Trojaner-Board - Ram zu zu sehr Ausgelastet

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-04-2015

Ran by Administrator (administrator) on NICO-PC on 15-04-2015 11:45:33

Running from C:\Users\Administrator\Downloads

Loaded Profiles: Administrator (Available profiles: karsten & biBa & braunebauch & Administrator)

Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)

Internet Explorer Version 11 (Default browser: Opera)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(AMD) C:\Windows\System32\atiesrxx.exe

(Kingsoft Corporation) C:\Program Files (x86)\cmcm\Clean Master\cmcore.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe

() C:\Windows\SysWOW64\PnkBstrA.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

() C:\Program Files (x86)\puush\puush.exe

(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe

(ROCCAT) C:\Program Files (x86)\ROCCAT\Arvo Keyboard\ArvoHID.EXE

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe

(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

(Opera Software) C:\Program Files (x86)\Opera\28.0.1750.51\opera.exe

() C:\Program Files (x86)\Opera\28.0.1750.51\opera_crashreporter.exe

(Opera Software) C:\Program Files (x86)\Opera\28.0.1750.51\opera.exe

(Opera Software) C:\Program Files (x86)\Opera\28.0.1750.51\opera.exe

(Opera Software) C:\Program Files (x86)\Opera\28.0.1750.51\opera.exe

(Opera Software) C:\Program Files (x86)\Opera\28.0.1750.51\opera.exe

(Opera Software) C:\Program Files (x86)\Opera\28.0.1750.51\opera.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Opera Software) C:\Program Files (x86)\Opera\28.0.1750.51\opera.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(Microsoft Corporation) C:\Windows\System32\CompatTel\wicainventory.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2561848 2014-12-10] (Malwarebytes Corporation)

HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642304 2013-04-30] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] ()

HKU\S-1-5-21-2399221302-1085130942-1105205786-500\...\Run: [puush] => C:\Program Files (x86)\puush\puush.exe [568904 2015-03-30] ()

HKU\S-1-5-21-2399221302-1085130942-1105205786-500\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31344744 2015-02-26] (Skype Technologies S.A.)

HKU\S-1-5-21-2399221302-1085130942-1105205786-500\...\Run: [Arvo] => C:\Program Files (x86)\ROCCAT\Arvo Keyboard\ArvoHID.EXE [582144 2010-04-01] (ROCCAT)

ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()

ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()

ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()

ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  No File

ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  No File

ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  No File

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File

ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File

ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File

ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File

ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File

ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll (Tonec Inc.)

ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  No File

ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  No File

ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  No File

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\S-1-5-21-2399221302-1085130942-1105205786-500\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\S-1-5-21-2399221302-1085130942-1105205786-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

HKU\S-1-5-21-2399221302-1085130942-1105205786-500\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/1me10IE10DEDE/WOL_WCP

HKU\S-1-5-21-2399221302-1085130942-1105205786-500\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

HKU\S-1-5-21-2399221302-1085130942-1105205786-500\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\S-1-5-21-2399221302-1085130942-1105205786-500\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

SearchScopes: HKLM-x32 -> URL hxxp://search.certified-toolbar.com?si=66807&st=bs&tid=6724&ver=4.8&ts=1381160363652&tguid=66807-6724-1381160363652-10E24E1CACD67209137674BBCBBE62F0&q={searchTerms}

SearchScopes: HKLM-x32 -> SuggestionsURL_JSON hxxp://api.widdit.com/suggestions/?format=ffplugin&ua=ie&src=addon&si=66807&gid=1&dbCode=1&command={searchTerms}

SearchScopes: HKLM-x32 -> TopResultURLFallback hxxp://search.certified-toolbar.com?si=66807&st=bs&tid=6724&ver=4.8&ts=1381160363652&tguid=66807-6724-1381160363652-10E24E1CACD67209137674BBCBBE62F0&q={searchTerms}

SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll No File

BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-03-20] (Oracle Corporation)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)

BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)

BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-20] (Oracle Corporation)

BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-20] (Oracle Corporation)

BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)

BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)

BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-20] (Oracle Corporation)

DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095} 

DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://active.macromedia.com/flash2/cabs/swflash.cab

DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)

Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)

Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)

Hosts: Hosts file not detected in the default directory

StartMenuInternet: IEXPLORE.EXE - IEXPLORE.EXE
 

FireFox:

========

FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\rp6vvztw.default-1425142396208

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-09] ()

FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)

FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll [2014-09-01] (EA Digital Illusions CE AB)

FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2015-01-13] (EA Digital Illusions CE AB)

FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-20] (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-20] (Oracle Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)

FF Plugin: @unity3d.com/UnityPlayer64,version=1.0 -> C:\Program Files\Unity\WebPlayer64\loader-x64\npUnity3D64.dll [2014-12-05] (Unity Technologies ApS)

FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File

FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-01-07] (Adobe Systems)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-09] ()

FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll [2014-03-11] (Adobe Systems, Inc.)

FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)

FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-11-21] (DivX, LLC)

FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll [2014-09-01] (EA Digital Illusions CE AB)

FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2015-01-13] (EA Digital Illusions CE AB)

FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-20] (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-20] (Oracle Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)

FF Plugin-x32: @nexon.com/NxGame -> C:\ProgramData\Nexon\NGM\npnxgame.dll No File

FF Plugin-x32: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npNxGameEU.dll No File

FF Plugin-x32: @pages.tvunetworks.com/WebPlayer -> C:\Program Files (x86)\TVUPlayer\npTVUAx.dll No File

FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2014-01-20] (Pando Networks)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)

FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)

FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-01-07] (Adobe Systems)

FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll No File

FF Plugin HKU\S-1-5-21-2399221302-1085130942-1105205786-500: @tools.google.com/Google Update;version=3 -> C:\Users\Administrator\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-23] (Google Inc.)

FF Plugin HKU\S-1-5-21-2399221302-1085130942-1105205786-500: @tools.google.com/Google Update;version=9 -> C:\Users\Administrator\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-23] (Google Inc.)

FF Plugin HKU\S-1-5-21-2399221302-1085130942-1105205786-500: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-09-05] (Unity Technologies ApS)

FF Extension: WOT - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\rp6vvztw.default-1425142396208\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-04-01]

FF Extension: AdF.ly Skipper ★WORKING★ - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\rp6vvztw.default-1425142396208\Extensions\jid0-hyjN250ZzTOOX3evFwwAQBxE4ik@jetpack.xpi [2015-04-01]

FF Extension: Deutsch (DE) Language Pack - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\rp6vvztw.default-1425142396208\Extensions\langpack-de@firefox.mozilla.org.xpi [2015-04-01]

FF Extension: Locale Switcher - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\rp6vvztw.default-1425142396208\Extensions\{338e0b96-2285-4424-b4c8-e25560750fa3}.xpi [2015-04-01]

FF Extension: NoScript - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\rp6vvztw.default-1425142396208\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-03-08]

FF Extension: Adblock Edge - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\rp6vvztw.default-1425142396208\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2015-03-07]

FF HKU\S-1-5-21-2399221302-1085130942-1105205786-500\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Administrator\AppData\Roaming\IDM\idmmzcc5

FF Extension: IDM CC - C:\Users\Administrator\AppData\Roaming\IDM\idmmzcc5 [2015-03-21]

FF HKU\S-1-5-21-2399221302-1085130942-1105205786-500\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Administrator\AppData\Roaming\IDM\idmmzcc5
 

Chrome: 

=======

CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [Not Found]

CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [Not Found]
 

Opera: 

=======

OPR Extension: (Adguard Werbeblocker) - C:\Users\Administrator\AppData\Roaming\Opera Software\Opera Stable\Extensions\bopfaehpakahokaelnomggbohfbimcia [2015-04-04]

OPR Extension: (Twitch Now) - C:\Users\Administrator\AppData\Roaming\Opera Software\Opera Stable\Extensions\hiahmjdojdodmjjhhddegdnhcpjmokmo [2015-04-04]
 

==================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-04-29] (Advanced Micro Devices, Inc.) [File not signed]

S4 BAVS; C:\Windows\SysWOW64\BAVS\BAVSdienst.exe [32256 2014-06-26] () [File not signed]

S2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)

R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)

R2 cmcore; c:\program files (x86)\cmcm\Clean Master\cmcore.exe [315208 2015-04-01] (Kingsoft Corporation)

S4 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [175136 2014-11-20] (EasyAntiCheat Ltd)

S4 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2015-03-12] (Hi-Rez Studios) [File not signed]

S4 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2014-10-21] (LogMeIn, Inc.)

R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [555320 2014-12-10] (Malwarebytes Corporation)

S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)

S4 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)

S4 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1930608 2015-03-28] (Electronic Arts)

R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2015-03-28] ()

S4 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)

S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5448464 2015-03-30] (TeamViewer GmbH)

R2 Themes; C:\Windows\system32\themeservice.dll [44544 2013-11-11] (Microsoft Corporation) [File not signed]

S4 UnsignedThemes; C:\Windows\UnsignedThemesSvc.exe [24168 2009-07-13] (The Within Network, LLC)

R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

S4 WO_LiveService2; C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 11\LiveTunerService.exe [223624 2014-06-16] ()

S3 DAUpdaterSvc; D:\Programme (x86)\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [X]

S4 HideIPLaucherService; C:\Program Files (x86)\Hide ALL IP\LauncherService.exe [X]

S4 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [X]

S4 OpenVPNService; "C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe" [X]

S4 SbieSvc; "C:\Program Files\Sandboxie\SbieSvc.exe" [X]
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

S1 alnbpfpe; No ImagePath

R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)

R3 ArvoFltr; C:\Windows\System32\drivers\ArvoFltr.sys [15872 2009-05-06] (ROCCAT Development, Inc.)

S4 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-11-22] (AVG Technologies)

S3 camfilt2; C:\Windows\System32\DRIVERS\camfilt2.sys [139264 2007-08-29] (Guillemot Corporation)

R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2014-12-10] ()

U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2011-10-24] (Huawei Technologies Co., Ltd.)

R3 ksapi64; C:\Windows\system32\drivers\ksapi64.sys [56680 2015-02-15] (Kingsoft Corporation)

R2 LiveTuner2PM; C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 11\LiveTuner64.sys [14320 2014-03-20] ()

S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)

S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)

S1 MpKslaf5d7170; No ImagePath

S3 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)

S3 OM0530; C:\Windows\System32\Drivers\ov530vx.sys [172928 2007-07-13] (OmniVision Technology Inc.)

S3 RZMAELSTROMVADService; C:\Windows\System32\drivers\RzMaelstromVAD.sys [40696 2013-09-18] (Windows (R) Win 7 DDK provider)

R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [17720 2013-05-22] ()

R3 tapSF0901; C:\Windows\System32\DRIVERS\tapSF0901.sys [39104 2014-08-05] (Spotflux, Inc.)

R2 uxpatch; C:\Windows\system32\drivers\uxpatch.sys [30568 2009-07-13] ()

R3 VASDeviceDrm; C:\Windows\System32\drivers\vasdDev.sys [1454896 2012-03-19] (ShiningMorning Inc.)

S3 VCSVADHWSer; C:\Windows\System32\DRIVERS\vcsvad.sys [21504 2008-12-26] (Avnex) [File not signed]

U3 DfSdkS; No ImagePath

S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]

U0 Partizan; system32\drivers\Partizan.sys [X]

S3 SbieDrv; \??\C:\Program Files\Sandboxie\SbieDrv.sys [X]

S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]

S3 taphss6; system32\DRIVERS\taphss6.sys [X]

S3 tsusbhub; system32\drivers\tsusbhub.sys [X]

S3 VGPU; System32\drivers\rdvgkmd.sys [X]

S3 X6va017; \??\C:\Windows\SysWOW64\Drivers\X6va017 [X]

S3 X6va019; \??\C:\Windows\SysWOW64\Drivers\X6va019 [X]

S3 X6va021; \??\C:\Windows\SysWOW64\Drivers\X6va021 [X]

S3 X6va022; \??\C:\Windows\SysWOW64\Drivers\X6va022 [X]

S3 X6va029; \??\C:\Windows\SysWOW64\Drivers\X6va029 [X]

S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-04-15 11:45 - 2015-04-15 11:46 - 00024694 _____ () C:\Users\Administrator\Downloads\FRST.txt

2015-04-15 11:45 - 2015-04-15 11:45 - 02096640 _____ (Farbar) C:\Users\Administrator\Downloads\FRST64.exe

2015-04-15 11:45 - 2015-04-15 11:45 - 00000000 ____D () C:\FRST

2015-04-15 11:36 - 2015-04-15 11:37 - 10702728 _____ () C:\Windows\system32\FNTCACHE.DAT

2015-04-15 11:36 - 2015-04-15 11:36 - 00000056 _____ () C:\Windows\setupact.log

2015-04-15 11:36 - 2015-04-15 11:36 - 00000000 _____ () C:\Windows\setuperr.log

2015-04-15 11:31 - 2015-04-15 11:31 - 02217984 _____ () C:\Users\Administrator\Downloads\adwcleaner_4.201.exe

2015-04-15 11:26 - 2015-04-15 11:26 - 00001361 _____ () C:\Users\Administrator\Desktop\JRT.txt

2015-04-15 11:23 - 2015-04-15 11:23 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-NICO-PC-Windows-7-Ultimate-(64-bit).dat

