Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Windows 7: PC verhält sich komisch update.exe

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 29.04.2015, 21:25   #1
Seppiro
 
Windows 7: PC verhält sich komisch update.exe - Standard

Windows 7: PC verhält sich komisch update.exe



Hallo zusammen,

also mein PC verhält sich in letzter Zeit komisch bekomme Bluescreens, er friert ohne grund plötzlich ein, bleibt im Bios fenster hängen (also da von wo aus man mit del z.b ins Bios kommt). und Das alles hat angefangen nachdem Kaspersky eine update.exe als Trojaner erkannt hat und diese öfters mal versucht hat zu löschen welche sich im windows Ordner syswow64 befindet. Deswegen wollte ich hier mal um Hilfe bitten.

FRST

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-04-2015
Ran by Fabian (administrator) on FABIAN-PC on 29-04-2015 22:14:01
Running from C:\Users\Fabian\Desktop
Loaded Profiles: Fabian (Available profiles: Fabian)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices) C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe
() C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
() D:\Programme\Core Temp\Core Temp.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe
(SoftPerfect Research) D:\Programme\NetWorx\networx.exe
() C:\Program Files\ASUS Xonar U7 Audio\CPL\ASUSXonarU7_x64.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
(LogMeIn Inc.) D:\Programme\Hamachi\hamachi-2.exe
(LogMeIn, Inc.) D:\Programme\Hamachi\LMIGuardianSvc.exe
(LogMeIn Inc.) D:\Programme\Hamachi\hamachi-2-ui.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(LogMeIn, Inc.) D:\Programme\Hamachi\LMIGuardianSvc.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7569112 2014-03-31] (Realtek Semiconductor)
HKLM\...\Run: [Cmaudio8788] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [438784 2010-12-17] ()
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [NetWorx] => D:\Programme\NetWorx\networx.exe [6589136 2014-09-30] (SoftPerfect Research)
HKLM\...\Run: [GamecomSound] => C:\Program Files\ASUS Xonar U7 Audio\CPL\ASUSXonarU7_x64.exe [2453504 2013-08-06] ()
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-02-21] (Intel Corporation)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [508656 2012-08-31] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => D:\Programme\Hamachi\hamachi-2-ui.exe [3978600 2015-03-30] (LogMeIn Inc.)
HKU\S-1-5-21-4180718120-1828569617-1736650471-1000\...\Run: [Steam] => D:\Programme\Steam\steam.exe [2889408 2015-04-14] (Valve Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start_.lnk [2015-04-29]
ShortcutTarget: Start_.lnk -> C:\Windows\SysWOW64\update_.exe ()
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => D:\Programme\Office 2007\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => D:\Programme\Office 2007\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => D:\Programme\Office 2007\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => D:\Programme\Office 2007\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => D:\Programme\Office 2007\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-4180718120-1828569617-1736650471-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-4180718120-1828569617-1736650471-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-10-24] (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll [2014-10-18] (Oracle Corporation)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-10-18] (Oracle Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> D:\Programme\Office 2007\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-10-24] (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-11-01] (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-03-01] (Atheros Commnucations)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-11-01] (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20] (Kaspersky Lab ZAO)
Toolbar: HKU\S-1-5-21-4180718120-1828569617-1736650471-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Programme\Office 2007\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-10-18] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-10-18] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> D:\Programme\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-11-01] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-11-01] (Oracle Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2014-10-24] ()
FF Plugin-x32: @kaspersky.com/online_banking -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2014-10-24] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-10-24] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4180718120-1828569617-1736650471-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Fabian\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-10-08] (Unity Technologies ApS)
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2014-10-24]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-10-24]
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com [2014-10-24]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com [2014-10-24]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2014-10-24]

Chrome: 
=======
CHR HomePage: Default -> 
CHR StartupUrls: Default -> "hxxp://www.google.com", "hxxp://www.sweet-page.com/?type=hp&ts=1409748275&from=cor&uid=SamsungXSSDX840XEVOX120GB_S1D5NSADC38755E"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (ProxFlow) - C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2014-08-29]
CHR Extension: (YouTube) - C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-29]
CHR Extension: (Google Search) - C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-29]
CHR Extension: (Kaspersky Protection) - C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2014-10-24]
CHR Extension: (BetaFish Adblocker) - C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-08-29]
CHR Extension: (Bookmark Manager) - C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-21]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-14]
CHR Extension: (Gravelord Nito) - C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmaneaofefbdhecclkaokfmclgcagdah [2014-08-29]
CHR Extension: (Google Wallet) - C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-29]
CHR Extension: (Gmail) - C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-29]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 amdacpusrsvc; C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [116224 2014-11-20] (Advanced Micro Devices) [File not signed]
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936728 2014-01-28] ()
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [76448 2011-03-01] (Atheros Commnucations) [File not signed]
R2 AVP15.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [175136 2014-09-09] (EasyAntiCheat Ltd)
R2 Hamachi2Svc; D:\Programme\Hamachi\hamachi-2.exe [2490216 2015-03-30] (LogMeIn Inc.)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel(R) Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-03-20] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 Microsoft Office Groove Audit Service; D:\Programme\Office 2007\Office12\GrooveAuditService.exe [64856 2009-02-26] (Microsoft Corporation)
S3 ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [575488 2008-09-08] (Nokia.) [File not signed]
S2 Software licensing; C:\Windows\SysWOW64\Softlic.exe [1622528 2015-03-30] () [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 amdacpksd; C:\Windows\system32\drivers\amdacpksd.sys [294600 2014-11-21] (Advanced Micro Devices)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2014-01-28] ()
S3 ASUSU7; C:\Windows\System32\DRIVERS\ASUSU7.SYS [406016 2013-08-01] (C-Media Inc.)
S3 BtFilter; C:\Windows\System32\DRIVERS\btfilter.sys [280224 2011-03-01] (Atheros) [File not signed]
R0 BtHidBus; C:\Windows\System32\Drivers\BtHidBus.sys [25056 2011-12-21] (IVT Corporation.)
S3 cmudaxp; C:\Windows\System32\drivers\cmudaxp.sys [2727936 2011-12-20] (C-Media Inc)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-08-29] (Disc Soft Ltd)
S3 IvtAudioBusSrv; C:\Windows\System32\Drivers\IvtBtBus.sys [27256 2012-12-24] (IVT Corporation.)
S3 IvtPanBusSrv; C:\Windows\System32\Drivers\btnetBus.sys [31480 2012-12-24] (IVT Corporation.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [457824 2014-02-20] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [141320 2014-10-24] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [243808 2014-04-10] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [793800 2014-10-24] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2014-03-25] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179296 2014-03-26] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [118272 2014-03-20] (Intel Corporation)
S3 MotioninJoyXFilter; C:\Windows\System32\DRIVERS\MijXfilt.sys [121416 2012-05-12] (MotioninJoy) [File not signed]
R1 networx; C:\Windows\System32\drivers\networx.sys [60408 2014-08-01] (NetFilterSDK.com)
S3 RTCore64; D:\Programme\MSI Afterburner\RTCore64.sys [13368 2013-03-11] ()
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52080 2013-10-10] (Cisco Systems, Inc.)
R3 ALSysIO; \??\C:\Users\Fabian\AppData\Local\Temp\ALSysIO64.sys [X]
S3 BT; system32\DRIVERS\btnetdrv.sys [X]
S3 BTCOM; system32\DRIVERS\btcomport.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [X]
S3 IvtComBusSrv; System32\Drivers\btcombus.sys [X]
S3 pmem; \??\C:\Users\Fabian\AppData\Local\Temp\_MEI41682\drivers\winpmem64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-29 21:59 - 2015-04-29 22:14 - 00022066 _____ () C:\Users\Fabian\Desktop\FRST.txt
2015-04-29 21:59 - 2015-04-29 22:14 - 00000000 ____D () C:\FRST
2015-04-29 21:59 - 2015-04-29 21:59 - 02101248 _____ (Farbar) C:\Users\Fabian\Desktop\FRST64.exe
2015-04-29 21:59 - 2015-04-29 21:59 - 00380416 _____ () C:\Users\Fabian\Desktop\Gmer-19357.exe
2015-04-29 21:57 - 2015-04-29 21:57 - 00000474 _____ () C:\Users\Fabian\Desktop\defogger_disable.log
2015-04-29 21:57 - 2015-04-29 21:56 - 00050477 _____ () C:\Users\Fabian\Desktop\Defogger.exe
2015-04-29 21:56 - 2015-04-29 21:56 - 00000000 _____ () C:\Users\Fabian\defogger_reenable
2015-04-29 21:45 - 2015-04-29 21:45 - 00000000 ___RD () C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-04-29 18:48 - 2015-04-29 22:13 - 01539150 _____ () C:\Windows\SysWOW64\Update.exe
2015-04-29 18:48 - 2015-04-29 17:59 - 01026772 _____ () C:\Windows\SysWOW64\update64.exe
2015-04-29 18:48 - 2015-04-28 15:37 - 01584640 _____ () C:\Windows\SysWOW64\update_.exe
2015-04-29 18:48 - 2015-04-23 04:10 - 00198467 _____ () C:\Windows\SysWOW64\Run.exe
2015-04-28 19:52 - 2015-04-28 19:52 - 00293032 _____ () C:\Windows\Minidump\042815-6739-01.dmp
2015-04-25 11:13 - 2015-04-25 11:13 - 00002566 _____ () C:\Users\Fabian\Documents\01541sd111s11sSH4AR4E!!!!1515151.pfx
2015-04-23 18:40 - 2015-04-23 18:46 - 00000000 ____D () C:\Qoobox
2015-04-23 18:40 - 2015-04-23 18:45 - 00000000 ____D () C:\Windows\erdnt
2015-04-23 18:40 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-04-23 18:40 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-04-23 18:40 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-04-23 18:40 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-04-23 18:40 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-04-23 18:40 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2015-04-23 18:40 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2015-04-23 18:40 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2015-04-23 18:20 - 2015-04-23 18:47 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-23 18:20 - 2015-04-23 18:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-04-23 18:19 - 2015-04-23 18:20 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-04-23 18:19 - 2015-04-23 18:19 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-23 18:19 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-23 18:19 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-23 18:19 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-23 18:12 - 2015-04-23 18:12 - 00262144 _____ () C:\Windows\system32\config\elam
2015-04-23 18:05 - 2015-04-29 22:13 - 00000012 _____ () C:\Windows\SysWOW64\listm.txt
2015-04-19 14:16 - 2015-04-19 14:16 - 00000000 ____D () C:\Users\Fabian\AppData\Local\PDF24
2015-04-19 14:16 - 2015-04-19 14:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
2015-04-16 19:39 - 2015-04-16 19:39 - 00000080 _____ () C:\Users\Fabian\AppData\Local剜捯獫慴⁲慇敭屳呇⁁屖湥楴汴浥湥⹴湩潦
2015-04-16 19:37 - 2015-04-16 19:37 - 00000000 ____D () C:\Program Files (x86)\Rockstar Games
2015-04-16 19:36 - 2015-04-16 19:36 - 00000000 ____D () C:\Program Files\Rockstar Games
2015-04-16 19:18 - 2015-04-16 19:18 - 00000000 ____D () C:\Users\Fabian\AppData\Local\Rockstar Games
2015-04-16 19:16 - 2015-04-16 19:39 - 00000000 ____D () C:\Users\Fabian\Documents\Rockstar Games
2015-04-15 18:54 - 2015-04-02 02:17 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-15 18:54 - 2015-04-02 01:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-04-15 18:54 - 2015-03-25 05:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-15 18:54 - 2015-03-25 05:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-15 18:54 - 2015-03-25 05:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-15 18:54 - 2015-03-25 05:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-15 18:54 - 2015-03-25 05:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-15 18:54 - 2015-03-25 05:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-15 18:54 - 2015-03-25 05:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-15 18:54 - 2015-03-25 05:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-15 18:54 - 2015-03-25 05:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-15 18:54 - 2015-03-25 05:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-15 18:54 - 2015-03-25 05:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-15 18:54 - 2015-03-25 05:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-15 18:54 - 2015-03-25 05:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-15 18:54 - 2015-03-25 05:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-15 18:54 - 2015-03-25 05:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-15 18:54 - 2015-03-25 05:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-15 18:54 - 2015-03-23 05:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-15 18:54 - 2015-03-23 05:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-15 18:54 - 2015-03-23 05:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-15 18:54 - 2015-03-23 05:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-15 18:54 - 2015-03-23 05:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-15 18:54 - 2015-03-23 05:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-15 18:54 - 2015-03-23 05:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-15 18:54 - 2015-03-23 05:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-15 18:54 - 2015-03-17 07:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-15 18:54 - 2015-03-17 07:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-15 18:54 - 2015-03-17 07:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-15 18:54 - 2015-03-17 07:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-15 18:54 - 2015-03-17 07:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-04-15 18:54 - 2015-03-17 07:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-15 18:54 - 2015-03-17 07:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-15 18:54 - 2015-03-17 07:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-15 18:54 - 2015-03-17 07:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-04-15 18:54 - 2015-03-17 07:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-15 18:54 - 2015-03-17 07:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-15 18:54 - 2015-03-17 07:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-04-15 18:54 - 2015-03-17 07:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-15 18:54 - 2015-03-17 07:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-15 18:54 - 2015-03-17 07:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-15 18:54 - 2015-03-17 07:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-15 18:54 - 2015-03-17 07:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-04-15 18:54 - 2015-03-17 07:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-15 18:54 - 2015-03-17 07:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-15 18:54 - 2015-03-17 07:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-15 18:54 - 2015-03-17 07:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-15 18:54 - 2015-03-17 07:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-15 18:54 - 2015-03-17 07:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-15 18:54 - 2015-03-17 07:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-15 18:54 - 2015-03-17 07:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-15 18:54 - 2015-03-17 07:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-15 18:54 - 2015-03-17 07:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-04-15 18:54 - 2015-03-17 07:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-04-15 18:54 - 2015-03-17 07:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-15 18:54 - 2015-03-17 07:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-15 18:54 - 2015-03-17 07:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-15 18:54 - 2015-03-17 07:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-04-15 18:54 - 2015-03-17 07:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-04-15 18:54 - 2015-03-17 06:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-15 18:54 - 2015-03-17 06:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-04-15 18:54 - 2015-03-17 06:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-04-15 18:54 - 2015-03-17 06:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-04-15 18:54 - 2015-03-17 06:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-04-15 18:54 - 2015-03-17 06:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-04-15 18:54 - 2015-03-17 06:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-04-15 18:54 - 2015-03-17 06:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-04-15 18:54 - 2015-03-17 06:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-04-15 18:54 - 2015-03-17 06:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-04-15 18:54 - 2015-03-17 06:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-04-15 18:54 - 2015-03-17 06:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-04-15 18:54 - 2015-03-17 06:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-04-15 18:54 - 2015-03-17 06:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-04-15 18:54 - 2015-03-17 06:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-04-15 18:54 - 2015-03-17 06:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-04-15 18:54 - 2015-03-17 06:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-04-15 18:54 - 2015-03-17 06:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-04-15 18:54 - 2015-03-17 06:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-04-15 18:54 - 2015-03-17 06:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-04-15 18:54 - 2015-03-17 06:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-04-15 18:54 - 2015-03-17 06:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 06:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 05:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-04-15 18:54 - 2015-03-17 05:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-04-15 18:54 - 2015-03-17 05:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 05:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 05:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 05:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-15 18:54 - 2015-03-13 06:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-15 18:54 - 2015-03-13 06:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-15 18:54 - 2015-03-13 06:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-15 18:54 - 2015-03-13 06:09 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-15 18:54 - 2015-03-13 06:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-15 18:54 - 2015-03-13 06:08 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-15 18:54 - 2015-03-13 06:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-15 18:54 - 2015-03-13 06:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-15 18:54 - 2015-03-13 06:06 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-15 18:54 - 2015-03-13 06:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-15 18:54 - 2015-03-13 05:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-15 18:54 - 2015-03-13 05:55 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-15 18:54 - 2015-03-13 05:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-15 18:54 - 2015-03-13 05:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-15 18:54 - 2015-03-13 05:53 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-15 18:54 - 2015-03-13 05:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-15 18:54 - 2015-03-13 05:44 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-15 18:54 - 2015-03-13 05:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-15 18:54 - 2015-03-13 05:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-04-15 18:54 - 2015-03-13 05:40 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-15 18:54 - 2015-03-13 05:32 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-15 18:54 - 2015-03-13 05:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-15 18:54 - 2015-03-13 05:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-04-15 18:54 - 2015-03-13 05:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-04-15 18:54 - 2015-03-13 05:27 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-15 18:54 - 2015-03-13 05:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-04-15 18:54 - 2015-03-13 05:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-15 18:54 - 2015-03-13 05:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-04-15 18:54 - 2015-03-13 05:23 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-15 18:54 - 2015-03-13 05:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-15 18:54 - 2015-03-13 05:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-15 18:54 - 2015-03-13 05:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-04-15 18:54 - 2015-03-13 05:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-04-15 18:54 - 2015-03-13 05:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-04-15 18:54 - 2015-03-13 05:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-04-15 18:54 - 2015-03-13 05:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-15 18:54 - 2015-03-13 05:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-15 18:54 - 2015-03-13 05:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-15 18:54 - 2015-03-13 05:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-15 18:54 - 2015-03-13 05:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-15 18:54 - 2015-03-13 05:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-04-15 18:54 - 2015-03-13 05:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-15 18:54 - 2015-03-13 04:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-04-15 18:54 - 2015-03-13 04:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-15 18:54 - 2015-03-13 04:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-15 18:54 - 2015-03-13 04:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-15 18:54 - 2015-03-13 04:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-15 18:54 - 2015-03-13 04:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-15 18:54 - 2015-03-13 04:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-15 18:54 - 2015-03-13 04:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-04-15 18:54 - 2015-03-13 04:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-15 18:54 - 2015-03-13 04:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-15 18:54 - 2015-03-13 04:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-15 18:54 - 2015-03-13 04:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-15 18:54 - 2015-03-13 04:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-15 18:54 - 2015-03-13 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-15 18:54 - 2015-03-10 05:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-15 18:54 - 2015-03-10 05:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-15 18:54 - 2015-03-10 05:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-15 18:54 - 2015-03-10 05:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-04-15 18:54 - 2015-03-05 07:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-15 18:54 - 2015-03-05 06:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-15 18:54 - 2015-03-04 06:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-15 18:54 - 2015-03-04 06:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-15 18:54 - 2015-03-04 06:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-15 18:54 - 2015-02-25 05:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-13 20:32 - 2015-04-13 20:32 - 00000000 ____D () C:\Users\Fabian\Documents\Aspyr
2015-04-13 20:32 - 2015-04-13 20:32 - 00000000 ____D () C:\Users\Fabian\AppData\Local\Aspyr
2015-04-13 20:28 - 2015-04-13 20:28 - 00178800 _____ (Sony DADC Austria AG.) C:\Windows\SysWOW64\CmdLineExt_x64.dll
2015-04-13 20:28 - 2015-04-13 20:28 - 00000000 __RHD () C:\Users\Fabian\AppData\Roaming\SecuROM
2015-04-13 19:29 - 2015-04-13 19:29 - 00009728 _____ () C:\Windows\SysWOW64\BASSMOD.dll
2015-04-13 19:28 - 2015-04-13 20:24 - 00000032 _____ () C:\Windows\0
2015-04-13 19:28 - 2015-04-13 19:28 - 00000000 ____D () C:\Program Files (x86)\PC Connectivity Solution
2015-04-13 19:28 - 2015-04-13 19:28 - 00000000 ____D () C:\Program Files (x86)\Nokia
2015-04-13 19:28 - 2015-04-13 19:28 - 00000000 _____ () C:\Windows\system32\0
2015-04-13 19:28 - 2008-08-28 12:44 - 00025600 _____ (Nokia) C:\Windows\system32\Drivers\pccsmcfdx64.sys
2015-04-13 19:28 - 2008-05-07 07:39 - 00066560 _____ (Nokia) C:\Windows\system32\nmwcdclsx64.dll
2015-04-13 19:27 - 2015-04-13 19:27 - 00000000 ____D () C:\ProgramData\Installations
2015-04-13 19:11 - 2015-04-13 19:11 - 00000535 _____ () C:\Windows\Xbox_360_CC_Driver.log
2015-04-12 16:30 - 2015-04-12 16:30 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StarCitizen
2015-04-04 20:59 - 2015-04-04 20:59 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-04 20:59 - 2015-04-04 20:59 - 00000000 ___SD () C:\Windows\system32\GWX
2015-03-31 20:02 - 2015-03-31 20:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2015-03-30 19:06 - 2015-03-30 19:06 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\Publish Providers
2015-03-30 19:01 - 2015-03-30 19:02 - 01622528 _____ () C:\Windows\SysWOW64\Softlic.exe
2015-03-30 19:01 - 2015-03-30 19:02 - 00000026 _____ () C:\Windows\SysWOW64\video.log
2015-03-30 19:00 - 2015-03-30 19:01 - 00000000 ____D () C:\Users\Fabian\AppData\Local\Sony
2015-03-30 19:00 - 2015-03-30 19:00 - 00000000 ____D () C:\ProgramData\Sony
2015-03-30 19:00 - 2015-03-30 19:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2015-03-30 19:00 - 2015-03-30 19:00 - 00000000 ____D () C:\Program Files (x86)\Sony
2015-03-30 18:59 - 2015-03-30 19:11 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\Sony

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-29 22:13 - 2014-12-23 16:47 - 00000000 ____D () C:\Users\Fabian\AppData\Local\LogMeIn Hamachi
2015-04-29 22:13 - 2014-10-24 11:35 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-04-29 22:13 - 2014-08-29 16:37 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-29 22:13 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-29 22:13 - 2009-07-14 06:51 - 00142452 _____ () C:\Windows\setupact.log
2015-04-29 22:06 - 2014-08-29 16:37 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-29 22:06 - 2009-07-14 06:45 - 00038752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-29 22:06 - 2009-07-14 06:45 - 00038752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-29 21:56 - 2014-08-29 16:32 - 00000000 ____D () C:\Users\Fabian
2015-04-29 21:56 - 2009-07-14 19:58 - 00717014 _____ () C:\Windows\system32\perfh007.dat
2015-04-29 21:56 - 2009-07-14 19:58 - 00154630 _____ () C:\Windows\system32\perfc007.dat
2015-04-29 21:56 - 2009-07-14 07:13 - 01655480 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-29 21:53 - 2014-08-29 16:32 - 01944962 _____ () C:\Windows\WindowsUpdate.log
2015-04-29 21:52 - 2014-09-11 22:12 - 00006462 _____ () C:\Windows\SysWOW64\Gms.log
2015-04-29 21:50 - 2015-03-18 23:46 - 00000035 _____ () C:\Users\Public\Documents\AtherosServiceConfig.ini
2015-04-29 20:46 - 2014-08-29 17:05 - 00065536 _____ () C:\Windows\system32\spu_storage.bin
2015-04-29 20:36 - 2014-12-03 00:48 - 00000000 ____D () C:\Users\Fabian\AppData\Local\Battle.net
2015-04-28 19:52 - 2014-08-29 21:13 - 631035299 _____ () C:\Windows\MEMORY.DMP
2015-04-28 19:52 - 2014-08-29 21:13 - 00000000 ____D () C:\Windows\Minidump
2015-04-26 18:01 - 2014-11-17 18:28 - 00000000 ____D () C:\ProgramData\Unity
2015-04-26 11:41 - 2015-03-14 02:50 - 00000000 ____D () C:\Program Files (x86)\MOUSE Editor
2015-04-26 11:41 - 2014-08-29 16:38 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-04-25 12:08 - 2014-10-25 14:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
2015-04-24 18:51 - 2014-09-11 21:16 - 00000000 ____D () C:\Users\Fabian\Documents\Bluetooth Folder
2015-04-24 18:49 - 2014-08-29 17:05 - 00243932 _____ () C:\Windows\PFRO.log
2015-04-23 20:43 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-04-23 18:46 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2015-04-23 18:44 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2015-04-23 18:26 - 2009-07-14 20:18 - 00000000 ____D () C:\Windows\ShellNew
2015-04-21 21:09 - 2014-08-29 21:51 - 00000000 ____D () C:\Users\Fabian\AppData\Local\CrashDumps
2015-04-19 14:09 - 2014-09-03 21:16 - 00000099 _____ () C:\Users\Public\LMDebug.log
2015-04-19 01:38 - 2014-08-29 21:51 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\vlc
2015-04-16 06:56 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat
2015-04-16 06:53 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-04-16 06:08 - 2014-12-11 09:18 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-16 06:08 - 2014-08-29 18:32 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-15 23:23 - 2014-09-25 17:15 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-15 23:22 - 2014-08-29 17:03 - 01628824 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-15 23:20 - 2014-11-29 13:35 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-04-15 23:20 - 2014-11-29 13:35 - 00000000 ____D () C:\ProgramData\Skype
2015-04-15 23:20 - 2014-08-29 18:13 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-15 23:17 - 2014-08-29 18:13 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-15 22:22 - 2014-10-04 21:16 - 00000000 ____D () C:\Users\Fabian\AppData\Local\Eclipse
2015-04-14 18:59 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-04-14 18:58 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Public\Libraries
2015-04-13 19:28 - 2014-11-10 18:36 - 00000000 ____D () C:\Program Files\DIFX
2015-04-13 19:28 - 2014-09-08 14:00 - 00034542 _____ () C:\Windows\DPINST.LOG
2015-04-13 19:12 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-04-13 19:11 - 2014-08-29 18:14 - 00254907 _____ () C:\Windows\DirectX.log
2015-04-12 16:30 - 2014-09-05 14:42 - 00000000 ____D () C:\Windows\SysWOW64\directx
2015-04-09 20:43 - 2014-09-03 14:34 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\Mp3tag
2015-03-30 15:25 - 2015-01-29 18:58 - 00033856 ____H (LogMeIn, Inc.) C:\Windows\system32\hamachi.sys

==================== Files in the root of some directories =======

2014-11-25 00:36 - 2014-11-25 00:36 - 0000793 _____ () C:\Users\Fabian\AppData\Roaming\MPQEditor.ini
2014-12-23 13:49 - 2014-12-23 13:49 - 0006099 _____ () C:\Users\Fabian\AppData\Local\recently-used.xbel
2015-03-04 00:58 - 2015-03-04 00:58 - 0007614 _____ () C:\Users\Fabian\AppData\Local\Resmon.ResmonCfg
2014-08-29 16:39 - 2014-08-29 16:39 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some content of TEMP:
====================
C:\Users\Fabian\AppData\Local\Temp\proxy_vole5764226451692624574.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-24 20:44

==================== End Of Log ============================
         
--- --- ---


GMER
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-04-29 22:20:32
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 Samsung_SSD_840_EVO_120GB rev.EXT0BB0Q 111,79GB
Running: Gmer-19357.exe; Driver: C:\Users\Fabian\AppData\Local\Temp\uxdiipod.sys


