Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Cmd.exe nach neustart im Task Manager (https://www.trojaner-board.de/164297-cmd-exe-neustart-task-manager.html)

Hardcore114 21.02.2015 19:48
Cmd.exe nach neustart im Task Manager
 
Nach jedem Neustart meines PC's setzt sich die CMD.exe in den Task Manager rein (die CPU bleibt gering). Ich kann den Prozess zwar beenden aber der setzt sich dann im laufe des Tages wieder automatisch rein. Ich hoffe ihr könnt mir helfen. Da ich keine Ahnung habe bitte ich euch darum mir zu erklären wie ich euch bei der Lösung des Problems helfen kann :headbang:

schrauber 21.02.2015 20:02
hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


Hardcore114 21.02.2015 21:05

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-02-2015
Ran by David (administrator) on DAVID-PC on 21-02-2015 21:03:03
Running from C:\Users\David\Desktop
Loaded Profiles: David (Available profiles: David)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files\EslWire\service\WireHelperSvc.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
() C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\Ymsgr_tray.exe
(Akamai Technologies, Inc.) C:\Users\David\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\David\AppData\Local\Akamai\netsession_win.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(TeamSpeak Systems GmbH) C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-02-21] (AVAST Software)
HKU\S-1-5-21-3260951588-4144526485-2639087776-1000\...\Run: [KPeerNexonEU] => C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe [438272 2013-07-04] (NEXON Inc.)
HKU\S-1-5-21-3260951588-4144526485-2639087776-1000\...\Run: [icq] => C:\Users\David\AppData\Roaming\ICQM\icq.exe [28698984 2013-07-07] (ICQ)
HKU\S-1-5-21-3260951588-4144526485-2639087776-1000\...\Run: [DAEMON Tools Pro Agent] => C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe [3108480 2012-10-23] (DT Soft Ltd)
HKU\S-1-5-21-3260951588-4144526485-2639087776-1000\...\Run: [Akamai NetSession Interface] => C:\Users\David\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3260951588-4144526485-2639087776-1000\...\Run: [uTorrent] => C:\Users\David\AppData\Roaming\uTorrent\uTorrent.exe [1374032 2015-01-21] (BitTorrent Inc.)
HKU\S-1-5-21-3260951588-4144526485-2639087776-1000\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-3260951588-4144526485-2639087776-1000\...\MountPoints2: {aa1cd367-b68b-11e3-b262-806e6f6e6963} - H:\Autorun.exe
HKU\S-1-5-21-3260951588-4144526485-2639087776-1000\...\MountPoints2: {f2d9af6a-0e5b-11e3-ac98-08606e856f26} - G:\Autorun.exe
HKU\S-1-5-21-3260951588-4144526485-2639087776-1000\...\MountPoints2: {f758be8a-e0a2-11e2-96b4-806e6f6e6963} - D:\BlacklistAutoRun.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3260951588-4144526485-2639087776-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\ArcPluginIE.dll (Perfect World Entertainment Inc)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\4to1r28p.default-1405135581555
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npnxgameEU.dll (Nexon)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll (Perfect World Entertainment Inc)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3260951588-4144526485-2639087776-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\David\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3260951588-4144526485-2639087776-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Extension: DownloadHelper - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\4to1r28p.default-1405135581555\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-11-13]
FF Extension: ProxTube - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\4to1r28p.default-1405135581555\Extensions\ich@maltegoetz.de.xpi [2014-09-11]
FF Extension: NoScript - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\4to1r28p.default-1405135581555\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-07-12]
FF Extension: Adblock Plus - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\4to1r28p.default-1405135581555\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-12]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\adblockplus [2015-01-17]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\bookmarkbackups [2015-01-17]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\crashes [2015-01-17]
FF Extension: GFACE Experience Plugin - C:\Program Files (x86)\Mozilla Firefox\extensions\cryenginebrowserplugin@crytek.com [2015-01-17]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\extensions [2015-01-17]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\healthreport [2015-01-17]
FF Extension: ProxTube - Unblock YouTube - C:\Program Files (x86)\Mozilla Firefox\extensions\ich@maltegoetz.de [2015-01-17]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\minidumps [2015-01-17]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\searchplugins [2015-01-17]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\storage [2015-01-17]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\weave [2015-01-17]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\webapps [2015-01-17]
FF Extension: DownloadHelper - C:\Program Files (x86)\Mozilla Firefox\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2015-01-17]
FF Extension: NoScript - C:\Program Files (x86)\Mozilla Firefox\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-01-17]
FF Extension: Adblock Plus - C:\Program Files (x86)\Mozilla Firefox\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-01-17]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-02-21]

Chrome:
=======
CHR Profile: C:\Users\David\AppData\Local\Google\Chrome\User Data\default
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-02-21]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ArcService; C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [88400 2014-10-21] (Perfect World Entertainment Inc)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-02-21] (AVAST Software)
R2 EslWireHelper; C:\Program Files\EslWire\service\WireHelperSvc.exe [663056 2014-01-29] ()
R2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2015-02-16] (Hi-Rez Studios) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2015-01-07] (Electronic Arts)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5419792 2014-11-28] (TeamViewer GmbH)
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [762320 2014-11-04] (Tunngle.net GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13368 2009-04-06] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-02-21] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [87912 2015-02-21] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2015-02-21] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-02-21] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-02-21] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2015-02-21] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2015-02-21] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-02-21] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-08-26] (DT Soft Ltd)
R0 ESLWireAC; C:\Windows\System32\drivers\ESLWireACD.sys [184968 2014-08-22] (<Turtle Entertainment>)
S2 hwpsgt; C:\Windows\SysWOW64\DRIVERS\hwpsgt.sys [137344 2013-09-07] () [File not signed]
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
S2 lemsgt; C:\Windows\SysWOW64\DRIVERS\lemsgt.sys [9472 2013-09-07] () [File not signed]
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-17] ()
S2 tandpl; C:\Windows\SysWOW64\drivers\tandpl.sys [4736 2003-04-19] () [File not signed]
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-21 21:03 - 2015-02-21 21:03 - 00014885 _____ () C:\Users\David\Desktop\FRST.txt
2015-02-21 20:58 - 2015-02-21 20:59 - 00031548 _____ () C:\Users\David\Downloads\Addition.txt
2015-02-21 20:57 - 2015-02-21 21:03 - 00000000 ____D () C:\FRST
2015-02-21 20:57 - 2015-02-21 20:59 - 00042155 _____ () C:\Users\David\Downloads\FRST.txt
2015-02-21 19:39 - 2015-02-21 19:39 - 00380416 _____ () C:\Users\David\Downloads\Gmer-19357.exe
2015-02-21 19:36 - 2015-02-21 19:36 - 02086912 _____ (Farbar) C:\Users\David\Desktop\FRST64.exe
2015-02-21 19:35 - 2015-02-21 19:35 - 00050477 _____ () C:\Users\David\Downloads\Defogger.exe
2015-02-21 12:28 - 2015-02-21 12:28 - 00000000 ____D () C:\Users\David\AppData\Roaming\AVAST Software
2015-02-21 12:27 - 2015-02-21 12:28 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-02-21 12:27 - 2015-02-21 12:27 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2015-02-21 12:27 - 2015-02-21 12:27 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-02-21 12:27 - 2015-02-21 12:27 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-02-21 12:27 - 2015-02-21 12:27 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-02-21 12:27 - 2015-02-21 12:27 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-02-21 12:27 - 2015-02-21 12:27 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-02-21 12:27 - 2015-02-21 12:27 - 00087912 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2015-02-21 12:27 - 2015-02-21 12:27 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-02-21 12:27 - 2015-02-21 12:27 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-02-21 12:27 - 2015-02-21 12:27 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-02-21 12:27 - 2015-02-21 12:27 - 00001965 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-02-21 12:27 - 2015-02-21 12:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-02-21 12:26 - 2015-02-21 12:26 - 00000000 ____D () C:\Program Files\AVAST Software
2015-02-21 12:24 - 2015-02-21 12:26 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-02-21 12:23 - 2015-02-21 12:24 - 132469808 _____ (AVAST Software) C:\Users\David\Downloads\avast_free_antivirus_setup_10.2208.712.exe
2015-02-20 23:38 - 2015-02-20 23:38 - 00000000 ____D () C:\Users\David\Downloads\ShaiyaIndependenceEP7.4
2015-02-17 19:39 - 2015-02-20 11:07 - 00000000 ____D () C:\Users\David\Downloads\Rollercoaster.Tycoon.3.Pack
2015-02-17 18:34 - 2015-01-09 04:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-02-17 18:34 - 2015-01-09 04:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-02-17 18:34 - 2015-01-09 04:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-02-17 18:34 - 2015-01-09 03:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-02-17 17:23 - 2009-02-22 15:17 - 01246231 _____ () C:\DUKE3D.EXE
2015-02-17 17:22 - 2015-02-17 17:22 - 00000175 _____ () C:\INSTALL.LOG
2015-02-17 15:37 - 2015-02-17 15:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atari
2015-02-17 14:23 - 2015-02-17 14:24 - 00000000 ____D () C:\Users\David\Documents\RCT3
2015-02-17 14:23 - 2015-02-17 14:23 - 00000000 ____D () C:\Users\David\AppData\Roaming\Atari
2015-02-17 13:49 - 2015-02-17 13:49 - 00000000 ____D () C:\Program Files (x86)\Portable
2015-02-17 13:43 - 2015-02-17 13:43 - 00000000 ____D () C:\Users\David\Downloads\RollerCoaster Tycoon 3 Platinum (1-click run)
2015-02-17 06:55 - 2015-02-17 06:55 - 00000003 _____ () C:\Windows\system32\HRUPPROG.TXT
2015-02-17 06:55 - 2015-02-17 06:55 - 00000003 _____ () C:\Windows\system32\HRUPPROG.EXIT
2015-02-16 02:58 - 2015-02-17 00:16 - 00016297 _____ () C:\Users\David\Desktop\Bewerbung Lagerhelfer.odt
2015-02-16 01:56 - 2015-02-16 01:56 - 00000000 ____D () C:\Users\David\AppData\Roaming\OpenOffice
2015-02-16 01:55 - 2015-02-16 01:55 - 00001192 _____ () C:\Users\David\Desktop\OpenOffice 4.1.1.lnk
2015-02-16 01:55 - 2015-02-16 01:55 - 00000000 ___SD () C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1
2015-02-16 01:55 - 2015-02-16 01:55 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2015-02-16 01:53 - 2015-02-16 01:53 - 00000000 ____D () C:\Users\David\Desktop\OpenOffice 4.1.1 (de) Installation Files
2015-02-16 01:52 - 2015-02-16 01:53 - 164858324 _____ () C:\Users\David\Downloads\Apache_OpenOffice_4.1.1_Win_x86_install_de.exe
2015-02-14 20:10 - 2015-02-14 20:10 - 00002038 _____ () C:\Users\Public\Desktop\Hi-Rez Diagnostics and Support.lnk
2015-02-14 20:10 - 2015-02-14 20:10 - 00002029 _____ () C:\Users\Public\Desktop\Smite.lnk
2015-02-14 20:10 - 2015-02-14 20:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios
2015-02-14 20:08 - 2015-02-14 20:08 - 46660424 _____ (Hi-Rez Studios) C:\Users\David\Downloads\InstallSmite.exe
2015-02-13 06:46 - 2015-01-23 05:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-13 06:46 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-13 06:46 - 2015-01-23 04:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-13 06:46 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-12 10:47 - 2015-02-12 11:28 - 00000000 ____D () C:\Keen
2015-02-12 10:29 - 2015-02-12 10:29 - 00003072 _____ () C:\Windows\System32\Tasks\{86220E2B-E7C6-4F24-B810-D9C70C6C71AE}
2015-02-12 10:26 - 2015-02-12 10:27 - 00000000 ____D () C:\frogger
2015-02-11 11:05 - 2015-02-04 04:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-11 11:05 - 2015-02-04 04:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-11 11:05 - 2015-02-04 04:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-11 11:05 - 2015-02-04 04:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-11 11:05 - 2015-02-04 04:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-11 11:05 - 2015-02-04 04:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-11 11:05 - 2015-02-04 04:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-11 11:05 - 2015-01-28 00:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-11 11:05 - 2015-01-14 06:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 11:05 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-11 11:05 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 11:05 - 2015-01-12 04:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 11:05 - 2015-01-12 04:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-11 11:05 - 2015-01-12 03:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-11 11:05 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 11:05 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 11:05 - 2015-01-12 03:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-11 11:05 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-11 11:05 - 2015-01-12 03:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 11:05 - 2015-01-12 03:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-11 11:05 - 2015-01-12 03:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 11:05 - 2015-01-12 03:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-11 11:05 - 2015-01-12 03:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-11 11:05 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-11 11:05 - 2015-01-12 03:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-11 11:05 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-11 11:05 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 11:05 - 2015-01-12 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-11 11:05 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-11 11:05 - 2015-01-12 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-11 11:05 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 11:05 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-11 11:05 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-11 11:05 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-11 11:05 - 2015-01-12 03:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 11:05 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-11 11:05 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-11 11:05 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-11 11:05 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-11 11:05 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-11 11:05 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 11:05 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 11:05 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 11:05 - 2015-01-12 02:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-11 11:05 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-11 11:05 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 11:05 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-11 11:05 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-11 11:05 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-11 11:05 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-11 11:05 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 11:05 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-11 11:05 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-11 11:05 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-11 11:05 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-11 11:05 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 11:05 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-11 11:05 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-11 11:05 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-11 11:05 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-11 11:05 - 2015-01-10 07:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-11 11:05 - 2015-01-10 07:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 11:05 - 2015-01-10 07:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-11 11:05 - 2015-01-10 07:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-11 11:05 - 2015-01-10 07:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-11 11:05 - 2015-01-10 07:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-11 11:05 - 2015-01-10 07:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-11 11:05 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-11 11:05 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-11 11:05 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-11 11:05 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-11 11:05 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-11 11:05 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-11 11:05 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-11 11:04 - 2015-01-15 09:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 11:04 - 2015-01-15 09:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-11 11:04 - 2015-01-15 09:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 11:04 - 2015-01-15 09:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-11 11:04 - 2015-01-15 09:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-11 11:04 - 2015-01-15 09:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-11 11:04 - 2015-01-15 09:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-11 11:04 - 2015-01-15 09:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-11 11:04 - 2015-01-15 09:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 11:04 - 2015-01-15 09:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-11 11:04 - 2015-01-15 09:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 11:04 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-11 11:04 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-11 11:04 - 2015-01-15 08:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-11 11:04 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-11 11:04 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-11 11:04 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-11 11:04 - 2015-01-15 05:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 11:04 - 2015-01-14 07:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 11:04 - 2015-01-14 07:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-11 11:04 - 2015-01-14 07:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-11 11:04 - 2015-01-14 07:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-11 11:04 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-11 11:04 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-11 11:04 - 2015-01-14 06:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-11 11:04 - 2015-01-13 04:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 11:04 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 11:04 - 2014-12-12 06:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-11 11:04 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-11 11:04 - 2014-12-08 04:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 11:04 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 11:04 - 2014-11-26 04:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 11:04 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-11 11:04 - 2014-07-07 03:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-02-11 11:04 - 2014-07-07 03:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-02-11 11:04 - 2014-07-07 02:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-02-11 11:04 - 2014-07-07 02:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-02-11 11:03 - 2015-01-09 03:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-07 01:57 - 2015-02-10 02:14 - 00000000 ____D () C:\Users\David\Documents\Bandicam
2015-02-07 01:57 - 2015-02-07 01:57 - 00000000 ____D () C:\Users\David\AppData\Roaming\BANDISOFT
2015-02-07 01:56 - 2015-02-07 01:56 - 09495760 _____ (Bandisoft) C:\Users\David\Downloads\bd740camsetup.exe
2015-02-07 01:56 - 2015-02-07 01:56 - 00000993 _____ () C:\Users\David\Desktop\Bandicam.lnk
2015-02-07 01:56 - 2015-02-07 01:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bandicam
2015-02-07 01:56 - 2015-02-07 01:56 - 00000000 ____D () C:\Program Files (x86)\Bandicam
2015-01-29 19:08 - 2015-01-29 19:08 - 00000000 ____D () C:\tv
2015-01-29 19:07 - 2015-01-29 19:07 - 00000000 ____D () C:\Users\David\Downloads\tv
2015-01-29 19:00 - 2015-01-29 19:00 - 00001682 _____ () C:\Users\Public\Desktop\Beyond Good and Evil.lnk
2015-01-29 19:00 - 2002-05-21 08:37 - 00131072 _____ (Creative Technology Ltd) C:\Windows\SysWOW64\eax.dll
2015-01-29 18:57 - 2015-01-29 18:57 - 00000000 ____D () C:\GOG Games
2015-01-29 18:15 - 2015-01-29 18:18 - 00000000 ____D () C:\Users\David\Downloads\Beyond Good and Evil (December 14, 2003)
2015-01-27 23:18 - 2015-01-27 23:18 - 00000000 ____D () C:\Users\David\Downloads\Shaiya-FightClub
2015-01-26 02:15 - 2015-01-26 02:15 - 02194432 _____ () C:\Users\David\Downloads\adwcleaner_4.109.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-21 21:02 - 2013-07-06 20:17 - 00000000 ____D () C:\Users\David\AppData\Roaming\Skype
2015-02-21 20:58 - 2013-06-29 12:18 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-21 20:14 - 2013-07-12 11:35 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-21 20:06 - 2013-08-17 19:38 - 01235675 _____ () C:\Windows\WindowsUpdate.log
2015-02-21 19:01 - 2014-07-08 18:22 - 00000224 _____ () C:\Users\David\BullseyeCoverageError.txt
2015-02-21 18:50 - 2013-06-30 09:17 - 00000000 ____D () C:\Users\David\AppData\Roaming\TS3Client
2015-02-21 17:13 - 2009-07-14 05:45 - 00032080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-21 17:13 - 2009-07-14 05:45 - 00032080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-21 17:10 - 2014-04-30 23:45 - 00000000 ____D () C:\Users\David\AppData\Local\Akamai
2015-02-21 17:10 - 2013-07-18 14:13 - 00000000 ____D () C:\Users\David\AppData\Roaming\uTorrent
2015-02-21 17:08 - 2013-07-12 11:35 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-21 17:07 - 2014-05-25 09:06 - 00487578 _____ () C:\Windows\PFRO.log
2015-02-21 17:07 - 2014-05-24 21:45 - 00157134 _____ () C:\Windows\setupact.log
2015-02-21 17:07 - 2013-06-29 11:51 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-21 17:07 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-21 13:37 - 2013-07-19 16:55 - 00000000 ____D () C:\Users\David\Downloads\1
2015-02-21 12:31 - 2014-11-18 12:58 - 00000000 ___HD () C:\Users\David\AppData\Roaming\Origin
2015-02-20 13:34 - 2013-07-03 19:14 - 00000000 ____D () C:\Users\David\AppData\Local\PMB Files
2015-02-20 13:34 - 2013-07-03 19:14 - 00000000 ____D () C:\ProgramData\PMB Files
2015-02-18 18:48 - 2013-07-06 20:17 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-02-18 18:48 - 2013-07-06 20:17 - 00000000 ____D () C:\ProgramData\Skype
2015-02-18 10:26 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing
2015-02-17 19:37 - 2009-07-14 05:45 - 00306536 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-17 15:37 - 2013-10-03 16:23 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-02-17 15:37 - 2013-10-03 16:22 - 00000000 ____D () C:\Program Files (x86)\Atari
2015-02-16 16:17 - 2013-06-29 11:55 - 00067512 _____ () C:\Users\David\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-14 20:50 - 2014-11-07 15:25 - 00018602 _____ () C:\Windows\DirectX.log
2015-02-14 20:10 - 2014-04-04 18:40 - 00000000 ____D () C:\ProgramData\Hi-Rez Studios
2015-02-14 20:10 - 2014-04-04 18:40 - 00000000 ____D () C:\Program Files (x86)\Hi-Rez Studios
2015-02-12 21:57 - 2014-12-10 03:21 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-12 21:57 - 2014-05-07 02:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-12 21:57 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-02-12 10:27 - 2013-08-26 20:46 - 00000000 ____D () C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-02-12 03:06 - 2013-11-09 16:25 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-12 03:02 - 2013-11-09 16:25 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-11 23:55 - 2014-04-22 22:05 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-02-07 01:56 - 2013-08-17 23:37 - 00000000 ____D () C:\Program Files (x86)\BandiMPEG1
2015-02-05 10:09 - 2013-07-12 11:35 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-05 10:09 - 2013-07-12 11:35 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-05 05:58 - 2013-06-29 12:18 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-05 05:58 - 2013-06-29 12:18 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-05 05:58 - 2013-06-29 12:18 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-29 19:00 - 2014-07-23 17:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2015-01-29 19:00 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-01-27 15:31 - 2013-06-29 11:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-27 06:22 - 2015-01-17 12:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-27 06:22 - 2014-12-09 15:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox.bak
2015-01-26 02:16 - 2014-06-22 15:53 - 00000000 ____D () C:\AdwCleaner
2015-01-24 11:32 - 2014-02-19 22:03 - 00000000 ____D () C:\Users\David\Downloads\Blubb

