GMER stürzt ab - MBAM erkennt PUP.Optional.Agent, PUP.Optional.IEBho.A, PUP.Optional.MyFreeze.A Hallo,
Ein MBAM Scan hat 12 Registry Einträge gefunden. Darauf hin habe ich die empfohlenen Scan gemacht, um das Problem einzugrenzen.
MBAM Log: Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 01.02.2015
Scan Time: 19:33:52
Logfile:
Administrator: Yes
Version: 2.00.4.1028
Malware Database: v2015.02.01.06
Rootkit Database: v2015.01.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Boss
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 430435
Time Elapsed: 8 min, 43 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Warn
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 12
PUP.Optional.Agent, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{34BE6615-ADA0-46D1-9457-ABE77C82B0AD}, , [3a179c5b27624ee8191cdc1d6b9744bc],
PUP.Optional.Agent, HKLM\SOFTWARE\CLASSES\TYPELIB\{EAB5257A-1FB3-474C-9B42-231F52622E72}, , [3a179c5b27624ee8191cdc1d6b9744bc],
PUP.Optional.Agent, HKLM\SOFTWARE\CLASSES\INTERFACE\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}, , [3a179c5b27624ee8191cdc1d6b9744bc],
PUP.Optional.Agent, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}, , [3a179c5b27624ee8191cdc1d6b9744bc],
PUP.Optional.Agent, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{EAB5257A-1FB3-474C-9B42-231F52622E72}, , [3a179c5b27624ee8191cdc1d6b9744bc],
PUP.Optional.Agent, HKLM\SOFTWARE\CLASSES\Updater.AmiUpd.1, , [3a179c5b27624ee8191cdc1d6b9744bc],
PUP.Optional.Agent, HKLM\SOFTWARE\CLASSES\Updater.AmiUpd, , [3a179c5b27624ee8191cdc1d6b9744bc],
PUP.Optional.Agent, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Updater.AmiUpd, , [3a179c5b27624ee8191cdc1d6b9744bc],
PUP.Optional.Agent, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Updater.AmiUpd.1, , [3a179c5b27624ee8191cdc1d6b9744bc],
PUP.Optional.IEBho.A, HKU\S-1-5-21-1431956111-1578176308-2867073519-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{0025320D-4D37-4C73-9A5C-0C28F04068A3}, , [e07135c20f7aad8998c0579f10f2f30d],
PUP.Optional.IEBho.A, HKU\S-1-5-21-1431956111-1578176308-2867073519-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{0025320D-4D37-4C73-9A5C-0C28F04068A3}, , [e07135c20f7aad8998c0579f10f2f30d],
PUP.Optional.MyFreeze.A, HKLM\SOFTWARE\WOW6432NODE\Freeze.com, , [8fc2688fdfaac2745877a8df26ddc739],
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 1
PUP.Optional.Agent, D:\Users\Boss\AppData\Local\25561\a25416.exe, , [3a179c5b27624ee8191cdc1d6b9744bc],
Physical Sectors: 0
(No malicious items detected)
(end) 1. FRST.tst: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015
Ran by Boss (administrator) on ARCHILLES on 01-02-2015 19:46:40
Running from D:\logs\FRST64_scan2
Loaded Profiles: Boss (Available profiles: Boss & Chef & Sharon)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(jafoSoft) C:\Program Files (x86)\jafoClient\jafoClient.exe
() C:\Program Files\Core Temp\Core Temp.exe
(hxxp://www.webtemp.org) C:\Program Files (x86)\WebTemp\WebTemp.exe
() C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
(Space Sciences Laboratory) C:\Program Files\BOINC\boinctray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Dropbox, Inc.) D:\Users\Boss\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Logitech(c)) C:\Program Files (x86)\Logitech\G35\G35.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
(techPowerUp!) C:\Program Files\tools\TPUCapture\TPUCapture.exe
(Jeroen Pelgrims) D:\Users\Boss\AppData\Local\Apps\2.0\44JA8YZB.DDE\VRGJQR7G.TZJ\soun..tion_0000000000000000_0002.0004_f839aedc2aa2d7a7\SoundSwitch.exe
(eFMer) C:\Program Files\BoincTasks\boinctasks64.exe
(Almico Software (www.almico.com)) C:\Program Files (x86)\SpeedFan\speedfan.exe
() C:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe
() C:\Program Files (x86)\RivaTuner Statistics Server\EncoderServer.exe
() C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooksLoader64.exe
(Space Sciences Laboratory) C:\Program Files\BOINC\boinc.exe
(Oracle Corporation) C:\Program Files\Oracle\VirtualBox\VBoxSVC.exe
() D:\BOINC-data\projects\einstein.phys.uwm.edu\hsgamma_FGRP4_1.05_windows_intelx86__FGRP4-Beta.exe
() D:\BOINC-data\projects\einstein.phys.uwm.edu\hsgamma_FGRP4_1.05_windows_intelx86__FGRP4-Beta.exe
() D:\BOINC-data\projects\einstein.phys.uwm.edu\hsgamma_FGRP4_1.05_windows_intelx86__FGRP4-Beta.exe
() D:\BOINC-data\projects\einstein.phys.uwm.edu\hsgamma_FGRP4_1.05_windows_intelx86__FGRP4-Beta.exe
(Space Sciences Laboratory) D:\BOINC-data\projects\lhcathome2.cern.ch_vLHCathome\vboxwrapper_26079_windows_x86_64__vbox64.exe
() C:\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
(Space Sciences Laboratory) C:\Program Files\BOINC\boincmgr.exe
() D:\BOINC-data\projects\einstein.phys.uwm.edu\hsgamma_FGRP4_1.05_windows_intelx86__FGRP4-Beta.exe
() D:\BOINC-data\projects\einstein.phys.uwm.edu\hsgamma_FGRP4_1.05_windows_intelx86__FGRP4-Beta.exe
() D:\BOINC-data\projects\asteroidsathome.net_boinc\period_search_10210_windows_x86_64__sse2.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
() D:\BOINC-data\projects\asteroidsathome.net_boinc\period_search_10210_windows_x86_64__sse2.exe
() D:\BOINC-data\projects\einstein.phys.uwm.edu\einsteinbinary_BRP4G_1.39_windows_x86_64__BRP4G-opencl-ati.exe
() D:\BOINC-data\projects\einstein.phys.uwm.edu\einsteinbinary_BRP4G_1.39_windows_x86_64__BRP4G-opencl-ati.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Launch LgDeviceAgent] => C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe [415816 2010-08-03] (Logitech Inc.)
HKLM\...\Run: [Launch LCDMon] => C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe [2412616 2010-08-03] (Logitech Inc.)
HKLM\...\Run: [Launch LGDCore] => C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe [4725320 2010-08-03] (Logitech Inc.)
HKLM\...\Run: [boinctray] => C:\Program Files\BOINC\boinctray.exe [73360 2014-02-27] (Space Sciences Laboratory)
HKLM\...\Run: [boincmgr] => C:\Program Files\BOINC\boincmgr.exe [5885072 2014-02-27] (Space Sciences Laboratory)
HKLM\...\Run: [EFMER_BoincTasks] => C:\Program Files\BoincTasks\boinctasks64.exe [5569968 2014-05-27] (eFMer)
HKLM-x32\...\Run: [Logitech G35] => C:\Program Files (x86)\Logitech\G35\G35.exe [1811800 2010-10-05] (Logitech(c))
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
Startup: D:\Users\Boss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> D:\Users\Boss\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: D:\Users\Boss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SoundSwitch.appref-ms ()
Startup: D:\Users\Boss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TPUCapture.lnk
ShortcutTarget: TPUCapture.lnk -> C:\Program Files\tools\TPUCapture\TPUCapture.exe (techPowerUp!)
