12:54 - 2015-01-30 02:08 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\eappcfg.dll
2015-03-11 12:54 - 2015-01-30 02:06 - 00278016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappcfg.dll
2015-03-11 12:54 - 2015-01-29 02:58 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\photowiz.dll
2015-03-11 12:54 - 2015-01-29 02:29 - 00290816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\photowiz.dll
2015-03-11 12:54 - 2015-01-29 02:11 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-03-11 12:54 - 2015-01-29 02:04 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2015-03-11 12:54 - 2015-01-29 02:04 - 00864256 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2015-03-11 12:54 - 2015-01-29 02:00 - 00210944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-03-11 12:54 - 2015-01-29 01:59 - 02773504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-03-11 12:54 - 2015-01-29 01:55 - 00971776 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2015-03-11 12:54 - 2015-01-29 01:50 - 00811008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2015-03-11 12:54 - 2015-01-29 01:49 - 02459136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-03-11 12:54 - 2015-01-28 16:41 - 07472960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-11 12:54 - 2015-01-28 16:41 - 01733440 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-03-11 12:54 - 2015-01-28 16:41 - 01498360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-03-11 12:54 - 2015-01-28 03:24 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\StorageContextHandler.dll
2015-03-11 12:54 - 2015-01-28 02:47 - 00060928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StorageContextHandler.dll
2015-03-11 12:54 - 2015-01-27 05:22 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-03-11 12:54 - 2015-01-27 04:44 - 00933888 _____ (Microsoft Corporation) C:\Windows\system32\calc.exe
2015-03-11 12:54 - 2015-01-27 03:11 - 03547648 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-03-11 12:54 - 2015-01-24 02:51 - 00816128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\calc.exe
2015-03-11 12:54 - 2015-01-23 08:17 - 00723072 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2015-03-11 12:54 - 2015-01-23 06:02 - 00560392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2015-03-11 12:53 - 2015-02-21 02:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-11 12:53 - 2015-02-21 01:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-11 12:53 - 2015-02-21 01:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-11 12:53 - 2015-02-21 01:27 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-03-11 12:53 - 2015-02-21 01:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-11 12:53 - 2015-02-21 00:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-11 12:53 - 2015-02-21 00:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-11 12:53 - 2015-02-20 03:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-11 12:53 - 2015-02-20 03:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-11 12:53 - 2015-02-20 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-11 12:53 - 2015-02-20 03:35 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-03-11 12:53 - 2015-02-20 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-11 12:53 - 2015-02-20 03:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-11 12:53 - 2015-02-20 03:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-11 12:53 - 2015-02-20 03:07 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-03-11 12:53 - 2015-02-20 03:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-11 12:53 - 2015-02-20 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-11 12:53 - 2015-02-20 03:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-11 12:53 - 2015-02-20 02:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-03-11 12:53 - 2015-02-20 02:56 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-03-11 12:53 - 2015-02-20 02:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-03-11 12:53 - 2015-02-20 02:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-11 12:53 - 2015-02-20 02:49 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-11 12:53 - 2015-02-20 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-11 12:53 - 2015-02-20 02:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-11 12:53 - 2015-02-20 02:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-11 12:53 - 2015-02-20 02:30 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-03-11 12:53 - 2015-02-20 02:29 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-03-11 12:53 - 2015-02-20 02:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-11 12:53 - 2015-02-20 02:26 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-03-11 12:53 - 2015-02-20 02:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-11 12:53 - 2015-02-20 02:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-11 12:53 - 2015-02-20 02:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-11 12:53 - 2015-02-20 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-11 12:53 - 2015-02-20 02:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-11 12:53 - 2015-02-20 01:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-11 12:53 - 2015-02-20 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-11 12:53 - 2015-02-12 18:40 - 22291584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-11 12:53 - 2015-02-12 18:34 - 19731824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-11 12:53 - 2015-02-08 00:57 - 01090048 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2015-03-11 12:53 - 2015-02-08 00:49 - 00791040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll
2015-03-11 12:53 - 2015-01-29 19:45 - 01763352 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-11 12:53 - 2015-01-29 19:34 - 01488040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-11 12:53 - 2015-01-28 02:31 - 00402432 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-11 12:53 - 2015-01-28 02:11 - 00357376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-11 12:53 - 2015-01-28 00:47 - 02501368 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2015-03-11 12:53 - 2015-01-28 00:41 - 02207488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2015-03-11 12:53 - 2015-01-21 06:54 - 01384712 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-11 12:53 - 2015-01-21 06:15 - 01123848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-11 12:53 - 2014-12-11 06:36 - 00046456 _____ (Microsoft Corporation) C:\Windows\system32\LockScreenContentServer.exe
2015-03-09 22:30 - 2015-03-09 22:30 - 00005487 _____ () C:\Users\MC-Necro\AppData\Roaming\XRNF
2015-03-09 22:30 - 2015-03-09 22:30 - 00005487 _____ () C:\Users\MC-Necro\AppData\Roaming\DNDQ
2015-03-09 16:33 - 2015-03-09 16:33 - 00000000 ____D () C:\Program Files (x86)\Lame For Audacity
2015-03-09 16:25 - 2015-03-14 21:16 - 00000000 ____D () C:\Users\MC-Necro\AppData\Roaming\Audacity
2015-03-09 16:25 - 2015-03-09 16:25 - 00001051 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2015-03-09 16:25 - 2015-03-09 16:25 - 00000000 ____D () C:\Program Files (x86)\Audacity
2015-03-09 13:56 - 2015-03-09 13:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Medieval Software
2015-03-09 13:56 - 2015-03-09 13:56 - 00000000 ____D () C:\Program Files (x86)\Medieval Software
2015-03-08 18:18 - 2015-03-14 21:00 - 00000000 ____D () C:\Users\MC-Necro\AppData\Roaming\DVDVideoSoft
2015-03-08 12:00 - 2015-03-13 12:57 - 00338160 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-07 11:50 - 2015-03-07 11:50 - 00000000 ____D () C:\Users\MC-Necro\Documents\My Games
2015-03-07 11:50 - 2015-03-07 11:50 - 00000000 ____D () C:\ProgramData\Steam
2015-03-07 11:47 - 2015-03-07 11:47 - 00001508 _____ () C:\Users\MC-Necro\Desktop\BioShock Infinite.lnk
2015-03-07 11:47 - 2015-03-07 11:47 - 00000000 ____D () C:\Users\MC-Necro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Black_Box
2015-03-07 11:25 - 2015-03-07 11:49 - 00000000 ____D () C:\Program Files (x86)\BioShock Infinite
2015-03-07 10:39 - 2015-03-15 22:23 - 00000000 ____D () C:\Users\MC-Necro\AppData\Roaming\vlc
2015-03-07 10:32 - 2015-03-07 10:32 - 00030352 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtlitescsibus.sys
2015-03-07 10:32 - 2015-03-07 10:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2015-03-07 10:32 - 2015-03-07 10:32 - 00000000 ____D () C:\Program Files\DAEMON Tools Lite
2015-03-07 10:29 - 2015-03-07 10:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-03-04 21:44 - 2015-03-04 21:44 - 00000000 ____D () C:\Users\MC-Necro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirusTotal Uploader 2.2
2015-03-04 21:44 - 2015-03-04 21:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VirusTotal Uploader 2.2
2015-03-04 21:44 - 2015-03-04 21:44 - 00000000 ____D () C:\Program Files (x86)\VirusTotalUploader2
2015-02-28 17:23 - 2015-02-28 17:23 - 00000000 ____D () C:\Users\MC-Necro\AppData\Local\Stardock_Corporation
2015-02-28 16:45 - 2015-03-01 17:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stardock
2015-02-28 16:45 - 2015-03-01 17:54 - 00000000 ____D () C:\Program Files (x86)\Stardock
2015-02-28 16:45 - 2015-02-28 16:45 - 00000000 ____D () C:\Users\Public\Documents\Stardock
2015-02-28 16:45 - 2015-02-28 16:45 - 00000000 ____D () C:\Users\MC-Necro\AppData\Local\Stardock
2015-02-28 16:22 - 2015-02-28 16:54 - 00000000 ____D () C:\ProgramData\Stardock
2015-02-28 15:55 - 2015-02-28 15:55 - 00000119 _____ () C:\Users\MC-Necro\AppData\Roaming\System Monitor II_UptimeRecord.ini
2015-02-28 15:49 - 2015-02-28 15:52 - 00000000 ____D () C:\Users\MC-Necro\AppData\Roaming\App Launcher Gadget
2015-02-28 15:46 - 2015-02-28 15:48 - 00000000 ____D () C:\Users\MC-Necro\AppData\Local\Clipboarder
2015-02-28 14:17 - 2015-02-28 14:17 - 00000460 __RSH () C:\ProgramData\ntuser.pol
2015-02-28 13:10 - 2015-02-28 13:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft TotalMedia Theatre 6
2015-02-28 13:10 - 2013-11-20 09:57 - 03315392 _____ () C:\Windows\system32\Drivers\ArcCtrl.sys
2015-02-28 13:10 - 2013-09-14 14:54 - 00009883 _____ () C:\Windows\system32\Drivers\win81_64logo.cat
2015-02-28 13:10 - 2012-06-11 18:42 - 00080488 _____ (ArcSoft Inc.) C:\Windows\system32\MMCEDT6.exe
2015-02-28 13:09 - 2015-02-28 13:09 - 00000000 ____D () C:\Program Files (x86)\ArcSoft
2015-02-27 19:39 - 2015-02-27 19:39 - 00000000 ____D () C:\Users\MC-Necro\AppData\Roaming\XMedia Recode
2015-02-27 19:05 - 2015-02-27 21:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2015-02-27 19:05 - 2015-02-27 21:22 - 00000000 ____D () C:\Program Files\CPUID
2015-02-27 18:42 - 2015-02-27 18:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XMedia Recode
2015-02-27 18:42 - 2015-02-27 18:42 - 00000000 ____D () C:\Program Files (x86)\XMedia Recode
2015-02-25 15:14 - 2014-12-13 22:28 - 00513488 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-25 15:14 - 2014-12-13 22:28 - 00513488 _____ () C:\Windows\system32\locale.nls
2015-02-21 20:44 - 2015-02-21 20:44 - 00000000 ____D () C:\Users\MC-Necro\AppData\Roaming\FreeAudioPack
2015-02-21 20:44 - 2015-02-21 20:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Audio Pack
2015-02-21 20:44 - 2015-02-21 20:44 - 00000000 ____D () C:\Program Files (x86)\Free mp3 Wma Converter
2015-02-21 20:44 - 2011-09-29 14:20 - 02084864 _____ (NCT Company Ltd.) C:\Windows\SysWOW64\AudDesign.dll
2015-02-21 20:44 - 2011-09-29 14:20 - 01986560 _____ (NCT Company Ltd.) C:\Windows\SysWOW64\AudFile.dll
2015-02-21 20:44 - 2011-09-29 14:20 - 01212416 _____ (NCT Company Ltd.) C:\Windows\SysWOW64\AudioInfos.dll
2015-02-21 20:44 - 2011-09-29 14:20 - 00484352 _____ () C:\Windows\SysWOW64\lame_enc.dll
2015-02-21 20:44 - 2011-09-29 14:20 - 00479232 _____ (NCT Company Ltd.) C:\Windows\SysWOW64\AudioVisu.dll
2015-02-21 20:44 - 2011-09-29 14:20 - 00458752 _____ (NCT Company Ltd.) C:\Windows\SysWOW64\AudPlayer.dll
2015-02-21 20:44 - 2011-09-29 14:20 - 00454656 _____ (NCT Company Ltd.) C:\Windows\SysWOW64\AudioRecord.dll
2015-02-21 20:44 - 2011-09-29 14:20 - 00417792 _____ (NCT Company Ltd.) C:\Windows\SysWOW64\AudDisplay.dll
2015-02-21 20:44 - 2011-09-29 14:20 - 00348160 _____ (NCT Company Ltd.) C:\Windows\SysWOW64\WMAFile.dll
2015-02-21 20:44 - 2011-09-29 14:20 - 00307200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr70.dll
2015-02-21 20:44 - 2011-09-29 14:20 - 00164144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COMCT232.OCX
2015-02-21 20:44 - 2011-09-29 14:20 - 00116296 _____ () C:\Windows\SysWOW64\NCTWMAProfiles.prx
2015-02-21 20:44 - 2011-09-29 14:19 - 01081616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscomctl.ocx
2015-02-21 20:44 - 2011-09-29 14:19 - 01060864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFC71.dll
2015-02-21 20:44 - 2011-09-29 14:19 - 00662288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCT2.OCX
2015-02-21 20:44 - 2011-09-29 14:19 - 00348160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2015-02-21 20:44 - 2011-09-29 14:19 - 00224016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TABCTL32.OCX
2015-02-21 20:44 - 2011-09-29 14:19 - 00152848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COMDLG32.OCX
2015-02-21 20:44 - 2011-09-29 14:19 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCMCFR.DLL
2015-02-21 20:44 - 2011-09-29 14:19 - 00119568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VB6FR.DLL
2015-02-21 20:44 - 2011-09-29 14:19 - 00115920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msinet.OCX
2015-02-21 20:44 - 2011-09-29 14:19 - 00101888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VB6STKIT.DLL
2015-02-21 20:44 - 2011-09-29 14:19 - 00059904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Mscc2fr.dll
2015-02-21 20:44 - 2011-09-29 14:19 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CMDLGFR.DLL
2015-02-21 20:44 - 2011-09-29 14:19 - 00021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TABCTFR.DLL
2015-02-21 20:44 - 2011-09-29 14:19 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetfr.DLL
2015-02-21 10:38 - 2015-02-21 10:38 - 00000000 ____D () C:\Users\MC-Necro\AppData\Roaming\Rename Expert
2015-02-21 10:37 - 2015-02-21 10:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rename Expert
2015-02-21 10:37 - 2015-02-21 10:37 - 00000000 ____D () C:\Program Files (x86)\Rename Expert
2015-02-21 10:37 - 2013-10-24 11:23 - 06441984 _____ (Debenu Pty Ltd) C:\Windows\SysWOW64\DebenuPDFLibraryLite1011.dll
2015-02-14 21:22 - 2015-02-14 21:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-16 16:30 - 2015-01-09 17:54 - 01489205 _____ () C:\Windows\WindowsUpdate.log
2015-03-16 16:18 - 2015-01-09 18:02 - 00001130 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-16 16:06 - 2014-03-18 11:04 - 01780340 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-16 16:06 - 2014-03-18 10:25 - 00765378 _____ () C:\Windows\system32\perfh007.dat
2015-03-16 16:06 - 2014-03-18 10:25 - 00159696 _____ () C:\Windows\system32\perfc007.dat
2015-03-16 16:05 - 2015-01-09 18:03 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3114231556-3272972307-1787784662-1004
2015-03-16 16:02 - 2015-01-09 18:10 - 00006464 _____ () C:\Windows\SysWOW64\Gms.log
2015-03-16 16:00 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-16 15:17 - 2015-01-09 17:57 - 00000000 ____D () C:\Users\MC-Necro\AppData\Local\VirtualStore
2015-03-15 23:18 - 2015-01-15 16:23 - 00731648 ___SH () C:\Users\MC-Necro\Desktop\Thumbs.db
2015-03-15 23:17 - 2015-01-10 00:45 - 00003888 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-03-15 23:17 - 2015-01-09 18:46 - 00000000 ____D () C:\Users\MC-Necro\AppData\Roaming\Skype
2015-03-15 23:06 - 2015-01-09 17:55 - 00003366 _____ () C:\Windows\System32\Tasks\AutoPico Daily Restart
2015-03-15 23:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2015-03-15 22:27 - 2015-01-09 17:57 - 00001454 _____ () C:\Users\MC-Necro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-03-15 21:40 - 2015-01-09 18:02 - 00000000 ____D () C:\Program Files (x86)\Google
2015-03-15 21:17 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\Resources
2015-03-15 21:16 - 2015-01-09 18:43 - 00000000 ____D () C:\Program Files (x86)\AMD
2015-03-15 20:55 - 2013-08-22 14:25 - 00000194 _____ () C:\Windows\win.ini
2015-03-15 20:53 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-03-15 16:51 - 2015-01-09 20:34 - 00226680 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2015-03-15 16:51 - 2015-01-09 20:34 - 00214392 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2015-03-15 16:48 - 2015-01-08 20:08 - 00000000 ____D () C:\ProgramData\Origin
2015-03-14 21:00 - 2015-01-14 20:13 - 00000000 ____D () C:\Program Files (x86)\Free Codec Pack
2015-03-14 12:34 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache
2015-03-14 12:28 - 2015-01-09 16:16 - 00000000 ____D () C:\Users\MC-Necro\AppData\Local\JDownloader v2.0
2015-03-14 09:58 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-03-12 23:04 - 2013-08-22 16:36 - 00000000 ___RD () C:\Windows\ToastData
2015-03-12 23:04 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-12 23:04 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-12 23:04 - 2013-08-22 16:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-12 23:04 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\WinStore
2015-03-12 23:04 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-03-12 23:04 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Defender
2015-03-12 23:04 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-03-12 19:45 - 2015-01-08 20:08 - 00000000 ____D () C:\Program Files (x86)\Origin
2015-03-12 13:57 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-03-12 13:54 - 2014-11-12 11:13 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-12 13:53 - 2014-11-12 11:13 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-11 13:01 - 2015-01-09 19:38 - 00000000 ____D () C:\Windows\System32\Tasks\Abelssoft
2015-03-11 13:01 - 2015-01-09 19:38 - 00000000 ____D () C:\Program Files (x86)\CHIP Updater
2015-03-07 11:48 - 2015-01-09 18:27 - 00000000 ____D () C:\Windows\SysWOW64\directx
2015-03-07 11:24 - 2015-01-08 20:12 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2015-03-07 11:22 - 2015-01-09 18:37 - 00000000 ____D () C:\Users\MC-Necro\AppData\Roaming\DAEMON Tools Lite
2015-03-07 10:29 - 2015-01-09 18:55 - 00000000 ____D () C:\Program Files\VideoLAN
2015-03-05 10:43 - 2015-01-09 18:23 - 00000000 ____D () C:\ProgramData\ProductData
2015-03-04 22:24 - 2013-08-22 16:38 - 00792032 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-03-04 22:24 - 2013-08-22 16:38 - 00178144 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-28 14:21 - 2015-01-09 17:57 - 00000000 ____D () C:\Users\MC-Necro\AppData\Local\Packages
2015-02-28 14:16 - 2013-08-22 16:36 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-02-28 13:11 - 2015-01-09 19:06 - 00000000 ____D () C:\Users\MC-Necro\AppData\Roaming\ArcSoft
2015-02-28 13:10 - 2015-01-09 18:58 - 00000000 ____D () C:\ProgramData\ArcSoft
2015-02-28 13:10 - 2015-01-09 18:05 - 00000000 ____D () C:\Program Files (x86)\InstallShield Installation Information
2015-02-27 20:42 - 2015-02-13 17:12 - 00000000 ____D () C:\Users\MC-Necro\AppData\Roaming\dvdcss
2015-02-27 19:03 - 2015-01-09 12:48 - 00007597 _____ () C:\Users\MC-Necro\AppData\Local\Resmon.ResmonCfg
2015-02-15 15:52 - 2015-01-09 18:02 - 00000000 ____D () C:\Users\MC-Necro\AppData\Local\Google