2015-04-15 11:22 - 2015-04-15 11:22 - 00000000 ____D () C:\RegBackup

2015-04-15 11:20 - 2015-04-15 11:20 - 02687136 _____ (Thisisu) C:\Users\Administrator\Downloads\JRT.exe

2015-04-15 10:55 - 2015-04-15 10:55 - 00000034 _____ () C:\Users\Administrator\Desktop\Screenshot links.txt

2015-04-15 10:53 - 2015-04-15 10:53 - 02300472 _____ () C:\Windows\system32\GDIPFONTCACHEV1.DAT

2015-04-15 10:05 - 2015-03-09 14:48 - 02508440 _____ (Sysinternals - www.sysinternals.com) C:\Users\Administrator\Desktop\procexp.exe

2015-04-15 10:04 - 2015-04-15 10:05 - 01125626 _____ () C:\Users\Administrator\Downloads\ProcessExplorer_16.5.zip

2015-04-14 15:53 - 2015-04-14 15:57 - 00882044 _____ () C:\Users\Administrator\Documents\RecordMorphOutput.wav

2015-04-14 15:41 - 2015-04-14 15:41 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Screaming Bee

2015-04-14 15:34 - 2015-04-14 15:34 - 00000000 ____D () C:\Program Files (x86)\Screaming Bee LLC

2015-04-14 15:00 - 2015-04-15 09:43 - 00000000 ____D () C:\Program Files (x86)\Screaming Bee

2015-04-14 14:48 - 2015-04-14 14:51 - 34354008 _____ () C:\Users\Administrator\Downloads\MorphVOX Pro v4.3.13 with Addons + Crk.exe

2015-04-14 14:42 - 2015-04-14 14:42 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Remote Control Server

2015-04-14 14:13 - 2015-04-14 14:13 - 06754839 _____ (Steppschuh) C:\Users\Administrator\Downloads\RemoteControlServerSetup.exe

2015-04-14 10:03 - 2015-04-11 18:35 - 08368128 _____ () C:\Users\Administrator\Desktop\fcr900.dff

2015-04-14 10:03 - 2015-04-11 08:32 - 00000630 _____ () C:\Users\Administrator\Desktop\readme.txt

2015-04-14 10:03 - 2015-04-06 16:36 - 09423656 _____ () C:\Users\Administrator\Desktop\fcr900.txd

2015-04-13 09:31 - 2015-04-13 09:31 - 00000000 ____D () C:\Users\Administrator\Desktop\Terror Engine Reborn 2.0 (64bit)

2015-04-11 19:55 - 2015-04-12 00:44 - 00000000 ____D () C:\Users\Administrator\Desktop\Amazing Template By HibixArts

2015-04-11 19:53 - 2015-04-11 19:53 - 04001278 _____ () C:\Users\Administrator\Downloads\Intro Template- Five nights at Freddys.mp4

2015-04-11 18:56 - 2015-04-11 18:58 - 900951753 _____ () C:\Users\Administrator\Downloads\Music For Intro 2.rar

2015-04-10 18:06 - 2015-04-12 10:57 - 00000000 ____D () C:\ProgramData\{dab5c1c1-de22-4a32-dab5-5c1c1de20707}

2015-04-09 14:44 - 2015-04-09 14:44 - 00000000 ____D () C:\Users\Administrator\Documents\WBGames

2015-04-08 12:03 - 2015-04-08 12:04 - 00000000 ____D () C:\Users\Administrator\Desktop\Fast.and.Furious.7.TS.LD.German.x264-PsO

2015-04-06 19:54 - 2015-04-03 17:52 - 01922004 _____ () C:\Users\Administrator\Desktop\Song.wav

2015-04-06 17:43 - 2015-04-06 17:43 - 00000000 ____D () C:\Users\Administrator\Tracing

2015-04-05 01:44 - 2015-04-05 01:44 - 00000000 ___SD () C:\Windows\SysWOW64\GWX

2015-04-05 01:44 - 2015-04-05 01:44 - 00000000 ___SD () C:\Windows\system32\GWX

2015-04-04 15:53 - 2015-04-04 15:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Easy 7-Zip

2015-04-04 15:53 - 2015-04-04 15:53 - 00000000 ____D () C:\Program Files\Easy 7-Zip

2015-04-04 15:31 - 2015-04-04 15:41 - 44492800 _____ () C:\Program Files (x86)\GUT50C2.tmp

2015-04-04 15:31 - 2015-04-04 15:31 - 00000000 ____D () C:\Program Files (x86)\GUM50A2.tmp

2015-04-04 15:22 - 2015-04-12 11:03 - 00003858 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1428153734

2015-04-04 15:22 - 2015-04-12 11:03 - 00000000 ____D () C:\Program Files (x86)\Opera

2015-04-04 15:22 - 2015-04-04 15:22 - 00001135 _____ () C:\Users\Public\Desktop\Opera.lnk

2015-04-04 15:22 - 2015-04-04 15:22 - 00001135 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk

2015-04-04 15:08 - 2015-04-04 15:08 - 01543626 _____ () C:\Users\Administrator\Downloads\iExestos Intro _ RJคrtz [60FPS].mp4

2015-04-04 00:18 - 2015-04-04 00:29 - 123371600 _____ () C:\Users\Administrator\ts3_recording_15_04_04_0_18_39.wav

2015-04-03 23:38 - 2015-04-03 23:38 - 00000000 _____ () C:\Users\Administrator\Desktop\Marco Illuminat.txt

2015-04-03 23:12 - 2015-04-03 23:20 - 98559440 _____ () C:\Users\Administrator\ts3_recording_15_04_03_23_12_5.wav

2015-04-03 20:56 - 2015-04-03 20:57 - 00000000 ____D () C:\Program Files (x86)\TeamViewer

2015-04-03 20:56 - 2015-04-03 20:56 - 00001043 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk

2015-04-03 20:56 - 2015-04-03 20:56 - 00001031 _____ () C:\Users\Public\Desktop\TeamViewer 10.lnk

2015-04-03 18:43 - 2015-04-03 18:47 - 40658000 _____ () C:\Users\Administrator\ts3_recording_15_04_03_18_43_38.wav

2015-04-03 18:39 - 2015-04-03 18:39 - 01609040 _____ () C:\Users\Administrator\ts3_recording_15_04_03_18_39_28.wav

2015-04-03 12:07 - 2015-04-03 12:07 - 00000000 ____D () C:\Users\braunebauch\AppData\Roaming\Mozilla

2015-04-03 12:07 - 2015-04-03 12:07 - 00000000 ____D () C:\Users\braunebauch\AppData\Local\Mozilla

2015-04-01 20:05 - 2015-04-01 20:18 - 119446471 _____ () C:\Users\Administrator\Downloads\YouPorn - d re la 2.mp4

2015-04-01 00:47 - 2015-04-04 15:46 - 00000000 ____D () C:\Program Files (x86)\Whitehat

2015-04-01 00:47 - 2015-04-01 00:47 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Aviator

2015-04-01 00:43 - 2015-04-01 00:43 - 00000894 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Waterfox.lnk

2015-04-01 00:43 - 2015-04-01 00:43 - 00000000 ____D () C:\Program Files\Waterfox

2015-03-31 22:16 - 2015-03-31 22:16 - 00002024 _____ () C:\Users\Public\Desktop\Smite.lnk

2015-03-31 22:16 - 2015-03-31 22:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios

2015-03-31 22:15 - 2015-03-31 22:16 - 00000000 ____D () C:\Program Files (x86)\Hi-Rez Studios

2015-03-31 18:18 - 2014-01-04 19:53 - 00706562 _____ () C:\Users\Administrator\Desktop\requiem_cast.wav

2015-03-31 00:45 - 2015-03-29 18:39 - 20819882 _____ () C:\Users\Administrator\Desktop\TEMPLATE.psd

2015-03-31 00:38 - 2015-01-16 14:13 - 27487780 _____ () C:\Users\Administrator\Desktop\PSD4.psd

2015-03-30 23:58 - 2015-03-31 00:01 - 00000000 ____D () C:\Users\Administrator\Desktop\212 Skin Mods

2015-03-30 23:49 - 2015-03-30 23:49 - 226724184 _____ () C:\Users\Administrator\Desktop\212_Skin_Mods.rar

2015-03-30 16:47 - 2015-03-30 16:47 - 01838157 _____ () C:\Users\Administrator\Desktop\la-pirula-project.rar

2015-03-30 16:03 - 2015-03-30 16:18 - 00000000 ____D () C:\Users\Administrator\Desktop\Elegy

2015-03-29 17:09 - 2015-03-29 17:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Games

2015-03-29 16:00 - 2015-03-29 18:09 - 00000000 ____D () C:\Program Files (x86)\R.G. Games

2015-03-29 11:29 - 2015-03-29 11:29 - 00001772 _____ () C:\Users\karsten\Desktop\Rising World v0.5.3.1.lnk

2015-03-29 11:29 - 2015-03-29 11:29 - 00001772 _____ () C:\Users\braunebauch\Desktop\Rising World v0.5.3.1.lnk

2015-03-29 11:29 - 2015-03-29 11:29 - 00001772 _____ () C:\Users\biBa\Desktop\Rising World v0.5.3.1.lnk

2015-03-28 21:51 - 2015-03-21 17:18 - 00182582 _____ (Igor Pavlov) C:\Users\Administrator\Documents\BF3800600.exe

2015-03-28 18:35 - 2015-03-28 18:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Syndicate

2015-03-28 02:07 - 2015-03-28 02:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hazard Ops

2015-03-28 01:54 - 2015-03-28 02:10 - 00000000 ____D () C:\Program Files (x86)\Hazard Ops

2015-03-28 01:40 - 2015-03-28 01:52 - 00000000 ____D () C:\Hazard Ops

2015-03-28 01:39 - 2015-03-28 01:39 - 00000181 _____ () C:\console.log

2015-03-27 17:55 - 2015-03-27 17:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX

2015-03-27 17:55 - 2015-03-27 17:55 - 00000000 ____D () C:\Program Files\DivX

2015-03-27 17:54 - 2015-03-27 17:55 - 00000000 ____D () C:\Program Files (x86)\DivX

2015-03-27 17:53 - 2015-03-27 17:55 - 00000000 ____D () C:\ProgramData\DivX

2015-03-26 23:12 - 2015-03-26 23:14 - 00000000 ____D () C:\ProgramData\Package Cache

2015-03-26 22:31 - 2015-03-26 22:31 - 07350440 _____ () C:\Users\Administrator\Desktop\Final render dat_x264.mp4

2015-03-26 13:45 - 2015-03-30 01:38 - 00000000 ____D () C:\Users\Administrator\Desktop\Backups

2015-03-25 18:17 - 2015-03-11 06:06 - 00943616 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll

2015-03-25 18:17 - 2015-03-11 06:06 - 00760832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll

2015-03-25 18:17 - 2015-03-11 06:06 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll

2015-03-25 18:17 - 2015-03-11 06:06 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll

2015-03-25 18:17 - 2015-03-11 06:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2015-03-25 18:17 - 2015-03-11 06:05 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll

2015-03-25 18:17 - 2015-03-11 06:05 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll

2015-03-25 18:17 - 2015-03-11 06:02 - 01107456 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2015-03-23 16:59 - 2015-03-23 17:29 - 06103040 _____ () C:\Program Files (x86)\GUT7F40.tmp

2015-03-23 16:59 - 2015-03-23 16:59 - 00000000 ____D () C:\Program Files (x86)\GUM7F3F.tmp

2015-03-23 16:57 - 2015-04-15 11:02 - 00000940 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2399221302-1085130942-1105205786-500UA.job

2015-03-23 16:57 - 2015-04-14 16:02 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2399221302-1085130942-1105205786-500Core.job

2015-03-23 16:57 - 2015-03-23 16:57 - 00003930 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2399221302-1085130942-1105205786-500UA

2015-03-23 16:57 - 2015-03-23 16:57 - 00003534 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2399221302-1085130942-1105205786-500Core

2015-03-21 18:29 - 2015-03-22 11:45 - 00000000 ____D () C:\Program Files (x86)\Internet Download Manager

2015-03-21 18:29 - 2015-03-21 22:32 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\DMCache

2015-03-21 18:29 - 2015-03-21 21:07 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\IDM

2015-03-21 18:29 - 2015-03-21 18:29 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager

2015-03-21 18:29 - 2015-03-21 18:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager

2015-03-21 18:29 - 2015-03-21 18:29 - 00000000 ____D () C:\ProgramData\IDM

2015-03-21 10:28 - 2015-03-23 16:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2015-03-20 18:14 - 2015-03-20 18:14 - 00001010 _____ () C:\Users\Administrator\Desktop\Telegram.lnk

2015-03-19 05:08 - 2015-03-19 04:27 - 00191960 _____ (Tonec Inc.) C:\Windows\system32\Drivers\idmwfp.sys
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-04-15 11:45 - 2014-09-15 17:40 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit

2015-04-15 11:45 - 2009-07-14 06:45 - 00020480 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-04-15 11:45 - 2009-07-14 06:45 - 00020480 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-04-15 11:41 - 2009-10-22 17:16 - 01557092 _____ () C:\Windows\WindowsUpdate.log

2015-04-15 11:39 - 2014-07-19 15:06 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Skype

2015-04-15 11:37 - 2013-10-04 20:25 - 00065536 _____ () C:\Windows\system32\Ikeext.etl