Files to move or delete:
====================
C:\Users\David\Demon_Slayer_Anmeldeclient.exe


Some content of TEMP:
====================
C:\Users\David\AppData\Local\Temp\39c5fcefde7237e0d04f892ea02d6ace.dll
C:\Users\David\AppData\Local\Temp\bdfilters.dll
C:\Users\David\AppData\Local\Temp\BullseyeCoverage-2-x86.dll
C:\Users\David\AppData\Local\Temp\cres.dll
C:\Users\David\AppData\Local\Temp\cshell.dll
C:\Users\David\AppData\Local\Temp\drm_dyndata_7380007.dll
C:\Users\David\AppData\Local\Temp\EslWireSetup-1.17.3.8001-x64.exe
C:\Users\David\AppData\Local\Temp\FileSystemView.dll
C:\Users\David\AppData\Local\Temp\Gw2.exe
C:\Users\David\AppData\Local\Temp\HiPatchSelfUpdateWindow.exe
C:\Users\David\AppData\Local\Temp\HiRezLauncherControls.dll
C:\Users\David\AppData\Local\Temp\ICSharpCode.SharpZipLib.dll
C:\Users\David\AppData\Local\Temp\JavaRa.exe
C:\Users\David\AppData\Local\Temp\jli.dll
C:\Users\David\AppData\Local\Temp\jre-8u25-windows-i586.exe
C:\Users\David\AppData\Local\Temp\jre-8u25-windows-x64.exe
C:\Users\David\AppData\Local\Temp\keytool.exe
C:\Users\David\AppData\Local\Temp\launcher_vs2010_sp1_vcredist_x86.exe
C:\Users\David\AppData\Local\Temp\msvcr100.dll
C:\Users\David\AppData\Local\Temp\node.exe
C:\Users\David\AppData\Local\Temp\Quarantine.exe
C:\Users\David\AppData\Local\Temp\SkypeSetup.exe
C:\Users\David\AppData\Local\Temp\sqlite3.dll
C:\Users\David\AppData\Local\Temp\sqlite3.exe
C:\Users\David\AppData\Local\Temp\sres.dll
C:\Users\David\AppData\Local\Temp\unins000.exe
C:\Users\David\AppData\Local\Temp\Uninstaller-6008.exe
C:\Users\David\AppData\Local\Temp\YgoUpdater.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-03 15:49

==================== End Of Log ============================
--- --- ---




Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-02-2015
Ran by David at 2015-02-21 21:03:33
Running from C:\Users\David\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

«Eador. Masters of the Broken World» (HKLM-x32\...\{3180F11F-56C8-466c-8A82-599AE28EA34A}_is1) (Version:  - )
µTorrent (HKU\S-1-5-21-3260951588-4144526485-2639087776-1000\...\uTorrent) (Version: 3.3.1.29812 - BitTorrent Inc.)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AION Free-to-Play Version 1.0 (HKLM-x32\...\{82E73E8D-E1E7-45A4-A311-6D31492AA913}_is1) (Version: 1.0 - Gameforge)
Airline Tycoon Evolution (HKLM-x32\...\{16E43D5F-5296-4D53-B303-9D951AFE510F}) (Version:  - )
Akamai NetSession Interface (HKU\S-1-5-21-3260951588-4144526485-2639087776-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.5510 - Perfect World Entertainment)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version:  - )
Bandicam (HKLM-x32\...\Bandicam) (Version: 2.1.2.740 - Bandisoft.com)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - Bandisoft.com)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Beyond Good and Evil (HKLM-x32\...\GOGPACKBEYONDGOODANDEVIL_is1) (Version: 2.0.0.5 - GOG.com)
BlackShot Á¦°Å (HKLM-x32\...\BlackShot) (Version:  - )
Borderlands (HKLM-x32\...\{52B65911-1559-4ED5-9461-46957FDD48CD}) (Version: 1.0.295 - 2K Games)
Borderlands (HKLM-x32\...\Borderlands-u-GOTY_is1) (Version: 1.4.1 - 2K Games)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version:  - Gearbox Software)
Borderlands: The Pre-Sequel (HKLM-x32\...\Steam App 261640) (Version:  - 2K Australia)
CAE Report Generator v1.16 (HKLM-x32\...\{F7849D41-0A46-457D-827D-00FF47AF2D85}_is1) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 4.03 - Piriform)
Cold Zero 1.02 (HKLM-x32\...\{B1796F30-A0BF-494D-9180-EA819C983F3A}_is1) (Version:  - JoWooD Productions)
Combat Arms EU (HKLM-x32\...\Combat Arms EU) (Version:  - )
DAEMON Tools Pro (HKLM-x32\...\DAEMON Tools Pro) (Version: 5.2.0.0348 - DT Soft Ltd)
Dark Project 2 (HKLM-x32\...\Thief22DeinstallKey) (Version:  - )
Dead Space™ (HKLM-x32\...\{4D87DC92-C328-46EC-A7B4-9C88129DC696}) (Version: 1.0.222.0 - Electronic Arts)
Dead Space™ 3 (HKLM-x32\...\{D4329609-4102-4F8C-B83F-7FE024EEA314}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Duke Nukem - Manhattan Project (HKLM-x32\...\InstallShield_{8B9336DB-8D04-4325-BAFC-C7141D8E6CA1}) (Version: 1.0.0 - Arush Entertainment)
Duke Nukem - Manhattan Project (x32 Version: 1.0.0 - Arush Entertainment) Hidden
Duke Nukem 3D (HKLM-x32\...\Duke Nukem 3D_is1) (Version:  - GOG.com)
ESL Wire 1.17.3 (HKLM\...\ESL Wire_is1) (Version:  - Turtle Entertainment GmbH)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Gameforge Live 2.0.4 (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.4 - Gameforge)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
Garrys Mod version 13.07.05 (HKLM\...\{C8F834F5-46EA-4933-8AA9-F6CD7D29EED0}_is1) (Version: 13.07.05 - Strogino CS Portal)
Glyph (HKLM-x32\...\Glyph) (Version:  - Trion Worlds, Inc.)
GOG.com Beyond Good and Evil (HKLM\...\{de495fd2-006f-494f-8a94-467eabd400ce}.sdb) (Version:  - )
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
Heroes & Generals (HKLM-x32\...\Steam App 227940) (Version:  - Reto-Moto)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
ICQ 8.1 (build 6336) (HKU\S-1-5-21-3260951588-4144526485-2639087776-1000\...\ICQ) (Version: 8.1.6336.0 - Mail.Ru)
Indeo® Software (HKLM-x32\...\Indeo® Software) (Version:  - )
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.600 - Oracle)
Java 7 Update 65 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417065FF}) (Version: 7.0.650 - Oracle)
Lame ACM MP3 Codec (HKLM-x32\...\LameACM) (Version:  - )
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Luvinia World (HKLM-x32\...\{AEFAED34-4C87-4158-916F-A158D7C3B3E8}) (Version: 1.00.0000 - SOA Games)
Luvinia World (HKLM-x32\...\Luvinia World 1.01.0038) (Version: 1.01.0038 - SOA Games)
Luvinia World (x32 Version: 1.01.0038 - SOA Games) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Age of Empires II (HKLM-x32\...\Age of Empires 2.0) (Version:  - )
Microsoft Age of Empires II: The Conquerors Expansion (HKLM-x32\...\Age of Empires II: The Conquerors Expansion 1.0) (Version:  - )
Microsoft Office Excel Viewer (HKLM-x32\...\{95120000-003F-0407-0000-0000000FF1CE}) (Version: 12.0.6334.5000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Neverwinter Nights 2 (HKLM-x32\...\{F20C1251-1D0A-4944-B2AE-678581B33B19}) (Version: 1.00.0000 - Obsidian)
NVIDIA 3D Vision Controller-Treiber 320.18 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 320.18 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 320.18 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 320.18 - NVIDIA Corporation)
NVIDIA Grafiktreiber 320.18 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 320.18 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.24.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.24.2 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.1.10.2716 - Electronic Arts, Inc.)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.9 - Pando Networks Inc.)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r4600) (Version:  - )
PlayCatan Zugangssoftware (HKLM-x32\...\PlayCatan Client) (Version: 3.1148 - Catan GmbH)
RIFT (HKU\S-1-5-21-3260951588-4144526485-2639087776-1000\...\RIFT) (Version:  - Trion Worlds, Inc.)
RollerCoaster Tycoon 3 Platinum (HKLM-x32\...\RollerCoaster Tycoon 3 Platinum3) (Version: 3 - Friends in War)
Skype™ 7.1 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)
Smite (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}) (Version: 2.0.2574.0 - Hi-Rez Studios)
Speccy (HKLM\...\Speccy) (Version: 1.26 - Piriform)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.36244 - TeamViewer)
TERA (HKLM-x32\...\{A2F166A0-F031-4E27-A057-C69733219434}_is1) (Version: 7 - Gameforge Productions GmbH)
Thief - Deadly Shadows (HKLM-x32\...\{FC123EEA-330A-4685-911C-95B8F5E9DE68}) (Version: 1.0 - )
Thief 2: The Metal Age version 1.18 (HKLM-x32\...\{54B5CB3B-AFD9-49BB-B0C2-CD88A2F4B0EA}_is1) (Version: 1.18 - Square Enix)
Thief Gold (HKLM-x32\...\ThiefGoldDeinstallKey) (Version:  - )
Thief Gold version 1.37 (HKLM-x32\...\{43DD5CB5-3CB7-44EC-8A7A-2F300BED7301}_is1) (Version: 1.37 - Square Enix)
Tony Hawk's Pro Skater 2 (HKLM-x32\...\Activision_THPS2UninstallKey) (Version:  - )
Tron 2.0 (HKLM-x32\...\{FC272B66-8372-49EF-A642-28CAD2B9EAC9}) (Version:  - )
Tunngle Version Tunngle (HKLM-x32\...\Tunngle_is1) (Version: Tunngle - Tunngle.net GmbH)
UltraISO Premium V9.53 (HKLM-x32\...\UltraISO_is1) (Version:  - )
Unity Web Player (HKU\S-1-5-21-3260951588-4144526485-2639087776-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Uplay (HKLM-x32\...\Uplay) (Version: 3.0 - Ubisoft)
Vegas Pro 11.0 (HKLM-x32\...\{6BE7495E-8DF1-11E1-BB7D-F04DA23A5C58}) (Version: 11.0.682 - Sony)
Vindictus EU (HKLM-x32\...\Vindictus EU) (Version:  - )
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.1.4 (HKLM\...\VLC media player) (Version: 2.1.4 - VideoLAN)
VP3 Codec for Video for Windows (HKLM-x32\...\VP3 Codec for Video for Windows) (Version:  - )
Windows Media Player 5.2 (HKLM-x32\...\MPlayer2) (Version:  - )
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
x264vfw - H.264/MPEG-4 AVC codec (remove only) (HKLM-x32\...\x264vfw) (Version:  - )
XIII (HKLM-x32\...\{42BC0474-6E50-464A-8183-5E3D32E41B1B}) (Version: 1.00.000 - )
Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)
Xvid 1.2.2 final uninstall (HKLM-x32\...\Xvid_is1) (Version: 1.2 - Xvid team (Koepi))
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3260951588-4144526485-2639087776-1000_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-3260951588-4144526485-2639087776-1000_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-3260951588-4144526485-2639087776-1000_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-3260951588-4144526485-2639087776-1000_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\ooofilt_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-3260951588-4144526485-2639087776-1000_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\propertyhdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-3260951588-4144526485-2639087776-1000_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)

==================== Restore Points  =========================

21-02-2015 12:26:07 avast! antivirus system restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {31E03393-D4CF-42EB-8845-B37558504C23} - System32\Tasks\{0AD7D392-6603-411C-811D-0EF90D745B92} => pcalua.exe -a C:\Users\David\Downloads\vermeer2_1_1_0\vermeer2_1_1_0.exe -d C:\Users\David\Downloads\vermeer2_1_1_0
Task: {82AB592C-F6FF-418E-85F1-F65AB674DFF3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {87B1DB94-A975-454D-92D4-398D0F5BE420} - System32\Tasks\{9BC43372-27CA-4347-BFB5-EF2E19B4CB12} => Firefox.exe
Task: {8989B6C0-DEA6-4C30-8A35-28FC303ED514} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-12] (Google Inc.)
Task: {9567129D-B7A8-4936-A98B-20A06379B406} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-06-19] (Piriform Ltd)
Task: {9B7A039C-CB15-4E49-A7C1-A30BDB65F84D} - System32\Tasks\{903D4E11-96A2-46D0-84C1-ABFD76D5C8FE} => pcalua.exe -a "C:\Quake III Arena\Setup.exe" -d "C:\Quake III Arena"
Task: {9F516772-CEDC-44B8-8100-43E62383965A} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-02-21] (AVAST Software)
Task: {A93936EF-F1EB-4C59-89A7-C23D08113719} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {AF48D3B3-BCE7-4B84-B99F-17E5878D98E3} - System32\Tasks\{86220E2B-E7C6-4F24-B810-D9C70C6C71AE} => pcalua.exe -a C:\frogger\videosetup.exe -d C:\frogger
Task: {C4E4E163-5082-4256-9154-C21284B7A2D7} - System32\Tasks\{5FC56A3C-F106-44ED-9452-AAD1F9CC46F9} => pcalua.exe -a C:\Users\David\Downloads\XIII\XIII\Patches\xiii_v13.exe -d C:\Users\David\Downloads\XIII\XIII\Patches
Task: {E140E796-A402-4610-8840-F7B00C6E4340} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-12] (Google Inc.)
Task: {FA262610-52C1-43C5-9CD8-2DEA679AEA51} - System32\Tasks\{E601B2F6-6DDC-4034-9919-40FC21213D99} => pcalua.exe -a C:\Windows\IsUninst.exe -c -fC:\games\ThiefG\thiefalphaIIu.log
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2013-06-29 11:45 - 2013-05-12 21:34 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-08-22 15:00 - 2014-01-29 18:14 - 00663056 _____ () C:\Program Files\EslWire\service\WireHelperSvc.exe
2014-08-22 15:00 - 2014-02-06 15:38 - 00214016 _____ () C:\Program Files\EslWire\service\NocIPC64.dll
2013-07-04 16:35 - 2013-07-04 16:35 - 01992328 _____ () C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe
2014-03-13 17:28 - 2014-03-13 17:28 - 00173568 _____ () C:\Program Files\TeamSpeak 3 Client\quazip.dll
2014-03-13 17:28 - 2014-03-13 17:28 - 01080832 _____ () C:\Program Files\TeamSpeak 3 Client\platforms\qwindows.dll
2014-03-13 17:28 - 2014-03-13 17:28 - 00833024 _____ () C:\Program Files\TeamSpeak 3 Client\sqldrivers\qsqlite.dll
2013-04-04 09:38 - 2014-08-06 19:21 - 00102344 _____ () C:\Program Files\TeamSpeak 3 Client\soundbackends\directsound_win64.dll
2013-04-04 09:38 - 2014-08-06 19:21 - 00108488 _____ () C:\Program Files\TeamSpeak 3 Client\soundbackends\windowsaudiosession_win64.dll
2014-03-13 17:28 - 2014-03-13 17:28 - 00030208 _____ () C:\Program Files\TeamSpeak 3 Client\imageformats\qgif.dll
2014-03-13 17:28 - 2014-03-13 17:28 - 00233984 _____ () C:\Program Files\TeamSpeak 3 Client\imageformats\qjpeg.dll
2013-04-04 09:38 - 2014-08-06 19:21 - 00563656 _____ () C:\Program Files\TeamSpeak 3 Client\plugins\clientquery_plugin.dll
2013-09-09 18:19 - 2014-08-06 19:21 - 00579016 _____ () C:\Program Files\TeamSpeak 3 Client\plugins\teamspeak_control_plugin.dll
2014-03-13 17:28 - 2014-03-13 17:28 - 00159232 _____ () C:\Program Files\TeamSpeak 3 Client\accessible\qtaccessiblewidgets.dll
2015-02-21 12:29 - 2015-02-21 12:29 - 02911744 _____ () C:\Program Files\AVAST Software\Avast\defs\15022001\algo.dll
2015-02-21 17:08 - 2015-02-21 17:08 - 02911744 _____ () C:\Program Files\AVAST Software\Avast\defs\15022100\algo.dll
2015-02-21 12:27 - 2015-02-21 12:27 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-01-11 01:55 - 2012-05-25 04:25 - 00921600 _____ () C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
2015-01-17 12:57 - 2015-01-27 06:22 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2015-02-05 05:58 - 2015-02-05 05:58 - 16852144 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3260951588-4144526485-2639087776-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\David\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-3260951588-4144526485-2639087776-500 - Administrator - Disabled)
David (S-1-5-21-3260951588-4144526485-2639087776-1000 - Administrator - Enabled) => C:\Users\David
Gast (S-1-5-21-3260951588-4144526485-2639087776-501 - Limited - Disabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/21/2015 05:10:25 PM) (Source: MsiInstaller) (EventID: 11310) (User: David-PC)
Description: Produkt: Akamai NetSession Interface -- Fehler 1310. Fehler beim Schreiben in die Datei: C:\Users\David\AppData\Local\Akamai\admintool.exe.  Systemfehler 0. Stellen Sie sicher, dass Sie auf das Verzeichnis zugreifen können.

Error: (02/21/2015 05:09:55 PM) (Source: MsiInstaller) (EventID: 11310) (User: David-PC)
Description: Produkt: Akamai NetSession Interface -- Fehler 1310. Fehler beim Schreiben in die Datei: C:\Users\David\AppData\Local\Akamai\admintool.exe.  Systemfehler 0. Stellen Sie sicher, dass Sie auf das Verzeichnis zugreifen können.

Error: (02/21/2015 05:08:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/21/2015 05:08:38 PM) (Source: SecurityCenter) (EventID: 3) (User: )
Description: Das Windows-Sicherheitscenter konnte keine Ereignisabfragen mit der WMI herstellen, um Antiviren, AntiSpyware- und Firewallprogramme von Drittanbietern zu überwachen.

Error: (02/21/2015 00:26:21 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary hnggdbrj.

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (02/21/2015 11:03:43 AM) (Source: SecurityCenter) (EventID: 3) (User: )
Description: Das Windows-Sicherheitscenter konnte keine Ereignisabfragen mit der WMI herstellen, um Antiviren, AntiSpyware- und Firewallprogramme von Drittanbietern zu überwachen.

Error: (02/21/2015 11:02:37 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/21/2015 11:02:16 AM) (Source: MsiInstaller) (EventID: 11310) (User: David-PC)
Description: Produkt: Akamai NetSession Interface -- Fehler 1310. Fehler beim Schreiben in die Datei: C:\Users\David\AppData\Local\Akamai\admintool.exe.  Systemfehler 0. Stellen Sie sicher, dass Sie auf das Verzeichnis zugreifen können.

Error: (02/21/2015 11:01:50 AM) (Source: MsiInstaller) (EventID: 11310) (User: David-PC)
Description: Produkt: Akamai NetSession Interface -- Fehler 1310. Fehler beim Schreiben in die Datei: C:\Users\David\AppData\Local\Akamai\admintool.exe.  Systemfehler 0. Stellen Sie sicher, dass Sie auf das Verzeichnis zugreifen können.

Error: (02/21/2015 00:25:31 AM) (Source: MsiInstaller) (EventID: 11310) (User: David-PC)
Description: Produkt: Akamai NetSession Interface -- Fehler 1310. Fehler beim Schreiben in die Datei: C:\Users\David\AppData\Local\Akamai\admintool.exe.  Systemfehler 0. Stellen Sie sicher, dass Sie auf das Verzeichnis zugreifen können.


System errors:
=============
Error: (02/21/2015 07:07:48 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.

Error: (02/21/2015 07:07:48 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.

Error: (02/21/2015 07:07:48 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.