---- User code sections - GMER 2.1 ----

.text   C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe[2248] C:\Windows\SysWOW64\ntdll.dll!NtQueryValueKey                                          000000007732faa4 5 bytes JMP 0000000172352e10
.text   C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe[2248] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                   0000000077330034 5 bytes JMP 0000000172352dd0
.text   D:\Programme\Hamachi\hamachi-2-ui.exe[3292] C:\Windows\syswow64\PsApi.dll!GetModuleFileNameExW + 17                                                                          0000000074ef1401 2 bytes JMP 7557b1ef C:\Windows\syswow64\kernel32.dll
.text   D:\Programme\Hamachi\hamachi-2-ui.exe[3292] C:\Windows\syswow64\PsApi.dll!EnumProcessModules + 17                                                                            0000000074ef1419 2 bytes JMP 7557b31a C:\Windows\syswow64\kernel32.dll
.text   D:\Programme\Hamachi\hamachi-2-ui.exe[3292] C:\Windows\syswow64\PsApi.dll!GetModuleInformation + 17                                                                          0000000074ef1431 2 bytes JMP 755f8f09 C:\Windows\syswow64\kernel32.dll
.text   D:\Programme\Hamachi\hamachi-2-ui.exe[3292] C:\Windows\syswow64\PsApi.dll!GetModuleInformation + 42                                                                          0000000074ef144a 2 bytes CALL 75554885 C:\Windows\syswow64\kernel32.dll
.text   ...                                                                                                                                                                          * 9
.text   D:\Programme\Hamachi\hamachi-2-ui.exe[3292] C:\Windows\syswow64\PsApi.dll!EnumDeviceDrivers + 17                                                                             0000000074ef14dd 2 bytes JMP 755f8802 C:\Windows\syswow64\kernel32.dll
.text   D:\Programme\Hamachi\hamachi-2-ui.exe[3292] C:\Windows\syswow64\PsApi.dll!GetDeviceDriverBaseNameA + 17                                                                      0000000074ef14f5 2 bytes JMP 755f89d8 C:\Windows\syswow64\kernel32.dll
.text   D:\Programme\Hamachi\hamachi-2-ui.exe[3292] C:\Windows\syswow64\PsApi.dll!QueryWorkingSetEx + 17                                                                             0000000074ef150d 2 bytes JMP 755f86f8 C:\Windows\syswow64\kernel32.dll
.text   D:\Programme\Hamachi\hamachi-2-ui.exe[3292] C:\Windows\syswow64\PsApi.dll!GetDeviceDriverBaseNameW + 17                                                                      0000000074ef1525 2 bytes JMP 755f8ac2 C:\Windows\syswow64\kernel32.dll
.text   D:\Programme\Hamachi\hamachi-2-ui.exe[3292] C:\Windows\syswow64\PsApi.dll!GetModuleBaseNameW + 17                                                                            0000000074ef153d 2 bytes JMP 7556fc78 C:\Windows\syswow64\kernel32.dll
.text   D:\Programme\Hamachi\hamachi-2-ui.exe[3292] C:\Windows\syswow64\PsApi.dll!EnumProcesses + 17                                                                                 0000000074ef1555 2 bytes JMP 755768bf C:\Windows\syswow64\kernel32.dll
.text   D:\Programme\Hamachi\hamachi-2-ui.exe[3292] C:\Windows\syswow64\PsApi.dll!GetProcessMemoryInfo + 17                                                                          0000000074ef156d 2 bytes JMP 755f8fc1 C:\Windows\syswow64\kernel32.dll
.text   D:\Programme\Hamachi\hamachi-2-ui.exe[3292] C:\Windows\syswow64\PsApi.dll!GetPerformanceInfo + 17                                                                            0000000074ef1585 2 bytes JMP 755f8b22 C:\Windows\syswow64\kernel32.dll
.text   D:\Programme\Hamachi\hamachi-2-ui.exe[3292] C:\Windows\syswow64\PsApi.dll!QueryWorkingSet + 17                                                                               0000000074ef159d 2 bytes JMP 755f86bc C:\Windows\syswow64\kernel32.dll
.text   D:\Programme\Hamachi\hamachi-2-ui.exe[3292] C:\Windows\syswow64\PsApi.dll!GetModuleBaseNameA + 17                                                                            0000000074ef15b5 2 bytes JMP 7556fd11 C:\Windows\syswow64\kernel32.dll
.text   D:\Programme\Hamachi\hamachi-2-ui.exe[3292] C:\Windows\syswow64\PsApi.dll!GetModuleFileNameExA + 17                                                                          0000000074ef15cd 2 bytes JMP 7557b2b0 C:\Windows\syswow64\kernel32.dll
.text   D:\Programme\Hamachi\hamachi-2-ui.exe[3292] C:\Windows\syswow64\PsApi.dll!GetProcessImageFileNameW + 20                                                                      0000000074ef16b2 2 bytes JMP 755f8e84 C:\Windows\syswow64\kernel32.dll
.text   D:\Programme\Hamachi\hamachi-2-ui.exe[3292] C:\Windows\syswow64\PsApi.dll!GetProcessImageFileNameW + 31                                                                      0000000074ef16bd 2 bytes JMP 755f8651 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                        00000000771313ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500                        0000000077131544 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                00000000771318ce 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 644                                0000000077131ad4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212                               0000000077131bb4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                  0000000077131d35 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                      0000000077131e9f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89                                    0000000077131f85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680                        0000000077132248 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                    00000000771326f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                  0000000077132712 8 bytes {JMP 0x10}
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79   000000007713276f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184  00000000771327d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                          * 3
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299          0000000077132b9b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375          0000000077132be7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                          * 2
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                      00000000771330bb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920                      0000000077133248 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 33                                      00000000771337c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 274                                     00000000771338b2 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                          * 3
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197         0000000077133a15 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                  0000000077133fb0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161                 0000000077134061 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277                 00000000771340d5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                          * 3
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214                     0000000077134216 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276                     0000000077134254 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 609                               00000000771344c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284                  00000000771346ac 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483                  0000000077134773 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231                               0000000077134867 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518                               0000000077134986 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                          * 2
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256              0000000077134ab0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67                 0000000077134b03 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501              0000000077134d05 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256                         0000000077134f00 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247                   0000000077135007 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 483                     00000000771351f3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438                     0000000077136006 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!atol + 194                                        00000000771361be 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76                                        00000000771363ac 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45          00000000771363ed 8 bytes [50, 6C, F8, 7E, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4              0000000077136404 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92             000000007713645c 8 bytes [30, 6C, F8, 7E, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790                       0000000077136c26 8 bytes [20, 6C, F8, 7E, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                            000000007717dca0 8 bytes {JMP QWORD [RIP-0x478a2]}
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                          000000007717de20 8 bytes {JMP QWORD [RIP-0x479ca]}
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                000000007717de50 8 bytes {JMP QWORD [RIP-0x47c98]}
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                              000000007717df70 8 bytes {JMP QWORD [RIP-0x47b89]}
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                  000000007717e020 8 bytes {JMP QWORD [RIP-0x47c7a]}
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                  000000007717e650 8 bytes {JMP QWORD [RIP-0x46b93]}
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                000000007717e8a0 8 bytes {JMP QWORD [RIP-0x472a2]}
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                000000007717f100 8 bytes {JMP QWORD [RIP-0x484e0]}
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5872] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312              0000000074bd13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5872] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471              0000000074bd146b 8 bytes {JMP 0xffffffffffffffb0}
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5872] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                           0000000074bd16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5872] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                        0000000074bd19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5872] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                        0000000074bd19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5872] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                  0000000074bd1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                00000000771313ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500                                0000000077131544 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                        00000000771318ce 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 644                                        0000000077131ad4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212                                       0000000077131bb4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                          0000000077131d35 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                              0000000077131e9f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89                                            0000000077131f85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680                                0000000077132248 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                            00000000771326f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                          0000000077132712 8 bytes {JMP 0x10}
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79           000000007713276f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184          00000000771327d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                          * 3
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299                  0000000077132b9b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375                  0000000077132be7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                          * 2
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                              00000000771330bb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920                              0000000077133248 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 33                                              00000000771337c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 274                                             00000000771338b2 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                          * 3
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197                 0000000077133a15 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                          0000000077133fb0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161                         0000000077134061 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277                         00000000771340d5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                          * 3
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214                             0000000077134216 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276                             0000000077134254 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 609                                       00000000771344c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284                          00000000771346ac 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483                          0000000077134773 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231                                       0000000077134867 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518                                       0000000077134986 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                          * 2
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256                      0000000077134ab0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67                         0000000077134b03 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501                      0000000077134d05 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256                                 0000000077134f00 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247                           0000000077135007 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 483                             00000000771351f3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438                             0000000077136006 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!atol + 194                                                00000000771361be 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76                                                00000000771363ac 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45                  00000000771363ed 8 bytes [50, 6C, F8, 7E, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4                      0000000077136404 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92                     000000007713645c 8 bytes [30, 6C, F8, 7E, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790                               0000000077136c26 8 bytes [20, 6C, F8, 7E, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                    000000007717dca0 8 bytes {JMP QWORD [RIP-0x478a2]}
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                  000000007717de20 8 bytes {JMP QWORD [RIP-0x479ca]}
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                        000000007717de50 8 bytes {JMP QWORD [RIP-0x47c98]}
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                      000000007717df70 8 bytes {JMP QWORD [RIP-0x47b89]}
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                          000000007717e020 8 bytes {JMP QWORD [RIP-0x47c7a]}
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                          000000007717e650 8 bytes {JMP QWORD [RIP-0x46b93]}
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                        000000007717e8a0 8 bytes {JMP QWORD [RIP-0x472a2]}
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                        000000007717f100 8 bytes {JMP QWORD [RIP-0x484e0]}
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1336] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                      0000000074bd13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1336] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                      0000000074bd146b 8 bytes {JMP 0xffffffffffffffb0}
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1336] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                   0000000074bd16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1336] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                0000000074bd19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1336] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                0000000074bd19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1336] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                          0000000074bd1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Fabian\Desktop\Gmer-19357.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                                                        00000000771313ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Fabian\Desktop\Gmer-19357.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500                                                                        0000000077131544 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Fabian\Desktop\Gmer-19357.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                                                                00000000771318ce 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Fabian\Desktop\Gmer-19357.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 644                                                                                0000000077131ad4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Fabian\Desktop\Gmer-19357.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212                                                                               0000000077131bb4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Fabian\Desktop\Gmer-19357.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                                                                  0000000077131d35 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Fabian\Desktop\Gmer-19357.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                                                      0000000077131e9f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Fabian\Desktop\Gmer-19357.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89                                                                                    0000000077131f85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Fabian\Desktop\Gmer-19357.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680                                                                        0000000077132248 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Fabian\Desktop\Gmer-19357.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                                                    00000000771326f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Fabian\Desktop\Gmer-19357.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                                                                  0000000077132712 8 bytes {JMP 0x10}
.text   C:\Users\Fabian\Desktop\Gmer-19357.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79                                                   000000007713276f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Fabian\Desktop\Gmer-19357.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184                                                  00000000771327d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                          * 3
.text   C:\Users\Fabian\Desktop\Gmer-19357.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299                                                          0000000077132b9b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Fabian\Desktop\Gmer-19357.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375                                                          0000000077132be7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                          * 2
.text   C:\Users\Fabian\Desktop\Gmer-19357.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                                                                      00000000771330bb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Fabian\Desktop\Gmer-19357.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920                                                                      0000000077133248 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Fabian\Desktop\Gmer-19357.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 33                                                                                      00000000771337c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Fabian\Desktop\Gmer-19357.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 274                                                                                     00000000771338b2 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                          * 3
.text   C:\Users\Fabian\Desktop\Gmer-19357.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197                                                         0000000077133a15 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Fabian\Desktop\Gmer-19357.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                                                                  0000000077133fb0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Fabian\Desktop\Gmer-19357.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161                                                                 0000000077134061 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Fabian\Desktop\Gmer-19357.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277                                                                 00000000771340d5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                          * 3
.text   C:\Users\Fabian\Desktop\Gmer-19357.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214                                                                     0000000077134216 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Fabian\Desktop\Gmer-19357.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276                                                                     0000000077134254 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Fabian\Desktop\Gmer-19357.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 609                                                                               00000000771344c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Fabian\Desktop\Gmer-19357.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284                                                                  00000000771346ac 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Fabian\Desktop\Gmer-19357.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483                                                                  0000000077134773 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Fabian\Desktop\Gmer-19357.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231                                                                               0000000077134867 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Fabian\Desktop\Gmer-19357.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518                                                                               0000000077134986 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                          * 2
.text   C:\Users\Fabian\Desktop\Gmer-19357.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256                                                              0000000077134ab0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Fabian\Desktop\Gmer-19357.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67                                                                 0000000077134b03 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Fabian\Desktop\Gmer-19357.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501                                                              0000000077134d05 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Fabian\Desktop\Gmer-19357.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256                                                                         0000000077134f00 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Fabian\Desktop\Gmer-19357.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247                                                                   0000000077135007 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Fabian\Desktop\Gmer-19357.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 483                                                                     00000000771351f3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Fabian\Desktop\Gmer-19357.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438                                                                     0000000077136006 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Fabian\Desktop\Gmer-19357.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!atol + 194                                                                                        00000000771361be 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...]
.text   C:\Users\Fabian\Desktop\Gmer-19357.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76                                                                                        00000000771363ac 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...]
.text   C:\Users\Fabian\Desktop\Gmer-19357.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45                                                          00000000771363ed 8 bytes [50, 6C, F8, 7E, 00, 00, 00, ...]
.text   C:\Users\Fabian\Desktop\Gmer-19357.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4                                                              0000000077136404 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...]
.text   C:\Users\Fabian\Desktop\Gmer-19357.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92                                                             000000007713645c 8 bytes [30, 6C, F8, 7E, 00, 00, 00, ...]
.text   C:\Users\Fabian\Desktop\Gmer-19357.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790                                                                       0000000077136c26 8 bytes [20, 6C, F8, 7E, 00, 00, 00, ...]
.text   C:\Users\Fabian\Desktop\Gmer-19357.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                                            000000007717dca0 8 bytes {JMP QWORD [RIP-0x478a2]}
.text   C:\Users\Fabian\Desktop\Gmer-19357.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                                          000000007717de20 8 bytes {JMP QWORD [RIP-0x479ca]}
.text   C:\Users\Fabian\Desktop\Gmer-19357.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                000000007717de50 8 bytes {JMP QWORD [RIP-0x47c98]}
.text   C:\Users\Fabian\Desktop\Gmer-19357.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                              000000007717df70 8 bytes {JMP QWORD [RIP-0x47b89]}
.text   C:\Users\Fabian\Desktop\Gmer-19357.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                  000000007717e020 8 bytes {JMP QWORD [RIP-0x47c7a]}
.text   C:\Users\Fabian\Desktop\Gmer-19357.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                  000000007717e650 8 bytes {JMP QWORD [RIP-0x46b93]}
.text   C:\Users\Fabian\Desktop\Gmer-19357.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                                                000000007717e8a0 8 bytes {JMP QWORD [RIP-0x472a2]}
.text   C:\Users\Fabian\Desktop\Gmer-19357.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                000000007717f100 8 bytes {JMP QWORD [RIP-0x484e0]}
.text   C:\Users\Fabian\Desktop\Gmer-19357.exe[5604] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                                                              0000000074bd13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Fabian\Desktop\Gmer-19357.exe[5604] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                                                              0000000074bd146b 8 bytes {JMP 0xffffffffffffffb0}
.text   C:\Users\Fabian\Desktop\Gmer-19357.exe[5604] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                                                           0000000074bd16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Fabian\Desktop\Gmer-19357.exe[5604] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                                                        0000000074bd19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Fabian\Desktop\Gmer-19357.exe[5604] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                                                        0000000074bd19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Fabian\Desktop\Gmer-19357.exe[5604] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                                                                  0000000074bd1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]

---- Threads - GMER 2.1 ----

Thread  C:\Windows\SysWOW64\ntdll.dll [3344:3152]                                                                                                                                    00000000003d1716
Thread  C:\Windows\SysWOW64\ntdll.dll [3344:2540]                                                                                                                                    00000000720a7a30
Thread  C:\Windows\SysWOW64\ntdll.dll [3344:2556]                                                                                                                                    000000007224c59c
Thread  C:\Windows\SysWOW64\ntdll.dll [3344:2560]                                                                                                                                    000000007224c59c
Thread  C:\Windows\SysWOW64\ntdll.dll [3344:2488]                                                                                                                                    000000007224c59c
Thread  C:\Windows\SysWOW64\ntdll.dll [3344:2336]                                                                                                                                    000000007224c59c
Thread  C:\Windows\SysWOW64\ntdll.dll [3344:4456]                                                                                                                                    000000007224c59c
Thread  C:\Windows\SysWOW64\ntdll.dll [3344:4460]                                                                                                                                    000000007224c59c
Thread  C:\Windows\SysWOW64\ntdll.dll [3344:4468]                                                                                                                                    000000007224c59c
Thread  C:\Windows\SysWOW64\ntdll.dll [3344:5556]                                                                                                                                    000000006a9cb73e
Thread  C:\Windows\SysWOW64\ntdll.dll [3344:5240]                                                                                                                                    000000007224c59c

---- Registry - GMER 2.1 ----

Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00027239198e                                                                                                  
Reg     HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{DE6BC663-A8BC-4A3A-8C3F-725461A28682}@LeaseObtainedTime                                                  1430338640
Reg     HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{DE6BC663-A8BC-4A3A-8C3F-725461A28682}@T1                                                                 1430338767
Reg     HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{DE6BC663-A8BC-4A3A-8C3F-725461A28682}@T2                                                                 1430338863
Reg     HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{DE6BC663-A8BC-4A3A-8C3F-725461A28682}@LeaseTerminatesTime                                                1430338895
Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00027239198e (not active ControlSet)                                                                              

---- EOF - GMER 2.1 ----
         

danke schonmal im voraus

Alt 30.04.2015, 05:57   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7: PC verhält sich komisch update.exe - Standard

Windows 7: PC verhält sich komisch update.exe



Hi,

Addition.txt fehlt noch
__________________

__________________

Alt 30.04.2015, 17:59   #3
Seppiro
 
Windows 7: PC verhält sich komisch update.exe - Standard

Windows 7: PC verhält sich komisch update.exe



heyho,

ich hoffe wurde so richtig erstellt frst wollte irgendwie nicht kam immer "Application Error 20683".

Addition.txt
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-04-2015
Ran by Fabian at 2015-04-30 18:49:00
Running from C:\Users\Fabian\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4180718120-1828569617-1736650471-500 - Administrator - Disabled)
Fabian (S-1-5-21-4180718120-1828569617-1736650471-1000 - Administrator - Enabled) => C:\Users\Fabian
Gast (S-1-5-21-4180718120-1828569617-1736650471-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4180718120-1828569617-1736650471-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ACP Application (Version: 2.15.10.0003 - Advanced Micro Devices, Inc.) Hidden
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Alien Isolation (HKLM-x32\...\Alien Isolation_is1) (Version:  - )
Alien Swarm (HKLM-x32\...\Steam App 630) (Version:  - Valve)
Allway Sync version 14.2.1 (HKLM\...\Allway Sync_is1) (Version:  - Botkind Inc)
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Archeage (HKLM-x32\...\Glyph Archeage) (Version:  - Trion Worlds, Inc.)
ASUS Bluetooth Suite (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.02.000.60 - ASUS Communications)
ASUS Xonar DG Audio Driver (HKLM\...\C-Media Oxygen HD Audio Driver) (Version:  - )
ASUS Xonar U7 Audio (HKLM-x32\...\{71B53BA8-4BE3-49AF-BC3E-07F39206632A}) (Version:   - ASUSTeK Computer Inc.)
Aufstieg des Hexenkönigs™ (HKLM-x32\...\{B931FB80-537A-4600-00AD-AC5DEDB6C25B}) (Version:  - )
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bitvise SSH Client 6.08 (remove only) (HKLM-x32\...\BvSshClient) (Version:  - )
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.04072 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.04072 - Cisco Systems, Inc.) Hidden
Cities Skylines Version 1.0.5 (HKLM-x32\...\Cities Skylines_is1) (Version: 1.0.5 - RFT)
Common Desktop Agent (Version: 1.53.0 - OEM) Hidden
Core Temp 1.0 RC6 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
CPUID HWMonitor 1.26 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
DeadCore (HKLM-x32\...\RGVhZENvcmU=_is1) (Version: 1 - )
Dev-C++ 5 beta 9 release (4.9.9.2) (HKLM-x32\...\Dev-C++) (Version:  - )
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Die Schlacht um Mittelerde™ II (HKLM-x32\...\{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}) (Version:  - )
Die Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.50.56 - Electronic Arts)
Die Sims™ 3 70er, 80er & 90er Accessoires (HKLM-x32\...\{E1868CAE-E3B9-4099-8C18-AA8944D336FD}) (Version: 17.0.77 - Electronic Arts)
Die Sims™ 3 Design-Garten-Accessoires (HKLM-x32\...\{117B6BF6-82C3-420C-B284-9247C8568E53}) (Version: 7.0.55 - Electronic Arts)
Die Sims™ 3 Diesel Accessoires (HKLM-x32\...\{1C9B6173-6DC9-4EEE-9EFC-6BA115CFBE43}) (Version: 14.0.48 - Electronic Arts)
Die Sims™ 3 Einfach tierisch (HKLM-x32\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts)
Die Sims™ 3 Gib Gas-Accessoires (HKLM-x32\...\{ED436EA8-4145-4703-AE5D-4D09DD24AF5A}) (Version: 5.0.44 - Electronic Arts)
Die Sims™ 3 Jahreszeiten (HKLM-x32\...\{3DE92282-CB49-434F-81BF-94E5B380E889}) (Version: 16.0.136 - Electronic Arts)
Die Sims™ 3 Late Night (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.0.81 - Electronic Arts)
Die Sims™ 3 Lebensfreude (HKLM-x32\...\{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}) (Version: 8.0.152 - Electronic Arts)
Die Sims™ 3 Luxus-Accessoires (HKLM-x32\...\{71828142-5A24-4BD0-97E7-976DA08CE6CF}) (Version: 3.0.38 - Electronic Arts)
Die Sims™ 3 Reiseabenteuer (HKLM-x32\...\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}) (Version: 2.0.86 - Electronic Arts)
Die Sims™ 3 Showtime (HKLM-x32\...\{3BBFD444-5FAB-49F6-98B1-A1954E831399}) (Version: 12.0.273 - Electronic Arts)
Die Sims™ 3 Stadt-Accessoires (HKLM-x32\...\{7B11296A-F894-449C-8DF6-6AAAA7D4D118}) (Version: 9.0.73 - Electronic Arts)
Die Sims™ 3 Supernatural (HKLM-x32\...\{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}) (Version: 15.0.135 - Electronic Arts)
Die Sims™ 3 Traumkarrieren (HKLM-x32\...\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}) (Version: 4.0.87 - Electronic Arts)
Die Sims™ 3 Traumsuite-Accessoires (HKLM-x32\...\{08A25478-C5DD-4EA7-B168-3D687CA987FF}) (Version: 11.0.84 - Electronic Arts)
Die Sims™ 3 Wildes Studentenleben (HKLM-x32\...\{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}) (Version: 18.0.126 - Electronic Arts)
Die*Sims™*3 Erstelle einen Sim (HKLM-x32\...\{89173B88-384A-459B-B687-9C0BBC934EF4}) (Version: 1.0.25 - Electronic Arts)
Divinity Original Sin (HKLM-x32\...\Divinity Original Sin_is1) (Version: 1.0 - PLAZA)
Divinity Original Sin Update v1.0.81 (HKLM-x32\...\RGl2aW5pdHlPcmlnaW5hbFNpbg==_is1) (Version: 1 - )
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
Final Fantasy XIII Fullscreen Edition MULTi5 1.0 (HKLM-x32\...\Final Fantasy XIII Fullscreen Edition MULTi5 1.0) (Version:  - )
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Glyph (HKLM-x32\...\Glyph) (Version:  - Trion Worlds, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Guitar Hero III (HKLM-x32\...\{0CE1A6C0-F3F7-49E6-8F9D-2431F9827441}) (Version: 1.00.0000 - Activision)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.0.1204 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.0.16 - Intel Corporation)
Intel® Chipsatz-Gerätesoftware (x32 Version: 10.0.17 - Intel(R) Corporation) Hidden
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java SE Development Kit 8 Update 20 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180200}) (Version: 8.0.200.26 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{653C1B5A-3287-47B1-8613-0745D4E771C4}) (Version: 15.0.0.463 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 15.0.0.463 - Kaspersky Lab) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.328 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.328 - LogMeIn, Inc.) Hidden
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Metal Gear Solid V Ground Zeroes (HKLM-x32\...\Metal Gear Solid V Ground Zeroes_is1) (Version:  - )
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}) (Version: 1.20.146.0 - Microsoft)
Middle Earth Shadow of Mordor (HKLM-x32\...\Middle Earth Shadow of Mordor_is1) (Version:  - )
Minecraft (HKLM-x32\...\{02BAAFC5-4E16-42E6-A9F6-8DDE0B7ED3B8}) (Version: 1.0.0.0 - Mojang)
MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com)
Mp3tag v2.63 (HKLM-x32\...\Mp3tag) (Version: v2.63 - Florian Heidenreich)
MSI Afterburner 4.0.0 (HKLM-x32\...\Afterburner) (Version: 4.0.0 - MSI Co., LTD)
NetWorx 5.3.3 (HKLM\...\NetWorx_is1) (Version:  - Softperfect Research)
Nokia Connectivity Cable Driver (HKLM-x32\...\{C3F19A5F-35A8-4FDB-A6ED-0F4CE398DA48}) (Version: 7.0.2.0 - Nokia)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.9 - Notepad++ Team)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Papers, Please (HKLM-x32\...\GOGPACKPAPERSPLEASE_is1) (Version: 2.4.0.10 - GOG.com)
PAYDAY: The Heist (HKLM-x32\...\Steam App 24240) (Version:  - OVERKILL Software)
PC Connectivity Solution (HKLM-x32\...\{83258E90-1F76-4E13-9F60-A0F8ED41E76F}) (Version: 8.22.7.0 - Nokia)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5875) (Version:  - )
PDF24 Creator 6.9.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
Pillars of Eternity (HKLM-x32\...\Steam App 291650) (Version:  - Obsidian Entertainment)
Populous: The Beginning (HKLM-x32\...\Populous: The Beginning) (Version:  - )
QuickPar 0.9 (HKLM-x32\...\QuickPar) (Version: 0.9 - Peter B. Clements)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.77.1126.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7213 - Realtek Semiconductor Corp.)
Resource Hacker Version 3.6.0 (HKLM-x32\...\ResourceHacker_is1) (Version:  - )
RocketDock 1.3.5 (HKLM-x32\...\RocketDock_is1) (Version:  - Punk Software)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.6 - Rockstar Games)
Samsung Easy Printer Manager (HKLM-x32\...\Samsung Easy Printer Manager) (Version: 1.02.06.10 - Samsung Electronics Co., Ltd.)
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version:  - Samsung Electronics Co., Ltd.)
Samsung Scan Assistant (HKLM-x32\...\Samsung Scan Assistant) (Version: 1.04.45.00 - Samsung Electronics Co., Ltd.)
Samsung SCX-3400 Series (HKLM-x32\...\Samsung SCX-3400 Series) (Version: 1.08 (07.05.2012) - Samsung Electronics Co., Ltd.)
ScummVM 1.7.0 (HKLM-x32\...\ScummVM_is1) (Version:  - The ScummVM Team)
Sherlock Holmes Crimes and Punishments (HKLM-x32\...\Sherlock Holmes Crimes and Punishments_is1) (Version: Sherlock Holmes Crimes and Punishments - )
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
TeamSpeak 3 Client (HKU\S-1-5-21-4180718120-1828569617-1736650471-1000\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
The Evil Within (HKLM-x32\...\VGhlRXZpbFdpdGhpbg==_is1) (Version: 1 - )
The Forest (HKLM-x32\...\Steam App 242760) (Version:  - Endnight Games Ltd)
Unity (HKLM-x32\...\Unity) (Version: 4.5.5f1 - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-4180718120-1828569617-1736650471-1000\...\UnityWebPlayer) (Version: 4.5.5f1 - Unity Technologies ApS)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Vegas Pro 13.0 (64-bit) (HKLM\...\{D2FD5391-6A9B-11E4-BBC6-F04DA23A5C58}) (Version: 13.0.428 - Sony)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Windows Driver Package - Broadcom Bluetooth  (05/27/2009 6.1.7100.0) (HKLM\...\B24074592222CFC1B8ABF520F9089E49FB1763D7) (Version: 05/27/2009 6.1.7100.0 - Broadcom)
Windows Driver Package - Broadcom Bluetooth  (09/11/2009 6.2.0.9407) (HKLM\...\3932CA781A7894D20116FDF60F878301800EA8AB) (Version: 09/11/2009 6.2.0.9407 - Broadcom)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16422 - Microsoft Corporation)
Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0) (HKLM\...\FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D) (Version: 08/22/2008 7.0.0.0 - Nokia)
WinRAR 5.10 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
X Rebirth (HKLM-x32\...\Steam App 2870) (Version:  - Egosoft)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

21-04-2015 17:36:17 Windows Update
23-04-2015 18:40:52 ComboFix created restore point
24-04-2015 18:54:21 Windows Update
26-04-2015 11:30:59 Installiert MOUSE Editor
26-04-2015 11:40:54 Konfiguriert MOUSE Editor
28-04-2015 19:00:54 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2015-04-23 18:44 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1CC7B6E4-B8F2-4C36-B589-0F394703D860} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {30749A7F-0D0B-4673-ADAC-D3C87D75AB24} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-29] (Google Inc.)
Task: {641A34AB-B9DA-4D07-B93B-9891EFAC0CB0} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {6A1D4910-5023-407C-9F8D-D4B6DDC40581} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\WSCStub.exe
Task: {9E03DB8E-C78F-43BF-8174-D0605283C26D} - System32\Tasks\Core Temp Autostart Fabian => D:\Programme\Core Temp\Core Temp.exe [2013-10-08] ()
Task: {A45C803D-E2EE-4606-A94E-FBE75524E986} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {ACB785B1-1BC5-46CF-9646-7F63AC615C0C} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe
Task: {C853C6D0-5785-4F5D-AE90-E7FA0F2CFBF8} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {DEC75990-8B6F-4E16-824B-19C4A250118E} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe
Task: {F42F4F34-0900-44EB-A1DF-C8FEF34AB76E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-29] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2010-07-15 06:44 - 2010-07-15 06:44 - 00020032 _____ () D:\Programme\Unlocker\UnlockerCOM.dll
2014-05-12 11:49 - 2014-05-12 11:49 - 00222720 _____ () D:\Programme\Notepad++\NppShell_06.dll
2014-05-14 11:02 - 2014-05-14 11:02 - 00034304 _____ () C:\Windows\System32\ssm1mlm.dll
2014-09-08 13:50 - 2014-04-16 10:22 - 00029184 _____ () C:\Windows\System32\usp01l.dll
2014-09-08 14:33 - 2014-04-16 10:22 - 00029184 _____ () C:\Windows\System32\uxs01l.dll
2014-08-29 16:40 - 2014-01-28 05:16 - 00936728 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
2010-12-17 18:13 - 2010-12-17 18:13 - 00438784 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
2010-12-17 18:13 - 2010-12-17 18:13 - 00050688 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrvPS.dll
2014-12-15 13:30 - 2013-10-08 14:23 - 00890016 _____ () D:\Programme\Core Temp\Core Temp.exe
2014-11-09 19:58 - 2014-06-06 16:41 - 00718336 _____ () D:\Programme\NetWorx\sqlite.dll
2014-11-29 13:28 - 2013-08-06 05:34 - 02453504 ____N () C:\Program Files\ASUS Xonar U7 Audio\CPL\ASUSXonarU7_x64.exe
2013-10-10 23:48 - 2013-10-10 23:48 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2014-08-29 16:40 - 2015-04-30 18:42 - 00028672 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\PEbiosinterface32.dll
2014-08-29 16:40 - 2014-01-28 05:16 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\ATKEX.dll
2014-03-06 15:00 - 2014-03-06 15:00 - 01269952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\kpcengine.2.3.dll
2014-03-20 11:43 - 2014-03-20 11:43 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:DocumentSummaryInformation
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:SummaryInformation
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4180718120-1828569617-1736650471-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^Fabian^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Curse.lnk => C:\Windows\pss\Curse.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AthBtTray => "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
MSCONFIG\startupreg: AtherosBtStack => "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
MSCONFIG\startupreg: Cisco AnyConnect Secure Mobility Agent for Windows => "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
MSCONFIG\startupreg: Cmaudio8788GX => C:\Windows\syswow64\HsMgr.exe Envoke
MSCONFIG\startupreg: Cmaudio8788GX64 => C:\Windows\system\HsMgr64.exe Envoke
MSCONFIG\startupreg: DAEMON Tools Lite => "D:\Programme\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: GrooveMonitor => "D:\Programme\Office 2007\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: OscarEditor => "C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe" Minimum
MSCONFIG\startupreg: PDFPrint => D:\Programme\PDF24\pdf24.exe