2015-04-15 11:36 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-04-15 11:35 - 2014-07-09 18:16 - 00000000 ____D () C:\AdwCleaner

2015-04-15 11:31 - 2014-11-18 20:23 - 03300352 ___SH () C:\Users\Administrator\Downloads\Thumbs.db

2015-04-15 11:29 - 2013-07-13 03:14 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-04-15 10:52 - 2014-11-22 18:47 - 00000000 ____D () C:\Program Files (x86)\Notepad++

2015-04-15 10:52 - 2014-07-10 04:06 - 00000000 ____D () C:\Users\Administrator\AppData\Local\CrashDumps

2015-04-15 10:52 - 2013-05-27 21:20 - 00000000 ____D () C:\ProgramData\Skype

2015-04-15 10:34 - 2014-10-10 23:46 - 00000000 ____D () C:\Program Files (x86)\Steam

2015-04-15 10:16 - 2014-07-26 05:52 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\vlc

2015-04-15 09:09 - 2009-11-29 17:59 - 00000000 ____D () C:\Temp

2015-04-15 08:49 - 2015-03-07 12:53 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-04-15 08:33 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2015-04-14 22:01 - 2014-12-06 17:37 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Everything

2015-04-14 16:02 - 2014-07-25 13:47 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\TS3Client

2015-04-14 15:48 - 2015-01-29 15:04 - 00000000 ____D () C:\Users\braunebauch

2015-04-14 15:48 - 2014-09-18 15:17 - 00000000 ____D () C:\Users\biBa

2015-04-14 15:35 - 2009-10-22 17:23 - 00000000 ____D () C:\Users\karsten

2015-04-14 14:18 - 2014-07-26 21:10 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Downloaded Installations

2015-04-14 14:17 - 2015-01-14 17:44 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\FileZilla

2015-04-14 14:06 - 2015-01-14 17:49 - 00000600 _____ () C:\Users\Administrator\AppData\Local\PUTTY.RND

2015-04-14 14:04 - 2015-02-04 23:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client

2015-04-14 14:04 - 2015-02-04 23:42 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client

2015-04-14 10:04 - 2014-11-22 18:47 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Notepad++

2015-04-14 08:43 - 2009-07-14 19:58 - 00714066 _____ () C:\Windows\system32\perfh007.dat

2015-04-14 08:43 - 2009-07-14 19:58 - 00155896 _____ () C:\Windows\system32\perfc007.dat

2015-04-14 08:43 - 2009-07-14 07:13 - 01660646 _____ () C:\Windows\system32\PerfStringBackup.INI

2015-04-14 08:09 - 2014-04-11 12:26 - 02300472 _____ () C:\Users\karsten\AppData\Local\GDIPFONTCACHEV1.DAT

2015-04-14 07:57 - 2015-01-29 15:05 - 02300472 _____ () C:\Users\braunebauch\AppData\Local\GDIPFONTCACHEV1.DAT

2015-04-13 21:56 - 2014-04-02 22:18 - 00000000 ____D () C:\Users\Administrator

2015-04-13 10:30 - 2014-10-02 01:21 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Audacity

2015-04-13 09:39 - 2013-11-07 15:18 - 00000000 ____D () C:\Windows\pss

2015-04-06 17:41 - 2013-12-02 01:39 - 00000000 ___RD () C:\Program Files (x86)\Skype

2015-04-04 15:42 - 2014-04-02 22:18 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google

2015-04-04 15:42 - 2011-02-07 21:58 - 00000000 ____D () C:\Program Files (x86)\Google

2015-04-04 15:31 - 2013-07-13 03:14 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2015-04-04 15:31 - 2013-07-13 03:14 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2015-04-04 15:31 - 2011-08-07 03:35 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2015-04-04 15:30 - 2014-07-10 04:00 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Adobe

2015-04-04 15:22 - 2014-09-10 01:23 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Opera Software

2015-04-04 15:22 - 2014-09-10 01:23 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Opera Software

2015-04-03 21:41 - 2015-03-13 15:07 - 02300472 _____ () C:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT

2015-04-03 20:56 - 2014-07-24 17:09 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\TeamViewer

2015-04-03 00:04 - 2013-09-09 18:38 - 00000000 ____D () C:\ProgramData\Mozilla

2015-04-01 12:06 - 2013-07-23 19:16 - 00000000 ____D () C:\ProgramData\Origin

2015-04-01 01:02 - 2015-02-23 11:41 - 00000000 ____D () C:\Users\Administrator\Desktop\GTA SA

2015-04-01 00:52 - 2014-11-28 03:45 - 00000000 ____D () C:\ProgramData\MTA San Andreas All

2015-04-01 00:52 - 2014-11-28 03:45 - 00000000 ____D () C:\Program Files (x86)\MTA San Andreas 1.4

2015-04-01 00:48 - 2014-10-23 00:16 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\uTorrent

2015-03-31 22:16 - 2013-07-02 23:05 - 00000000 ____D () C:\ProgramData\Hi-Rez Studios

2015-03-30 10:57 - 2014-07-25 00:23 - 00000000 ____D () C:\Program Files (x86)\puush

2015-03-30 01:07 - 2014-09-24 13:53 - 00000000 ____D () C:\Users\Administrator\Desktop\Five Nights at Freddy's

2015-03-30 01:00 - 2015-01-09 16:42 - 00000000 ____D () C:\Users\Administrator\Desktop\Alben

2015-03-29 18:10 - 2015-02-22 22:18 - 00000000 ____D () C:\Users\Administrator\Desktop\Mods

2015-03-29 17:22 - 2014-10-27 05:06 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information

2015-03-29 15:30 - 2014-02-26 17:23 - 00000000 ____D () C:\Program Files (x86)\Origin Games

2015-03-29 15:29 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games

2015-03-28 22:01 - 2014-07-27 16:38 - 00280904 _____ () C:\Windows\SysWOW64\PnkBstrB.exe

2015-03-28 22:01 - 2013-07-29 08:52 - 00280904 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr

2015-03-28 21:59 - 2014-07-27 16:38 - 00280904 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0

2015-03-28 21:22 - 2014-05-29 02:26 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins

2015-03-28 21:14 - 2013-08-13 14:04 - 00075136 _____ () C:\Windows\SysWOW64\PnkBstrA.exe

2015-03-28 18:33 - 2014-11-27 23:23 - 00000000 ____D () C:\Program Files (x86)\Origin

2015-03-27 21:42 - 2014-12-29 16:55 - 00000000 ____D () C:\Users\Administrator\Desktop\PD2 Mod

2015-03-27 17:40 - 2014-10-12 21:00 - 00000000 ____D () C:\Program Files\CyberGhost 5

2015-03-27 11:41 - 2015-01-07 16:03 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\.minecraft

2015-03-26 09:10 - 2014-12-10 14:56 - 00000000 ____D () C:\Windows\system32\appraiser

2015-03-26 09:10 - 2014-05-06 23:34 - 00000000 ___SD () C:\Windows\system32\CompatTel

2015-03-24 23:45 - 2015-03-07 12:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-03-24 23:45 - 2015-03-07 12:52 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2015-03-23 16:50 - 2014-11-15 23:20 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Deployment

2015-03-23 16:49 - 2014-05-01 12:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony

2015-03-23 16:49 - 2013-08-26 23:36 - 00000000 ____D () C:\Program Files (x86)\Sony

2015-03-23 16:47 - 2013-05-27 19:02 - 00000000 ____D () C:\Windows\system32\appmgmt

2015-03-22 18:10 - 2014-10-11 03:20 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\www.gtavicecity.ru

2015-03-21 21:13 - 2014-10-22 02:44 - 00000000 ____D () C:\Program Files (x86)\Kingo ROOT

2015-03-21 21:12 - 2014-09-10 19:23 - 00000000 ____D () C:\Program Files (x86)\FFsplit

2015-03-21 21:10 - 2015-01-21 18:19 - 00000000 ____D () C:\Program Files (x86)\Comodo

2015-03-21 21:09 - 2014-10-11 04:37 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Comodo

2015-03-21 21:09 - 2013-11-12 20:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo

2015-03-20 21:38 - 2014-09-19 14:48 - 00000000 ____D () C:\ProgramData\Oracle

2015-03-20 21:35 - 2014-06-02 14:17 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll

2015-03-20 21:35 - 2013-12-01 23:49 - 00000000 ____D () C:\Program Files\Java

2015-03-20 21:34 - 2014-06-02 14:13 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2015-03-20 21:34 - 2013-09-25 13:38 - 00000000 ____D () C:\Program Files (x86)\Java

2015-03-20 13:28 - 2015-02-07 13:07 - 00000000 ____D () C:\Users\braunebauch\AppData\Roaming\Everything

2015-03-18 16:22 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache

2015-03-17 17:54 - 2013-09-15 14:09 - 00000000 ____D () C:\Program Files (x86)\Ubisoft

2015-03-17 07:15 - 2015-03-07 12:52 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2015-03-17 07:15 - 2015-03-07 12:52 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2015-03-17 07:15 - 2015-03-07 12:52 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
 

==================== Files in the root of some directories =======
 

2014-09-03 05:34 - 2014-09-03 06:59 - 6010880 _____ () C:\Program Files (x86)\GUT455E.tmp

2015-04-04 15:31 - 2015-04-04 15:41 - 44492800 _____ () C:\Program Files (x86)\GUT50C2.tmp

2015-03-23 16:59 - 2015-03-23 17:29 - 6103040 _____ () C:\Program Files (x86)\GUT7F40.tmp

2014-10-31 03:31 - 2014-10-31 03:48 - 0065625 _____ () C:\Users\Administrator\AppData\Roaming\Camdata.ini

2014-10-31 03:31 - 2014-10-31 03:48 - 0000408 _____ () C:\Users\Administrator\AppData\Roaming\CamLayout.ini

2014-10-31 03:31 - 2014-10-31 03:48 - 0000408 _____ () C:\Users\Administrator\AppData\Roaming\CamShapes.ini

2014-10-31 03:31 - 2014-10-31 03:48 - 0004551 _____ () C:\Users\Administrator\AppData\Roaming\CamStudio.cfg

2014-10-31 03:35 - 2014-10-31 03:47 - 0000098 _____ () C:\Users\Administrator\AppData\Roaming\CamStudio.Producer.command

2014-10-31 03:40 - 2014-10-31 03:48 - 0000000 _____ () C:\Users\Administrator\AppData\Roaming\CamStudio.Producer.Data.ini

2014-10-31 03:40 - 2014-10-31 03:48 - 0001206 _____ () C:\Users\Administrator\AppData\Roaming\CamStudio.Producer.ini

2014-10-31 03:29 - 2014-10-31 03:42 - 0000096 _____ () C:\Users\Administrator\AppData\Roaming\version2.xml

2014-10-07 11:08 - 2014-10-07 11:08 - 0000045 _____ () C:\Users\Administrator\AppData\Roaming\WB.CFG

2014-09-14 20:26 - 2015-01-22 22:45 - 0005632 _____ () C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2014-10-11 02:56 - 2014-10-11 02:56 - 0000101 _____ () C:\Users\Administrator\AppData\Local\fusioncache.dat

2014-09-08 21:28 - 2014-09-08 21:28 - 0000000 ___SH () C:\Users\Administrator\AppData\Local\LumaEmu

2015-01-14 17:49 - 2015-04-14 14:06 - 0000600 _____ () C:\Users\Administrator\AppData\Local\PUTTY.RND

2014-10-13 12:52 - 2014-10-13 12:52 - 0000000 _____ () C:\Users\Administrator\AppData\Local\{80B6D3F3-6694-49AF-916C-2BA4E7745A94}
 

Files to move or delete:

====================

C:\Users\karsten\AppData\Roaming\skype.ini
 
 

Some content of TEMP:

====================

C:\Users\Administrator\AppData\Local\Temp\Quarantine.exe

C:\Users\Administrator\AppData\Local\Temp\sqlite3.dll

C:\Users\biBa\AppData\Local\Temp\SkypeSetup.exe
 
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2015-04-14 12:43
 

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-04-2015

Ran by Administrator at 2015-04-15 11:47:14

Running from C:\Users\Administrator\Downloads

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

(If an entry is included in the fixlist, it will be removed.)
 

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 

==================== Installed Programs ======================
 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 

Adobe After Effects CC 2014 (HKLM-x32\...\{2B22C750-5C3B-4738-B621-BA786AC7A494}) (Version: 13.2.0 - Adobe Systems Incorporated)

Adobe After Effects CS6 (HKLM-x32\...\{4817D846-700B-474E-A31B-80892B3E92E3}) (Version: 11 - Adobe Systems Incorporated)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)

Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.9.0.465 - Adobe Systems Incorporated)

Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.182 - Adobe Systems Incorporated)

Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)

Adobe Flash Player 17 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)

Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)

Adobe Media Encoder CC 2014 (HKLM-x32\...\{663DEEEF-EF34-4DCB-8687-73A7AA146E02}) (Version: 8.2.0 - Adobe Systems Incorporated)

Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.0 - Adobe Systems Incorporated)

Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.)