Error: (02/21/2015 05:08:21 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\tandpl.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (02/21/2015 05:08:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "lemsgt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275

Error: (02/21/2015 05:08:20 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\DRIVERS\lemsgt.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (02/21/2015 05:08:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "hwpsgt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275

Error: (02/21/2015 05:08:19 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\DRIVERS\hwpsgt.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (02/21/2015 11:01:29 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\tandpl.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (02/21/2015 11:01:23 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "lemsgt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275


Microsoft Office Sessions:
=========================
Error: (02/21/2015 05:10:25 PM) (Source: MsiInstaller) (EventID: 11310) (User: David-PC)
Description: Produkt: Akamai NetSession Interface -- Fehler 1310. Fehler beim Schreiben in die Datei: C:\Users\David\AppData\Local\Akamai\admintool.exe.  Systemfehler 0. Stellen Sie sicher, dass Sie auf das Verzeichnis zugreifen können.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (02/21/2015 05:09:55 PM) (Source: MsiInstaller) (EventID: 11310) (User: David-PC)
Description: Produkt: Akamai NetSession Interface -- Fehler 1310. Fehler beim Schreiben in die Datei: C:\Users\David\AppData\Local\Akamai\admintool.exe.  Systemfehler 0. Stellen Sie sicher, dass Sie auf das Verzeichnis zugreifen können.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (02/21/2015 05:08:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/21/2015 05:08:38 PM) (Source: SecurityCenter) (EventID: 3) (User: )
Description:

Error: (02/21/2015 00:26:21 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary hnggdbrj.

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (02/21/2015 11:03:43 AM) (Source: SecurityCenter) (EventID: 3) (User: )
Description:

Error: (02/21/2015 11:02:37 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/21/2015 11:02:16 AM) (Source: MsiInstaller) (EventID: 11310) (User: David-PC)
Description: Produkt: Akamai NetSession Interface -- Fehler 1310. Fehler beim Schreiben in die Datei: C:\Users\David\AppData\Local\Akamai\admintool.exe.  Systemfehler 0. Stellen Sie sicher, dass Sie auf das Verzeichnis zugreifen können.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (02/21/2015 11:01:50 AM) (Source: MsiInstaller) (EventID: 11310) (User: David-PC)
Description: Produkt: Akamai NetSession Interface -- Fehler 1310. Fehler beim Schreiben in die Datei: C:\Users\David\AppData\Local\Akamai\admintool.exe.  Systemfehler 0. Stellen Sie sicher, dass Sie auf das Verzeichnis zugreifen können.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (02/21/2015 00:25:31 AM) (Source: MsiInstaller) (EventID: 11310) (User: David-PC)
Description: Produkt: Akamai NetSession Interface -- Fehler 1310. Fehler beim Schreiben in die Datei: C:\Users\David\AppData\Local\Akamai\admintool.exe.  Systemfehler 0. Stellen Sie sicher, dass Sie auf das Verzeichnis zugreifen können.(NULL)(NULL)(NULL)(NULL)(NULL)


==================== Memory info ===========================

Processor: AMD FX(tm)-4100 Quad-Core Processor
Percentage of memory in use: 30%
Total physical RAM: 8174.12 MB
Available physical RAM: 5666.17 MB
Total Pagefile: 16346.42 MB
Available Pagefile: 13507.84 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (C) (Fixed) (Total:465.66 GB) (Free:49.04 GB) NTFS
Drive d: (Daten) (Fixed) (Total:298.08 GB) (Free:42.98 GB) NTFS
Drive e: () (Fixed) (Total:74.53 GB) (Free:50.81 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: (RCT3) (CDROM) (Total:0.46 GB) (Free:0 GB) CDFS
Drive h: (DEADSPACE) (CDROM) (Total:7.41 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 55441DE7)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 74.5 GB) (Disk ID: E2B7E2B7)
Partition 1: (Active) - (Size=74.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 298.1 GB) (Disk ID: E2F7E2F7)
Partition 1: (Not Active) - (Size=298.1 GB) - (Type=OF Extended)

==================== End Of Log ============================

schrauber 22.02.2015 09:19
hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Hardcore114 22.02.2015 11:12
Ich habe ein kleines Problem. Ich habe mein Avast ausgestellt und den Scan gestartet. Dann kam die meldung ich solle mein AVG Antivirus free ausschalten welches ich aber weder noch auf dem Rechner habe noch im Taskmanager zu finden ist. Darf ich von meinem Taskmanager und der Meldung einen Screenshot anhängen? Im Taskmanager sieht man auf dem Screenshot auch die (gestern noch cmd.exe *32 heute die cmd.3XE *32) auch zu finden ist jetzt eine "NirCmd.3XE *32"

Edit: oh tut mir leid: "Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen." habe ich vergessen. ich werde die Meldung jetzt wegklicken und den Log posten.


Code:
ComboFix 15-02-16.01 - David 22.02.2015  11:21:50.1.4 - x64
Microsoft Windows 7 Professional  6.1.7601.1.1252.49.1031.18.8174.6468 [GMT 1:00]
ausgeführt von:: c:\users\David\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0407.exe
c:\windows\msdownld.tmp
D:\install.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2015-01-22 bis 2015-02-22  ))))))))))))))))))))))))))))))
.
.
2015-02-22 10:32 . 2015-02-22 10:32        --------        d-----w-        c:\users\Default\AppData\Local\temp
2015-02-22 10:12 . 2015-02-22 10:12        75888        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{78173DDB-4650-4B72-A94C-1D47E76E4D4A}\offreg.dll
2015-02-21 19:57 . 2015-02-21 20:03        --------        d-----w-        C:\FRST
2015-02-21 11:28 . 2015-02-21 11:28        --------        d-----w-        c:\users\David\AppData\Roaming\AVAST Software
2015-02-21 11:27 . 2015-02-21 11:27        116728        ----a-w-        c:\windows\system32\drivers\aswStm.sys
2015-02-21 11:27 . 2015-02-21 11:27        267632        ----a-w-        c:\windows\system32\drivers\aswVmm.sys
2015-02-21 11:27 . 2015-02-21 11:27        65776        ----a-w-        c:\windows\system32\drivers\aswRvrt.sys
2015-02-21 11:27 . 2015-02-21 11:27        436624        ----a-w-        c:\windows\system32\drivers\aswSP.sys
2015-02-21 11:27 . 2015-02-21 11:27        87912        ----a-w-        c:\windows\system32\drivers\aswmonflt.sys
2015-02-21 11:27 . 2015-02-21 11:27        93568        ----a-w-        c:\windows\system32\drivers\aswRdr2.sys
2015-02-21 11:27 . 2015-02-21 11:27        29208        ----a-w-        c:\windows\system32\drivers\aswHwid.sys
2015-02-21 11:27 . 2015-02-21 11:27        1050432        ----a-w-        c:\windows\system32\drivers\aswsnx.sys
2015-02-21 11:27 . 2015-02-21 11:27        364512        ----a-w-        c:\windows\system32\aswBoot.exe
2015-02-21 11:27 . 2015-02-21 11:27        43152        ----a-w-        c:\windows\avastSS.scr
2015-02-21 11:26 . 2015-02-21 11:26        --------        d-----w-        c:\program files\AVAST Software
2015-02-21 11:24 . 2015-02-21 11:26        --------        d-----w-        c:\programdata\AVAST Software
2015-02-20 09:50 . 2015-01-29 09:07        11910896        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{78173DDB-4650-4B72-A94C-1D47E76E4D4A}\mpengine.dll
2015-02-17 17:34 . 2015-01-09 03:14        91136        ----a-w-        c:\windows\system32\wdi.dll
2015-02-17 17:34 . 2015-01-09 03:14        950272        ----a-w-        c:\windows\system32\perftrack.dll
2015-02-17 17:34 . 2015-01-09 03:14        29696        ----a-w-        c:\windows\system32\powertracker.dll
2015-02-17 17:34 . 2015-01-09 02:48        76800        ----a-w-        c:\windows\SysWow64\wdi.dll
2015-02-17 16:23 . 2009-02-22 14:17        1246231        ----a-w-        C:\DUKE3D.EXE
2015-02-17 13:23 . 2015-02-17 13:23        --------        d-----w-        c:\users\David\AppData\Roaming\Atari
2015-02-17 12:49 . 2015-02-17 12:49        --------        d-----w-        c:\program files (x86)\Portable
2015-02-16 00:56 . 2015-02-16 00:56        --------        d-----w-        c:\users\David\AppData\Roaming\OpenOffice
2015-02-16 00:55 . 2015-02-16 00:55        --------        d-----w-        c:\program files (x86)\OpenOffice 4
2015-02-13 05:46 . 2015-01-23 04:42        814080        ----a-w-        c:\windows\system32\jscript9diag.dll
2015-02-13 05:46 . 2015-01-23 04:41        6041600        ----a-w-        c:\windows\system32\jscript9.dll
2015-02-13 05:46 . 2015-01-23 03:43        620032        ----a-w-        c:\windows\SysWow64\jscript9diag.dll
2015-02-13 05:46 . 2015-01-23 03:17        4300800        ----a-w-        c:\windows\SysWow64\jscript9.dll
2015-02-12 09:47 . 2015-02-12 10:28        --------        d-----w-        C:\Keen
2015-02-12 09:26 . 2015-02-12 09:27        --------        d-----w-        C:\frogger
2015-02-11 10:04 . 2015-01-13 03:10        1424384        ----a-w-        c:\windows\system32\WindowsCodecs.dll
2015-02-11 10:03 . 2015-01-09 02:03        3201536        ----a-w-        c:\windows\system32\win32k.sys
2015-02-07 00:57 . 2015-02-07 00:57        --------        d-----w-        c:\users\David\AppData\Roaming\BANDISOFT
2015-02-07 00:56 . 2015-02-07 00:56        --------        d-----w-        c:\program files (x86)\Bandicam
2015-01-29 18:08 . 2015-01-29 18:08        --------        d-----w-        C:\tv
2015-01-29 18:00 . 2002-05-21 07:37        131072        ----a-w-        c:\windows\SysWow64\eax.dll
2015-01-29 17:57 . 2015-02-21 20:55        --------        d-----w-        C:\S2
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-12 02:02 . 2013-11-09 15:25        116773704        ----a-w-        c:\windows\system32\MRT.exe
2015-02-05 04:58 . 2013-06-29 11:18        71344        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-02-05 04:58 . 2013-06-29 11:18        701616        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2015-01-08 00:40 . 2015-01-08 00:40        4102        ----a-w-        c:\windows\SysWow64\ealregsnapshot1.reg
2014-12-22 23:41 . 2010-11-21 03:27        298120        ------w-        c:\windows\system32\MpSigStub.exe
2014-12-19 03:06 . 2015-01-14 20:32        210432        ----a-w-        c:\windows\system32\profsvc.dll
2014-12-19 01:46 . 2015-01-14 20:32        141312        ----a-w-        c:\windows\system32\drivers\mrxdav.sys
2014-12-11 17:47 . 2015-01-14 20:32        62976        ----a-w-        c:\windows\system32\TSWbPrxy.exe
2014-12-06 04:17 . 2015-01-14 20:32        303616        ----a-w-        c:\windows\system32\nlasvc.dll
2014-12-06 03:50 . 2015-01-14 20:32        52224        ----a-w-        c:\windows\SysWow64\nlaapi.dll
2014-12-06 03:50 . 2015-01-14 20:32        156672        ----a-w-        c:\windows\SysWow64\ncsi.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KPeerNexonEU"="c:\nexon\NEXON_EU_Downloader\nxEULauncher.exe" [2013-07-04 438272]
"icq"="c:\users\David\AppData\Roaming\ICQM\icq.exe" [2013-07-07 28698984]
"DAEMON Tools Pro Agent"="c:\program files (x86)\DAEMON Tools Pro\DTAgent.exe" [2012-10-23 3108480]
"Akamai NetSession Interface"="c:\users\David\AppData\Local\Akamai\netsession_win.exe" [2014-04-17 4672920]
"uTorrent"="c:\users\David\AppData\Roaming\uTorrent\uTorrent.exe" [2015-01-21 1374032]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2012-05-25 6595928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-02-21 5227112]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 ArcService;Arc Service;c:\program files (x86)\Perfect World Entertainment\Arc\ArcService.exe;c:\program files (x86)\Perfect World Entertainment\Arc\ArcService.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe;c:\program files (x86)\Tunngle\TnglCtrl.exe [x]
R3 vmci;vmci;c:\windows\system32\DRIVERS\vmci.sys;c:\windows\SYSNATIVE\DRIVERS\vmci.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 xhunter1;xhunter1;c:\windows\xhunter1.sys;c:\windows\xhunter1.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 ESLWireAC;ESLWireAC;c:\windows\system32\drivers\ESLWireACD.sys;c:\windows\SYSNATIVE\drivers\ESLWireACD.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 EslWireHelper;ESL Wire Helper Service;c:\program files\EslWire\service\WireHelperSvc.exe;c:\program files\EslWire\service\WireHelperSvc.exe [x]
S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys;c:\windows\SYSNATIVE\DRIVERS\tap0901t.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2015-02-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-29 04:58]
.
2015-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-12 10:35]
.
2015-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-12 10:35]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-02-21 11:27        860984        ----a-w-        c:\program files\AVAST Software\Avast\ashShA64.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
Trusted Zone: aeriagames.com
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{FA6B3B38-2C61-41F2-9861-3594F3DD8B35}: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\4to1r28p.default-1405135581555\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-GOGPACKBEYONDGOODANDEVIL_is1 - c:\gog games\Beyond Good and Evil\unins000.exe
AddRemove-GOGPACKSETTLERS2GOLD_is1 - c:\gog games\Settlers 2 GOLD\unins000.exe
AddRemove-ThiefGoldDeinstallKey - c:\games\ThiefG\thiefalphaIIu.log
AddRemove-VP3 Codec for Video for Windows - c:\windows\system32\Uninstal.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3260951588-4144526485-2639087776-1000\Software\SecuROM\License information*]
"datasecu"=hex:cd,6f,ff,14,be,02,60,52,fb,33,d2,45,d9,42,7c,89,76,fa,b3,a2,e3,
  99,5b,83,67,05,9c,86,40,e1,df,fe,4b,d8,bb,03,b5,12,ac,90,52,c0,09,10,49,bf,\
"rkeysecu"=hex:b0,26,6f,c5,a1,25,3b,43,be,47,b0,95,f9,41,fe,38
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.16"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-02-22  11:35:06
ComboFix-quarantined-files.txt  2015-02-22 10:35
.
Vor Suchlauf: 32 Verzeichnis(se), 77.824.868.352 Bytes frei
Nach Suchlauf: 37 Verzeichnis(se), 82.253.201.408 Bytes frei
.
- - End Of File - - 572269072B76F4DF472F4702BBF6F41C
A36C5E4F47E84449FF07ED3517B43A31

schrauber 22.02.2015 18:16
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

Hardcore114 23.02.2015 04:01
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 23.02.2015
Suchlauf-Zeit: 03:01:39
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2015.02.22.08
Rootkit Datenbank: v2015.02.22.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: David

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 353883
Verstrichene Zeit: 10 Min, 5 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 0
(Keine schädliche Elemente erkannt)

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)
Code:
# AdwCleaner v4.111 - Bericht erstellt 23/02/2015 um 03:41:23
# Aktualisiert 18/02/2015 von Xplode
# Datenbank : 2015-02-18.3 [Server]
# Betriebssystem : Windows 7 Professional Service Pack 1 (x64)
# Benutzername : David - DAVID-PC
# Gestarted von : C:\Users\David\Desktop\AdwCleaner_4.111.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\David\AppData\Local\CrashRpt
Datei Gelöscht : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\4to1r28p.default-1405135581555\foxydeal.sqlite

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17631


-\\ Mozilla Firefox v35.0.1 (x86 de)


-\\ Google Chrome v


-\\ Chromium v


*************************

AdwCleaner[R0].txt - [7709 Bytes] - [22/06/2014 15:53:30]
AdwCleaner[R1].txt - [1044 Bytes] - [22/06/2014 15:56:41]
AdwCleaner[R2].txt - [1105 Bytes] - [23/06/2014 19:09:28]
AdwCleaner[R3].txt - [1378 Bytes] - [26/07/2014 23:46:26]
AdwCleaner[R4].txt - [1613 Bytes] - [29/08/2014 23:52:49]
AdwCleaner[R5].txt - [1572 Bytes] - [06/09/2014 12:45:24]
AdwCleaner[R6].txt - [1653 Bytes] - [26/01/2015 02:15:43]
AdwCleaner[R7].txt - [1714 Bytes] - [23/02/2015 03:26:44]
AdwCleaner[S0].txt - [7224 Bytes] - [22/06/2014 15:54:10]
AdwCleaner[S1].txt - [1439 Bytes] - [26/07/2014 23:48:13]
AdwCleaner[S2].txt - [1674 Bytes] - [29/08/2014 23:54:32]
AdwCleaner[S3].txt - [1636 Bytes] - [23/02/2015 03:41:23]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1695  Bytes] ##########
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 7 Professional x64
Ran by David on 23.02.2015 at  3:45:31,83
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\David\AppData\Roaming\mozilla\firefox\profiles\4to1r28p.default-1405135581555\minidumps [63 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 23.02.2015 at  3:49:48,71
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-02-2015
Ran by David (administrator) on DAVID-PC on 23-02-2015 04:00:07
Running from C:\Users\David\Desktop
Loaded Profiles: David (Available profiles: David)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files\EslWire\service\WireHelperSvc.exe
() C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\Ymsgr_tray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Akamai Technologies, Inc.) C:\Users\David\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\David\AppData\Local\Akamai\netsession_win.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-02-21] (AVAST Software)
HKU\S-1-5-21-3260951588-4144526485-2639087776-1000\...\Run: [KPeerNexonEU] => C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe [438272 2013-07-04] (NEXON Inc.)
HKU\S-1-5-21-3260951588-4144526485-2639087776-1000\...\Run: [icq] => C:\Users\David\AppData\Roaming\ICQM\icq.exe [28698984 2013-07-07] (ICQ)
HKU\S-1-5-21-3260951588-4144526485-2639087776-1000\...\Run: [DAEMON Tools Pro Agent] => C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe [3108480 2012-10-23] (DT Soft Ltd)
HKU\S-1-5-21-3260951588-4144526485-2639087776-1000\...\Run: [Akamai NetSession Interface] => C:\Users\David\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3260951588-4144526485-2639087776-1000\...\Run: [uTorrent] => C:\Users\David\AppData\Roaming\uTorrent\uTorrent.exe [1374032 2015-01-21] (BitTorrent Inc.)
HKU\S-1-5-21-3260951588-4144526485-2639087776-1000\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3260951588-4144526485-2639087776-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3260951588-4144526485-2639087776-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\ArcPluginIE.dll (Perfect World Entertainment Inc)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\4to1r28p.default-1405135581555
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npnxgameEU.dll (Nexon)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll (Perfect World Entertainment Inc)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3260951588-4144526485-2639087776-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\David\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3260951588-4144526485-2639087776-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Extension: DownloadHelper - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\4to1r28p.default-1405135581555\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-11-13]
FF Extension: ProxTube - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\4to1r28p.default-1405135581555\Extensions\ich@maltegoetz.de.xpi [2014-09-11]
FF Extension: NoScript - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\4to1r28p.default-1405135581555\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-07-12]
FF Extension: Adblock Plus - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\4to1r28p.default-1405135581555\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-12]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\adblockplus [2015-01-17]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\bookmarkbackups [2015-01-17]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\crashes [2015-01-17]
FF Extension: GFACE Experience Plugin - C:\Program Files (x86)\Mozilla Firefox\extensions\cryenginebrowserplugin@crytek.com [2015-01-17]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\extensions [2015-01-17]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\healthreport [2015-01-17]
FF Extension: ProxTube - Unblock YouTube - C:\Program Files (x86)\Mozilla Firefox\extensions\ich@maltegoetz.de [2015-01-17]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\minidumps [2015-01-17]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\searchplugins [2015-01-17]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\storage [2015-01-17]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\weave [2015-01-17]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\webapps [2015-01-17]
FF Extension: DownloadHelper - C:\Program Files (x86)\Mozilla Firefox\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2015-01-17]
FF Extension: NoScript - C:\Program Files (x86)\Mozilla Firefox\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-01-17]
FF Extension: Adblock Plus - C:\Program Files (x86)\Mozilla Firefox\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-01-17]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-02-21]