==================== Files in the root of some directories =======

2015-01-25 17:12 - 2015-01-25 17:12 - 0001248 _____ () C:\Users\MC-Necro\AppData\Roaming\CZWL
2015-03-09 22:30 - 2015-03-09 22:30 - 0005487 _____ () C:\Users\MC-Necro\AppData\Roaming\DNDQ
2015-02-28 15:55 - 2015-02-28 15:55 - 0000119 _____ () C:\Users\MC-Necro\AppData\Roaming\System Monitor II_UptimeRecord.ini
2015-03-09 22:30 - 2015-03-09 22:30 - 0005487 _____ () C:\Users\MC-Necro\AppData\Roaming\XRNF
2015-02-13 16:40 - 2015-02-13 16:40 - 0197360 _____ () C:\Users\MC-Necro\AppData\Local\024F379A_stp.CIS
2015-02-13 16:40 - 2015-02-13 16:56 - 0000234 _____ () C:\Users\MC-Necro\AppData\Local\024F379A_stp.CIS.part
2015-02-13 16:40 - 2015-02-13 16:40 - 0118724 _____ () C:\Users\MC-Necro\AppData\Local\4C9D2FA9_stp.CIS
2015-02-13 16:40 - 2015-02-13 16:56 - 0000290 _____ () C:\Users\MC-Necro\AppData\Local\4C9D2FA9_stp.CIS.part
2015-03-15 20:45 - 2015-03-15 20:45 - 0000080 _____ () C:\Users\MC-Necro\AppData\Local\recently-fix.db
2015-01-09 12:48 - 2015-02-27 19:03 - 0007597 _____ () C:\Users\MC-Necro\AppData\Local\Resmon.ResmonCfg
2015-01-09 18:06 - 2015-01-09 18:06 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some content of TEMP:
====================
C:\Users\MC-Necro\AppData\Local\Temp\CHIP_Updater.exe
C:\Users\MC-Necro\AppData\Local\Temp\CloudBackup7598.exe
C:\Users\MC-Necro\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\MC-Necro\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\MC-Necro\AppData\Local\Temp\Execute2App.exe
C:\Users\MC-Necro\AppData\Local\Temp\msvcp90.dll
C:\Users\MC-Necro\AppData\Local\Temp\msvcr90.dll
C:\Users\MC-Necro\AppData\Local\Temp\proxy_vole8530263425264948663.dll
C:\Users\MC-Necro\AppData\Local\Temp\Quarantine.exe
C:\Users\MC-Necro\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\MC-Necro\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\MC-Necro\AppData\Local\Temp\SHSetup.exe
C:\Users\MC-Necro\AppData\Local\Temp\SkypeSetup.exe
C:\Users\MC-Necro\AppData\Local\Temp\sqlite3.dll
C:\Users\MC-Necro\AppData\Local\Temp\vcredist_x64.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-09 18:35

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by MC-Necro at 2015-03-16 16:33:12
Running from C:\Users\MC-Necro\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET Smart Security 8.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Smart Security 8.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personal Firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.6.156 - Adobe Systems, Inc.)
AIDA64 Extreme v5.00 (HKLM-x32\...\AIDA64 Extreme_is1) (Version: 5.00 - FinalWire Ltd.)
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
ArcSoft TotalMedia Theatre 6 (HKLM-x32\...\InstallShield_{5232358C-7C23-4319-8271-E43F924196AC}) (Version: 6.7.1.199 - ArcSoft)
ArcSoft TotalMedia Theatre 6 (x32 Version: 6.7.1.199 - ArcSoft) Hidden
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
AVG PC TuneUp 2015 (de-DE) (x32 Version: 15.0.1001.403 - AVG Technologies) Hidden
AVG PC TuneUp 2015 (HKLM-x32\...\AVG PC TuneUp) (Version: 15.0.1001.403 - AVG Technologies)
AVG PC TuneUp 2015 (x32 Version: 15.0.1001.403 - AVG Technologies) Hidden
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.4.2.25648 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.0 - EA Digital Illusions CE AB)
BioShock Infinite (HKLM-x32\...\{2F82B501-6358-476E-A9AC-A6DABD2E52F9}) (Version: 6.0 - Black Box)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.9.4.4079 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{8DCCC556-265B-478A-8B32-C12DA988BA74}) (Version: 0.9.4.4079 - BlueStack Systems, Inc.)
CHIP Updater (HKLM-x32\...\CHIP Updater_is1) (Version: 2.40 - Abelssoft)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 5.0.1.0406 - Disc Soft Ltd)
Driver Booster 2.1 (HKLM-x32\...\Driver Booster_is1) (Version: 2.1 - IObit)
ESET Smart Security (HKLM\...\{75F06437-40F4-4A65-BC65-FC194D6B7EBA}) (Version: 8.0.304.4 - ESET, spol s r. o.)
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
Free Mp3 Wma Converter V 2.2 (HKLM-x32\...\Free Mp3 Wma Converter_is1) (Version: 2.2.0.0 - Koyote Soft)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.89 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.0.1204 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3960 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.0.3.1001 - Intel Corporation)
Intel® Chipsatz-Gerätesoftware (x32 Version: 10.0.13 - Intel(R) Corporation) Hidden
Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version:  - )
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Medieval CUE Splitter (HKLM-x32\...\{B96D2269-568B-4CBF-9332-12FAE8B158F7}) (Version: 1.2.0 - Medieval Software)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{09298F26-A95C-31E2-9D95-2C60F586F075}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.5.3.636 - Electronic Arts, Inc.)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 8.24.1218.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7373 - Realtek Semiconductor Corp.)
Rename Expert 5.6.0 (HKLM-x32\...\{C4401B9F-F462-44F3-B96E-390AF4DC0EE6}_is1) (Version:  - Gillmeister Software)
Revo Uninstaller Pro 3.1.2 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.2 - VS Revo Group, Ltd.)
RivaTuner Statistics Server 6.3.0 (HKLM-x32\...\RTSS) (Version: 6.3.0 - Unwinder)
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15024.8 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.15024.8 - Samsung Electronics Co., Ltd.) Hidden
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.5.1 - Samsung Electronics)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Stardock Start8 (HKLM\...\Start8_is1) (Version: 1.45 - Stardock Software, Inc.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
VirusTotal Uploader 2.2 (HKLM-x32\...\VTUploader) (Version:  - )
VLC media player (HKLM\...\VLC media player) (Version: 2.2.0 - VideoLAN)
WinRAR 5.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
XMedia Recode Version 3.2.1.7 (HKLM-x32\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.2.1.7 - XMedia Recode)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3114231556-3272972307-1787784662-1004_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)

==================== Restore Points  =========================

15-03-2015 23:10:01 AVG PC TuneUp 2015 wird installiert

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {13EBD2DA-AB6A-4748-BEA1-1A16C286D536} - \Driver Booster Startup No Task File <==== ATTENTION
Task: {27048078-ECBC-4121-B0E3-58D09D8965BB} - System32\Tasks\vTTqXYNrbiacuyp => C:\Users\MC-Necro\AppData\Roaming\7eTwD7u\uF47zLL.exe
Task: {281FEDF8-E9B3-4E17-A770-1F07BFCBA58B} - \Driver Booster Scan No Task File <==== ATTENTION
Task: {49944065-2C63-4E6B-8F62-E5E7FE0AF965} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-02-10] (Oracle Corporation)
Task: {63B44105-BC0A-4115-B4D3-63C7EBBC364C} - \Driver Booster Update No Task File <==== ATTENTION
Task: {73F0BAE4-609C-4770-87D1-97C984B44474} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2014-10-10] (@ByELDI)
Task: {B033CAC0-87EB-4D95-BD18-436688055DDD} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-03-12] (Microsoft Corporation)
Task: {D96FC44B-3B41-4DCA-B04D-56C6D1919DDB} - System32\Tasks\Abelssoft\Updater scan => C:\Program Files (x86)\CHIP Updater\CHIPUpdater.exe [2015-03-10] (CHIP)
Task: {DDF60E3C-6909-4257-BEBE-F9CD4F8848DA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-09] (Google Inc.)
Task: {E7A75317-98B9-492D-AB73-6ED3DF3E47DA} - System32\Tasks\GoogleUpdateTaskMachineCore1d0408de35f61f2 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-09] (Google Inc.)
Task: {EB1F3EBE-0784-4E32-89CE-1E828DBF5E88} - System32\Tasks\uUQqUdnfXquU7Cu => C:\Users\MC-Necro\AppData\Roaming\lz5X1XA\lPnXGIY.exe [2015-03-15] ( )
Task: {EC75BAE2-2EDF-4E74-96F1-390BAC79E6EE} - \Driver Booster SkipUAC (MC-Necro) No Task File <==== ATTENTION
Task: {EC9DAD29-33FE-4E22-858E-AE28C6EF66C9} - \Optimize Start Menu Cache Files-S-1-5-21-3114231556-3272972307-1787784662-1001 No Task File <==== ATTENTION
Task: {F2CE4609-8D3E-4270-80C0-7DE95CDCFFB3} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe [2014-09-28] (Samsung Electronics.)
Task: {F53111B1-3A68-4028-BCBC-A28B86269BD8} - System32\Tasks\OpBYzDpilE2DECl => C:\Users\MC-Necro\AppData\Roaming\oVy5zhI\v8YTFf5.exe
Task: {FD27954F-77B3-4BB4-BB48-99EB7601C7EA} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0408de35f61f2.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2010-07-15 05:44 - 2010-07-15 05:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2015-01-09 20:34 - 2015-02-06 18:51 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2015-02-25 09:25 - 2015-02-25 09:25 - 00712504 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\avgrepliba.dll
2015-02-25 09:25 - 2015-02-25 09:25 - 00855864 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\tulnga.dll
2015-01-09 18:38 - 2014-09-28 17:59 - 00019872 _____ () C:\Program Files (x86)\Samsung\Samsung Magician\SAMSUNG_SSD.dll
2014-03-20 11:43 - 2014-03-20 11:43 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2015-03-15 21:40 - 2015-03-07 07:12 - 01174856 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\libglesv2.dll
2015-03-15 21:40 - 2015-03-07 07:12 - 00080200 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\libegl.dll
2015-03-15 21:40 - 2015-03-07 07:13 - 09279304 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\pdf.dll
2015-03-15 21:40 - 2015-03-07 07:13 - 14974280 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3114231556-3272972307-1787784662-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\MC-Necro\AppData\Roaming\Microsoft\Windows Photo Viewer\Hintergrundbild der Windows-Fotoanzeige.jpg
DNS Servers: 83.169.185.161 - 83.169.185.225