Startup: D:\Users\Sharon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SoundSwitch.appref-ms ()
ShellIconOverlayIdentifiers: [QQDiskShExt1] -> {526C6870-9618-4F2A-8CC0-450B041E8377} => C:\Program Files (x86)\Tencent\weiyun\Bin\x64\DiskShell64.dll (Tencent)
ShellIconOverlayIdentifiers: [QQDiskShExt2] -> {526C6871-9618-4F2A-8CC0-450B041E8377} => C:\Program Files (x86)\Tencent\weiyun\Bin\x64\DiskShell64.dll (Tencent)
ShellIconOverlayIdentifiers: [QQDiskShExt3] -> {526C6872-9618-4F2A-8CC0-450B041E8377} => C:\Program Files (x86)\Tencent\weiyun\Bin\x64\DiskShell64.dll (Tencent)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-1431956111-1578176308-2867073519-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1431956111-1578176308-2867073519-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-1431956111-1578176308-2867073519-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=foxysecurity
SearchScopes: HKU\S-1-5-21-1431956111-1578176308-2867073519-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=foxysecurity
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 195.34.133.21 212.186.211.21
FireFox:
========
FF ProfilePath: D:\Users\Boss\AppData\Roaming\Mozilla\Firefox\Profiles\kpbgy0rp.default
FF SelectedSearchEngine: Startpage HTTPS
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @videolan.org/vlc,version=2.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @tencent.com/nptxftnWebKit,version=1.0.0.1 -> C:\Program Files (x86)\QQMailPlugin\nptxftnWebKit.dll (Tencent Technology (Shenzhen) Company Limited)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @virtools.com/3DviaPlayer -> C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
FF Plugin HKU\S-1-5-21-1431956111-1578176308-2867073519-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF user.js: detected! => D:\Users\Boss\AppData\Roaming\Mozilla\Firefox\Profiles\kpbgy0rp.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: D:\Users\Boss\AppData\Roaming\Mozilla\Firefox\Profiles\kpbgy0rp.default\searchplugins\startpage-https.xml
FF Extension: Perapera Chinese - D:\Users\Boss\AppData\Roaming\Mozilla\Firefox\Profiles\kpbgy0rp.default\Extensions\chineseperakun@gmail.com [2012-10-02]
FF Extension: Pocket - D:\Users\Boss\AppData\Roaming\Mozilla\Firefox\Profiles\kpbgy0rp.default\Extensions\isreaditlater@ideashower.com [2015-01-08]
FF Extension: Rikaichan Japanese-English Dictionary File - D:\Users\Boss\AppData\Roaming\Mozilla\Firefox\Profiles\kpbgy0rp.default\Extensions\rikaichan-jpen@polarcloud.com [2013-07-23]
FF Extension: Rikaichan - D:\Users\Boss\AppData\Roaming\Mozilla\Firefox\Profiles\kpbgy0rp.default\Extensions\{0AA9101C-D3C1-4129-A9B7-D778C6A17F82} [2012-11-04]
FF Extension: WOT - D:\Users\Boss\AppData\Roaming\Mozilla\Firefox\Profiles\kpbgy0rp.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-02-01]
FF Extension: DownloadHelper - D:\Users\Boss\AppData\Roaming\Mozilla\Firefox\Profiles\kpbgy0rp.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-25]
FF Extension: billiger.de Sparberater - D:\Users\Boss\AppData\Roaming\Mozilla\Firefox\Profiles\kpbgy0rp.default\Extensions\ciuvo-extension@billiger.de.xpi [2014-05-06]
FF Extension: Ghostery - D:\Users\Boss\AppData\Roaming\Mozilla\Firefox\Profiles\kpbgy0rp.default\Extensions\firefox@ghostery.com.xpi [2014-05-06]
FF Extension: FireGestures - D:\Users\Boss\AppData\Roaming\Mozilla\Firefox\Profiles\kpbgy0rp.default\Extensions\firegestures@xuldev.org.xpi [2012-09-30]
FF Extension: Heartbleed Monitor - D:\Users\Boss\AppData\Roaming\Mozilla\Firefox\Profiles\kpbgy0rp.default\Extensions\jid1-eMhaOaq3SPBFDg@jetpack.xpi [2014-05-06]
FF Extension: Free Memory - D:\Users\Boss\AppData\Roaming\Mozilla\Firefox\Profiles\kpbgy0rp.default\Extensions\jid1-n85lxPv1NAWVTQ@jetpack.xpi [2014-05-08]
FF Extension: Flagfox - D:\Users\Boss\AppData\Roaming\Mozilla\Firefox\Profiles\kpbgy0rp.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2014-05-06]
FF Extension: Session Manager - D:\Users\Boss\AppData\Roaming\Mozilla\Firefox\Profiles\kpbgy0rp.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2014-12-14]
FF Extension: RightToClick - D:\Users\Boss\AppData\Roaming\Mozilla\Firefox\Profiles\kpbgy0rp.default\Extensions\{cd617375-6743-4ee8-bac4-fbf10f35729e}.xpi [2014-05-06]
FF Extension: Adblock Plus - D:\Users\Boss\AppData\Roaming\Mozilla\Firefox\Profiles\kpbgy0rp.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-09-29]
FF Extension: DownThemAll! - D:\Users\Boss\AppData\Roaming\Mozilla\Firefox\Profiles\kpbgy0rp.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2013-11-13]
FF Extension: Greasemonkey - D:\Users\Boss\AppData\Roaming\Mozilla\Firefox\Profiles\kpbgy0rp.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2012-09-28]
Chrome:
=======
CHR Profile: D:\Users\Boss\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - D:\Users\Boss\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-26]
CHR Extension: (Google Drive) - D:\Users\Boss\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-26]
CHR Extension: (Google Voice Search Hotword (Beta)) - D:\Users\Boss\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-23]
CHR Extension: (YouTube) - D:\Users\Boss\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-26]
CHR Extension: (Google-Suche) - D:\Users\Boss\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-26]
CHR Extension: (Google Wallet) - D:\Users\Boss\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-26]
CHR Extension: (Google Mail) - D:\Users\Boss\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-26]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2013-11-18] (Nero AG)
S3 ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-30] (Intel Corporation) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910128 2015-01-27] (Electronic Arts)
S4 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [998640 2015-01-15] (Overwolf LTD)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)
S4 ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [572928 2008-04-29] (Nokia.) [File not signed]
R2 Uptime Service; C:\Program Files (x86)\jafoClient\jafoClient.exe [31744 2011-01-18] (jafoSoft) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 ATITool; C:\Windows\System32\DRIVERS\ATITool64.sys [30720 2006-11-10] () [File not signed]
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2015-01-17] ()
R3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-09] (QUALCOMM Incorporated)
S3 IOMap; C:\Windows\system32\drivers\IOMap64.sys [24824 2014-11-02] (ASUSTeK Computer Inc.)
R3 LADF_DHP2; C:\Windows\System32\DRIVERS\ladfDHP2amd64.sys [62168 2010-09-29] (Logitech)
R3 LADF_SBVM; C:\Windows\System32\DRIVERS\ladfSBVMamd64.sys [377176 2010-09-29] (Logitech)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-01] (Malwarebytes Corporation)
S3 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.)