Chrome:
=======
CHR Profile: C:\Users\David\AppData\Local\Google\Chrome\User Data\default
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-02-21]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ArcService; C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [88400 2014-10-21] (Perfect World Entertainment Inc)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-02-21] (AVAST Software)
R2 EslWireHelper; C:\Program Files\EslWire\service\WireHelperSvc.exe [663056 2014-01-29] ()
S2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2015-02-16] (Hi-Rez Studios) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2015-01-07] (Electronic Arts)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5419792 2014-11-28] (TeamViewer GmbH)
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [762320 2014-11-04] (Tunngle.net GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13368 2009-04-06] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-02-21] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [87912 2015-02-21] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2015-02-21] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-02-21] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-02-21] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2015-02-21] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2015-02-21] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-02-21] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-08-26] (DT Soft Ltd)
R0 ESLWireAC; C:\Windows\System32\drivers\ESLWireACD.sys [184968 2014-08-22] (<Turtle Entertainment>)
S2 hwpsgt; C:\Windows\SysWOW64\DRIVERS\hwpsgt.sys [137344 2013-09-07] () [File not signed]
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
S2 lemsgt; C:\Windows\SysWOW64\DRIVERS\lemsgt.sys [9472 2013-09-07] () [File not signed]
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-17] ()
S2 tandpl; C:\Windows\SysWOW64\drivers\tandpl.sys [4736 2003-04-19] () [File not signed]
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-23 04:00 - 2015-02-23 04:00 - 00000000 ____D () C:\Users\David\Desktop\FRST-OlderVersion
2015-02-23 03:49 - 2015-02-23 03:49 - 00000771 _____ () C:\Users\David\Desktop\JRT.txt
2015-02-23 03:25 - 2015-02-23 03:25 - 00001202 _____ () C:\Users\David\Desktop\mbam.txt
2015-02-22 23:38 - 2015-02-22 23:38 - 00072342 _____ () C:\Users\David\Desktop\Deckblatt.odt
2015-02-22 22:01 - 2015-02-22 22:01 - 07835648 _____ () C:\Users\David\Downloads\PathOfExileInstaller.msi
2015-02-22 22:01 - 2015-02-22 22:01 - 00002134 _____ () C:\Users\Public\Desktop\Path of Exile.lnk
2015-02-22 22:01 - 2015-02-22 22:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grinding Gear Games
2015-02-22 19:18 - 2015-02-22 19:18 - 02126848 _____ () C:\Users\David\Desktop\AdwCleaner_4.111.exe
2015-02-22 19:18 - 2015-02-22 19:18 - 01388274 _____ (Thisisu) C:\Users\David\Desktop\JRT.exe
2015-02-22 19:05 - 2015-02-22 19:05 - 00016719 _____ () C:\Users\David\Desktop\Lebenslauf David.odt
2015-02-22 18:00 - 2015-02-22 18:00 - 00017885 _____ () C:\Users\David\Desktop\Bewerbung Lagerhelfer2.odt
2015-02-22 11:35 - 2015-02-22 11:35 - 00017666 _____ () C:\ComboFix.txt
2015-02-22 11:20 - 2015-02-22 11:35 - 00000000 ____D () C:\ComboFix
2015-02-22 11:20 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-02-22 11:20 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-02-22 11:20 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-02-22 11:20 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-02-22 11:20 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-02-22 11:20 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-02-22 11:20 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-02-22 11:20 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-02-22 11:05 - 2015-02-22 11:35 - 00000000 ____D () C:\Qoobox
2015-02-22 11:05 - 2015-02-22 11:33 - 00000000 ____D () C:\Windows\erdnt
2015-02-22 11:02 - 2015-02-22 11:03 - 05611903 ____R (Swearware) C:\Users\David\Desktop\ComboFix.exe
2015-02-21 21:49 - 2015-02-21 21:49 - 00000000 ____D () C:\Users\David\Downloads\S2.Gold
2015-02-21 21:03 - 2015-02-23 04:00 - 00014866 _____ () C:\Users\David\Desktop\FRST.txt
2015-02-21 21:03 - 2015-02-21 21:03 - 00031546 _____ () C:\Users\David\Desktop\Addition.txt
2015-02-21 20:58 - 2015-02-21 20:59 - 00031548 _____ () C:\Users\David\Downloads\Addition.txt
2015-02-21 20:57 - 2015-02-23 04:00 - 00000000 ____D () C:\FRST
2015-02-21 20:57 - 2015-02-21 20:59 - 00042155 _____ () C:\Users\David\Downloads\FRST.txt
2015-02-21 19:39 - 2015-02-21 19:39 - 00380416 _____ () C:\Users\David\Downloads\Gmer-19357.exe
2015-02-21 19:36 - 2015-02-23 04:00 - 02087424 _____ (Farbar) C:\Users\David\Desktop\FRST64.exe
2015-02-21 19:35 - 2015-02-21 19:35 - 00050477 _____ () C:\Users\David\Downloads\Defogger.exe
2015-02-21 12:28 - 2015-02-21 12:28 - 00000000 ____D () C:\Users\David\AppData\Roaming\AVAST Software
2015-02-21 12:27 - 2015-02-21 12:28 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-02-21 12:27 - 2015-02-21 12:27 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2015-02-21 12:27 - 2015-02-21 12:27 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-02-21 12:27 - 2015-02-21 12:27 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-02-21 12:27 - 2015-02-21 12:27 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-02-21 12:27 - 2015-02-21 12:27 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-02-21 12:27 - 2015-02-21 12:27 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-02-21 12:27 - 2015-02-21 12:27 - 00087912 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2015-02-21 12:27 - 2015-02-21 12:27 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-02-21 12:27 - 2015-02-21 12:27 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-02-21 12:27 - 2015-02-21 12:27 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-02-21 12:27 - 2015-02-21 12:27 - 00001965 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-02-21 12:27 - 2015-02-21 12:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-02-21 12:26 - 2015-02-21 12:26 - 00000000 ____D () C:\Program Files\AVAST Software
2015-02-21 12:24 - 2015-02-21 12:26 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-02-21 12:23 - 2015-02-21 12:24 - 132469808 _____ (AVAST Software) C:\Users\David\Downloads\avast_free_antivirus_setup_10.2208.712.exe
2015-02-20 23:38 - 2015-02-20 23:38 - 00000000 ____D () C:\Users\David\Downloads\ShaiyaIndependenceEP7.4
2015-02-17 19:39 - 2015-02-20 11:07 - 00000000 ____D () C:\Users\David\Downloads\Rollercoaster.Tycoon.3.Pack
2015-02-17 18:34 - 2015-01-09 04:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-02-17 18:34 - 2015-01-09 04:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-02-17 18:34 - 2015-01-09 04:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-02-17 18:34 - 2015-01-09 03:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-02-17 17:23 - 2009-02-22 15:17 - 01246231 _____ () C:\DUKE3D.EXE
2015-02-17 17:22 - 2015-02-17 17:22 - 00000175 _____ () C:\INSTALL.LOG
2015-02-17 15:37 - 2015-02-17 15:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atari
2015-02-17 14:23 - 2015-02-17 14:24 - 00000000 ____D () C:\Users\David\Documents\RCT3
2015-02-17 14:23 - 2015-02-17 14:23 - 00000000 ____D () C:\Users\David\AppData\Roaming\Atari
2015-02-17 13:49 - 2015-02-17 13:49 - 00000000 ____D () C:\Program Files (x86)\Portable
2015-02-17 13:43 - 2015-02-17 13:43 - 00000000 ____D () C:\Users\David\Downloads\RollerCoaster Tycoon 3 Platinum (1-click run)
2015-02-17 06:55 - 2015-02-17 06:55 - 00000003 _____ () C:\Windows\system32\HRUPPROG.TXT
2015-02-17 06:55 - 2015-02-17 06:55 - 00000003 _____ () C:\Windows\system32\HRUPPROG.EXIT
2015-02-16 02:58 - 2015-02-22 17:52 - 00016476 _____ () C:\Users\David\Desktop\Bewerbung Lagerhelfer.odt
2015-02-16 01:56 - 2015-02-16 01:56 - 00000000 ____D () C:\Users\David\AppData\Roaming\OpenOffice
2015-02-16 01:55 - 2015-02-16 01:55 - 00001192 _____ () C:\Users\David\Desktop\OpenOffice 4.1.1.lnk
2015-02-16 01:55 - 2015-02-16 01:55 - 00000000 ___SD () C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1
2015-02-16 01:55 - 2015-02-16 01:55 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2015-02-16 01:53 - 2015-02-16 01:53 - 00000000 ____D () C:\Users\David\Desktop\OpenOffice 4.1.1 (de) Installation Files
2015-02-16 01:52 - 2015-02-16 01:53 - 164858324 _____ () C:\Users\David\Downloads\Apache_OpenOffice_4.1.1_Win_x86_install_de.exe
2015-02-14 20:10 - 2015-02-14 20:10 - 00002038 _____ () C:\Users\Public\Desktop\Hi-Rez Diagnostics and Support.lnk
2015-02-14 20:10 - 2015-02-14 20:10 - 00002029 _____ () C:\Users\Public\Desktop\Smite.lnk
2015-02-14 20:10 - 2015-02-14 20:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios
2015-02-14 20:08 - 2015-02-14 20:08 - 46660424 _____ (Hi-Rez Studios) C:\Users\David\Downloads\InstallSmite.exe
2015-02-13 06:46 - 2015-01-23 05:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-13 06:46 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-13 06:46 - 2015-01-23 04:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-13 06:46 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-12 10:47 - 2015-02-12 11:28 - 00000000 ____D () C:\Keen
2015-02-12 10:29 - 2015-02-12 10:29 - 00003072 _____ () C:\Windows\System32\Tasks\{86220E2B-E7C6-4F24-B810-D9C70C6C71AE}
2015-02-12 10:26 - 2015-02-12 10:27 - 00000000 ____D () C:\frogger
2015-02-11 11:05 - 2015-02-04 04:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-11 11:05 - 2015-02-04 04:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-11 11:05 - 2015-02-04 04:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-11 11:05 - 2015-02-04 04:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-11 11:05 - 2015-02-04 04:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-11 11:05 - 2015-02-04 04:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-11 11:05 - 2015-02-04 04:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-11 11:05 - 2015-01-28 00:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-11 11:05 - 2015-01-14 06:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 11:05 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-11 11:05 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 11:05 - 2015-01-12 04:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 11:05 - 2015-01-12 04:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-11 11:05 - 2015-01-12 03:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-11 11:05 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 11:05 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 11:05 - 2015-01-12 03:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-11 11:05 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-11 11:05 - 2015-01-12 03:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 11:05 - 2015-01-12 03:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-11 11:05 - 2015-01-12 03:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 11:05 - 2015-01-12 03:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-11 11:05 - 2015-01-12 03:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-11 11:05 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-11 11:05 - 2015-01-12 03:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-11 11:05 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-11 11:05 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 11:05 - 2015-01-12 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-11 11:05 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-11 11:05 - 2015-01-12 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-11 11:05 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 11:05 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-11 11:05 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-11 11:05 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-11 11:05 - 2015-01-12 03:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 11:05 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-11 11:05 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-11 11:05 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-11 11:05 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-11 11:05 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-11 11:05 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 11:05 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 11:05 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 11:05 - 2015-01-12 02:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-11 11:05 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-11 11:05 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 11:05 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-11 11:05 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-11 11:05 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-11 11:05 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-11 11:05 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 11:05 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-11 11:05 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-11 11:05 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-11 11:05 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-11 11:05 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 11:05 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-11 11:05 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-11 11:05 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-11 11:05 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-11 11:05 - 2015-01-10 07:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-11 11:05 - 2015-01-10 07:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 11:05 - 2015-01-10 07:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-11 11:05 - 2015-01-10 07:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-11 11:05 - 2015-01-10 07:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-11 11:05 - 2015-01-10 07:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-11 11:05 - 2015-01-10 07:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-11 11:05 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-11 11:05 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-11 11:05 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-11 11:05 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-11 11:05 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-11 11:05 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-11 11:05 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-11 11:04 - 2015-01-15 09:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 11:04 - 2015-01-15 09:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-11 11:04 - 2015-01-15 09:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 11:04 - 2015-01-15 09:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-11 11:04 - 2015-01-15 09:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-11 11:04 - 2015-01-15 09:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-11 11:04 - 2015-01-15 09:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-11 11:04 - 2015-01-15 09:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-11 11:04 - 2015-01-15 09:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 11:04 - 2015-01-15 09:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-11 11:04 - 2015-01-15 09:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 11:04 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-11 11:04 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-11 11:04 - 2015-01-15 08:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-11 11:04 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-11 11:04 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-11 11:04 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-11 11:04 - 2015-01-15 05:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 11:04 - 2015-01-14 07:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 11:04 - 2015-01-14 07:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-11 11:04 - 2015-01-14 07:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-11 11:04 - 2015-01-14 07:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-11 11:04 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-11 11:04 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-11 11:04 - 2015-01-14 06:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-11 11:04 - 2015-01-13 04:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 11:04 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 11:04 - 2014-12-12 06:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-11 11:04 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-11 11:04 - 2014-12-08 04:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 11:04 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 11:04 - 2014-11-26 04:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 11:04 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-11 11:04 - 2014-07-07 03:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-02-11 11:04 - 2014-07-07 03:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-02-11 11:04 - 2014-07-07 02:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-02-11 11:04 - 2014-07-07 02:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-02-11 11:03 - 2015-01-09 03:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-07 01:57 - 2015-02-10 02:14 - 00000000 ____D () C:\Users\David\Documents\Bandicam
2015-02-07 01:57 - 2015-02-07 01:57 - 00000000 ____D () C:\Users\David\AppData\Roaming\BANDISOFT
2015-02-07 01:56 - 2015-02-07 01:56 - 09495760 _____ (Bandisoft) C:\Users\David\Downloads\bd740camsetup.exe
2015-02-07 01:56 - 2015-02-07 01:56 - 00000993 _____ () C:\Users\David\Desktop\Bandicam.lnk
2015-02-07 01:56 - 2015-02-07 01:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bandicam
2015-02-07 01:56 - 2015-02-07 01:56 - 00000000 ____D () C:\Program Files (x86)\Bandicam
2015-01-29 19:08 - 2015-01-29 19:08 - 00000000 ____D () C:\tv
2015-01-29 19:07 - 2015-01-29 19:07 - 00000000 ____D () C:\Users\David\Downloads\tv
2015-01-29 19:00 - 2002-05-21 08:37 - 00131072 _____ (Creative Technology Ltd) C:\Windows\SysWOW64\eax.dll
2015-01-29 18:57 - 2015-02-21 21:55 - 00000000 ____D () C:\S2
2015-01-29 18:15 - 2015-01-29 18:18 - 00000000 ____D () C:\Users\David\Downloads\Beyond Good and Evil (December 14, 2003)
2015-01-27 23:18 - 2015-01-27 23:18 - 00000000 ____D () C:\Users\David\Downloads\Shaiya-FightClub
2015-01-26 02:15 - 2015-01-26 02:15 - 02194432 _____ () C:\Users\David\Downloads\adwcleaner_4.109.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-23 03:58 - 2013-06-29 12:18 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-23 03:50 - 2009-07-14 05:45 - 00032080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-23 03:50 - 2009-07-14 05:45 - 00032080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-23 03:45 - 2013-07-18 14:13 - 00000000 ____D () C:\Users\David\AppData\Roaming\uTorrent
2015-02-23 03:44 - 2014-04-30 23:45 - 00000000 ____D () C:\Users\David\AppData\Local\Akamai
2015-02-23 03:43 - 2013-07-12 11:35 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-23 03:42 - 2014-05-25 09:06 - 00488802 _____ () C:\Windows\PFRO.log
2015-02-23 03:42 - 2014-05-24 21:45 - 00157358 _____ () C:\Windows\setupact.log
2015-02-23 03:42 - 2013-06-29 11:51 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-23 03:42 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-23 03:41 - 2014-06-22 15:53 - 00000000 ____D () C:\AdwCleaner
2015-02-23 03:41 - 2013-08-17 19:38 - 01315425 _____ () C:\Windows\WindowsUpdate.log
2015-02-23 03:14 - 2013-07-12 11:35 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-23 03:06 - 2013-07-06 20:17 - 00000000 ____D () C:\Users\David\AppData\Roaming\Skype
2015-02-23 03:00 - 2014-09-06 12:55 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-23 03:00 - 2014-09-06 12:54 - 00001107 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-23 03:00 - 2014-09-06 12:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-23 03:00 - 2014-09-06 12:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-23 02:59 - 2013-06-30 09:17 - 00000000 ____D () C:\Users\David\AppData\Roaming\TS3Client
2015-02-22 21:25 - 2014-07-08 18:22 - 00000224 _____ () C:\Users\David\BullseyeCoverageError.txt
2015-02-22 11:35 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2015-02-22 11:32 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-02-21 21:52 - 2013-11-17 01:38 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2015-02-21 21:50 - 2014-07-23 17:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2015-02-21 21:50 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-02-21 13:37 - 2013-07-19 16:55 - 00000000 ____D () C:\Users\David\Downloads\1
2015-02-21 12:31 - 2014-11-18 12:58 - 00000000 ___HD () C:\Users\David\AppData\Roaming\Origin
2015-02-20 13:34 - 2013-07-03 19:14 - 00000000 ____D () C:\Users\David\AppData\Local\PMB Files
2015-02-20 13:34 - 2013-07-03 19:14 - 00000000 ____D () C:\ProgramData\PMB Files
2015-02-18 18:48 - 2013-07-06 20:17 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-02-18 18:48 - 2013-07-06 20:17 - 00000000 ____D () C:\ProgramData\Skype
2015-02-18 10:26 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing
2015-02-17 19:37 - 2009-07-14 05:45 - 00306536 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-17 15:37 - 2013-10-03 16:23 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-02-17 15:37 - 2013-10-03 16:22 - 00000000 ____D () C:\Program Files (x86)\Atari
2015-02-16 16:17 - 2013-06-29 11:55 - 00067512 _____ () C:\Users\David\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-14 20:50 - 2014-11-07 15:25 - 00018602 _____ () C:\Windows\DirectX.log
2015-02-14 20:10 - 2014-04-04 18:40 - 00000000 ____D () C:\ProgramData\Hi-Rez Studios
2015-02-14 20:10 - 2014-04-04 18:40 - 00000000 ____D () C:\Program Files (x86)\Hi-Rez Studios
2015-02-12 21:57 - 2014-12-10 03:21 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-12 21:57 - 2014-05-07 02:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-12 21:57 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-02-12 10:27 - 2013-08-26 20:46 - 00000000 ____D () C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-02-12 03:06 - 2013-11-09 16:25 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-12 03:02 - 2013-11-09 16:25 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-11 23:55 - 2014-04-22 22:05 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-02-07 01:56 - 2013-08-17 23:37 - 00000000 ____D () C:\Program Files (x86)\BandiMPEG1
2015-02-05 10:09 - 2013-07-12 11:35 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-05 10:09 - 2013-07-12 11:35 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-05 05:58 - 2013-06-29 12:18 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-05 05:58 - 2013-06-29 12:18 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-05 05:58 - 2013-06-29 12:18 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-27 15:31 - 2013-06-29 11:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-27 06:22 - 2015-01-17 12:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-27 06:22 - 2014-12-09 15:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox.bak
2015-01-24 11:32 - 2014-02-19 22:03 - 00000000 ____D () C:\Users\David\Downloads\Blubb

Files to move or delete:
====================
C:\Users\David\Demon_Slayer_Anmeldeclient.exe


Some content of TEMP:
====================
C:\Users\David\AppData\Local\Temp\BullseyeCoverage-2-x86.dll
C:\Users\David\AppData\Local\Temp\Quarantine.exe
C:\Users\David\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-03 15:49