Akamai NetSession Interface (HKU\S-1-5-21-2399221302-1085130942-1105205786-500\...\Akamai) (Version:  - Akamai Technologies, Inc)

AMD Catalyst Install Manager (HKLM\...\{FAF03106-1653-15E1-3C0C-E7AE4FAE6EBF}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)

Ancient Weapon Sounds (HKLM-x32\...\{D91802D9-6A42-4563-BC37-B3E2D04DC95B}) (Version: 2.1.0 - Screaming Bee)

Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version:  - )

Arvo (HKLM-x32\...\{61DF2893-0069-4E50-A02E-3A41A97CB1B4}) (Version: 1.0 - ROCCAT)

Ashampoo WinOptimizer 11 v.11.00.40 (HKLM-x32\...\{4209F371-8D72-8119-66FA-897D2D41E27F}_is1) (Version: 11.00.40 - Ashampoo GmbH & Co. KG)

Assassin's Creed Brotherhood (HKLM-x32\...\{BE4BA698-8533-4F77-9559-C7F3F78C0B05}) (Version: 1.03 - Ubisoft)

Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)

Audiosurf (HKLM-x32\...\Steam App 12900) (Version:  - Dylan Fitterer)

Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - Bandisoft.com)

Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)

Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.6.2 - EA Digital Illusions CE AB)

Blender (HKLM\...\Blender) (Version: 2.73 - Blender Foundation)

Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch (x32 Version:  - ) Hidden

Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch (x32 Version:  - ) Hidden

Call of Duty: Modern Warfare 3 - Dedicated Server (HKLM-x32\...\Steam App 42750) (Version:  - Infinity Ward - Sledgehammer Games)

Cheat Engine 6.3 (HKLM-x32\...\Cheat Engine 6.3_is1) (Version:  - Cheat Engine)

CINEMA 4D R14 (HKLM-x32\...\CINEMA 4D R14) (Version:  - )

Cinema 4D version R12 (HKLM-x32\...\{7D9D8134-9FA3-4FFF-ADA1-BF609F29997A}_is1) (Version: R12 - Salat Production)

Clean Master (HKLM-x32\...\Clean Master) (Version: 1.0 - Cheetah Mobile)

CLEO 4.3 (HKLM-x32\...\{A8F37EB0-C741-41D7-8CAB-5B40ECEEF094}_is1) (Version: 4.3 - Seemann, Deji, Alien)

Clownfish for Skype (HKLM-x32\...\Clownfish) (Version:  - )

Color Suite v11.1.4 (HKLM-x32\...\{99487911-8011-42BC-B594-8B02BFD32B1D}_is1) (Version: 11.1.4 - Red Giant, LLC)

Command & Conquer™ Alarmstufe Rot 3 (HKLM-x32\...\{296D8550-CB06-48E4-9A8B-E5034FB64715}) (Version: 1.0.1.0 - Electronic Arts)

Counter-Strike Nexon: Zombies (HKLM-x32\...\Steam App 273110) (Version:  - Nexon)

Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)

Creatures of Darkness (HKLM-x32\...\{5B616A3F-43D9-4F0B-9F49-D39342A98592}) (Version: 3.3.0 - Screaming Bee LLC)

Crossfire Europe (HKLM-x32\...\Crossfire Europe) (Version: 1.172 - MAYN INTERACTIVE)

Desura (HKLM-x32\...\Desura) (Version: 100.53 - Desura)

Die Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.0.732.20 - Electronic Arts Inc.)

DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.7.0.64 - DivX, LLC)

Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)

Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)

Dungeon Siege 2 (HKLM-x32\...\Steam App 39200) (Version:  - Gas Powered Games)

Dxtory version 2.0.122 (HKLM-x32\...\Dxtory2.0_is1) (Version: 2.0.122 - Dxtory Software)

Easy 7-Zip v0.1.4 (x64) (HKLM\...\{661BB54F-5E4A-45F0-8153-DDF10C2E3FB7}_is1) (Version: 0.1.4 (x64) - James Hoo)

Euthanasia V.1.0 (HKU\S-1-5-21-2399221302-1085130942-1105205786-500\...\Euthanasia V.1.0) (Version:  - )

Everything 1.3.4.686 (x64) (HKLM\...\Everything) (Version:  - )

F.E.A.R. 2: Project Origin (HKLM-x32\...\Steam App 16450) (Version:  - Monolith)

Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)

Far Cry 2 (HKLM-x32\...\Steam App 19900) (Version:  - Ubisoft Montreal)

Far Cry 3 (HKLM-x32\...\Uplay Install 46) (Version:  - Ubisoft)

Far Cry 3 Blood Dragon (HKLM-x32\...\{A071F478-73E0-4143-AE55-4DD6BABD74F5}) (Version: 1.02 - Ubisoft)

FileZilla Client 3.10.3 (HKLM-x32\...\FileZilla Client) (Version: 3.10.3 - Tim Kosse)

Fistful of Frags (HKLM-x32\...\Steam App 265630) (Version:  - Fistful of Frags Team)

FL Studio 11 (HKLM-x32\...\FL Studio 11) (Version:  - Image-Line)

FlowStone FL 3.0 (HKLM-x32\...\FlowStone) (Version:  - )

Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )

Gameforge Live 2.0.5 (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.5 - Gameforge)

GameSpy Comrade (HKLM-x32\...\{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}) (Version: 1.5.0.156 - GameSpy)

Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)

Goodbye New World (HKLM\...\UDK-14cab96a-d442-42f0-b347-97f8e3b6bcb4) (Version:  - Epic Games, Inc.)

Google Drive (HKLM-x32\...\{65EACBB4-B0B8-4A5B-AE46-22DBE15C70B5}) (Version: 1.19.8406.6504 - Google, Inc.)

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden

Grand Theft Auto IV (x32 Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden

Half-Life 2 (HKU\S-1-5-21-2399221302-1085130942-1105205786-500\...\Half-Life 2) (Version:  - )

Handset WinDriver 1.02.03.00 (HKLM-x32\...\Handset WinDriver) (Version: 1.02.03.00 - Huawei technologies Co., Ltd.)

Hazard Ops (HKLM-x32\...\{F70DE052-CFFD-4DCB-8DA3-3ECAAFBB7D15}}_is1) (Version: 1.4.1 - Infernum Productions AG)

Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)

Hercules Classic Webcam Drivers (HKLM-x32\...\{5F0EE12C-44B1-4FCB-87E3-4686C888774A}) (Version: 1.00.0000 - Hercules)

Hercules Webcam Deluxe (HKLM-x32\...\{E6F043EB-FEF5-4C34-95AF-99B3EB68F7D9}) (Version: 3.2.2.5 - Hercules)

Hercules Webcam Station Evolution SE (HKLM-x32\...\{C3C44248-B8F7-4B20-A5C7-994870B60F55}) (Version: 4.1.1.0 - Hercules)

HF pAppLoc version 1.0 (HKLM-x32\...\{9143B17E-BBDE-4EA7-A4E3-20D384D9C8A5}_is1) (Version: 1.0 - Inquisitor)

Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)

Hitman: Absolution (HKLM-x32\...\Steam App 203140) (Version:  - IO Interactive)

Hitman: Blood Money (HKLM-x32\...\Steam App 6860) (Version:  - IO Interactive)

Hitman: Contracts (HKLM-x32\...\Steam App 247430) (Version:  - IO Interactive)

HydraVision (x32 Version: 4.2.234.0 - Advanced Micro Devices, Inc.) Hidden

Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)

Java 8 Update 20 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418020F0}) (Version: 8.0.200 - Oracle Corporation)

Java 8 Update 40 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418040F0}) (Version: 8.0.400 - Oracle Corporation)

Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)

Just Cause 2: Multiplayer Mod (HKLM-x32\...\Steam App 259080) (Version:  - JC2-MP Team)

Lagarith Lossless Codec (1.3.27) (HKLM-x32\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version:  - )

League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )

League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden

Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)

Legendary (HKLM-x32\...\InstallShield_{D2ECAEB9-1ACD-4DA2-B3F6-4A94A429FC8C}) (Version: 1.00.0000 - Spark Unlimited)

Legendary (x32 Version: 1.00.0000 - Spark Unlimited) Hidden

Loadout (HKLM-x32\...\Steam App 208090) (Version:  - Edge of Reality)

LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.266 - LogMeIn, Inc.)

LogMeIn Hamachi (x32 Version: 2.2.0.266 - LogMeIn, Inc.) Hidden

LoiLo Game Recorder (HKLM\...\{89E4163C-BD19-45A9-BCEB-980741786799}_is1) (Version: 1.1.0.0 - LoiLo inc.)

LoiLoScope 2 (HKLM-x32\...\{CAB75FFC-2377-4B95-A8FA-C9234B812A92}_is1) (Version: 2.5.3.2 - LoiLo inc)

Magic Bullet QuickLooks Free version 1.4.4 (HKLM-x32\...\{B0D297D8-289A-48A7-B02E-B6A9914CF716}_is1) (Version: 1.4.4 - Red Giant, LLC)

Magic Bullet Suite 64-bit (Version: 11.4.4 - Red Giant) Hidden

Magicka: Wizard Wars (HKLM-x32\...\Steam App 202090) (Version:  - Paradox North)

Malwarebytes Anti-Exploit version 1.05.1.1016 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.05.1.1016 - Malwarebytes)

Malwarebytes Anti-Malware Version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)

Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )

Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)

Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)

Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)

Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft Visual Basic 2010 Express - DEU (HKLM-x32\...\Microsoft Visual Basic 2010 Express - DEU) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710F4C1C-CC18-4C49-8CBF-51240C89A1A2}) (Version:  - )

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052B-02A4-4627-81F2-1818DA5D550D}) (Version:  - )

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837B34E3-7C30-493C-8F6A-2B0F04E2912C}) (Version:  - )

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version:  - )

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version:  - )

Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)

Microsoft Visual Studio 2010 Service Pack 1 (HKLM-x32\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation)

Mirror's Edge™ (HKLM-x32\...\{AEDBD563-24BB-4EE3-8366-A654DAC2D988}) (Version: 1.0.1.0 - Electronic Arts)

Movie Studio Platinum 12.0 (64-bit) (HKLM\...\{5375FD61-C0E9-11E1-9297-F04DA23A5C58}) (Version: 12.0.334 - Sony)

MSI Afterburner 4.0.0 (HKLM-x32\...\Afterburner) (Version: 4.0.0 - MSI Co., LTD)

Need for Speed Most Wanted Black Edition (HKLM-x32\...\Need for Speed Most Wanted Black Edition_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, Panky)

Need for Speed™ Most Wanted (HKLM-x32\...\{ADE91A13-434D-4229-00BC-182BAD607303}) (Version:  - )

No More Room in Hell (HKLM-x32\...\Steam App 224260) (Version:  - No More Room in Hell Team)

Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.5 - Notepad++ Team)

NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.57.35 - NVIDIA Corporation)

NVIDIA PhysX (HKLM-x32\...\{8A809006-C25A-4A3A-9DAB-94659BCDB107}) (Version: 9.10.0224 - NVIDIA Corporation)

NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version:  - )

Oblivion (HKLM-x32\...\{35CB6715-41F8-4F99-8881-6FC75BF054B0}) (Version: 1.00.0000 - Bethesda Softworks)

Opera Stable 28.0.1750.51 (HKLM-x32\...\Opera 28.0.1750.51) (Version: 28.0.1750.51 - Opera Software ASA)

Oracle VM VirtualBox 4.3.10 (HKLM\...\{5632714F-6A48-4BF2-89E0-F8B6CE9FE6D1}) (Version: 4.3.10 - Oracle Corporation)

Orcs Must Die (HKLM-x32\...\{8EBA33AF-48E0-4207-A4EE-96029415AD76}_is1) (Version:  - Gameforge Productions GmbH)

Origin (HKLM-x32\...\Origin) (Version: 9.5.2.2829 - Electronic Arts, Inc.)

osu! (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284C}) (Version: 0.0.0.0 - peppy)

PackBit Codec version 1.0.0.1Beta (HKLM-x32\...\{5AFD98DE-0AF5-497F-BE7E-F93DEDF74573}_is1) (Version: 1.0.0.1Beta - Dxtory Software)

paint.net (HKLM\...\{3F5F509B-E226-417C-8CD1-CAAE756C328A}) (Version: 4.0.0 - dotPDN LLC)

Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)

Path of Exile (HKLM-x32\...\Steam App 238960) (Version:  - Grinding Gear Games)

PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)

PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)

Perfect Effects 4.0.4 (HKLM-x32\...\{385E6A4D-A440-43E2-9BAF-A012FB5FC2E2}) (Version: 4.0.4 - onOne Software)

Pflanzen gegen Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.)

piaip AppLocale (HKLM-x32\...\{394BE3D9-7F57-4638-A8D1-1D88671913B7}) (Version: 1.0.0 - MS)

Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)

puush (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284B}) (Version: 1.0.0.0 - Dean Herbert)

Python 3.3.3 (HKLM-x32\...\{39b6eb84-331c-3657-ad2e-837537ddf04f}) (Version: 3.3.3150 - Python Software Foundation)

Quake Live (HKLM-x32\...\Steam App 282440) (Version:  - id Software)

QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7161 - Realtek Semiconductor Corp.)