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "TotalMedia Server.lnk"
HKLM\...\StartupApproved\Run: => "IAStorIcon"
HKLM\...\StartupApproved\Run: => "MouseDriver"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "BlueStacks Agent"
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKU\S-1-5-21-3114231556-3272972307-1787784662-1004\...\StartupApproved\StartupFolder: => "Sidebar845.lnk"
HKU\S-1-5-21-3114231556-3272972307-1787784662-1004\...\StartupApproved\StartupFolder: => "superpc_soft_partner.lnk"
HKU\S-1-5-21-3114231556-3272972307-1787784662-1004\...\StartupApproved\Run: => "DAEMON Tools Lite"

==================== Accounts: =============================

Administrator (S-1-5-21-3114231556-3272972307-1787784662-500 - Administrator - Disabled)
Gast (S-1-5-21-3114231556-3272972307-1787784662-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3114231556-3272972307-1787784662-1003 - Limited - Enabled)
MC-Necro (S-1-5-21-3114231556-3272972307-1787784662-1004 - Administrator - Enabled) => C:\Users\MC-Necro

==================== Faulty Device Manager Devices =============

Name: Intel(R) HD Graphics 4600
Description: Intel(R) HD Graphics 4600
Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel Corporation
Service: igfx
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/16/2015 04:00:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: igfxCUIService.exe, Version: 6.15.10.3960, Zeitstempel: 0x54299ab0
Name des fehlerhaften Moduls: igfxCUIService.exe, Version: 6.15.10.3960, Zeitstempel: 0x54299ab0
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000017719
ID des fehlerhaften Prozesses: 0x214
Startzeit der fehlerhaften Anwendung: 0xigfxCUIService.exe0
Pfad der fehlerhaften Anwendung: igfxCUIService.exe1
Pfad des fehlerhaften Moduls: igfxCUIService.exe2
Berichtskennung: igfxCUIService.exe3
Vollständiger Name des fehlerhaften Pakets: igfxCUIService.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: igfxCUIService.exe5

Error: (03/16/2015 04:00:12 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (03/16/2015 03:47:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: igfxCUIService.exe, Version: 6.15.10.3960, Zeitstempel: 0x54299ab0
Name des fehlerhaften Moduls: igfxCUIService.exe, Version: 6.15.10.3960, Zeitstempel: 0x54299ab0
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000017719
ID des fehlerhaften Prozesses: 0x214
Startzeit der fehlerhaften Anwendung: 0xigfxCUIService.exe0
Pfad der fehlerhaften Anwendung: igfxCUIService.exe1
Pfad des fehlerhaften Moduls: igfxCUIService.exe2
Berichtskennung: igfxCUIService.exe3
Vollständiger Name des fehlerhaften Pakets: igfxCUIService.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: igfxCUIService.exe5

Error: (03/16/2015 03:24:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: igfxCUIService.exe, Version: 6.15.10.3960, Zeitstempel: 0x54299ab0
Name des fehlerhaften Moduls: igfxCUIService.exe, Version: 6.15.10.3960, Zeitstempel: 0x54299ab0
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000017719
ID des fehlerhaften Prozesses: 0x1c4
Startzeit der fehlerhaften Anwendung: 0xigfxCUIService.exe0
Pfad der fehlerhaften Anwendung: igfxCUIService.exe1
Pfad des fehlerhaften Moduls: igfxCUIService.exe2
Berichtskennung: igfxCUIService.exe3
Vollständiger Name des fehlerhaften Pakets: igfxCUIService.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: igfxCUIService.exe5

Error: (03/16/2015 03:22:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: igfxCUIService.exe, Version: 6.15.10.3960, Zeitstempel: 0x54299ab0
Name des fehlerhaften Moduls: igfxCUIService.exe, Version: 6.15.10.3960, Zeitstempel: 0x54299ab0
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000017719
ID des fehlerhaften Prozesses: 0x214
Startzeit der fehlerhaften Anwendung: 0xigfxCUIService.exe0
Pfad der fehlerhaften Anwendung: igfxCUIService.exe1
Pfad des fehlerhaften Moduls: igfxCUIService.exe2
Berichtskennung: igfxCUIService.exe3
Vollständiger Name des fehlerhaften Pakets: igfxCUIService.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: igfxCUIService.exe5

Error: (03/16/2015 03:11:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: igfxCUIService.exe, Version: 6.15.10.3960, Zeitstempel: 0x54299ab0
Name des fehlerhaften Moduls: igfxCUIService.exe, Version: 6.15.10.3960, Zeitstempel: 0x54299ab0
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000017719
ID des fehlerhaften Prozesses: 0x210
Startzeit der fehlerhaften Anwendung: 0xigfxCUIService.exe0
Pfad der fehlerhaften Anwendung: igfxCUIService.exe1
Pfad des fehlerhaften Moduls: igfxCUIService.exe2
Berichtskennung: igfxCUIService.exe3
Vollständiger Name des fehlerhaften Pakets: igfxCUIService.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: igfxCUIService.exe5

Error: (03/15/2015 11:15:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: igfxCUIService.exe, Version: 6.15.10.3960, Zeitstempel: 0x54299ab0
Name des fehlerhaften Moduls: igfxCUIService.exe, Version: 6.15.10.3960, Zeitstempel: 0x54299ab0
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000017719
ID des fehlerhaften Prozesses: 0x20c
Startzeit der fehlerhaften Anwendung: 0xigfxCUIService.exe0
Pfad der fehlerhaften Anwendung: igfxCUIService.exe1
Pfad des fehlerhaften Moduls: igfxCUIService.exe2
Berichtskennung: igfxCUIService.exe3
Vollständiger Name des fehlerhaften Pakets: igfxCUIService.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: igfxCUIService.exe5

Error: (03/15/2015 11:10:02 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.

Error: (03/15/2015 11:07:15 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.

Error: (03/15/2015 11:06:38 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.


System errors:
=============
Error: (03/16/2015 04:00:13 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Intel(R) HD Graphics Control Panel Service" wurde mit folgendem Fehler beendet: 
%%2147500037

Error: (03/16/2015 04:00:12 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler beendet: 
%%1064

Error: (03/16/2015 03:59:31 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Dynamic Application Loader Host Interface Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (03/16/2015 03:59:31 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Rapid Storage Technology" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (03/16/2015 03:59:31 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.

Error: (03/16/2015 03:59:31 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "BlueStacks Android Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (03/16/2015 03:59:31 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "AVG PC TuneUp Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (03/16/2015 03:59:31 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "MBAMService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (03/16/2015 03:59:31 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "PnkBstrA" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (03/16/2015 03:59:31 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "MBAMScheduler" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


Microsoft Office Sessions:
=========================
Error: (03/16/2015 04:00:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: igfxCUIService.exe6.15.10.396054299ab0igfxCUIService.exe6.15.10.396054299ab0c0000005000000000001771921401d05ff9e5732db8C:\Windows\system32\igfxCUIService.exeC:\Windows\system32\igfxCUIService.exe25e87a21-cbed-11e4-82e4-74d435bb1459

Error: (03/16/2015 04:00:12 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (03/16/2015 03:47:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: igfxCUIService.exe6.15.10.396054299ab0igfxCUIService.exe6.15.10.396054299ab0c0000005000000000001771921401d05ff829f9c65cC:\Windows\system32\igfxCUIService.exeC:\Windows\system32\igfxCUIService.exe6b95f0e4-cbeb-11e4-82e3-74d435bb1459

Error: (03/16/2015 03:24:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: igfxCUIService.exe6.15.10.396054299ab0igfxCUIService.exe6.15.10.396054299ab0c000000500000000000177191c401d05ff4e8b83ee7C:\Windows\system32\igfxCUIService.exeC:\Windows\system32\igfxCUIService.exe2b0f9217-cbe8-11e4-82e1-74d435bb1459

Error: (03/16/2015 03:22:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: igfxCUIService.exe6.15.10.396054299ab0igfxCUIService.exe6.15.10.396054299ab0c0000005000000000001771921401d05ff48c4c921cC:\Windows\system32\igfxCUIService.exeC:\Windows\system32\igfxCUIService.execee82fd0-cbe7-11e4-82e0-74d435bb1459

Error: (03/16/2015 03:11:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: igfxCUIService.exe6.15.10.396054299ab0igfxCUIService.exe6.15.10.396054299ab0c0000005000000000001771921001d05ff322b00179C:\Windows\system32\igfxCUIService.exeC:\Windows\system32\igfxCUIService.exe63be54ae-cbe6-11e4-82df-74d435bb1459

Error: (03/15/2015 11:15:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: igfxCUIService.exe6.15.10.396054299ab0igfxCUIService.exe6.15.10.396054299ab0c0000005000000000001771920c01d05f6d927984c2C:\Windows\system32\igfxCUIService.exeC:\Windows\system32\igfxCUIService.exed2c183c4-cb60-11e4-82de-74d435bb1459

Error: (03/15/2015 11:10:02 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert

Error: (03/15/2015 11:07:15 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert

Error: (03/15/2015 11:06:38 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-4790K CPU @ 4.00GHz
Percentage of memory in use: 29%
Total physical RAM: 8085.18 MB
Available physical RAM: 5727.36 MB
Total Pagefile: 8285.18 MB
Available Pagefile: 5645.3 MB
Total Virtual: 131072 MB
Available Virtual: 131071.83 MB

==================== Drives ================================

Drive c: (Spiele/Programme) (Fixed) (Total:111.79 GB) (Free:16.32 GB) NTFS
Drive d: (Downloads) (Fixed) (Total:465.66 GB) (Free:450.54 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 4FB8C0ED)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 5AFC4BC7)
Partition 1: (Not Active) - (Size=111.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
Ich habe mir die Adware MystartSearch installiert
__________________

Alt 16.03.2015, 15:57   #4
M-K-D-B
/// TB-Ausbilder
 
Adware reste OTL LOG auswerten - Standard

Adware reste OTL LOG auswerten



Servus,




Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Code:
ATTFilter
start
CloseProcesses:
Task: {13EBD2DA-AB6A-4748-BEA1-1A16C286D536} - \Driver Booster Startup No Task File <==== ATTENTION
Task: {27048078-ECBC-4121-B0E3-58D09D8965BB} - System32\Tasks\vTTqXYNrbiacuyp => C:\Users\MC-Necro\AppData\Roaming\7eTwD7u\uF47zLL.exe
C:\Users\MC-Necro\AppData\Roaming\7eTwD7u
Task: {281FEDF8-E9B3-4E17-A770-1F07BFCBA58B} - \Driver Booster Scan No Task File <==== ATTENTION
Task: {63B44105-BC0A-4115-B4D3-63C7EBBC364C} - \Driver Booster Update No Task File <==== ATTENTION
Task: {EB1F3EBE-0784-4E32-89CE-1E828DBF5E88} - System32\Tasks\uUQqUdnfXquU7Cu => C:\Users\MC-Necro\AppData\Roaming\lz5X1XA\lPnXGIY.exe [2015-03-15] ( )
C:\Users\MC-Necro\AppData\Roaming\lz5X1XA
Task: {EC75BAE2-2EDF-4E74-96F1-390BAC79E6EE} - \Driver Booster SkipUAC (MC-Necro) No Task File <==== ATTENTION
Task: {EC9DAD29-33FE-4E22-858E-AE28C6EF66C9} - \Optimize Start Menu Cache Files-S-1-5-21-3114231556-3272972307-1787784662-1001 No Task File <==== ATTENTION
Task: {F53111B1-3A68-4028-BCBC-A28B86269BD8} - System32\Tasks\OpBYzDpilE2DECl => C:\Users\MC-Necro\AppData\Roaming\oVy5zhI\v8YTFf5.exe
C:\Users\MC-Necro\AppData\Roaming\oVy5zhI
C:\ProgramData\DP45977C.lfl
C:\Users\MC-Necro\AppData\Roaming\XRNF
C:\Users\MC-Necro\AppData\Roaming\DNDQ
C:\Users\MC-Necro\AppData\Roaming\CZWL
C:\ProgramData\atjs
C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
C:\Users\MC-Necro\AppData\Roaming\03D40274-1426448862-05BB-1406-590700080009
C:\Users\MC-Necro\Downloads\SpyHunter4.exe
EmptyTemp:
end
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.







Schritt 2
  • Deaktiviere dein Anti-Viren-Programm.
  • Gehe zum Ordner C:\FRST\Quarantine.
  • Rechtsklicke auf den Ordner Quarantine und wähle > Senden an > Zip-komprimierter Ordner.
  • Es wird eine zip-Datei mit dem Namen Quarantine.zip im Ordner FRST erstellt.
  • Lade die Quarantine.zip im Upload-Channel hoch.
  • Klicke dazu auf Durchsuchen, navigiere zu der zip-Datei ( C:\FRST\Quarantine.zip ) und klicke auf Öffnen.
  • Klicke abschließend auf Hochladen.
  • Vielen Dank für deine Hilfe.
  • Aktiviere dein Anti-Viren-Programm wieder.