==================== End Of Log ============================
--- --- ---

schrauber 23.02.2015 16:52

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Hardcore114 23.02.2015 21:26
Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=803669a3425ab7419bcd9b48f680bad3
# engine=22608
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-02-23 08:14:14
# local_time=2015-02-23 09:14:14 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 71 94 207654 208179 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 66760 176352304 0 0
# scanned=454265
# found=18
# cleaned=0
# scan_time=14360
sh=99F97AD369E8621AB4D17DF53E80E60FEE99C727 ft=1 fh=42567613b862d846 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\David\AppData\Local\Temp\OCS\ocs_v71b.exe.vir"
sh=5274FD62195CDA721FEBF8D6355E100D6664DDEC ft=1 fh=7e043af9a89f18eb vn="Variante von Win32/Packed.VMProtect.AAH Trojaner" ac=I fn="C:\Program Files (x86)\2K Games\Gearbox Software\Borderlands GOTY Edition\Binaries\paul.dll"
sh=815CE918A2CF57F5E0A3A9346FD9A6F6B3D03D30 ft=1 fh=028c167410bf2336 vn="Win32/InstallCore.GI evtl. unerwünschte Anwendung" ac=I fn="C:\Users\David\AppData\Local\PMB Files\Upgrade41270\PMB_updater.exe"
sh=12D98225FE62D7F2FED947688153C408161DED17 ft=0 fh=0000000000000000 vn="Win32/Packed.Autoit.E.Gen evtl. unerwünschte Anwendung" ac=I fn="C:\Users\David\Desktop\DDos Protect\DDos Protect.rar"
sh=0FDAA903D625FC0DE21D17C7B92EC34595233175 ft=1 fh=5b30f38be0470b39 vn="Win32/Packed.Autoit.E.Gen evtl. unerwünschte Anwendung" ac=I fn="C:\Users\David\Desktop\DDos Protect\DDos Protect\DDos Protect.exe"
sh=D7BCF17E0169F4851CE662E398F562E145AED04D ft=1 fh=447e0f4312ee518c vn="Variante von Win32/ExpressDownloader.H evtl. unerwünschte Anwendung" ac=I fn="C:\Users\David\Downloads\1\Age_of_Empires_II_(HD_Edition)_(2013)_downloader_de_13.exe"
sh=1AF3846F201DE5023F45B6BDC069DF353EFB138E ft=1 fh=dbb7d28d997c85a2 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\David\Downloads\1\icq6336_rfrset - CHIP-Downloader.exe"
sh=A3A21E5D8005262C6E1C40319D00FEF6CCA6A704 ft=1 fh=f92d77a540caac86 vn="Win32/SoftonicDownloader.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\David\Downloads\1\SoftonicDownloader_fuer_microsoft-excel-viewer.exe"
sh=894D413CCB58223FF6C99C01ECF6524F886738F5 ft=1 fh=483ab3832d808c98 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="D:\Downloads\Integrated_BrotherSoft_TB.exe"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="Variante von Win32/Packed.VMProtect.AAH Trojaner" ac=I fn="D:\_Sicherungen\(image) Borderlands GOTY Edition MULTI5\TVM_BLGOTY2.iso"
sh=52A0AC145BDF43A1604887853B2B7D45411E0349 ft=1 fh=8bf79caf05b84687 vn="Win32/Toolbar.Conduit.S evtl. unerwünschte Anwendung" ac=I fn="E:\Users\david\AppData\Local\Temp\mconduitinstaller.exe"
sh=3E37507BBD4C0287689634B2CDD77E59679681AF ft=1 fh=cbd9e88b633aff58 vn="Win32/Toolbar.Conduit.AP evtl. unerwünschte Anwendung" ac=I fn="E:\Users\david\AppData\Local\Temp\mism.exe"
sh=9FF6957889CDFDC7AEFA47A4340D525A5F42CC88 ft=1 fh=fefcacaf110cc872 vn="Win32/Toolbar.Conduit.S evtl. unerwünschte Anwendung" ac=I fn="E:\Users\david\AppData\Local\Temp\nsdB9BE.tmp"
sh=34BCDE11A22683EC42F88CF11A55DF978A1CA53B ft=1 fh=902e7624f4009a9d vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="E:\Users\david\AppData\Local\Temp\OCS\ocs_v7d.exe"
sh=87DE696DE5A448088284ECEBA18F8DE1A426A18D ft=1 fh=cf3162714bc87b67 vn="Win32/DownWare.L evtl. unerwünschte Anwendung" ac=I fn="E:\Users\david\Downloads\DAEMONToolsPro530-0359.exe"
sh=27316E5E00B2499048386F777276A1B436F474FC ft=1 fh=7ec261b65f189d60 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="E:\Users\david\Downloads\icq_rfrset-8.1b6325 - CHIP-Downloader.exe"
sh=58E4D48A19F6EC0CD9358335EA827243361E9787 ft=1 fh=7573e1712c0172d7 vn="Win32/Toolbar.Conduit.M evtl. unerwünschte Anwendung" ac=I fn="E:\Users\david\Downloads\IMVU(1).exe"
sh=58E4D48A19F6EC0CD9358335EA827243361E9787 ft=1 fh=7573e1712c0172d7 vn="Win32/Toolbar.Conduit.M evtl. unerwünschte Anwendung" ac=I fn="E:\Users\david\Downloads\IMVU.exe"
Code:
Results of screen317's Security Check version 0.99.96 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
AVG AntiVirus Free Edition 2014 
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 60 
 Java version 32-bit out of Date!
  Java 64-bit 8 Update 31 
 Adobe Flash Player 16.0.0.305 
 Adobe Reader XI 
 Mozilla Firefox (35.0.1)
````````Process Check: objlist.exe by Laurent```````` 
 AVAST Software Avast AvastSvc.exe 
 AVAST Software Avast avastui.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-02-2015
Ran by David (administrator) on DAVID-PC on 23-02-2015 21:24:52
Running from C:\Users\David\Desktop
Loaded Profiles: David (Available profiles: David)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files\EslWire\service\WireHelperSvc.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
() C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(TeamSpeak Systems GmbH) C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Akamai Technologies, Inc.) C:\Users\David\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\David\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-02-21] (AVAST Software)
HKU\S-1-5-21-3260951588-4144526485-2639087776-1000\...\Run: [KPeerNexonEU] => C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe [438272 2013-07-04] (NEXON Inc.)
HKU\S-1-5-21-3260951588-4144526485-2639087776-1000\...\Run: [icq] => C:\Users\David\AppData\Roaming\ICQM\icq.exe [28698984 2013-07-07] (ICQ)
HKU\S-1-5-21-3260951588-4144526485-2639087776-1000\...\Run: [DAEMON Tools Pro Agent] => C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe [3108480 2012-10-23] (DT Soft Ltd)
HKU\S-1-5-21-3260951588-4144526485-2639087776-1000\...\Run: [Akamai NetSession Interface] => C:\Users\David\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3260951588-4144526485-2639087776-1000\...\Run: [uTorrent] => C:\Users\David\AppData\Roaming\uTorrent\uTorrent.exe [1374032 2015-01-21] (BitTorrent Inc.)
HKU\S-1-5-21-3260951588-4144526485-2639087776-1000\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3260951588-4144526485-2639087776-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3260951588-4144526485-2639087776-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\ArcPluginIE.dll (Perfect World Entertainment Inc)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\4to1r28p.default-1405135581555
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npnxgameEU.dll (Nexon)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll (Perfect World Entertainment Inc)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3260951588-4144526485-2639087776-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\David\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3260951588-4144526485-2639087776-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Extension: DownloadHelper - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\4to1r28p.default-1405135581555\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-11-13]
FF Extension: ProxTube - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\4to1r28p.default-1405135581555\Extensions\ich@maltegoetz.de.xpi [2014-09-11]
FF Extension: NoScript - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\4to1r28p.default-1405135581555\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-07-12]
FF Extension: Adblock Plus - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\4to1r28p.default-1405135581555\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-12]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\adblockplus [2015-01-17]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\bookmarkbackups [2015-01-17]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\crashes [2015-01-17]
FF Extension: GFACE Experience Plugin - C:\Program Files (x86)\Mozilla Firefox\extensions\cryenginebrowserplugin@crytek.com [2015-01-17]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\extensions [2015-01-17]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\healthreport [2015-01-17]
FF Extension: ProxTube - Unblock YouTube - C:\Program Files (x86)\Mozilla Firefox\extensions\ich@maltegoetz.de [2015-01-17]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\minidumps [2015-01-17]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\searchplugins [2015-01-17]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\storage [2015-01-17]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\weave [2015-01-17]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\webapps [2015-01-17]
FF Extension: DownloadHelper - C:\Program Files (x86)\Mozilla Firefox\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2015-01-17]
FF Extension: NoScript - C:\Program Files (x86)\Mozilla Firefox\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-01-17]
FF Extension: Adblock Plus - C:\Program Files (x86)\Mozilla Firefox\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-01-17]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-02-21]

Chrome:
=======
CHR Profile: C:\Users\David\AppData\Local\Google\Chrome\User Data\default
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-02-21]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ArcService; C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [88400 2014-10-21] (Perfect World Entertainment Inc)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-02-21] (AVAST Software)
R2 EslWireHelper; C:\Program Files\EslWire\service\WireHelperSvc.exe [663056 2014-01-29] ()
R2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2015-02-16] (Hi-Rez Studios) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2015-01-07] (Electronic Arts)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5419792 2014-11-28] (TeamViewer GmbH)
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [762320 2014-11-04] (Tunngle.net GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13368 2009-04-06] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-02-21] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [87912 2015-02-21] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2015-02-21] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-02-21] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-02-21] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2015-02-21] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2015-02-21] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-02-21] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-08-26] (DT Soft Ltd)
R0 ESLWireAC; C:\Windows\System32\drivers\ESLWireACD.sys [184968 2014-08-22] (<Turtle Entertainment>)
S2 hwpsgt; C:\Windows\SysWOW64\DRIVERS\hwpsgt.sys [137344 2013-09-07] () [File not signed]
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
S2 lemsgt; C:\Windows\SysWOW64\DRIVERS\lemsgt.sys [9472 2013-09-07] () [File not signed]
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-17] ()
S2 tandpl; C:\Windows\SysWOW64\drivers\tandpl.sys [4736 2003-04-19] () [File not signed]
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-23 21:18 - 2015-02-23 21:18 - 00852594 _____ () C:\Users\David\Desktop\SecurityCheck.exe
2015-02-23 17:12 - 2015-02-23 17:12 - 02347384 _____ (ESET) C:\Users\David\Downloads\esetsmartinstaller_deu.exe
2015-02-23 17:12 - 2015-02-23 17:12 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-02-23 10:45 - 2015-02-23 10:45 - 00000000 ____D () C:\ProgramData\.mono
2015-02-23 04:00 - 2015-02-23 04:00 - 00000000 ____D () C:\Users\David\Desktop\FRST-OlderVersion
2015-02-23 03:49 - 2015-02-23 03:49 - 00000771 _____ () C:\Users\David\Desktop\JRT.txt
2015-02-23 03:25 - 2015-02-23 03:25 - 00001202 _____ () C:\Users\David\Desktop\mbam.txt
2015-02-22 23:38 - 2015-02-22 23:38 - 00072342 _____ () C:\Users\David\Desktop\Deckblatt.odt
2015-02-22 22:01 - 2015-02-22 22:01 - 07835648 _____ () C:\Users\David\Downloads\PathOfExileInstaller.msi
2015-02-22 22:01 - 2015-02-22 22:01 - 00002134 _____ () C:\Users\Public\Desktop\Path of Exile.lnk
2015-02-22 22:01 - 2015-02-22 22:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grinding Gear Games
2015-02-22 19:18 - 2015-02-22 19:18 - 02126848 _____ () C:\Users\David\Desktop\AdwCleaner_4.111.exe
2015-02-22 19:18 - 2015-02-22 19:18 - 01388274 _____ (Thisisu) C:\Users\David\Desktop\JRT.exe
2015-02-22 19:05 - 2015-02-22 19:05 - 00016719 _____ () C:\Users\David\Desktop\Lebenslauf David.odt
2015-02-22 18:00 - 2015-02-22 18:00 - 00017885 _____ () C:\Users\David\Desktop\Bewerbung Lagerhelfer2.odt
2015-02-22 11:35 - 2015-02-22 11:35 - 00017666 _____ () C:\ComboFix.txt
2015-02-22 11:20 - 2015-02-22 11:35 - 00000000 ____D () C:\ComboFix
2015-02-22 11:20 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-02-22 11:20 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-02-22 11:20 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-02-22 11:20 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-02-22 11:20 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-02-22 11:20 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-02-22 11:20 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-02-22 11:20 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-02-22 11:05 - 2015-02-22 11:35 - 00000000 ____D () C:\Qoobox
2015-02-22 11:05 - 2015-02-22 11:33 - 00000000 ____D () C:\Windows\erdnt
2015-02-22 11:02 - 2015-02-22 11:03 - 05611903 ____R (Swearware) C:\Users\David\Desktop\ComboFix.exe
2015-02-21 21:49 - 2015-02-21 21:49 - 00000000 ____D () C:\Users\David\Downloads\S2.Gold
2015-02-21 21:03 - 2015-02-23 21:24 - 00015254 _____ () C:\Users\David\Desktop\FRST.txt
2015-02-21 21:03 - 2015-02-21 21:03 - 00031546 _____ () C:\Users\David\Desktop\Addition.txt
2015-02-21 20:58 - 2015-02-21 20:59 - 00031548 _____ () C:\Users\David\Downloads\Addition.txt
2015-02-21 20:57 - 2015-02-23 21:24 - 00000000 ____D () C:\FRST
2015-02-21 20:57 - 2015-02-21 20:59 - 00042155 _____ () C:\Users\David\Downloads\FRST.txt
2015-02-21 19:39 - 2015-02-21 19:39 - 00380416 _____ () C:\Users\David\Downloads\Gmer-19357.exe
2015-02-21 19:36 - 2015-02-23 04:00 - 02087424 _____ (Farbar) C:\Users\David\Desktop\FRST64.exe
2015-02-21 19:35 - 2015-02-21 19:35 - 00050477 _____ () C:\Users\David\Downloads\Defogger.exe
2015-02-21 12:28 - 2015-02-21 12:28 - 00000000 ____D () C:\Users\David\AppData\Roaming\AVAST Software
2015-02-21 12:27 - 2015-02-21 12:28 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-02-21 12:27 - 2015-02-21 12:27 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2015-02-21 12:27 - 2015-02-21 12:27 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-02-21 12:27 - 2015-02-21 12:27 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-02-21 12:27 - 2015-02-21 12:27 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-02-21 12:27 - 2015-02-21 12:27 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-02-21 12:27 - 2015-02-21 12:27 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-02-21 12:27 - 2015-02-21 12:27 - 00087912 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2015-02-21 12:27 - 2015-02-21 12:27 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-02-21 12:27 - 2015-02-21 12:27 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-02-21 12:27 - 2015-02-21 12:27 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-02-21 12:27 - 2015-02-21 12:27 - 00001965 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-02-21 12:27 - 2015-02-21 12:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-02-21 12:26 - 2015-02-21 12:26 - 00000000 ____D () C:\Program Files\AVAST Software
2015-02-21 12:24 - 2015-02-21 12:26 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-02-21 12:23 - 2015-02-21 12:24 - 132469808 _____ (AVAST Software) C:\Users\David\Downloads\avast_free_antivirus_setup_10.2208.712.exe
2015-02-20 23:38 - 2015-02-20 23:38 - 00000000 ____D () C:\Users\David\Downloads\ShaiyaIndependenceEP7.4
2015-02-17 19:39 - 2015-02-20 11:07 - 00000000 ____D () C:\Users\David\Downloads\Rollercoaster.Tycoon.3.Pack
2015-02-17 18:34 - 2015-01-09 04:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-02-17 18:34 - 2015-01-09 04:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-02-17 18:34 - 2015-01-09 04:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-02-17 18:34 - 2015-01-09 03:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-02-17 17:23 - 2009-02-22 15:17 - 01246231 _____ () C:\DUKE3D.EXE
2015-02-17 17:22 - 2015-02-17 17:22 - 00000175 _____ () C:\INSTALL.LOG
2015-02-17 15:37 - 2015-02-17 15:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atari
2015-02-17 14:23 - 2015-02-17 14:24 - 00000000 ____D () C:\Users\David\Documents\RCT3
2015-02-17 14:23 - 2015-02-17 14:23 - 00000000 ____D () C:\Users\David\AppData\Roaming\Atari
2015-02-17 13:49 - 2015-02-17 13:49 - 00000000 ____D () C:\Program Files (x86)\Portable
2015-02-17 13:43 - 2015-02-17 13:43 - 00000000 ____D () C:\Users\David\Downloads\RollerCoaster Tycoon 3 Platinum (1-click run)
2015-02-17 06:55 - 2015-02-17 06:55 - 00000003 _____ () C:\Windows\system32\HRUPPROG.TXT
2015-02-17 06:55 - 2015-02-17 06:55 - 00000003 _____ () C:\Windows\system32\HRUPPROG.EXIT
2015-02-16 02:58 - 2015-02-22 17:52 - 00016476 _____ () C:\Users\David\Desktop\Bewerbung Lagerhelfer.odt
2015-02-16 01:56 - 2015-02-16 01:56 - 00000000 ____D () C:\Users\David\AppData\Roaming\OpenOffice
2015-02-16 01:55 - 2015-02-16 01:55 - 00001192 _____ () C:\Users\David\Desktop\OpenOffice 4.1.1.lnk
2015-02-16 01:55 - 2015-02-16 01:55 - 00000000 ___SD () C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1
2015-02-16 01:55 - 2015-02-16 01:55 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2015-02-16 01:53 - 2015-02-16 01:53 - 00000000 ____D () C:\Users\David\Desktop\OpenOffice 4.1.1 (de) Installation Files
2015-02-16 01:52 - 2015-02-16 01:53 - 164858324 _____ () C:\Users\David\Downloads\Apache_OpenOffice_4.1.1_Win_x86_install_de.exe
2015-02-14 20:10 - 2015-02-14 20:10 - 00002038 _____ () C:\Users\Public\Desktop\Hi-Rez Diagnostics and Support.lnk
2015-02-14 20:10 - 2015-02-14 20:10 - 00002029 _____ () C:\Users\Public\Desktop\Smite.lnk
2015-02-14 20:10 - 2015-02-14 20:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios
2015-02-14 20:08 - 2015-02-14 20:08 - 46660424 _____ (Hi-Rez Studios) C:\Users\David\Downloads\InstallSmite.exe
2015-02-13 06:46 - 2015-01-23 05:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-13 06:46 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-13 06:46 - 2015-01-23 04:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-13 06:46 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-12 10:47 - 2015-02-12 11:28 - 00000000 ____D () C:\Keen
2015-02-12 10:29 - 2015-02-12 10:29 - 00003072 _____ () C:\Windows\System32\Tasks\{86220E2B-E7C6-4F24-B810-D9C70C6C71AE}
2015-02-12 10:26 - 2015-02-12 10:27 - 00000000 ____D () C:\frogger
2015-02-11 11:05 - 2015-02-04 04:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-11 11:05 - 2015-02-04 04:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-11 11:05 - 2015-02-04 04:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-11 11:05 - 2015-02-04 04:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-11 11:05 - 2015-02-04 04:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-11 11:05 - 2015-02-04 04:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-11 11:05 - 2015-02-04 04:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-11 11:05 - 2015-01-28 00:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-11 11:05 - 2015-01-14 06:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 11:05 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-11 11:05 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 11:05 - 2015-01-12 04:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 11:05 - 2015-01-12 04:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-11 11:05 - 2015-01-12 03:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-11 11:05 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 11:05 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 11:05 - 2015-01-12 03:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-11 11:05 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-11 11:05 - 2015-01-12 03:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 11:05 - 2015-01-12 03:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-11 11:05 - 2015-01-12 03:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 11:05 - 2015-01-12 03:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-11 11:05 - 2015-01-12 03:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-11 11:05 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-11 11:05 - 2015-01-12 03:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-11 11:05 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-11 11:05 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 11:05 - 2015-01-12 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-11 11:05 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-11 11:05 - 2015-01-12 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-11 11:05 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 11:05 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-11 11:05 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-11 11:05 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-11 11:05 - 2015-01-12 03:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 11:05 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-11 11:05 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-11 11:05 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-11 11:05 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-11 11:05 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-11 11:05 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 11:05 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 11:05 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 11:05 - 2015-01-12 02:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-11 11:05 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-11 11:05 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 11:05 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-11 11:05 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-11 11:05 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-11 11:05 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-11 11:05 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 11:05 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-11 11:05 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-11 11:05 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-11 11:05 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-11 11:05 