R3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13368 2013-03-11] ()
R3 ALSysIO; \??\D:\Users\Boss\AppData\Local\Temp\ALSysIO64.sys [X]
S3 cpuz138; \??\D:\Users\Boss\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-01 19:15 - 2015-02-01 19:46 - 00000000 ____D () C:\FRST
2015-02-01 13:15 - 2015-02-01 13:20 - 00000000 ____D () C:\Program Files (x86)\jafoClient
2015-01-17 22:27 - 2015-01-17 22:28 - 00000000 ____D () C:\Program Files (x86)\CrystalDiskInfo
2015-01-16 19:07 - 2015-01-16 19:07 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
2015-01-16 19:07 - 2015-01-16 19:07 - 00000000 ____D () C:\Program Files\Realtek
2015-01-16 19:07 - 2015-01-16 19:07 - 00000000 ____D () C:\Program Files (x86)\Realtek
2015-01-16 19:07 - 2014-12-03 13:51 - 00960728 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2015-01-16 19:07 - 2014-12-03 11:41 - 04290520 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2015-01-16 19:07 - 2014-12-03 10:15 - 01485163 _____ () C:\Windows\system32\Drivers\RTAIODAT.DAT
2015-01-16 19:07 - 2014-12-02 11:42 - 03218800 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2015-01-16 19:07 - 2014-11-27 10:06 - 72823296 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
2015-01-16 19:07 - 2014-11-27 08:31 - 02823024 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll
2015-01-16 19:07 - 2014-11-27 08:31 - 02510192 _____ (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RltkAPO.dll
2015-01-16 19:07 - 2014-11-21 00:33 - 01104040 _____ (SRS Labs, Inc.) C:\Windows\system32\slcnt64.dll
2015-01-16 19:07 - 2014-11-21 00:33 - 00943784 _____ (DTS, Inc.) C:\Windows\system32\sl3apo64.dll
2015-01-16 19:07 - 2014-11-21 00:33 - 00734376 _____ (DTS, Inc.) C:\Windows\system32\sltech64.dll
2015-01-16 19:07 - 2014-11-21 00:33 - 00250536 _____ (TODO: <Company name>) C:\Windows\system32\slprp64.dll
2015-01-16 19:07 - 2014-11-19 08:42 - 01289944 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2015-01-16 19:07 - 2014-11-17 06:14 - 00303776 _____ (ICEpower a/s) C:\Windows\system32\ICEsoundAPO64.dll
2015-01-16 19:07 - 2014-11-11 06:44 - 00631000 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2015-01-16 19:07 - 2014-11-06 12:57 - 01411096 _____ (Synopsys, Inc.) C:\Windows\system32\SRRPTR64.dll
2015-01-16 19:07 - 2014-11-06 12:57 - 00451608 _____ (Synopsys, Inc.) C:\Windows\system32\SRAPO64.dll
2015-01-16 19:07 - 2014-11-06 12:57 - 00366616 _____ (Synopsys, Inc.) C:\Windows\system32\SRCOM64.dll
2015-01-16 19:07 - 2014-11-06 12:56 - 00326680 _____ (Synopsys, Inc.) C:\Windows\SysWOW64\SRCOM.dll
2015-01-16 19:07 - 2014-11-06 12:56 - 00326680 _____ (Synopsys, Inc.) C:\Windows\system32\SRCOM.dll
2015-01-16 19:07 - 2014-11-04 06:42 - 06242576 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64AF3.dll
2015-01-16 19:07 - 2014-11-04 06:42 - 01933584 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64AF3.dll
2015-01-16 19:07 - 2014-11-04 06:42 - 00336144 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64AF3.dll
2015-01-16 19:07 - 2014-11-04 06:42 - 00284944 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64F3.dll
2015-01-16 19:07 - 2014-10-24 03:12 - 05234952 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICAPOlfx.dll
2015-01-16 19:07 - 2014-10-24 03:12 - 00995120 _____ (Nahimic Inc) C:\Windows\system32\NahimicAPONSControl.dll
2015-01-16 19:07 - 2014-10-22 08:26 - 01550528 _____ (Conexant Systems Inc.) C:\Windows\system32\CX64APO.dll
2015-01-16 19:07 - 2014-10-20 08:49 - 01360640 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO6064.dll
2015-01-16 19:07 - 2014-08-14 12:16 - 05804772 _____ () C:\Windows\system32\Drivers\rtvienna.dat
2015-01-16 19:07 - 2014-08-06 06:43 - 02860760 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2015-01-16 19:07 - 2014-07-30 09:12 - 12967680 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO3064.dll
2015-01-16 19:07 - 2014-07-03 07:44 - 01499984 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO5064.dll
2015-01-16 19:07 - 2014-07-03 07:44 - 00979280 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO2064.dll
2015-01-16 19:07 - 2014-06-17 12:17 - 00856992 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo264.dll
2015-01-16 19:07 - 2014-06-09 03:59 - 00560328 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2015-01-16 19:07 - 2014-05-22 09:24 - 00096568 _____ () C:\Windows\system32\audioLibVc.dll
2015-01-16 19:07 - 2014-04-17 10:42 - 01136728 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO4064.dll
2015-01-16 19:07 - 2014-04-10 05:19 - 02101848 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib64.dll
2015-01-16 19:07 - 2014-04-10 05:19 - 02041432 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ64.dll
2015-01-16 19:07 - 2014-04-07 09:03 - 06218072 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64A.dll
2015-01-16 19:07 - 2014-04-07 09:03 - 01939800 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64A.dll
2015-01-16 19:07 - 2014-04-07 09:03 - 00315736 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64A.dll
2015-01-16 19:07 - 2014-04-07 09:03 - 00261464 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64.dll
2015-01-16 19:07 - 2014-03-06 09:35 - 01959128 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2015-01-16 19:07 - 2014-02-27 13:02 - 02162992 _____ (Yamaha Corporation) C:\Windows\system32\YamahaAE.dll
2015-01-16 19:07 - 2014-02-18 10:04 - 02770976 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2015-01-16 19:07 - 2014-01-31 10:27 - 01313904 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxSpeechAPO64.dll
2015-01-16 19:07 - 2013-10-11 05:47 - 00113576 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2015-01-16 19:07 - 2013-10-11 04:31 - 00947760 _____ (Sony Corporation) C:\Windows\system32\SFSS_APO.dll
2015-01-16 19:07 - 2013-10-06 17:26 - 00501184 _____ (DTS) C:\Windows\system32\DTSU2PLFX64.dll
2015-01-16 19:07 - 2013-10-06 17:26 - 00487360 _____ (DTS) C:\Windows\system32\DTSU2PGFX64.dll
2015-01-16 19:07 - 2013-10-06 17:26 - 00415680 _____ (DTS) C:\Windows\system32\DTSU2PREC64.dll
2015-01-16 19:07 - 2013-08-14 08:36 - 00662784 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVolumeSDAPO.dll
2015-01-16 19:07 - 2013-08-14 08:35 - 00663296 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll
2015-01-16 19:07 - 2013-07-23 08:39 - 14048512 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek64.dll
2015-01-16 19:07 - 2013-07-23 08:39 - 00922880 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell64.dll
2015-01-16 19:07 - 2013-06-25 05:47 - 00871856 _____ (TOSHIBA Corporation) C:\Windows\system32\tossaeapo64.dll
2015-01-16 19:07 - 2013-06-25 05:47 - 00162224 _____ (TOSHIBA Corporation) C:\Windows\system32\toseaeapo64.dll
2015-01-16 19:07 - 2013-06-25 05:46 - 00582056 _____ (TOSHIBA Corporation) C:\Windows\system32\tosasfapo64.dll
2015-01-16 19:07 - 2013-06-21 04:01 - 00109848 _____ () C:\Windows\system32\AcpiServiceVnA64.dll
2015-01-16 19:07 - 2013-04-03 07:13 - 00906800 _____ (Sony Corporation) C:\Windows\system32\MISS_APO.dll
2015-01-16 19:07 - 2012-08-31 12:18 - 07164176 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64A.dll
2015-01-16 19:07 - 2012-08-31 12:17 - 00434960 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64A.dll
2015-01-16 19:07 - 2012-08-31 12:17 - 00141584 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64A.dll
2015-01-16 19:07 - 2012-08-31 12:17 - 00124176 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll
2015-01-16 19:07 - 2012-08-31 12:17 - 00075024 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64A.dll
2015-01-16 19:07 - 2012-03-08 04:47 - 00108640 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2015-01-16 19:07 - 2012-01-10 03:20 - 00065944 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\tepeqapo64.dll
2015-01-16 19:07 - 2011-12-20 08:32 - 00331880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2015-01-16 19:07 - 2011-11-22 09:28 - 00014952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2015-01-16 19:07 - 2011-09-02 07:21 - 00221024 _____ (Synopsys, Inc.) C:\Windows\system32\SFNHK64.dll