Schritt 3
  • Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
  • FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.




Bitte poste mit deiner nächsten Antwort
  • die Logdatei des FRST-Fix,
  • eine Rückmeldung bezüglich des Uploads,
  • die beiden neuen Logdateien von FRST.

Alt 16.03.2015, 16:09   #5
Necromorph
 
Adware reste OTL LOG auswerten - Standard

Adware reste OTL LOG auswerten



Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by MC-Necro at 2015-03-16 17:02:50 Run:1
Running from D:\
Loaded Profiles: MC-Necro (Available profiles: MC-Necro)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CloseProcesses:
Task: {13EBD2DA-AB6A-4748-BEA1-1A16C286D536} - \Driver Booster Startup No Task File <==== ATTENTION
Task: {27048078-ECBC-4121-B0E3-58D09D8965BB} - System32\Tasks\vTTqXYNrbiacuyp => C:\Users\MC-Necro\AppData\Roaming\7eTwD7u\uF47zLL.exe
C:\Users\MC-Necro\AppData\Roaming\7eTwD7u
Task: {281FEDF8-E9B3-4E17-A770-1F07BFCBA58B} - \Driver Booster Scan No Task File <==== ATTENTION
Task: {63B44105-BC0A-4115-B4D3-63C7EBBC364C} - \Driver Booster Update No Task File <==== ATTENTION
Task: {EB1F3EBE-0784-4E32-89CE-1E828DBF5E88} - System32\Tasks\uUQqUdnfXquU7Cu => C:\Users\MC-Necro\AppData\Roaming\lz5X1XA\lPnXGIY.exe [2015-03-15] ( )
C:\Users\MC-Necro\AppData\Roaming\lz5X1XA
Task: {EC75BAE2-2EDF-4E74-96F1-390BAC79E6EE} - \Driver Booster SkipUAC (MC-Necro) No Task File <==== ATTENTION
Task: {EC9DAD29-33FE-4E22-858E-AE28C6EF66C9} - \Optimize Start Menu Cache Files-S-1-5-21-3114231556-3272972307-1787784662-1001 No Task File <==== ATTENTION
Task: {F53111B1-3A68-4028-BCBC-A28B86269BD8} - System32\Tasks\OpBYzDpilE2DECl => C:\Users\MC-Necro\AppData\Roaming\oVy5zhI\v8YTFf5.exe
C:\Users\MC-Necro\AppData\Roaming\oVy5zhI
C:\ProgramData\DP45977C.lfl
C:\Users\MC-Necro\AppData\Roaming\XRNF
C:\Users\MC-Necro\AppData\Roaming\DNDQ
C:\Users\MC-Necro\AppData\Roaming\CZWL
C:\ProgramData\atjs
C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
C:\Users\MC-Necro\AppData\Roaming\03D40274-1426448862-05BB-1406-590700080009
C:\Users\MC-Necro\Downloads\SpyHunter4.exe
EmptyTemp:
end
*****************

Processes closed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{13EBD2DA-AB6A-4748-BEA1-1A16C286D536}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{13EBD2DA-AB6A-4748-BEA1-1A16C286D536}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster Startup" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{27048078-ECBC-4121-B0E3-58D09D8965BB}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{27048078-ECBC-4121-B0E3-58D09D8965BB}" => Key deleted successfully.
C:\Windows\System32\Tasks\vTTqXYNrbiacuyp => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\vTTqXYNrbiacuyp" => Key deleted successfully.
C:\Users\MC-Necro\AppData\Roaming\7eTwD7u => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{281FEDF8-E9B3-4E17-A770-1F07BFCBA58B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{281FEDF8-E9B3-4E17-A770-1F07BFCBA58B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster Scan" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{63B44105-BC0A-4115-B4D3-63C7EBBC364C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{63B44105-BC0A-4115-B4D3-63C7EBBC364C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster Update" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{EB1F3EBE-0784-4E32-89CE-1E828DBF5E88}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EB1F3EBE-0784-4E32-89CE-1E828DBF5E88}" => Key deleted successfully.
C:\Windows\System32\Tasks\uUQqUdnfXquU7Cu => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\uUQqUdnfXquU7Cu" => Key deleted successfully.
C:\Users\MC-Necro\AppData\Roaming\lz5X1XA => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EC75BAE2-2EDF-4E74-96F1-390BAC79E6EE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EC75BAE2-2EDF-4E74-96F1-390BAC79E6EE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster SkipUAC (MC-Necro)" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EC9DAD29-33FE-4E22-858E-AE28C6EF66C9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EC9DAD29-33FE-4E22-858E-AE28C6EF66C9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Optimize Start Menu Cache Files-S-1-5-21-3114231556-3272972307-1787784662-1001" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F53111B1-3A68-4028-BCBC-A28B86269BD8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F53111B1-3A68-4028-BCBC-A28B86269BD8}" => Key deleted successfully.
C:\Windows\System32\Tasks\OpBYzDpilE2DECl => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OpBYzDpilE2DECl" => Key deleted successfully.
C:\Users\MC-Necro\AppData\Roaming\oVy5zhI => Moved successfully.
C:\ProgramData\DP45977C.lfl => Moved successfully.
C:\Users\MC-Necro\AppData\Roaming\XRNF => Moved successfully.
C:\Users\MC-Necro\AppData\Roaming\DNDQ => Moved successfully.
C:\Users\MC-Necro\AppData\Roaming\CZWL => Moved successfully.
C:\ProgramData\atjs => Moved successfully.
C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7 => Moved successfully.
C:\Users\MC-Necro\AppData\Roaming\03D40274-1426448862-05BB-1406-590700080009 => Moved successfully.
C:\Users\MC-Necro\Downloads\SpyHunter4.exe => Moved successfully.
EmptyTemp: => Removed 252.4 MB temporary data.


The system needed a reboot. 

==== End of Fixlog 17:02:51 ====
         


Alt 16.03.2015, 16:11   #6
M-K-D-B
/// TB-Ausbilder
 
Adware reste OTL LOG auswerten - Standard

Adware reste OTL LOG auswerten



Zitat:
Zitat von Necromorph Beitrag anzeigen
Bei Schritt 2 habe ich ein problem unzwar wenn ich einen zip ordner erstellen möchte sagt windows mir das ich 'Datei nicht gefunden oder keine Leseberechtigung die zip datei wird erstellt aber wenn ich auf ok klicke geht er wieder weg
Kopiere den ganzen Quarantäne-Ordner von FRST auf den Desktop und versuche es von dort.

Ich hab gesehen, dass du den FRST-Fix vom Laufwerk D:\ und nicht vom Desktop ausgeführt hast...
__________________
--> Adware reste OTL LOG auswerten

Alt 16.03.2015, 16:11   #7
Necromorph
 
Adware reste OTL LOG auswerten - Standard

Adware reste OTL LOG auswerten



Bei Schritt 2 habe ich ein problem unzwar wenn ich einen zip ordner erstellen möchte sagt windows mir das ich 'Datei nicht gefunden oder keine Leseberechtigung die zip datei wird erstellt aber wenn ich auf ok klicke geht er wieder weg würde auch eine rar datei gehen ?

Alt 16.03.2015, 16:12   #8
M-K-D-B
/// TB-Ausbilder
 
Adware reste OTL LOG auswerten - Standard

Adware reste OTL LOG auswerten



Zitat:
Zitat von Necromorph Beitrag anzeigen
Bei Schritt 2 habe ich ein problem unzwar wenn ich einen zip ordner erstellen möchte sagt windows mir das ich 'Datei nicht gefunden oder keine Leseberechtigung die zip datei wird erstellt aber wenn ich auf ok klicke geht er wieder weg würde auch eine rar datei gehen ?
Kopiere den ganzen Quarantäne-Ordner von FRST auf den Desktop und versuche es von dort.

Ich hab gesehen, dass du den FRST-Fix vom Laufwerk D:\ und nicht vom Desktop ausgeführt hast...

Alt 16.03.2015, 16:14   #9
Necromorph
 
Adware reste OTL LOG auswerten - Standard

Adware reste OTL LOG auswerten



Hat auch nicht funktioniert

Alt 16.03.2015, 16:16   #10
M-K-D-B
/// TB-Ausbilder
 
Adware reste OTL LOG auswerten - Standard

Adware reste OTL LOG auswerten



Zitat:
Zitat von Necromorph Beitrag anzeigen
Hat auch nicht funktioniert
Du machst schon einen Rechtsklick auf den Ordner und wählst "Senden an" -> zip komprimierter Ordner?

Versuch es mal mit einer .rar-Datei.

Alt 16.03.2015, 16:19   #11
Necromorph
 
Adware reste OTL LOG auswerten - Standard

Adware reste OTL LOG auswerten



Da kommt das


C:\Users\MC-Necro\Desktop\Quarantine.rar: Konnte C:\Users\MC-Necro\Desktop\Quarantine\C\Windows\System32\Tasks\OpBYzDpilE2DECl.xBAD nicht öffnen.
! Zugriff verweigert
C:\Users\MC-Necro\Desktop\Quarantine.rar: Konnte C:\Users\MC-Necro\Desktop\Quarantine\C\Windows\System32\Tasks\uUQqUdnfXquU7Cu.xBAD nicht öffnen.
! Zugriff verweigert
C:\Users\MC-Necro\Desktop\Quarantine.rar: Konnte C:\Users\MC-Necro\Desktop\Quarantine\C\Windows\System32\Tasks\vTTqXYNrbiacuyp.xBAD nicht öffnen.
! Zugriff verweigert

Aber das Archiv ist da

Alt 16.03.2015, 16:23   #12
M-K-D-B
/// TB-Ausbilder
 
Adware reste OTL LOG auswerten - Standard

Adware reste OTL LOG auswerten



Servus,


ok, lade mal hoch, was an Archiv da ist. Ich guck mir das dann an.


Dann weiter mit dem FRST-Kontrollscan:
  • Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
  • FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.

Alt 16.03.2015, 16:23   #13
Necromorph
 
Adware reste OTL LOG auswerten - Standard

Adware reste OTL LOG auswerten



Da kommt das aber das Archiv ist da

C:\Users\MC-Necro\Desktop\Quarantine.rar: Konnte C:\Users\MC-Necro\Desktop\Quarantine\C\Windows\System32\Tasks\OpBYzDpilE2DECl.xBAD nicht öffnen.
! Zugriff verweigert
C:\Users\MC-Necro\Desktop\Quarantine.rar: Konnte C:\Users\MC-Necro\Desktop\Quarantine\C\Windows\System32\Tasks\uUQqUdnfXquU7Cu.xBAD nicht öffnen.
! Zugriff verweigert
C:\Users\MC-Necro\Desktop\Quarantine.rar: Konnte C:\Users\MC-Necro\Desktop\Quarantine\C\Windows\System32\Tasks\vTTqXYNrbiacuyp.xBAD nicht öffnen.
! Zugriff verweigert

Alt 16.03.2015, 16:24   #14
M-K-D-B
/// TB-Ausbilder
 
Adware reste OTL LOG auswerten - Standard

Adware reste OTL LOG auswerten



Zitat:
Zitat von Necromorph Beitrag anzeigen
Da kommt das aber das Archiv ist da

C:\Users\MC-Necro\Desktop\Quarantine.rar: Konnte C:\Users\MC-Necro\Desktop\Quarantine\C\Windows\System32\Tasks\OpBYzDpilE2DECl.xBAD nicht öffnen.
! Zugriff verweigert
C:\Users\MC-Necro\Desktop\Quarantine.rar: Konnte C:\Users\MC-Necro\Desktop\Quarantine\C\Windows\System32\Tasks\uUQqUdnfXquU7Cu.xBAD nicht öffnen.
! Zugriff verweigert
C:\Users\MC-Necro\Desktop\Quarantine.rar: Konnte C:\Users\MC-Necro\Desktop\Quarantine\C\Windows\System32\Tasks\vTTqXYNrbiacuyp.xBAD nicht öffnen.
! Zugriff verweigert
Servus,


ok, lade mal hoch, was an Archiv da ist. Ich guck mir das dann an.


Dann weiter mit dem FRST-Kontrollscan:
  • Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
  • FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.