==================== FirewallRules (whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [{126D40EB-093A-4F6F-A8C2-D9BF725A58BA}] => (Allow) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
FirewallRules: [{2529D3CD-F41D-49AF-95D0-113481748674}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{0B7C5D07-3977-4A99-B81A-B956D3C60344}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{EE3645E1-6406-40EE-B3EE-CA93A2514ECB}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{4D51E2F0-EEF9-46D5-8DB4-D82F8AFDB5CE}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [TCP Query User{D9A4011C-69A4-4513-A613-DBC15B263A2E}D:\instal. spiele\company of heroes\reliccoh.exe] => (Allow) D:\instal. spiele\company of heroes\reliccoh.exe
FirewallRules: [UDP Query User{E225FC93-5B29-4428-8EF4-46003B1127F5}D:\instal. spiele\company of heroes\reliccoh.exe] => (Allow) D:\instal. spiele\company of heroes\reliccoh.exe
FirewallRules: [TCP Query User{0F5E3951-4237-4328-9525-2CEC670E7B0E}D:\instal. spiele\company of heroes\relicdownloader\relicdownloader.exe] => (Allow) D:\instal. spiele\company of heroes\relicdownloader\relicdownloader.exe
FirewallRules: [UDP Query User{6817F138-57E7-42EB-9A5B-BA36A712C15D}D:\instal. spiele\company of heroes\relicdownloader\relicdownloader.exe] => (Allow) D:\instal. spiele\company of heroes\relicdownloader\relicdownloader.exe
FirewallRules: [{87DF7FF7-301E-4A3C-AA73-B2247B1E048B}] => (Allow) D:\Programme\Steam\Steam.exe
FirewallRules: [{E556CEB1-EA14-43CF-A032-C8182BD3F21C}] => (Allow) D:\Programme\Steam\Steam.exe
FirewallRules: [{B47D555F-6254-424D-A26B-15A85DA93056}] => (Allow) D:\Programme\Steam\bin\steamwebhelper.exe
FirewallRules: [{D0069B9D-0DB7-41DD-83DD-1F47DD50DBE3}] => (Allow) D:\Programme\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{3C3B5B9D-4CBC-43E0-8257-729D6A613173}D:\programme\steam\steamapps\common\counter-strike global offensive\csgo.exe] => (Allow) D:\programme\steam\steamapps\common\counter-strike global offensive\csgo.exe
FirewallRules: [UDP Query User{EAA51FAC-74AC-4848-80BB-B06A5CD17527}D:\programme\steam\steamapps\common\counter-strike global offensive\csgo.exe] => (Allow) D:\programme\steam\steamapps\common\counter-strike global offensive\csgo.exe
FirewallRules: [{F79B3BE5-D434-42DA-B8E5-76C7608EF3AF}] => (Allow) D:\Instal. Spiele\Watch Dogs\bin\Watch_Dogs.exe
FirewallRules: [{BA97195F-F9F0-46E4-AA3A-6CF0A557344C}] => (Allow) D:\Instal. Spiele\Watch Dogs\bin\Watch_Dogs.exe
FirewallRules: [{7508F9D1-C962-458B-B6DB-591E0151BDF8}] => (Allow) D:\Programme\Steam\SteamApps\common\Nether\Launcher\Launcher.exe
FirewallRules: [{5236B19A-AA93-4263-9650-CB8E94CB31C5}] => (Allow) D:\Programme\Steam\SteamApps\common\Nether\Launcher\Launcher.exe
FirewallRules: [{49222A01-5AA6-4F0C-8855-584A3C4001A1}] => (Allow) D:\Programme\Winamp\winamp.exe
FirewallRules: [{726A8C4A-7240-4038-8010-B0FC0951D6FF}] => (Allow) D:\Programme\Winamp\winamp.exe
FirewallRules: [{42A91BB3-5423-485C-803A-7E3A65A159EF}] => (Allow) D:\Programme\Steam\SteamApps\common\Awesomenauts\AwesomenautsLauncher.exe
FirewallRules: [{9A2997EC-50D6-4312-9313-663BE5965CFA}] => (Allow) D:\Programme\Steam\SteamApps\common\Awesomenauts\AwesomenautsLauncher.exe
FirewallRules: [{552E830D-8CEA-4470-978C-E5CCB59F92CE}] => (Allow) D:\Programme\Steam\SteamApps\common\Natural Selection 2\NS2.exe
FirewallRules: [{B673C59D-25B2-4AE2-87AB-E69C18D2E90C}] => (Allow) D:\Programme\Steam\SteamApps\common\Natural Selection 2\NS2.exe
FirewallRules: [{6A153673-61FE-48CC-9DBA-93AFB656349D}] => (Allow) D:\Programme\Steam\SteamApps\common\FORCED\FORCED.exe
FirewallRules: [{2AD0C9CB-4C15-49EA-AEA1-32C3A9FF1040}] => (Allow) D:\Programme\Steam\SteamApps\common\FORCED\FORCED.exe
FirewallRules: [{A403BEE0-D629-4830-8765-ADFEBCAC0529}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\uninstall.exe
FirewallRules: [{FEE142F7-ECB2-4E41-91A0-0776E53A561E}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\uninstall.exe
FirewallRules: [TCP Query User{3709C2E8-C77F-4AF7-AA52-0CD9A82D1DE9}C:\program files\common files\common desktop agent\cdasrv.exe] => (Block) C:\program files\common files\common desktop agent\cdasrv.exe
FirewallRules: [UDP Query User{90720818-0300-46DF-9059-96DCBCCA17D0}C:\program files\common files\common desktop agent\cdasrv.exe] => (Block) C:\program files\common files\common desktop agent\cdasrv.exe
FirewallRules: [{DCE886AC-15D2-42CD-91CD-BAACE7A4D684}] => (Allow) C:\Windows\twain_32\Samsung\SCX3400\SCNSearch\USDAgent.exe
FirewallRules: [{7BE85624-6805-4CA3-92D7-F77563090083}] => (Allow) C:\Windows\twain_32\Samsung\SCX3400\SCNSearch\USDAgent.exe
FirewallRules: [{5967A61C-55AC-4C9F-B142-BCDC47FB9659}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{88694833-8B21-48C0-BFAB-5A0461441D29}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{DE29A90E-37F2-4D9A-A9D2-7C11A242AAB8}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDS.Application.exe
FirewallRules: [{2B216492-2EC3-4FAD-8CAD-B85549C810CE}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDS.Application.exe
FirewallRules: [{5246EFC9-61BC-4A2E-AF66-39D59CCA00D8}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe
FirewallRules: [{DF0D10A8-0A52-4E3D-B26C-F58FB5FE391F}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe
FirewallRules: [{373FBC04-DD47-4762-B64B-48E7D6527F8A}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDSAlert.exe
FirewallRules: [{5DE1D456-EA29-41BD-8668-BCE9BA691490}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDSAlert.exe
FirewallRules: [{244FAA94-CA66-4C50-95C7-7180359139CF}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe
FirewallRules: [{F8C9262B-C46C-4222-B656-7DA0561E25FE}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe
FirewallRules: [{80EE845A-A4D6-4422-935C-827CBD9EAC38}] => (Allow) C:\Program Files (x86)\Scan Assistant\USDAgent.exe
FirewallRules: [{C0F4BBA1-D209-4A04-A527-3E0DFAF9BC52}] => (Allow) C:\Program Files (x86)\Scan Assistant\USDAgent.exe
FirewallRules: [{F118C9E4-6BB3-401B-93DF-03D991C631F9}] => (Allow) D:\Programme\Steam\SteamApps\common\ContagionBeta\contagion.exe
FirewallRules: [{0F9270A3-AE56-4160-9EB9-C70B1512D6D4}] => (Allow) D:\Programme\Steam\SteamApps\common\ContagionBeta\contagion.exe
FirewallRules: [{671C4D69-B1D9-401D-8EED-4FCA64B4DADD}] => (Allow) D:\Programme\Steam\SteamApps\common\Red Orchestra 2\Binaries\Win32\ROGame.exe
FirewallRules: [{64E7487E-14C9-4159-B704-7AD4B9C76814}] => (Allow) D:\Programme\Steam\SteamApps\common\Red Orchestra 2\Binaries\Win32\ROGame.exe
FirewallRules: [{8A9414B8-D0E7-40AF-AE45-C65EAFB481E5}] => (Allow) D:\Programme\Steam\SteamApps\common\CSNZ\Bin\cstrike-online.exe
FirewallRules: [{6B8B6885-CACC-4069-9654-A064B9198B8D}] => (Allow) D:\Programme\Steam\SteamApps\common\CSNZ\Bin\cstrike-online.exe
FirewallRules: [{A060FDDE-1AD6-4DCA-9B9C-97AD7E9C1C0A}] => (Allow) D:\Programme\Office 2007\Office12\outlook.exe
FirewallRules: [{FC8CB7A8-38F9-4282-BEFD-614CC84F41EA}] => (Allow) D:\Programme\Office 2007\Office12\GROOVE.EXE
FirewallRules: [{26F7DDED-BB7A-47EE-854F-A627DC9AFBD3}] => (Allow) D:\Programme\Office 2007\Office12\GROOVE.EXE
FirewallRules: [{E1CCC8C2-4D6D-4C94-B2BB-0F5225C41F9C}] => (Allow) D:\Programme\Office 2007\Office12\ONENOTE.EXE
FirewallRules: [{9A78EF37-9F18-4C45-9775-083C1B3E8CAA}] => (Allow) D:\Programme\Office 2007\Office12\ONENOTE.EXE
FirewallRules: [{8C9D250F-19E1-43BE-89A5-9312FFADE03A}] => (Allow) D:\Programme\Steam\SteamApps\common\rust\experimental\Rust.exe
FirewallRules: [{C7B535BB-47A7-4D9B-A7BD-895519557528}] => (Allow) D:\Programme\Steam\SteamApps\common\rust\experimental\Rust.exe
FirewallRules: [{F2BCE979-66F4-46C2-A290-D0AA6E3294E3}] => (Allow) D:\Programme\Steam\SteamApps\common\rust\Rust.exe
FirewallRules: [{F7C962E8-EB33-4901-80A5-C4B90052F19D}] => (Allow) D:\Programme\Steam\SteamApps\common\rust\Rust.exe
FirewallRules: [{B3191724-3A71-48AB-9C41-2F012847E11F}] => (Allow) D:\Programme\Steam\SteamApps\common\Might & Magic - Duel of Champions\Game.exe
FirewallRules: [{C67C27E0-6716-482F-8134-7197413010F8}] => (Allow) D:\Programme\Steam\SteamApps\common\Might & Magic - Duel of Champions\Game.exe
FirewallRules: [{9B79CED7-04EC-4676-8AD3-A124376CF7D9}] => (Allow) D:\Programme\Steam\SteamApps\common\PAYDAY The Heist\payday_win32_release.exe
FirewallRules: [{7812799B-92A5-4643-BEFC-BD2AD83B91E9}] => (Allow) D:\Programme\Steam\SteamApps\common\PAYDAY The Heist\payday_win32_release.exe
FirewallRules: [{9DD4DFAB-BB25-4538-AF46-66326020A159}] => (Allow) C:\Users\Fabian\AppData\Local\Temp\7zSEFEA.tmp\SymNRT.exe
FirewallRules: [{715E8734-F975-4E9F-B07D-F630A61F53A8}] => (Allow) C:\Users\Fabian\AppData\Local\Temp\7zSEFEA.tmp\SymNRT.exe
FirewallRules: [TCP Query User{9F0E65F7-0E41-4D9B-A3B5-6BD823F97A7F}D:\programme\jdownloader v2.0\jdownloader2.exe] => (Allow) D:\programme\jdownloader v2.0\jdownloader2.exe
FirewallRules: [UDP Query User{89E0C11E-1BAB-4B4F-8587-532B77D36E8F}D:\programme\jdownloader v2.0\jdownloader2.exe] => (Allow) D:\programme\jdownloader v2.0\jdownloader2.exe
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{518F0AF6-6188-432E-A3B6-DA6EB8E9BCE1}] => (Allow) D:\Instal. Spiele\Schlacht um Mittelerde II\game.dat
FirewallRules: [{59DC0C54-72FB-44D1-B166-1F135BD4C2A1}] => (Allow) D:\Instal. Spiele\Schlacht um Mittelerde II\game.dat
FirewallRules: [{A3EC5A87-E40E-4D87-BEF8-F1040783FF90}] => (Allow) D:\Instal. Spiele\Schlacht um Mittelerde II\EP1\game.dat
FirewallRules: [{7C096FCA-5EEE-4AB2-A3DE-1ACD258ABD98}] => (Allow) D:\Instal. Spiele\Schlacht um Mittelerde II\EP1\game.dat
FirewallRules: [{8B9C04AE-9637-4440-AB8B-D89AC078151A}] => (Allow) D:\Programme\Steam\SteamApps\common\Evolve\Bin64_SteamRetail\StaticLauncher64.exe
FirewallRules: [{A8DD9AD1-C56E-49D6-9017-45AFDBCF406B}] => (Allow) D:\Programme\Steam\SteamApps\common\Evolve\Bin64_SteamRetail\StaticLauncher64.exe
FirewallRules: [{86E7242A-9D96-4298-8670-9D1AE288D21E}] => (Allow) D:\Programme\NetWorx\networx.exe
FirewallRules: [{9202B144-E700-4247-978D-B791CC390E01}] => (Allow) D:\Programme\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{366F1AB6-0B34-476D-B345-78FE63A58B02}] => (Allow) D:\Programme\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{E94474CA-3AB9-440C-8052-3A9E393A9ACA}] => (Allow) D:\Instal. Spiele\StarCraft II\Versions\Base10095\SC2.exe
FirewallRules: [{B74A7CB4-A035-400A-AA17-4ACC4C415055}] => (Allow) D:\Instal. Spiele\StarCraft II\Versions\Base10095\SC2.exe
FirewallRules: [{BFE65768-4859-401A-8C3C-B742C1B3DE64}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{130E8B5A-01D6-4515-9487-3F5BF1DEA8D6}] => (Allow) D:\Instal. Spiele\Battle.net\Battle.net.exe
FirewallRules: [{8C8B2ED7-2235-4370-B257-08602D28BEE9}] => (Allow) D:\Instal. Spiele\Battle.net\Battle.net.exe
FirewallRules: [{4E22747B-8003-47C3-AE83-59BEB2E02528}] => (Allow) D:\Instal. Spiele\StarCraft II\StarCraft II.exe
FirewallRules: [{A9CE2AF1-9336-4E93-A13E-7D320173C1C4}] => (Allow) D:\Instal. Spiele\StarCraft II\StarCraft II.exe
FirewallRules: [{B40B2C0F-B623-457E-85CA-3CB224D8E4D6}] => (Allow) D:\Instal. Spiele\StarCraft II\Versions\Base32283\SC2.exe
FirewallRules: [{A45D6EFC-8B2F-4C60-A2D6-51DEF5D1D3A9}] => (Allow) D:\Instal. Spiele\StarCraft II\Versions\Base32283\SC2.exe
FirewallRules: [{E99B6593-EE81-41E8-B87C-713BBAD64292}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{B67220F5-C708-40E8-9D75-33D20403B864}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{12680B01-D11B-4A68-9D13-FA78758AF63A}] => (Allow) D:\Programme\Steam\SteamApps\common\The Forest\TheForest.exe
FirewallRules: [{1EF3F487-5341-4462-9811-23766BAA51A3}] => (Allow) D:\Programme\Steam\SteamApps\common\The Forest\TheForest.exe
FirewallRules: [{BBF55456-571D-495F-9BC8-207970306E69}] => (Allow) D:\Programme\Steam\SteamApps\common\Alien Swarm\swarm.exe
FirewallRules: [{D7482FA6-909F-4951-B2CC-28462B4540CA}] => (Allow) D:\Programme\Steam\SteamApps\common\Alien Swarm\swarm.exe
FirewallRules: [{E3A08889-BB13-41BF-A363-9CDD9756B556}] => (Allow) D:\Programme\Steam\SteamApps\common\EvolveBeta\Bin64_SteamRetail\StaticLauncher64.exe
FirewallRules: [{D0358B0C-009F-4715-9A5D-F5A88BF835F7}] => (Allow) D:\Programme\Steam\SteamApps\common\EvolveBeta\Bin64_SteamRetail\StaticLauncher64.exe
FirewallRules: [{31959812-D8CA-474F-AABD-B9B4D2CE5067}] => (Allow) D:\Programme\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{C24B061F-2ED5-4DA4-9455-FDCFB62DBF00}] => (Allow) D:\Programme\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{48C999B4-6D09-4C05-802A-AD7E437C7482}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{720408E5-C167-4234-9EB9-8A8286890FEC}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{3E7735FD-2EE9-4DD5-B577-D2A5B0213B7E}] => (Allow) D:\Programme\Steam\SteamApps\common\ContagionBeta\contagionds.exe
FirewallRules: [{3053D015-3A04-4D33-9D44-B7E55C794C78}] => (Allow) D:\Programme\Steam\SteamApps\common\ContagionBeta\contagionds.exe
FirewallRules: [{C00D6229-9639-4FA8-A3D9-4DDC8183FD0B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
FirewallRules: [{4C0604C6-E5B4-4803-8384-4E1F50218729}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
FirewallRules: [{33D196DF-107A-41B7-B77C-39552F8E5AE5}] => (Allow) D:\Instal. Spiele\Diablo III\Diablo III.exe
FirewallRules: [{8D732DFE-BD07-4415-9D9B-144989B4B97B}] => (Allow) D:\Instal. Spiele\Diablo III\Diablo III.exe
FirewallRules: [{67F2933E-A2BD-483E-8F5A-67A7D741C54B}] => (Allow) D:\Programme\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{1FEC85A9-DC2B-4080-A936-4A8B57DC22CB}] => (Allow) D:\Programme\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{0270711D-561F-4614-B6C5-1E88FB17D949}] => (Allow) D:\Programme\Steam\SteamApps\common\X Rebirth\XRebirth.exe
FirewallRules: [{33887468-BCEB-4D24-9926-3BD3FDB05F07}] => (Allow) D:\Programme\Steam\SteamApps\common\X Rebirth\XRebirth.exe
FirewallRules: [{D3A72FA3-95D1-430F-91EE-F253CCB51943}] => (Allow) D:\Programme\Steam\SteamApps\common\Pillars of Eternity\PillarsOfEternity.exe
FirewallRules: [{FD32633C-D137-4379-8BEC-20D0D60561A6}] => (Allow) D:\Programme\Steam\SteamApps\common\Pillars of Eternity\PillarsOfEternity.exe
FirewallRules: [{B7A37CD8-E7F1-4EF9-B011-8B3867E2B062}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{4E1434DC-F346-47AD-9EA8-51E5B72F8356}] => (Allow) D:\Programme\Steam\SteamApps\common\rust\legacy\rust.exe
FirewallRules: [{DB852E69-B36B-485A-8561-2787140A2565}] => (Allow) D:\Programme\Steam\SteamApps\common\rust\legacy\rust.exe

==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/30/2015 06:48:40 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm FRST64.exe, Version 29.4.2015.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1510

Startzeit: 01d08364cb620c56

Endzeit: 2

Anwendungspfad: C:\Users\Fabian\Desktop\FRST64.exe

Berichts-ID:

Error: (04/29/2015 10:13:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Softlic.exe, Version: 0.0.0.0, Zeitstempel: 0x549cb8f8
Name des fehlerhaften Moduls: Softlic.exe, Version: 0.0.0.0, Zeitstempel: 0x549cb8f8
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000e39e
ID des fehlerhaften Prozesses: 0xa3c
Startzeit der fehlerhaften Anwendung: 0xSoftlic.exe0
Pfad der fehlerhaften Anwendung: Softlic.exe1
Pfad des fehlerhaften Moduls: Softlic.exe2
Berichtskennung: Softlic.exe3
         
__________________

Alt 01.05.2015, 15:43   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7: PC verhält sich komisch update.exe - Standard

Windows 7: PC verhält sich komisch update.exe



hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 01.05.2015, 15:54   #5
Seppiro
 
Windows 7: PC verhält sich komisch update.exe - Standard

Windows 7: PC verhält sich komisch update.exe



heyho hier die combofix log

Code:
ATTFilter
ComboFix 15-04-28.01 - Fabian 01.05.2015  16:50:09.2.8 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.8135.5805 [GMT 2:00]
ausgeführt von:: c:\users\Fabian\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}
FW: Kaspersky Internet Security *Disabled* {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
SP: Kaspersky Internet Security *Disabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\run.exe
c:\windows\SysWow64\Update.exe
c:\windows\SysWow64\update_.exe
c:\windows\SysWow64\update64.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2015-04-01 bis 2015-05-01  ))))))))))))))))))))))))))))))
.
.
2015-05-01 14:52 . 2015-05-01 14:52	--------	d-----w-	c:\users\Default\AppData\Local\temp
2015-04-23 16:20 . 2015-04-23 16:47	136408	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-04-23 16:19 . 2015-04-23 16:20	--------	d-----w-	c:\program files (x86)\ Malwarebytes Anti-Malware 
2015-04-23 16:19 . 2015-04-23 16:19	--------	d-----w-	c:\programdata\Malwarebytes
2015-04-23 16:19 . 2015-04-14 07:37	63704	----a-w-	c:\windows\system32\drivers\mwac.sys
2015-04-23 16:19 . 2015-04-14 07:37	107736	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2015-04-23 16:19 . 2015-04-14 07:37	25816	----a-w-	c:\windows\system32\drivers\mbam.sys
2015-04-19 12:16 . 2015-04-19 12:16	--------	d-----w-	c:\users\Fabian\AppData\Local\PDF24
2015-04-16 17:37 . 2015-04-16 17:37	--------	d-----w-	c:\program files (x86)\Rockstar Games
2015-04-16 17:36 . 2015-04-16 17:36	--------	d-----w-	c:\program files\Rockstar Games
2015-04-16 17:18 . 2015-04-16 17:18	--------	d-----w-	c:\users\Fabian\AppData\Local\Rockstar Games
2015-04-13 18:32 . 2015-04-13 18:32	--------	d-----w-	c:\users\Fabian\AppData\Local\Aspyr
2015-04-13 18:28 . 2015-04-13 18:28	--------	d--h--r-	c:\users\Fabian\AppData\Roaming\SecuROM
2015-04-13 18:28 . 2015-04-13 18:28	178800	----a-w-	c:\windows\SysWow64\CmdLineExt_x64.dll
2015-04-13 17:28 . 2008-05-07 05:39	66560	----a-w-	c:\windows\system32\nmwcdclsx64.dll
2015-04-13 17:28 . 2015-04-30 22:37	--------	dc----w-	c:\windows\system32\DRVSTORE
2015-04-13 17:27 . 2015-04-13 17:27	--------	d-----w-	c:\programdata\Installations
2015-04-04 18:59 . 2015-04-04 18:59	--------	d-s---w-	c:\windows\system32\GWX
2015-04-04 18:59 . 2015-04-04 18:59	--------	d-s---w-	c:\windows\SysWow64\GWX
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-05-01 11:13 . 2014-08-29 15:05	65536	----a-w-	c:\windows\system32\spu_storage.bin
2015-04-15 21:17 . 2014-08-29 16:13	128913832	----a-w-	c:\windows\system32\MRT.exe
2015-03-30 17:02 . 2015-03-30 17:01	1622528	----a-w-	c:\windows\SysWow64\Softlic.exe
2015-03-30 13:25 . 2015-01-29 16:58	33856	---ha-w-	c:\windows\system32\hamachi.sys
2015-03-17 04:56 . 2015-04-15 16:54	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2015-02-26 03:25 . 2015-03-11 18:15	3204096	----a-w-	c:\windows\system32\win32k.sys
2015-02-24 02:17 . 2014-08-29 14:49	295552	------w-	c:\windows\system32\MpSigStub.exe
2015-02-20 04:41 . 2015-03-11 18:17	41984	----a-w-	c:\windows\system32\lpk.dll
2015-02-20 04:40 . 2015-03-11 18:17	100864	----a-w-	c:\windows\system32\fontsub.dll
2015-02-20 04:40 . 2015-03-11 18:17	14336	----a-w-	c:\windows\system32\dciman32.dll
2015-02-20 04:40 . 2015-03-11 18:17	46080	----a-w-	c:\windows\system32\atmlib.dll
2015-02-20 04:13 . 2015-03-11 18:17	70656	----a-w-	c:\windows\SysWow64\fontsub.dll
2015-02-20 04:13 . 2015-03-11 18:17	10240	----a-w-	c:\windows\SysWow64\dciman32.dll
2015-02-20 04:13 . 2015-03-11 18:17	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2015-02-20 04:12 . 2015-03-11 18:17	25600	----a-w-	c:\windows\SysWow64\lpk.dll
2015-02-20 03:29 . 2015-03-11 18:17	372224	----a-w-	c:\windows\system32\atmfd.dll
2015-02-20 03:09 . 2015-03-11 18:17	299008	----a-w-	c:\windows\SysWow64\atmfd.dll
2015-02-17 15:04 . 2015-02-17 15:04	1202848	----a-w-	c:\windows\SysWow64\FM20.DLL
2015-02-13 05:22 . 2015-03-11 18:16	14177280	----a-w-	c:\windows\system32\shell32.dll
2015-02-04 10:23 . 2015-02-04 10:23	875688	----a-w-	c:\windows\SysWow64\msvcr120_clr0400.dll
2015-02-04 10:13 . 2015-02-04 10:13	869536	----a-w-	c:\windows\system32\msvcr120_clr0400.dll
2015-02-04 03:16 . 2015-03-11 18:14	465920	----a-w-	c:\windows\system32\WMPhoto.dll
2015-02-04 02:54 . 2015-03-11 18:14	417792	----a-w-	c:\windows\SysWow64\WMPhoto.dll
2015-02-03 03:34 . 2015-03-11 18:17	693176	----a-w-	c:\windows\system32\winload.efi
2015-02-03 03:34 . 2015-03-11 18:17	94656	----a-w-	c:\windows\system32\drivers\mountmgr.sys
2015-02-03 03:33 . 2015-03-11 18:17	616360	----a-w-	c:\windows\system32\winresume.efi
2015-02-03 03:31 . 2015-03-11 18:17	782848	----a-w-	c:\windows\system32\wmdrmsdk.dll
2015-02-03 03:31 . 2015-03-11 18:17	229376	----a-w-	c:\windows\system32\wintrust.dll
2015-02-03 03:31 . 2015-03-11 18:17	14632960	----a-w-	c:\windows\system32\wmp.dll
2015-02-03 03:31 . 2015-03-11 18:16	1424896	----a-w-	c:\windows\system32\WindowsCodecs.dll
2015-02-03 03:31 . 2015-03-11 18:15	215552	----a-w-	c:\windows\system32\ubpm.dll
2015-02-03 03:31 . 2015-03-11 18:16	5120	----a-w-	c:\windows\system32\msdxm.ocx
2015-02-03 03:31 . 2015-03-11 18:16	5120	----a-w-	c:\windows\system32\dxmasf.dll
2015-02-03 03:31 . 2015-03-11 18:16	63488	----a-w-	c:\windows\system32\setbcdlocale.dll
2015-02-03 03:31 . 2015-03-11 18:17	500224	----a-w-	c:\windows\system32\AUDIOKSE.dll
2015-02-03 03:31 . 2015-03-11 18:17	1574400	----a-w-	c:\windows\system32\quartz.dll
2015-02-03 03:31 . 2015-03-11 18:16	371712	----a-w-	c:\windows\system32\qdvd.dll
2015-02-03 03:31 . 2015-03-11 18:17	188416	----a-w-	c:\windows\system32\pcasvc.dll
2015-02-03 03:31 . 2015-03-11 18:16	9728	----a-w-	c:\windows\system32\spwmp.dll
2015-02-03 03:31 . 2015-03-11 18:16	37376	----a-w-	c:\windows\system32\pcadm.dll
2015-02-03 03:31 . 2015-03-11 18:17	641024	----a-w-	c:\windows\system32\msscp.dll
2015-02-03 03:31 . 2015-03-11 18:16	325632	----a-w-	c:\windows\system32\msnetobj.dll
2015-02-03 03:31 . 2015-03-11 18:16	11264	----a-w-	c:\windows\system32\msmmsp.dll
2015-02-03 03:31 . 2015-03-11 18:17	4121600	----a-w-	c:\windows\system32\mf.dll
2015-02-03 03:31 . 2015-03-11 18:17	432128	----a-w-	c:\windows\system32\mfplat.dll
2015-02-03 03:31 . 2015-03-11 18:16	206848	----a-w-	c:\windows\system32\mfps.dll
2015-02-03 03:30 . 2015-03-11 18:17	631808	----a-w-	c:\windows\system32\evr.dll
2015-02-03 03:30 . 2015-03-11 18:16	284672	----a-w-	c:\windows\system32\EncDump.dll
2015-02-03 03:30 . 2015-03-11 18:17	497664	----a-w-	c:\windows\system32\drmmgrtn.dll
2015-02-03 03:30 . 2015-03-11 18:17	1202176	----a-w-	c:\windows\system32\drmv2clt.dll
2015-02-03 03:30 . 2015-03-11 18:17	1480192	----a-w-	c:\windows\system32\crypt32.dll
2015-02-03 03:30 . 2015-03-11 18:17	140288	----a-w-	c:\windows\system32\cryptnet.dll
2015-02-03 03:30 . 2015-03-11 18:17	1069056	----a-w-	c:\windows\system32\cryptui.dll
2015-02-03 03:30 . 2015-03-11 18:16	82432	----a-w-	c:\windows\system32\cryptsp.dll
2015-02-03 03:30 . 2015-03-11 18:16	187904	----a-w-	c:\windows\system32\cryptsvc.dll
2015-02-03 03:30 . 2015-03-11 18:17	842240	----a-w-	c:\windows\system32\blackbox.dll
2015-02-03 03:30 . 2015-03-11 18:17	680960	----a-w-	c:\windows\system32\audiosrv.dll
2015-02-03 03:30 . 2015-03-11 18:16	440832	----a-w-	c:\windows\system32\AudioEng.dll
2015-02-03 03:30 . 2015-03-11 18:16	296448	----a-w-	c:\windows\system32\AudioSes.dll
2015-02-03 03:30 . 2015-03-11 18:16	58880	----a-w-	c:\windows\system32\appidapi.dll
2015-02-03 03:30 . 2015-03-11 18:16	32256	----a-w-	c:\windows\system32\appidsvc.dll
2015-02-03 03:30 . 2015-03-11 18:16	55808	----a-w-	c:\windows\system32\rrinstaller.exe
2015-02-03 03:30 . 2015-03-11 18:16	9728	----a-w-	c:\windows\system32\pcalua.exe
2015-02-03 03:30 . 2015-03-11 18:16	11264	----a-w-	c:\windows\system32\pcawrk.exe
2015-02-03 03:30 . 2015-03-11 18:16	24576	----a-w-	c:\windows\system32\mfpmp.exe
2015-02-03 03:30 . 2015-03-11 18:16	17920	----a-w-	c:\windows\system32\appidcertstorecheck.exe
2015-02-03 03:30 . 2015-03-11 18:16	146944	----a-w-	c:\windows\system32\appidpolicyconverter.exe
2015-02-03 03:30 . 2015-03-11 18:16	126464	----a-w-	c:\windows\system32\audiodg.exe
2015-02-03 03:30 . 2015-03-11 18:16	12625920	----a-w-	c:\windows\system32\wmploc.DLL
2015-02-03 03:29 . 2015-03-11 18:16	8704	----a-w-	c:\windows\system32\pcaevts.dll
2015-02-03 03:28 . 2015-03-11 18:16	2048	----a-w-	c:\windows\system32\mferror.dll
2015-02-03 03:19 . 2015-03-11 18:16	663552	----a-w-	c:\windows\system32\drivers\PEAuth.sys
2015-02-03 03:12 . 2015-03-11 18:17	617984	----a-w-	c:\windows\SysWow64\wmdrmsdk.dll
2015-02-03 03:12 . 2015-03-11 18:17	179200	----a-w-	c:\windows\SysWow64\wintrust.dll
2015-02-03 03:12 . 2015-03-11 18:16	1230848	----a-w-	c:\windows\SysWow64\WindowsCodecs.dll
2015-02-03 03:12 . 2015-03-11 18:15	171520	----a-w-	c:\windows\SysWow64\ubpm.dll
2015-02-03 03:12 . 2015-03-11 18:16	4096	----a-w-	c:\windows\SysWow64\msdxm.ocx
2015-02-03 03:12 . 2015-03-11 18:16	4096	----a-w-	c:\windows\SysWow64\dxmasf.dll
2015-02-03 03:12 . 2015-03-11 18:17	519680	----a-w-	c:\windows\SysWow64\qdvd.dll
2015-02-03 03:12 . 2015-03-11 18:17	1329664	----a-w-	c:\windows\SysWow64\quartz.dll
2015-02-03 03:12 . 2015-03-11 18:16	442880	----a-w-	c:\windows\SysWow64\AUDIOKSE.dll
2015-02-03 03:12 . 2015-03-11 18:16	8192	----a-w-	c:\windows\SysWow64\spwmp.dll
2015-02-03 03:12 . 2015-03-11 18:17	504320	----a-w-	c:\windows\SysWow64\msscp.dll
2015-02-03 03:12 . 2015-03-11 18:16	265216	----a-w-	c:\windows\SysWow64\msnetobj.dll
2015-02-03 03:12 . 2015-03-11 18:17	3209728	----a-w-	c:\windows\SysWow64\mf.dll
2015-02-03 03:12 . 2015-03-11 18:17	354816	----a-w-	c:\windows\SysWow64\mfplat.dll
2015-02-03 03:12 . 2015-03-11 18:16	103424	----a-w-	c:\windows\SysWow64\mfps.dll
2015-02-03 03:12 . 2015-03-11 18:17	489984	----a-w-	c:\windows\SysWow64\evr.dll
2015-02-03 03:12 . 2015-03-11 18:17	988160	----a-w-	c:\windows\SysWow64\drmv2clt.dll
2015-02-03 03:12 . 2015-03-11 18:17	406016	----a-w-	c:\windows\SysWow64\drmmgrtn.dll
2015-02-03 03:12 . 2015-03-11 18:17	1174528	----a-w-	c:\windows\SysWow64\crypt32.dll
2015-02-03 03:12 . 2015-03-11 18:17	103936	----a-w-	c:\windows\SysWow64\cryptnet.dll
2015-02-03 03:12 . 2015-03-11 18:17	1005056	----a-w-	c:\windows\SysWow64\cryptui.dll
2015-02-03 03:12 . 2015-03-11 18:16	81408	----a-w-	c:\windows\SysWow64\cryptsp.dll
2015-02-03 03:12 . 2015-03-11 18:16	143872	----a-w-	c:\windows\SysWow64\cryptsvc.dll
2015-02-03 03:12 . 2015-03-11 18:17	744960	----a-w-	c:\windows\SysWow64\blackbox.dll
2015-02-03 03:12 . 2015-03-11 18:16	50688	----a-w-	c:\windows\SysWow64\appidapi.dll
2015-02-03 03:12 . 2015-03-11 18:16	374784	----a-w-	c:\windows\SysWow64\AudioEng.dll
2015-02-03 03:12 . 2015-03-11 18:16	195584	----a-w-	c:\windows\SysWow64\AudioSes.dll
2015-02-03 03:11 . 2015-03-11 18:16	50176	----a-w-	c:\windows\SysWow64\rrinstaller.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="d:\programme\Steam\steam.exe" [2015-04-13 2889408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2014-02-21 292848]
"Dolby Home Theater v4"="c:\program files (x86)\Dolby Home Theater v4\pcee4.exe" [2012-08-31 508656]
"StartCCC"="c:\program files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2014-11-20 767176]
"LogMeIn Hamachi Ui"="d:\programme\Hamachi\hamachi-2-ui.exe" [2015-03-30 3978600]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 AVP15.0.0;Kaspersky Anti-Virus Service 15.0.0;c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe;c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 Software licensing;Software licensing service;c:\windows\SysWOW64\Softlic.exe;c:\windows\SysWOW64\Softlic.exe [x]
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys;c:\windows\SYSNATIVE\DRIVERS\acsock64.sys [x]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys;c:\windows\SYSNATIVE\Drivers\AthDfu.sys [x]
R3 BTCOM;Bluetooth Serial port driver;c:\windows\system32\DRIVERS\btcomport.sys;c:\windows\SYSNATIVE\DRIVERS\btcomport.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
R3 cmudaxp;ASUS Xonar DGX Audio Interface;c:\windows\system32\drivers\cmudaxp.sys;c:\windows\SYSNATIVE\drivers\cmudaxp.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 EasyAntiCheat;EasyAntiCheat;c:\windows\system32\EasyAntiCheat.exe;c:\windows\SYSNATIVE\EasyAntiCheat.exe [x]
R3 GPUZ;GPUZ;c:\windows\TEMP\GPUZ.sys;c:\windows\TEMP\GPUZ.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 IvtAudioBusSrv;IvtAudioBusSrv;c:\windows\system32\Drivers\IvtBtBus.sys;c:\windows\SYSNATIVE\Drivers\IvtBtBus.sys [x]
R3 IvtComBusSrv;IvtComBusSrv;c:\windows\system32\Drivers\btcombus.sys;c:\windows\SYSNATIVE\Drivers\btcombus.sys [x]
R3 IvtPanBusSrv;IvtPanBusSrv;c:\windows\system32\Drivers\btnetBus.sys;c:\windows\SYSNATIVE\Drivers\btnetBus.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys;c:\windows\SYSNATIVE\DRIVERS\MijXfilt.sys [x]
R3 RTCore64;RTCore64;d:\programme\MSI Afterburner\RTCore64.sys;d:\programme\MSI Afterburner\RTCore64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys;c:\windows\SYSNATIVE\Drivers\BtHidBus.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 klhk;klhk;c:\windows\system32\DRIVERS\klhk.sys;c:\windows\SYSNATIVE\DRIVERS\klhk.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S1 klpd;klpd;c:\windows\system32\DRIVERS\klpd.sys;c:\windows\SYSNATIVE\DRIVERS\klpd.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
S1 networx;networx;c:\windows\system32\drivers\networx.sys;c:\windows\SYSNATIVE\drivers\networx.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 amdacpksd;ACP Kernel Service Driver;c:\windows\system32\drivers\amdacpksd.sys;c:\windows\SYSNATIVE\drivers\amdacpksd.sys [x]
S2 amdacpusrsvc;ACP User Service;c:\program files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe;c:\program files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [x]
S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe;c:\program files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;d:\programme\Hamachi\hamachi-2.exe;d:\programme\Hamachi\hamachi-2.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x]
S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [x]
S3 ASUSU7;ASUS Xonar U7 Audio Device;c:\windows\system32\DRIVERS\ASUSU7.SYS;c:\windows\SYSNATIVE\DRIVERS\ASUSU7.SYS [x]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 klflt;Kaspersky Lab Kernel DLL;c:\windows\system32\DRIVERS\klflt.sys;c:\windows\SYSNATIVE\DRIVERS\klflt.sys [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-05-01 12:07	988488	----a-w-	c:\program files (x86)\Google\Chrome\Application\42.0.2311.135\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-05-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-08-29 14:37]
.
2015-05-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-08-29 14:37]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2014-03-31 7569112]
"Cmaudio8788"="c:\windows\Syswow64\cmicnfgp.dll" [2011-05-12 8769536]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]
"NetWorx"="d:\programme\NetWorx\networx.exe" [2014-09-30 6589136]
"GamecomSound"="c:\program files\ASUS Xonar U7 Audio\CPL\ASUSXonarU7_x64.exe" [2013-08-06 2453504]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
IE: Nach Microsoft E&xel exportieren - d:\progra~1\OFFICE~1\Office12\EXCEL.EXE/3000
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Start_.lnk - c:\windows\SysWOW64\update_.exe
AddRemove-GOGPACKPAPERSPLEASE_is1 - d:\instal. spiele\Papers
AddRemove-Populous: The Beginning - c:\windows\IsUn0407.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-05-01  16:53:46
ComboFix-quarantined-files.txt  2015-05-01 14:53
.
Vor Suchlauf: 15 Verzeichnis(se), 51.668.758.528 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 51.396.116.480 Bytes frei
.
- - End Of File - - 737ECAB322CB63995225DAD1E17A1772
A36C5E4F47E84449FF07ED3517B43A31
         