2015-01-16 19:07 - 2011-09-02 07:21 - 00081248 _____ (Synopsys, Inc.) C:\Windows\system32\SFCOM64.dll
2015-01-16 19:07 - 2011-09-02 07:21 - 00078688 _____ (Synopsys, Inc.) C:\Windows\system32\SFAPO64.dll
2015-01-16 19:07 - 2011-08-23 10:00 - 00603984 _____ (Knowles Acoustics ) C:\Windows\system32\KAAPORT64.dll
2015-01-16 19:07 - 2011-05-31 02:42 - 01756264 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL64.dll
2015-01-16 19:07 - 2011-05-31 02:42 - 01568360 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL64.dll
2015-01-16 19:07 - 2011-05-31 02:42 - 01486952 _____ (DTS) C:\Windows\system32\DTSBoostDLL64.dll
2015-01-16 19:07 - 2011-05-31 02:42 - 00728680 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL64.dll
2015-01-16 19:07 - 2011-05-31 02:42 - 00712296 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL64.dll
2015-01-16 19:07 - 2011-05-31 02:42 - 00693352 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL64.dll
2015-01-16 19:07 - 2011-05-31 02:42 - 00491112 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL64.dll
2015-01-16 19:07 - 2011-05-31 02:42 - 00432744 _____ (DTS) C:\Windows\system32\DTSLimiterDLL64.dll
2015-01-16 19:07 - 2011-05-31 02:42 - 00428648 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL64.dll
2015-01-16 19:07 - 2011-05-31 02:42 - 00242792 _____ (DTS) C:\Windows\system32\DTSLFXAPO64.dll
2015-01-16 19:07 - 2011-05-31 02:42 - 00242792 _____ (DTS) C:\Windows\system32\DTSGFXAPO64.dll
2015-01-16 19:07 - 2011-05-31 02:42 - 00241768 _____ (DTS) C:\Windows\system32\DTSGFXAPONS64.dll
2015-01-16 19:07 - 2011-03-17 05:17 - 01361336 _____ (TOSHIBA Corporation) C:\Windows\system32\tosade.dll
2015-01-16 19:07 - 2011-03-07 10:11 - 00148416 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo.dll
2015-01-16 19:07 - 2010-11-08 00:31 - 00375128 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2015-01-16 19:07 - 2010-11-08 00:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2015-01-16 19:07 - 2010-11-08 00:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2015-01-16 19:07 - 2010-11-08 00:31 - 00204120 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2015-01-16 19:07 - 2010-11-08 00:31 - 00101208 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2015-01-16 19:07 - 2010-11-08 00:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2015-01-16 19:07 - 2010-11-03 11:30 - 00149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2015-01-16 19:07 - 2010-09-27 02:34 - 00318808 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2015-01-16 19:07 - 2010-07-22 09:48 - 00074064 _____ (Virage Logic Corporation / Sonic Focus) C:\Windows\SysWOW64\SFCOM.dll
2015-01-16 19:07 - 2009-11-24 02:55 - 00518896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2015-01-16 19:07 - 2009-11-24 02:55 - 00211184 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
2015-01-16 19:07 - 2009-11-24 02:55 - 00198896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
2015-01-16 19:07 - 2009-11-24 02:55 - 00155888 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2015-01-16 19:06 - 2015-01-16 19:07 - 00000000 ___HD () C:\Program Files (x86)\Temp
2015-01-16 19:06 - 2014-10-23 10:34 - 02080472 _____ (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
2015-01-16 18:57 - 2011-12-06 15:55 - 00053248 _____ (Windows XP Bundled build C-Centric Single User) C:\Windows\SysWOW64\CSVer.dll
2015-01-16 18:02 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-16 18:02 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-16 18:02 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-16 18:02 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-16 18:02 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-16 18:02 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-16 18:02 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-16 18:02 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-16 18:02 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-16 18:02 - 2014-12-11 18:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-16 18:02 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-16 18:02 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-16 18:02 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-16 18:02 - 2012-10-03 18:44 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-01-16 18:02 - 2012-10-03 18:44 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-01-14 19:59 - 2015-01-14 19:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-12 21:21 - 2015-01-12 21:29 - 00000000 ____D () C:\Program Files (x86)\AIDA64
2015-01-10 21:29 - 2015-02-01 18:04 - 00000000 ____D () D:\Users\Boss\AppData\Roaming\Kodi
2015-01-10 21:23 - 2015-01-10 21:23 - 00000000 ____D () D:\Users\Boss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kodi
2015-01-10 21:23 - 2015-01-10 21:23 - 00000000 ____D () C:\Program Files (x86)\Kodi
2015-01-08 15:31 - 2015-01-08 15:31 - 00000000 ____D () D:\Users\Boss\AppData\Roaming\AMD
2015-01-07 16:47 - 2015-01-07 16:47 - 00000000 ____H () D:\Users\Boss\Documents\Default.rdp
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-01 19:33 - 2014-06-28 12:48 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-01 19:09 - 2014-01-26 11:18 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-01 18:43 - 2013-10-19 23:10 - 00000000 ____D () D:\Users\Boss\AppData\Local\HTC MediaHub
2015-02-01 16:18 - 2009-07-14 18:58 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2015-02-01 16:18 - 2009-07-14 18:58 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2015-02-01 16:18 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-01 16:17 - 2009-07-14 05:45 - 00015152 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-01 16:17 - 2009-07-14 05:45 - 00015152 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-01 16:13 - 2012-09-14 19:31 - 01515198 _____ () C:\Windows\WindowsUpdate.log
2015-02-01 16:11 - 2014-10-10 21:35 - 00000000 ____D () C:\Program Files (x86)\SpeedFan
2015-02-01 16:11 - 2014-10-09 20:22 - 00000000 ____D () D:\Users\Boss\.VirtualBox
2015-02-01 16:11 - 2012-11-21 20:18 - 00000000 ____D () D:\Users\Boss\AppData\Roaming\Dropbox
2015-02-01 16:10 - 2014-11-09 12:13 - 00000000 ____D () D:\Users\Boss\AppData\Local\Deployment
2015-02-01 16:10 - 2014-01-26 11:18 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-01 16:10 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-01 16:10 - 2009-07-14 05:51 - 00125907 _____ () C:\Windows\setupact.log
2015-02-01 15:49 - 2014-08-23 18:26 - 00003022 _____ () C:\Windows\System32\Tasks\MSIAfterburner
2015-02-01 15:49 - 2014-08-03 13:37 - 00000140 _____ () D:\Users\Boss\AppData\Roaming\Network Monitor II_#0_Traffic.ini
2015-02-01 10:00 - 2012-09-28 20:20 - 00000000 ____D () C:\Program Files (x86)\Origin
2015-01-30 21:15 - 2012-09-28 20:11 - 00000000 ____D () D:\Users\Boss\AppData\Roaming\vlc
2015-01-30 19:22 - 2014-08-23 19:59 - 00000000 ____D () C:\Program Files (x86)\RivaTuner Statistics Server
2015-01-30 19:22 - 2012-09-28 19:39 - 00000000 ____D () C:\Program Files (x86)\MSI Afterburner
2015-01-30 18:43 - 2014-10-15 19:33 - 00000000 ____D () D:\Users\Sharon\.VirtualBox
2015-01-30 08:59 - 2014-10-26 11:59 - 00000000 ____D () D:\Users\Sharon\AppData\Local\HTC MediaHub
2015-01-30 08:58 - 2014-11-09 20:54 - 00000000 ____D () D:\Users\Sharon\AppData\Local\Deployment
2015-01-30 02:45 - 2012-10-07 17:17 - 00000000 ____D () C:\Windows\Minidump
2015-01-30 02:45 - 2012-09-14 19:25 - 00286780 ____N () C:\Windows\Minidump\013015-12636-01.dmp
2015-01-29 09:13 - 2012-10-04 22:56 - 00000000 ____D () D:\Users\Boss\AppData\Roaming\uTorrent
2015-01-29 09:13 - 2012-09-28 19:47 - 00000000 ____D () C:\Program Files\PeerBlock
2015-01-27 18:13 - 2014-07-20 13:29 - 00000000 ____D () D:\Users\Boss\AppData\Local\Adobe
2015-01-27 18:13 - 2012-09-29 03:23 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-27 18:13 - 2012-09-29 03:23 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-26 23:19 - 2014-05-13 19:46 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-01-25 18:39 - 2013-09-15 12:50 - 00000000 ____D () C:\Program Files (x86)\Overwolf