Red Giant Link (HKLM-x32\...\{10F82E5B-B611-4C65-8F29-666A9EC5680A}_is1) (Version: 1.8.100.5 - Red Giant, LLC)

ROCCAT Power-Grid Version 0.460 (HKLM-x32\...\{953CF6E6-4EC8-4E55-A263-720CEBD591FE}_is1) (Version: 0.460 - ROCCAT GmbH)

Rockstar Games Social Club (HKLM-x32\...\{08B3869E-D282-424C-9AFC-870E04A4BA14}) (Version: 1.00.0000 - Rockstar Games)

S.K.I.L.L. - Special Force 2 (HKLM-x32\...\Special Force 2 Beta_is1) (Version:  - )

San Andreas Mod Installer (HKLM-x32\...\San Andreas Mod Installer1.1) (Version: 1.1 - cpmusick)

Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)

Skype™ 7.2 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.2.103 - Skype Technologies S.A.)

Smite (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}) (Version: 2.3.2660.0 - Hi-Rez Studios)

Source SDK Base 2006 (HKLM-x32\...\Steam App 215) (Version:  - Valve)

South Park - The Stick of Truth (HKLM-x32\...\South Park - The Stick of Truth_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)

SRWare Iron Version SRWare Iron 37.2000.0 (HKLM-x32\...\{C59CF2CE-B302-4833-AA35-E0E07D8EBC52}_is1) (Version: SRWare Iron 37.2000.0 - SRWare)

Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)

Surgeon Simulator 2013 (HKLM-x32\...\Steam App 233720) (Version:  - Bossa Studios)

swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden

Syndicate (HKLM-x32\...\{64CFBAAB-46F7-4628-8D9B-E656A8C11CDB}) (Version: 2.0.0.3 - Electronic Arts)

TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )

TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)

TeamSpeak 3 Client (HKU\S-1-5-21-2399221302-1085130942-1105205786-500\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)

TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.40798 - TeamViewer)

Telegram Desktop Version 0.7.23 (HKU\S-1-5-21-2399221302-1085130942-1105205786-500\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 0.7.23 - Telegram Messenger LLP)

The Sims 4 (HKLM-x32\...\VGhlU2ltczQ=_is1) (Version: 1 - )

Trapcode Suite 64-bit (HKLM-x32\...\InstallShield_{460D83C4-15D5-4C0E-9B7D-2204F196A010}) (Version: 12.1.3 - Red Giant)

Trapcode Suite 64-bit (Version: 12.1.1 - Red Giant) Hidden

Trapcode Suite v12.1.5 (HKLM-x32\...\{DFD2DC6B-C634-4C1C-81CC-5EF852E71CEE}_is1) (Version: 12.1.5 - Red Giant, LLC)

Twixtor 5, After Effects-compatible plugin set (HKLM-x32\...\Twixtor 5, After Effects-compatible plugin set) (Version:  - )

Unity Web Player (HKU\S-1-5-21-2399221302-1085130942-1105205786-500\...\UnityWebPlayer) (Version: 4.5.4f1 - Unity Technologies ApS)

Unity Web Player (x64) (All users) (HKLM\...\UnityWebPlayer) (Version: 4.6.1f1 - Unity Technologies ApS)

Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)

Uplay (HKLM-x32\...\Uplay) (Version: 5.1 - Ubisoft)

VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden

Vegas Pro 12.0 (64-bit) (HKLM\...\{BE94768F-5232-11E3-BD78-F04DA23A5C58}) (Version: 12.0.770 - Sony)

Vegas Pro 13.0 (64-bit) (HKLM\...\{D0360940-CCC6-11E3-B9C6-F04DA23A5C58}) (Version: 13.0.310 - Sony)

Video Download Capture Version 4.9.3 (HKLM-x32\...\{3C9D008D-3716-4C3F-90CD-38ED57568FAB}_is1) (Version: 4.9.3 - APOWERSOFT LIMITED)

VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version:  - Elaborate Bytes)

VirtualDJ Home FREE (HKLM-x32\...\{77C2D5D4-ADC5-49F9-B36E-5992FCF35EA3}) (Version: 7.4.1 - Atomix Productions)

VirtualDJ PRO Full (HKLM-x32\...\{4769E972-2E92-49C5-B6F9-465EFD0C4D94}) (Version: 7.0.5 - Atomix Productions)

VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)

Warface (HKLM-x32\...\Steam App 291480) (Version:  - Crytek)

Warface Launcher (Beta) (HKLM-x32\...\{28D1723C-31C4-4A83-9799-DFFB3739026D}) (Version: 1.0.0 - Crytek GmbH)

Warframe (HKLM-x32\...\Steam App 230410) (Version:  - Digital Extremes)

Waterfox 36.0.4 (x64 en-US) (HKLM\...\Waterfox 36.0.4 (x64 en-US)) (Version: 36.0.4 - Mozilla)

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)

WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)

Wireshark 1.10.7 (64-bit) (HKLM-x32\...\Wireshark) (Version: 1.10.7 - The Wireshark developer community, hxxp://www.wireshark.org)

World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)

World of Warcraft Public Test (HKLM-x32\...\World of Warcraft Public Test) (Version:  - Blizzard Entertainment)

Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)
 

==================== Custom CLSID (selected items): ==========================
 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 

CustomCLSID: HKU\S-1-5-21-2399221302-1085130942-1105205786-500_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-2399221302-1085130942-1105205786-500_Classes\CLSID\{D45F043D-F17F-4e8a-8435-70971D9FA46D}\InprocServer32 -> C:\Program Files\Blender Foundation\Blender\BlendThumb64.dll ()

CustomCLSID: HKU\S-1-5-21-2399221302-1085130942-1105205786-500_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
 

==================== Restore Points  =========================
 

09-04-2015 14:43:23 DirectX wurde installiert

10-04-2015 14:13:50 Windows Update

14-04-2015 07:57:40 Windows Update

14-04-2015 14:18:43 Installed Remote Control Server.

14-04-2015 15:00:13 Installed MorphVOX Pro

14-04-2015 15:34:35 Installed Creatures of Darkness

14-04-2015 15:35:20 Installed Deep Space Voices

14-04-2015 15:36:14 Installed Female Voice Pack

14-04-2015 15:36:58 Installed Sci-Fi Voice Pack

14-04-2015 15:37:47 Installed Spooky Sounds

14-04-2015 15:38:57 Installed Ancient Weapon Sounds

14-04-2015 15:40:29 Installed Blue Satin Skin

15-04-2015 08:56:04 Removed Blue Satin Skin

15-04-2015 09:00:36 Removed Deep Space Voices

15-04-2015 09:04:29 Removed Female Voice Pack

15-04-2015 09:05:22 Removed MorphVOX Pro

15-04-2015 09:07:53 Removed Remote Control Server.

15-04-2015 09:41:51 Removed Spooky Sounds

15-04-2015 09:43:05 Removed Sci-Fi Voice Pack
 

==================== Scheduled Tasks (whitelisted) =============
 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 

Task: {06F8F7A2-A5FF-42CA-B363-FF89B4357C9B} - \{97620550-7AD6-43C4-9B64-7C7BC9F55F1A} No Task File <==== ATTENTION

Task: {0851DC4D-8C68-4A60-A0D5-C1613BCED171} - \{D4C421D4-F5FB-48A7-9BF2-142084EE4FEA} No Task File <==== ATTENTION

Task: {15616B49-269D-4AED-8AE0-ABACC72A1BEB} - \{BB346646-8460-4A6A-8385-378AF20AB49C} No Task File <==== ATTENTION

Task: {1F05F00D-E373-4DE0-9BBB-D9B82DB7E3C4} - System32\Tasks\Opera scheduled Autoupdate 1428153734 => C:\Program Files (x86)\Opera\launcher.exe [2015-04-07] (Opera Software)

Task: {2420BDDB-CBC4-4D46-87B0-CCE568FEF1F6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {2EACDB39-EF02-4B1D-87C8-8919BA310E1F} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)

Task: {33BD46FE-79BA-43DD-952A-B1EBE0E2C174} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2399221302-1085130942-1105205786-500Core => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2015-03-23] (Google Inc.)

Task: {37868ED5-A782-4C79-BB32-0718324FA25E} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)

Task: {37A810AF-E426-4453-B228-C5F3E693B477} - \{920D6D43-2AEA-416A-AC86-9F3AF9B88376} No Task File <==== ATTENTION

Task: {4ABFBB17-5888-47B0-B4B1-146A3991D92B} - \{20503128-1861-454C-94FD-14D0B46FAF99} No Task File <==== ATTENTION

Task: {4D30BD59-6B84-4507-8332-34CCDC5EEEB4} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2399221302-1085130942-1105205786-1001

Task: {4F9DA992-438C-40ED-AA8D-7AC9F1DCDFA8} - \{8D4E1323-0DAD-4625-B33A-B545E65E3A7A} No Task File <==== ATTENTION

Task: {5033F66D-BBB8-4BFA-BEDE-16F65262502E} - \{7F1008C0-6851-4DB5-B285-DCF8862D940C} No Task File <==== ATTENTION

Task: {5665030D-3375-4AC8-A157-197B3C547DEA} - \{454AD1E7-6BA2-49F6-BA0A-E8F65BE67228} No Task File <==== ATTENTION

Task: {5A0B1ACD-B23C-46E3-AA59-49F82298F3D3} - System32\Tasks\Driver Booster SkipUAC (karsten) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe

Task: {5D447156-A55E-4473-AF74-BC51AE18D370} - System32\Tasks\Driver Booster SkipUAC (Administrator) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe

Task: {61DC6B12-D051-4DE7-9A35-A9D6565115E0} - \{7196DD32-832B-472B-80C1-2E21BDFFA13B} No Task File <==== ATTENTION

Task: {688532D0-4BE3-4725-82EB-221903A17363} - \{573D3449-1E43-4310-A81E-9E74D686D6EB} No Task File <==== ATTENTION

Task: {689B6418-97EB-469B-A04D-C312EE7C142E} - \{D67FB836-87B9-4E35-A019-B496DAF45C0C} No Task File <==== ATTENTION

Task: {6D173DD5-2F81-4CEB-9652-BEA1EB96238F} - System32\Tasks\AdobeAAMUpdater-1.0-karsten-PC-karsten => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-09-19] (Adobe Systems Incorporated)

Task: {6D463B5E-5F29-429A-8D41-D1C65F060470} - System32\Tasks\Update\Windows => C:\Users\Administrator\AppData\Roaming\Winlogon.exe

Task: {6E8418B0-EB54-47C8-847A-AC1194246DAF} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2399221302-1085130942-1105205786-1001UA => C:\Users\karsten\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-12-28] (Facebook Inc.)

Task: {73689B5B-3E64-43C5-A640-002BDB5E65BF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-11] (Google Inc.)

Task: {80722540-49EF-4C90-B440-093526396386} - \{90427E89-C8A5-4072-96EE-774EFAC3BA83} No Task File <==== ATTENTION

Task: {88362523-0CAB-4056-9930-50BA04D51695} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2399221302-1085130942-1105205786-500UA => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2015-03-23] (Google Inc.)

Task: {894FF966-4C6E-4AF5-8178-D3BFE9A8385E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-04] (Adobe Systems Incorporated)

Task: {9173471A-C6DA-4284-832F-E99E410E243E} - \{5163C3E5-63C5-4495-B4AA-5419966FBBBF} No Task File <==== ATTENTION

Task: {9B3545D0-957C-43B2-AEC2-F87EE1DE372A} - \SmartDefrag_Startup No Task File <==== ATTENTION

Task: {AA96D98E-B3B7-40F1-98D0-AB0263F3586F} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2399221302-1085130942-1105205786-1001Core => C:\Users\karsten\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-12-28] (Facebook Inc.)

Task: {ABEB59B5-AC0A-408A-A48B-E387FFD6FC65} - \{F1E8C321-63A0-484C-95B0-765F41AFB711} No Task File <==== ATTENTION

Task: {AFEB4AF5-D7EF-40CF-8F1E-31523FF9F37C} - \{6E93AD71-C22E-435D-B5FA-93D87244ACD8} No Task File <==== ATTENTION

Task: {B845CFC5-46E7-433E-8CA9-C97319D2C45E} - \{E84F4D91-D6D0-4366-B512-09F5D48FDC49} No Task File <==== ATTENTION

Task: {C0B73CCB-78FA-434F-B815-07F1444EE448} - \{43005882-BDF5-4A2F-9DC4-4112790601A5} No Task File <==== ATTENTION

Task: {C33D4862-D785-4E1F-8349-9BA3A4444E29} - \{9110898E-5912-4DD7-A2BE-AD879D3B38A3} No Task File <==== ATTENTION

Task: {C4C81ECE-2270-4B49-8B4B-7EC3783971BF} - \{5D9C3054-DF04-46E7-85FE-CE1984B2C4AF} No Task File <==== ATTENTION

Task: {C7293F5F-B1AB-4834-991A-E28F5E0BF8F7} - \{9DD0760A-9201-4D1B-B2DF-BA34C01DC649} No Task File <==== ATTENTION

Task: {CE1A460F-1729-4CFA-AC0A-8AA62057D712} - \SidebarExecute No Task File <==== ATTENTION

Task: {CEEC97F6-68E8-4BE1-99CB-73F00C79D6ED} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)

Task: {D1CFF53A-370D-45C7-9420-008EC7DE6CB2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-11] (Google Inc.)