Alt 02.05.2015, 13:54   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7: PC verhält sich komisch update.exe - Standard

Windows 7: PC verhält sich komisch update.exe



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
--> Windows 7: PC verhält sich komisch update.exe

Alt 02.05.2015, 16:14   #7
Seppiro
 
Windows 7: PC verhält sich komisch update.exe - Standard

Windows 7: PC verhält sich komisch update.exe



hier die Logs

mbam
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 02.05.2015
Suchlauf-Zeit: 16:58:40
Logdatei: mbam.txt
Administrator: Ja

Version: 2.01.6.1022
Malware Datenbank: v2015.05.02.02
Rootkit Datenbank: v2015.04.21.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Fabian

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 362077
Verstrichene Zeit: 4 Min, 38 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 0
(Keine schädliche Elemente gefunden)

Registrierungswerte: 0
(Keine schädliche Elemente gefunden)

Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)

Ordner: 0
(Keine schädliche Elemente gefunden)

Dateien: 0
(Keine schädliche Elemente gefunden)

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)
         
adw Cleaner
AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v4.202 - Bericht erstellt 02/05/2015 um 17:07:29
# Aktualisiert 23/04/2015 von Xplode
# Datenbank : 2015-05-02.1 [Server]
# Betriebssystem : Windows 7 Professional Service Pack 1 (x64)
# Benutzername : Fabian - FABIAN-PC
# Gestarted von : C:\Users\Fabian\Desktop\AdwCleaner_4.203.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Datei Gelöscht : C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
Datei Gelöscht : C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Features\B696D3C37BD0D6C33A65D38BEC459181
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Products\B696D3C37BD0D6C33A65D38BEC459181
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B696D3C37BD0D6C33A65D38BEC459181

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17728


-\\ Google Chrome v42.0.2311.135

[C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.sweet-page.com/web/?type=ds&ts=1399484156&from=wld&uid=SAMSUNGXHD502HJ_S20BJ90Z361025&q={searchTerms}
[C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.softonic.de/s/{searchTerms}
[C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.delta-search.com/?q={searchTerms}&affID=119816&babsrc=SP_ss&mntrId=B03B16E5439B23E7
[C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
[C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.softonic.de/s/{searchTerms}
[C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gelöscht [Startup_URLs] : hxxp://www.google.com", "hxxp://www.sweet-page.com/?type=hp&ts=1409748275&from=cor&uid=SamsungXSSDX840XEVOX120GB_S1D5NSADC38755E

*************************

AdwCleaner[R2].txt - [2489 Bytes] - [02/05/2015 17:06:31]
AdwCleaner[S2].txt - [2405 Bytes] - [02/05/2015 17:07:29]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [2464  Bytes] ##########
         
--- --- ---

[/CODE]

JRT
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.6.7 (04.30.2015:1)
OS: Windows 7 Professional x64
Ran by Fabian on 02.05.2015 at 17:08:52,62
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\Users\Fabian\appdata\local\google\chrome\user data\default\local storage\http_www.lyricsfreak.com_0.localstorage-journal
Successfully deleted: [File] C:\Users\Fabian\appdata\local\google\chrome\user data\default\local storage\http_www.lyricsfreak.com_0.localstorage



~~~ Folders





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 02.05.2015 at 17:10:42,90
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
FRST

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-04-2015
Ran by Fabian (administrator) on FABIAN-PC on 02-05-2015 17:11:26
Running from C:\Users\Fabian\Desktop
Loaded Profiles: Fabian (Available profiles: Fabian)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7569112 2014-03-31] (Realtek Semiconductor)
HKLM\...\Run: [Cmaudio8788] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [NetWorx] => D:\Programme\NetWorx\networx.exe [6589136 2014-09-30] (SoftPerfect Research)
HKLM\...\Run: [GamecomSound] => C:\Program Files\ASUS Xonar U7 Audio\CPL\ASUSXonarU7_x64.exe [2453504 2013-08-06] ()
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-02-21] (Intel Corporation)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [508656 2012-08-31] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => D:\Programme\Hamachi\hamachi-2-ui.exe [3978600 2015-03-30] (LogMeIn Inc.)
HKU\S-1-5-21-4180718120-1828569617-1736650471-1000\...\Run: [Steam] => D:\Programme\Steam\steam.exe [2889408 2015-04-14] (Valve Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start_.lnk [2015-05-02]
ShortcutTarget: Start_.lnk -> C:\Windows\SysWOW64\update_.exe ()
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => D:\Programme\Office 2007\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => D:\Programme\Office 2007\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => D:\Programme\Office 2007\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => D:\Programme\Office 2007\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => D:\Programme\Office 2007\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-4180718120-1828569617-1736650471-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-4180718120-1828569617-1736650471-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-10-24] (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll [2014-10-18] (Oracle Corporation)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-10-18] (Oracle Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> D:\Programme\Office 2007\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-10-24] (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-11-01] (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-03-01] (Atheros Commnucations)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-11-01] (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20] (Kaspersky Lab ZAO)
Toolbar: HKU\S-1-5-21-4180718120-1828569617-1736650471-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Programme\Office 2007\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-10-18] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-10-18] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> D:\Programme\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-11-01] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-11-01] (Oracle Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2014-10-24] ()
FF Plugin-x32: @kaspersky.com/online_banking -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2014-10-24] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-10-24] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4180718120-1828569617-1736650471-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Fabian\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-10-08] (Unity Technologies ApS)
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2014-10-24]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-10-24]
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com [2014-10-24]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com [2014-10-24]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2014-10-24]

Chrome: 
=======
CHR HomePage: Default -> 
CHR StartupUrls: Default -> "hxxp://www.google.com", "hxxp://www.sweet-page.com/?type=hp&ts=1409748275&from=cor&uid=SamsungXSSDX840XEVOX120GB_S1D5NSADC38755E"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (ProxFlow) - C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2014-08-29]
CHR Extension: (YouTube) - C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-29]
CHR Extension: (Google Search) - C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-29]
CHR Extension: (Kaspersky Protection) - C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2014-10-24]
CHR Extension: (BetaFish Adblocker) - C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-08-29]
CHR Extension: (Bookmark Manager) - C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-21]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-14]
CHR Extension: (Gravelord Nito) - C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmaneaofefbdhecclkaokfmclgcagdah [2014-08-29]
CHR Extension: (Google Wallet) - C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-29]
CHR Extension: (Gmail) - C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-29]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 amdacpusrsvc; C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [116224 2014-11-20] (Advanced Micro Devices) [File not signed]
S2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936728 2014-01-28] ()
S2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [76448 2011-03-01] (Atheros Commnucations) [File not signed]
S2 AVP15.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [175136 2014-09-09] (EasyAntiCheat Ltd)
S2 Hamachi2Svc; D:\Programme\Hamachi\hamachi-2.exe [2490216 2015-03-30] (LogMeIn Inc.)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-03-20] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 Microsoft Office Groove Audit Service; D:\Programme\Office 2007\Office12\GrooveAuditService.exe [64856 2009-02-26] (Microsoft Corporation)
S2 Software licensing; C:\Windows\SysWOW64\Softlic.exe [1622528 2015-03-30] () [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 amdacpksd; C:\Windows\system32\drivers\amdacpksd.sys [294600 2014-11-21] (Advanced Micro Devices)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2014-01-28] ()
R3 ASUSU7; C:\Windows\System32\DRIVERS\ASUSU7.SYS [406016 2013-08-01] (C-Media Inc.)
S3 BtFilter; C:\Windows\System32\DRIVERS\btfilter.sys [280224 2011-03-01] (Atheros) [File not signed]
R0 BtHidBus; C:\Windows\System32\Drivers\BtHidBus.sys [25056 2011-12-21] (IVT Corporation.)
S3 cmudaxp; C:\Windows\System32\drivers\cmudaxp.sys [2727936 2011-12-20] (C-Media Inc)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-08-29] (Disc Soft Ltd)
S3 IvtAudioBusSrv; C:\Windows\System32\Drivers\IvtBtBus.sys [27256 2012-12-24] (IVT Corporation.)
S3 IvtPanBusSrv; C:\Windows\System32\Drivers\btnetBus.sys [31480 2012-12-24] (IVT Corporation.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [457824 2014-02-20] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [141320 2014-10-24] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [243808 2014-04-10] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [793800 2014-10-24] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2014-03-25] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179296 2014-03-26] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [118272 2014-03-20] (Intel Corporation)
S3 MotioninJoyXFilter; C:\Windows\System32\DRIVERS\MijXfilt.sys [121416 2012-05-12] (MotioninJoy) [File not signed]
R1 networx; C:\Windows\System32\drivers\networx.sys [60408 2014-08-01] (NetFilterSDK.com)
S3 RTCore64; D:\Programme\MSI Afterburner\RTCore64.sys [13368 2013-03-11] ()
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52080 2013-10-10] (Cisco Systems, Inc.)
S3 BT; system32\DRIVERS\btnetdrv.sys [X]
S3 BTCOM; system32\DRIVERS\btcomport.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [X]
S3 IvtComBusSrv; System32\Drivers\btcombus.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X]
S3 pmem; \??\C:\Users\Fabian\AppData\Local\Temp\_MEI41682\drivers\winpmem64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-02 17:10 - 2015-05-02 17:10 - 00000903 _____ () C:\Users\Fabian\Desktop\JRT.txt
2015-05-02 17:09 - 2015-05-02 17:09 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-FABIAN-PC-Windows-7-Professional-(64-bit).dat
2015-05-02 17:09 - 2015-05-02 17:09 - 00000000 ____D () C:\RegBackup
2015-05-02 17:08 - 2015-05-02 17:08 - 00002548 _____ () C:\Users\Fabian\Desktop\AdwCleaner[S2].txt
2015-05-02 17:05 - 2015-05-02 17:07 - 00000000 ____D () C:\AdwCleaner
2015-05-02 17:05 - 2015-05-02 17:05 - 02224640 _____ () C:\Users\Fabian\Desktop\AdwCleaner_4.203.exe
2015-05-02 17:04 - 2015-05-02 17:04 - 00001211 _____ () C:\Users\Fabian\Desktop\mbam.txt
2015-05-02 16:58 - 2015-05-02 16:58 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-05-02 16:57 - 2015-05-02 16:57 - 02716306 _____ (Thisisu) C:\Users\Fabian\Desktop\JRT.exe
2015-05-02 16:56 - 2015-05-02 16:57 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Fabian\Desktop\mbam-setup-2.1.6.1022.exe
2015-05-01 23:10 - 2015-05-02 17:08 - 01539150 _____ () C:\Windows\SysWOW64\Update.exe
2015-05-01 23:10 - 2015-04-29 17:59 - 01026772 _____ () C:\Windows\SysWOW64\update64.exe
2015-05-01 23:10 - 2015-04-28 15:37 - 01584640 _____ () C:\Windows\SysWOW64\update_.exe
2015-05-01 23:10 - 2015-04-23 04:10 - 00198467 _____ () C:\Windows\SysWOW64\Run.exe
2015-05-01 16:53 - 2015-05-01 16:53 - 00022156 _____ () C:\ComboFix.txt
2015-05-01 16:48 - 2015-05-01 16:48 - 05619691 ____R (Swearware) C:\Users\Fabian\Desktop\ComboFix.exe
2015-05-01 13:59 - 2015-05-01 13:59 - 00288904 _____ () C:\Windows\Minidump\050115-7768-01.dmp
2015-04-30 18:43 - 2015-04-30 18:55 - 00042805 _____ () C:\Users\Fabian\Desktop\Addition.txt
2015-04-29 22:20 - 2015-04-29 22:20 - 00052422 _____ () C:\Users\Fabian\Desktop\gmer.txt
2015-04-29 21:59 - 2015-05-02 17:11 - 00021171 _____ () C:\Users\Fabian\Desktop\FRST.txt
2015-04-29 21:59 - 2015-05-02 17:11 - 00000000 ____D () C:\FRST
2015-04-29 21:59 - 2015-04-29 21:59 - 02101248 _____ (Farbar) C:\Users\Fabian\Desktop\FRST64.exe
2015-04-29 21:59 - 2015-04-29 21:59 - 00380416 _____ () C:\Users\Fabian\Desktop\Gmer-19357.exe
2015-04-29 21:57 - 2015-04-29 21:57 - 00000474 _____ () C:\Users\Fabian\Desktop\defogger_disable.log
2015-04-29 21:57 - 2015-04-29 21:56 - 00050477 _____ () C:\Users\Fabian\Desktop\Defogger.exe
2015-04-29 21:56 - 2015-04-29 21:56 - 00000000 _____ () C:\Users\Fabian\defogger_reenable
2015-04-29 21:45 - 2015-04-29 21:45 - 00000000 ___RD () C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-04-28 19:52 - 2015-04-28 19:52 - 00293032 _____ () C:\Windows\Minidump\042815-6739-01.dmp
2015-04-25 11:13 - 2015-04-25 11:13 - 00002566 _____ () C:\Users\Fabian\Documents\01541sd111s11sSH4AR4E!!!!1515151.pfx
2015-04-23 18:40 - 2015-05-01 16:53 - 00000000 ____D () C:\Qoobox
2015-04-23 18:40 - 2015-04-23 18:45 - 00000000 ____D () C:\Windows\erdnt
2015-04-23 18:40 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-04-23 18:40 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-04-23 18:40 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-04-23 18:40 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-04-23 18:40 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-04-23 18:40 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2015-04-23 18:40 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2015-04-23 18:40 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2015-04-23 18:20 - 2015-05-02 16:58 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-23 18:20 - 2015-05-02 16:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-04-23 18:19 - 2015-05-02 16:58 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-04-23 18:19 - 2015-04-23 18:19 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-23 18:19 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-23 18:19 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-23 18:19 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-23 18:12 - 2015-04-23 18:12 - 00262144 _____ () C:\Windows\system32\config\elam
2015-04-23 18:05 - 2015-05-02 17:08 - 00000012 _____ () C:\Windows\SysWOW64\listm.txt
2015-04-19 14:16 - 2015-04-19 14:16 - 00000000 ____D () C:\Users\Fabian\AppData\Local\PDF24
2015-04-19 14:16 - 2015-04-19 14:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
2015-04-16 19:39 - 2015-04-16 19:39 - 00000080 _____ () C:\Users\Fabian\AppData\Local剜捯獫慴⁲慇敭屳呇⁁屖湥楴汴浥湥⹴湩潦
2015-04-16 19:37 - 2015-04-16 19:37 - 00000000 ____D () C:\Program Files (x86)\Rockstar Games
2015-04-16 19:36 - 2015-04-16 19:36 - 00000000 ____D () C:\Program Files\Rockstar Games
2015-04-16 19:18 - 2015-04-16 19:18 - 00000000 ____D () C:\Users\Fabian\AppData\Local\Rockstar Games
2015-04-16 19:16 - 2015-04-16 19:39 - 00000000 ____D () C:\Users\Fabian\Documents\Rockstar Games
2015-04-15 18:54 - 2015-04-02 02:17 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-15 18:54 - 2015-04-02 01:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-04-15 18:54 - 2015-03-25 05:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-15 18:54 - 2015-03-25 05:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-15 18:54 - 2015-03-25 05:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-15 18:54 - 2015-03-25 05:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-15 18:54 - 2015-03-25 05:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-15 18:54 - 2015-03-25 05:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-15 18:54 - 2015-03-25 05:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-15 18:54 - 2015-03-25 05:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-15 18:54 - 2015-03-25 05:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-15 18:54 - 2015-03-25 05:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-15 18:54 - 2015-03-25 05:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-15 18:54 - 2015-03-25 05:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-15 18:54 - 2015-03-25 05:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-15 18:54 - 2015-03-25 05:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-15 18:54 - 2015-03-25 05:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-15 18:54 - 2015-03-25 05:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-15 18:54 - 2015-03-23 05:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-15 18:54 - 2015-03-23 05:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-15 18:54 - 2015-03-23 05:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-15 18:54 - 2015-03-23 05:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-15 18:54 - 2015-03-23 05:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-15 18:54 - 2015-03-23 05:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-15 18:54 - 2015-03-23 05:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-15 18:54 - 2015-03-23 05:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-15 18:54 - 2015-03-17 07:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-15 18:54 - 2015-03-17 07:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-15 18:54 - 2015-03-17 07:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-15 18:54 - 2015-03-17 07:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-15 18:54 - 2015-03-17 07:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-04-15 18:54 - 2015-03-17 07:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-15 18:54 - 2015-03-17 07:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-15 18:54 - 2015-03-17 07:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-15 18:54 - 2015-03-17 07:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-04-15 18:54 - 2015-03-17 07:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-15 18:54 - 2015-03-17 07:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-15 18:54 - 2015-03-17 07:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-04-15 18:54 - 2015-03-17 07:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-15 18:54 - 2015-03-17 07:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-15 18:54 - 2015-03-17 07:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-15 18:54 - 2015-03-17 07:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-15 18:54 - 2015-03-17 07:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-04-15 18:54 - 2015-03-17 07:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-15 18:54 - 2015-03-17 07:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-15 18:54 - 2015-03-17 07:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-15 18:54 - 2015-03-17 07:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-15 18:54 - 2015-03-17 07:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-15 18:54 - 2015-03-17 07:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-15 18:54 - 2015-03-17 07:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-15 18:54 - 2015-03-17 07:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-15 18:54 - 2015-03-17 07:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-15 18:54 - 2015-03-17 07:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-04-15 18:54 - 2015-03-17 07:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-04-15 18:54 - 2015-03-17 07:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-15 18:54 - 2015-03-17 07:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-15 18:54 - 2015-03-17 07:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-15 18:54 - 2015-03-17 07:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-04-15 18:54 - 2015-03-17 07:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-04-15 18:54 - 2015-03-17 06:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-15 18:54 - 2015-03-17 06:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-04-15 18:54 - 2015-03-17 06:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-04-15 18:54 - 2015-03-17 06:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-04-15 18:54 - 2015-03-17 06:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-04-15 18:54 - 2015-03-17 06:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-04-15 18:54 - 2015-03-17 06:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-04-15 18:54 - 2015-03-17 06:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-04-15 18:54 - 2015-03-17 06:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-04-15 18:54 - 2015-03-17 06:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-04-15 18:54 - 2015-03-17 06:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-04-15 18:54 - 2015-03-17 06:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-04-15 18:54 - 2015-03-17 06:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-04-15 18:54 - 2015-03-17 06:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-04-15 18:54 - 2015-03-17 06:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-04-15 18:54 - 2015-03-17 06:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-04-15 18:54 - 2015-03-17 06:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-04-15 18:54 - 2015-03-17 06:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-04-15 18:54 - 2015-03-17 06:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-04-15 18:54 - 2015-03-17 06:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-04-15 18:54 - 2015-03-17 06:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-04-15 18:54 - 2015-03-17 06:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 06:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 05:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-04-15 18:54 - 2015-03-17 05:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-04-15 18:54 - 2015-03-17 05:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 05:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 05:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 05:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-15 18:54 - 2015-03-13 06:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-15 18:54 - 2015-03-13 06:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-15 18:54 - 2015-03-13 06:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-15 18:54 - 2015-03-13 06:09 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-15 18:54 - 2015-03-13 06:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-15 18:54 - 2015-03-13 06:08 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-15 18:54 - 2015-03-13 06:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-15 18:54 - 2015-03-13 06:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-15 18:54 - 2015-03-13 06:06 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-15 18:54 - 2015-03-13 06:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-15 18:54 - 2015-03-13 05:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-15 18:54 - 2015-03-13 05:55 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-15 18:54 - 2015-03-13 05:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-15 18:54 - 2015-03-13 05:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-15 18:54 - 2015-03-13 05:53 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-15 18:54 - 2015-03-13 05:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-15 18:54 - 2015-03-13 05:44 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-15 18:54 - 2015-03-13 05:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-15 18:54 - 2015-03-13 05:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-04-15 18:54 - 2015-03-13 05:40 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-15 18:54 - 2015-03-13 05:32 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-15 18:54 - 2015-03-13 05:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-15 18:54 - 2015-03-13 05:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-04-15 18:54 - 2015-03-13 05:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-04-15 18:54 - 2015-03-13 05:27 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-15 18:54 - 2015-03-13 05:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-04-15 18:54 - 2015-03-13 05:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-15 18:54 - 2015-03-13 05:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-04-15 18:54 - 2015-03-13 05:23 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-15 18:54 - 2015-03-13 05:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-15 18:54 - 2015-03-13 05:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-15 18:54 - 2015-03-13 05:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-04-15 18:54 - 2015-03-13 05:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-04-15 18:54 - 2015-03-13 05:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-04-15 18:54 - 2015-03-13 05:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-04-15 18:54 - 2015-03-13 05:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-15 18:54 - 2015-03-13 05:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-15 18:54 - 2015-03-13 05:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-15 18:54 - 2015-03-13 05:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-15 18:54 - 2015-03-13 05:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-15 18:54 - 2015-03-13 05:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-04-15 18:54 - 2015-03-13 05:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-15 18:54 - 2015-03-13 04:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-04-15 18:54 - 2015-03-13 04:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-15 18:54 - 2015-03-13 04:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-15 18:54 - 2015-03-13 04:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-15 18:54 - 2015-03-13 04:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-15 18:54 - 2015-03-13 04:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-15 18:54 - 2015-03-13 04:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-15 18:54 - 2015-03-13 04:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-04-15 18:54 - 2015-03-13 04:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-15 18:54 - 2015-03-13 04:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-15 18:54 - 2015-03-13 04:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-15 18:54 - 2015-03-13 04:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-15 18:54 - 2015-03-13 04:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-15 18:54 - 2015-03-13 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-15 18:54 - 2015-03-10 05:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-15 18:54 - 2015-03-10 05:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-15 18:54 - 2015-03-10 05:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-15 18:54 - 2015-03-10 05:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-04-15 18:54 - 2015-03-05 07:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-15 18:54 - 2015-03-05 06:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-15 18:54 - 2015-03-04 06:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-15 18:54 - 2015-03-04 06:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-15 18:54 - 2015-03-04 06:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-15 18:54 - 2015-02-25 05:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-13 20:32 - 2015-04-13 20:32 - 00000000 ____D () C:\Users\Fabian\Documents\Aspyr
2015-04-13 20:32 - 2015-04-13 20:32 - 00000000 ____D () C:\Users\Fabian\AppData\Local\Aspyr
2015-04-13 20:28 - 2015-04-13 20:28 - 00178800 _____ (Sony DADC Austria AG.) C:\Windows\SysWOW64\CmdLineExt_x64.dll
2015-04-13 20:28 - 2015-04-13 20:28 - 00000000 __RHD () C:\Users\Fabian\AppData\Roaming\SecuROM
2015-04-13 19:29 - 2015-04-13 19:29 - 00009728 _____ () C:\Windows\SysWOW64\BASSMOD.dll
2015-04-13 19:28 - 2015-04-13 20:24 - 00000032 _____ () C:\Windows\0
2015-04-13 19:28 - 2015-04-13 19:28 - 00000000 _____ () C:\Windows\system32\0
2015-04-13 19:28 - 2008-05-07 07:39 - 00066560 _____ (Nokia) C:\Windows\system32\nmwcdclsx64.dll
2015-04-13 19:27 - 2015-04-13 19:27 - 00000000 ____D () C:\ProgramData\Installations
2015-04-13 19:11 - 2015-04-13 19:11 - 00000535 _____ () C:\Windows\Xbox_360_CC_Driver.log
2015-04-12 16:30 - 2015-04-12 16:30 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StarCitizen
2015-04-04 20:59 - 2015-04-04 20:59 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-04 20:59 - 2015-04-04 20:59 - 00000000 ___SD () C:\Windows\system32\GWX

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-02 17:10 - 2014-09-11 22:12 - 00006464 _____ () C:\Windows\SysWOW64\Gms.log
2015-05-02 17:08 - 2014-12-23 16:47 - 00000000 ____D () C:\Users\Fabian\AppData\Local\LogMeIn Hamachi
2015-05-02 17:08 - 2014-10-24 11:35 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-05-02 17:08 - 2014-08-29 16:37 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-02 17:07 - 2014-08-29 17:05 - 00065536 _____ () C:\Windows\system32\spu_storage.bin
2015-05-02 17:07 - 2014-08-29 16:32 - 01098285 _____ () C:\Windows\WindowsUpdate.log
2015-05-02 17:07 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-02 17:07 - 2009-07-14 06:51 - 00145364 _____ () C:\Windows\setupact.log
2015-05-02 17:06 - 2014-08-29 16:37 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-02 17:03 - 2009-07-14 06:45 - 00038752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-02 17:03 - 2009-07-14 06:45 - 00038752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-02 17:01 - 2009-07-14 19:58 - 00717014 _____ () C:\Windows\system32\perfh007.dat
2015-05-02 17:01 - 2009-07-14 19:58 - 00154630 _____ () C:\Windows\system32\perfc007.dat
2015-05-02 17:01 - 2009-07-14 07:13 - 01655480 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-02 00:54 - 2014-12-03 00:48 - 00000000 ____D () C:\Users\Fabian\AppData\Local\Battle.net
2015-05-01 23:10 - 2014-08-29 17:05 - 00244478 _____ () C:\Windows\PFRO.log
2015-05-01 16:52 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2015-05-01 13:59 - 2014-08-29 21:13 - 581064963 _____ () C:\Windows\MEMORY.DMP
2015-05-01 13:59 - 2014-08-29 21:13 - 00000000 ____D () C:\Windows\Minidump
2015-05-01 13:12 - 2014-10-31 18:52 - 00000000 ____D () C:\Windows\pss
2015-05-01 00:37 - 2014-09-08 14:00 - 00044900 _____ () C:\Windows\DPINST.LOG
2015-04-29 21:56 - 2014-08-29 16:32 - 00000000 ____D () C:\Users\Fabian
2015-04-29 21:50 - 2015-03-18 23:46 - 00000035 _____ () C:\Users\Public\Documents\AtherosServiceConfig.ini
2015-04-26 18:01 - 2014-11-17 18:28 - 00000000 ____D () C:\ProgramData\Unity
2015-04-26 11:41 - 2015-03-14 02:50 - 00000000 ____D () C:\Program Files (x86)\MOUSE Editor
2015-04-26 11:41 - 2014-08-29 16:38 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-04-25 12:08 - 2014-10-25 14:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
2015-04-24 18:51 - 2014-09-11 21:16 - 00000000 ____D () C:\Users\Fabian\Documents\Bluetooth Folder
2015-04-23 20:43 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-04-23 18:46 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2015-04-23 18:26 - 2009-07-14 20:18 - 00000000 ____D () C:\Windows\ShellNew
2015-04-21 21:09 - 2014-08-29 21:51 - 00000000 ____D () C:\Users\Fabian\AppData\Local\CrashDumps
2015-04-19 14:09 - 2014-09-03 21:16 - 00000099 _____ () C:\Users\Public\LMDebug.log
2015-04-19 01:38 - 2014-08-29 21:51 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\vlc
2015-04-16 06:56 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat
2015-04-16 06:53 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-04-16 06:08 - 2014-12-11 09:18 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-16 06:08 - 2014-08-29 18:32 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-15 23:23 - 2014-09-25 17:15 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-15 23:22 - 2014-08-29 17:03 - 01628824 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-15 23:20 - 2014-11-29 13:35 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-04-15 23:20 - 2014-11-29 13:35 - 00000000 ____D () C:\ProgramData\Skype
2015-04-15 23:20 - 2014-08-29 18:13 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-15 23:17 - 2014-08-29 18:13 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-15 22:22 - 2014-10-04 21:16 - 00000000 ____D () C:\Users\Fabian\AppData\Local\Eclipse
2015-04-14 18:59 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-04-14 18:58 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Public\Libraries
2015-04-13 19:28 - 2014-11-10 18:36 - 00000000 ____D () C:\Program Files\DIFX
2015-04-13 19:12 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-04-13 19:11 - 2014-08-29 18:14 - 00254907 _____ () C:\Windows\DirectX.log
2015-04-12 16:30 - 2014-09-05 14:42 - 00000000 ____D () C:\Windows\SysWOW64\directx
2015-04-09 20:43 - 2014-09-03 14:34 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\Mp3tag

==================== Files in the root of some directories =======

2014-11-25 00:36 - 2014-11-25 00:36 - 0000793 _____ () C:\Users\Fabian\AppData\Roaming\MPQEditor.ini
2014-12-23 13:49 - 2014-12-23 13:49 - 0006099 _____ () C:\Users\Fabian\AppData\Local\recently-used.xbel
2015-03-04 00:58 - 2015-03-04 00:58 - 0007614 _____ () C:\Users\Fabian\AppData\Local\Resmon.ResmonCfg
2014-08-29 16:39 - 2014-08-29 16:39 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some content of TEMP:
====================
C:\Users\Fabian\AppData\Local\Temp\Quarantine.exe
C:\Users\Fabian\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-24 20:44

==================== End Of Log ============================
         
--- --- ---

--- --- ---

Alt 03.05.2015, 12:31   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7: PC verhält sich komisch update.exe - Standard

Windows 7: PC verhält sich komisch update.exe




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 03.05.2015, 14:37   #9
Seppiro
 
Windows 7: PC verhält sich komisch update.exe - Standard

Windows 7: PC verhält sich komisch update.exe



heyho leider existieren die ominösen Update.exe dateien (Update.exe , Update_.exe , Update64.exe , die run.exe sollte da auch dazu gehören) immer noch im Syswow64 Ordner nachdem Combofix diese gelöscht hat waren sie nach einem neustart wieder da außerdem legt diese wies aussieht auch immer eine start_ verknüpfung im autostart ordner an welche die update_.exe ausführt.

Eset
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=66623cf7f6936c4d9fe2fff57c8a78e5
# engine=23669
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-05-03 01:24:00
# local_time=2015-05-03 03:24:00 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Kaspersky Internet Security'
# compatibility_mode=1296 16777213 100 100 11218 34735722 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 171713 182289290 0 0
# scanned=454920
# found=0
# cleaned=0
# scan_time=6087
         
SecurityCheck
Code:
ATTFilter
 Results of screen317's Security Check version 1.00  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Kaspersky Internet Security   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Java 8 Update 25  
 Java version 32-bit out of Date! 
 Adobe Reader XI  
 Google Chrome (42.0.2311.135) 
 Google Chrome (42.0.2311.90) 
````````Process Check: objlist.exe by Laurent````````  
 Kaspersky Lab Kaspersky Internet Security 15.0.0 plugin-nm-server.exe  
 Kaspersky Lab Kaspersky Internet Security 15.0.0 klwtblfs.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         
FRST

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-04-2015
Ran by Fabian (administrator) on FABIAN-PC on 03-05-2015 15:33:31
Running from C:\Users\Fabian\Desktop
Loaded Profiles: Fabian (Available profiles: Fabian)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Advanced Micro Devices) C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe
() C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(SoftPerfect Research) D:\Programme\NetWorx\networx.exe
() C:\Program Files\ASUS Xonar U7 Audio\CPL\ASUSXonarU7_x64.exe
(Valve Corporation) D:\Programme\Steam\Steam.exe
(LogMeIn Inc.) D:\Programme\Hamachi\hamachi-2.exe
(LogMeIn, Inc.) D:\Programme\Hamachi\LMIGuardianSvc.exe
(LogMeIn Inc.) D:\Programme\Hamachi\hamachi-2-ui.exe
(LogMeIn, Inc.) D:\Programme\Hamachi\LMIGuardianSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Valve Corporation) D:\Programme\Steam\bin\steamwebhelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Blizzard Entertainment) D:\Instal. Spiele\Battle.net\Battle.net.5669\Battle.net.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.3987\Agent.exe
(Valve Corporation) D:\Programme\Steam\bin\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe
(AppWork GmbH) D:\Programme\JDownloader v2.0\JDownloader2.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7569112 2014-03-31] (Realtek Semiconductor)
HKLM\...\Run: [Cmaudio8788] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [NetWorx] => D:\Programme\NetWorx\networx.exe [6589136 2014-09-30] (SoftPerfect Research)
HKLM\...\Run: [GamecomSound] => C:\Program Files\ASUS Xonar U7 Audio\CPL\ASUSXonarU7_x64.exe [2453504 2013-08-06] ()
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-02-21] (Intel Corporation)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [508656 2012-08-31] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => D:\Programme\Hamachi\hamachi-2-ui.exe [3978600 2015-03-30] (LogMeIn Inc.)
HKU\S-1-5-21-4180718120-1828569617-1736650471-1000\...\Run: [Steam] => D:\Programme\Steam\steam.exe [2889408 2015-04-14] (Valve Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start_.lnk [2015-05-03]
ShortcutTarget: Start_.lnk -> C:\Windows\SysWOW64\update_.exe ()
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => D:\Programme\Office 2007\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => D:\Programme\Office 2007\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => D:\Programme\Office 2007\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => D:\Programme\Office 2007\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => D:\Programme\Office 2007\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-4180718120-1828569617-1736650471-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-4180718120-1828569617-1736650471-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-10-24] (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll [2014-10-18] (Oracle Corporation)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-10-18] (Oracle Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> D:\Programme\Office 2007\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-10-24] (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-11-01] (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-03-01] (Atheros Commnucations)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-11-01] (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20] (Kaspersky Lab ZAO)
Toolbar: HKU\S-1-5-21-4180718120-1828569617-1736650471-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Programme\Office 2007\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-10-18] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-10-18] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> D:\Programme\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-11-01] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-11-01] (Oracle Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2014-10-24] ()
FF Plugin-x32: @kaspersky.com/online_banking -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2014-10-24] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-10-24] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4180718120-1828569617-1736650471-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Fabian\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-10-08] (Unity Technologies ApS)
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2014-10-24]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-10-24]
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com [2014-10-24]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com [2014-10-24]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2014-10-24]