2015-01-18 20:13 - 2012-09-14 19:25 - 00286780 ____N () C:\Windows\Minidump\011815-14102-01.dmp
2015-01-18 13:42 - 2014-08-10 11:22 - 02128896 _____ () D:\Users\Boss\AppData\Local\file__0.localstorage
2015-01-18 11:54 - 2012-10-08 21:31 - 00000000 ____D () D:\Users\Boss\Desktop\Benchmark Programme
2015-01-17 22:38 - 2014-09-30 22:14 - 00000240 _____ () C:\Windows\Bench32.INI
2015-01-17 21:44 - 2012-10-11 23:05 - 00025640 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\etdrv.sys
2015-01-17 21:44 - 2012-10-11 23:03 - 00030528 _____ () C:\Windows\GVTDrv64.sys
2015-01-17 21:44 - 2012-10-11 23:01 - 00025640 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys
2015-01-17 21:08 - 2012-09-14 19:25 - 00286780 ____N () C:\Windows\Minidump\011715-11949-01.dmp
2015-01-17 13:01 - 2012-10-07 18:39 - 00000000 ____D () D:\Users\Boss\Documents\OCCT
2015-01-16 19:07 - 2012-10-11 23:01 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-01-16 18:57 - 2012-10-11 23:01 - 00000000 ____D () C:\Program Files (x86)\Intel
2015-01-16 18:06 - 2013-07-23 17:24 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-16 18:02 - 2012-09-14 22:46 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-16 11:20 - 2012-09-14 19:25 - 00326652 ____N () C:\Windows\Minidump\011615-12963-01.dmp
2015-01-14 22:00 - 2012-09-28 19:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-14 00:55 - 2012-09-14 19:25 - 00285740 ____N () C:\Windows\Minidump\011415-12136-01.dmp
2015-01-12 22:13 - 2014-06-28 12:48 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-11 18:22 - 2012-09-14 19:25 - 00286780 ____N () C:\Windows\Minidump\011115-9406-01.dmp
2015-01-10 08:49 - 2012-10-15 18:54 - 00007617 _____ () D:\Users\Boss\AppData\Local\resmon.resmoncfg
2015-01-10 08:48 - 2012-09-28 20:34 - 00000000 ____D () C:\Program Files\tools
2015-01-09 18:25 - 2012-09-14 19:25 - 00285692 ____N () C:\Windows\Minidump\010915-10030-01.dmp
2015-01-09 17:49 - 2012-09-14 19:25 - 00285180 ____N () C:\Windows\Minidump\010915-9141-01.dmp
2015-01-09 17:35 - 2012-10-11 23:01 - 00000000 ____D () C:\Program Files (x86)\GIGABYTE
2015-01-09 17:35 - 2012-10-11 23:01 - 00000000 ____D () C:\Program Files (x86)\AMD
2015-01-09 15:11 - 2012-09-14 19:25 - 00285180 ____N () C:\Windows\Minidump\010915-8470-01.dmp
2015-01-09 11:23 - 2012-09-14 19:25 - 00285180 ____N () C:\Windows\Minidump\010915-9438-01.dmp
2015-01-09 11:07 - 2012-09-14 19:25 - 00285244 ____N () C:\Windows\Minidump\010915-9157-01.dmp
2015-01-09 10:59 - 2012-09-14 19:25 - 00285180 ____N () C:\Windows\Minidump\010915-9516-01.dmp
2015-01-08 09:55 - 2012-09-14 22:47 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-07 22:45 - 2013-10-19 23:09 - 00000000 ____D () D:\Users\Boss\AppData\Local\Downloaded Installations
==================== Files in the root of some directories =======
2014-08-08 18:00 - 2014-08-08 21:13 - 0006898 _____ () D:\Users\Boss\AppData\Roaming\.freeciv-client-rc-2.2
2014-08-03 17:21 - 2014-08-03 17:25 - 0020286 _____ () D:\Users\Boss\AppData\Roaming\CompatAdmin.log
2014-10-05 17:29 - 2014-10-05 17:29 - 0000186 _____ () D:\Users\Boss\AppData\Roaming\Network Monitor II_#0_LockedNICs.ini
2014-08-03 12:44 - 2014-10-05 17:29 - 0000827 _____ () D:\Users\Boss\AppData\Roaming\Network Monitor II_#0_Settings.ini
2014-08-03 13:37 - 2015-02-01 15:49 - 0000140 _____ () D:\Users\Boss\AppData\Roaming\Network Monitor II_#0_Traffic.ini
2014-11-03 14:18 - 2014-11-03 14:18 - 0013568 _____ () D:\Users\Boss\AppData\Roaming\NMM-MetaData.db
2012-10-11 00:01 - 2014-06-24 00:55 - 0013824 _____ () D:\Users\Boss\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-08-10 11:22 - 2015-01-18 13:42 - 2128896 _____ () D:\Users\Boss\AppData\Local\file__0.localstorage
2012-10-15 18:54 - 2015-01-10 08:49 - 0007617 _____ () D:\Users\Boss\AppData\Local\resmon.resmoncfg
2015-01-16 19:07 - 2015-01-16 19:07 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Some content of TEMP:
====================
D:\Users\Boss\AppData\Local\Temp\drm_dyndata_7370014.dll
D:\Users\Boss\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp8dijdw.dll
D:\Users\Boss\AppData\Local\Temp\DrvInst64.exe
D:\Users\Boss\AppData\Local\Temp\E459.tmpcrt.dll
D:\Users\Boss\AppData\Local\Temp\E45A.tmpcrt.dll
D:\Users\Boss\AppData\Local\Temp\FZSPIFZYUWA.exe
D:\Users\Boss\AppData\Local\Temp\KMP_3.9.1.130.exe
D:\Users\Boss\AppData\Local\Temp\KMP_3.9.1.132.exe
D:\Users\Boss\AppData\Local\Temp\sfamcc00001.dll
D:\Users\Boss\AppData\Local\Temp\sfamcc00002.dll
D:\Users\Boss\AppData\Local\Temp\sfareca00001.dll
D:\Users\Boss\AppData\Local\Temp\sfextra.dll
D:\Users\Boss\AppData\Local\Temp\vlc-2.1.5-win32.exe
D:\Users\Sharon\AppData\Local\Temp\KMP_3.9.1.129.exe
D:\Users\Sharon\AppData\Local\Temp\KMP_3.9.1.130.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-24 00:53
==================== End Of Log ============================ Addition.txt: Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-02-2015
Ran by Boss at 2015-02-01 19:47:04
Running from D:\logs\FRST64_scan2
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKLM-x32\...\uTorrent) (Version: 3.1.3 - )
0 A.D. (HKU\S-1-5-21-1431956111-1578176308-2867073519-1000\...\0 A.D.) (Version: r15148P-alpha - Wildfire Games)
3DVIA player 5.0.0.20 (HKLM-x32\...\{F06365EC-061E-48C3-B761-E1816658D618}) (Version: 5.0.20 - 3DVIA)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 4.4 64-bit (HKLM\...\{11A955CD-4398-405A-886D-E464C3618FBF}) (Version: 4.4.1 - Adobe)
Age of Empires II: HD Edition (HKLM-x32\...\Steam App 221380) (Version: - Hidden Path Entertainment, Ensemble Studios)
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
ANNO 1404 - Gold Edition (HKLM-x32\...\{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}) (Version: 3.10.0000 - Ubisoft)
ANNO 2070 (HKLM-x32\...\{B48E264C-C8CD-4617-B0BE-46E977BAD694}) (Version: 1.0.0.0 - Ubisoft)
Application Verifier (x64) (HKLM\...\{46D5EFC2-64EC-49D0-AF71-3ABDF5C61AF4}) (Version: 4.0.665 - Microsoft Corporation)
ARCHILLES_MLI_UAC_fixes (HKLM\...\{6a7987da-5407-49dc-a599-30403d42d83e}.sdb) (Version: - )
ARCHILLES_MLI_UAC_fixes_32 (HKLM\...\{51ecbe17-9ee3-4393-bf93-1d6b26e5970e}.sdb) (Version: - )
ATITool Overclocking Utility (HKLM-x32\...\ATITool) (Version: 0.26 - )
Audiograbber 1.83 SE (HKLM-x32\...\Audiograbber) (Version: 1.83 SE - Audiograbber)
Audiograbber MP3-Plugin (HKLM-x32\...\Audiograbber-Lame) (Version: 1.0 - AG)
BOINC (HKLM\...\{D0183F8F-46BB-409F-9CD7-FB43F1A4279B}) (Version: 7.2.42 - Space Sciences Laboratory, U.C. Berkeley)
Boinc Tasks 32 and 64 Bit by eFMer V 1.61 (HKLM\...\BoincTasks_is1) (Version: 1.61 - eFMer)
CDisplay 1.8 (HKLM-x32\...\CDisplay_is1) (Version: - dvd8n)
ComicRack v0.9.175 (HKLM\...\ComicRack) (Version: v0.9.175 - cYo Soft)
CompuBench CL 1.1.3 Desktop Community Edition (HKLM-x32\...\{FB84B615-0662-4DA0-A126-895EA087B4CA}) (Version: 1.1.5 - Kishonti Ltd.)
Core Temp 1.0 RC6 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
Dead Space (HKLM-x32\...\{025A585C-0C66-413D-80D2-4C05CB699771}) (Version: 1.0.0.222 - Electronic Arts)
Deus Ex: Human Revolution - Director's Cut (HKLM-x32\...\Steam App 238010) (Version: - Eidos Montreal)
Distant Worlds (HKLM-x32\...\Distant Worlds1.0.7.0) (Version: 1.0.7.0 - Matrix Games)
Dragon Age: Origins (HKLM-x32\...\{AEC81925-9C76-4707-84A9-40696C613ED3}) (Version: 1.05.0.0 - Electronic Arts)
Dropbox (HKU\S-1-5-21-1431956111-1578176308-2867073519-1000\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
Easy Tune 6 B12.1121.1 (HKLM-x32\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE)
Easy Tune 6 B12.1121.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.2.2.802 - Foxit Corporation)
Geeks3D.com FurMark 1.10.1 (HKLM-x32\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version: - Geeks3D.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.94 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Heaven Benchmark version 4.0 (HKLM-x32\...\Unigine Heaven Benchmark (Basic Edition)_is1) (Version: 4.0 - Unigine Corp.)