Task: {D732F774-D275-48CB-BC29-0568B6F33D92} - \{F5E9DBFF-FF75-4AC4-B401-12DF05DF2296} No Task File <==== ATTENTION

Task: {DDBC4B6F-17CC-4842-8420-C02FC0055B89} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\SymErr.exe

Task: {E4339764-53AF-48EA-A486-8894CA00BF2C} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\SymErr.exe

Task: {E638D2DC-173D-42F3-87C4-23C0437E3737} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)

Task: {E7267170-18D5-418D-99EC-4A3CA62DA07B} - System32\Tasks\Red Giant Link => C:\Program Files (x86)\Red Giant Link\Red Giant Link.exe [2014-07-09] ()

Task: {ECFEB51F-C61F-47B6-8233-BF100082337B} - \{FE17945D-4600-4AEB-9D5A-3D15DCBD397A} No Task File <==== ATTENTION

Task: {F7610585-9EB2-41DB-8CB4-16DB95A21205} - \SmartDefragUpdate No Task File <==== ATTENTION

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2399221302-1085130942-1105205786-1001Core.job => C:\Users\karsten\AppData\Local\Facebook\Update\FacebookUpdate.exe

Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2399221302-1085130942-1105205786-1001UA.job => C:\Users\karsten\AppData\Local\Facebook\Update\FacebookUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2399221302-1085130942-1105205786-500Core.job => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2399221302-1085130942-1105205786-500UA.job => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe
 

==================== Loaded Modules (whitelisted) ==============
 

2010-07-20 11:28 - 2009-05-18 14:40 - 00053760 _____ () C:\Windows\System32\LXEEPMON.DLL

2010-07-20 11:28 - 2009-01-13 15:15 - 04485120 _____ () C:\Windows\System32\LXEEOEM.DLL

2014-01-31 21:55 - 2012-09-18 16:27 - 00192512 _____ () C:\Windows\System32\zlhp1020.dll

2014-01-31 21:55 - 2012-09-18 16:27 - 00065024 _____ () C:\Windows\system32\spool\PRTPROCS\x64\pphp1020.dll

2010-07-20 11:30 - 2009-11-04 09:18 - 00189440 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxeedrpp.dll

2013-08-13 14:04 - 2015-03-28 21:14 - 00075136 _____ () C:\Windows\SysWOW64\PnkBstrA.exe

2014-12-19 16:57 - 2014-12-19 16:57 - 01039008 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll

2015-03-29 12:25 - 2015-03-29 12:25 - 00043480 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll

2012-01-10 14:41 - 2015-03-30 10:57 - 00568904 _____ () C:\Program Files (x86)\puush\puush.exe

2013-04-29 23:25 - 2013-04-29 23:25 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll

2013-06-18 15:49 - 2013-06-18 15:49 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll

2013-04-29 23:08 - 2013-04-29 23:08 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll

2015-04-11 20:55 - 2015-04-11 20:55 - 00484472 _____ () C:\Program Files (x86)\Opera\28.0.1750.51\opera_crashreporter.exe

2015-03-29 12:25 - 2015-03-29 12:25 - 00039384 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll

2015-04-11 20:55 - 2015-04-11 20:55 - 01488504 _____ () C:\Program Files (x86)\Opera\28.0.1750.51\libglesv2.dll

2015-04-11 20:55 - 2015-04-11 20:55 - 00079992 _____ () C:\Program Files (x86)\Opera\28.0.1750.51\libegl.dll

2015-04-11 20:55 - 2015-04-11 20:55 - 09625720 _____ () C:\Program Files (x86)\Opera\28.0.1750.51\pdf.dll
 

==================== Alternate Data Streams (whitelisted) =========
 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 

AlternateDataStreams: C:\ProgramData:NT

AlternateDataStreams: C:\ProgramData:NT2

AlternateDataStreams: C:\Windows\system32\Drivers\bdqgfffr.sys:changelist

AlternateDataStreams: C:\Users\All Users:NT

AlternateDataStreams: C:\Users\All Users:NT2

AlternateDataStreams: C:\ProgramData\Anwendungsdaten:NT

AlternateDataStreams: C:\ProgramData\Anwendungsdaten:NT2

AlternateDataStreams: C:\ProgramData\Application Data:NT

AlternateDataStreams: C:\ProgramData\Application Data:NT2

AlternateDataStreams: C:\ProgramData\TEMP:373E1720

AlternateDataStreams: C:\ProgramData\TEMP:5B8C10F3

AlternateDataStreams: C:\Users\karsten\Anwendungsdaten:NT

AlternateDataStreams: C:\Users\karsten\Anwendungsdaten:NT2

AlternateDataStreams: C:\Users\karsten\AppData\Roaming:NT

AlternateDataStreams: C:\Users\karsten\AppData\Roaming:NT2
 

==================== Safe Mode (whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
 

==================== EXE Association (whitelisted) ===============
 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 

==================== Other Areas ============================
 

(Currently there is no automatic fix for this section.)
 

HKU\S-1-5-21-2399221302-1085130942-1105205786-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

DNS Servers: 192.168.178.1
 

==================== MSCONFIG/TASK MANAGER disabled items ==
 

(Currently there is no automatic fix for this section.)
 

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3

MSCONFIG\Services: Application Updater => 2

MSCONFIG\Services: BstHdAndroidSvc => 2

MSCONFIG\Services: BstHdLogRotatorSvc => 2

MSCONFIG\Services: CGVPNCliService => 2

MSCONFIG\Services: Desura Install Service => 3

MSCONFIG\Services: globalUpdate => 2

MSCONFIG\Services: globalUpdatem => 3

MSCONFIG\Services: gupdate => 2

MSCONFIG\Services: gupdatem => 3

MSCONFIG\Services: Hamachi2Svc => 2

MSCONFIG\Services: HideIPLaucherService => 2

MSCONFIG\Services: HiPatchService => 2

MSCONFIG\Services: hshld => 2

MSCONFIG\Services: HssTrayService => 3

MSCONFIG\Services: HssWd => 2

MSCONFIG\Services: IceDragonUpdater => 2

MSCONFIG\Services: IePluginServices => 2

MSCONFIG\Services: LiveUpdateSvc => 2

MSCONFIG\Services: LMIGuardianSvc => 2

MSCONFIG\Services: MBAMScheduler => 2

MSCONFIG\Services: MBAMService => 2

MSCONFIG\Services: MozillaMaintenance => 3

MSCONFIG\Services: OkayFreedom VPN Starter Service => 2

MSCONFIG\Services: OpenVPNService => 3

MSCONFIG\Services: Origin Client Service => 3

MSCONFIG\Services: OverwolfUpdaterService => 3

MSCONFIG\Services: rpcapd => 3

MSCONFIG\Services: RzKLService => 2

MSCONFIG\Services: SafeBox => 2

MSCONFIG\Services: SbieSvc => 2

MSCONFIG\Services: SkypeUpdate => 2

MSCONFIG\Services: SwitchBoard => 3

MSCONFIG\Services: TeamViewer => 2

MSCONFIG\Services: TuneUp.UtilitiesSvc => 2

MSCONFIG\Services: UnsignedThemes => 2

MSCONFIG\Services: vToolbarUpdater17.2.0 => 2

MSCONFIG\Services: WindowsMangerProtect => 2

MSCONFIG\Services: WO_LiveService2 => 3

MSCONFIG\Services: Wpm => 2

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AdFender.lnk => C:\Windows\pss\AdFender.lnk.CommonStartup

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Windows Task Monitor.lnk => C:\Windows\pss\Windows Task Monitor.lnk.CommonStartup

MSCONFIG\startupfolder: C:^Users^Administrator^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Grand Theft Auto V.rar.lnk => C:\Windows\pss\Grand Theft Auto V.rar.lnk.Startup

MSCONFIG\startupfolder: C:^Users^karsten^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^464880c9d8c4a147af609f752aac5ce9.exe => C:\Windows\pss\464880c9d8c4a147af609f752aac5ce9.exe.Startup

MSCONFIG\startupfolder: C:^Users^karsten^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^464880c9d8c4a147af609f752aac5ce9.exe.tmp => C:\Windows\pss\464880c9d8c4a147af609f752aac5ce9.exe.tmp.Startup

MSCONFIG\startupfolder: C:^Users^karsten^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk => C:\Windows\pss\Adobe Gamma.lnk.Startup

MSCONFIG\startupfolder: C:^Users^karsten^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Metro Updater.exe => C:\Windows\pss\Metro Updater.exe.Startup

MSCONFIG\startupfolder: C:^Users^karsten^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Rainmeter.lnk => C:\Windows\pss\Rainmeter.lnk.Startup

MSCONFIG\startupfolder: C:^Users^karsten^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Run.lnk => C:\Windows\pss\Run.lnk.Startup

MSCONFIG\startupreg: 1 => 

MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true

MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

MSCONFIG\startupreg: AdobeCEPServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe" -launchedbylogin

MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin

MSCONFIG\startupreg: Advanced SystemCare 7 => "C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto

MSCONFIG\startupreg: Advanced SystemCare Ultimate => "C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\ASCTray.exe" /Auto

MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\Administrator\AppData\Local\Akamai\netsession_win.exe"

MSCONFIG\startupreg: amd_dc_opt => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe

MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

MSCONFIG\startupreg: AVG_UI => "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY

MSCONFIG\startupreg: BackgroundSwitcher => "C:\Program Files (x86)\johnsadventures.com\John's Background Switcher\BackgroundSwitcher.exe"

MSCONFIG\startupreg: Bdagent => "C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe"

MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe

MSCONFIG\startupreg: clicup-Agent => C:\Users\ADMINI~1\AppData\Local\Temp\clicup\clicup.exe

MSCONFIG\startupreg: Clownfish => "C:\Program Files (x86)\Clownfish\Clownfish.exe"

MSCONFIG\startupreg: cmsc => "c:\program files (x86)\cmcm\Clean Master\cmtray.exe" -autorun

MSCONFIG\startupreg: ConduitFloatingPlugin_cfigonhgidedenkkhlilmefgodjpefna => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\karsten\AppData\Local\Temp\CT3317892\plugins\TBVerifier.dll",RunConduitFloatingPlugin cfigonhgidedenkkhlilmefgodjpefna

MSCONFIG\startupreg: CyberGhost => "C:\Program Files\CyberGhost 5\CyberGhost.EXE" /autostart

MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

MSCONFIG\startupreg: Dxtory Update Checker 2.0 => C:\Program Files (x86)\Dxtory Software\Dxtory2.0\UpdateChecker.exe

MSCONFIG\startupreg: EADM => "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart

MSCONFIG\startupreg: Everything => "C:\Program Files\Everything\Everything.exe" -startup

MSCONFIG\startupreg: EzPrint => 

MSCONFIG\startupreg: Facebook Update => "C:\Users\karsten\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

MSCONFIG\startupreg: File => "C:\Program Files (x86)\Java\jre7\bin\javaw.exe" -jar "C:\Users\karsten\AppData\Local\Temp\File5913484223273618412.jar"

MSCONFIG\startupreg: Google Update => "C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe" /c

MSCONFIG\startupreg: GoogleDriveSync => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart

MSCONFIG\startupreg: Handy Updater => 

MSCONFIG\startupreg: HKCU => C:\Users\karsten\AppData\Roaming\install\server.exe

MSCONFIG\startupreg: HydraVisionDesktopManager => "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"

MSCONFIG\startupreg: IDMan => C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot

MSCONFIG\startupreg: iLivid => "C:\Users\karsten\AppData\Local\iLivid\iLivid.exe" -autorun

MSCONFIG\startupreg: InetStat => "C:\Users\karsten\AppData\Roaming\InetStat\inetstat.exe" /c=14

MSCONFIG\startupreg: InstallerLauncher => "C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\Installer.exe"

MSCONFIG\startupreg: javab => C:\Users\karsten\AppData\Local\Temp\MinecraftAdminForcer.exe

MSCONFIG\startupreg: Lexmark Pro700 Series => 

MSCONFIG\startupreg: LightShot => C:\Users\karsten\AppData\Local\Skillbrains\lightshot\Lightshot.exe Flags: uninsdeletevalue

MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start

MSCONFIG\startupreg: lxeemon.exe => 

MSCONFIG\startupreg: mbot_de_83 => "C:\Program Files (x86)\mbot_de_83\mbot_de_83.exe"

MSCONFIG\startupreg: Microsoft Windows Hosting Service => C:\Users\karsten\AppData\Local\Temp\csrss.exe

MSCONFIG\startupreg: MicroUpdate => C:\Users\Nico 2.0\Documents\MSDCSC\msdcsc.exe

MSCONFIG\startupreg: NextLive => C:\Windows\SysWOW64\rundll32.exe "C:\Users\karsten\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l

MSCONFIG\startupreg: OKAYFREEDOM_Agent => "C:\Program Files (x86)\OkayFreedom\OkayFreedomClient.exe" -agent

MSCONFIG\startupreg: Pando Media Booster => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

MSCONFIG\startupreg: PC Remote Server => C:\Program Files (x86)\PC Remote\PC Remote\PCRemote.exe /silent

MSCONFIG\startupreg: pdiface => C:\Program Files\Bitdefender\60-Second Virus Scanner\pdiface.exe -noshow

MSCONFIG\startupreg: PWRISOVM.EXE => 

MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

MSCONFIG\startupreg: Razer Synapse => "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"

MSCONFIG\startupreg: Remote Control Server => C:\Program Files (x86)\Remote Control Server\Remote Control Server.exe

MSCONFIG\startupreg: RocketDock => "C:\Program Files (x86)\RocketDock\RocketDock.exe"