Chrome: 
=======
CHR HomePage: Default -> 
CHR StartupUrls: Default -> "hxxp://www.google.com", "hxxp://www.sweet-page.com/?type=hp&ts=1409748275&from=cor&uid=SamsungXSSDX840XEVOX120GB_S1D5NSADC38755E"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (ProxFlow) - C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2014-08-29]
CHR Extension: (YouTube) - C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-29]
CHR Extension: (Google Search) - C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-29]
CHR Extension: (Kaspersky Protection) - C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2014-10-24]
CHR Extension: (BetaFish Adblocker) - C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-08-29]
CHR Extension: (Bookmark Manager) - C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-21]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-14]
CHR Extension: (Gravelord Nito) - C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmaneaofefbdhecclkaokfmclgcagdah [2014-08-29]
CHR Extension: (Google Wallet) - C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-29]
CHR Extension: (Gmail) - C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-29]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 amdacpusrsvc; C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [116224 2014-11-20] (Advanced Micro Devices) [File not signed]
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936728 2014-01-28] ()
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [76448 2011-03-01] (Atheros Commnucations) [File not signed]
S2 AVP15.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [175136 2014-09-09] (EasyAntiCheat Ltd)
R2 Hamachi2Svc; D:\Programme\Hamachi\hamachi-2.exe [2490216 2015-03-30] (LogMeIn Inc.)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-03-20] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 Microsoft Office Groove Audit Service; D:\Programme\Office 2007\Office12\GrooveAuditService.exe [64856 2009-02-26] (Microsoft Corporation)
S2 Software licensing; C:\Windows\SysWOW64\Softlic.exe [1622528 2015-03-30] () [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 amdacpksd; C:\Windows\system32\drivers\amdacpksd.sys [294600 2014-11-21] (Advanced Micro Devices)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2014-01-28] ()
R3 ASUSU7; C:\Windows\System32\DRIVERS\ASUSU7.SYS [406016 2013-08-01] (C-Media Inc.)
S3 BtFilter; C:\Windows\System32\DRIVERS\btfilter.sys [280224 2011-03-01] (Atheros) [File not signed]
R0 BtHidBus; C:\Windows\System32\Drivers\BtHidBus.sys [25056 2011-12-21] (IVT Corporation.)
S3 cmudaxp; C:\Windows\System32\drivers\cmudaxp.sys [2727936 2011-12-20] (C-Media Inc)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-08-29] (Disc Soft Ltd)
S3 IvtAudioBusSrv; C:\Windows\System32\Drivers\IvtBtBus.sys [27256 2012-12-24] (IVT Corporation.)
S3 IvtPanBusSrv; C:\Windows\System32\Drivers\btnetBus.sys [31480 2012-12-24] (IVT Corporation.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [457824 2014-02-20] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [141320 2014-10-24] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [243808 2014-04-10] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [793800 2014-10-24] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2014-03-25] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179296 2014-03-26] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [118272 2014-03-20] (Intel Corporation)
S3 MotioninJoyXFilter; C:\Windows\System32\DRIVERS\MijXfilt.sys [121416 2012-05-12] (MotioninJoy) [File not signed]
R1 networx; C:\Windows\System32\drivers\networx.sys [60408 2014-08-01] (NetFilterSDK.com)
S3 RTCore64; D:\Programme\MSI Afterburner\RTCore64.sys [13368 2013-03-11] ()
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52080 2013-10-10] (Cisco Systems, Inc.)
S3 BT; system32\DRIVERS\btnetdrv.sys [X]
S3 BTCOM; system32\DRIVERS\btcomport.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [X]
S3 IvtComBusSrv; System32\Drivers\btcombus.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X]
S3 pmem; \??\C:\Users\Fabian\AppData\Local\Temp\_MEI41682\drivers\winpmem64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-03 13:42 - 2015-05-03 13:42 - 00852616 _____ () C:\Users\Fabian\Desktop\SecurityCheck.exe
2015-05-03 13:37 - 2015-05-03 13:37 - 02347384 _____ (ESET) C:\Users\Fabian\Desktop\esetsmartinstaller_deu (1).exe
2015-05-03 13:37 - 2015-05-03 13:37 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-05-03 13:36 - 2015-05-03 13:36 - 02347384 _____ (ESET) C:\Users\Fabian\Desktop\esetsmartinstaller_deu.exe
2015-05-02 17:10 - 2015-05-02 17:10 - 00000903 _____ () C:\Users\Fabian\Desktop\JRT.txt
2015-05-02 17:09 - 2015-05-02 17:09 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-FABIAN-PC-Windows-7-Professional-(64-bit).dat
2015-05-02 17:09 - 2015-05-02 17:09 - 00000000 ____D () C:\RegBackup
2015-05-02 17:08 - 2015-05-02 17:08 - 00002548 _____ () C:\Users\Fabian\Desktop\AdwCleaner[S2].txt
2015-05-02 17:05 - 2015-05-02 17:07 - 00000000 ____D () C:\AdwCleaner
2015-05-02 17:05 - 2015-05-02 17:05 - 02224640 _____ () C:\Users\Fabian\Desktop\AdwCleaner_4.203.exe
2015-05-02 17:04 - 2015-05-02 17:04 - 00001211 _____ () C:\Users\Fabian\Desktop\mbam.txt
2015-05-02 16:58 - 2015-05-02 16:58 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-05-02 16:57 - 2015-05-02 16:57 - 02716306 _____ (Thisisu) C:\Users\Fabian\Desktop\JRT.exe
2015-05-02 16:56 - 2015-05-02 16:57 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Fabian\Desktop\mbam-setup-2.1.6.1022.exe
2015-05-01 23:10 - 2015-05-03 12:17 - 01539150 _____ () C:\Windows\SysWOW64\Update.exe
2015-05-01 23:10 - 2015-04-29 17:59 - 01026772 _____ () C:\Windows\SysWOW64\update64.exe
2015-05-01 23:10 - 2015-04-28 15:37 - 01584640 _____ () C:\Windows\SysWOW64\update_.exe
2015-05-01 23:10 - 2015-04-23 04:10 - 00198467 _____ () C:\Windows\SysWOW64\Run.exe
2015-05-01 16:53 - 2015-05-01 16:53 - 00022156 _____ () C:\ComboFix.txt
2015-05-01 16:48 - 2015-05-01 16:48 - 05619691 ____R (Swearware) C:\Users\Fabian\Desktop\ComboFix.exe
2015-05-01 13:59 - 2015-05-01 13:59 - 00288904 _____ () C:\Windows\Minidump\050115-7768-01.dmp
2015-04-30 18:43 - 2015-04-30 18:55 - 00042805 _____ () C:\Users\Fabian\Desktop\Addition.txt
2015-04-29 22:20 - 2015-04-29 22:20 - 00052422 _____ () C:\Users\Fabian\Desktop\gmer.txt
2015-04-29 21:59 - 2015-05-03 15:33 - 00023063 _____ () C:\Users\Fabian\Desktop\FRST.txt
2015-04-29 21:59 - 2015-05-03 15:33 - 00000000 ____D () C:\FRST
2015-04-29 21:59 - 2015-04-29 21:59 - 02101248 _____ (Farbar) C:\Users\Fabian\Desktop\FRST64.exe
2015-04-29 21:59 - 2015-04-29 21:59 - 00380416 _____ () C:\Users\Fabian\Desktop\Gmer-19357.exe
2015-04-29 21:57 - 2015-04-29 21:57 - 00000474 _____ () C:\Users\Fabian\Desktop\defogger_disable.log
2015-04-29 21:57 - 2015-04-29 21:56 - 00050477 _____ () C:\Users\Fabian\Desktop\Defogger.exe
2015-04-29 21:56 - 2015-04-29 21:56 - 00000000 _____ () C:\Users\Fabian\defogger_reenable
2015-04-29 21:45 - 2015-04-29 21:45 - 00000000 ___RD () C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-04-28 19:52 - 2015-04-28 19:52 - 00293032 _____ () C:\Windows\Minidump\042815-6739-01.dmp
2015-04-25 11:13 - 2015-04-25 11:13 - 00002566 _____ () C:\Users\Fabian\Documents\01541sd111s11sSH4AR4E!!!!1515151.pfx
2015-04-23 18:40 - 2015-05-01 16:53 - 00000000 ____D () C:\Qoobox
2015-04-23 18:40 - 2015-04-23 18:45 - 00000000 ____D () C:\Windows\erdnt
2015-04-23 18:40 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-04-23 18:40 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-04-23 18:40 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-04-23 18:40 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-04-23 18:40 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-04-23 18:40 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2015-04-23 18:40 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2015-04-23 18:40 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2015-04-23 18:20 - 2015-05-02 16:58 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-23 18:20 - 2015-05-02 16:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-04-23 18:19 - 2015-05-02 16:58 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-04-23 18:19 - 2015-04-23 18:19 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-23 18:19 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-23 18:19 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-23 18:19 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-23 18:12 - 2015-04-23 18:12 - 00262144 _____ () C:\Windows\system32\config\elam
2015-04-23 18:05 - 2015-05-03 12:17 - 00000012 _____ () C:\Windows\SysWOW64\listm.txt
2015-04-19 14:16 - 2015-04-19 14:16 - 00000000 ____D () C:\Users\Fabian\AppData\Local\PDF24
2015-04-19 14:16 - 2015-04-19 14:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
2015-04-16 19:39 - 2015-04-16 19:39 - 00000080 _____ () C:\Users\Fabian\AppData\Local剜捯獫慴⁲慇敭屳呇⁁屖湥楴汴浥湥⹴湩潦
2015-04-16 19:37 - 2015-04-16 19:37 - 00000000 ____D () C:\Program Files (x86)\Rockstar Games
2015-04-16 19:36 - 2015-04-16 19:36 - 00000000 ____D () C:\Program Files\Rockstar Games
2015-04-16 19:18 - 2015-04-16 19:18 - 00000000 ____D () C:\Users\Fabian\AppData\Local\Rockstar Games
2015-04-16 19:16 - 2015-04-16 19:39 - 00000000 ____D () C:\Users\Fabian\Documents\Rockstar Games
2015-04-15 18:54 - 2015-04-02 02:17 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-15 18:54 - 2015-04-02 01:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-04-15 18:54 - 2015-03-25 05:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-15 18:54 - 2015-03-25 05:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-15 18:54 - 2015-03-25 05:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-15 18:54 - 2015-03-25 05:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-15 18:54 - 2015-03-25 05:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-15 18:54 - 2015-03-25 05:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-15 18:54 - 2015-03-25 05:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-15 18:54 - 2015-03-25 05:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-15 18:54 - 2015-03-25 05:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-15 18:54 - 2015-03-25 05:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-15 18:54 - 2015-03-25 05:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-15 18:54 - 2015-03-25 05:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-15 18:54 - 2015-03-25 05:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-15 18:54 - 2015-03-25 05:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-15 18:54 - 2015-03-25 05:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-15 18:54 - 2015-03-25 05:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-15 18:54 - 2015-03-23 05:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-15 18:54 - 2015-03-23 05:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-15 18:54 - 2015-03-23 05:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-15 18:54 - 2015-03-23 05:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-15 18:54 - 2015-03-23 05:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-15 18:54 - 2015-03-23 05:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-15 18:54 - 2015-03-23 05:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-15 18:54 - 2015-03-23 05:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-15 18:54 - 2015-03-17 07:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-15 18:54 - 2015-03-17 07:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-15 18:54 - 2015-03-17 07:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-15 18:54 - 2015-03-17 07:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-15 18:54 - 2015-03-17 07:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-04-15 18:54 - 2015-03-17 07:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-15 18:54 - 2015-03-17 07:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-15 18:54 - 2015-03-17 07:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-15 18:54 - 2015-03-17 07:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-04-15 18:54 - 2015-03-17 07:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-15 18:54 - 2015-03-17 07:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-15 18:54 - 2015-03-17 07:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-04-15 18:54 - 2015-03-17 07:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-15 18:54 - 2015-03-17 07:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-15 18:54 - 2015-03-17 07:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-15 18:54 - 2015-03-17 07:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-15 18:54 - 2015-03-17 07:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-04-15 18:54 - 2015-03-17 07:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-15 18:54 - 2015-03-17 07:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-15 18:54 - 2015-03-17 07:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-15 18:54 - 2015-03-17 07:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-15 18:54 - 2015-03-17 07:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-15 18:54 - 2015-03-17 07:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-15 18:54 - 2015-03-17 07:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-15 18:54 - 2015-03-17 07:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-15 18:54 - 2015-03-17 07:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-15 18:54 - 2015-03-17 07:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-04-15 18:54 - 2015-03-17 07:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-04-15 18:54 - 2015-03-17 07:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-15 18:54 - 2015-03-17 07:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-15 18:54 - 2015-03-17 07:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-15 18:54 - 2015-03-17 07:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-04-15 18:54 - 2015-03-17 07:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-04-15 18:54 - 2015-03-17 06:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-15 18:54 - 2015-03-17 06:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-04-15 18:54 - 2015-03-17 06:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-04-15 18:54 - 2015-03-17 06:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-04-15 18:54 - 2015-03-17 06:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-04-15 18:54 - 2015-03-17 06:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-04-15 18:54 - 2015-03-17 06:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-04-15 18:54 - 2015-03-17 06:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-04-15 18:54 - 2015-03-17 06:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-04-15 18:54 - 2015-03-17 06:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-04-15 18:54 - 2015-03-17 06:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-04-15 18:54 - 2015-03-17 06:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-04-15 18:54 - 2015-03-17 06:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-04-15 18:54 - 2015-03-17 06:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-04-15 18:54 - 2015-03-17 06:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-04-15 18:54 - 2015-03-17 06:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-04-15 18:54 - 2015-03-17 06:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-04-15 18:54 - 2015-03-17 06:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-04-15 18:54 - 2015-03-17 06:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-04-15 18:54 - 2015-03-17 06:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-04-15 18:54 - 2015-03-17 06:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-04-15 18:54 - 2015-03-17 06:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 06:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 05:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-04-15 18:54 - 2015-03-17 05:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-04-15 18:54 - 2015-03-17 05:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 05:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 05:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 05:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-15 18:54 - 2015-03-13 06:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-15 18:54 - 2015-03-13 06:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-15 18:54 - 2015-03-13 06:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-15 18:54 - 2015-03-13 06:09 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-15 18:54 - 2015-03-13 06:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-15 18:54 - 2015-03-13 06:08 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-15 18:54 - 2015-03-13 06:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-15 18:54 - 2015-03-13 06:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-15 18:54 - 2015-03-13 06:06 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-15 18:54 - 2015-03-13 06:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-15 18:54 - 2015-03-13 05:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-15 18:54 - 2015-03-13 05:55 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-15 18:54 - 2015-03-13 05:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-15 18:54 - 2015-03-13 05:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-15 18:54 - 2015-03-13 05:53 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-15 18:54 - 2015-03-13 05:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-15 18:54 - 2015-03-13 05:44 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-15 18:54 - 2015-03-13 05:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-15 18:54 - 2015-03-13 05:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-04-15 18:54 - 2015-03-13 05:40 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-15 18:54 - 2015-03-13 05:32 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-15 18:54 - 2015-03-13 05:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-15 18:54 - 2015-03-13 05:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-04-15 18:54 - 2015-03-13 05:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-04-15 18:54 - 2015-03-13 05:27 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-15 18:54 - 2015-03-13 05:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-04-15 18:54 - 2015-03-13 05:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-15 18:54 - 2015-03-13 05:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-04-15 18:54 - 2015-03-13 05:23 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-15 18:54 - 2015-03-13 05:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-15 18:54 - 2015-03-13 05:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-15 18:54 - 2015-03-13 05:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-04-15 18:54 - 2015-03-13 05:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-04-15 18:54 - 2015-03-13 05:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-04-15 18:54 - 2015-03-13 05:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-04-15 18:54 - 2015-03-13 05:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-15 18:54 - 2015-03-13 05:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-15 18:54 - 2015-03-13 05:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-15 18:54 - 2015-03-13 05:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-15 18:54 - 2015-03-13 05:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-15 18:54 - 2015-03-13 05:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-04-15 18:54 - 2015-03-13 05:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-15 18:54 - 2015-03-13 04:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-04-15 18:54 - 2015-03-13 04:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-15 18:54 - 2015-03-13 04:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-15 18:54 - 2015-03-13 04:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-15 18:54 - 2015-03-13 04:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-15 18:54 - 2015-03-13 04:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-15 18:54 - 2015-03-13 04:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-15 18:54 - 2015-03-13 04:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-04-15 18:54 - 2015-03-13 04:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-15 18:54 - 2015-03-13 04:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-15 18:54 - 2015-03-13 04:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-15 18:54 - 2015-03-13 04:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-15 18:54 - 2015-03-13 04:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-15 18:54 - 2015-03-13 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-15 18:54 - 2015-03-10 05:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-15 18:54 - 2015-03-10 05:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-15 18:54 - 2015-03-10 05:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-15 18:54 - 2015-03-10 05:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-04-15 18:54 - 2015-03-05 07:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-15 18:54 - 2015-03-05 06:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-15 18:54 - 2015-03-04 06:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-15 18:54 - 2015-03-04 06:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-15 18:54 - 2015-03-04 06:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-15 18:54 - 2015-02-25 05:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-13 20:32 - 2015-04-13 20:32 - 00000000 ____D () C:\Users\Fabian\Documents\Aspyr
2015-04-13 20:32 - 2015-04-13 20:32 - 00000000 ____D () C:\Users\Fabian\AppData\Local\Aspyr
2015-04-13 20:28 - 2015-04-13 20:28 - 00178800 _____ (Sony DADC Austria AG.) C:\Windows\SysWOW64\CmdLineExt_x64.dll
2015-04-13 20:28 - 2015-04-13 20:28 - 00000000 __RHD () C:\Users\Fabian\AppData\Roaming\SecuROM
2015-04-13 19:29 - 2015-04-13 19:29 - 00009728 _____ () C:\Windows\SysWOW64\BASSMOD.dll
2015-04-13 19:28 - 2015-04-13 20:24 - 00000032 _____ () C:\Windows\0
2015-04-13 19:28 - 2015-04-13 19:28 - 00000000 _____ () C:\Windows\system32\0
2015-04-13 19:28 - 2008-05-07 07:39 - 00066560 _____ (Nokia) C:\Windows\system32\nmwcdclsx64.dll
2015-04-13 19:27 - 2015-04-13 19:27 - 00000000 ____D () C:\ProgramData\Installations
2015-04-13 19:11 - 2015-04-13 19:11 - 00000535 _____ () C:\Windows\Xbox_360_CC_Driver.log
2015-04-12 16:30 - 2015-04-12 16:30 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StarCitizen
2015-04-04 20:59 - 2015-04-04 20:59 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-04 20:59 - 2015-04-04 20:59 - 00000000 ___SD () C:\Windows\system32\GWX

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-03 15:32 - 2014-12-03 00:48 - 00000000 ____D () C:\Users\Fabian\AppData\Local\Battle.net
2015-05-03 15:13 - 2014-08-29 16:32 - 01148030 _____ () C:\Windows\WindowsUpdate.log
2015-05-03 15:06 - 2014-08-29 16:37 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-03 13:56 - 2009-07-14 06:51 - 00146428 _____ () C:\Windows\setupact.log
2015-05-03 13:02 - 2014-12-23 16:47 - 00000000 ____D () C:\Users\Fabian\AppData\Local\LogMeIn Hamachi
2015-05-03 12:32 - 2014-10-24 11:35 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-05-03 12:24 - 2009-07-14 06:45 - 00038752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-03 12:24 - 2009-07-14 06:45 - 00038752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-03 12:22 - 2009-07-14 19:58 - 00717014 _____ () C:\Windows\system32\perfh007.dat
2015-05-03 12:22 - 2009-07-14 19:58 - 00154630 _____ () C:\Windows\system32\perfc007.dat
2015-05-03 12:22 - 2009-07-14 07:13 - 01655480 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-03 12:19 - 2014-09-11 22:12 - 00006462 _____ () C:\Windows\SysWOW64\Gms.log
2015-05-03 12:17 - 2014-08-29 16:37 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-03 12:17 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-03 02:56 - 2014-08-29 17:05 - 00065536 _____ () C:\Windows\system32\spu_storage.bin
2015-05-01 23:10 - 2014-08-29 17:05 - 00244478 _____ () C:\Windows\PFRO.log
2015-05-01 16:52 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2015-05-01 13:59 - 2014-08-29 21:13 - 581064963 _____ () C:\Windows\MEMORY.DMP
2015-05-01 13:59 - 2014-08-29 21:13 - 00000000 ____D () C:\Windows\Minidump
2015-05-01 13:12 - 2014-10-31 18:52 - 00000000 ____D () C:\Windows\pss
2015-05-01 00:37 - 2014-09-08 14:00 - 00044900 _____ () C:\Windows\DPINST.LOG
2015-04-29 21:56 - 2014-08-29 16:32 - 00000000 ____D () C:\Users\Fabian
2015-04-29 21:50 - 2015-03-18 23:46 - 00000035 _____ () C:\Users\Public\Documents\AtherosServiceConfig.ini
2015-04-26 18:01 - 2014-11-17 18:28 - 00000000 ____D () C:\ProgramData\Unity
2015-04-26 11:41 - 2015-03-14 02:50 - 00000000 ____D () C:\Program Files (x86)\MOUSE Editor
2015-04-26 11:41 - 2014-08-29 16:38 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-04-25 12:08 - 2014-10-25 14:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
2015-04-24 18:51 - 2014-09-11 21:16 - 00000000 ____D () C:\Users\Fabian\Documents\Bluetooth Folder
2015-04-23 20:43 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-04-23 18:46 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2015-04-23 18:26 - 2009-07-14 20:18 - 00000000 ____D () C:\Windows\ShellNew
2015-04-21 21:09 - 2014-08-29 21:51 - 00000000 ____D () C:\Users\Fabian\AppData\Local\CrashDumps
2015-04-19 14:09 - 2014-09-03 21:16 - 00000099 _____ () C:\Users\Public\LMDebug.log
2015-04-19 01:38 - 2014-08-29 21:51 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\vlc
2015-04-16 06:56 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat
2015-04-16 06:53 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-04-16 06:08 - 2014-12-11 09:18 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-16 06:08 - 2014-08-29 18:32 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-15 23:23 - 2014-09-25 17:15 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-15 23:22 - 2014-08-29 17:03 - 01628824 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-15 23:20 - 2014-11-29 13:35 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-04-15 23:20 - 2014-11-29 13:35 - 00000000 ____D () C:\ProgramData\Skype
2015-04-15 23:20 - 2014-08-29 18:13 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-15 23:17 - 2014-08-29 18:13 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-15 22:22 - 2014-10-04 21:16 - 00000000 ____D () C:\Users\Fabian\AppData\Local\Eclipse
2015-04-14 18:59 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-04-14 18:58 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Public\Libraries
2015-04-13 19:28 - 2014-11-10 18:36 - 00000000 ____D () C:\Program Files\DIFX
2015-04-13 19:12 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-04-13 19:11 - 2014-08-29 18:14 - 00254907 _____ () C:\Windows\DirectX.log
2015-04-12 16:30 - 2014-09-05 14:42 - 00000000 ____D () C:\Windows\SysWOW64\directx
2015-04-09 20:43 - 2014-09-03 14:34 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\Mp3tag

==================== Files in the root of some directories =======

2014-11-25 00:36 - 2014-11-25 00:36 - 0000793 _____ () C:\Users\Fabian\AppData\Roaming\MPQEditor.ini
2014-12-23 13:49 - 2014-12-23 13:49 - 0006099 _____ () C:\Users\Fabian\AppData\Local\recently-used.xbel
2015-03-04 00:58 - 2015-03-04 00:58 - 0007614 _____ () C:\Users\Fabian\AppData\Local\Resmon.ResmonCfg
2014-08-29 16:39 - 2014-08-29 16:39 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some content of TEMP:
====================
C:\Users\Fabian\AppData\Local\Temp\proxy_vole7880982366459688671.dll
C:\Users\Fabian\AppData\Local\Temp\Quarantine.exe
C:\Users\Fabian\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-24 20:44

==================== End Of Log ============================
         
--- --- ---

--- --- ---

Alt 03.05.2015, 19:38   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7: PC verhält sich komisch update.exe - Standard

Windows 7: PC verhält sich komisch update.exe



Java updaten.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start_.lnk [2015-05-03]
ShortcutTarget: Start_.lnk -> C:\Windows\SysWOW64\update_.exe ()
CHR StartupUrls: Default -> "hxxp://www.google.com", "hxxp://www.sweet-page.com/?type=hp&ts=1409748275&from=cor&uid=SamsungXSSDX840XEVOX120GB_S1D5NSADC38755E"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
C:\Windows\SysWOW64\update_.exe
Emptytemp:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.




FRST öffnen, Haken setzen bei Addition und scannen, poste bitte beide Logfiles.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 03.05.2015, 20:45   #11
Seppiro
 
Windows 7: PC verhält sich komisch update.exe - Standard

Windows 7: PC verhält sich komisch update.exe



nach unzähligen "Getting Application Error 20683" von FRST hat er es doch noch geschafft :P

Fixlog
Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 29-04-2015
Ran by Fabian at 2015-05-03 21:34:05 Run:1
Running from C:\Users\Fabian\Desktop
Loaded Profiles: Fabian (Available profiles: Fabian)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start_.lnk [2015-05-03]
ShortcutTarget: Start_.lnk -> C:\Windows\SysWOW64\update_.exe ()
CHR StartupUrls: Default -> "hxxp://www.google.com", "hxxp://www.sweet-page.com/?type=hp&ts=1409748275&from=cor&uid=SamsungXSSDX840XEVOX120GB_S1D5NSADC38755E"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
C:\Windows\SysWOW64\update_.exe
Emptytemp:
*****************

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start_.lnk => Moved successfully.
C:\Windows\SysWOW64\update_.exe => Moved successfully.
Chrome StartupUrls deleted successfully.
Chrome DefaultSuggestURL deleted successfully.
"C:\Windows\SysWOW64\update_.exe" => File/Directory not found.
EmptyTemp: => Removed 693.6 MB temporary data.


The system needed a reboot. 

==== End of Fixlog 21:34:12 ====
         
FRST

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-04-2015
Ran by Fabian (administrator) on FABIAN-PC on 03-05-2015 21:41:27
Running from C:\Users\Fabian\Desktop
Loaded Profiles: Fabian (Available profiles: Fabian)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Advanced Micro Devices) C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe
() C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(SoftPerfect Research) D:\Programme\NetWorx\networx.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe
() C:\Program Files\ASUS Xonar U7 Audio\CPL\ASUSXonarU7_x64.exe
(Valve Corporation) D:\Programme\Steam\Steam.exe
(LogMeIn Inc.) D:\Programme\Hamachi\hamachi-2.exe
(LogMeIn, Inc.) D:\Programme\Hamachi\LMIGuardianSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(LogMeIn Inc.) D:\Programme\Hamachi\hamachi-2-ui.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe
(LogMeIn, Inc.) D:\Programme\Hamachi\LMIGuardianSvc.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Valve Corporation) D:\Programme\Steam\bin\steamwebhelper.exe
() D:\Programme\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
(TeamSpeak Systems GmbH) D:\Programme\TS3\ts3client_win32.exe
(Valve Corporation) D:\Programme\Steam\GameOverlayUI.exe
(Valve Corporation) D:\Programme\Steam\bin\steamwebhelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7569112 2014-03-31] (Realtek Semiconductor)
HKLM\...\Run: [Cmaudio8788] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [NetWorx] => D:\Programme\NetWorx\networx.exe [6589136 2014-09-30] (SoftPerfect Research)
HKLM\...\Run: [GamecomSound] => C:\Program Files\ASUS Xonar U7 Audio\CPL\ASUSXonarU7_x64.exe [2453504 2013-08-06] ()
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-02-21] (Intel Corporation)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [508656 2012-08-31] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => D:\Programme\Hamachi\hamachi-2-ui.exe [3978600 2015-03-30] (LogMeIn Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKU\S-1-5-21-4180718120-1828569617-1736650471-1000\...\Run: [Steam] => D:\Programme\Steam\steam.exe [2889408 2015-04-14] (Valve Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start_.lnk [2015-05-03]
ShortcutTarget: Start_.lnk -> C:\Windows\SysWOW64\update_.exe ()
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => D:\Programme\Office 2007\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => D:\Programme\Office 2007\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => D:\Programme\Office 2007\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => D:\Programme\Office 2007\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => D:\Programme\Office 2007\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-4180718120-1828569617-1736650471-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-4180718120-1828569617-1736650471-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-10-24] (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-05-03] (Oracle Corporation)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-03] (Oracle Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> D:\Programme\Office 2007\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-10-24] (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-03] (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-03-01] (Atheros Commnucations)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-03] (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20] (Kaspersky Lab ZAO)
Toolbar: HKU\S-1-5-21-4180718120-1828569617-1736650471-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Programme\Office 2007\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-03] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-03] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> D:\Programme\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-03] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-03] (Oracle Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2014-10-24] ()
FF Plugin-x32: @kaspersky.com/online_banking -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2014-10-24] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-10-24] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4180718120-1828569617-1736650471-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Fabian\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-10-08] (Unity Technologies ApS)
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2014-10-24]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-10-24]
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com [2014-10-24]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com [2014-10-24]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2014-10-24]