Alt 16.03.2015, 16:32   #15
Necromorph
 
Adware reste OTL LOG auswerten - Standard

Adware reste OTL LOG auswerten



Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by MC-Necro at 2015-03-16 17:02:50 Run:1
Running from D:\
Loaded Profiles: MC-Necro (Available profiles: MC-Necro)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CloseProcesses:
Task: {13EBD2DA-AB6A-4748-BEA1-1A16C286D536} - \Driver Booster Startup No Task File <==== ATTENTION
Task: {27048078-ECBC-4121-B0E3-58D09D8965BB} - System32\Tasks\vTTqXYNrbiacuyp => C:\Users\MC-Necro\AppData\Roaming\7eTwD7u\uF47zLL.exe
C:\Users\MC-Necro\AppData\Roaming\7eTwD7u
Task: {281FEDF8-E9B3-4E17-A770-1F07BFCBA58B} - \Driver Booster Scan No Task File <==== ATTENTION
Task: {63B44105-BC0A-4115-B4D3-63C7EBBC364C} - \Driver Booster Update No Task File <==== ATTENTION
Task: {EB1F3EBE-0784-4E32-89CE-1E828DBF5E88} - System32\Tasks\uUQqUdnfXquU7Cu => C:\Users\MC-Necro\AppData\Roaming\lz5X1XA\lPnXGIY.exe [2015-03-15] ( )
C:\Users\MC-Necro\AppData\Roaming\lz5X1XA
Task: {EC75BAE2-2EDF-4E74-96F1-390BAC79E6EE} - \Driver Booster SkipUAC (MC-Necro) No Task File <==== ATTENTION
Task: {EC9DAD29-33FE-4E22-858E-AE28C6EF66C9} - \Optimize Start Menu Cache Files-S-1-5-21-3114231556-3272972307-1787784662-1001 No Task File <==== ATTENTION
Task: {F53111B1-3A68-4028-BCBC-A28B86269BD8} - System32\Tasks\OpBYzDpilE2DECl => C:\Users\MC-Necro\AppData\Roaming\oVy5zhI\v8YTFf5.exe
C:\Users\MC-Necro\AppData\Roaming\oVy5zhI
C:\ProgramData\DP45977C.lfl
C:\Users\MC-Necro\AppData\Roaming\XRNF
C:\Users\MC-Necro\AppData\Roaming\DNDQ
C:\Users\MC-Necro\AppData\Roaming\CZWL
C:\ProgramData\atjs
C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
C:\Users\MC-Necro\AppData\Roaming\03D40274-1426448862-05BB-1406-590700080009
C:\Users\MC-Necro\Downloads\SpyHunter4.exe
EmptyTemp:
end
*****************

Processes closed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{13EBD2DA-AB6A-4748-BEA1-1A16C286D536}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{13EBD2DA-AB6A-4748-BEA1-1A16C286D536}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster Startup" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{27048078-ECBC-4121-B0E3-58D09D8965BB}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{27048078-ECBC-4121-B0E3-58D09D8965BB}" => Key deleted successfully.
C:\Windows\System32\Tasks\vTTqXYNrbiacuyp => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\vTTqXYNrbiacuyp" => Key deleted successfully.
C:\Users\MC-Necro\AppData\Roaming\7eTwD7u => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{281FEDF8-E9B3-4E17-A770-1F07BFCBA58B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{281FEDF8-E9B3-4E17-A770-1F07BFCBA58B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster Scan" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{63B44105-BC0A-4115-B4D3-63C7EBBC364C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{63B44105-BC0A-4115-B4D3-63C7EBBC364C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster Update" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{EB1F3EBE-0784-4E32-89CE-1E828DBF5E88}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EB1F3EBE-0784-4E32-89CE-1E828DBF5E88}" => Key deleted successfully.
C:\Windows\System32\Tasks\uUQqUdnfXquU7Cu => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\uUQqUdnfXquU7Cu" => Key deleted successfully.
C:\Users\MC-Necro\AppData\Roaming\lz5X1XA => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EC75BAE2-2EDF-4E74-96F1-390BAC79E6EE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EC75BAE2-2EDF-4E74-96F1-390BAC79E6EE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster SkipUAC (MC-Necro)" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EC9DAD29-33FE-4E22-858E-AE28C6EF66C9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EC9DAD29-33FE-4E22-858E-AE28C6EF66C9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Optimize Start Menu Cache Files-S-1-5-21-3114231556-3272972307-1787784662-1001" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F53111B1-3A68-4028-BCBC-A28B86269BD8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F53111B1-3A68-4028-BCBC-A28B86269BD8}" => Key deleted successfully.
C:\Windows\System32\Tasks\OpBYzDpilE2DECl => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OpBYzDpilE2DECl" => Key deleted successfully.
C:\Users\MC-Necro\AppData\Roaming\oVy5zhI => Moved successfully.
C:\ProgramData\DP45977C.lfl => Moved successfully.
C:\Users\MC-Necro\AppData\Roaming\XRNF => Moved successfully.
C:\Users\MC-Necro\AppData\Roaming\DNDQ => Moved successfully.
C:\Users\MC-Necro\AppData\Roaming\CZWL => Moved successfully.
C:\ProgramData\atjs => Moved successfully.
C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7 => Moved successfully.
C:\Users\MC-Necro\AppData\Roaming\03D40274-1426448862-05BB-1406-590700080009 => Moved successfully.
C:\Users\MC-Necro\Downloads\SpyHunter4.exe => Moved successfully.
EmptyTemp: => Removed 252.4 MB temporary data.


The system needed a reboot. 

==== End of Fixlog 17:02:51 ====
         

Der upload der Quarantäne Rar datei ist erfolgreich gewesen


FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by MC-Necro (administrator) on NECRO on 16-03-2015 17:28:28
Running from C:\Users\MC-Necro\Desktop
Loaded Profiles: MC-Necro (Available profiles: MC-Necro)
Platform: Windows 8.1 Pro (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe
(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8_64.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(AVG Technologies) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(AVG Technologies) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Samsung Electronics.) C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7660760 2015-01-09] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2014-04-11] (Intel Corporation)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5595336 2014-10-01] (ESET)
HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2013-04-09] (Pixart Imaging Inc)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [843480 2014-10-08] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-02-10] (Oracle Corporation)
HKU\S-1-5-21-3114231556-3272972307-1787784662-1004\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [5583120 2015-02-26] (Disc Soft Ltd)
HKU\S-1-5-21-3114231556-3272972307-1787784662-1004\...\MountPoints2: {789ce035-c4aa-11e4-82cc-74d435bb1459} - "G:\Setup.exe" 
IFEO\AcroRd32.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\bf4.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\bf4_x86.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\bfh.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\crysis3.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\dtlite.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\origin.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\originer.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\tm server.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\ulaunchtmt6.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\utotalmediatheatre6.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TotalMedia Server.lnk
ShortcutTarget: TotalMedia Server.lnk -> C:\Program Files (x86)\ArcSoft\TotalMedia Theatre 6\TotalMedia Server\TM Server.exe (ArcSoft Inc.)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-3114231556-3272972307-1787784662-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
HKU\S-1-5-21-3114231556-3272972307-1787784662-1004\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/?gfe_rd=cr&ei=q_cFVfHuJMuK-Qa2qIGIBw&gws_rd=ssl
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-23] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-23] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-12] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-12] (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 83.169.185.161 83.169.185.225
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2014-12-03] (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-23] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-23] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1216156.dll [2015-01-09] (Adobe Systems, Inc.)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2014-12-03] (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-12] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-12] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)