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.14.0.001 - HTC Corporation)
HTC Sync Manager (HKLM-x32\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.1.37.2 - HTC)
Intel® Chipsatz-Gerätesoftware (x32 Version: 10.0.13 - Intel(R) Corporation) Hidden
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.32 - Irfan Skiljan)
jafoClient 2.2 (HKLM-x32\...\jafoClient_is1) (Version: - Cristopher McRae)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
Junction Link Magic 2.0 (HKLM\...\Junction Link Magic_is1) (Version: - )
Kodi (HKU\S-1-5-21-1431956111-1578176308-2867073519-1000\...\Kodi) (Version: - XBMC-Foundation)
LINE (HKLM-x32\...\LINE) (Version: 3.2.1.83 - NHN Japan)
Lingoes 2.9.2 (HKLM\...\Lingoes Translator (x64)_is1) (Version: 2.9.2 - Lingoes Project)
Logitech G35 (HKLM\...\{27607A94-33AC-4AA7-AACE-95AF6ACA3E30}) (Version: 1.1.178 - Logitech)
Logitech GamePanel Software 3.06.109 (HKLM\...\{A1E85B9A-AFAD-4D38-AF01-6B020DD5213A}) (Version: 3.06.109 - Logitech Inc.)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mass Effect™ 3 (HKLM-x32\...\{534A31BD-20F4-46b0-85CE-09778379663C}) (Version: 1.05.0.0 - Electronic Arts)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Application Compatibility Toolkit 5.6 (HKLM-x32\...\{0F5AEBB0-43F3-4571-ACE7-A7942E8AA179}) (Version: 5.6.7324.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 35.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0 (x86 en-US)) (Version: 35.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
Mozilla Thunderbird (2.0.0.24) (HKLM-x32\...\Mozilla Thunderbird (2.0.0.24)) (Version: 2.0.0.24 (de) - Mozilla)
MSI Afterburner 4.0.0 (HKLM-x32\...\Afterburner) (Version: 4.0.0 - MSI Co., LTD)
MSVC80_x64 (Version: 1.0.1.0 - Nokia) Hidden
MSVC80_x86 (x32 Version: 1.0.1.0 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Network Addon Mod Version 29 (September 2010) (HKLM-x32\...\Network Addon Mod) (Version: Version 29 (September 2010) - Das NAM Team)
Nokia Connectivity Cable Driver (HKLM-x32\...\{4F1DCA42-2030-437C-A94E-736692A499C1}) (Version: 6.86.11.0 - Nokia)
Nokia PC Suite (HKLM-x32\...\Nokia PC Suite) (Version: 6.86.9.4 - Nokia)
Nokia PC Suite (x32 Version: 6.86.9.4 - Nokia) Hidden
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Oracle VM VirtualBox 4.3.12 (HKLM\...\{B5121457-0126-4E62-BCBF-6DC7C73D9E4A}) (Version: 4.3.12 - Oracle Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.0.13.2142 - Electronic Arts, Inc.)
Original War (HKLM-x32\...\original war) (Version: - )
Original War (HKLM-x32\...\Steam App 235320) (Version: - Altar Games)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.82.106.0 - Overwolf Ltd.)
PC Connectivity Solution (HKLM-x32\...\{E9BC886E-0D8A-4EF5-B793-30DB776C6E2C}) (Version: 8.15.1.0 - Nokia)
PeerBlock 1.1 (r518) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.1.0.518 - PeerBlock, LLC)
Port Forward Network Utilities (HKLM-x32\...\{88B1D36C-7B70-4C48-8D2F-AAB956ECF4C3}) (Version: 2.03 - Portforward, LLC)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7399 - Realtek Semiconductor Corp.)
RivaTuner Statistics Server 6.2.0 (HKLM-x32\...\RTSS) (Version: 6.2.0 - Unwinder)
SimCity 2000 Special Edition (HKLM-x32\...\{59D2C751-F7BE-4E9F-9C8C-1F16013802C7}) (Version: 2.0.0.1 - Electronic Arts)
SimCity 4 Deluxe (HKLM-x32\...\{3F0D0ABE-CDAF-431A-00BC-CBBE018EA74E}) (Version: - )
Skype™ 6.7 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.7.102 - Skype Technologies S.A.)
SoundSwitch (HKU\S-1-5-21-1431956111-1578176308-2867073519-1000\...\5e9d4b807286f8d3) (Version: 2.4.1.4 - Jeroen Pelgrims)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
Starpoint Gemini 2 (HKLM-x32\...\Steam App 236150) (Version: - Little Green Men Games)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
Subtitle Workshop 2.51 (HKLM-x32\...\SubtitleWorkshop) (Version: - )
SuperOrca (HKLM-x32\...\SuperOrca) (Version: 11.0.0.1 - Pantaray)
Synekism 0.5.1.63 (HKLM-x32\...\Synekism) (Version: 0.5.1.63 - Idimoris)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.12 - TeamSpeak Systems GmbH)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version: - TechPowerUp)
The KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: - )
Theme Hospital (HKLM-x32\...\{5118A4C2-C8A4-4CE5-AC37-F3E51C25402F}) (Version: 3.0.0.2 - Electronic Arts)
Traffic Simulator Configuration Tool (HKU\S-1-5-21-1431956111-1578176308-2867073519-1000\...\Traffic Simulator Configuration Tool) (Version: - )
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
UFO: Afterlight (HKLM-x32\...\Steam App 237950) (Version: - Altar Games)
Unigine Valley Benchmark version 1.0 (HKLM-x32\...\Unigine Valley Benchmark_is1) (Version: 1.0 - Unigine Corp.)