Chrome: 
=======
CHR HomePage: Default -> 
CHR Profile: C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (ProxFlow) - C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2014-08-29]
CHR Extension: (YouTube) - C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-29]
CHR Extension: (Google Search) - C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-29]
CHR Extension: (Kaspersky Protection) - C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2014-10-24]
CHR Extension: (BetaFish Adblocker) - C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-08-29]
CHR Extension: (Bookmark Manager) - C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-21]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-14]
CHR Extension: (Gravelord Nito) - C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmaneaofefbdhecclkaokfmclgcagdah [2014-08-29]
CHR Extension: (Google Wallet) - C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-29]
CHR Extension: (Gmail) - C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-29]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 amdacpusrsvc; C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [116224 2014-11-20] (Advanced Micro Devices) [File not signed]
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936728 2014-01-28] ()
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [76448 2011-03-01] (Atheros Commnucations) [File not signed]
R2 AVP15.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [175136 2014-09-09] (EasyAntiCheat Ltd)
R2 Hamachi2Svc; D:\Programme\Hamachi\hamachi-2.exe [2490216 2015-03-30] (LogMeIn Inc.)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-03-20] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 Microsoft Office Groove Audit Service; D:\Programme\Office 2007\Office12\GrooveAuditService.exe [64856 2009-02-26] (Microsoft Corporation)
S2 Software licensing; C:\Windows\SysWOW64\Softlic.exe [1622528 2015-03-30] () [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 amdacpksd; C:\Windows\system32\drivers\amdacpksd.sys [294600 2014-11-21] (Advanced Micro Devices)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2014-01-28] ()
R3 ASUSU7; C:\Windows\System32\DRIVERS\ASUSU7.SYS [406016 2013-08-01] (C-Media Inc.)
S3 BtFilter; C:\Windows\System32\DRIVERS\btfilter.sys [280224 2011-03-01] (Atheros) [File not signed]
R0 BtHidBus; C:\Windows\System32\Drivers\BtHidBus.sys [25056 2011-12-21] (IVT Corporation.)
S3 cmudaxp; C:\Windows\System32\drivers\cmudaxp.sys [2727936 2011-12-20] (C-Media Inc)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-08-29] (Disc Soft Ltd)
S3 IvtAudioBusSrv; C:\Windows\System32\Drivers\IvtBtBus.sys [27256 2012-12-24] (IVT Corporation.)
S3 IvtPanBusSrv; C:\Windows\System32\Drivers\btnetBus.sys [31480 2012-12-24] (IVT Corporation.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [457824 2014-02-20] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [141320 2014-10-24] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [243808 2014-04-10] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [793800 2014-10-24] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2014-03-25] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179296 2014-03-26] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [118272 2014-03-20] (Intel Corporation)
S3 MotioninJoyXFilter; C:\Windows\System32\DRIVERS\MijXfilt.sys [121416 2012-05-12] (MotioninJoy) [File not signed]
R1 networx; C:\Windows\System32\drivers\networx.sys [60408 2014-08-01] (NetFilterSDK.com)
S3 RTCore64; D:\Programme\MSI Afterburner\RTCore64.sys [13368 2013-03-11] ()
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52080 2013-10-10] (Cisco Systems, Inc.)
S3 BT; system32\DRIVERS\btnetdrv.sys [X]
S3 BTCOM; system32\DRIVERS\btcomport.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [X]
S3 IvtComBusSrv; System32\Drivers\btcombus.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X]
S3 pmem; \??\C:\Users\Fabian\AppData\Local\Temp\_MEI41682\drivers\winpmem64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-03 21:35 - 2015-04-28 15:37 - 01584640 _____ () C:\Windows\SysWOW64\update_.exe
2015-05-03 13:42 - 2015-05-03 13:42 - 00852616 _____ () C:\Users\Fabian\Desktop\SecurityCheck.exe
2015-05-03 13:37 - 2015-05-03 13:37 - 02347384 _____ (ESET) C:\Users\Fabian\Desktop\esetsmartinstaller_deu (1).exe
2015-05-03 13:37 - 2015-05-03 13:37 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-05-03 13:36 - 2015-05-03 13:36 - 02347384 _____ (ESET) C:\Users\Fabian\Desktop\esetsmartinstaller_deu.exe
2015-05-02 17:10 - 2015-05-02 17:10 - 00000903 _____ () C:\Users\Fabian\Desktop\JRT.txt
2015-05-02 17:09 - 2015-05-02 17:09 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-FABIAN-PC-Windows-7-Professional-(64-bit).dat
2015-05-02 17:09 - 2015-05-02 17:09 - 00000000 ____D () C:\RegBackup
2015-05-02 17:08 - 2015-05-02 17:08 - 00002548 _____ () C:\Users\Fabian\Desktop\AdwCleaner[S2].txt
2015-05-02 17:05 - 2015-05-02 17:07 - 00000000 ____D () C:\AdwCleaner
2015-05-02 17:05 - 2015-05-02 17:05 - 02224640 _____ () C:\Users\Fabian\Desktop\AdwCleaner_4.203.exe
2015-05-02 17:04 - 2015-05-02 17:04 - 00001211 _____ () C:\Users\Fabian\Desktop\mbam.txt
2015-05-02 16:58 - 2015-05-02 16:58 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-05-02 16:57 - 2015-05-02 16:57 - 02716306 _____ (Thisisu) C:\Users\Fabian\Desktop\JRT.exe
2015-05-02 16:56 - 2015-05-02 16:57 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Fabian\Desktop\mbam-setup-2.1.6.1022.exe
2015-05-01 23:10 - 2015-05-03 21:35 - 01539150 _____ () C:\Windows\SysWOW64\Update.exe
2015-05-01 23:10 - 2015-04-29 17:59 - 01026772 _____ () C:\Windows\SysWOW64\update64.exe
2015-05-01 23:10 - 2015-04-23 04:10 - 00198467 _____ () C:\Windows\SysWOW64\Run.exe
2015-05-01 16:53 - 2015-05-01 16:53 - 00022156 _____ () C:\ComboFix.txt
2015-05-01 16:48 - 2015-05-01 16:48 - 05619691 ____R (Swearware) C:\Users\Fabian\Desktop\ComboFix.exe
2015-05-01 13:59 - 2015-05-01 13:59 - 00288904 _____ () C:\Windows\Minidump\050115-7768-01.dmp
2015-04-30 18:43 - 2015-05-03 21:41 - 00054488 _____ () C:\Users\Fabian\Desktop\Addition.txt
2015-04-29 22:20 - 2015-04-29 22:20 - 00052422 _____ () C:\Users\Fabian\Desktop\gmer.txt
2015-04-29 21:59 - 2015-05-03 21:41 - 00022092 _____ () C:\Users\Fabian\Desktop\FRST.txt
2015-04-29 21:59 - 2015-05-03 21:41 - 00000000 ____D () C:\FRST
2015-04-29 21:59 - 2015-04-29 21:59 - 02101248 _____ (Farbar) C:\Users\Fabian\Desktop\FRST64.exe
2015-04-29 21:59 - 2015-04-29 21:59 - 00380416 _____ () C:\Users\Fabian\Desktop\Gmer-19357.exe
2015-04-29 21:57 - 2015-04-29 21:57 - 00000474 _____ () C:\Users\Fabian\Desktop\defogger_disable.log
2015-04-29 21:57 - 2015-04-29 21:56 - 00050477 _____ () C:\Users\Fabian\Desktop\Defogger.exe
2015-04-29 21:56 - 2015-04-29 21:56 - 00000000 _____ () C:\Users\Fabian\defogger_reenable
2015-04-29 21:45 - 2015-04-29 21:45 - 00000000 ___RD () C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-04-28 19:52 - 2015-04-28 19:52 - 00293032 _____ () C:\Windows\Minidump\042815-6739-01.dmp
2015-04-25 11:13 - 2015-04-25 11:13 - 00002566 _____ () C:\Users\Fabian\Documents\01541sd111s11sSH4AR4E!!!!1515151.pfx
2015-04-23 18:40 - 2015-05-01 16:53 - 00000000 ____D () C:\Qoobox
2015-04-23 18:40 - 2015-04-23 18:45 - 00000000 ____D () C:\Windows\erdnt
2015-04-23 18:40 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-04-23 18:40 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-04-23 18:40 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-04-23 18:40 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-04-23 18:40 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-04-23 18:40 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2015-04-23 18:40 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2015-04-23 18:40 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2015-04-23 18:20 - 2015-05-03 16:00 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-23 18:20 - 2015-05-02 16:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-04-23 18:19 - 2015-05-02 16:58 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-04-23 18:19 - 2015-04-23 18:19 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-23 18:19 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-23 18:19 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-23 18:19 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-23 18:12 - 2015-04-23 18:12 - 00262144 _____ () C:\Windows\system32\config\elam
2015-04-23 18:05 - 2015-05-03 21:35 - 00000012 _____ () C:\Windows\SysWOW64\listm.txt
2015-04-19 14:16 - 2015-04-19 14:16 - 00000000 ____D () C:\Users\Fabian\AppData\Local\PDF24
2015-04-19 14:16 - 2015-04-19 14:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
2015-04-16 19:39 - 2015-04-16 19:39 - 00000080 _____ () C:\Users\Fabian\AppData\Local剜捯獫慴⁲慇敭屳呇⁁屖湥楴汴浥湥⹴湩潦
2015-04-16 19:37 - 2015-04-16 19:37 - 00000000 ____D () C:\Program Files (x86)\Rockstar Games
2015-04-16 19:36 - 2015-04-16 19:36 - 00000000 ____D () C:\Program Files\Rockstar Games
2015-04-16 19:18 - 2015-04-16 19:18 - 00000000 ____D () C:\Users\Fabian\AppData\Local\Rockstar Games
2015-04-16 19:16 - 2015-04-16 19:39 - 00000000 ____D () C:\Users\Fabian\Documents\Rockstar Games
2015-04-15 18:54 - 2015-04-02 02:17 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-15 18:54 - 2015-04-02 01:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-04-15 18:54 - 2015-03-25 05:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-15 18:54 - 2015-03-25 05:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-15 18:54 - 2015-03-25 05:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-15 18:54 - 2015-03-25 05:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-15 18:54 - 2015-03-25 05:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-15 18:54 - 2015-03-25 05:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-15 18:54 - 2015-03-25 05:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-15 18:54 - 2015-03-25 05:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-15 18:54 - 2015-03-25 05:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-15 18:54 - 2015-03-25 05:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-15 18:54 - 2015-03-25 05:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-15 18:54 - 2015-03-25 05:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-15 18:54 - 2015-03-25 05:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-15 18:54 - 2015-03-25 05:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-15 18:54 - 2015-03-25 05:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-15 18:54 - 2015-03-25 05:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-15 18:54 - 2015-03-23 05:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-15 18:54 - 2015-03-23 05:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-15 18:54 - 2015-03-23 05:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-15 18:54 - 2015-03-23 05:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-15 18:54 - 2015-03-23 05:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-15 18:54 - 2015-03-23 05:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-15 18:54 - 2015-03-23 05:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-15 18:54 - 2015-03-23 05:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-15 18:54 - 2015-03-17 07:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-15 18:54 - 2015-03-17 07:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-15 18:54 - 2015-03-17 07:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-15 18:54 - 2015-03-17 07:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-15 18:54 - 2015-03-17 07:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-04-15 18:54 - 2015-03-17 07:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-15 18:54 - 2015-03-17 07:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-15 18:54 - 2015-03-17 07:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-15 18:54 - 2015-03-17 07:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-04-15 18:54 - 2015-03-17 07:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-15 18:54 - 2015-03-17 07:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-15 18:54 - 2015-03-17 07:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-04-15 18:54 - 2015-03-17 07:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-15 18:54 - 2015-03-17 07:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-15 18:54 - 2015-03-17 07:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-15 18:54 - 2015-03-17 07:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-15 18:54 - 2015-03-17 07:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-04-15 18:54 - 2015-03-17 07:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-15 18:54 - 2015-03-17 07:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-15 18:54 - 2015-03-17 07:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-15 18:54 - 2015-03-17 07:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-15 18:54 - 2015-03-17 07:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-15 18:54 - 2015-03-17 07:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-15 18:54 - 2015-03-17 07:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-15 18:54 - 2015-03-17 07:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-15 18:54 - 2015-03-17 07:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-15 18:54 - 2015-03-17 07:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-04-15 18:54 - 2015-03-17 07:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-04-15 18:54 - 2015-03-17 07:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-15 18:54 - 2015-03-17 07:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-15 18:54 - 2015-03-17 07:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-15 18:54 - 2015-03-17 07:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-04-15 18:54 - 2015-03-17 07:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-04-15 18:54 - 2015-03-17 06:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-15 18:54 - 2015-03-17 06:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-04-15 18:54 - 2015-03-17 06:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-04-15 18:54 - 2015-03-17 06:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-04-15 18:54 - 2015-03-17 06:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-04-15 18:54 - 2015-03-17 06:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-04-15 18:54 - 2015-03-17 06:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-04-15 18:54 - 2015-03-17 06:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-04-15 18:54 - 2015-03-17 06:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-04-15 18:54 - 2015-03-17 06:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-04-15 18:54 - 2015-03-17 06:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-04-15 18:54 - 2015-03-17 06:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-04-15 18:54 - 2015-03-17 06:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-04-15 18:54 - 2015-03-17 06:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-04-15 18:54 - 2015-03-17 06:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-04-15 18:54 - 2015-03-17 06:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-04-15 18:54 - 2015-03-17 06:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-04-15 18:54 - 2015-03-17 06:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-04-15 18:54 - 2015-03-17 06:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-04-15 18:54 - 2015-03-17 06:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-04-15 18:54 - 2015-03-17 06:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-04-15 18:54 - 2015-03-17 06:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 06:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 05:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-04-15 18:54 - 2015-03-17 05:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-04-15 18:54 - 2015-03-17 05:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 05:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 05:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 05:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-15 18:54 - 2015-03-13 06:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-15 18:54 - 2015-03-13 06:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-15 18:54 - 2015-03-13 06:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-15 18:54 - 2015-03-13 06:09 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-15 18:54 - 2015-03-13 06:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-15 18:54 - 2015-03-13 06:08 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-15 18:54 - 2015-03-13 06:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-15 18:54 - 2015-03-13 06:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-15 18:54 - 2015-03-13 06:06 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-15 18:54 - 2015-03-13 06:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-15 18:54 - 2015-03-13 05:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-15 18:54 - 2015-03-13 05:55 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-15 18:54 - 2015-03-13 05:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-15 18:54 - 2015-03-13 05:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-15 18:54 - 2015-03-13 05:53 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-15 18:54 - 2015-03-13 05:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-15 18:54 - 2015-03-13 05:44 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-15 18:54 - 2015-03-13 05:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-15 18:54 - 2015-03-13 05:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-04-15 18:54 - 2015-03-13 05:40 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-15 18:54 - 2015-03-13 05:32 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-15 18:54 - 2015-03-13 05:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-15 18:54 - 2015-03-13 05:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-04-15 18:54 - 2015-03-13 05:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-04-15 18:54 - 2015-03-13 05:27 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-15 18:54 - 2015-03-13 05:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-04-15 18:54 - 2015-03-13 05:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-15 18:54 - 2015-03-13 05:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-04-15 18:54 - 2015-03-13 05:23 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-15 18:54 - 2015-03-13 05:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-15 18:54 - 2015-03-13 05:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-15 18:54 - 2015-03-13 05:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-04-15 18:54 - 2015-03-13 05:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-04-15 18:54 - 2015-03-13 05:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-04-15 18:54 - 2015-03-13 05:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-04-15 18:54 - 2015-03-13 05:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-15 18:54 - 2015-03-13 05:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-15 18:54 - 2015-03-13 05:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-15 18:54 - 2015-03-13 05:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-15 18:54 - 2015-03-13 05:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-15 18:54 - 2015-03-13 05:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-04-15 18:54 - 2015-03-13 05:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-15 18:54 - 2015-03-13 04:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-04-15 18:54 - 2015-03-13 04:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-15 18:54 - 2015-03-13 04:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-15 18:54 - 2015-03-13 04:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-15 18:54 - 2015-03-13 04:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-15 18:54 - 2015-03-13 04:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-15 18:54 - 2015-03-13 04:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-15 18:54 - 2015-03-13 04:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-04-15 18:54 - 2015-03-13 04:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-15 18:54 - 2015-03-13 04:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-15 18:54 - 2015-03-13 04:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-15 18:54 - 2015-03-13 04:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-15 18:54 - 2015-03-13 04:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-15 18:54 - 2015-03-13 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-15 18:54 - 2015-03-10 05:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-15 18:54 - 2015-03-10 05:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-15 18:54 - 2015-03-10 05:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-15 18:54 - 2015-03-10 05:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-04-15 18:54 - 2015-03-05 07:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-15 18:54 - 2015-03-05 06:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-15 18:54 - 2015-03-04 06:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-15 18:54 - 2015-03-04 06:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-15 18:54 - 2015-03-04 06:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-15 18:54 - 2015-02-25 05:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-13 20:32 - 2015-04-13 20:32 - 00000000 ____D () C:\Users\Fabian\Documents\Aspyr
2015-04-13 20:32 - 2015-04-13 20:32 - 00000000 ____D () C:\Users\Fabian\AppData\Local\Aspyr
2015-04-13 20:28 - 2015-04-13 20:28 - 00178800 _____ (Sony DADC Austria AG.) C:\Windows\SysWOW64\CmdLineExt_x64.dll
2015-04-13 20:28 - 2015-04-13 20:28 - 00000000 __RHD () C:\Users\Fabian\AppData\Roaming\SecuROM
2015-04-13 19:29 - 2015-04-13 19:29 - 00009728 _____ () C:\Windows\SysWOW64\BASSMOD.dll
2015-04-13 19:28 - 2015-04-13 20:24 - 00000032 _____ () C:\Windows\0
2015-04-13 19:28 - 2015-04-13 19:28 - 00000000 _____ () C:\Windows\system32\0
2015-04-13 19:28 - 2008-05-07 07:39 - 00066560 _____ (Nokia) C:\Windows\system32\nmwcdclsx64.dll
2015-04-13 19:27 - 2015-04-13 19:27 - 00000000 ____D () C:\ProgramData\Installations
2015-04-13 19:11 - 2015-04-13 19:11 - 00000535 _____ () C:\Windows\Xbox_360_CC_Driver.log
2015-04-12 16:30 - 2015-04-12 16:30 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StarCitizen
2015-04-04 20:59 - 2015-04-04 20:59 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-04 20:59 - 2015-04-04 20:59 - 00000000 ___SD () C:\Windows\system32\GWX

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-03 21:40 - 2009-07-14 19:58 - 00717014 _____ () C:\Windows\system32\perfh007.dat
2015-05-03 21:40 - 2009-07-14 19:58 - 00154630 _____ () C:\Windows\system32\perfc007.dat
2015-05-03 21:40 - 2009-07-14 07:13 - 01655480 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-03 21:38 - 2014-12-23 16:47 - 00000000 ____D () C:\Users\Fabian\AppData\Local\LogMeIn Hamachi
2015-05-03 21:38 - 2014-08-29 16:32 - 01170227 _____ () C:\Windows\WindowsUpdate.log
2015-05-03 21:37 - 2014-09-11 22:12 - 00006464 _____ () C:\Windows\SysWOW64\Gms.log
2015-05-03 21:35 - 2014-10-24 11:35 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-05-03 21:35 - 2014-08-29 16:37 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-03 21:35 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-03 21:35 - 2009-07-14 06:51 - 00146820 _____ () C:\Windows\setupact.log
2015-05-03 21:34 - 2014-08-29 17:05 - 00246522 _____ () C:\Windows\PFRO.log
2015-05-03 21:34 - 2014-08-29 17:05 - 00065536 _____ () C:\Windows\system32\spu_storage.bin
2015-05-03 21:33 - 2014-12-03 00:48 - 00000000 ____D () C:\Users\Fabian\AppData\Local\Battle.net
2015-05-03 21:32 - 2014-11-01 16:21 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-05-03 21:32 - 2014-11-01 16:21 - 00000000 ____D () C:\Program Files (x86)\Java
2015-05-03 21:32 - 2014-10-04 21:08 - 00110688 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-05-03 21:32 - 2014-10-04 21:07 - 00000000 ____D () C:\Program Files\Java
2015-05-03 21:06 - 2014-08-29 16:37 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-03 12:24 - 2009-07-14 06:45 - 00038752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-03 12:24 - 2009-07-14 06:45 - 00038752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-01 16:52 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2015-05-01 13:59 - 2014-08-29 21:13 - 581064963 _____ () C:\Windows\MEMORY.DMP
2015-05-01 13:59 - 2014-08-29 21:13 - 00000000 ____D () C:\Windows\Minidump
2015-05-01 13:12 - 2014-10-31 18:52 - 00000000 ____D () C:\Windows\pss
2015-05-01 00:37 - 2014-09-08 14:00 - 00044900 _____ () C:\Windows\DPINST.LOG
2015-04-29 21:56 - 2014-08-29 16:32 - 00000000 ____D () C:\Users\Fabian
2015-04-29 21:50 - 2015-03-18 23:46 - 00000035 _____ () C:\Users\Public\Documents\AtherosServiceConfig.ini
2015-04-26 18:01 - 2014-11-17 18:28 - 00000000 ____D () C:\ProgramData\Unity
2015-04-26 11:41 - 2015-03-14 02:50 - 00000000 ____D () C:\Program Files (x86)\MOUSE Editor
2015-04-26 11:41 - 2014-08-29 16:38 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-04-25 12:08 - 2014-10-25 14:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
2015-04-24 18:51 - 2014-09-11 21:16 - 00000000 ____D () C:\Users\Fabian\Documents\Bluetooth Folder
2015-04-23 20:43 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-04-23 18:46 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2015-04-23 18:26 - 2009-07-14 20:18 - 00000000 ____D () C:\Windows\ShellNew
2015-04-21 21:09 - 2014-08-29 21:51 - 00000000 ____D () C:\Users\Fabian\AppData\Local\CrashDumps
2015-04-19 14:09 - 2014-09-03 21:16 - 00000099 _____ () C:\Users\Public\LMDebug.log
2015-04-19 01:38 - 2014-08-29 21:51 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\vlc
2015-04-16 06:56 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat
2015-04-16 06:53 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-04-16 06:08 - 2014-12-11 09:18 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-16 06:08 - 2014-08-29 18:32 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-15 23:23 - 2014-09-25 17:15 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-15 23:22 - 2014-08-29 17:03 - 01628824 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-15 23:20 - 2014-11-29 13:35 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-04-15 23:20 - 2014-11-29 13:35 - 00000000 ____D () C:\ProgramData\Skype
2015-04-15 23:20 - 2014-08-29 18:13 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-15 23:17 - 2014-08-29 18:13 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-15 22:22 - 2014-10-04 21:16 - 00000000 ____D () C:\Users\Fabian\AppData\Local\Eclipse
2015-04-14 18:59 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-04-14 18:58 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Public\Libraries
2015-04-13 19:28 - 2014-11-10 18:36 - 00000000 ____D () C:\Program Files\DIFX
2015-04-13 19:12 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-04-13 19:11 - 2014-08-29 18:14 - 00254907 _____ () C:\Windows\DirectX.log
2015-04-12 16:30 - 2014-09-05 14:42 - 00000000 ____D () C:\Windows\SysWOW64\directx
2015-04-09 20:43 - 2014-09-03 14:34 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\Mp3tag

==================== Files in the root of some directories =======

2014-11-25 00:36 - 2014-11-25 00:36 - 0000793 _____ () C:\Users\Fabian\AppData\Roaming\MPQEditor.ini
2014-12-23 13:49 - 2014-12-23 13:49 - 0006099 _____ () C:\Users\Fabian\AppData\Local\recently-used.xbel
2015-03-04 00:58 - 2015-03-04 00:58 - 0007614 _____ () C:\Users\Fabian\AppData\Local\Resmon.ResmonCfg
2014-08-29 16:39 - 2014-08-29 16:39 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-24 20:44

==================== End Of Log ============================
         
--- --- ---

--- --- ---

Alt 03.05.2015, 20:45   #12
Seppiro
 
Windows 7: PC verhält sich komisch update.exe - Standard

Windows 7: PC verhält sich komisch update.exe



Addition
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-04-2015
Ran by Fabian at 2015-05-03 21:41:40
Running from C:\Users\Fabian\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4180718120-1828569617-1736650471-500 - Administrator - Disabled)
Fabian (S-1-5-21-4180718120-1828569617-1736650471-1000 - Administrator - Enabled) => C:\Users\Fabian
Gast (S-1-5-21-4180718120-1828569617-1736650471-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4180718120-1828569617-1736650471-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ACP Application (Version: 2.15.10.0003 - Advanced Micro Devices, Inc.) Hidden
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Alien Isolation (HKLM-x32\...\Alien Isolation_is1) (Version:  - )
Alien Swarm (HKLM-x32\...\Steam App 630) (Version:  - Valve)
Allway Sync version 14.2.1 (HKLM\...\Allway Sync_is1) (Version:  - Botkind Inc)
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Archeage (HKLM-x32\...\Glyph Archeage) (Version:  - Trion Worlds, Inc.)
ASUS Bluetooth Suite (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.02.000.60 - ASUS Communications)
ASUS Xonar DG Audio Driver (HKLM\...\C-Media Oxygen HD Audio Driver) (Version:  - )
ASUS Xonar U7 Audio (HKLM-x32\...\{71B53BA8-4BE3-49AF-BC3E-07F39206632A}) (Version:   - ASUSTeK Computer Inc.)
Aufstieg des Hexenkönigs™ (HKLM-x32\...\{B931FB80-537A-4600-00AD-AC5DEDB6C25B}) (Version:  - )
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bitvise SSH Client 6.08 (remove only) (HKLM-x32\...\BvSshClient) (Version:  - )
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.04072 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.04072 - Cisco Systems, Inc.) Hidden
Cities Skylines Version 1.0.5 (HKLM-x32\...\Cities Skylines_is1) (Version: 1.0.5 - RFT)
Common Desktop Agent (Version: 1.53.0 - OEM) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
DeadCore (HKLM-x32\...\RGVhZENvcmU=_is1) (Version: 1 - )
Dev-C++ 5 beta 9 release (4.9.9.2) (HKLM-x32\...\Dev-C++) (Version:  - )
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Die Schlacht um Mittelerde™ II (HKLM-x32\...\{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}) (Version:  - )
Die Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.50.56 - Electronic Arts)
Die Sims™ 3 70er, 80er & 90er Accessoires (HKLM-x32\...\{E1868CAE-E3B9-4099-8C18-AA8944D336FD}) (Version: 17.0.77 - Electronic Arts)
Die Sims™ 3 Design-Garten-Accessoires (HKLM-x32\...\{117B6BF6-82C3-420C-B284-9247C8568E53}) (Version: 7.0.55 - Electronic Arts)
Die Sims™ 3 Diesel Accessoires (HKLM-x32\...\{1C9B6173-6DC9-4EEE-9EFC-6BA115CFBE43}) (Version: 14.0.48 - Electronic Arts)
Die Sims™ 3 Einfach tierisch (HKLM-x32\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts)
Die Sims™ 3 Gib Gas-Accessoires (HKLM-x32\...\{ED436EA8-4145-4703-AE5D-4D09DD24AF5A}) (Version: 5.0.44 - Electronic Arts)
Die Sims™ 3 Jahreszeiten (HKLM-x32\...\{3DE92282-CB49-434F-81BF-94E5B380E889}) (Version: 16.0.136 - Electronic Arts)
Die Sims™ 3 Late Night (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.0.81 - Electronic Arts)
Die Sims™ 3 Lebensfreude (HKLM-x32\...\{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}) (Version: 8.0.152 - Electronic Arts)
Die Sims™ 3 Luxus-Accessoires (HKLM-x32\...\{71828142-5A24-4BD0-97E7-976DA08CE6CF}) (Version: 3.0.38 - Electronic Arts)
Die Sims™ 3 Reiseabenteuer (HKLM-x32\...\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}) (Version: 2.0.86 - Electronic Arts)
Die Sims™ 3 Showtime (HKLM-x32\...\{3BBFD444-5FAB-49F6-98B1-A1954E831399}) (Version: 12.0.273 - Electronic Arts)
Die Sims™ 3 Stadt-Accessoires (HKLM-x32\...\{7B11296A-F894-449C-8DF6-6AAAA7D4D118}) (Version: 9.0.73 - Electronic Arts)
Die Sims™ 3 Supernatural (HKLM-x32\...\{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}) (Version: 15.0.135 - Electronic Arts)
Die Sims™ 3 Traumkarrieren (HKLM-x32\...\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}) (Version: 4.0.87 - Electronic Arts)
Die Sims™ 3 Traumsuite-Accessoires (HKLM-x32\...\{08A25478-C5DD-4EA7-B168-3D687CA987FF}) (Version: 11.0.84 - Electronic Arts)
Die Sims™ 3 Wildes Studentenleben (HKLM-x32\...\{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}) (Version: 18.0.126 - Electronic Arts)
Die*Sims™*3 Erstelle einen Sim (HKLM-x32\...\{89173B88-384A-459B-B687-9C0BBC934EF4}) (Version: 1.0.25 - Electronic Arts)
Divinity Original Sin (HKLM-x32\...\Divinity Original Sin_is1) (Version: 1.0 - PLAZA)
Divinity Original Sin Update v1.0.81 (HKLM-x32\...\RGl2aW5pdHlPcmlnaW5hbFNpbg==_is1) (Version: 1 - )
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Final Fantasy XIII Fullscreen Edition MULTi5 1.0 (HKLM-x32\...\Final Fantasy XIII Fullscreen Edition MULTi5 1.0) (Version:  - )
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Glyph (HKLM-x32\...\Glyph) (Version:  - Trion Worlds, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.135 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Guitar Hero III (HKLM-x32\...\{0CE1A6C0-F3F7-49E6-8F9D-2431F9827441}) (Version: 1.00.0000 - Activision)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.0.1204 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.0.16 - Intel Corporation)
Intel® Chipsatz-Gerätesoftware (x32 Version: 10.0.17 - Intel(R) Corporation) Hidden
Java 8 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418045F0}) (Version: 8.0.450 - Oracle Corporation)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Java SE Development Kit 8 Update 20 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180200}) (Version: 8.0.200.26 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{653C1B5A-3287-47B1-8613-0745D4E771C4}) (Version: 15.0.0.463 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 15.0.0.463 - Kaspersky Lab) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.328 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.328 - LogMeIn, Inc.) Hidden
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}) (Version: 1.20.146.0 - Microsoft)
Middle Earth Shadow of Mordor (HKLM-x32\...\Middle Earth Shadow of Mordor_is1) (Version:  - )
Minecraft (HKLM-x32\...\{02BAAFC5-4E16-42E6-A9F6-8DDE0B7ED3B8}) (Version: 1.0.0.0 - Mojang)
MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com)
Mp3tag v2.63 (HKLM-x32\...\Mp3tag) (Version: v2.63 - Florian Heidenreich)
MSI Afterburner 4.0.0 (HKLM-x32\...\Afterburner) (Version: 4.0.0 - MSI Co., LTD)
NetWorx 5.3.3 (HKLM\...\NetWorx_is1) (Version:  - Softperfect Research)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.9 - Notepad++ Team)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Papers, Please (HKLM-x32\...\GOGPACKPAPERSPLEASE_is1) (Version: 2.4.0.10 - GOG.com)
PAYDAY: The Heist (HKLM-x32\...\Steam App 24240) (Version:  - OVERKILL Software)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5875) (Version:  - )
PDF24 Creator 6.9.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
Pillars of Eternity (HKLM-x32\...\Steam App 291650) (Version:  - Obsidian Entertainment)
Populous: The Beginning (HKLM-x32\...\Populous: The Beginning) (Version:  - )
QuickPar 0.9 (HKLM-x32\...\QuickPar) (Version: 0.9 - Peter B. Clements)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.77.1126.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7213 - Realtek Semiconductor Corp.)
RocketDock 1.3.5 (HKLM-x32\...\RocketDock_is1) (Version:  - Punk Software)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.6 - Rockstar Games)
Samsung Easy Printer Manager (HKLM-x32\...\Samsung Easy Printer Manager) (Version: 1.02.06.10 - Samsung Electronics Co., Ltd.)
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version:  - Samsung Electronics Co., Ltd.)
Samsung Scan Assistant (HKLM-x32\...\Samsung Scan Assistant) (Version: 1.04.45.00 - Samsung Electronics Co., Ltd.)
Samsung SCX-3400 Series (HKLM-x32\...\Samsung SCX-3400 Series) (Version: 1.08 (07.05.2012) - Samsung Electronics Co., Ltd.)
ScummVM 1.7.0 (HKLM-x32\...\ScummVM_is1) (Version:  - The ScummVM Team)
Sherlock Holmes Crimes and Punishments (HKLM-x32\...\Sherlock Holmes Crimes and Punishments_is1) (Version: Sherlock Holmes Crimes and Punishments - )
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
TeamSpeak 3 Client (HKU\S-1-5-21-4180718120-1828569617-1736650471-1000\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
The Evil Within (HKLM-x32\...\VGhlRXZpbFdpdGhpbg==_is1) (Version: 1 - )
The Forest (HKLM-x32\...\Steam App 242760) (Version:  - Endnight Games Ltd)
Unity (HKLM-x32\...\Unity) (Version: 4.5.5f1 - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-4180718120-1828569617-1736650471-1000\...\UnityWebPlayer) (Version: 4.5.5f1 - Unity Technologies ApS)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Vegas Pro 13.0 (64-bit) (HKLM\...\{D2FD5391-6A9B-11E4-BBC6-F04DA23A5C58}) (Version: 13.0.428 - Sony)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Windows Driver Package - Broadcom Bluetooth  (05/27/2009 6.1.7100.0) (HKLM\...\B24074592222CFC1B8ABF520F9089E49FB1763D7) (Version: 05/27/2009 6.1.7100.0 - Broadcom)
Windows Driver Package - Broadcom Bluetooth  (09/11/2009 6.2.0.9407) (HKLM\...\3932CA781A7894D20116FDF60F878301800EA8AB) (Version: 09/11/2009 6.2.0.9407 - Broadcom)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16422 - Microsoft Corporation)
WinRAR 5.10 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
X Rebirth (HKLM-x32\...\Steam App 2870) (Version:  - Egosoft)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