MSCONFIG\startupreg: RTHDVCPL => "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s

MSCONFIG\startupreg: rundll32 => C:\Users\karsten\AppData\Local\Temp\MSDCSC\msdcsc.exe

MSCONFIG\startupreg: SandboxieControl => "C:\Program Files\Sandboxie\SbieCtrl.exe"

MSCONFIG\startupreg: SearchSettings => "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"

MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

MSCONFIG\startupreg: Spotify => "C:\Users\karsten\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart

MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\karsten\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent

MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

MSCONFIG\startupreg: SunsetScreen => C:\Users\Administrator\Desktop\SunsetScreen\SunsetScreen.exe /hidewindow

MSCONFIG\startupreg: swg => 

MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

MSCONFIG\startupreg: Tiny download manager => "C:\Users\karsten\AppData\Local\DM\TinyDM.exe" /M

MSCONFIG\startupreg: uTorrent => "C:\Users\Administrator\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED

MSCONFIG\startupreg: UX Launcher => C:\Program Files (x86)\UX Pack\uxlaunch.exe

MSCONFIG\startupreg: Vidalia => "C:\Program Files (x86)\Vidalia Bridge Bundle\Vidalia\vidalia.exe"

MSCONFIG\startupreg: Virtual Audio Streaming(Sound Card Switch) => "C:\Program Files (x86)\ShiningMorning\VirtualAudioStreaming\VirtualAudioStreaming.exe" /minimized

MSCONFIG\startupreg: VirtualCloneDrive => "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

MSCONFIG\startupreg: vProt => "C:\Program Files (x86)\AVG Secure Search\vprot.exe"

MSCONFIG\startupreg: Windows => C:\Users\Administrator\AppData\Roaming\Winlogon.exe

MSCONFIG\startupreg: Winlogon => C:\Users\Administrator\AppData\Roaming\winlogon.exe

MSCONFIG\startupreg: winupdater => C:\Users\karsten\Documents\Windupdt\winupdate.exe

MSCONFIG\startupreg: WTFast Tray => "C:\Program Files (x86)\WTFast\WTFast.exe" trayonly

MSCONFIG\startupreg: {517CC397-B22F-4593-8DCB-DE72CC541E9A} => "C:\Users\karsten\Downloads\LeagueofLegends_EUW_Installer_06_12_13.exe" /cmdloc "HKCU\Software\Riot Games  AiTemp\{517CC397-B22F-4593-8DCB-DE72CC541E9A}"
 

==================== Accounts: =============================
 

Administrator (S-1-5-21-2399221302-1085130942-1105205786-500 - Administrator - Enabled) => C:\Users\Administrator

ASPNET (S-1-5-21-2399221302-1085130942-1105205786-1008 - Limited - Enabled)

biBa (S-1-5-21-2399221302-1085130942-1105205786-1011 - Administrator - Enabled) => C:\Users\biBa

braunebauch (S-1-5-21-2399221302-1085130942-1105205786-1012 - Limited - Enabled) => C:\Users\braunebauch

Gast (S-1-5-21-2399221302-1085130942-1105205786-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-2399221302-1085130942-1105205786-1003 - Limited - Enabled)

karsten (S-1-5-21-2399221302-1085130942-1105205786-1001 - Administrator - Enabled) => C:\Users\karsten
 

==================== Faulty Device Manager Devices =============
 

Name: 

Description: 

Class Guid: 

Manufacturer: 

Service: 

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 

Name: MpKslaf5d7170

Description: MpKslaf5d7170

Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Manufacturer: 

Service: MpKslaf5d7170

Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)

Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.

Devices stay in this state if they have been prepared for removal.

After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 

Name: Microsoft-6zu4-Adapter

Description: Microsoft-6zu4-Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: tunnel

Problem: : This device cannot start. (Code10)

Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.

On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 

Name: Microsoft-ISATAP-Adapter

Description: Microsoft-ISATAP-Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: tunnel

Problem: : This device cannot start. (Code10)

Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.

On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 

Name: Microsoft-ISATAP-Adapter #2

Description: Microsoft-ISATAP-Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: tunnel

Problem: : This device cannot start. (Code10)

Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.

On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 

Name: Microsoft-ISATAP-Adapter #3

Description: Microsoft-ISATAP-Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: tunnel

Problem: : This device cannot start. (Code10)

Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.

On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 

Name: VirtualBox Host-Only Ethernet Adapter

Description: VirtualBox Host-Only Ethernet Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Oracle Corporation

Service: VBoxNetAdp

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 

Name: Microsoft-ISATAP-Adapter #4

Description: Microsoft-ISATAP-Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: tunnel

Problem: : This device cannot start. (Code10)

Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.

On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 

Name: Teredo Tunneling Pseudo-Interface

Description: Microsoft-Teredo-Tunneling-Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: tunnel

Problem: : This device cannot start. (Code10)

Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.

On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 

Name: 

Description: 

Class Guid: 

Manufacturer: 

Service: 

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 

Name: Anchorfree HSS VPN Adapter #2

Description: Anchorfree HSS VPN Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Anchorfree HSS VPN Adapter

Service: taphss6

Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)

Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.

Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.
 

Name: Android Composite ADB Interface

Description: Android Composite ADB Interface

Class Guid: {3f966bd9-fa04-4ec5-991c-d326973b5128}

Manufacturer: Google, Inc.

Service: WinUSB

Problem: : This device cannot start. (Code10)

Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.

On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 

==================== Event log errors: =========================
 

Application errors:

==================
 

System errors:

=============

Error: (04/15/2015 11:47:12 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT-AUTORITÄT)

Description: Fehler beim Lesen der Datei für lokale Hosts.
 

Error: (04/15/2015 11:45:12 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT-AUTORITÄT)

Description: Fehler beim Lesen der Datei für lokale Hosts.
 

Error: (04/15/2015 11:43:11 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT-AUTORITÄT)

Description: Fehler beim Lesen der Datei für lokale Hosts.
 

Error: (04/15/2015 11:41:06 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT-AUTORITÄT)

Description: Fehler beim Lesen der Datei für lokale Hosts.
 

Error: (04/15/2015 11:40:47 AM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: Dienst "Skype Click to Call Updater" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
 

Error: (04/15/2015 11:38:40 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT-AUTORITÄT)

Description: Fehler beim Lesen der Datei für lokale Hosts.
 

Error: (04/15/2015 11:38:23 AM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 

%%-2140993535
 

Error: (04/15/2015 11:38:23 AM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet: 

%%-2140993535
 

Error: (04/15/2015 11:38:22 AM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 

%%-2140993535
 

Error: (04/15/2015 11:38:22 AM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet: 

%%-2140993535
 
 

Microsoft Office Sessions:

=========================
 

==================== Memory info =========================== 
 

Processor: AMD Phenom(tm) 9650 Quad-Core Processor

Percentage of memory in use: 49%

Total physical RAM: 3070.55 MB

Available physical RAM: 1555.21 MB

Total Pagefile: 6139.29 MB

Available Pagefile: 3803.41 MB

Total Virtual: 8192 MB

Available Virtual: 8191.83 MB
 

==================== Drives ================================
 

Drive c: () (Fixed) (Total:305.99 GB) (Free:78.42 GB) NTFS

Drive d: (DATA) (Fixed) (Total:290.09 GB) (Free:83.69 GB) NTFS
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 76FF2B4E)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=306 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=290.1 GB) - (Type=07 NTFS)
 

==================== End Of Log ============================

Es existiert auch 2x eine csrss.exe im Task Manager, was Normalerweise nicht sein sollte.

Dann eine MpCmdRun.exe und auch ein paar weitere .exe Dateien die mir unbekannt sind.

Wenn ich den Dateipfad dieser Dateien öffne, komm ich in ein Ordner.
Wenn ich diese Datei dann löschen möchte kommt: Sie müssen die erforderlichen berichtigungen von TrustedInstaller erhalten, um änderungen an dieser Datei vorzunehmen.

Und TrustedInstaller öffnet sich immer wieder sobald ich es mit dem Task Manager schließe.

Dazu möchte ich noch sagen das TrustedInstaller.exe im Task Manager 100MB weg zieht und eine svchost.exe 740 MB teilweise 900 MB und bei meinen 3GB Ram ist das schon eine Menge. Früher war das nie so ich versteh einfach nicht warum..

http://www.fotos-hochladen.net/uploa...z6j9myw3na.jpg

Code:

ComboFix 15-04-16.01 - Administrator 16.04.2015  15:42:28.1.4 - x64

Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1031.18.3071.1630 [GMT 2:00]

ausgeführt von:: c:\users\Administrator\Downloads\ComboFix.exe

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\CFLog

c:\cflog\EPLog.txt

c:\program files (x86)\lol

c:\program files (x86)\lol\.wLib.dll

c:\program files (x86)\lol\7-zip.dll

c:\program files (x86)\lol\7z.dll

c:\program files (x86)\lol\7z.exe

c:\program files (x86)\lol\allfiles.ini

c:\program files (x86)\lol\backup\rads\projects\lol_game_client\filearchives\0.0.0.188\archive_2.raf\data\menu\textures\hudatlas.tga

c:\program files (x86)\lol\Be.Windows.Forms.HexBox.dll

c:\program files (x86)\lol\ColorSlider.dll

c:\program files (x86)\lol\DevIL.dll

c:\program files (x86)\lol\dxtVersion.ini

c:\program files (x86)\lol\fsb\ext.bat

c:\program files (x86)\lol\fsb\fsbext.exe

c:\program files (x86)\lol\fsb\map.bat

c:\program files (x86)\lol\fsb\reb.bat

c:\program files (x86)\lol\Global Info.dll

c:\program files (x86)\lol\icons\aatrox_square_0.png

c:\program files (x86)\lol\ICSharpCode.SharpZipLib.dll

c:\program files (x86)\lol\ILU.dll

c:\program files (x86)\lol\Ionic.Zip.dll

c:\program files (x86)\lol\LeagueOfLegendsSkinInstallerLeagueCraftIntegration.user.js

c:\program files (x86)\lol\LGGSIU1.bmp

c:\program files (x86)\lol\LGGSIU2.png

c:\program files (x86)\lol\License - 7zip.txt

c:\program files (x86)\lol\License - Be.HexBox.txt

c:\program files (x86)\lol\License - ColorSlider.txt

c:\program files (x86)\lol\License - Devil.txt

c:\program files (x86)\lol\License - Iconic Zip.txt

c:\program files (x86)\lol\License - ICSharpCode.txt

c:\program files (x86)\lol\License - LoLViewer.txt

c:\program files (x86)\lol\License - MessageForm.txt

c:\program files (x86)\lol\License - NantGoogleCode.txt

c:\program files (x86)\lol\License - nvidia texture tools.txt

c:\program files (x86)\lol\License - nvidia.txt

c:\program files (x86)\lol\License - OpenTK.txt

c:\program files (x86)\lol\License - Skin Installer Ultimate.txt

c:\program files (x86)\lol\License - SqLite.txt

c:\program files (x86)\lol\License - Tao.txt

c:\program files (x86)\lol\License - zlib.txt

c:\program files (x86)\lol\LoL Skin Installer.settings

c:\program files (x86)\lol\LolModIcon.ico

c:\program files (x86)\lol\LOLViewer.exe

c:\program files (x86)\lol\MessageForm.dll

c:\program files (x86)\lol\nocompress.txt

c:\program files (x86)\lol\nvddsinfo.exe

c:\program files (x86)\lol\nvdxt.exe

c:\program files (x86)\lol\OpenTK.Compatibility.dll

c:\program files (x86)\lol\OpenTK.dll

c:\program files (x86)\lol\OpenTK.GLControl.dll

c:\program files (x86)\lol\ParticleReferenceForSIU.exe

c:\program files (x86)\lol\RAF_Unpack_v1.00.exe

c:\program files (x86)\lol\RAFLib.dll

c:\program files (x86)\lol\README Credits Info Instructions and License and change log.txt

c:\program files (x86)\lol\RelManLib.dll

c:\program files (x86)\lol\sai.exe

c:\program files (x86)\lol\SIU-Updater.exe

c:\program files (x86)\lol\Skin Installer Ultimate.exe

c:\program files (x86)\lol\Skin Installer Ultimate.exe.config

c:\program files (x86)\lol\skins.db

c:\program files (x86)\lol\skins\4123\rads\projects\lol_game_client\filearchives\0.0.0.188\archive_2.raf\data\menu\textures\hudatlas.tga

c:\program files (x86)\lol\skins\Bunny\rads\projects\lol_game_client\filearchives\0.0.0.188\archive_2.raf\data\menu\textures\hudatlas.tga

c:\program files (x86)\lol\System.Data.SQLite.dll

c:\program files (x86)\lol\Tao.DevIl.dll

c:\program files (x86)\lol\TextEditor.exe

c:\program files (x86)\lol\wLib.dll

c:\program files (x86)\lol\YuixyIcon.ico

c:\program files (x86)\lol\zlib.net.dll

c:\programdata\1429107363.bdinstall.bin

c:\users\karsten\Documents\Windupdt

c:\windows\apppatch\AppLoc.exe

c:\windows\apppatch\AppLocA.exe

c:\windows\apppatch\unins000.dat

c:\windows\apppatch\unins000.exe

c:\windows\msdownld.tmp

c:\windows\security\Database\tmp.edb

c:\windows\SysWow64\MSDCSC

c:\windows\SysWow64\networkdlllsp.dll

.