Chrome: 
=======
CHR HomePage: Profile 2 -> hxxp://www.google.de/
CHR StartupUrls: Profile 2 -> "hxxp://www.youtube.com/?gl=DE&hl=de"
CHR Profile: C:\Users\MC-Necro\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\MC-Necro\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-15]
CHR Extension: (Google Docs) - C:\Users\MC-Necro\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-15]
CHR Extension: (Google Drive) - C:\Users\MC-Necro\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-15]
CHR Extension: (YouTube) - C:\Users\MC-Necro\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-15]
CHR Extension: (Google Search) - C:\Users\MC-Necro\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-15]
CHR Extension: (Google Sheets) - C:\Users\MC-Necro\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-15]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\MC-Necro\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-15]
CHR Extension: (Google Wallet) - C:\Users\MC-Necro\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-15]
CHR Extension: (Gmail) - C:\Users\MC-Necro\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-15]
CHR Profile: C:\Users\MC-Necro\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Extension: (Magic Actions for YouTube™) - C:\Users\MC-Necro\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2015-03-15]
CHR Extension: (Google Drive) - C:\Users\MC-Necro\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-15]
CHR Extension: (MEGA) - C:\Users\MC-Necro\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod [2015-03-15]
CHR Extension: (YouTube) - C:\Users\MC-Necro\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-15]
CHR Extension: (Video Download Helper) - C:\Users\MC-Necro\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\cfmncdagnglibjiglbmchedcmainibbh [2015-03-15]
CHR Extension: (Google Search) - C:\Users\MC-Necro\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-15]
CHR Extension: (Click&Clean) - C:\Users\MC-Necro\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghgabhipcejejjmhhchfonmamedcbeod [2015-03-15]
CHR Extension: (WEB.DE MailCheck) - C:\Users\MC-Necro\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\jaogepninmlbinccpbiakcgiolijlllo [2015-03-15]
CHR Extension: (Downloads) - C:\Users\MC-Necro\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\jfchnphgogjhineanplmfkofljiagjfb [2015-03-15]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\MC-Necro\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-15]
CHR Extension: (Google Wallet) - C:\Users\MC-Necro\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-15]
CHR Extension: (Adblock Pro) - C:\Users\MC-Necro\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ocifcklkibdehekfnmflempfgjhbedch [2015-03-15]
CHR Extension: (Gmail) - C:\Users\MC-Necro\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-15]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 ADExchange; C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [44736 2014-03-11] (ArcSoft, Inc.)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [409304 2014-10-08] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [388824 2014-10-08] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [782040 2014-10-08] (BlueStack Systems, Inc.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
S4 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1272592 2015-02-26] (Disc Soft Ltd)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1349576 2014-10-01] (ESET)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-04-11] (Intel Corporation)
S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [329104 2014-10-03] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-03-20] (Intel Corporation)
S4 Launch TotalMedia Theatre 6 Driver; C:\Program Files (x86)\ArcSoft\TotalMedia Theatre 6\TMTLaunchDriverServer.exe [608256 2014-03-04] (ArcSoft, Inc.) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S4 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1930608 2015-03-12] (Electronic Arts)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2015-01-12] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2015-02-06] ()
S4 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [966336 2014-10-10] (@ByELDI) [File not signed]
R2 Start8; C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe [143288 2014-06-19] (Stardock Software, Inc)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2604856 2015-02-25] (AVG Technologies)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R1 ArcCtrl; C:\Windows\System32\drivers\ArcCtrl.sys [3315392 2013-11-20] ()
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2015-01-09] (Advanced Micro Devices)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-10-08] (BlueStack Systems)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30352 2015-03-07] (Disc Soft Ltd)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [243440 2014-09-22] (ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [241368 2014-09-22] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [169280 2014-09-22] (ESET)
R2 epfw; C:\Windows\system32\DRIVERS\epfw.sys [222280 2014-09-22] (ESET)
R1 EpfwLWF; C:\Windows\system32\DRIVERS\EpfwLWF.sys [44632 2014-09-22] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [63160 2014-09-22] (ESET)
S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45112 2014-12-13] (LogMeIn Inc.)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-01-09] (REALiX(tm))
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-16] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2015-01-30] (Intel Corporation)
S3 RecFltr; C:\Windows\system32\drivers\RecFltr.sys [45440 2007-01-18] ()
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [14112 2015-01-13] (TuneUp Software)
R3 t_mouse.sys; C:\Windows\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] ()
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [71680 2014-04-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
S3 atillk64; \??\D:\ati_winflash_2.6.7\atillk64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-16 17:18 - 2015-03-16 17:21 - 00670906 _____ () C:\Users\MC-Necro\Desktop\Quarantine.rar
2015-03-16 16:32 - 2015-03-16 17:28 - 00020185 _____ () C:\Users\MC-Necro\Desktop\FRST.txt
2015-03-16 16:32 - 2015-03-16 16:30 - 02095616 _____ (Farbar) C:\Users\MC-Necro\Desktop\FRST64.exe
2015-03-16 16:30 - 2015-03-16 17:28 - 00000000 ____D () C:\FRST
2015-03-16 16:30 - 2015-03-16 17:02 - 00000000 ____D () C:\Users\MC-Necro\Desktop\Quarantine
2015-03-16 15:56 - 2015-03-16 15:59 - 00000000 ____D () C:\AdwCleaner
2015-03-16 15:54 - 2015-03-16 16:01 - 00007393 _____ () C:\Users\MC-Necro\Desktop\hijackthis.log
2015-03-16 15:16 - 2015-03-16 17:03 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-16 15:16 - 2015-03-16 15:16 - 00001134 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-03-16 15:16 - 2015-03-16 15:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-03-16 15:16 - 2015-03-16 15:16 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-16 15:16 - 2015-03-16 15:16 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-03-16 15:16 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-16 15:16 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-16 15:16 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-16 15:11 - 2015-03-16 15:21 - 00000790 _____ () C:\Windows\PFRO.log
2015-03-15 23:21 - 2015-03-16 17:03 - 00000696 _____ () C:\Windows\setupact.log
2015-03-15 23:21 - 2015-03-15 23:21 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-15 23:10 - 2015-03-15 23:10 - 00002249 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2015.lnk
2015-03-15 23:10 - 2015-03-15 23:10 - 00000000 ____D () C:\Program Files\Windows Sidebar
2015-03-15 23:10 - 2015-03-15 23:10 - 00000000 ____D () C:\Program Files (x86)\Windows Sidebar
2015-03-15 23:10 - 2015-03-15 23:10 - 00000000 ____D () C:\Program Files (x86)\AVG
2015-03-15 23:10 - 2015-02-25 09:25 - 00041784 _____ (AVG Technologies) C:\Windows\system32\TURegOpt.exe
2015-03-15 23:10 - 2015-02-25 09:24 - 00030520 _____ (AVG Technologies) C:\Windows\system32\authuitu.dll
2015-03-15 23:10 - 2015-02-25 09:24 - 00025912 _____ (AVG Technologies) C:\Windows\SysWOW64\authuitu.dll
2015-03-15 22:25 - 2015-03-15 22:25 - 00000000 ____D () C:\Windows\system32\appmgmt
2015-03-15 21:44 - 2015-03-15 21:44 - 00000000 _____ () C:\autoexec.bat
2015-03-15 21:43 - 2015-03-15 22:10 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2015-03-15 21:40 - 2015-03-15 21:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-03-15 20:45 - 2015-03-15 20:45 - 00000080 _____ () C:\Users\MC-Necro\AppData\Local\recently-fix.db
2015-03-12 19:35 - 2015-03-12 19:35 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-03-12 19:34 - 2015-03-12 19:34 - 00000000 ____D () C:\Program Files (x86)\Java
2015-03-11 13:01 - 2015-03-11 13:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CHIP Updater
2015-03-11 12:54 - 2015-03-06 03:53 - 00430080 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-11 12:54 - 2015-03-06 03:33 - 00358912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-11 12:54 - 2015-02-26 00:26 - 04178944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-11 12:54 - 2015-02-20 04:03 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-11 12:54 - 2015-02-20 03:58 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-11 12:54 - 2015-02-20 03:20 - 00301056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-11 12:54 - 2015-02-20 03:15 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-11 12:54 - 2015-02-07 00:09 - 00396419 _____ () C:\Windows\system32\ApnDatabase.xml
2015-03-11 12:54 - 2015-02-06 02:28 - 02257408 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-03-11 12:54 - 2015-02-06 02:08 - 01943040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-03-11 12:54 - 2015-02-05 21:24 - 01113920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-03-11 12:54 - 2015-02-04 00:58 - 00264000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2015-03-11 12:54 - 2015-02-04 00:58 - 00114496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys
2015-03-11 12:54 - 2015-02-04 00:58 - 00044024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2015-03-11 12:54 - 2015-02-03 01:03 - 03551744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll
2015-03-11 12:54 - 2015-02-03 01:02 - 04298240 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll
2015-03-11 12:54 - 2015-02-03 00:53 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\winshfhc.dll
2015-03-11 12:54 - 2015-02-03 00:53 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winshfhc.dll
2015-03-11 12:54 - 2015-01-31 00:42 - 03097600 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2015-03-11 12:54 - 2015-01-31 00:29 - 02484224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2015-03-11 12:54 - 2015-01-31 00:20 - 00203264 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-11 12:54 - 2015-01-30 04:01 - 00097792 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\hidbth.sys
2015-03-11 12:54 - 2015-01-30 03:03 - 01488896 _____ (Microsoft Corporation) C:\Windows\system32\mfc42u.dll
2015-03-11 12:54 - 2015-01-30 03:03 - 01464832 _____ (Microsoft Corporation) C:\Windows\system32\mfc42.dll
2015-03-11 12:54 - 2015-01-30 03:02 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\eappgnui.dll
2015-03-11 12:54 - 2015-01-30 02:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42u.dll
2015-03-11 12:54 - 2015-01-30 02:42 - 01204224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42.dll
2015-03-11 12:54 - 2015-01-30 02:40 - 00091648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappgnui.dll
2015-03-11 12:54 - 2015-01-30 02:37 - 00331776 _____ (Microsoft Corporation) C:\Windows\system32\eapp3hst.dll
2015-03-11 12:54 - 2015-01-30 02:29 - 00035840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\atlthunk.dll
2015-03-11 12:54 - 2015-01-30 02:24 - 00339456 _____ (Microsoft Corporation) C:\Windows\system32\eapphost.dll
2015-03-11 12:54 - 2015-01-30 02:24 - 00250880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapp3hst.dll
2015-03-11 12:54 - 2015-01-30 02:16 - 00266752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapphost.dll
2015-03-11 12:54 - 2015-01-30 02:08 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\eappcfg.dll
2015-03-11 12:54 - 2015-01-30 02:06 - 00278016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappcfg.dll
2015-03-11 12:54 - 2015-01-29 02:58 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\photowiz.dll
2015-03-11 12:54 - 2015-01-29 02:29 - 00290816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\photowiz.dll
2015-03-11 12:54 - 2015-01-29 02:11 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-03-11 12:54 - 2015-01-29 02:04 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2015-03-11 12:54 - 2015-01-29 02:04 - 00864256 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2015-03-11 12:54 - 2015-01-29 02:00 - 00210944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-03-11 12:54 - 2015-01-29 01:59 - 02773504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-03-11 12:54 - 2015-01-29 01:55 - 00971776 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2015-03-11 12:54 - 2015-01-29 01:50 - 00811008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2015-03-11 12:54 - 2015-01-29 01:49 - 02459136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-03-11 12:54 - 2015-01-28 16:41 - 07472960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-11 12:54 - 2015-01-28 16:41 - 01733440 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-03-11 12:54 - 2015-01-28 16:41 - 01498360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-03-11 12:54 - 2015-01-28 03:24 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\StorageContextHandler.dll
2015-03-11 12:54 - 2015-01-28 02:47 - 00060928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StorageContextHandler.dll
2015-03-11 12:54 - 2015-01-27 05:22 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-03-11 12:54 - 2015-01-27 04:44 - 00933888 _____ (Microsoft Corporation) C:\Windows\system32\calc.exe
2015-03-11 12:54 - 2015-01-27 03:11 - 03547648 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-03-11 12:54 - 2015-01-24 02:51 - 00816128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\calc.exe
2015-03-11 12:54 - 2015-01-23 08:17 - 00723072 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2015-03-11 12:54 - 2015-01-23 06:02 - 00560392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2015-03-11 12:53 - 2015-02-21 02:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-11 12:53 - 2015-02-21 01:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-11 12:53 - 2015-02-21 01:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-11 12:53 - 2015-02-21 01:27 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-03-11 12:53 - 2015-02-21 01:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-11 12:53 - 2015-02-21 00:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-11 12:53 - 2015-02-21 00:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-11 12:53 - 2015-02-20 03:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-11 12:53 - 2015-02-20 03:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-11 12:53 - 2015-02-20 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-11 12:53 - 2015-02-20 03:35 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-03-11 12:53 - 2015-02-20 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-11 12:53 - 2015-02-20 03:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-11 12:53 - 2015-02-20 03:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-11 12:53 - 2015-02-20 03:07 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-03-11 12:53 - 2015-02-20 03:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-11 12:53 - 2015-02-20 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-11 12:53 - 2015-02-20 03:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-11 12:53 - 2015-02-20 02:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-03-11 12:53 - 2015-02-20 02:56 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-03-11 12:53 - 2015-02-20 02:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-03-11 12:53 - 2015-02-20 02:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-11 12:53 - 2015-02-20 02:49 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-11 12:53 - 2015-02-20 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-11 12:53 - 2015-02-20 02:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-11 12:53 - 2015-02-20 02:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-11 12:53 - 2015-02-20 02:30 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-03-11 12:53 - 2015-02-20 02:29 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-03-11 12:53 - 2015-02-20 02:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-11 12:53 - 2015-02-20 02:26 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-03-11 12:53 - 2015-02-20 02:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-11 12:53 - 2015-02-20 02:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-11 12:53 - 2015-02-20 02:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-11 12:53 - 2015-02-20 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-11 12:53 - 2015-02-20 02:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-11 12:53 - 2015-02-20 01:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-11 12:53 - 2015-02-20 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-11 12:53 - 2015-02-12 18:40 - 22291584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-11 12:53 - 2015-02-12 18:34 - 19731824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-11 12:53 - 2015-02-08 00:57 - 01090048 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2015-03-11 12:53 - 2015-02-08 00:49 - 00791040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll
2015-03-11 12:53 - 2015-01-29 19:45 - 01763352 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-11 12:53 - 2015-01-29 19:34 - 01488040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-11 12:53 - 2015-01-28 02:31 - 00402432 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-11 12:53 - 2015-01-28 02:11 - 00357376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-11 12:53 - 2015-01-28 00:47 - 02501368 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2015-03-11 12:53 - 2015-01-28 00:41 - 02207488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2015-03-11 12:53 - 2015-01-21 06:54 - 01384712 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-11 12:53 - 2015-01-21 06:15 - 01123848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-11 12:53 - 2014-12-11 06:36 - 00046456 _____ (Microsoft Corporation) C:\Windows\system32\LockScreenContentServer.exe
2015-03-09 16:33 - 2015-03-09 16:33 - 00000000 ____D () C:\Program Files (x86)\Lame For Audacity
2015-03-09 16:25 - 2015-03-14 21:16 - 00000000 ____D () C:\Users\MC-Necro\AppData\Roaming\Audacity
2015-03-09 16:25 - 2015-03-09 16:25 - 00001051 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2015-03-09 16:25 - 2015-03-09 16:25 - 00000000 ____D () C:\Program Files (x86)\Audacity
2015-03-09 13:56 - 2015-03-09 13:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Medieval Software
2015-03-09 13:56 - 2015-03-09 13:56 - 00000000 ____D () C:\Program Files (x86)\Medieval Software
2015-03-08 18:18 - 2015-03-14 21:00 - 00000000 ____D () C:\Users\MC-Necro\AppData\Roaming\DVDVideoSoft
2015-03-08 12:00 - 2015-03-13 12:57 - 00338160 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-07 11:50 - 2015-03-07 11:50 - 00000000 ____D () C:\Users\MC-Necro\Documents\My Games
2015-03-07 11:50 - 2015-03-07 11:50 - 00000000 ____D () C:\ProgramData\Steam
2015-03-07 11:47 - 2015-03-07 11:47 - 00001508 _____ () C:\Users\MC-Necro\Desktop\BioShock Infinite.lnk
2015-03-07 11:47 - 2015-03-07 11:47 - 00000000 ____D () C:\Users\MC-Necro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Black_Box
2015-03-07 11:25 - 2015-03-07 11:49 - 00000000 ____D () C:\Program Files (x86)\BioShock Infinite
2015-03-07 10:39 - 2015-03-15 22:23 - 00000000 ____D () C:\Users\MC-Necro\AppData\Roaming\vlc
2015-03-07 10:32 - 2015-03-07 10:32 - 00030352 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtlitescsibus.sys
2015-03-07 10:32 - 2015-03-07 10:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2015-03-07 10:32 - 2015-03-07 10:32 - 00000000 ____D () C:\Program Files\DAEMON Tools Lite
2015-03-07 10:29 - 2015-03-07 10:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-03-04 21:44 - 2015-03-04 21:44 - 00000000 ____D () C:\Users\MC-Necro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirusTotal Uploader 2.2
2015-03-04 21:44 - 2015-03-04 21:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VirusTotal Uploader 2.2
2015-03-04 21:44 - 2015-03-04 21:44 - 00000000 ____D () C:\Program Files (x86)\VirusTotalUploader2
2015-02-28 17:23 - 2015-02-28 17:23 - 00000000 ____D () C:\Users\MC-Necro\AppData\Local\Stardock_Corporation
2015-02-28 16:45 - 2015-03-01 17:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stardock
2015-02-28 16:45 - 2015-03-01 17:54 - 00000000 ____D () C:\Program Files (x86)\Stardock
2015-02-28 16:45 - 2015-02-28 16:45 - 00000000 ____D () C:\Users\Public\Documents\Stardock
2015-02-28 16:45 - 2015-02-28 16:45 - 00000000 ____D () C:\Users\MC-Necro\AppData\Local\Stardock
2015-02-28 16:22 - 2015-02-28 16:54 - 00000000 ____D () C:\ProgramData\Stardock
2015-02-28 15:55 - 2015-02-28 15:55 - 00000119 _____ () C:\Users\MC-Necro\AppData\Roaming\System Monitor II_UptimeRecord.ini
2015-02-28 15:49 - 2015-02-28 15:52 - 00000000 ____D () C:\Users\MC-Necro\AppData\Roaming\App Launcher Gadget
2015-02-28 15:46 - 2015-02-28 15:48 - 00000000 ____D () C:\Users\MC-Necro\AppData\Local\Clipboarder
2015-02-28 14:17 - 2015-02-28 14:17 - 00000460 __RSH () C:\ProgramData\ntuser.pol
2015-02-28 13:10 - 2015-02-28 13:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft TotalMedia Theatre 6
2015-02-28 13:10 - 2013-11-20 09:57 - 03315392 _____ () C:\Windows\system32\Drivers\ArcCtrl.sys
2015-02-28 13:10 - 2013-09-14 14:54 - 00009883 _____ () C:\Windows\system32\Drivers\win81_64logo.cat
2015-02-28 13:10 - 2012-06-11 18:42 - 00080488 _____ (ArcSoft Inc.) C:\Windows\system32\MMCEDT6.exe
2015-02-28 13:09 - 2015-02-28 13:09 - 00000000 ____D () C:\Program Files (x86)\ArcSoft
2015-02-27 19:39 - 2015-02-27 19:39 - 00000000 ____D () C:\Users\MC-Necro\AppData\Roaming\XMedia Recode
2015-02-27 19:05 - 2015-02-27 21:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2015-02-27 19:05 - 2015-02-27 21:22 - 00000000 ____D () C:\Program Files\CPUID
2015-02-27 18:42 - 2015-02-27 18:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XMedia Recode
2015-02-27 18:42 - 2015-02-27 18:42 - 00000000 ____D () C:\Program Files (x86)\XMedia Recode
2015-02-25 15:14 - 2014-12-13 22:28 - 00513488 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-25 15:14 - 2014-12-13 22:28 - 00513488 _____ () C:\Windows\system32\locale.nls
2015-02-21 20:44 - 2015-02-21 20:44 - 00000000 ____D () C:\Users\MC-Necro\AppData\Roaming\FreeAudioPack
2015-02-21 20:44 - 2015-02-21 20:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Audio Pack
2015-02-21 20:44 - 2015-02-21 20:44 - 00000000 ____D () C:\Program Files (x86)\Free mp3 Wma Converter
2015-02-21 20:44 - 2011-09-29 14:20 - 02084864 _____ (NCT Company Ltd.) C:\Windows\SysWOW64\AudDesign.dll
2015-02-21 20:44 - 2011-09-29 14:20 - 01986560 _____ (NCT Company Ltd.) C:\Windows\SysWOW64\AudFile.dll
2015-02-21 20:44 - 2011-09-29 14:20 - 01212416 _____ (NCT Company Ltd.) C:\Windows\SysWOW64\AudioInfos.dll
2015-02-21 20:44 - 2011-09-29 14:20 - 00484352 _____ () C:\Windows\SysWOW64\lame_enc.dll
2015-02-21 20:44 - 2011-09-29 14:20 - 00479232 _____ (NCT Company Ltd.) C:\Windows\SysWOW64\AudioVisu.dll
2015-02-21 20:44 - 2011-09-29 14:20 - 00458752 _____ (NCT Company Ltd.) C:\Windows\SysWOW64\AudPlayer.dll
2015-02-21 20:44 - 2011-09-29 14:20 - 00454656 _____ (NCT Company Ltd.) C:\Windows\SysWOW64\AudioRecord.dll
2015-02-21 20:44 - 2011-09-29 14:20 - 00417792 _____ (NCT Company Ltd.) C:\Windows\SysWOW64\AudDisplay.dll
2015-02-21 20:44 - 2011-09-29 14:20 - 00348160 _____ (NCT Company Ltd.) C:\Windows\SysWOW64\WMAFile.dll
2015-02-21 20:44 - 2011-09-29 14:20 - 00307200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr70.dll
2015-02-21 20:44 - 2011-09-29 14:20 - 00164144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COMCT232.OCX
2015-02-21 20:44 - 2011-09-29 14:20 - 00116296 _____ () C:\Windows\SysWOW64\NCTWMAProfiles.prx
2015-02-21 20:44 - 2011-09-29 14:19 - 01081616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscomctl.ocx
2015-02-21 20:44 - 2011-09-29 14:19 - 01060864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFC71.dll
2015-02-21 20:44 - 2011-09-29 14:19 - 00662288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCT2.OCX
2015-02-21 20:44 - 2011-09-29 14:19 - 00348160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2015-02-21 20:44 - 2011-09-29 14:19 - 00224016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TABCTL32.OCX
2015-02-21 20:44 - 2011-09-29 14:19 - 00152848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COMDLG32.OCX
2015-02-21 20:44 - 2011-09-29 14:19 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCMCFR.DLL
2015-02-21 20:44 - 2011-09-29 14:19 - 00119568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VB6FR.DLL
2015-02-21 20:44 - 2011-09-29 14:19 - 00115920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msinet.OCX
2015-02-21 20:44 - 2011-09-29 14:19 - 00101888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VB6STKIT.DLL
2015-02-21 20:44 - 2011-09-29 14:19 - 00059904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Mscc2fr.dll
2015-02-21 20:44 - 2011-09-29 14:19 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CMDLGFR.DLL
2015-02-21 20:44 - 2011-09-29 14:19 - 00021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TABCTFR.DLL
2015-02-21 20:44 - 2011-09-29 14:19 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetfr.DLL
2015-02-21 10:38 - 2015-02-21 10:38 - 00000000 ____D () C:\Users\MC-Necro\AppData\Roaming\Rename Expert
2015-02-21 10:37 - 2015-02-21 10:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rename Expert
2015-02-21 10:37 - 2015-02-21 10:37 - 00000000 ____D () C:\Program Files (x86)\Rename Expert
2015-02-21 10:37 - 2013-10-24 11:23 - 06441984 _____ (Debenu Pty Ltd) C:\Windows\SysWOW64\DebenuPDFLibraryLite1011.dll
2015-02-14 21:22 - 2015-02-14 21:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-16 17:18 - 2015-01-09 18:02 - 00001130 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-16 17:12 - 2015-01-09 17:54 - 01521213 _____ () C:\Windows\WindowsUpdate.log
2015-03-16 17:08 - 2015-01-09 18:03 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3114231556-3272972307-1787784662-1004
2015-03-16 17:07 - 2014-03-18 11:04 - 01780340 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-16 17:07 - 2014-03-18 10:25 - 00765378 _____ () C:\Windows\system32\perfh007.dat
2015-03-16 17:07 - 2014-03-18 10:25 - 00159696 _____ () C:\Windows\system32\perfc007.dat
2015-03-16 17:05 - 2015-01-09 18:10 - 00006464 _____ () C:\Windows\SysWOW64\Gms.log
2015-03-16 17:03 - 2015-01-15 16:23 - 00731648 ___SH () C:\Users\MC-Necro\Desktop\Thumbs.db
2015-03-16 17:03 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-16 17:02 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2015-03-16 17:00 - 2015-01-09 18:46 - 00000000 ____D () C:\Users\MC-Necro\AppData\Roaming\Skype
2015-03-16 15:17 - 2015-01-09 17:57 - 00000000 ____D () C:\Users\MC-Necro\AppData\Local\VirtualStore
2015-03-15 23:17 - 2015-01-10 00:45 - 00003888 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-03-15 23:06 - 2015-01-09 17:55 - 00003366 _____ () C:\Windows\System32\Tasks\AutoPico Daily Restart
2015-03-15 22:27 - 2015-01-09 17:57 - 00001454 _____ () C:\Users\MC-Necro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-03-15 21:40 - 2015-01-09 18:02 - 00000000 ____D () C:\Program Files (x86)\Google
2015-03-15 21:17 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\Resources
2015-03-15 21:16 - 2015-01-09 18:43 - 00000000 ____D () C:\Program Files (x86)\AMD
2015-03-15 20:55 - 2013-08-22 14:25 - 00000194 _____ () C:\Windows\win.ini
2015-03-15 20:53 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-03-15 16:51 - 2015-01-09 20:34 - 00226680 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2015-03-15 16:51 - 2015-01-09 20:34 - 00214392 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2015-03-15 16:48 - 2015-01-08 20:08 - 00000000 ____D () C:\ProgramData\Origin
2015-03-14 21:00 - 2015-01-14 20:13 - 00000000 ____D () C:\Program Files (x86)\Free Codec Pack
2015-03-14 12:34 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache
2015-03-14 12:28 - 2015-01-09 16:16 - 00000000 ____D () C:\Users\MC-Necro\AppData\Local\JDownloader v2.0
2015-03-14 09:58 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-03-12 23:04 - 2013-08-22 16:36 - 00000000 ___RD () C:\Windows\ToastData
2015-03-12 23:04 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-12 23:04 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-12 23:04 - 2013-08-22 16:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-12 23:04 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\WinStore
2015-03-12 23:04 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-03-12 23:04 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Defender
2015-03-12 23:04 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-03-12 19:45 - 2015-01-08 20:08 - 00000000 ____D () C:\Program Files (x86)\Origin
2015-03-12 13:57 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-03-12 13:54 - 2014-11-12 11:13 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-12 13:53 - 2014-11-12 11:13 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-11 13:01 - 2015-01-09 19:38 - 00000000 ____D () C:\Windows\System32\Tasks\Abelssoft
2015-03-11 13:01 - 2015-01-09 19:38 - 00000000 ____D () C:\Program Files (x86)\CHIP Updater
2015-03-07 11:48 - 2015-01-09 18:27 - 00000000 ____D () C:\Windows\SysWOW64\directx
2015-03-07 11:24 - 2015-01-08 20:12 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2015-03-07 11:22 - 2015-01-09 18:37 - 00000000 ____D () C:\Users\MC-Necro\AppData\Roaming\DAEMON Tools Lite
2015-03-07 10:29 - 2015-01-09 18:55 - 00000000 ____D () C:\Program Files\VideoLAN
2015-03-05 10:43 - 2015-01-09 18:23 - 00000000 ____D () C:\ProgramData\ProductData
2015-03-04 22:24 - 2013-08-22 16:38 - 00792032 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-03-04 22:24 - 2013-08-22 16:38 - 00178144 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-28 14:21 - 2015-01-09 17:57 - 00000000 ____D () C:\Users\MC-Necro\AppData\Local\Packages
2015-02-28 14:16 - 2013-08-22 16:36 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-02-28 13:11 - 2015-01-09 19:06 - 00000000 ____D () C:\Users\MC-Necro\AppData\Roaming\ArcSoft
2015-02-28 13:10 - 2015-01-09 18:58 - 00000000 ____D () C:\ProgramData\ArcSoft
2015-02-28 13:10 - 2015-01-09 18:05 - 00000000 ____D () C:\Program Files (x86)\InstallShield Installation Information
2015-02-27 20:42 - 2015-02-13 17:12 - 00000000 ____D () C:\Users\MC-Necro\AppData\Roaming\dvdcss
2015-02-27 19:03 - 2015-01-09 12:48 - 00007597 _____ () C:\Users\MC-Necro\AppData\Local\Resmon.ResmonCfg
2015-02-15 15:52 - 2015-01-09 18:02 - 00000000 ____D () C:\Users\MC-Necro\AppData\Local\Google