Unknown Horizons (HKLM-x32\...\Unknown Horizons) (Version: 2013.3 - The Unknown Horizons Team)
Uplay (HKLM-x32\...\Uplay) (Version: 4.6 - Ubisoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VLC media player 2.0.2 (HKLM\...\VLC media player) (Version: 2.0.2 - VideoLAN)
WebTemp 3.39-pre1 (kostenlose Version) (HKLM-x32\...\WebTemp_is1) (Version: - hxxp://www.webtemp.org)
Winamp (HKLM-x32\...\Winamp) (Version: 5.601 - Nullsoft, Inc)
Winamp Detector Plug-in (HKU\S-1-5-21-1431956111-1578176308-2867073519-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
WinDirStat 1.1.2 (HKU\S-1-5-21-1431956111-1578176308-2867073519-1000\...\WinDirStat) (Version: - )
Windows-Treiberpaket - Nokia Modem (03/05/2008 3.7) (HKLM\...\CBF192A85B624E32B8D19ADEEF2DCFC5BC3AA73A) (Version: 03/05/2008 3.7 - Nokia)
Windows-Treiberpaket - Nokia Modem (03/13/2008 6.86.0.1) (HKLM\...\E092B2EBF2FFE83E896F8F7F829A7B5D7D1B2F9D) (Version: 03/13/2008 6.86.0.1 - Nokia)
Windows-Treiberpaket - Nokia pccsmcfd (10/12/2007 6.85.4.0) (HKLM\...\BC15EA930074932BB2C4B4493C9FD4EA95087D1A) (Version: 10/12/2007 6.85.4.0 - Nokia)
Wing Commander III (HKLM-x32\...\{F96B9930-E22A-44D6-81B5-6C8E92C21B4B}) (Version: 2.0.0.2 - Electronic Arts)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
微云同步盘 (HKLM-x32\...\Weiyun) (Version: 2.0 - 腾讯科技(深圳)有限公司)
腾讯微云 (HKLM-x32\...\weiyundisk) (Version: 2.2 - 腾讯科技(深圳)有限公司)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-1431956111-1578176308-2867073519-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> D:\Users\Boss\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1431956111-1578176308-2867073519-1000_Classes\CLSID\{07474513-7B58-45c7-B3E6-13A3669B1AFD}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1431956111-1578176308-2867073519-1000_Classes\CLSID\{4ED64402-CABA-4CD3-943E-B43E0F006016}\InprocServer32 -> D:\Users\Boss\AppData\Local\Microsoft\Windows Sidebar\Gadgets\coremeter_v1.5.0.gadget\cm64.dll (-)
CustomCLSID: HKU\S-1-5-21-1431956111-1578176308-2867073519-1000_Classes\CLSID\{6538FE62-139F-4136-AEA4-621D4883EB02}\InprocServer32 -> D:\Users\Boss\AppData\Local\Microsoft\Windows Sidebar\Gadgets\coremeter_v1.5.0.gadget\CM64.dll (-)
CustomCLSID: HKU\S-1-5-21-1431956111-1578176308-2867073519-1000_Classes\CLSID\{97D17A04-4438-4C8E-BAC7-BC21B8B9E999}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1431956111-1578176308-2867073519-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> D:\Users\Boss\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1431956111-1578176308-2867073519-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> D:\Users\Boss\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1431956111-1578176308-2867073519-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> D:\Users\Boss\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1431956111-1578176308-2867073519-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> D:\Users\Boss\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1431956111-1578176308-2867073519-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> D:\Users\Boss\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1431956111-1578176308-2867073519-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> D:\Users\Boss\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1431956111-1578176308-2867073519-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> D:\Users\Boss\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1431956111-1578176308-2867073519-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> D:\Users\Boss\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
==================== Restore Points =========================
24-09-2014 07:30:49 Windows Update
06-01-2015 23:15:23 Windows Update
09-01-2015 11:36:11 Removed Cloud OC
09-01-2015 17:09:09 Configured Easy Tune 6 B12.0912.1
09-01-2015 17:14:57 Installed Easy Tune 6 B14.1020.1
09-01-2015 17:26:18 Configured Easy Tune 6 B14.1020.1
09-01-2015 17:35:27 Installed Easy Tune 6 B12.1121.1
10-01-2015 21:23:49 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
16-01-2015 18:02:26 Windows Update
16-01-2015 19:07:02 Installiert Realtek High Definition Audio Driver
20-01-2015 16:46:09 Windows Update
24-01-2015 10:22:15 Windows Update
27-01-2015 18:11:10 Windows Update
30-01-2015 23:18:21 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {263679AB-62F6-4502-A0B4-FD58AE65FE82} - System32\Tasks\{8B2E2EF1-4F14-4E1E-B80F-D41002F15750} => pcalua.exe -a D:\installs\gfx\irfanview_plugins_433_setup.exe -d D:\installs\gfx
Task: {5E452A6C-3821-4377-B3D7-DC1DB240C470} - System32\Tasks\Core Temp Autostart Boss => C:\Program Files\Core Temp\Core Temp.exe [2013-10-08] ()
Task: {5E6C1398-F8A3-46B8-AC25-D01F9A2DF101} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-26] (Google Inc.)
Task: {5F912879-1F80-4AB9-8BE9-5898984026FC} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2015-01-15] (Overwolf LTD)
Task: {6DBC310E-101B-4D00-A196-46E1A652E719} - System32\Tasks\WebTemp => C:\Program Files (x86)\WebTemp\WebTemp.exe [2013-12-12] (hxxp://www.webtemp.org)
Task: {9992F3E4-5BCB-4949-8BB5-67EEAF77451D} - System32\Tasks\{AC4AF2B9-C28A-4301-AB36-24A198857671} => pcalua.exe -a "E:\drivers\Intel AHCI\STOR_Win7_8_11.7.0.1013_PV.exe" -d "E:\drivers\Intel AHCI"
Task: {C1A2F0BB-BADD-4F3A-A5C8-E38D9E573342} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-26] (Google Inc.)
Task: {E12ABE7F-F24B-4606-84E0-2C553F109474} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [2014-08-31] ()
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2013-10-19 23:10 - 2012-12-07 16:26 - 00167424 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2014-06-05 10:41 - 2014-08-30 19:07 - 00400384 _____ () C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooks64.dll
2014-08-05 22:47 - 2013-10-08 12:23 - 00890016 _____ () C:\Program Files\Core Temp\Core Temp.exe
2014-08-05 22:47 - 2011-09-08 12:41 - 00008192 _____ () C:\Program Files\Core Temp\plugins\CoreTempRemoteServer\SystemInfo.dll
2014-08-31 14:00 - 2014-08-31 14:00 - 00512512 _____ () C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
2014-08-30 19:07 - 2014-08-30 19:07 - 00195584 _____ () C:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe
2014-08-30 19:07 - 2014-08-30 19:07 - 00026112 _____ () C:\Program Files (x86)\RivaTuner Statistics Server\EncoderServer.exe
2014-08-30 19:07 - 2014-08-30 19:07 - 00088576 _____ () C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooksLoader64.exe
2012-10-19 13:18 - 2012-10-19 13:18 - 00079872 _____ () C:\Program Files\BOINC\zlib1.dll
2014-05-16 13:02 - 2014-05-16 13:02 - 00376096 _____ () C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll
2014-05-16 13:02 - 2014-05-16 13:02 - 04478752 _____ () C:\Program Files\Oracle\VirtualBox\VBoxRT.dll
2014-11-25 21:52 - 2014-11-25 21:52 - 13520025 _____ () D:\BOINC-data\projects\einstein.phys.uwm.edu\hsgamma_FGRP4_1.05_windows_intelx86__FGRP4-Beta.exe
2014-05-16 13:03 - 2014-05-16 13:03 - 00164640 _____ () C:\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
2014-05-16 13:04 - 2014-05-16 13:04 - 02469664 _____ () C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL
2014-05-16 13:04 - 2014-05-16 13:04 - 00671520 _____ () C:\Program Files\Oracle\VirtualBox\VBoxREM.dll
2014-05-16 13:04 - 2014-05-16 13:04 - 00030496 _____ () C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL
2014-05-16 13:04 - 2014-05-16 13:04 - 00047392 _____ () C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL
2014-05-16 13:04 - 2014-05-16 13:04 - 00048928 _____ () C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL
2014-05-16 13:04 - 2014-05-16 13:04 - 00046368 _____ () C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL
2014-05-16 13:04 - 2014-05-16 13:04 - 02412832 _____ () C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL
2014-05-16 13:04 - 2014-05-16 13:04 - 00201504 _____ () C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2014-05-16 13:04 - 2014-05-16 13:04 - 00041248 _____ () C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL
2014-03-31 02:08 - 2014-03-31 02:08 - 00314880 _____ () D:\BOINC-data\projects\asteroidsathome.net_boinc\period_search_10210_windows_x86_64__sse2.exe
2013-08-19 15:19 - 2013-08-19 15:21 - 12765561 _____ () D:\BOINC-data\projects\einstein.phys.uwm.edu\einsteinbinary_BRP4G_1.39_windows_x86_64__BRP4G-opencl-ati.exe
2014-03-21 15:05 - 2014-03-21 15:05 - 00031080 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DbAccess.dll
2014-12-18 15:08 - 2014-12-18 15:08 - 00607376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\sqlite3.dll
2014-03-21 15:06 - 2014-03-21 15:06 - 00059752 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NAdvLog.dll
2014-03-21 15:06 - 2014-03-21 15:06 - 00036216 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NFileCacheDBAccess.dll
2014-03-21 15:06 - 2014-03-21 15:06 - 00080248 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\ninstallerhelper.dll
2014-03-21 15:08 - 2014-03-21 15:08 - 00129376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\zlib1.dll
2014-03-21 15:09 - 2014-03-21 15:09 - 00223592 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DevConnMon.dll
2014-06-05 10:40 - 2014-08-30 19:07 - 00354816 _____ () C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooks.dll
2014-08-31 13:58 - 2014-08-31 13:58 - 00071680 _____ () C:\Program Files (x86)\MSI Afterburner\RTMUI.dll
2014-08-31 13:58 - 2014-08-31 13:58 - 00056832 _____ () C:\Program Files (x86)\MSI Afterburner\RTFC.dll
2014-08-31 13:59 - 2014-08-31 13:59 - 00217600 _____ () C:\Program Files (x86)\MSI Afterburner\RTCore.dll
2014-08-31 13:59 - 2014-08-31 13:59 - 00324608 _____ () C:\Program Files (x86)\MSI Afterburner\RTUI.dll