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 11:05 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-11 11:05 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-11 11:05 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-11 11:05 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-11 11:05 - 2015-01-10 07:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-11 11:05 - 2015-01-10 07:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 11:05 - 2015-01-10 07:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-11 11:05 - 2015-01-10 07:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-11 11:05 - 2015-01-10 07:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-11 11:05 - 2015-01-10 07:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-11 11:05 - 2015-01-10 07:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-11 11:05 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-11 11:05 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-11 11:05 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-11 11:05 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-11 11:05 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-11 11:05 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-11 11:05 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-11 11:04 - 2015-01-15 09:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 11:04 - 2015-01-15 09:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-11 11:04 - 2015-01-15 09:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 11:04 - 2015-01-15 09:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-11 11:04 - 2015-01-15 09:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-11 11:04 - 2015-01-15 09:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-11 11:04 - 2015-01-15 09:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-11 11:04 - 2015-01-15 09:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-11 11:04 - 2015-01-15 09:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 11:04 - 2015-01-15 09:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-11 11:04 - 2015-01-15 09:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 11:04 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-11 11:04 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-11 11:04 - 2015-01-15 08:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-11 11:04 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-11 11:04 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-11 11:04 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-11 11:04 - 2015-01-15 05:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 11:04 - 2015-01-14 07:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 11:04 - 2015-01-14 07:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-11 11:04 - 2015-01-14 07:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-11 11:04 - 2015-01-14 07:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-11 11:04 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-11 11:04 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-11 11:04 - 2015-01-14 06:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-11 11:04 - 2015-01-13 04:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 11:04 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 11:04 - 2014-12-12 06:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-11 11:04 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-11 11:04 - 2014-12-08 04:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 11:04 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 11:04 - 2014-11-26 04:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 11:04 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-11 11:04 - 2014-07-07 03:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-02-11 11:04 - 2014-07-07 03:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-02-11 11:04 - 2014-07-07 02:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-02-11 11:04 - 2014-07-07 02:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-02-11 11:03 - 2015-01-09 03:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-07 01:57 - 2015-02-10 02:14 - 00000000 ____D () C:\Users\David\Documents\Bandicam
2015-02-07 01:57 - 2015-02-07 01:57 - 00000000 ____D () C:\Users\David\AppData\Roaming\BANDISOFT
2015-02-07 01:56 - 2015-02-07 01:56 - 09495760 _____ (Bandisoft) C:\Users\David\Downloads\bd740camsetup.exe
2015-02-07 01:56 - 2015-02-07 01:56 - 00000993 _____ () C:\Users\David\Desktop\Bandicam.lnk
2015-02-07 01:56 - 2015-02-07 01:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bandicam
2015-02-07 01:56 - 2015-02-07 01:56 - 00000000 ____D () C:\Program Files (x86)\Bandicam
2015-01-29 19:08 - 2015-01-29 19:08 - 00000000 ____D () C:\tv
2015-01-29 19:07 - 2015-01-29 19:07 - 00000000 ____D () C:\Users\David\Downloads\tv
2015-01-29 19:00 - 2002-05-21 08:37 - 00131072 _____ (Creative Technology Ltd) C:\Windows\SysWOW64\eax.dll
2015-01-29 18:57 - 2015-02-21 21:55 - 00000000 ____D () C:\S2
2015-01-29 18:15 - 2015-01-29 18:18 - 00000000 ____D () C:\Users\David\Downloads\Beyond Good and Evil (December 14, 2003)
2015-01-27 23:18 - 2015-01-27 23:18 - 00000000 ____D () C:\Users\David\Downloads\Shaiya-FightClub
2015-01-26 02:15 - 2015-01-26 02:15 - 02194432 _____ () C:\Users\David\Downloads\adwcleaner_4.109.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-23 21:25 - 2013-07-06 20:17 - 00000000 ____D () C:\Users\David\AppData\Roaming\Skype
2015-02-23 21:25 - 2013-06-30 09:17 - 00000000 ____D () C:\Users\David\AppData\Roaming\TS3Client
2015-02-23 21:16 - 2013-07-03 19:14 - 00000000 ____D () C:\Users\David\AppData\Local\PMB Files
2015-02-23 21:16 - 2013-07-03 19:14 - 00000000 ____D () C:\ProgramData\PMB Files
2015-02-23 21:14 - 2013-07-12 11:35 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-23 20:58 - 2013-06-29 12:18 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-23 20:43 - 2014-04-30 23:45 - 00000000 ____D () C:\Users\David\AppData\Local\Akamai
2015-02-23 20:09 - 2013-08-17 19:38 - 01353669 _____ () C:\Windows\WindowsUpdate.log
2015-02-23 15:49 - 2013-07-18 14:13 - 00000000 ____D () C:\Users\David\AppData\Roaming\uTorrent
2015-02-23 15:49 - 2009-07-14 05:45 - 00032080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-23 15:49 - 2009-07-14 05:45 - 00032080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-23 15:41 - 2014-05-24 21:45 - 00157470 _____ () C:\Windows\setupact.log
2015-02-23 15:41 - 2013-07-12 11:35 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-23 15:41 - 2013-06-29 11:51 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-23 15:41 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-23 10:45 - 2014-07-08 18:22 - 00000224 _____ () C:\Users\David\BullseyeCoverageError.txt
2015-02-23 03:42 - 2014-05-25 09:06 - 00488802 _____ () C:\Windows\PFRO.log
2015-02-23 03:41 - 2014-06-22 15:53 - 00000000 ____D () C:\AdwCleaner
2015-02-23 03:00 - 2014-09-06 12:55 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-23 03:00 - 2014-09-06 12:54 - 00001107 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-23 03:00 - 2014-09-06 12:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-23 03:00 - 2014-09-06 12:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-22 11:35 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2015-02-22 11:32 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-02-21 21:52 - 2013-11-17 01:38 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2015-02-21 21:50 - 2014-07-23 17:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2015-02-21 21:50 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-02-21 13:37 - 2013-07-19 16:55 - 00000000 ____D () C:\Users\David\Downloads\1
2015-02-21 12:31 - 2014-11-18 12:58 - 00000000 ___HD () C:\Users\David\AppData\Roaming\Origin
2015-02-18 18:48 - 2013-07-06 20:17 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-02-18 18:48 - 2013-07-06 20:17 - 00000000 ____D () C:\ProgramData\Skype
2015-02-18 10:26 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing
2015-02-17 19:37 - 2009-07-14 05:45 - 00306536 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-17 15:37 - 2013-10-03 16:23 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-02-17 15:37 - 2013-10-03 16:22 - 00000000 ____D () C:\Program Files (x86)\Atari
2015-02-16 16:17 - 2013-06-29 11:55 - 00067512 _____ () C:\Users\David\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-14 20:50 - 2014-11-07 15:25 - 00018602 _____ () C:\Windows\DirectX.log
2015-02-14 20:10 - 2014-04-04 18:40 - 00000000 ____D () C:\ProgramData\Hi-Rez Studios
2015-02-14 20:10 - 2014-04-04 18:40 - 00000000 ____D () C:\Program Files (x86)\Hi-Rez Studios
2015-02-12 21:57 - 2014-12-10 03:21 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-12 21:57 - 2014-05-07 02:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-12 21:57 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-02-12 10:27 - 2013-08-26 20:46 - 00000000 ____D () C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-02-12 03:06 - 2013-11-09 16:25 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-12 03:02 - 2013-11-09 16:25 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-11 23:55 - 2014-04-22 22:05 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-02-07 01:56 - 2013-08-17 23:37 - 00000000 ____D () C:\Program Files (x86)\BandiMPEG1
2015-02-05 10:09 - 2013-07-12 11:35 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-05 10:09 - 2013-07-12 11:35 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-05 05:58 - 2013-06-29 12:18 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-05 05:58 - 2013-06-29 12:18 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-05 05:58 - 2013-06-29 12:18 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-27 15:31 - 2013-06-29 11:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-27 06:22 - 2015-01-17 12:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-27 06:22 - 2014-12-09 15:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox.bak
2015-01-24 11:32 - 2014-02-19 22:03 - 00000000 ____D () C:\Users\David\Downloads\Blubb

Files to move or delete:
====================
C:\Users\David\Demon_Slayer_Anmeldeclient.exe


Some content of TEMP:
====================
C:\Users\David\AppData\Local\Temp\BullseyeCoverage-2-x86.dll
C:\Users\David\AppData\Local\Temp\Quarantine.exe
C:\Users\David\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-03 15:49

==================== End Of Log ============================
--- --- ---

--- --- ---

Die Cmd.exe ist immernoch im Taskmanager aber die cmd.3xe oder NirCmd.3xe ist nicht mehr aufgetaucht. :)

schrauber 24.02.2015 07:23
Java updaten.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
C:\AdwCleaner\Quarantine\C\Users\David\AppData\Local\Temp\OCS\ocs_v71b.exe.vir

C:\Program Files (x86)\2K Games\Gearbox Software\Borderlands GOTY Edition\Binaries\paul.dll

C:\Users\David\AppData\Local\PMB Files\Upgrade41270\PMB_updater.exe

C:\Users\David\Desktop\DDos Protect\DDos Protect.rar

C:\Users\David\Desktop\DDos Protect\DDos Protect\DDos Protect.exe

C:\Users\David\Downloads\1\Age_of_Empires_II_(HD_Edition)_(2013)_downloader_de_13.exe

C:\Users\David\Downloads\1\icq6336_rfrset - CHIP-Downloader.exe

C:\Users\David\Downloads\1\SoftonicDownloader_fuer_microsoft-excel-viewer.exe

D:\Downloads\Integrated_BrotherSoft_TB.exe

D:\_Sicherungen\

E:\Users\david\AppData\Local\Temp\mconduitinstaller.exe

E:\Users\david\AppData\Local\Temp\mism.exe

E:\Users\david\AppData\Local\Temp\nsdB9BE.tmp

E:\Users\david\AppData\Local\Temp\OCS\ocs_v7d.exe

E:\Users\david\Downloads\DAEMONToolsPro530-0359.exe

E:\Users\david\Downloads\icq_rfrset-8.1b6325 - CHIP-Downloader.exe

E:\Users\david\Downloads\IMVU

E:\Users\david\Downloads\IMVU.exe
Task: {31E03393-D4CF-42EB-8845-B37558504C23} - System32\Tasks\{0AD7D392-6603-411C-811D-0EF90D745B92} => pcalua.exe -a C:\Users\David\Downloads\vermeer2_1_1_0\vermeer2_1_1_0.exe -d C:\Users\David\Downloads\vermeer2_1_1_0
C:\Users\David\Downloads\vermeer2_1_1_0\vermeer2_1_1_0.exe
Task: {FA262610-52C1-43C5-9CD8-2DEA679AEA51} - System32\Tasks\{E601B2F6-6DDC-4034-9919-40FC21213D99} => pcalua.exe -a C:\Windows\IsUninst.exe -c -fC:\games\ThiefG\thiefalphaIIu.log
Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.





Immer noch? FRST öffnen, Haken setzen bei Addition und scannen, poste bitte beide Logs.

Hardcore114 24.02.2015 16:00
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-02-2015
Ran by David at 2015-02-24 15:39:04 Run:1
Running from C:\Users\David\Desktop
Loaded Profiles: David (Available profiles: David)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\AdwCleaner\Quarantine\C\Users\David\AppData\Local\Temp\OCS\ocs_v71b.exe.vir

C:\Program Files (x86)\2K Games\Gearbox Software\Borderlands GOTY Edition\Binaries\paul.dll

C:\Users\David\AppData\Local\PMB Files\Upgrade41270\PMB_updater.exe

C:\Users\David\Desktop\DDos Protect\DDos Protect.rar

C:\Users\David\Desktop\DDos Protect\DDos Protect\DDos Protect.exe

C:\Users\David\Downloads\1\Age_of_Empires_II_(HD_Edition)_(2013)_downloader_de_13.exe

C:\Users\David\Downloads\1\icq6336_rfrset - CHIP-Downloader.exe

C:\Users\David\Downloads\1\SoftonicDownloader_fuer_microsoft-excel-viewer.exe

D:\Downloads\Integrated_BrotherSoft_TB.exe

D:\_Sicherungen\

E:\Users\david\AppData\Local\Temp\mconduitinstaller.exe

E:\Users\david\AppData\Local\Temp\mism.exe

E:\Users\david\AppData\Local\Temp\nsdB9BE.tmp

E:\Users\david\AppData\Local\Temp\OCS\ocs_v7d.exe

E:\Users\david\Downloads\DAEMONToolsPro530-0359.exe

E:\Users\david\Downloads\icq_rfrset-8.1b6325 - CHIP-Downloader.exe

E:\Users\david\Downloads\IMVU

E:\Users\david\Downloads\IMVU.exe
Task: {31E03393-D4CF-42EB-8845-B37558504C23} - System32\Tasks\{0AD7D392-6603-411C-811D-0EF90D745B92} => pcalua.exe -a C:\Users\David\Downloads\vermeer2_1_1_0\vermeer2_1_1_0.exe -d C:\Users\David\Downloads\vermeer2_1_1_0
C:\Users\David\Downloads\vermeer2_1_1_0\vermeer2_1_1_0.exe
Task: {FA262610-52C1-43C5-9CD8-2DEA679AEA51} - System32\Tasks\{E601B2F6-6DDC-4034-9919-40FC21213D99} => pcalua.exe -a C:\Windows\IsUninst.exe -c -fC:\games\ThiefG\thiefalphaIIu.log
Emptytemp:
       
*****************

C:\AdwCleaner\Quarantine\C\Users\David\AppData\Local\Temp\OCS\ocs_v71b.exe.vir => Moved successfully.
C:\Program Files (x86)\2K Games\Gearbox Software\Borderlands GOTY Edition\Binaries\paul.dll => Moved successfully.
C:\Users\David\AppData\Local\PMB Files\Upgrade41270\PMB_updater.exe => Moved successfully.
C:\Users\David\Desktop\DDos Protect\DDos Protect.rar => Moved successfully.
C:\Users\David\Desktop\DDos Protect\DDos Protect\DDos Protect.exe => Moved successfully.
C:\Users\David\Downloads\1\Age_of_Empires_II_(HD_Edition)_(2013)_downloader_de_13.exe => Moved successfully.
C:\Users\David\Downloads\1\icq6336_rfrset - CHIP-Downloader.exe => Moved successfully.
C:\Users\David\Downloads\1\SoftonicDownloader_fuer_microsoft-excel-viewer.exe => Moved successfully.
D:\Downloads\Integrated_BrotherSoft_TB.exe => Moved successfully.
D:\_Sicherungen => Moved successfully.
E:\Users\david\AppData\Local\Temp\mconduitinstaller.exe => Moved successfully.
E:\Users\david\AppData\Local\Temp\mism.exe => Moved successfully.
E:\Users\david\AppData\Local\Temp\nsdB9BE.tmp => Moved successfully.
E:\Users\david\AppData\Local\Temp\OCS\ocs_v7d.exe => Moved successfully.
E:\Users\david\Downloads\DAEMONToolsPro530-0359.exe => Moved successfully.
E:\Users\david\Downloads\icq_rfrset-8.1b6325 - CHIP-Downloader.exe => Moved successfully.
"E:\Users\david\Downloads\IMVU" => File/Directory not found.
E:\Users\david\Downloads\IMVU.exe => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{31E03393-D4CF-42EB-8845-B37558504C23}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{31E03393-D4CF-42EB-8845-B37558504C23}" => Key deleted successfully.
C:\Windows\System32\Tasks\{0AD7D392-6603-411C-811D-0EF90D745B92} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0AD7D392-6603-411C-811D-0EF90D745B92}" => Key deleted successfully.
"C:\Users\David\Downloads\vermeer2_1_1_0\vermeer2_1_1_0.exe" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FA262610-52C1-43C5-9CD8-2DEA679AEA51}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA262610-52C1-43C5-9CD8-2DEA679AEA51}" => Key deleted successfully.
C:\Windows\System32\Tasks\{E601B2F6-6DDC-4034-9919-40FC21213D99} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E601B2F6-6DDC-4034-9919-40FC21213D99}" => Key deleted successfully.
EmptyTemp: => Removed 1.5 GB temporary data.


The system needed a reboot.

==== End of Fixlog 15:46:14 ====

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-02-2015
Ran by David (administrator) on DAVID-PC on 24-02-2015 15:54:36
Running from C:\Users\David\Desktop
Loaded Profiles: David (Available profiles: David)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files\EslWire\service\WireHelperSvc.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Akamai Technologies, Inc.) C:\Users\David\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\David\AppData\Local\Akamai\netsession_win.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
() C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\Ymsgr_tray.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-02-21] (AVAST Software)
HKU\S-1-5-21-3260951588-4144526485-2639087776-1000\...\Run: [KPeerNexonEU] => C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe [438272 2013-07-04] (NEXON Inc.)
HKU\S-1-5-21-3260951588-4144526485-2639087776-1000\...\Run: [icq] => C:\Users\David\AppData\Roaming\ICQM\icq.exe [28698984 2013-07-07] (ICQ)
HKU\S-1-5-21-3260951588-4144526485-2639087776-1000\...\Run: [DAEMON Tools Pro Agent] => C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe [3108480 2012-10-23] (DT Soft Ltd)
HKU\S-1-5-21-3260951588-4144526485-2639087776-1000\...\Run: [Akamai NetSession Interface] => C:\Users\David\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3260951588-4144526485-2639087776-1000\...\Run: [uTorrent] => C:\Users\David\AppData\Roaming\uTorrent\uTorrent.exe [1374032 2015-01-21] (BitTorrent Inc.)
HKU\S-1-5-21-3260951588-4144526485-2639087776-1000\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3260951588-4144526485-2639087776-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3260951588-4144526485-2639087776-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\ArcPluginIE.dll (Perfect World Entertainment Inc)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\4to1r28p.default-1405135581555
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npnxgameEU.dll (Nexon)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll (Perfect World Entertainment Inc)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3260951588-4144526485-2639087776-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\David\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3260951588-4144526485-2639087776-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Extension: DownloadHelper - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\4to1r28p.default-1405135581555\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-11-13]
FF Extension: ProxTube - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\4to1r28p.default-1405135581555\Extensions\ich@maltegoetz.de.xpi [2014-09-11]
FF Extension: NoScript - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\4to1r28p.default-1405135581555\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-07-12]
FF Extension: Adblock Plus - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\4to1r28p.default-1405135581555\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-12]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\adblockplus [2015-01-17]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\bookmarkbackups [2015-01-17]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\crashes [2015-01-17]
FF Extension: GFACE Experience Plugin - C:\Program Files (x86)\Mozilla Firefox\extensions\cryenginebrowserplugin@crytek.com [2015-01-17]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\extensions [2015-01-17]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\healthreport [2015-01-17]
FF Extension: ProxTube - Unblock YouTube - C:\Program Files (x86)\Mozilla Firefox\extensions\ich@maltegoetz.de [2015-01-17]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\minidumps [2015-01-17]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\searchplugins [2015-01-17]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\storage [2015-01-17]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\weave [2015-01-17]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\webapps [2015-01-17]
FF Extension: DownloadHelper - C:\Program Files (x86)\Mozilla Firefox\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2015-01-17]
FF Extension: NoScript - C:\Program Files (x86)\Mozilla Firefox\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-01-17]
FF Extension: Adblock Plus - C:\Program Files (x86)\Mozilla Firefox\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-01-17]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-02-21]

Chrome:
=======
CHR Profile: C:\Users\David\AppData\Local\Google\Chrome\User Data\default
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-02-21]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ArcService; C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [88400 2014-10-21] (Perfect World Entertainment Inc)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-02-21] (AVAST Software)
R2 EslWireHelper; C:\Program Files\EslWire\service\WireHelperSvc.exe [663056 2014-01-29] ()
R2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2015-02-16] (Hi-Rez Studios) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2015-01-07] (Electronic Arts)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5419792 2014-11-28] (TeamViewer GmbH)
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [762320 2014-11-04] (Tunngle.net GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13368 2009-04-06] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-02-21] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [87912 2015-02-21] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2015-02-21] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-02-21] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-02-21] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2015-02-21] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2015-02-21] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-02-21] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-08-26] (DT Soft Ltd)
R0 ESLWireAC; C:\Windows\System32\drivers\ESLWireACD.sys [184968 2014-08-22] (<Turtle Entertainment>)