==================== Files in the root of some directories =======

2015-02-28 15:55 - 2015-02-28 15:55 - 0000119 _____ () C:\Users\MC-Necro\AppData\Roaming\System Monitor II_UptimeRecord.ini
2015-02-13 16:40 - 2015-02-13 16:40 - 0197360 _____ () C:\Users\MC-Necro\AppData\Local\024F379A_stp.CIS
2015-02-13 16:40 - 2015-02-13 16:56 - 0000234 _____ () C:\Users\MC-Necro\AppData\Local\024F379A_stp.CIS.part
2015-02-13 16:40 - 2015-02-13 16:40 - 0118724 _____ () C:\Users\MC-Necro\AppData\Local\4C9D2FA9_stp.CIS
2015-02-13 16:40 - 2015-02-13 16:56 - 0000290 _____ () C:\Users\MC-Necro\AppData\Local\4C9D2FA9_stp.CIS.part
2015-03-15 20:45 - 2015-03-15 20:45 - 0000080 _____ () C:\Users\MC-Necro\AppData\Local\recently-fix.db
2015-01-09 12:48 - 2015-02-27 19:03 - 0007597 _____ () C:\Users\MC-Necro\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-09 18:35

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by MC-Necro at 2015-03-16 17:28:42
Running from C:\Users\MC-Necro\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET Smart Security 8.0 (Disabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Smart Security 8.0 (Disabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personal Firewall (Disabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.6.156 - Adobe Systems, Inc.)
AIDA64 Extreme v5.00 (HKLM-x32\...\AIDA64 Extreme_is1) (Version: 5.00 - FinalWire Ltd.)
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
ArcSoft TotalMedia Theatre 6 (HKLM-x32\...\InstallShield_{5232358C-7C23-4319-8271-E43F924196AC}) (Version: 6.7.1.199 - ArcSoft)
ArcSoft TotalMedia Theatre 6 (x32 Version: 6.7.1.199 - ArcSoft) Hidden
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
AVG PC TuneUp 2015 (de-DE) (x32 Version: 15.0.1001.403 - AVG Technologies) Hidden
AVG PC TuneUp 2015 (HKLM-x32\...\AVG PC TuneUp) (Version: 15.0.1001.403 - AVG Technologies)
AVG PC TuneUp 2015 (x32 Version: 15.0.1001.403 - AVG Technologies) Hidden
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.4.2.25648 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.0 - EA Digital Illusions CE AB)
BioShock Infinite (HKLM-x32\...\{2F82B501-6358-476E-A9AC-A6DABD2E52F9}) (Version: 6.0 - Black Box)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.9.4.4079 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{8DCCC556-265B-478A-8B32-C12DA988BA74}) (Version: 0.9.4.4079 - BlueStack Systems, Inc.)
CHIP Updater (HKLM-x32\...\CHIP Updater_is1) (Version: 2.40 - Abelssoft)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 5.0.1.0406 - Disc Soft Ltd)
Driver Booster 2.1 (HKLM-x32\...\Driver Booster_is1) (Version: 2.1 - IObit)
ESET Smart Security (HKLM\...\{75F06437-40F4-4A65-BC65-FC194D6B7EBA}) (Version: 8.0.304.4 - ESET, spol s r. o.)
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
Free Mp3 Wma Converter V 2.2 (HKLM-x32\...\Free Mp3 Wma Converter_is1) (Version: 2.2.0.0 - Koyote Soft)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.89 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.0.1204 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3960 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.0.3.1001 - Intel Corporation)
Intel® Chipsatz-Gerätesoftware (x32 Version: 10.0.13 - Intel(R) Corporation) Hidden
Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version:  - )
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Medieval CUE Splitter (HKLM-x32\...\{B96D2269-568B-4CBF-9332-12FAE8B158F7}) (Version: 1.2.0 - Medieval Software)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{09298F26-A95C-31E2-9D95-2C60F586F075}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.5.3.636 - Electronic Arts, Inc.)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 8.24.1218.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7373 - Realtek Semiconductor Corp.)
Rename Expert 5.6.0 (HKLM-x32\...\{C4401B9F-F462-44F3-B96E-390AF4DC0EE6}_is1) (Version:  - Gillmeister Software)
Revo Uninstaller Pro 3.1.2 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.2 - VS Revo Group, Ltd.)
RivaTuner Statistics Server 6.3.0 (HKLM-x32\...\RTSS) (Version: 6.3.0 - Unwinder)
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15024.8 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.15024.8 - Samsung Electronics Co., Ltd.) Hidden
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.5.1 - Samsung Electronics)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Stardock Start8 (HKLM\...\Start8_is1) (Version: 1.45 - Stardock Software, Inc.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
VirusTotal Uploader 2.2 (HKLM-x32\...\VTUploader) (Version:  - )
VLC media player (HKLM\...\VLC media player) (Version: 2.2.0 - VideoLAN)
WinRAR 5.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
XMedia Recode Version 3.2.1.7 (HKLM-x32\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.2.1.7 - XMedia Recode)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3114231556-3272972307-1787784662-1004_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)

==================== Restore Points  =========================

15-03-2015 23:10:01 AVG PC TuneUp 2015 wird installiert

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {49944065-2C63-4E6B-8F62-E5E7FE0AF965} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-02-10] (Oracle Corporation)
Task: {73F0BAE4-609C-4770-87D1-97C984B44474} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2014-10-10] (@ByELDI)
Task: {B033CAC0-87EB-4D95-BD18-436688055DDD} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-03-12] (Microsoft Corporation)
Task: {D96FC44B-3B41-4DCA-B04D-56C6D1919DDB} - System32\Tasks\Abelssoft\Updater scan => C:\Program Files (x86)\CHIP Updater\CHIPUpdater.exe [2015-03-10] (CHIP)
Task: {DDF60E3C-6909-4257-BEBE-F9CD4F8848DA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-09] (Google Inc.)
Task: {E7A75317-98B9-492D-AB73-6ED3DF3E47DA} - System32\Tasks\GoogleUpdateTaskMachineCore1d0408de35f61f2 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-09] (Google Inc.)
Task: {F2CE4609-8D3E-4270-80C0-7DE95CDCFFB3} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe [2014-09-28] (Samsung Electronics.)
Task: {FD27954F-77B3-4BB4-BB48-99EB7601C7EA} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0408de35f61f2.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2010-07-15 05:44 - 2010-07-15 05:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2015-01-09 20:34 - 2015-02-06 18:51 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2015-02-25 09:25 - 2015-02-25 09:25 - 00712504 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\avgrepliba.dll
2015-02-25 09:25 - 2015-02-25 09:25 - 00855864 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\tulnga.dll
2015-01-09 18:38 - 2014-09-28 17:59 - 00019872 _____ () C:\Program Files (x86)\Samsung\Samsung Magician\SAMSUNG_SSD.dll
2014-03-20 11:43 - 2014-03-20 11:43 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2015-03-15 21:40 - 2015-03-07 07:12 - 01174856 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\libglesv2.dll
2015-03-15 21:40 - 2015-03-07 07:12 - 00080200 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\libegl.dll
2015-03-15 21:40 - 2015-03-07 07:13 - 09279304 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\pdf.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3114231556-3272972307-1787784662-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\MC-Necro\AppData\Roaming\Microsoft\Windows Photo Viewer\Hintergrundbild der Windows-Fotoanzeige.jpg
DNS Servers: 83.169.185.161 - 83.169.185.225