2014-08-31 14:00 - 2014-08-31 14:00 - 00648192 _____ () C:\Program Files (x86)\MSI Afterburner\RTHAL.dll
2013-02-27 15:21 - 2013-02-27 15:21 - 00141312 _____ () C:\Program Files (x86)\MSI Afterburner\LogitechLcd.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00750080 _____ () D:\Users\Boss\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-02-01 16:11 - 2015-02-01 16:11 - 00043008 _____ () d:\users\boss\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp8dijdw.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00047616 _____ () D:\Users\Boss\AppData\Roaming\Dropbox\bin\libEGL.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00863744 _____ () D:\Users\Boss\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00200704 _____ () D:\Users\Boss\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-01-29 19:12 - 2015-02-01 16:10 - 00158720 _____ () D:\Users\Boss\AppData\Local\Temp\sfareca00001.dll
2014-10-10 21:35 - 2015-02-01 16:11 - 00192512 _____ () D:\Users\Boss\AppData\Local\Temp\sfamcc00001.dll
2014-08-30 19:07 - 2014-08-30 19:07 - 00056832 _____ () C:\Program Files (x86)\RivaTuner Statistics Server\RTFC.dll
2014-08-30 19:07 - 2014-08-30 19:07 - 00324608 _____ () C:\Program Files (x86)\RivaTuner Statistics Server\RTUI.dll
2014-08-30 19:07 - 2014-08-30 19:07 - 00071680 _____ () C:\Program Files (x86)\RivaTuner Statistics Server\RTMUI.dll
2015-01-14 19:59 - 2015-01-14 19:59 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: FoxitCloudUpdateService => 2
MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: OverwolfUpdater => 3
MSCONFIG\Services: ServiceLayer => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
========================= Accounts: ==========================
Administrator (S-1-5-21-1431956111-1578176308-2867073519-500 - Administrator - Disabled)
Boss (S-1-5-21-1431956111-1578176308-2867073519-1000 - Administrator - Enabled) => D:\Users\Boss
Chef (S-1-5-21-1431956111-1578176308-2867073519-1001 - Limited - Enabled) => D:\Users\Chef
Gast (S-1-5-21-1431956111-1578176308-2867073519-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1431956111-1578176308-2867073519-1003 - Limited - Enabled)
Sharon (S-1-5-21-1431956111-1578176308-2867073519-1007 - Limited - Enabled) => D:\Users\Sharon
==================== Faulty Device Manager Devices =============
Name: HID-konforme Maus
Description: HID-konforme Maus
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: mouhid
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: USB (Universal Serial Bus)-Controller
Description: USB (Universal Serial Bus)-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: ATITool Driver
Description: ATITool Driver
Class Guid: {85b5ddd0-e090-4b15-bdf2-a443a3ca0b66}
Manufacturer: W1zzard
Service: ATITool
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (02/01/2015 06:04:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Kodi.exe, Version 14.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1c1c
Startzeit: 01d03e40fef7b785
Endzeit: 15
Anwendungspfad: C:\Program Files (x86)\Kodi\Kodi.exe
Berichts-ID: 427a9325-aa34-11e4-8af9-1c6f659006e0
Error: (02/01/2015 01:16:50 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (01/31/2015 00:39:46 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (01/29/2015 07:12:08 PM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhost (10644) Versuch, Datei "D:\Users\Boss\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" für den Lesezugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
Error: (01/28/2015 07:23:35 PM) (Source: ATIeRecord) (EventID: 16396) (User: )
Description: ATI EEU PnP start/stop failed
Error: (01/28/2015 00:03:55 PM) (Source: ATIeRecord) (EventID: 16396) (User: )
Description: ATI EEU PnP start/stop failed
Error: (01/28/2015 00:42:56 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (01/27/2015 09:36:27 AM) (Source: ATIeRecord) (EventID: 16396) (User: )
Description: ATI EEU PnP start/stop failed
Error: (01/27/2015 02:08:17 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (01/26/2015 08:16:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: RootkitRevealer.exe, Version: 1.71.0.0, Zeitstempel: 0x44e255aa
Name des fehlerhaften Moduls: RootkitRevealer.exe, Version: 1.71.0.0, Zeitstempel: 0x44e255aa
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000040cd
ID des fehlerhaften Prozesses: 0x71c0
Startzeit der fehlerhaften Anwendung: 0xRootkitRevealer.exe0
Pfad der fehlerhaften Anwendung: RootkitRevealer.exe1
Pfad des fehlerhaften Moduls: RootkitRevealer.exe2
Berichtskennung: RootkitRevealer.exe3
System errors:
=============
Error: (02/01/2015 04:10:31 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 01.02.2015 um 16:06:35 unerwartet heruntergefahren.
Error: (01/30/2015 02:45:51 AM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x0000003b (0x00000000c0000005, 0xfffff80003ffb39b, 0xfffff880097febf0, 0x0000000000000000)C:\Windows\Minidump\013015-12636-01.dmp013015-12636-01
Error: (01/30/2015 02:45:50 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 30.01.2015 um 02:43:53 unerwartet heruntergefahren.
Error: (01/29/2015 08:51:00 AM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung empfangen: 112.
Error: (01/29/2015 08:08:18 AM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung empfangen: 112.
Error: (01/29/2015 07:25:36 AM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung empfangen: 112.
Error: (01/29/2015 06:42:54 AM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung empfangen: 112.
Error: (01/29/2015 06:00:12 AM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung empfangen: 112.
Error: (01/29/2015 05:17:30 AM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung empfangen: 112.
Error: (01/29/2015 04:34:48 AM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung empfangen: 112.
Microsoft Office Sessions:
=========================
Error: (02/01/2015 06:04:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Kodi.exe14.0.0.01c1c01d03e40fef7b78515C:\Program Files (x86)\Kodi\Kodi.exe427a9325-aa34-11e4-8af9-1c6f659006e0
Error: (02/01/2015 01:16:50 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files (x86)\Nokia\Nokia PC Suite 6\TIS_VistaPIM.dll
Error: (01/31/2015 00:39:46 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files (x86)\Nokia\Nokia PC Suite 6\TIS_VistaPIM.dll
Error: (01/29/2015 07:12:08 PM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhost10644D:\Users\Boss\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat-1032 (0xfffffbf8)32 (0x00000020)Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
Error: (01/28/2015 07:23:35 PM) (Source: ATIeRecord) (EventID: 16396) (User: )
Description:
Error: (01/28/2015 00:03:55 PM) (Source: ATIeRecord) (EventID: 16396) (User: )
Description:
Error: (01/28/2015 00:42:56 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files (x86)\Nokia\Nokia PC Suite 6\TIS_VistaPIM.dll
Error: (01/27/2015 09:36:27 AM) (Source: ATIeRecord) (EventID: 16396) (User: )
Description:
Error: (01/27/2015 02:08:17 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files (x86)\Nokia\Nokia PC Suite 6\TIS_VistaPIM.dll
Error: (01/26/2015 08:16:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: RootkitRevealer.exe1.71.0.044e255aaRootkitRevealer.exe1.71.0.044e255aac0000005000040cd71c001d0399c9499eec9C:\Program Files\tools\SysInternals\RootkitRevealer.exeC:\Program Files\tools\SysInternals\RootkitRevealer.exed3b0102e-a58f-11e4-beae-1c6f659006e0
CodeIntegrity Errors:
===================================
Date: 2014-09-30 22:43:52.544
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\HDPrfDrv.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-09-30 22:43:52.460
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\HDPrfDrv.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-09-30 22:43:46.277
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\HDPrfDrv.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-09-30 22:43:46.197
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\HDPrfDrv.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-09-30 22:43:28.249
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\HDPrfDrv.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-09-30 22:43:28.169
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\HDPrfDrv.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-08-23 06:41:08.507
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\ATITool64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-08-23 06:41:08.363
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\ATITool64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7 CPU X 980 @ 3.33GHz
Percentage of memory in use: 45%
Total physical RAM: 12286.42 MB
Available physical RAM: 6723.75 MB
Total Pagefile: 24571.03 MB
Available Pagefile: 17913.26 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:119.24 GB) (Free:44.42 GB) NTFS
Drive d: (Daten) (Fixed) (Total:833.76 GB) (Free:423.2 GB) NTFS
Drive e: (Video) (Fixed) (Total:1862.89 GB) (Free:404.9 GB) NTFS
Drive z: () (Fixed) (Total:97.66 GB) (Free:36.53 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: ED40DF7D)
Partition 1: (Not Active) - (Size=119.2 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 473BA339)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=833.8 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
==================== End Of Log ============================ 2. Defogger gestartet Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 19:51 on 01/02/2015 (Boss)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=- GMER stürzt wie gesagt ab (ein bis 2 Sekunden nach dem Start, also während des Scans). |