S2 hwpsgt; C:\Windows\SysWOW64\DRIVERS\hwpsgt.sys [137344 2013-09-07] () [File not signed]
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
S2 lemsgt; C:\Windows\SysWOW64\DRIVERS\lemsgt.sys [9472 2013-09-07] () [File not signed]
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-17] ()
S2 tandpl; C:\Windows\SysWOW64\drivers\tandpl.sys [4736 2003-04-19] () [File not signed]
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-23 21:18 - 2015-02-23 21:18 - 00852594 _____ () C:\Users\David\Desktop\SecurityCheck.exe
2015-02-23 17:12 - 2015-02-23 17:12 - 02347384 _____ (ESET) C:\Users\David\Downloads\esetsmartinstaller_deu.exe
2015-02-23 17:12 - 2015-02-23 17:12 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-02-23 10:45 - 2015-02-23 10:45 - 00000000 ____D () C:\ProgramData\.mono
2015-02-23 04:00 - 2015-02-23 04:00 - 00000000 ____D () C:\Users\David\Desktop\FRST-OlderVersion
2015-02-23 03:49 - 2015-02-23 03:49 - 00000771 _____ () C:\Users\David\Desktop\JRT.txt
2015-02-23 03:25 - 2015-02-23 03:25 - 00001202 _____ () C:\Users\David\Desktop\mbam.txt
2015-02-22 23:38 - 2015-02-22 23:38 - 00072342 _____ () C:\Users\David\Desktop\Deckblatt.odt
2015-02-22 22:01 - 2015-02-22 22:01 - 07835648 _____ () C:\Users\David\Downloads\PathOfExileInstaller.msi
2015-02-22 22:01 - 2015-02-22 22:01 - 00002134 _____ () C:\Users\Public\Desktop\Path of Exile.lnk
2015-02-22 22:01 - 2015-02-22 22:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grinding Gear Games
2015-02-22 19:18 - 2015-02-22 19:18 - 02126848 _____ () C:\Users\David\Desktop\AdwCleaner_4.111.exe
2015-02-22 19:18 - 2015-02-22 19:18 - 01388274 _____ (Thisisu) C:\Users\David\Desktop\JRT.exe
2015-02-22 19:05 - 2015-02-22 19:05 - 00016719 _____ () C:\Users\David\Desktop\Lebenslauf David.odt
2015-02-22 18:00 - 2015-02-22 18:00 - 00017885 _____ () C:\Users\David\Desktop\Bewerbung Lagerhelfer2.odt
2015-02-22 11:35 - 2015-02-22 11:35 - 00017666 _____ () C:\ComboFix.txt
2015-02-22 11:20 - 2015-02-22 11:35 - 00000000 ____D () C:\ComboFix
2015-02-22 11:20 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-02-22 11:20 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-02-22 11:20 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-02-22 11:20 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-02-22 11:20 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-02-22 11:20 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-02-22 11:20 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-02-22 11:20 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-02-22 11:05 - 2015-02-22 11:35 - 00000000 ____D () C:\Qoobox
2015-02-22 11:05 - 2015-02-22 11:33 - 00000000 ____D () C:\Windows\erdnt
2015-02-22 11:02 - 2015-02-22 11:03 - 05611903 ____R (Swearware) C:\Users\David\Desktop\ComboFix.exe
2015-02-21 21:49 - 2015-02-21 21:49 - 00000000 ____D () C:\Users\David\Downloads\S2.Gold
2015-02-21 21:03 - 2015-02-24 15:56 - 00014888 _____ () C:\Users\David\Desktop\FRST.txt
2015-02-21 21:03 - 2015-02-21 21:03 - 00031546 _____ () C:\Users\David\Desktop\Addition.txt
2015-02-21 20:58 - 2015-02-21 20:59 - 00031548 _____ () C:\Users\David\Downloads\Addition.txt
2015-02-21 20:57 - 2015-02-24 15:54 - 00000000 ____D () C:\FRST
2015-02-21 20:57 - 2015-02-21 20:59 - 00042155 _____ () C:\Users\David\Downloads\FRST.txt
2015-02-21 19:39 - 2015-02-21 19:39 - 00380416 _____ () C:\Users\David\Downloads\Gmer-19357.exe
2015-02-21 19:36 - 2015-02-23 04:00 - 02087424 _____ (Farbar) C:\Users\David\Desktop\FRST64.exe
2015-02-21 19:35 - 2015-02-21 19:35 - 00050477 _____ () C:\Users\David\Downloads\Defogger.exe
2015-02-21 12:28 - 2015-02-21 12:28 - 00000000 ____D () C:\Users\David\AppData\Roaming\AVAST Software
2015-02-21 12:27 - 2015-02-24 15:29 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-02-21 12:27 - 2015-02-21 12:27 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2015-02-21 12:27 - 2015-02-21 12:27 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-02-21 12:27 - 2015-02-21 12:27 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-02-21 12:27 - 2015-02-21 12:27 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-02-21 12:27 - 2015-02-21 12:27 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-02-21 12:27 - 2015-02-21 12:27 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-02-21 12:27 - 2015-02-21 12:27 - 00087912 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2015-02-21 12:27 - 2015-02-21 12:27 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-02-21 12:27 - 2015-02-21 12:27 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-02-21 12:27 - 2015-02-21 12:27 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-02-21 12:27 - 2015-02-21 12:27 - 00001965 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-02-21 12:27 - 2015-02-21 12:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-02-21 12:26 - 2015-02-21 12:26 - 00000000 ____D () C:\Program Files\AVAST Software
2015-02-21 12:24 - 2015-02-21 12:26 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-02-21 12:23 - 2015-02-21 12:24 - 132469808 _____ (AVAST Software) C:\Users\David\Downloads\avast_free_antivirus_setup_10.2208.712.exe
2015-02-20 23:38 - 2015-02-20 23:38 - 00000000 ____D () C:\Users\David\Downloads\ShaiyaIndependenceEP7.4
2015-02-17 19:39 - 2015-02-20 11:07 - 00000000 ____D () C:\Users\David\Downloads\Rollercoaster.Tycoon.3.Pack
2015-02-17 18:34 - 2015-01-09 04:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-02-17 18:34 - 2015-01-09 04:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-02-17 18:34 - 2015-01-09 04:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-02-17 18:34 - 2015-01-09 03:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-02-17 17:23 - 2009-02-22 15:17 - 01246231 _____ () C:\DUKE3D.EXE
2015-02-17 17:22 - 2015-02-17 17:22 - 00000175 _____ () C:\INSTALL.LOG
2015-02-17 15:37 - 2015-02-17 15:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atari
2015-02-17 14:23 - 2015-02-17 14:24 - 00000000 ____D () C:\Users\David\Documents\RCT3
2015-02-17 14:23 - 2015-02-17 14:23 - 00000000 ____D () C:\Users\David\AppData\Roaming\Atari
2015-02-17 13:49 - 2015-02-17 13:49 - 00000000 ____D () C:\Program Files (x86)\Portable
2015-02-17 13:43 - 2015-02-17 13:43 - 00000000 ____D () C:\Users\David\Downloads\RollerCoaster Tycoon 3 Platinum (1-click run)
2015-02-17 06:55 - 2015-02-17 06:55 - 00000003 _____ () C:\Windows\system32\HRUPPROG.TXT
2015-02-17 06:55 - 2015-02-17 06:55 - 00000003 _____ () C:\Windows\system32\HRUPPROG.EXIT
2015-02-16 02:58 - 2015-02-22 17:52 - 00016476 _____ () C:\Users\David\Desktop\Bewerbung Lagerhelfer.odt
2015-02-16 01:56 - 2015-02-16 01:56 - 00000000 ____D () C:\Users\David\AppData\Roaming\OpenOffice
2015-02-16 01:55 - 2015-02-16 01:55 - 00001192 _____ () C:\Users\David\Desktop\OpenOffice 4.1.1.lnk
2015-02-16 01:55 - 2015-02-16 01:55 - 00000000 ___SD () C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1
2015-02-16 01:55 - 2015-02-16 01:55 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2015-02-16 01:53 - 2015-02-16 01:53 - 00000000 ____D () C:\Users\David\Desktop\OpenOffice 4.1.1 (de) Installation Files
2015-02-16 01:52 - 2015-02-16 01:53 - 164858324 _____ () C:\Users\David\Downloads\Apache_OpenOffice_4.1.1_Win_x86_install_de.exe
2015-02-14 20:10 - 2015-02-14 20:10 - 00002038 _____ () C:\Users\Public\Desktop\Hi-Rez Diagnostics and Support.lnk
2015-02-14 20:10 - 2015-02-14 20:10 - 00002029 _____ () C:\Users\Public\Desktop\Smite.lnk
2015-02-14 20:10 - 2015-02-14 20:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios
2015-02-14 20:08 - 2015-02-14 20:08 - 46660424 _____ (Hi-Rez Studios) C:\Users\David\Downloads\InstallSmite.exe
2015-02-13 06:46 - 2015-01-23 05:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-13 06:46 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-13 06:46 - 2015-01-23 04:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-13 06:46 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-12 10:47 - 2015-02-12 11:28 - 00000000 ____D () C:\Keen
2015-02-12 10:29 - 2015-02-12 10:29 - 00003072 _____ () C:\Windows\System32\Tasks\{86220E2B-E7C6-4F24-B810-D9C70C6C71AE}
2015-02-12 10:26 - 2015-02-12 10:27 - 00000000 ____D () C:\frogger
2015-02-11 11:05 - 2015-02-04 04:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-11 11:05 - 2015-02-04 04:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-11 11:05 - 2015-02-04 04:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-11 11:05 - 2015-02-04 04:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-11 11:05 - 2015-02-04 04:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-11 11:05 - 2015-02-04 04:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-11 11:05 - 2015-02-04 04:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-11 11:05 - 2015-01-28 00:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-11 11:05 - 2015-01-14 06:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 11:05 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-11 11:05 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 11:05 - 2015-01-12 04:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 11:05 - 2015-01-12 04:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-11 11:05 - 2015-01-12 03:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-11 11:05 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 11:05 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 11:05 - 2015-01-12 03:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-11 11:05 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-11 11:05 - 2015-01-12 03:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 11:05 - 2015-01-12 03:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-11 11:05 - 2015-01-12 03:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 11:05 - 2015-01-12 03:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-11 11:05 - 2015-01-12 03:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-11 11:05 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-11 11:05 - 2015-01-12 03:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-11 11:05 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-11 11:05 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 11:05 - 2015-01-12 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-11 11:05 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-11 11:05 - 2015-01-12 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-11 11:05 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 11:05 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-11 11:05 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-11 11:05 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-11 11:05 - 2015-01-12 03:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 11:05 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-11 11:05 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-11 11:05 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-11 11:05 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-11 11:05 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-11 11:05 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 11:05 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 11:05 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 11:05 - 2015-01-12 02:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-11 11:05 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-11 11:05 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 11:05 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-11 11:05 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-11 11:05 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-11 11:05 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-11 11:05 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 11:05 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-11 11:05 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-11 11:05 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-11 11:05 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-11 11:05 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 11:05 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-11 11:05 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-11 11:05 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-11 11:05 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-11 11:05 - 2015-01-10 07:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-11 11:05 - 2015-01-10 07:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 11:05 - 2015-01-10 07:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-11 11:05 - 2015-01-10 07:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-11 11:05 - 2015-01-10 07:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-11 11:05 - 2015-01-10 07:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-11 11:05 - 2015-01-10 07:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-11 11:05 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-11 11:05 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-11 11:05 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-11 11:05 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-11 11:05 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-11 11:05 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-11 11:05 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-11 11:04 - 2015-01-15 09:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 11:04 - 2015-01-15 09:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-11 11:04 - 2015-01-15 09:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 11:04 - 2015-01-15 09:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-11 11:04 - 2015-01-15 09:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-11 11:04 - 2015-01-15 09:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-11 11:04 - 2015-01-15 09:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-11 11:04 - 2015-01-15 09:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-11 11:04 - 2015-01-15 09:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 11:04 - 2015-01-15 09:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-11 11:04 - 2015-01-15 09:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 11:04 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-11 11:04 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-11 11:04 - 2015-01-15 08:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-11 11:04 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-11 11:04 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-11 11:04 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-11 11:04 - 2015-01-15 05:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 11:04 - 2015-01-14 07:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 11:04 - 2015-01-14 07:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-11 11:04 - 2015-01-14 07:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-11 11:04 - 2015-01-14 07:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-11 11:04 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-11 11:04 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-11 11:04 - 2015-01-14 06:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-11 11:04 - 2015-01-13 04:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 11:04 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 11:04 - 2014-12-12 06:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-11 11:04 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-11 11:04 - 2014-12-08 04:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 11:04 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 11:04 - 2014-11-26 04:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 11:04 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-11 11:04 - 2014-07-07 03:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-02-11 11:04 - 2014-07-07 03:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-02-11 11:04 - 2014-07-07 02:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-02-11 11:04 - 2014-07-07 02:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-02-11 11:03 - 2015-01-09 03:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-07 01:57 - 2015-02-10 02:14 - 00000000 ____D () C:\Users\David\Documents\Bandicam
2015-02-07 01:57 - 2015-02-07 01:57 - 00000000 ____D () C:\Users\David\AppData\Roaming\BANDISOFT
2015-02-07 01:56 - 2015-02-07 01:56 - 09495760 _____ (Bandisoft) C:\Users\David\Downloads\bd740camsetup.exe
2015-02-07 01:56 - 2015-02-07 01:56 - 00000993 _____ () C:\Users\David\Desktop\Bandicam.lnk
2015-02-07 01:56 - 2015-02-07 01:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bandicam
2015-02-07 01:56 - 2015-02-07 01:56 - 00000000 ____D () C:\Program Files (x86)\Bandicam
2015-01-29 19:08 - 2015-01-29 19:08 - 00000000 ____D () C:\tv
2015-01-29 19:07 - 2015-01-29 19:07 - 00000000 ____D () C:\Users\David\Downloads\tv
2015-01-29 19:00 - 2002-05-21 08:37 - 00131072 _____ (Creative Technology Ltd) C:\Windows\SysWOW64\eax.dll
2015-01-29 18:57 - 2015-02-21 21:55 - 00000000 ____D () C:\S2
2015-01-29 18:15 - 2015-01-29 18:18 - 00000000 ____D () C:\Users\David\Downloads\Beyond Good and Evil (December 14, 2003)
2015-01-27 23:18 - 2015-01-27 23:18 - 00000000 ____D () C:\Users\David\Downloads\Shaiya-FightClub
2015-01-26 02:15 - 2015-01-26 02:15 - 02194432 _____ () C:\Users\David\Downloads\adwcleaner_4.109.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-24 15:56 - 2013-08-17 19:38 - 01400835 _____ () C:\Windows\WindowsUpdate.log
2015-02-24 15:53 - 2013-07-18 14:13 - 00000000 ____D () C:\Users\David\AppData\Roaming\uTorrent
2015-02-24 15:51 - 2013-07-12 11:35 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-24 15:51 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-24 15:50 - 2014-05-24 21:45 - 00157582 _____ () C:\Windows\setupact.log
2015-02-24 15:50 - 2013-06-30 09:17 - 00000000 ____D () C:\Users\David\AppData\Roaming\TS3Client
2015-02-24 15:50 - 2013-06-29 11:51 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-24 15:39 - 2013-07-20 00:17 - 00000000 ____D () C:\Users\David\Desktop\DDos Protect
2015-02-24 15:39 - 2013-07-19 16:55 - 00000000 ____D () C:\Users\David\Downloads\1
2015-02-24 15:35 - 2009-07-14 05:45 - 00032080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-24 15:35 - 2009-07-14 05:45 - 00032080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-24 15:29 - 2014-04-30 23:45 - 00000000 ____D () C:\Users\David\AppData\Local\Akamai
2015-02-24 06:23 - 2013-07-06 20:17 - 00000000 ____D () C:\Users\David\AppData\Roaming\Skype
2015-02-24 06:14 - 2013-07-12 11:35 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-24 05:58 - 2013-06-29 12:18 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-23 22:10 - 2014-07-08 18:22 - 00000224 _____ () C:\Users\David\BullseyeCoverageError.txt
2015-02-23 21:16 - 2013-07-03 19:14 - 00000000 ____D () C:\Users\David\AppData\Local\PMB Files
2015-02-23 21:16 - 2013-07-03 19:14 - 00000000 ____D () C:\ProgramData\PMB Files
2015-02-23 03:42 - 2014-05-25 09:06 - 00488802 _____ () C:\Windows\PFRO.log
2015-02-23 03:41 - 2014-06-22 15:53 - 00000000 ____D () C:\AdwCleaner
2015-02-23 03:00 - 2014-09-06 12:55 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-23 03:00 - 2014-09-06 12:54 - 00001107 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-23 03:00 - 2014-09-06 12:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-23 03:00 - 2014-09-06 12:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-22 11:35 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2015-02-22 11:32 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-02-21 21:52 - 2013-11-17 01:38 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2015-02-21 21:50 - 2014-07-23 17:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2015-02-21 21:50 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-02-21 12:31 - 2014-11-18 12:58 - 00000000 ___HD () C:\Users\David\AppData\Roaming\Origin
2015-02-18 18:48 - 2013-07-06 20:17 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-02-18 18:48 - 2013-07-06 20:17 - 00000000 ____D () C:\ProgramData\Skype
2015-02-18 10:26 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing
2015-02-17 19:37 - 2009-07-14 05:45 - 00306536 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-17 15:37 - 2013-10-03 16:23 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-02-17 15:37 - 2013-10-03 16:22 - 00000000 ____D () C:\Program Files (x86)\Atari
2015-02-16 16:17 - 2013-06-29 11:55 - 00067512 _____ () C:\Users\David\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-14 20:50 - 2014-11-07 15:25 - 00018602 _____ () C:\Windows\DirectX.log
2015-02-14 20:10 - 2014-04-04 18:40 - 00000000 ____D () C:\ProgramData\Hi-Rez Studios
2015-02-14 20:10 - 2014-04-04 18:40 - 00000000 ____D () C:\Program Files (x86)\Hi-Rez Studios
2015-02-12 21:57 - 2014-12-10 03:21 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-12 21:57 - 2014-05-07 02:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-12 21:57 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-02-12 10:27 - 2013-08-26 20:46 - 00000000 ____D () C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-02-12 03:06 - 2013-11-09 16:25 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-12 03:02 - 2013-11-09 16:25 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-11 23:55 - 2014-04-22 22:05 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-02-07 01:56 - 2013-08-17 23:37 - 00000000 ____D () C:\Program Files (x86)\BandiMPEG1
2015-02-05 10:09 - 2013-07-12 11:35 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-05 10:09 - 2013-07-12 11:35 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-05 05:58 - 2013-06-29 12:18 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-05 05:58 - 2013-06-29 12:18 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-05 05:58 - 2013-06-29 12:18 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-27 15:31 - 2013-06-29 11:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-27 06:22 - 2015-01-17 12:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-27 06:22 - 2014-12-09 15:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox.bak

Files to move or delete:
====================
C:\Users\David\Demon_Slayer_Anmeldeclient.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-03 15:49

==================== End Of Log ============================
--- --- ---


Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-02-2015
Ran by David at 2015-02-24 15:56:43
Running from C:\Users\David\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