26-04-2015 11:30:59 Installiert MOUSE Editor
26-04-2015 11:40:54 Konfiguriert MOUSE Editor
28-04-2015 19:00:54 Windows Update
01-05-2015 00:36:46 Nokia Connectivity Cable Driver wird entfernt
01-05-2015 00:37:01 PC Connectivity Solution wird entfernt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2015-05-01 16:52 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1CC7B6E4-B8F2-4C36-B589-0F394703D860} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {30749A7F-0D0B-4673-ADAC-D3C87D75AB24} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-29] (Google Inc.)
Task: {641A34AB-B9DA-4D07-B93B-9891EFAC0CB0} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {6A1D4910-5023-407C-9F8D-D4B6DDC40581} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\WSCStub.exe
Task: {9E03DB8E-C78F-43BF-8174-D0605283C26D} - System32\Tasks\Core Temp Autostart Fabian => D:\Programme\Core Temp\Core Temp.exe
Task: {A45C803D-E2EE-4606-A94E-FBE75524E986} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {ACB785B1-1BC5-46CF-9646-7F63AC615C0C} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe
Task: {C853C6D0-5785-4F5D-AE90-E7FA0F2CFBF8} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {DEC75990-8B6F-4E16-824B-19C4A250118E} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe
Task: {F42F4F34-0900-44EB-A1DF-C8FEF34AB76E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-29] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2010-07-15 06:44 - 2010-07-15 06:44 - 00020032 _____ () D:\Programme\Unlocker\UnlockerCOM.dll
2014-05-12 11:49 - 2014-05-12 11:49 - 00222720 _____ () D:\Programme\Notepad++\NppShell_06.dll
2014-05-14 11:02 - 2014-05-14 11:02 - 00034304 _____ () C:\Windows\System32\ssm1mlm.dll
2014-09-08 13:50 - 2014-04-16 10:22 - 00029184 _____ () C:\Windows\System32\usp01l.dll
2014-09-08 14:33 - 2014-04-16 10:22 - 00029184 _____ () C:\Windows\System32\uxs01l.dll
2014-08-29 16:40 - 2014-01-28 05:16 - 00936728 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
2014-11-09 19:58 - 2014-06-06 16:41 - 00718336 _____ () D:\Programme\NetWorx\sqlite.dll
2014-11-29 13:28 - 2013-08-06 05:34 - 02453504 ____N () C:\Program Files\ASUS Xonar U7 Audio\CPL\ASUSXonarU7_x64.exe
2014-09-03 13:29 - 2015-02-13 17:00 - 00103424 _____ () D:\Programme\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
2013-10-10 23:48 - 2013-10-10 23:48 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2014-08-29 16:40 - 2015-05-03 21:35 - 00028672 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\PEbiosinterface32.dll
2014-08-29 16:40 - 2014-01-28 05:16 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\ATKEX.dll
2014-03-06 15:00 - 2014-03-06 15:00 - 01269952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\kpcengine.2.3.dll
2014-09-03 13:23 - 2015-03-10 08:37 - 00775680 _____ () D:\Programme\Steam\SDL2.dll
2015-01-20 17:26 - 2014-12-02 02:29 - 05002752 _____ () D:\Programme\Steam\v8.dll
2015-01-20 17:26 - 2014-12-02 02:29 - 01612800 _____ () D:\Programme\Steam\icui18n.dll
2015-01-20 17:26 - 2014-12-02 02:29 - 01210368 _____ () D:\Programme\Steam\icuuc.dll
2014-09-03 13:23 - 2015-04-14 01:44 - 02371776 _____ () D:\Programme\Steam\video.dll
2014-09-03 13:23 - 2014-12-01 23:31 - 02396672 _____ () D:\Programme\Steam\libavcodec-56.dll
2014-09-03 13:23 - 2014-12-01 23:31 - 00442880 _____ () D:\Programme\Steam\libavutil-54.dll
2014-09-03 13:23 - 2014-12-01 23:31 - 00479744 _____ () D:\Programme\Steam\libavformat-56.dll
2014-09-03 13:23 - 2014-12-01 23:31 - 00332800 _____ () D:\Programme\Steam\libavresample-2.dll
2014-09-03 13:23 - 2014-12-01 23:31 - 00485888 _____ () D:\Programme\Steam\libswscale-3.dll
2014-09-03 13:25 - 2015-04-14 01:44 - 00702656 _____ () D:\Programme\Steam\bin\chromehtml.DLL
2015-05-03 21:35 - 2015-05-03 21:35 - 00155232 ___HT () C:\Users\Fabian\AppData\Local\Temp\~EB57.tmp
2014-09-03 13:25 - 2015-02-25 03:58 - 34641288 _____ () D:\Programme\Steam\bin\libcef.dll
2014-09-03 13:29 - 2015-04-01 19:31 - 00198144 _____ () D:\Programme\Steam\steamapps\common\Counter-Strike Global Offensive\bin\launcher.dll
2014-09-03 13:29 - 2015-02-05 14:18 - 00311296 _____ () D:\Programme\Steam\steamapps\common\Counter-Strike Global Offensive\bin\tier0.dll
2014-09-03 13:29 - 2015-02-05 14:18 - 00203776 _____ () D:\Programme\Steam\steamapps\common\Counter-Strike Global Offensive\bin\vstdlib.dll
2014-09-03 13:29 - 2015-02-27 13:57 - 00388608 _____ () D:\Programme\Steam\steamapps\common\Counter-Strike Global Offensive\bin\filesystem_stdio.dll
2014-09-03 13:29 - 2015-04-30 21:00 - 06643200 _____ () d:\programme\steam\steamapps\common\counter-strike global offensive\bin\engine.dll
2014-09-03 13:29 - 2015-04-01 19:31 - 00156160 _____ () d:\programme\steam\steamapps\common\counter-strike global offensive\bin\inputsystem.dll
2014-09-03 13:29 - 2015-02-27 13:57 - 01174016 _____ () d:\programme\steam\steamapps\common\counter-strike global offensive\bin\vphysics.dll
2014-09-03 13:29 - 2015-02-27 13:57 - 01240064 _____ () d:\programme\steam\steamapps\common\counter-strike global offensive\bin\materialsystem.dll
2014-09-03 13:29 - 2015-02-27 13:57 - 00351744 _____ () d:\programme\steam\steamapps\common\counter-strike global offensive\bin\datacache.dll
2014-09-03 13:29 - 2015-02-27 13:57 - 00607744 _____ () d:\programme\steam\steamapps\common\counter-strike global offensive\bin\studiorender.dll
2014-09-03 13:29 - 2015-02-27 13:57 - 00164864 _____ () d:\programme\steam\steamapps\common\counter-strike global offensive\bin\soundemittersystem.dll
2014-09-03 13:29 - 2015-02-27 13:57 - 00708096 _____ () d:\programme\steam\steamapps\common\counter-strike global offensive\bin\vscript.dll
2014-09-03 13:29 - 2015-02-27 13:57 - 00134656 _____ () d:\programme\steam\steamapps\common\counter-strike global offensive\bin\valve_avi.dll
2014-09-03 13:29 - 2015-04-29 18:49 - 01336320 _____ () d:\programme\steam\steamapps\common\counter-strike global offensive\bin\vguimatsurface.dll
2014-09-03 13:29 - 2015-04-01 19:31 - 00394752 _____ () d:\programme\steam\steamapps\common\counter-strike global offensive\bin\vgui2.dll
2014-09-03 13:29 - 2015-04-01 19:31 - 03188736 _____ () d:\programme\steam\steamapps\common\counter-strike global offensive\bin\scaleformui.dll
2014-09-03 13:29 - 2015-02-27 13:57 - 01761792 _____ () D:\Programme\Steam\steamapps\common\Counter-Strike Global Offensive\bin\shaderapidx9.dll
2014-09-03 13:29 - 2015-02-27 13:57 - 00143360 _____ () d:\programme\steam\steamapps\common\counter-strike global offensive\bin\localize.dll
2014-09-03 13:29 - 2015-02-27 13:57 - 00230912 _____ () d:\programme\steam\steamapps\common\counter-strike global offensive\bin\stdshader_dbg.dll
2014-09-03 13:29 - 2015-04-29 18:48 - 00996352 _____ () d:\programme\steam\steamapps\common\counter-strike global offensive\bin\stdshader_dx9.dll
2014-09-03 13:30 - 2015-04-01 19:31 - 00582144 _____ () d:\programme\steam\steamapps\common\counter-strike global offensive\csgo\bin\matchmaking.dll
2014-09-03 13:30 - 2015-04-29 18:49 - 12153344 _____ () d:\programme\steam\steamapps\common\counter-strike global offensive\csgo\bin\client.dll
2014-09-03 13:30 - 2015-04-29 18:49 - 09860096 _____ () d:\programme\steam\steamapps\common\counter-strike global offensive\csgo\bin\server.dll
2014-09-03 13:29 - 2015-02-27 13:57 - 00094208 _____ () D:\Programme\Steam\steamapps\common\Counter-Strike Global Offensive\bin\scenefilecache.dll
2014-09-03 13:29 - 2015-04-29 18:49 - 00084992 _____ () d:\programme\steam\steamapps\common\counter-strike global offensive\bin\vaudio_miles.dll
2014-09-03 13:29 - 2014-09-11 11:25 - 00071680 _____ () d:\programme\steam\steamapps\common\counter-strike global offensive\bin\mssmp3.asi
2014-09-03 13:29 - 2014-09-11 11:25 - 00012800 _____ () d:\programme\steam\steamapps\common\counter-strike global offensive\bin\mssds3d.flt
2014-09-03 13:29 - 2014-09-11 11:24 - 00055808 _____ () d:\programme\steam\steamapps\common\counter-strike global offensive\bin\msseax.flt
2014-09-03 13:29 - 2015-04-29 18:48 - 00972800 _____ () d:\programme\steam\steamapps\common\counter-strike global offensive\bin\serverbrowser.dll
2014-09-03 13:29 - 2015-04-29 18:49 - 00176128 _____ () d:\programme\steam\steamapps\common\counter-strike global offensive\bin\vaudio_speex.dll
2014-02-28 15:33 - 2014-02-28 15:33 - 00148480 _____ () D:\Programme\TS3\quazip.dll
2014-02-27 15:46 - 2014-02-27 15:46 - 00864768 _____ () D:\Programme\TS3\platforms\qwindows.dll
2014-02-27 15:45 - 2014-02-27 15:45 - 00677376 _____ () D:\Programme\TS3\sqldrivers\qsqlite.dll
2014-08-04 15:43 - 2014-08-04 15:43 - 00092104 _____ () D:\Programme\TS3\soundbackends\directsound_win32.dll
2014-08-04 15:43 - 2014-08-04 15:43 - 00105416 _____ () D:\Programme\TS3\soundbackends\windowsaudiosession_win32.dll
2014-02-27 15:46 - 2014-02-27 15:46 - 00025600 _____ () D:\Programme\TS3\imageformats\qgif.dll
2014-02-27 15:46 - 2014-02-27 15:46 - 00242688 _____ () D:\Programme\TS3\imageformats\qjpeg.dll
2014-08-04 15:45 - 2014-08-04 15:45 - 00477128 _____ () D:\Programme\TS3\plugins\clientquery_plugin.dll
2014-08-04 15:45 - 2014-08-04 15:45 - 00484808 _____ () D:\Programme\TS3\plugins\teamspeak_control_plugin.dll
2014-02-27 15:46 - 2014-02-27 15:46 - 00123904 _____ () D:\Programme\TS3\accessible\qtaccessiblewidgets.dll
2014-09-03 13:25 - 2015-02-25 03:58 - 01709960 _____ () D:\Programme\Steam\bin\ffmpegsumo.dll
2014-03-20 11:43 - 2014-03-20 11:43 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:DocumentSummaryInformation
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:SummaryInformation
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4180718120-1828569617-1736650471-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Start_.lnk => C:\Windows\pss\Start_.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Fabian^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Curse.lnk => C:\Windows\pss\Curse.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AthBtTray => "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
MSCONFIG\startupreg: AtherosBtStack => "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
MSCONFIG\startupreg: CDAServer => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
MSCONFIG\startupreg: Cisco AnyConnect Secure Mobility Agent for Windows => "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
MSCONFIG\startupreg: Cmaudio8788GX => C:\Windows\syswow64\HsMgr.exe Envoke
MSCONFIG\startupreg: Cmaudio8788GX64 => C:\Windows\system\HsMgr64.exe Envoke
MSCONFIG\startupreg: DAEMON Tools Lite => "D:\Programme\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: GrooveMonitor => "D:\Programme\Office 2007\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: OscarEditor => "C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe" Minimum
MSCONFIG\startupreg: PDFPrint => D:\Programme\PDF24\pdf24.exe

==================== FirewallRules (whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [{126D40EB-093A-4F6F-A8C2-D9BF725A58BA}] => (Allow) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
FirewallRules: [{2529D3CD-F41D-49AF-95D0-113481748674}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{0B7C5D07-3977-4A99-B81A-B956D3C60344}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{EE3645E1-6406-40EE-B3EE-CA93A2514ECB}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{4D51E2F0-EEF9-46D5-8DB4-D82F8AFDB5CE}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [TCP Query User{D9A4011C-69A4-4513-A613-DBC15B263A2E}D:\instal. spiele\company of heroes\reliccoh.exe] => (Allow) D:\instal. spiele\company of heroes\reliccoh.exe
FirewallRules: [UDP Query User{E225FC93-5B29-4428-8EF4-46003B1127F5}D:\instal. spiele\company of heroes\reliccoh.exe] => (Allow) D:\instal. spiele\company of heroes\reliccoh.exe
FirewallRules: [TCP Query User{0F5E3951-4237-4328-9525-2CEC670E7B0E}D:\instal. spiele\company of heroes\relicdownloader\relicdownloader.exe] => (Allow) D:\instal. spiele\company of heroes\relicdownloader\relicdownloader.exe
FirewallRules: [UDP Query User{6817F138-57E7-42EB-9A5B-BA36A712C15D}D:\instal. spiele\company of heroes\relicdownloader\relicdownloader.exe] => (Allow) D:\instal. spiele\company of heroes\relicdownloader\relicdownloader.exe
FirewallRules: [{87DF7FF7-301E-4A3C-AA73-B2247B1E048B}] => (Allow) D:\Programme\Steam\Steam.exe
FirewallRules: [{E556CEB1-EA14-43CF-A032-C8182BD3F21C}] => (Allow) D:\Programme\Steam\Steam.exe
FirewallRules: [{B47D555F-6254-424D-A26B-15A85DA93056}] => (Allow) D:\Programme\Steam\bin\steamwebhelper.exe
FirewallRules: [{D0069B9D-0DB7-41DD-83DD-1F47DD50DBE3}] => (Allow) D:\Programme\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{3C3B5B9D-4CBC-43E0-8257-729D6A613173}D:\programme\steam\steamapps\common\counter-strike global offensive\csgo.exe] => (Allow) D:\programme\steam\steamapps\common\counter-strike global offensive\csgo.exe
FirewallRules: [UDP Query User{EAA51FAC-74AC-4848-80BB-B06A5CD17527}D:\programme\steam\steamapps\common\counter-strike global offensive\csgo.exe] => (Allow) D:\programme\steam\steamapps\common\counter-strike global offensive\csgo.exe
FirewallRules: [{F79B3BE5-D434-42DA-B8E5-76C7608EF3AF}] => (Allow) D:\Instal. Spiele\Watch Dogs\bin\Watch_Dogs.exe
FirewallRules: [{BA97195F-F9F0-46E4-AA3A-6CF0A557344C}] => (Allow) D:\Instal. Spiele\Watch Dogs\bin\Watch_Dogs.exe
FirewallRules: [{7508F9D1-C962-458B-B6DB-591E0151BDF8}] => (Allow) D:\Programme\Steam\SteamApps\common\Nether\Launcher\Launcher.exe
FirewallRules: [{5236B19A-AA93-4263-9650-CB8E94CB31C5}] => (Allow) D:\Programme\Steam\SteamApps\common\Nether\Launcher\Launcher.exe
FirewallRules: [{49222A01-5AA6-4F0C-8855-584A3C4001A1}] => (Allow) D:\Programme\Winamp\winamp.exe
FirewallRules: [{726A8C4A-7240-4038-8010-B0FC0951D6FF}] => (Allow) D:\Programme\Winamp\winamp.exe
FirewallRules: [{42A91BB3-5423-485C-803A-7E3A65A159EF}] => (Allow) D:\Programme\Steam\SteamApps\common\Awesomenauts\AwesomenautsLauncher.exe
FirewallRules: [{9A2997EC-50D6-4312-9313-663BE5965CFA}] => (Allow) D:\Programme\Steam\SteamApps\common\Awesomenauts\AwesomenautsLauncher.exe
FirewallRules: [{552E830D-8CEA-4470-978C-E5CCB59F92CE}] => (Allow) D:\Programme\Steam\SteamApps\common\Natural Selection 2\NS2.exe
FirewallRules: [{B673C59D-25B2-4AE2-87AB-E69C18D2E90C}] => (Allow) D:\Programme\Steam\SteamApps\common\Natural Selection 2\NS2.exe
FirewallRules: [{6A153673-61FE-48CC-9DBA-93AFB656349D}] => (Allow) D:\Programme\Steam\SteamApps\common\FORCED\FORCED.exe
FirewallRules: [{2AD0C9CB-4C15-49EA-AEA1-32C3A9FF1040}] => (Allow) D:\Programme\Steam\SteamApps\common\FORCED\FORCED.exe
FirewallRules: [{A403BEE0-D629-4830-8765-ADFEBCAC0529}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\uninstall.exe
FirewallRules: [{FEE142F7-ECB2-4E41-91A0-0776E53A561E}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\uninstall.exe
FirewallRules: [TCP Query User{3709C2E8-C77F-4AF7-AA52-0CD9A82D1DE9}C:\program files\common files\common desktop agent\cdasrv.exe] => (Block) C:\program files\common files\common desktop agent\cdasrv.exe
FirewallRules: [UDP Query User{90720818-0300-46DF-9059-96DCBCCA17D0}C:\program files\common files\common desktop agent\cdasrv.exe] => (Block) C:\program files\common files\common desktop agent\cdasrv.exe
FirewallRules: [{DCE886AC-15D2-42CD-91CD-BAACE7A4D684}] => (Allow) C:\Windows\twain_32\Samsung\SCX3400\SCNSearch\USDAgent.exe
FirewallRules: [{7BE85624-6805-4CA3-92D7-F77563090083}] => (Allow) C:\Windows\twain_32\Samsung\SCX3400\SCNSearch\USDAgent.exe
FirewallRules: [{5967A61C-55AC-4C9F-B142-BCDC47FB9659}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{88694833-8B21-48C0-BFAB-5A0461441D29}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{DE29A90E-37F2-4D9A-A9D2-7C11A242AAB8}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDS.Application.exe
FirewallRules: [{2B216492-2EC3-4FAD-8CAD-B85549C810CE}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDS.Application.exe
FirewallRules: [{5246EFC9-61BC-4A2E-AF66-39D59CCA00D8}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe
FirewallRules: [{DF0D10A8-0A52-4E3D-B26C-F58FB5FE391F}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe
FirewallRules: [{373FBC04-DD47-4762-B64B-48E7D6527F8A}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDSAlert.exe
FirewallRules: [{5DE1D456-EA29-41BD-8668-BCE9BA691490}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDSAlert.exe
FirewallRules: [{244FAA94-CA66-4C50-95C7-7180359139CF}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe
FirewallRules: [{F8C9262B-C46C-4222-B656-7DA0561E25FE}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe
FirewallRules: [{80EE845A-A4D6-4422-935C-827CBD9EAC38}] => (Allow) C:\Program Files (x86)\Scan Assistant\USDAgent.exe
FirewallRules: [{C0F4BBA1-D209-4A04-A527-3E0DFAF9BC52}] => (Allow) C:\Program Files (x86)\Scan Assistant\USDAgent.exe
FirewallRules: [{F118C9E4-6BB3-401B-93DF-03D991C631F9}] => (Allow) D:\Programme\Steam\SteamApps\common\ContagionBeta\contagion.exe
FirewallRules: [{0F9270A3-AE56-4160-9EB9-C70B1512D6D4}] => (Allow) D:\Programme\Steam\SteamApps\common\ContagionBeta\contagion.exe
FirewallRules: [{671C4D69-B1D9-401D-8EED-4FCA64B4DADD}] => (Allow) D:\Programme\Steam\SteamApps\common\Red Orchestra 2\Binaries\Win32\ROGame.exe
FirewallRules: [{64E7487E-14C9-4159-B704-7AD4B9C76814}] => (Allow) D:\Programme\Steam\SteamApps\common\Red Orchestra 2\Binaries\Win32\ROGame.exe
FirewallRules: [{8A9414B8-D0E7-40AF-AE45-C65EAFB481E5}] => (Allow) D:\Programme\Steam\SteamApps\common\CSNZ\Bin\cstrike-online.exe
FirewallRules: [{6B8B6885-CACC-4069-9654-A064B9198B8D}] => (Allow) D:\Programme\Steam\SteamApps\common\CSNZ\Bin\cstrike-online.exe
FirewallRules: [{A060FDDE-1AD6-4DCA-9B9C-97AD7E9C1C0A}] => (Allow) D:\Programme\Office 2007\Office12\outlook.exe
FirewallRules: [{FC8CB7A8-38F9-4282-BEFD-614CC84F41EA}] => (Allow) D:\Programme\Office 2007\Office12\GROOVE.EXE
FirewallRules: [{26F7DDED-BB7A-47EE-854F-A627DC9AFBD3}] => (Allow) D:\Programme\Office 2007\Office12\GROOVE.EXE
FirewallRules: [{E1CCC8C2-4D6D-4C94-B2BB-0F5225C41F9C}] => (Allow) D:\Programme\Office 2007\Office12\ONENOTE.EXE
FirewallRules: [{9A78EF37-9F18-4C45-9775-083C1B3E8CAA}] => (Allow) D:\Programme\Office 2007\Office12\ONENOTE.EXE
FirewallRules: [{8C9D250F-19E1-43BE-89A5-9312FFADE03A}] => (Allow) D:\Programme\Steam\SteamApps\common\rust\experimental\Rust.exe
FirewallRules: [{C7B535BB-47A7-4D9B-A7BD-895519557528}] => (Allow) D:\Programme\Steam\SteamApps\common\rust\experimental\Rust.exe
FirewallRules: [{F2BCE979-66F4-46C2-A290-D0AA6E3294E3}] => (Allow) D:\Programme\Steam\SteamApps\common\rust\Rust.exe
FirewallRules: [{F7C962E8-EB33-4901-80A5-C4B90052F19D}] => (Allow) D:\Programme\Steam\SteamApps\common\rust\Rust.exe
FirewallRules: [{B3191724-3A71-48AB-9C41-2F012847E11F}] => (Allow) D:\Programme\Steam\SteamApps\common\Might & Magic - Duel of Champions\Game.exe
FirewallRules: [{C67C27E0-6716-482F-8134-7197413010F8}] => (Allow) D:\Programme\Steam\SteamApps\common\Might & Magic - Duel of Champions\Game.exe
FirewallRules: [{9B79CED7-04EC-4676-8AD3-A124376CF7D9}] => (Allow) D:\Programme\Steam\SteamApps\common\PAYDAY The Heist\payday_win32_release.exe
FirewallRules: [{7812799B-92A5-4643-BEFC-BD2AD83B91E9}] => (Allow) D:\Programme\Steam\SteamApps\common\PAYDAY The Heist\payday_win32_release.exe
FirewallRules: [{9DD4DFAB-BB25-4538-AF46-66326020A159}] => (Allow) C:\Users\Fabian\AppData\Local\Temp\7zSEFEA.tmp\SymNRT.exe
FirewallRules: [{715E8734-F975-4E9F-B07D-F630A61F53A8}] => (Allow) C:\Users\Fabian\AppData\Local\Temp\7zSEFEA.tmp\SymNRT.exe
FirewallRules: [TCP Query User{9F0E65F7-0E41-4D9B-A3B5-6BD823F97A7F}D:\programme\jdownloader v2.0\jdownloader2.exe] => (Allow) D:\programme\jdownloader v2.0\jdownloader2.exe
FirewallRules: [UDP Query User{89E0C11E-1BAB-4B4F-8587-532B77D36E8F}D:\programme\jdownloader v2.0\jdownloader2.exe] => (Allow) D:\programme\jdownloader v2.0\jdownloader2.exe
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{518F0AF6-6188-432E-A3B6-DA6EB8E9BCE1}] => (Allow) D:\Instal. Spiele\Schlacht um Mittelerde II\game.dat
FirewallRules: [{59DC0C54-72FB-44D1-B166-1F135BD4C2A1}] => (Allow) D:\Instal. Spiele\Schlacht um Mittelerde II\game.dat
FirewallRules: [{A3EC5A87-E40E-4D87-BEF8-F1040783FF90}] => (Allow) D:\Instal. Spiele\Schlacht um Mittelerde II\EP1\game.dat
FirewallRules: [{7C096FCA-5EEE-4AB2-A3DE-1ACD258ABD98}] => (Allow) D:\Instal. Spiele\Schlacht um Mittelerde II\EP1\game.dat
FirewallRules: [{8B9C04AE-9637-4440-AB8B-D89AC078151A}] => (Allow) D:\Programme\Steam\SteamApps\common\Evolve\Bin64_SteamRetail\StaticLauncher64.exe
FirewallRules: [{A8DD9AD1-C56E-49D6-9017-45AFDBCF406B}] => (Allow) D:\Programme\Steam\SteamApps\common\Evolve\Bin64_SteamRetail\StaticLauncher64.exe
FirewallRules: [{86E7242A-9D96-4298-8670-9D1AE288D21E}] => (Allow) D:\Programme\NetWorx\networx.exe
FirewallRules: [{9202B144-E700-4247-978D-B791CC390E01}] => (Allow) D:\Programme\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{366F1AB6-0B34-476D-B345-78FE63A58B02}] => (Allow) D:\Programme\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{E94474CA-3AB9-440C-8052-3A9E393A9ACA}] => (Allow) D:\Instal. Spiele\StarCraft II\Versions\Base10095\SC2.exe
FirewallRules: [{B74A7CB4-A035-400A-AA17-4ACC4C415055}] => (Allow) D:\Instal. Spiele\StarCraft II\Versions\Base10095\SC2.exe
FirewallRules: [{BFE65768-4859-401A-8C3C-B742C1B3DE64}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{130E8B5A-01D6-4515-9487-3F5BF1DEA8D6}] => (Allow) D:\Instal. Spiele\Battle.net\Battle.net.exe
FirewallRules: [{8C8B2ED7-2235-4370-B257-08602D28BEE9}] => (Allow) D:\Instal. Spiele\Battle.net\Battle.net.exe
FirewallRules: [{4E22747B-8003-47C3-AE83-59BEB2E02528}] => (Allow) D:\Instal. Spiele\StarCraft II\StarCraft II.exe
FirewallRules: [{A9CE2AF1-9336-4E93-A13E-7D320173C1C4}] => (Allow) D:\Instal. Spiele\StarCraft II\StarCraft II.exe
FirewallRules: [{B40B2C0F-B623-457E-85CA-3CB224D8E4D6}] => (Allow) D:\Instal. Spiele\StarCraft II\Versions\Base32283\SC2.exe
FirewallRules: [{A45D6EFC-8B2F-4C60-A2D6-51DEF5D1D3A9}] => (Allow) D:\Instal. Spiele\StarCraft II\Versions\Base32283\SC2.exe
FirewallRules: [{E99B6593-EE81-41E8-B87C-713BBAD64292}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{B67220F5-C708-40E8-9D75-33D20403B864}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{12680B01-D11B-4A68-9D13-FA78758AF63A}] => (Allow) D:\Programme\Steam\SteamApps\common\The Forest\TheForest.exe
FirewallRules: [{1EF3F487-5341-4462-9811-23766BAA51A3}] => (Allow) D:\Programme\Steam\SteamApps\common\The Forest\TheForest.exe
FirewallRules: [{BBF55456-571D-495F-9BC8-207970306E69}] => (Allow) D:\Programme\Steam\SteamApps\common\Alien Swarm\swarm.exe
FirewallRules: [{D7482FA6-909F-4951-B2CC-28462B4540CA}] => (Allow) D:\Programme\Steam\SteamApps\common\Alien Swarm\swarm.exe
FirewallRules: [{E3A08889-BB13-41BF-A363-9CDD9756B556}] => (Allow) D:\Programme\Steam\SteamApps\common\EvolveBeta\Bin64_SteamRetail\StaticLauncher64.exe
FirewallRules: [{D0358B0C-009F-4715-9A5D-F5A88BF835F7}] => (Allow) D:\Programme\Steam\SteamApps\common\EvolveBeta\Bin64_SteamRetail\StaticLauncher64.exe
FirewallRules: [{31959812-D8CA-474F-AABD-B9B4D2CE5067}] => (Allow) D:\Programme\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{C24B061F-2ED5-4DA4-9455-FDCFB62DBF00}] => (Allow) D:\Programme\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{48C999B4-6D09-4C05-802A-AD7E437C7482}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{720408E5-C167-4234-9EB9-8A8286890FEC}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{3E7735FD-2EE9-4DD5-B577-D2A5B0213B7E}] => (Allow) D:\Programme\Steam\SteamApps\common\ContagionBeta\contagionds.exe
FirewallRules: [{3053D015-3A04-4D33-9D44-B7E55C794C78}] => (Allow) D:\Programme\Steam\SteamApps\common\ContagionBeta\contagionds.exe
FirewallRules: [{C00D6229-9639-4FA8-A3D9-4DDC8183FD0B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
FirewallRules: [{4C0604C6-E5B4-4803-8384-4E1F50218729}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
FirewallRules: [{33D196DF-107A-41B7-B77C-39552F8E5AE5}] => (Allow) D:\Instal. Spiele\Diablo III\Diablo III.exe
FirewallRules: [{8D732DFE-BD07-4415-9D9B-144989B4B97B}] => (Allow) D:\Instal. Spiele\Diablo III\Diablo III.exe
FirewallRules: [{67F2933E-A2BD-483E-8F5A-67A7D741C54B}] => (Allow) D:\Programme\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{1FEC85A9-DC2B-4080-A936-4A8B57DC22CB}] => (Allow) D:\Programme\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{0270711D-561F-4614-B6C5-1E88FB17D949}] => (Allow) D:\Programme\Steam\SteamApps\common\X Rebirth\XRebirth.exe
FirewallRules: [{33887468-BCEB-4D24-9926-3BD3FDB05F07}] => (Allow) D:\Programme\Steam\SteamApps\common\X Rebirth\XRebirth.exe
FirewallRules: [{D3A72FA3-95D1-430F-91EE-F253CCB51943}] => (Allow) D:\Programme\Steam\SteamApps\common\Pillars of Eternity\PillarsOfEternity.exe
FirewallRules: [{FD32633C-D137-4379-8BEC-20D0D60561A6}] => (Allow) D:\Programme\Steam\SteamApps\common\Pillars of Eternity\PillarsOfEternity.exe
FirewallRules: [{09D87D66-847E-4182-855A-9770C20D89AB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{A6502C8B-DA1D-48F4-8476-38D13E9C6C87}] => (Allow) D:\Programme\Steam\SteamApps\common\rust\legacy\rust.exe
FirewallRules: [{7459385C-4198-4449-85C8-FC0FCC6F39C9}] => (Allow) D:\Programme\Steam\SteamApps\common\rust\legacy\rust.exe

==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/03/2015 09:41:16 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm FRST64.exe, Version 29.4.2015.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1520

Startzeit: 01d085d8fe8208f1

Endzeit: 2

Anwendungspfad: C:\Users\Fabian\Desktop\FRST64.exe

Berichts-ID:

Error: (05/03/2015 09:40:18 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm FRST64.exe, Version 29.4.2015.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 14f8

Startzeit: 01d085d8cb92f585

Endzeit: 1

Anwendungspfad: C:\Users\Fabian\Desktop\FRST64.exe

Berichts-ID:

Error: (05/03/2015 09:38:48 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm FRST64.exe, Version 29.4.2015.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 16a0

Startzeit: 01d085d853c098e0

Endzeit: 2

Anwendungspfad: C:\Users\Fabian\Desktop\FRST64.exe

Berichts-ID:

Error: (05/03/2015 08:36:37 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (05/03/2015 03:33:18 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (05/03/2015 01:37:02 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (05/03/2015 01:36:51 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (04/30/2015 06:55:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm FRST64.exe, Version 29.4.2015.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 61c

Startzeit: 01d0836584835a7a

Endzeit: 2

Anwendungspfad: C:\Users\Fabian\Desktop\FRST64.exe

Berichts-ID:

Error: (04/30/2015 06:48:40 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm FRST64.exe, Version 29.4.2015.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1510

Startzeit: 01d08364cb620c56

Endzeit: 2

Anwendungspfad: C:\Users\Fabian\Desktop\FRST64.exe

Berichts-ID:

Error: (04/29/2015 10:13:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Softlic.exe, Version: 0.0.0.0, Zeitstempel: 0x549cb8f8
Name des fehlerhaften Moduls: Softlic.exe, Version: 0.0.0.0, Zeitstempel: 0x549cb8f8
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000e39e
ID des fehlerhaften Prozesses: 0xa3c
Startzeit der fehlerhaften Anwendung: 0xSoftlic.exe0
Pfad der fehlerhaften Anwendung: Softlic.exe1
Pfad des fehlerhaften Moduls: Softlic.exe2
Berichtskennung: Softlic.exe3


System errors:
=============
Error: (05/03/2015 09:35:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (05/03/2015 00:17:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (05/03/2015 02:33:07 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (05/03/2015 02:33:05 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎03.‎05.‎2015 um 02:31:10 unerwartet heruntergefahren.

Error: (05/02/2015 09:30:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (05/02/2015 05:09:23 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "LogMeIn Hamachi Tunneling Engine" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/02/2015 05:09:23 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Skype Updater" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/02/2015 05:09:23 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "AtherosSvc" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/02/2015 05:09:22 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "ASUS Com Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/02/2015 05:09:22 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "ACP User Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2015-05-01 16:52:36.005
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-05-01 16:52:35.976
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-05-01 16:52:35.947
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-05-01 16:52:35.918
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-04-23 18:44:20.394
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-04-23 18:44:20.367
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-10-24 15:45:49.845
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Users\Fabian\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-10-24 15:45:49.829
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Users\Fabian\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-10-24 15:45:49.767
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Programme\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-10-24 15:45:49.751
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Programme\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Processor: Intel(R) Xeon(R) CPU E3-1231 v3 @ 3.40GHz
Percentage of memory in use: 40%
Total physical RAM: 8135.25 MB
Available physical RAM: 4817.43 MB
Total Pagefile: 16268.69 MB
Available Pagefile: 12560.82 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.79 GB) (Free:48.33 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Volume) (Fixed) (Total:1863.01 GB) (Free:1315.94 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: F65BA038)
Partition 1: (Active) - (Size=111.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 7E5196A3)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

Alt 04.05.2015, 11:49   #13
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7: PC verhält sich komisch update.exe - Standard

Windows 7: PC verhält sich komisch update.exe



Dann schauen wir mal von Aussen:

Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8)
Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)
  • Downloade dir bitte die passende Version des Tools (im Zweifel beide) und speichere diese auf einen USB Stick: FRST Download FRST 32-Bit | FRST 64-Bit
  • Schließe den USB Stick an das infizierte System an und boote das System in die System Reparatur Option.
  • Scanne jetzt nach der bebilderten Anleitung oder verwende die folgende Kurzanleitung:
Über den Boot Manager:
  • Starte den Rechner neu.
  • Während dem Hochfahren drücke mehrmals die F8 Taste
  • Wähle nun Computer reparieren.
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".
Mit Windows CD/DVD (auch bei Windows 8 möglich):
  • Lege die Windows CD in dein Laufwerk.
  • Starte den Rechner neu und starte von der CD.
  • Wähle die Spracheinstellungen und klicke "Weiter".
  • Klicke auf Computerreparaturoptionen !
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".
Wähle in den Reparaturoptionen: Eingabeaufforderung
  • Gib nun bitte notepad ein und drücke Enter.
  • Im öffnenden Textdokument: Datei > Speichern unter... und wähle Computer.
    Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt, merke ihn dir.
  • Schließe Notepad wieder
  • Gib nun bitte folgenden Befehl ein.
    e:\frst.exe bzw. e:\frst64.exe
    Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks, den du dir gemerkt hast. Gegebenfalls anpassen.
  • Akzeptiere den Disclaimer mit Ja und klicke Untersuchen
Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier nach Möglichkeit in Code-Tags (Anleitung).