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "TotalMedia Server.lnk"
HKLM\...\StartupApproved\Run: => "IAStorIcon"
HKLM\...\StartupApproved\Run: => "MouseDriver"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "BlueStacks Agent"
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKU\S-1-5-21-3114231556-3272972307-1787784662-1004\...\StartupApproved\StartupFolder: => "Sidebar845.lnk"
HKU\S-1-5-21-3114231556-3272972307-1787784662-1004\...\StartupApproved\StartupFolder: => "superpc_soft_partner.lnk"
HKU\S-1-5-21-3114231556-3272972307-1787784662-1004\...\StartupApproved\Run: => "DAEMON Tools Lite"

==================== Accounts: =============================

Administrator (S-1-5-21-3114231556-3272972307-1787784662-500 - Administrator - Disabled)
Gast (S-1-5-21-3114231556-3272972307-1787784662-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3114231556-3272972307-1787784662-1003 - Limited - Enabled)
MC-Necro (S-1-5-21-3114231556-3272972307-1787784662-1004 - Administrator - Enabled) => C:\Users\MC-Necro

==================== Faulty Device Manager Devices =============

Name: Intel(R) HD Graphics 4600
Description: Intel(R) HD Graphics 4600
Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel Corporation
Service: igfx
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/16/2015 05:03:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: igfxCUIService.exe, Version: 6.15.10.3960, Zeitstempel: 0x54299ab0
Name des fehlerhaften Moduls: igfxCUIService.exe, Version: 6.15.10.3960, Zeitstempel: 0x54299ab0
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000017719
ID des fehlerhaften Prozesses: 0x218
Startzeit der fehlerhaften Anwendung: 0xigfxCUIService.exe0
Pfad der fehlerhaften Anwendung: igfxCUIService.exe1
Pfad des fehlerhaften Moduls: igfxCUIService.exe2
Berichtskennung: igfxCUIService.exe3
Vollständiger Name des fehlerhaften Pakets: igfxCUIService.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: igfxCUIService.exe5

Error: (03/16/2015 05:03:20 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (03/16/2015 04:00:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: igfxCUIService.exe, Version: 6.15.10.3960, Zeitstempel: 0x54299ab0
Name des fehlerhaften Moduls: igfxCUIService.exe, Version: 6.15.10.3960, Zeitstempel: 0x54299ab0
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000017719
ID des fehlerhaften Prozesses: 0x214
Startzeit der fehlerhaften Anwendung: 0xigfxCUIService.exe0
Pfad der fehlerhaften Anwendung: igfxCUIService.exe1
Pfad des fehlerhaften Moduls: igfxCUIService.exe2
Berichtskennung: igfxCUIService.exe3
Vollständiger Name des fehlerhaften Pakets: igfxCUIService.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: igfxCUIService.exe5

Error: (03/16/2015 04:00:12 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (03/16/2015 03:47:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: igfxCUIService.exe, Version: 6.15.10.3960, Zeitstempel: 0x54299ab0
Name des fehlerhaften Moduls: igfxCUIService.exe, Version: 6.15.10.3960, Zeitstempel: 0x54299ab0
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000017719
ID des fehlerhaften Prozesses: 0x214
Startzeit der fehlerhaften Anwendung: 0xigfxCUIService.exe0
Pfad der fehlerhaften Anwendung: igfxCUIService.exe1
Pfad des fehlerhaften Moduls: igfxCUIService.exe2
Berichtskennung: igfxCUIService.exe3
Vollständiger Name des fehlerhaften Pakets: igfxCUIService.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: igfxCUIService.exe5

Error: (03/16/2015 03:24:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: igfxCUIService.exe, Version: 6.15.10.3960, Zeitstempel: 0x54299ab0
Name des fehlerhaften Moduls: igfxCUIService.exe, Version: 6.15.10.3960, Zeitstempel: 0x54299ab0
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000017719
ID des fehlerhaften Prozesses: 0x1c4
Startzeit der fehlerhaften Anwendung: 0xigfxCUIService.exe0
Pfad der fehlerhaften Anwendung: igfxCUIService.exe1
Pfad des fehlerhaften Moduls: igfxCUIService.exe2
Berichtskennung: igfxCUIService.exe3
Vollständiger Name des fehlerhaften Pakets: igfxCUIService.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: igfxCUIService.exe5

Error: (03/16/2015 03:22:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: igfxCUIService.exe, Version: 6.15.10.3960, Zeitstempel: 0x54299ab0
Name des fehlerhaften Moduls: igfxCUIService.exe, Version: 6.15.10.3960, Zeitstempel: 0x54299ab0
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000017719
ID des fehlerhaften Prozesses: 0x214
Startzeit der fehlerhaften Anwendung: 0xigfxCUIService.exe0
Pfad der fehlerhaften Anwendung: igfxCUIService.exe1
Pfad des fehlerhaften Moduls: igfxCUIService.exe2
Berichtskennung: igfxCUIService.exe3
Vollständiger Name des fehlerhaften Pakets: igfxCUIService.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: igfxCUIService.exe5

Error: (03/16/2015 03:11:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: igfxCUIService.exe, Version: 6.15.10.3960, Zeitstempel: 0x54299ab0
Name des fehlerhaften Moduls: igfxCUIService.exe, Version: 6.15.10.3960, Zeitstempel: 0x54299ab0
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000017719
ID des fehlerhaften Prozesses: 0x210
Startzeit der fehlerhaften Anwendung: 0xigfxCUIService.exe0
Pfad der fehlerhaften Anwendung: igfxCUIService.exe1
Pfad des fehlerhaften Moduls: igfxCUIService.exe2
Berichtskennung: igfxCUIService.exe3
Vollständiger Name des fehlerhaften Pakets: igfxCUIService.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: igfxCUIService.exe5

Error: (03/15/2015 11:15:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: igfxCUIService.exe, Version: 6.15.10.3960, Zeitstempel: 0x54299ab0
Name des fehlerhaften Moduls: igfxCUIService.exe, Version: 6.15.10.3960, Zeitstempel: 0x54299ab0
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000017719
ID des fehlerhaften Prozesses: 0x20c
Startzeit der fehlerhaften Anwendung: 0xigfxCUIService.exe0
Pfad der fehlerhaften Anwendung: igfxCUIService.exe1
Pfad des fehlerhaften Moduls: igfxCUIService.exe2
Berichtskennung: igfxCUIService.exe3
Vollständiger Name des fehlerhaften Pakets: igfxCUIService.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: igfxCUIService.exe5

Error: (03/15/2015 11:10:02 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.


System errors:
=============
Error: (03/16/2015 05:03:21 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Intel(R) HD Graphics Control Panel Service" wurde mit folgendem Fehler beendet: 
%%2147500037

Error: (03/16/2015 05:03:20 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler beendet: 
%%1064

Error: (03/16/2015 05:03:03 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Rapid Storage Technology" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (03/16/2015 05:03:03 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Management and Security Application Local Management Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (03/16/2015 05:03:03 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "MBAMService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (03/16/2015 05:03:03 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "BlueStacks Android Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (03/16/2015 05:03:03 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Dynamic Application Loader Host Interface Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (03/16/2015 05:03:00 PM) (Source: DCOM) (EventID: 10010) (User: Necro)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

Error: (03/16/2015 05:03:00 PM) (Source: DCOM) (EventID: 10010) (User: Necro)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

Error: (03/16/2015 05:02:50 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.


Microsoft Office Sessions:
=========================
Error: (03/16/2015 05:03:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: igfxCUIService.exe6.15.10.396054299ab0igfxCUIService.exe6.15.10.396054299ab0c0000005000000000001771921801d06002b74edbc6C:\Windows\system32\igfxCUIService.exeC:\Windows\system32\igfxCUIService.exef821dbde-cbf5-11e4-82e5-74d435bb1459

Error: (03/16/2015 05:03:20 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (03/16/2015 04:00:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: igfxCUIService.exe6.15.10.396054299ab0igfxCUIService.exe6.15.10.396054299ab0c0000005000000000001771921401d05ff9e5732db8C:\Windows\system32\igfxCUIService.exeC:\Windows\system32\igfxCUIService.exe25e87a21-cbed-11e4-82e4-74d435bb1459

Error: (03/16/2015 04:00:12 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (03/16/2015 03:47:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: igfxCUIService.exe6.15.10.396054299ab0igfxCUIService.exe6.15.10.396054299ab0c0000005000000000001771921401d05ff829f9c65cC:\Windows\system32\igfxCUIService.exeC:\Windows\system32\igfxCUIService.exe6b95f0e4-cbeb-11e4-82e3-74d435bb1459

Error: (03/16/2015 03:24:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: igfxCUIService.exe6.15.10.396054299ab0igfxCUIService.exe6.15.10.396054299ab0c000000500000000000177191c401d05ff4e8b83ee7C:\Windows\system32\igfxCUIService.exeC:\Windows\system32\igfxCUIService.exe2b0f9217-cbe8-11e4-82e1-74d435bb1459

Error: (03/16/2015 03:22:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: igfxCUIService.exe6.15.10.396054299ab0igfxCUIService.exe6.15.10.396054299ab0c0000005000000000001771921401d05ff48c4c921cC:\Windows\system32\igfxCUIService.exeC:\Windows\system32\igfxCUIService.execee82fd0-cbe7-11e4-82e0-74d435bb1459

Error: (03/16/2015 03:11:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: igfxCUIService.exe6.15.10.396054299ab0igfxCUIService.exe6.15.10.396054299ab0c0000005000000000001771921001d05ff322b00179C:\Windows\system32\igfxCUIService.exeC:\Windows\system32\igfxCUIService.exe63be54ae-cbe6-11e4-82df-74d435bb1459

Error: (03/15/2015 11:15:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: igfxCUIService.exe6.15.10.396054299ab0igfxCUIService.exe6.15.10.396054299ab0c0000005000000000001771920c01d05f6d927984c2C:\Windows\system32\igfxCUIService.exeC:\Windows\system32\igfxCUIService.exed2c183c4-cb60-11e4-82de-74d435bb1459

Error: (03/15/2015 11:10:02 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-4790K CPU @ 4.00GHz
Percentage of memory in use: 23%
Total physical RAM: 8085.18 MB
Available physical RAM: 6157.47 MB
Total Pagefile: 8285.18 MB
Available Pagefile: 6142.28 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: (Spiele/Programme) (Fixed) (Total:111.79 GB) (Free:16.48 GB) NTFS
Drive d: (Downloads) (Fixed) (Total:465.66 GB) (Free:450.54 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 4FB8C0ED)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 5AFC4BC7)
Partition 1: (Not Active) - (Size=111.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

Antwort

Themen zu Adware reste OTL LOG auswerten
abend, adware, auswerten, bluestacks, driver booster, frage, fragen, gestern, install.exe, installier, installiert, kmspico, könntet, launch, log, log auswerten, nennt, neu, nicht sicher, otl log, programm, refresh, reste, scan, software



Ähnliche Themen: Adware reste OTL LOG auswerten


  1. Adware.Gen7 - Adware/Cherished.oia - Adware/InstallCore.Gen9 - TR/Trash.Gen bei Antivir gefunden
    Plagegeister aller Art und deren Bekämpfung - 03.12.2014 (13)
  2. Windows 7: ADWARE/CrossRider.Gen4, ADWARE/EoRezo.Gen4 und ADWARE/MPlug 6.14 durch AntiVir gefunden
    Log-Analyse und Auswertung - 22.10.2014 (4)
  3. eBay-Fake eMail mit ZIP Anhang gespeichert, Windows 7- Avira: Enthält Erkennungsmuster der Adware ADWARE/Adware.Gen
    Log-Analyse und Auswertung - 29.08.2014 (17)
  4. Trojaner gefunden TR/Dldr.Agent.314440 und verschiedene Adwares ADWARE/EoRezo.AF, ADWARE/Adware.Gen7, ADWARE/AgentCV.A.2919
    Log-Analyse und Auswertung - 02.05.2014 (19)
  5. Absturz Firefox und Funde ADWARE/InstallMat.D, TR/Barys.443.5, ADWARE/Adware.Gen6
    Log-Analyse und Auswertung - 03.01.2013 (19)
  6. USB-Stick enthält Erkennungsmuster der Adware ADWARE/Adware.Gen
    Plagegeister aller Art und deren Bekämpfung - 29.07.2012 (25)
  7. Testbundle23w_1254[1].exe enthält Erkennungsmuster der Adware ADWARE/Adware.GEN
    Plagegeister aller Art und deren Bekämpfung - 22.04.2012 (5)
  8. PC von Adware.Agent.ZGen, Adware.ClickPotato, Adware.ShopperReports, Adware.Hotbar, Adwa angegriffen
    Mülltonne - 30.06.2011 (0)
  9. malware (reste) auf dem pc?
    Log-Analyse und Auswertung - 02.01.2011 (9)
  10. Windows Reste
    Alles rund um Windows - 02.12.2008 (4)
  11. Reste von Vista
    Alles rund um Windows - 31.07.2008 (1)
  12. Tor Reste in Registry
    Alles rund um Windows - 28.02.2008 (16)
  13. System nach Vundo und adware.memini Fix wirklich sauber? BitteHJT Auswerten
    Log-Analyse und Auswertung - 09.05.2007 (2)
  14. Bitte auswerten, neu aufgesetzt und Virus/Adware!
    Log-Analyse und Auswertung - 04.03.2006 (1)
  15. Reste von SpywareStrike ??
    Log-Analyse und Auswertung - 26.01.2006 (4)
  16. Reste von SPyAxe ???
    Plagegeister aller Art und deren Bekämpfung - 25.01.2006 (3)
  17. Reste von SpySheriff?
    Log-Analyse und Auswertung - 27.12.2005 (1)

Zum Thema Adware reste OTL LOG auswerten - Hi ich bin neu hier und habe gleich mal eine Frage zu einen Programm OTL nennt sich das und damit wollte ich einen scan machen weil ich mir gestern abend - Adware reste OTL LOG auswerten...
Archiv
Du betrachtest: Adware reste OTL LOG auswerten auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.