«Eador. Masters of the Broken World» (HKLM-x32\...\{3180F11F-56C8-466c-8A82-599AE28EA34A}_is1) (Version:  - )
µTorrent (HKU\S-1-5-21-3260951588-4144526485-2639087776-1000\...\uTorrent) (Version: 3.3.1.29812 - BitTorrent Inc.)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AION Free-to-Play Version 1.0 (HKLM-x32\...\{82E73E8D-E1E7-45A4-A311-6D31492AA913}_is1) (Version: 1.0 - Gameforge)
Airline Tycoon Evolution (HKLM-x32\...\{16E43D5F-5296-4D53-B303-9D951AFE510F}) (Version:  - )
Akamai NetSession Interface (HKU\S-1-5-21-3260951588-4144526485-2639087776-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.5510 - Perfect World Entertainment)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version:  - )
Bandicam (HKLM-x32\...\Bandicam) (Version: 2.1.2.740 - Bandisoft.com)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - Bandisoft.com)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Beyond Good and Evil (HKLM-x32\...\GOGPACKBEYONDGOODANDEVIL_is1) (Version: 2.0.0.5 - GOG.com)
BlackShot Á¦°Å (HKLM-x32\...\BlackShot) (Version:  - )
Borderlands (HKLM-x32\...\{52B65911-1559-4ED5-9461-46957FDD48CD}) (Version: 1.0.295 - 2K Games)
Borderlands (HKLM-x32\...\Borderlands-u-GOTY_is1) (Version: 1.4.1 - 2K Games)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version:  - Gearbox Software)
Borderlands: The Pre-Sequel (HKLM-x32\...\Steam App 261640) (Version:  - 2K Australia)
CAE Report Generator v1.16 (HKLM-x32\...\{F7849D41-0A46-457D-827D-00FF47AF2D85}_is1) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 4.03 - Piriform)
Cold Zero 1.02 (HKLM-x32\...\{B1796F30-A0BF-494D-9180-EA819C983F3A}_is1) (Version:  - JoWooD Productions)
Combat Arms EU (HKLM-x32\...\Combat Arms EU) (Version:  - )
DAEMON Tools Pro (HKLM-x32\...\DAEMON Tools Pro) (Version: 5.2.0.0348 - DT Soft Ltd)
Dark Project 2 (HKLM-x32\...\Thief22DeinstallKey) (Version:  - )
Dead Space™ (HKLM-x32\...\{4D87DC92-C328-46EC-A7B4-9C88129DC696}) (Version: 1.0.222.0 - Electronic Arts)
Dead Space™ 3 (HKLM-x32\...\{D4329609-4102-4F8C-B83F-7FE024EEA314}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Duke Nukem - Manhattan Project (HKLM-x32\...\InstallShield_{8B9336DB-8D04-4325-BAFC-C7141D8E6CA1}) (Version: 1.0.0 - Arush Entertainment)
Duke Nukem - Manhattan Project (x32 Version: 1.0.0 - Arush Entertainment) Hidden
Duke Nukem 3D (HKLM-x32\...\Duke Nukem 3D_is1) (Version:  - GOG.com)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
ESL Wire 1.17.3 (HKLM\...\ESL Wire_is1) (Version:  - Turtle Entertainment GmbH)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Gameforge Live 2.0.4 (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.4 - Gameforge)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
Garrys Mod version 13.07.05 (HKLM\...\{C8F834F5-46EA-4933-8AA9-F6CD7D29EED0}_is1) (Version: 13.07.05 - Strogino CS Portal)
Glyph (HKLM-x32\...\Glyph) (Version:  - Trion Worlds, Inc.)
GOG.com Beyond Good and Evil (HKLM\...\{de495fd2-006f-494f-8a94-467eabd400ce}.sdb) (Version:  - )
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
Heroes & Generals (HKLM-x32\...\Steam App 227940) (Version:  - Reto-Moto)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
ICQ 8.1 (build 6336) (HKU\S-1-5-21-3260951588-4144526485-2639087776-1000\...\ICQ) (Version: 8.1.6336.0 - Mail.Ru)
Indeo® Software (HKLM-x32\...\Indeo® Software) (Version:  - )
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.600 - Oracle)
Java 7 Update 65 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417065FF}) (Version: 7.0.650 - Oracle)
Lame ACM MP3 Codec (HKLM-x32\...\LameACM) (Version:  - )
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Luvinia World (HKLM-x32\...\{AEFAED34-4C87-4158-916F-A158D7C3B3E8}) (Version: 1.00.0000 - SOA Games)
Luvinia World (HKLM-x32\...\Luvinia World 1.01.0038) (Version: 1.01.0038 - SOA Games)
Luvinia World (x32 Version: 1.01.0038 - SOA Games) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Age of Empires II (HKLM-x32\...\Age of Empires 2.0) (Version:  - )
Microsoft Age of Empires II: The Conquerors Expansion (HKLM-x32\...\Age of Empires II: The Conquerors Expansion 1.0) (Version:  - )
Microsoft Office Excel Viewer (HKLM-x32\...\{95120000-003F-0407-0000-0000000FF1CE}) (Version: 12.0.6334.5000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Neverwinter Nights 2 (HKLM-x32\...\{F20C1251-1D0A-4944-B2AE-678581B33B19}) (Version: 1.00.0000 - Obsidian)
NVIDIA 3D Vision Controller-Treiber 320.18 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 320.18 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 320.18 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 320.18 - NVIDIA Corporation)
NVIDIA Grafiktreiber 320.18 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 320.18 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.24.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.24.2 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.1.10.2716 - Electronic Arts, Inc.)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.9 - Pando Networks Inc.)
Path of Exile (HKLM-x32\...\{90A4562F-D4A1-4B65-906D-41F236CF6902}) (Version: 1.3.1.39715 - Grinding Gear Games)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r4600) (Version:  - )
PlayCatan Zugangssoftware (HKLM-x32\...\PlayCatan Client) (Version: 3.1148 - Catan GmbH)
RIFT (HKU\S-1-5-21-3260951588-4144526485-2639087776-1000\...\RIFT) (Version:  - Trion Worlds, Inc.)
RollerCoaster Tycoon 3 Platinum (HKLM-x32\...\RollerCoaster Tycoon 3 Platinum3) (Version: 3 - Friends in War)
Settlers 2 GOLD (HKLM-x32\...\GOGPACKSETTLERS2GOLD_is1) (Version: 2.0.0.14 - GOG.com)
Skype™ 7.1 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)
Smite (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}) (Version: 2.0.2574.0 - Hi-Rez Studios)
Speccy (HKLM\...\Speccy) (Version: 1.26 - Piriform)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.36244 - TeamViewer)
TERA (HKLM-x32\...\{A2F166A0-F031-4E27-A057-C69733219434}_is1) (Version: 7 - Gameforge Productions GmbH)
Thief - Deadly Shadows (HKLM-x32\...\{FC123EEA-330A-4685-911C-95B8F5E9DE68}) (Version: 1.0 - )
Thief 2: The Metal Age version 1.18 (HKLM-x32\...\{54B5CB3B-AFD9-49BB-B0C2-CD88A2F4B0EA}_is1) (Version: 1.18 - Square Enix)
Thief Gold (HKLM-x32\...\ThiefGoldDeinstallKey) (Version:  - )
Thief Gold version 1.37 (HKLM-x32\...\{43DD5CB5-3CB7-44EC-8A7A-2F300BED7301}_is1) (Version: 1.37 - Square Enix)
Tony Hawk's Pro Skater 2 (HKLM-x32\...\Activision_THPS2UninstallKey) (Version:  - )
Tron 2.0 (HKLM-x32\...\{FC272B66-8372-49EF-A642-28CAD2B9EAC9}) (Version:  - )
Tunngle Version Tunngle (HKLM-x32\...\Tunngle_is1) (Version: Tunngle - Tunngle.net GmbH)
UltraISO Premium V9.53 (HKLM-x32\...\UltraISO_is1) (Version:  - )
Unity Web Player (HKU\S-1-5-21-3260951588-4144526485-2639087776-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Uplay (HKLM-x32\...\Uplay) (Version: 3.0 - Ubisoft)
Vegas Pro 11.0 (HKLM-x32\...\{6BE7495E-8DF1-11E1-BB7D-F04DA23A5C58}) (Version: 11.0.682 - Sony)
Vindictus EU (HKLM-x32\...\Vindictus EU) (Version:  - )
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.1.4 (HKLM\...\VLC media player) (Version: 2.1.4 - VideoLAN)
VP3 Codec for Video for Windows (HKLM-x32\...\VP3 Codec for Video for Windows) (Version:  - )
Windows Media Player 5.2 (HKLM-x32\...\MPlayer2) (Version:  - )
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
x264vfw - H.264/MPEG-4 AVC codec (remove only) (HKLM-x32\...\x264vfw) (Version:  - )
XIII (HKLM-x32\...\{42BC0474-6E50-464A-8183-5E3D32E41B1B}) (Version: 1.00.000 - )
Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)
Xvid 1.2.2 final uninstall (HKLM-x32\...\Xvid_is1) (Version: 1.2 - Xvid team (Koepi))
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3260951588-4144526485-2639087776-1000_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-3260951588-4144526485-2639087776-1000_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-3260951588-4144526485-2639087776-1000_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-3260951588-4144526485-2639087776-1000_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\ooofilt_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-3260951588-4144526485-2639087776-1000_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\propertyhdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-3260951588-4144526485-2639087776-1000_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)

==================== Restore Points  =========================

22-02-2015 21:10:26 Microsoft Office Office 32-bit Components 2010 wird installiert
22-02-2015 22:01:21 Installed Path of Exile

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2015-02-22 11:32 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0DBD18A7-C96C-4F21-9A21-98897CB70543} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3260951588-4144526485-2639087776-1000
Task: {82AB592C-F6FF-418E-85F1-F65AB674DFF3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {87B1DB94-A975-454D-92D4-398D0F5BE420} - System32\Tasks\{9BC43372-27CA-4347-BFB5-EF2E19B4CB12} => Firefox.exe
Task: {8989B6C0-DEA6-4C30-8A35-28FC303ED514} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-12] (Google Inc.)
Task: {9567129D-B7A8-4936-A98B-20A06379B406} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-06-19] (Piriform Ltd)
Task: {9B7A039C-CB15-4E49-A7C1-A30BDB65F84D} - System32\Tasks\{903D4E11-96A2-46D0-84C1-ABFD76D5C8FE} => pcalua.exe -a "C:\Quake III Arena\Setup.exe" -d "C:\Quake III Arena"
Task: {9F516772-CEDC-44B8-8100-43E62383965A} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-02-21] (AVAST Software)
Task: {A93936EF-F1EB-4C59-89A7-C23D08113719} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {AF48D3B3-BCE7-4B84-B99F-17E5878D98E3} - System32\Tasks\{86220E2B-E7C6-4F24-B810-D9C70C6C71AE} => pcalua.exe -a C:\frogger\videosetup.exe -d C:\frogger
Task: {C4E4E163-5082-4256-9154-C21284B7A2D7} - System32\Tasks\{5FC56A3C-F106-44ED-9452-AAD1F9CC46F9} => pcalua.exe -a C:\Users\David\Downloads\XIII\XIII\Patches\xiii_v13.exe -d C:\Users\David\Downloads\XIII\XIII\Patches
Task: {E140E796-A402-4610-8840-F7B00C6E4340} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-12] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2013-06-29 11:45 - 2013-05-12 21:34 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-08-22 15:00 - 2014-01-29 18:14 - 00663056 _____ () C:\Program Files\EslWire\service\WireHelperSvc.exe
2014-08-22 15:00 - 2014-02-06 15:38 - 00214016 _____ () C:\Program Files\EslWire\service\NocIPC64.dll
2013-07-04 16:35 - 2013-07-04 16:35 - 01992328 _____ () C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe
2015-02-23 21:15 - 2015-02-23 21:15 - 02911232 _____ () C:\Program Files\AVAST Software\Avast\defs\15022301\algo.dll
2015-02-21 12:27 - 2015-02-21 12:27 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-01-11 01:55 - 2012-05-25 04:25 - 00921600 _____ () C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
2015-01-17 12:57 - 2015-01-27 06:22 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3260951588-4144526485-2639087776-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\David\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-3260951588-4144526485-2639087776-500 - Administrator - Disabled)
David (S-1-5-21-3260951588-4144526485-2639087776-1000 - Administrator - Enabled) => C:\Users\David
Gast (S-1-5-21-3260951588-4144526485-2639087776-501 - Limited - Disabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/24/2015 03:53:48 PM) (Source: SecurityCenter) (EventID: 3) (User: )
Description: Das Windows-Sicherheitscenter konnte keine Ereignisabfragen mit der WMI herstellen, um Antiviren, AntiSpyware- und Firewallprogramme von Drittanbietern zu überwachen.

Error: (02/24/2015 03:52:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/24/2015 03:30:43 PM) (Source: SecurityCenter) (EventID: 3) (User: )
Description: Das Windows-Sicherheitscenter konnte keine Ereignisabfragen mit der WMI herstellen, um Antiviren, AntiSpyware- und Firewallprogramme von Drittanbietern zu überwachen.

Error: (02/24/2015 03:29:41 PM) (Source: MsiInstaller) (EventID: 11310) (User: David-PC)
Description: Produkt: Akamai NetSession Interface -- Fehler 1310. Fehler beim Schreiben in die Datei: C:\Users\David\AppData\Local\Akamai\admintool.exe.  Systemfehler 0. Stellen Sie sicher, dass Sie auf das Verzeichnis zugreifen können.

Error: (02/24/2015 03:29:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/24/2015 03:29:06 PM) (Source: MsiInstaller) (EventID: 11310) (User: David-PC)
Description: Produkt: Akamai NetSession Interface -- Fehler 1310. Fehler beim Schreiben in die Datei: C:\Users\David\AppData\Local\Akamai\admintool.exe.  Systemfehler 0. Stellen Sie sicher, dass Sie auf das Verzeichnis zugreifen können.

Error: (02/24/2015 05:39:05 AM) (Source: MsiInstaller) (EventID: 11310) (User: David-PC)
Description: Produkt: Akamai NetSession Interface -- Fehler 1310. Fehler beim Schreiben in die Datei: C:\Users\David\AppData\Local\Akamai\admintool.exe.  Systemfehler 0. Stellen Sie sicher, dass Sie auf das Verzeichnis zugreifen können.

Error: (02/24/2015 05:38:41 AM) (Source: MsiInstaller) (EventID: 11310) (User: David-PC)
Description: Produkt: Akamai NetSession Interface -- Fehler 1310. Fehler beim Schreiben in die Datei: C:\Users\David\AppData\Local\Akamai\admintool.exe.  Systemfehler 0. Stellen Sie sicher, dass Sie auf das Verzeichnis zugreifen können.

Error: (02/24/2015 00:44:11 AM) (Source: MsiInstaller) (EventID: 11310) (User: David-PC)
Description: Produkt: Akamai NetSession Interface -- Fehler 1310. Fehler beim Schreiben in die Datei: C:\Users\David\AppData\Local\Akamai\admintool.exe.  Systemfehler 0. Stellen Sie sicher, dass Sie auf das Verzeichnis zugreifen können.

Error: (02/24/2015 00:43:47 AM) (Source: MsiInstaller) (EventID: 11310) (User: David-PC)
Description: Produkt: Akamai NetSession Interface -- Fehler 1310. Fehler beim Schreiben in die Datei: C:\Users\David\AppData\Local\Akamai\admintool.exe.  Systemfehler 0. Stellen Sie sicher, dass Sie auf das Verzeichnis zugreifen können.


System errors:
=============
Error: (02/24/2015 03:51:12 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\tandpl.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (02/24/2015 03:51:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "lemsgt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275

Error: (02/24/2015 03:51:11 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\DRIVERS\lemsgt.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (02/24/2015 03:51:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "hwpsgt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275

Error: (02/24/2015 03:51:11 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\DRIVERS\hwpsgt.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (02/24/2015 03:28:22 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\tandpl.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (02/24/2015 03:28:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "lemsgt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275

Error: (02/24/2015 03:28:20 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\DRIVERS\lemsgt.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (02/24/2015 03:28:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "hwpsgt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275

Error: (02/24/2015 03:28:20 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\DRIVERS\hwpsgt.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.


Microsoft Office Sessions:
=========================
Error: (02/24/2015 03:53:48 PM) (Source: SecurityCenter) (EventID: 3) (User: )
Description:

Error: (02/24/2015 03:52:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/24/2015 03:30:43 PM) (Source: SecurityCenter) (EventID: 3) (User: )
Description:

Error: (02/24/2015 03:29:41 PM) (Source: MsiInstaller) (EventID: 11310) (User: David-PC)
Description: Produkt: Akamai NetSession Interface -- Fehler 1310. Fehler beim Schreiben in die Datei: C:\Users\David\AppData\Local\Akamai\admintool.exe.  Systemfehler 0. Stellen Sie sicher, dass Sie auf das Verzeichnis zugreifen können.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (02/24/2015 03:29:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/24/2015 03:29:06 PM) (Source: MsiInstaller) (EventID: 11310) (User: David-PC)
Description: Produkt: Akamai NetSession Interface -- Fehler 1310. Fehler beim Schreiben in die Datei: C:\Users\David\AppData\Local\Akamai\admintool.exe.  Systemfehler 0. Stellen Sie sicher, dass Sie auf das Verzeichnis zugreifen können.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (02/24/2015 05:39:05 AM) (Source: MsiInstaller) (EventID: 11310) (User: David-PC)
Description: Produkt: Akamai NetSession Interface -- Fehler 1310. Fehler beim Schreiben in die Datei: C:\Users\David\AppData\Local\Akamai\admintool.exe.  Systemfehler 0. Stellen Sie sicher, dass Sie auf das Verzeichnis zugreifen können.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (02/24/2015 05:38:41 AM) (Source: MsiInstaller) (EventID: 11310) (User: David-PC)
Description: Produkt: Akamai NetSession Interface -- Fehler 1310. Fehler beim Schreiben in die Datei: C:\Users\David\AppData\Local\Akamai\admintool.exe.  Systemfehler 0. Stellen Sie sicher, dass Sie auf das Verzeichnis zugreifen können.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (02/24/2015 00:44:11 AM) (Source: MsiInstaller) (EventID: 11310) (User: David-PC)
Description: Produkt: Akamai NetSession Interface -- Fehler 1310. Fehler beim Schreiben in die Datei: C:\Users\David\AppData\Local\Akamai\admintool.exe.  Systemfehler 0. Stellen Sie sicher, dass Sie auf das Verzeichnis zugreifen können.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (02/24/2015 00:43:47 AM) (Source: MsiInstaller) (EventID: 11310) (User: David-PC)
Description: Produkt: Akamai NetSession Interface -- Fehler 1310. Fehler beim Schreiben in die Datei: C:\Users\David\AppData\Local\Akamai\admintool.exe.  Systemfehler 0. Stellen Sie sicher, dass Sie auf das Verzeichnis zugreifen können.(NULL)(NULL)(NULL)(NULL)(NULL)


CodeIntegrity Errors:
===================================
  Date: 2015-02-22 11:31:40.780
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-02-22 11:31:40.670
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Processor: AMD FX(tm)-4100 Quad-Core Processor
Percentage of memory in use: 27%
Total physical RAM: 8174.12 MB
Available physical RAM: 5922.72 MB
Total Pagefile: 16346.42 MB
Available Pagefile: 14147.27 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (C) (Fixed) (Total:465.66 GB) (Free:56.04 GB) NTFS
Drive d: (Daten) (Fixed) (Total:298.08 GB) (Free:66.16 GB) NTFS
Drive e: () (Fixed) (Total:74.53 GB) (Free:50.86 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive h: (DEADSPACE) (CDROM) (Total:7.41 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 55441DE7)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 74.5 GB) (Disk ID: E2B7E2B7)
Partition 1: (Active) - (Size=74.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 298.1 GB) (Disk ID: E2F7E2F7)
Partition 1: (Not Active) - (Size=298.1 GB) - (Type=OF Extended)

==================== End Of Log ============================
Ja, und heute nach dem Neustart war die cmd wieder im Manager.

schrauber 25.02.2015 06:36
Erstellst Du die FRST Logs auch zum Zeitpunkt wo die CMD drin ist?

ProcessExplorer als Ersatz für den Windows Taskmanager installieren

Lade Dir den Process Explorer als Ersatz für den Taskmanager herunter und installiere ihn, hier findest Du eine Anleitung. Das ist ein wesentlich leistungsfähigerer Ersatz für den Windows-Taskmanager. Im Menü unter "Options" kannst Du den ProcessExplorer dauerhaft als Ersatz für den Taskmanager einrichten (Replace Taskmanager). Das ist sehr empfehlenswert, weil der ProcessExplorer erheblich mehr Funktionen als der Taskmanager hat. Wenn Du diese Einstellung gemacht hast, öffnet sich mit der Tastenkombination STRG + ALT + Entf. nicht mehr der Taskmanager, sondern der ProcessExplorer. Das kann jederzeit durch Abhaken dieser Einstellung wieder rückgängig gemacht werden.

Was wir jetzt konkret brauchen: In jeder Zeile steht ein Prozess, ein paar der Zeilen sind keine richtigen Prozesse, sondern nur Pseudoprozesse für die Tätigkeit des Windos-Kernels. Im Menü View => Select Columns wird ein Dialog geöffnet, in dem Du auswählen kannst, welche Spalten mit Informationen zu den Prozessen angezeigt werden sollen. In dem gehe in das Register "Process Performance" und stelle sicher, dass dort "CPU Usage" angehakt ist, "CPU History" wäre ebenfalls sinnvoll. Unter "CPU Usage" wird der aktuelle Wert der Prozessorauslastung für jeden Prozess angezeigt (im Tabellentitel steht nur kurz "CPU"), "CPU History" blendet für jeden Prozess ein Diagramm ein, das eine Kurve mit der Prozessorauslastung für die letzte Zeit anzeigt.

Damit sollte es Dir möglich sein, zu identifizieren, welcher Prozess Deine CPU in Trab hält. Mache einen Doppelklick auf den Prozess. Du kannst von dem ganzen auch einen Screenshot machen und ihn als Anhang mit Deiner Antwort hochladen (auf "Erweitert" unter dem Textfeld klicken und über "Anhänge verwalten" auf Deinem Rechner suchen lassen und über "Hochladen" anhängen).


Mit dem process explorer bitte bei der CMD mit Rechtsklick Details/Eigenschaften schauen, woher die startet.

Hardcore114 25.02.2015 15:53
Liste der Anhänge anzeigen (Anzahl: 1)
Hier der Screenshot der cmd.exe im ProcessExplorer.

Und nebenbei angemerkt, als ich Java updaten wollte wurde mir gesagt ich hätte die aktuellste Version bereits installiert.:confused:

schrauber 26.02.2015 07:54
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
HKU\S-1-5-21-3260951588-4144526485-2639087776-1000\...\Run: [Akamai NetSession Interface] => C:\Users\David\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


Hardcore114 26.02.2015 16:15
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-02-2015 01
Ran by David at 2015-02-26 16:14:54 Run:2
Running from C:\Users\David\Desktop
Loaded Profiles: David (Available profiles: David)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-3260951588-4144526485-2639087776-1000\...\Run: [Akamai NetSession Interface] => C:\Users\David\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
       
*****************

HKU\S-1-5-21-3260951588-4144526485-2639087776-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Akamai NetSession Interface => value deleted successfully.

==== End of Fixlog 16:14:54 ====


Alle Zeitangaben in WEZ +1. Es ist jetzt 13:02 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132