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 04.05.2015, 18:19   #14
Seppiro
 
Windows 7: PC verhält sich komisch update.exe - Standard

Windows 7: PC verhält sich komisch update.exe



hier der FRST log


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-05-2015
Ran by SYSTEM on MININT-PU5E1KE on 04-05-2015 19:16:20
Running from f:\
Platform: Windows 7 Professional (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7569112 2014-03-31] (Realtek Semiconductor)
HKLM\...\Run: [Cmaudio8788] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [NetWorx] => D:\Programme\NetWorx\networx.exe [6589136 2014-09-30] (SoftPerfect Research)
HKLM\...\Run: [GamecomSound] => C:\Program Files\ASUS Xonar U7 Audio\CPL\ASUSXonarU7_x64.exe [2453504 2013-08-06] ()
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-02-21] (Intel Corporation)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [508656 2012-08-31] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => D:\Programme\Hamachi\hamachi-2-ui.exe [3978600 2015-03-30] (LogMeIn Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKU\Fabian\...\Run: [Steam] => D:\Programme\Steam\steam.exe [2889408 2015-04-14] (Valve Corporation)

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 amdacpusrsvc; C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [116224 2014-11-20] (Advanced Micro Devices)
S2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936728 2014-01-28] ()
S2 AVP15.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [175136 2014-09-09] (EasyAntiCheat Ltd)
S2 Hamachi2Svc; D:\Programme\Hamachi\hamachi-2.exe [2490216 2015-03-30] (LogMeIn Inc.)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel(R) Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-03-20] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 Microsoft Office Groove Audit Service; D:\Programme\Office 2007\Office12\GrooveAuditService.exe [64856 2009-02-26] (Microsoft Corporation)
S2 Software licensing; C:\Windows\SysWOW64\Softlic.exe [1622528 2015-03-30] ()
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 amdacpksd; C:\Windows\system32\drivers\amdacpksd.sys [294600 2014-11-21] (Advanced Micro Devices)
S1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2014-01-28] ()
S3 ASUSU7; C:\Windows\System32\DRIVERS\ASUSU7.SYS [406016 2013-08-01] (C-Media Inc.)
S0 BtHidBus; C:\Windows\System32\Drivers\BtHidBus.sys [25056 2011-12-21] (IVT Corporation.)
S3 cmudaxp; C:\Windows\System32\drivers\cmudaxp.sys [2727936 2011-12-20] (C-Media Inc)
S1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-08-29] (Disc Soft Ltd)
S3 IvtAudioBusSrv; C:\Windows\System32\Drivers\IvtBtBus.sys [27256 2012-12-24] (IVT Corporation.)
S3 IvtPanBusSrv; C:\Windows\System32\Drivers\btnetBus.sys [31480 2012-12-24] (IVT Corporation.)
S0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [457824 2014-02-20] (Kaspersky Lab ZAO)
S3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [141320 2014-10-24] (Kaspersky Lab ZAO)
S1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [243808 2014-04-10] (Kaspersky Lab ZAO)
S1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [793800 2014-10-24] (Kaspersky Lab ZAO)
S1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
S3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
S3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
S1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
S1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2014-03-25] (Kaspersky Lab ZAO)
S1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179296 2014-03-26] (Kaspersky Lab ZAO)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
S3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [118272 2014-03-20] (Intel Corporation)
S1 networx; C:\Windows\System32\drivers\networx.sys [60408 2014-08-01] (NetFilterSDK.com)
S3 RTCore64; D:\Programme\MSI Afterburner\RTCore64.sys [13368 2013-03-11] ()
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52080 2013-10-10] (Cisco Systems, Inc.)
S3 BT; system32\DRIVERS\btnetdrv.sys [X]
S3 BTCOM; system32\DRIVERS\btcomport.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [X]
S3 IvtComBusSrv; System32\Drivers\btcombus.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X]
S3 pmem; \??\C:\Users\Fabian\AppData\Local\Temp\_MEI41682\drivers\winpmem64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-04 18:08 - 2015-05-04 18:09 - 00000000 ____D () C:\Users\Fabian\Desktop\Sandra Backup
2015-05-03 20:35 - 2015-04-28 14:37 - 01584640 _____ () C:\Windows\SysWOW64\update_.exe
2015-05-03 12:42 - 2015-05-03 12:42 - 00852616 _____ () C:\Users\Fabian\Desktop\SecurityCheck.exe
2015-05-03 12:37 - 2015-05-03 12:37 - 02347384 _____ (ESET) C:\Users\Fabian\Desktop\esetsmartinstaller_deu (1).exe
2015-05-03 12:37 - 2015-05-03 12:37 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-05-03 12:36 - 2015-05-03 12:36 - 02347384 _____ (ESET) C:\Users\Fabian\Desktop\esetsmartinstaller_deu.exe
2015-05-02 16:10 - 2015-05-02 16:10 - 00000903 _____ () C:\Users\Fabian\Desktop\JRT.txt
2015-05-02 16:09 - 2015-05-02 16:09 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-FABIAN-PC-Windows-7-Professional-(64-bit).dat
2015-05-02 16:09 - 2015-05-02 16:09 - 00000000 ____D () C:\RegBackup
2015-05-02 16:08 - 2015-05-02 16:08 - 00002548 _____ () C:\Users\Fabian\Desktop\AdwCleaner[S2].txt
2015-05-02 16:05 - 2015-05-02 16:07 - 00000000 ____D () C:\AdwCleaner
2015-05-02 16:05 - 2015-05-02 16:05 - 02224640 _____ () C:\Users\Fabian\Desktop\AdwCleaner_4.203.exe
2015-05-02 16:04 - 2015-05-02 16:04 - 00001211 _____ () C:\Users\Fabian\Desktop\mbam.txt
2015-05-02 15:58 - 2015-05-02 15:58 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-05-02 15:57 - 2015-05-02 15:57 - 02716306 _____ (Thisisu) C:\Users\Fabian\Desktop\JRT.exe
2015-05-02 15:56 - 2015-05-02 15:57 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Fabian\Desktop\mbam-setup-2.1.6.1022.exe
2015-05-01 22:10 - 2015-05-04 17:52 - 01539150 _____ () C:\Windows\SysWOW64\Update.exe
2015-05-01 22:10 - 2015-04-29 16:59 - 01026772 _____ () C:\Windows\SysWOW64\update64.exe
2015-05-01 22:10 - 2015-04-23 03:10 - 00198467 _____ () C:\Windows\SysWOW64\Run.exe
2015-05-01 15:53 - 2015-05-01 15:53 - 00022156 _____ () C:\ComboFix.txt
2015-05-01 15:48 - 2015-05-01 15:48 - 05619691 ____R (Swearware) C:\Users\Fabian\Desktop\ComboFix.exe
2015-05-01 12:59 - 2015-05-01 12:59 - 00288904 _____ () C:\Windows\Minidump\050115-7768-01.dmp
2015-04-30 17:43 - 2015-05-03 20:41 - 00062820 _____ () C:\Users\Fabian\Desktop\Addition.txt
2015-04-29 21:20 - 2015-04-29 21:20 - 00052422 _____ () C:\Users\Fabian\Desktop\gmer.txt
2015-04-29 20:59 - 2015-05-04 19:16 - 00000000 ____D () C:\FRST
2015-04-29 20:59 - 2015-05-03 20:41 - 00060314 _____ () C:\Users\Fabian\Desktop\FRST.txt
2015-04-29 20:59 - 2015-04-29 20:59 - 00380416 _____ () C:\Users\Fabian\Desktop\Gmer-19357.exe
2015-04-29 20:57 - 2015-04-29 20:57 - 00000474 _____ () C:\Users\Fabian\Desktop\defogger_disable.log
2015-04-29 20:57 - 2015-04-29 20:56 - 00050477 _____ () C:\Users\Fabian\Desktop\Defogger.exe
2015-04-29 20:56 - 2015-04-29 20:56 - 00000000 _____ () C:\Users\Fabian\defogger_reenable
2015-04-28 18:52 - 2015-04-28 18:52 - 00293032 _____ () C:\Windows\Minidump\042815-6739-01.dmp
2015-04-25 10:13 - 2015-04-25 10:13 - 00002566 _____ () C:\Users\Fabian\Documents\01541sd111s11sSH4AR4E!!!!1515151.pfx
2015-04-23 17:40 - 2015-05-01 15:53 - 00000000 ____D () C:\Qoobox
2015-04-23 17:40 - 2015-04-23 17:45 - 00000000 ____D () C:\Windows\erdnt
2015-04-23 17:40 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-04-23 17:40 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-04-23 17:40 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-04-23 17:40 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-04-23 17:40 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-04-23 17:40 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-04-23 17:40 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-04-23 17:40 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-04-23 17:20 - 2015-05-03 15:00 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2015-04-23 17:19 - 2015-05-02 15:58 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-04-23 17:19 - 2015-04-23 17:19 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-23 17:19 - 2015-04-14 08:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2015-04-23 17:19 - 2015-04-14 08:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mwac.sys
2015-04-23 17:19 - 2015-04-14 08:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2015-04-23 17:12 - 2015-04-23 17:12 - 00262144 _____ () C:\Windows\System32\config\elam
2015-04-23 17:05 - 2015-05-04 17:52 - 00000012 _____ () C:\Windows\SysWOW64\listm.txt
2015-04-19 13:16 - 2015-04-19 13:16 - 00000000 ____D () C:\Users\Fabian\AppData\Local\PDF24
2015-04-16 18:39 - 2015-04-16 18:39 - 00000080 _____ () C:\Users\Fabian\AppData\Local剜捯獫慴⁲慇敭屳呇⁁屖湥楴汴浥湥⹴湩潦
2015-04-16 18:37 - 2015-04-16 18:37 - 00000000 ____D () C:\Program Files (x86)\Rockstar Games
2015-04-16 18:36 - 2015-04-16 18:36 - 00000000 ____D () C:\Program Files\Rockstar Games
2015-04-16 18:18 - 2015-04-16 18:18 - 00000000 ____D () C:\Users\Fabian\AppData\Local\Rockstar Games
2015-04-16 18:16 - 2015-04-16 18:39 - 00000000 ____D () C:\Users\Fabian\Documents\Rockstar Games
2015-04-15 17:54 - 2015-04-02 01:17 - 00389808 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2015-04-15 17:54 - 2015-04-02 00:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-04-15 17:54 - 2015-03-25 04:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2015-04-15 17:54 - 2015-03-25 04:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2015-04-15 17:54 - 2015-03-25 04:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2015-04-15 17:54 - 2015-03-25 04:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2015-04-15 17:54 - 2015-03-25 04:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2015-04-15 17:54 - 2015-03-25 04:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\System32\WinSetupUI.dll
2015-04-15 17:54 - 2015-03-25 04:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\System32\wups2.dll
2015-04-15 17:54 - 2015-03-25 04:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\System32\wups.dll
2015-04-15 17:54 - 2015-03-25 04:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2015-04-15 17:54 - 2015-03-25 04:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2015-04-15 17:54 - 2015-03-25 04:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\System32\wu.upgrade.ps.dll
2015-04-15 17:54 - 2015-03-25 04:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-15 17:54 - 2015-03-25 04:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-15 17:54 - 2015-03-25 04:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-15 17:54 - 2015-03-25 04:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-15 17:54 - 2015-03-25 04:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-15 17:54 - 2015-03-23 04:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\System32\invagent.dll
2015-04-15 17:54 - 2015-03-23 04:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\System32\generaltel.dll
2015-04-15 17:54 - 2015-03-23 04:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\System32\appraiser.dll
2015-04-15 17:54 - 2015-03-23 04:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\System32\devinv.dll
2015-04-15 17:54 - 2015-03-23 04:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\System32\aepdu.dll
2015-04-15 17:54 - 2015-03-23 04:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\System32\aepic.dll
2015-04-15 17:54 - 2015-03-23 04:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\System32\acmigration.dll
2015-04-15 17:54 - 2015-03-23 04:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll
2015-04-15 17:54 - 2015-03-17 06:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2015-04-15 17:54 - 2015-03-17 06:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2015-04-15 17:54 - 2015-03-17 06:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2015-04-15 17:54 - 2015-03-17 06:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2015-04-15 17:54 - 2015-03-17 06:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2015-04-15 17:54 - 2015-03-17 06:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll
2015-04-15 17:54 - 2015-03-17 06:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2015-04-15 17:54 - 2015-03-17 06:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2015-04-15 17:54 - 2015-03-17 06:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2015-04-15 17:54 - 2015-03-17 06:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2015-04-15 17:54 - 2015-03-17 06:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\System32\srcore.dll
2015-04-15 17:54 - 2015-03-17 06:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2015-04-15 17:54 - 2015-03-17 06:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll
2015-04-15 17:54 - 2015-03-17 06:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\System32\msv1_0.dll
2015-04-15 17:54 - 2015-03-17 06:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2015-04-15 17:54 - 2015-03-17 06:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\System32\rstrui.exe
2015-04-15 17:54 - 2015-03-17 06:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2015-04-15 17:54 - 2015-03-17 06:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\System32\wdigest.dll
2015-04-15 17:54 - 2015-03-17 06:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2015-04-15 17:54 - 2015-03-17 06:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\System32\smss.exe
2015-04-15 17:54 - 2015-03-17 06:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\System32\TSpkg.dll
2015-04-15 17:54 - 2015-03-17 06:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\System32\srclient.dll
2015-04-15 17:54 - 2015-03-17 06:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2015-04-15 17:54 - 2015-03-17 06:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2015-04-15 17:54 - 2015-03-17 06:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\System32\secur32.dll
2015-04-15 17:54 - 2015-03-17 06:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\System32\credssp.dll
2015-04-15 17:54 - 2015-03-17 06:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2015-04-15 17:54 - 2015-03-17 06:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\System32\conhost.exe
2015-04-15 17:54 - 2015-03-17 06:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\System32\auditpol.exe
2015-04-15 17:54 - 2015-03-17 06:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\System32\lsass.exe
2015-04-15 17:54 - 2015-03-17 06:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\System32\msaudite.dll
2015-04-15 17:54 - 2015-03-17 06:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\System32\msobjs.dll
2015-04-15 17:54 - 2015-03-17 06:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\System32\adtschema.dll
2015-04-15 17:54 - 2015-03-17 06:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\System32\apisetschema.dll
2015-04-15 17:54 - 2015-03-17 06:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2015-04-15 17:54 - 2015-03-17 06:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2015-04-15 17:54 - 2015-03-17 06:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-15 17:54 - 2015-03-17 06:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-15 17:54 - 2015-03-17 06:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-15 17:54 - 2015-03-17 06:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2015-04-15 17:54 - 2015-03-17 06:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-15 17:54 - 2015-03-17 06:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2015-04-15 17:54 - 2015-03-17 06:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-15 17:54 - 2015-03-17 06:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-15 17:54 - 2015-03-17 06:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-15 17:54 - 2015-03-17 06:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2015-04-15 17:54 - 2015-03-17 06:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2015-04-15 17:54 - 2015-03-17 06:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-15 17:54 - 2015-03-17 06:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2015-04-15 17:54 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-15 17:54 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2015-04-15 17:54 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2015-04-15 17:54 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2015-04-15 17:54 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2015-04-15 17:54 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-15 17:54 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2015-04-15 17:54 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-15 17:54 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-15 17:54 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-15 17:54 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2015-04-15 17:54 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-15 17:54 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2015-04-15 17:54 - 2015-03-17 06:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-04-15 17:54 - 2015-03-17 06:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-04-15 17:54 - 2015-03-17 05:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-15 17:54 - 2015-03-17 05:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-04-15 17:54 - 2015-03-17 05:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-04-15 17:54 - 2015-03-17 05:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-04-15 17:54 - 2015-03-17 05:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-04-15 17:54 - 2015-03-17 05:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-04-15 17:54 - 2015-03-17 05:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-04-15 17:54 - 2015-03-17 05:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-04-15 17:54 - 2015-03-17 05:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-04-15 17:54 - 2015-03-17 05:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-04-15 17:54 - 2015-03-17 05:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-04-15 17:54 - 2015-03-17 05:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-04-15 17:54 - 2015-03-17 05:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-04-15 17:54 - 2015-03-17 05:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-04-15 17:54 - 2015-03-17 05:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-04-15 17:54 - 2015-03-17 05:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-04-15 17:54 - 2015-03-17 05:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-04-15 17:54 - 2015-03-17 05:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-04-15 17:54 - 2015-03-17 05:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-04-15 17:54 - 2015-03-17 05:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-04-15 17:54 - 2015-03-17 05:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-04-15 17:54 - 2015-03-17 05:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-15 17:54 - 2015-03-17 05:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-15 17:54 - 2015-03-17 05:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-15 17:54 - 2015-03-17 05:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-15 17:54 - 2015-03-17 05:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-15 17:54 - 2015-03-17 05:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-15 17:54 - 2015-03-17 05:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-15 17:54 - 2015-03-17 05:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-15 17:54 - 2015-03-17 05:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-15 17:54 - 2015-03-17 05:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-15 17:54 - 2015-03-17 05:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-15 17:54 - 2015-03-17 05:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-15 17:54 - 2015-03-17 05:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-15 17:54 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-15 17:54 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-15 17:54 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-15 17:54 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-15 17:54 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-15 17:54 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-15 17:54 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-15 17:54 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-15 17:54 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-15 17:54 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-15 17:54 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-15 17:54 - 2015-03-17 04:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-04-15 17:54 - 2015-03-17 04:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-04-15 17:54 - 2015-03-17 04:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-15 17:54 - 2015-03-17 04:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-15 17:54 - 2015-03-17 04:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-15 17:54 - 2015-03-17 04:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-15 17:54 - 2015-03-13 05:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2015-04-15 17:54 - 2015-03-13 05:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2015-04-15 17:54 - 2015-03-13 05:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2015-04-15 17:54 - 2015-03-13 05:09 - 00066560 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2015-04-15 17:54 - 2015-03-13 05:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2015-04-15 17:54 - 2015-03-13 05:08 - 00417280 _____ (Microsoft Corporation) C:\Windows\System32\html.iec
2015-04-15 17:54 - 2015-03-13 05:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2015-04-15 17:54 - 2015-03-13 05:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2015-04-15 17:54 - 2015-03-13 05:06 - 00088064 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll
2015-04-15 17:54 - 2015-03-13 05:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2015-04-15 17:54 - 2015-03-13 04:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2015-04-15 17:54 - 2015-03-13 04:55 - 00633856 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2015-04-15 17:54 - 2015-03-13 04:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2015-04-15 17:54 - 2015-03-13 04:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2015-04-15 17:54 - 2015-03-13 04:53 - 00814080 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2015-04-15 17:54 - 2015-03-13 04:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2015-04-15 17:54 - 2015-03-13 04:44 - 00968704 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2015-04-15 17:54 - 2015-03-13 04:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-15 17:54 - 2015-03-13 04:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-04-15 17:54 - 2015-03-13 04:40 - 00490496 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2015-04-15 17:54 - 2015-03-13 04:32 - 00077824 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll
2015-04-15 17:54 - 2015-03-13 04:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-15 17:54 - 2015-03-13 04:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-04-15 17:54 - 2015-03-13 04:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-04-15 17:54 - 2015-03-13 04:27 - 00199680 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2015-04-15 17:54 - 2015-03-13 04:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-04-15 17:54 - 2015-03-13 04:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2015-04-15 17:54 - 2015-03-13 04:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-04-15 17:54 - 2015-03-13 04:23 - 00316928 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2015-04-15 17:54 - 2015-03-13 04:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-15 17:54 - 2015-03-13 04:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-15 17:54 - 2015-03-13 04:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-04-15 17:54 - 2015-03-13 04:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-04-15 17:54 - 2015-03-13 04:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-04-15 17:54 - 2015-03-13 04:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-04-15 17:54 - 2015-03-13 04:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2015-04-15 17:54 - 2015-03-13 04:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2015-04-15 17:54 - 2015-03-13 04:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-15 17:54 - 2015-03-13 04:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2015-04-15 17:54 - 2015-03-13 04:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2015-04-15 17:54 - 2015-03-13 04:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-04-15 17:54 - 2015-03-13 04:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2015-04-15 17:54 - 2015-03-13 03:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-04-15 17:54 - 2015-03-13 03:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-15 17:54 - 2015-03-13 03:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-15 17:54 - 2015-03-13 03:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-15 17:54 - 2015-03-13 03:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2015-04-15 17:54 - 2015-03-13 03:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-15 17:54 - 2015-03-13 03:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-15 17:54 - 2015-03-13 03:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-04-15 17:54 - 2015-03-13 03:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-15 17:54 - 2015-03-13 03:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2015-04-15 17:54 - 2015-03-13 03:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2015-04-15 17:54 - 2015-03-13 03:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-15 17:54 - 2015-03-13 03:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-15 17:54 - 2015-03-13 03:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-15 17:54 - 2015-03-10 04:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2015-04-15 17:54 - 2015-03-10 04:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2015-04-15 17:54 - 2015-03-10 04:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-15 17:54 - 2015-03-10 04:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-04-15 17:54 - 2015-03-05 06:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\System32\gdi32.dll
2015-04-15 17:54 - 2015-03-05 05:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-15 17:54 - 2015-03-04 05:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\System32\clfs.sys
2015-04-15 17:54 - 2015-03-04 05:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\System32\clfsw32.dll
2015-04-15 17:54 - 2015-03-04 05:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-15 17:54 - 2015-02-25 04:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\http.sys
2015-04-13 19:32 - 2015-04-13 19:32 - 00000000 ____D () C:\Users\Fabian\Documents\Aspyr
2015-04-13 19:32 - 2015-04-13 19:32 - 00000000 ____D () C:\Users\Fabian\AppData\Local\Aspyr
2015-04-13 19:28 - 2015-04-13 19:28 - 00178800 _____ (Sony DADC Austria AG.) C:\Windows\SysWOW64\CmdLineExt_x64.dll
2015-04-13 19:28 - 2015-04-13 19:28 - 00000000 __RHD () C:\Users\Fabian\AppData\Roaming\SecuROM
2015-04-13 18:29 - 2015-04-13 18:29 - 00009728 _____ () C:\Windows\SysWOW64\BASSMOD.dll
2015-04-13 18:28 - 2015-04-13 19:24 - 00000032 _____ () C:\Windows\0
2015-04-13 18:28 - 2015-04-13 18:28 - 00000000 _____ () C:\Windows\System32\0
2015-04-13 18:28 - 2008-05-07 06:39 - 00066560 _____ (Nokia) C:\Windows\System32\nmwcdclsx64.dll
2015-04-13 18:27 - 2015-04-13 18:27 - 00000000 ____D () C:\ProgramData\Installations
2015-04-13 18:11 - 2015-04-13 18:11 - 00000535 _____ () C:\Windows\Xbox_360_CC_Driver.log
2015-04-04 19:59 - 2015-04-04 19:59 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-04 19:59 - 2015-04-04 19:59 - 00000000 ___SD () C:\Windows\System32\GWX

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-04 18:13 - 2014-12-23 15:47 - 00000000 ____D () C:\Users\Fabian\AppData\Local\LogMeIn Hamachi
2015-05-04 18:13 - 2014-10-24 10:35 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-05-04 18:13 - 2014-08-29 16:05 - 00065536 _____ () C:\Windows\System32\spu_storage.bin
2015-05-04 18:13 - 2014-08-29 15:37 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-04 18:13 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-04 18:13 - 2009-07-14 05:51 - 00147727 _____ () C:\Windows\setupact.log
2015-05-04 18:12 - 2014-09-11 21:12 - 00009728 _____ () C:\Windows\SysWOW64\Gms.log
2015-05-04 18:12 - 2014-08-29 15:32 - 01197088 _____ () C:\Windows\WindowsUpdate.log
2015-05-04 18:11 - 2009-07-14 18:58 - 00717014 _____ () C:\Windows\System32\perfh007.dat
2015-05-04 18:11 - 2009-07-14 18:58 - 00154630 _____ () C:\Windows\System32\perfc007.dat
2015-05-04 18:11 - 2009-07-14 06:13 - 01655480 _____ () C:\Windows\System32\PerfStringBackup.INI
2015-05-04 18:06 - 2014-08-29 15:37 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-04 18:00 - 2009-07-14 05:45 - 00038752 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-04 18:00 - 2009-07-14 05:45 - 00038752 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-03 20:34 - 2014-08-29 16:05 - 00246522 _____ () C:\Windows\PFRO.log
2015-05-03 20:33 - 2014-12-02 23:48 - 00000000 ____D () C:\Users\Fabian\AppData\Local\Battle.net
2015-05-03 20:32 - 2014-11-01 15:21 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-05-03 20:32 - 2014-11-01 15:21 - 00000000 ____D () C:\Program Files (x86)\Java
2015-05-03 20:32 - 2014-10-04 20:08 - 00110688 _____ (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll
2015-05-03 20:32 - 2014-10-04 20:07 - 00000000 ____D () C:\Program Files\Java
2015-05-01 15:52 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-05-01 12:59 - 2014-08-29 20:13 - 581064963 _____ () C:\Windows\MEMORY.DMP
2015-05-01 12:59 - 2014-08-29 20:13 - 00000000 ____D () C:\Windows\Minidump
2015-05-01 12:12 - 2014-10-31 17:52 - 00000000 ____D () C:\Windows\pss
2015-04-30 23:37 - 2014-09-08 13:00 - 00044900 _____ () C:\Windows\DPINST.LOG
2015-04-29 20:56 - 2014-08-29 15:32 - 00000000 ____D () C:\users\Fabian
2015-04-29 20:50 - 2015-03-18 22:46 - 00000035 _____ () C:\Users\Public\Documents\AtherosServiceConfig.ini
2015-04-26 17:01 - 2014-11-17 17:28 - 00000000 ____D () C:\ProgramData\Unity
2015-04-26 10:41 - 2015-03-14 01:50 - 00000000 ____D () C:\Program Files (x86)\MOUSE Editor
2015-04-26 10:41 - 2014-08-29 15:38 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-04-24 17:51 - 2014-09-11 20:16 - 00000000 ____D () C:\Users\Fabian\Documents\Bluetooth Folder
2015-04-23 17:46 - 2009-07-14 04:20 - 00000000 __RHD () C:\users\Default
2015-04-23 17:26 - 2009-07-14 19:18 - 00000000 ____D () C:\Windows\ShellNew
2015-04-21 20:09 - 2014-08-29 20:51 - 00000000 ____D () C:\Users\Fabian\AppData\Local\CrashDumps
2015-04-19 13:09 - 2014-09-03 20:16 - 00000099 _____ () C:\Users\Public\LMDebug.log
2015-04-19 00:38 - 2014-08-29 20:51 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\vlc
2015-04-16 05:56 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2015-04-16 05:53 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-04-16 05:08 - 2014-12-11 08:18 - 00000000 ____D () C:\Windows\System32\appraiser
2015-04-16 05:08 - 2014-08-29 17:32 - 00000000 ___SD () C:\Windows\System32\CompatTel
2015-04-15 22:23 - 2014-09-25 16:15 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-15 22:22 - 2014-08-29 16:03 - 01628824 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-15 22:20 - 2014-11-29 12:35 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-04-15 22:20 - 2014-11-29 12:35 - 00000000 ____D () C:\ProgramData\Skype
2015-04-15 22:20 - 2014-08-29 17:13 - 00000000 ____D () C:\Windows\System32\MRT
2015-04-15 22:17 - 2014-08-29 17:13 - 128913832 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2015-04-15 21:22 - 2014-10-04 20:16 - 00000000 ____D () C:\Users\Fabian\AppData\Local\Eclipse
2015-04-14 17:59 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\System32\NDF
2015-04-14 17:58 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Public\Libraries
2015-04-13 18:28 - 2014-11-10 17:36 - 00000000 ____D () C:\Program Files\DIFX
2015-04-13 18:11 - 2014-08-29 17:14 - 00254907 _____ () C:\Windows\DirectX.log
2015-04-12 15:30 - 2014-09-05 13:42 - 00000000 ____D () C:\Windows\SysWOW64\directx
2015-04-09 19:43 - 2014-09-03 13:34 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\Mp3tag

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points  =========================

Restore point made on: 2015-04-26 10:31:02
Restore point made on: 2015-04-26 10:40:56
Restore point made on: 2015-04-28 18:00:57
Restore point made on: 2015-04-30 23:36:50
Restore point made on: 2015-04-30 23:37:03

==================== Memory info =========================== 

Percentage of memory in use: 9%
Total physical RAM: 8135.25 MB
Available physical RAM: 7329.89 MB
Total Pagefile: 8133.4 MB
Available Pagefile: 7320.84 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.79 GB) (Free:48.07 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Volume) (Fixed) (Total:1863.01 GB) (Free:1315.94 GB) NTFS
Drive f: () (Removable) (Total:0.94 GB) (Free:0.94 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: F65BA038)
Partition 1: (Active) - (Size=111.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 7E5196A3)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 965 MB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=963 MB) - (Type=06)


LastRegBack: 2015-04-24 19:44

==================== End Of Log ============================
         
--- --- ---

Alt 05.05.2015, 08:35   #15
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7: PC verhält sich komisch update.exe - Standard

Windows 7: PC verhält sich komisch update.exe



Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
2015-05-03 20:35 - 2015-04-28 14:37 - 01584640 _____ () C:\Windows\SysWOW64\update_.exe
2015-05-01 22:10 - 2015-05-04 17:52 - 01539150 _____ () C:\Windows\SysWOW64\Update.exe
2015-05-01 22:10 - 2015-04-29 16:59 - 01026772 _____ () C:\Windows\SysWOW64\update64.exe
2015-05-01 22:10 - 2015-04-23 03:10 - 00198467 _____ () C:\Windows\SysWOW64\Run.exe
         
Speichere diese bitte als Fixlist.txt auf deinem USB Stick.
  • Starte deinen Rechner erneut in die Reparaturoptionen
  • Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Windows 7: PC verhält sich komisch update.exe
adobe, browser, combofix, defender, ebanking, explorer, helper, home, homepage, hängen, kaspersky, mp3, realtek, registry, rundll, scan, security, services.exe, software, svchost.exe, system, temp, trojaner, usb, windows, winlogon.exe



Ähnliche Themen: Windows 7: PC verhält sich komisch update.exe


  1. Windows ist unstabil und verhält sich komisch
    Plagegeister aller Art und deren Bekämpfung - 08.08.2015 (7)
  2. Mauszeiger verhält sich plötzlich komisch unter win 7, offene Seiten springen um.
    Log-Analyse und Auswertung - 13.07.2014 (11)
  3. PC verhält sich komisch, langsam, Phishing Mail mit PW erhalten
    Plagegeister aller Art und deren Bekämpfung - 07.12.2013 (11)
  4. Pc verhält sich seltsam
    Diskussionsforum - 21.08.2013 (3)
  5. Windows 7: Kaspersky findet nichts aber der Rechner verhält sich sehr auffällig
    Log-Analyse und Auswertung - 31.05.2013 (20)
  6. Rechner verhält sich komisch - Virus, Trojaner,...?
    Plagegeister aller Art und deren Bekämpfung - 10.04.2013 (15)
  7. Windows freezed und verhält sich merkwürdig
    Plagegeister aller Art und deren Bekämpfung - 18.06.2012 (1)
  8. PC verhält sich komisch - Informationen dringen nach außen
    Log-Analyse und Auswertung - 23.11.2011 (25)
  9. Pc verhält sich komisch. Viren/Maleware/Trojaner verdacht
    Log-Analyse und Auswertung - 19.09.2011 (9)
  10. Computer verhält sich weiterhin komisch,nach bereinigung mit Ad-Aware.
    Plagegeister aller Art und deren Bekämpfung - 10.03.2011 (16)
  11. BitDefender kein Update, Web-Fehlleitung, Windows verhält sich komisch
    Plagegeister aller Art und deren Bekämpfung - 27.02.2009 (10)
  12. Pc verhält sich komisch
    Log-Analyse und Auswertung - 31.01.2009 (1)
  13. Mein PC *verhält* sich komisch
    Plagegeister aller Art und deren Bekämpfung - 05.09.2008 (1)
  14. Pc verhält sich komisch ... Verdacht auf Viren, Spy oder Adware ... Hilfe
    Log-Analyse und Auswertung - 28.05.2008 (7)
  15. Der PC verhält sich seltsam
    Log-Analyse und Auswertung - 08.11.2007 (1)
  16. Rechner verhält sich komisch! Verdacht auf Trojaner!
    Log-Analyse und Auswertung - 23.01.2007 (9)
  17. System verhält sich komisch -> Log auswerten?
    Log-Analyse und Auswertung - 26.05.2005 (3)

Zum Thema Windows 7: PC verhält sich komisch update.exe - Hallo zusammen, also mein PC verhält sich in letzter Zeit komisch bekomme Bluescreens, er friert ohne grund plötzlich ein, bleibt im Bios fenster hängen (also da von wo aus man - Windows 7: PC verhält sich komisch update.exe...
Archiv
Du betrachtest: Windows 7: PC verhält sich komisch update.exe auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.