.

(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_NETHFDRV

-------\Legacy_NPF

-------\Service_Run

.

.

(((((((((((((((((((((((   Dateien erstellt von 2015-03-16 bis 2015-04-16  ))))))))))))))))))))))))))))))

.

.

2015-04-16 13:58 . 2015-04-16 13:58        --------        d-----w-        c:\users\Nico 2.0\AppData\Local\temp

2015-04-16 13:58 . 2015-04-16 13:58        --------        d-----w-        c:\users\karsten\AppData\Local\temp

2015-04-16 13:58 . 2015-04-16 13:58        --------        d-----w-        c:\users\Default\AppData\Local\temp

2015-04-16 13:58 . 2015-04-16 13:58        --------        d-----w-        c:\users\braunebauch\AppData\Local\temp

2015-04-16 13:58 . 2015-04-16 13:58        --------        d-----w-        c:\users\biBa\AppData\Local\temp

2015-04-15 20:43 . 2015-04-15 20:43        --------        d-----w-        c:\users\biBa\ROCCAT

2015-04-15 14:07 . 2015-04-15 14:07        84848        ----a-w-        c:\windows\system32\bdsandboxuiskin.dll

2015-04-15 13:35 . 2015-04-15 13:35        --------        d-----w-        c:\programdata\BDLogging

2015-04-15 13:27 . 2015-04-15 14:21        --------        d-----w-        c:\program files\Common Files\Bitdefender

2015-04-15 13:08 . 2015-04-15 13:08        --------        d-----w-        c:\programdata\Kaspersky Lab Setup Files

2015-04-15 12:49 . 2015-04-15 14:24        --------        d-----w-        c:\program files\Bitdefender

2015-04-15 12:49 . 2015-04-15 12:49        --------        d-----w-        c:\users\Administrator\AppData\Roaming\QuickScan

2015-04-15 12:29 . 2015-04-15 12:29        --------        d-----w-        c:\program files (x86)\MoonTools

2015-04-15 09:45 . 2015-04-15 09:47        --------        d-----w-        C:\FRST

2015-04-15 09:22 . 2015-04-15 09:22        --------        d-----w-        C:\RegBackup

2015-04-14 13:41 . 2015-04-14 13:41        --------        d-----w-        c:\users\Administrator\AppData\Roaming\Screaming Bee

2015-04-14 13:34 . 2015-04-14 13:34        --------        d-----w-        c:\program files (x86)\Screaming Bee LLC

2015-04-14 12:42 . 2015-04-14 12:42        --------        d-----w-        c:\users\Administrator\AppData\Roaming\Remote Control Server

2015-04-14 05:59 . 2015-03-14 10:02        12002392        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{A9A36CD5-796E-43A8-9520-86EBB8E48A5C}\mpengine.dll

2015-04-10 16:06 . 2015-04-12 08:57        --------        d-----w-        c:\programdata\{dab5c1c1-de22-4a32-dab5-5c1c1de20707}

2015-04-06 15:43 . 2015-04-06 15:43        --------        d-----w-        c:\users\Administrator\Tracing

2015-04-04 23:44 . 2015-04-04 23:44        --------        d-s---w-        c:\windows\SysWow64\GWX

2015-04-04 23:44 . 2015-04-04 23:44        --------        d-s---w-        c:\windows\system32\GWX

2015-04-04 13:53 . 2015-04-04 13:53        --------        d-----w-        c:\program files\Easy 7-Zip

2015-04-04 13:31 . 2015-04-04 13:41        44492800        ----a-w-        c:\program files (x86)\GUT50C2.tmp

2015-04-04 13:31 . 2015-04-04 13:31        --------        d-----w-        c:\program files (x86)\GUM50A2.tmp

2015-04-04 13:22 . 2015-04-12 09:03        --------        d-----w-        c:\program files (x86)\Opera

2015-04-03 18:56 . 2015-04-03 18:57        --------        d-----w-        c:\program files (x86)\TeamViewer

2015-04-03 10:07 . 2015-04-03 10:07        --------        d-----w-        c:\users\braunebauch\AppData\Local\Mozilla

2015-03-31 22:47 . 2015-03-31 22:47        --------        d-----w-        c:\users\Administrator\AppData\Local\Aviator

2015-03-31 22:47 . 2015-04-04 13:46        --------        d-----w-        c:\program files (x86)\Whitehat

2015-03-31 22:43 . 2015-03-31 22:43        --------        d-----w-        c:\program files\Waterfox

2015-03-31 20:15 . 2015-03-31 20:16        --------        d-----w-        c:\program files (x86)\Hi-Rez Studios

2015-03-29 14:00 . 2015-03-29 16:09        --------        d-----w-        c:\program files (x86)\R.G. Games

2015-03-27 23:54 . 2015-03-28 00:10        --------        d-----w-        c:\program files (x86)\Hazard Ops

2015-03-27 23:40 . 2015-03-27 23:52        --------        d-----w-        C:\Hazard Ops

2015-03-27 15:53 . 2015-03-27 15:55        --------        d-----w-        c:\programdata\DivX

2015-03-26 21:12 . 2015-03-26 21:14        --------        d-----w-        c:\programdata\Package Cache

2015-03-25 16:17 . 2015-03-11 04:06        677888        ----a-w-        c:\windows\system32\generaltel.dll

2015-03-25 16:17 . 2015-03-11 04:06        760832        ----a-w-        c:\windows\system32\invagent.dll

2015-03-25 16:17 . 2015-03-11 04:06        414720        ----a-w-        c:\windows\system32\devinv.dll

2015-03-25 16:17 . 2015-03-11 04:06        943616        ----a-w-        c:\windows\system32\appraiser.dll

2015-03-25 16:17 . 2015-03-11 04:05        30720        ----a-w-        c:\windows\system32\acmigration.dll

2015-03-25 16:17 . 2015-03-11 04:05        227328        ----a-w-        c:\windows\system32\aepdu.dll

2015-03-25 16:17 . 2015-03-11 04:05        192000        ----a-w-        c:\windows\system32\aepic.dll

2015-03-25 16:17 . 2015-03-11 04:02        1107456        ----a-w-        c:\windows\system32\aeinv.dll

2015-03-23 14:59 . 2015-03-23 15:29        6103040        ----a-w-        c:\program files (x86)\GUT7F40.tmp

2015-03-23 14:59 . 2015-03-23 14:59        --------        d-----w-        c:\program files (x86)\GUM7F3F.tmp

2015-03-21 16:29 . 2015-03-21 20:32        --------        d-----w-        c:\users\Administrator\AppData\Roaming\DMCache

2015-03-21 16:29 . 2015-03-21 19:07        --------        d-----w-        c:\users\Administrator\AppData\Roaming\IDM

2015-03-21 16:29 . 2015-03-21 16:29        --------        d-----w-        c:\programdata\IDM

2015-03-21 16:29 . 2015-03-22 09:45        --------        d-----w-        c:\program files (x86)\Internet Download Manager

2015-03-20 16:14 . 2015-03-20 16:14        --------        d-----w-        c:\users\Administrator\AppData\Roaming\Telegram Desktop

2015-03-19 03:08 . 2015-03-19 02:27        191960        ----a-w-        c:\windows\system32\drivers\idmwfp.sys

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2015-04-15 14:07 . 2013-12-09 21:46        74000        ----a-w-        c:\windows\system32\bdsandboxuiskin32.dll

2015-04-15 14:07 . 2013-12-09 21:46        33360        ----a-w-        c:\windows\system32\bdsandboxuh.dll

2015-04-15 10:52 . 2015-03-07 10:53        136408        ----a-w-        c:\windows\system32\drivers\MBAMSwissArmy.sys

2015-04-15 10:51 . 2015-03-07 10:52        107736        ----a-w-        c:\windows\system32\drivers\mbamchameleon.sys

2015-04-04 13:31 . 2013-07-13 01:14        778928        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe

2015-04-04 13:31 . 2011-08-07 01:35        142512        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2015-03-28 20:01 . 2014-07-27 14:38        280904        ----a-w-        c:\windows\SysWow64\PnkBstrB.exe

2015-03-28 20:01 . 2013-07-29 06:52        280904        ----a-w-        c:\windows\SysWow64\PnkBstrB.xtr

2015-03-28 19:59 . 2014-07-27 14:38        280904        ----a-w-        c:\windows\SysWow64\PnkBstrB.ex0

2015-03-28 19:14 . 2013-08-13 12:04        75136        ----a-w-        c:\windows\SysWow64\PnkBstrA.exe

2015-03-20 19:35 . 2014-06-02 12:17        111016        ----a-w-        c:\windows\system32\WindowsAccessBridge-64.dll

2015-03-20 19:34 . 2014-06-02 12:13        98216        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll

2015-03-17 05:15 . 2015-03-07 10:52        63704        ----a-w-        c:\windows\system32\drivers\mwac.sys

2015-03-17 05:15 . 2015-03-07 10:52        25816        ----a-w-        c:\windows\system32\drivers\mbam.sys

2015-03-11 20:58 . 2009-10-22 15:36        122905848        ----a-w-        c:\windows\system32\MRT.exe

2015-03-06 05:56 . 2015-03-11 11:17        95680        ----a-w-        c:\windows\system32\drivers\ksecdd.sys

2015-03-06 05:56 . 2015-03-11 11:17        155576        ----a-w-        c:\windows\system32\drivers\ksecpkg.sys

2015-03-06 05:42 . 2015-03-11 11:17        210944        ----a-w-        c:\windows\system32\wdigest.dll

2015-03-06 05:42 . 2015-03-11 11:17        86528        ----a-w-        c:\windows\system32\TSpkg.dll

2015-03-06 05:42 . 2015-03-11 11:17        136192        ----a-w-        c:\windows\system32\sspicli.dll

2015-03-06 05:42 . 2015-03-11 11:17        29184        ----a-w-        c:\windows\system32\sspisrv.dll

2015-03-06 05:42 . 2015-03-11 11:17        341504        ----a-w-        c:\windows\system32\schannel.dll

2015-03-06 05:42 . 2015-03-11 11:17        28160        ----a-w-        c:\windows\system32\secur32.dll

2015-03-06 05:42 . 2015-03-11 11:17        314880        ----a-w-        c:\windows\system32\msv1_0.dll

2015-03-06 05:42 . 2015-03-11 11:17        309760        ----a-w-        c:\windows\system32\ncrypt.dll

2015-03-06 05:42 . 2015-03-11 11:17        728064        ----a-w-        c:\windows\system32\kerberos.dll

2015-03-06 05:42 . 2015-03-11 11:17        1461760        ----a-w-        c:\windows\system32\lsasrv.dll

2015-03-06 05:42 . 2015-03-11 11:17        22016        ----a-w-        c:\windows\system32\credssp.dll

2015-03-06 05:41 . 2015-03-11 11:17        31232        ----a-w-        c:\windows\system32\lsass.exe

2015-03-06 05:41 . 2015-03-11 11:17        64000        ----a-w-        c:\windows\system32\auditpol.exe

2015-03-06 05:39 . 2015-03-11 11:17        60416        ----a-w-        c:\windows\system32\msobjs.dll

2015-03-06 05:38 . 2015-03-11 11:17        146432        ----a-w-        c:\windows\system32\msaudite.dll

2015-03-06 05:36 . 2015-03-11 11:17        686080        ----a-w-        c:\windows\system32\adtschema.dll

2015-03-06 05:10 . 2015-03-11 11:17        172032        ----a-w-        c:\windows\SysWow64\wdigest.dll

2015-03-06 05:10 . 2015-03-11 11:17        65536        ----a-w-        c:\windows\SysWow64\TSpkg.dll

2015-03-06 05:10 . 2015-03-11 11:17        248832        ----a-w-        c:\windows\SysWow64\schannel.dll

2015-03-06 05:10 . 2015-03-11 11:17        22016        ----a-w-        c:\windows\SysWow64\secur32.dll

2015-03-06 05:10 . 2015-03-11 11:17        259584        ----a-w-        c:\windows\SysWow64\msv1_0.dll

2015-03-06 05:10 . 2015-03-11 11:17        221184        ----a-w-        c:\windows\SysWow64\ncrypt.dll

2015-03-06 05:10 . 2015-03-11 11:17        550912        ----a-w-        c:\windows\SysWow64\kerberos.dll

2015-03-06 05:10 . 2015-03-11 11:17        17408        ----a-w-        c:\windows\SysWow64\credssp.dll

2015-03-06 05:09 . 2015-03-11 11:17        50176        ----a-w-        c:\windows\SysWow64\auditpol.exe

2015-03-06 05:09 . 2015-03-11 11:17        96768        ----a-w-        c:\windows\SysWow64\sspicli.dll

2015-03-06 05:07 . 2015-03-11 11:17        60416        ----a-w-        c:\windows\SysWow64\msobjs.dll

2015-03-06 05:07 . 2015-03-11 11:17        146432        ----a-w-        c:\windows\SysWow64\msaudite.dll

2015-03-06 05:06 . 2015-03-11 11:17        686080        ----a-w-        c:\windows\SysWow64\adtschema.dll

2015-02-26 03:25 . 2015-03-11 11:17        3204096        ----a-w-        c:\windows\system32\win32k.sys

2015-02-24 03:17 . 2009-10-22 15:56        295552        ------w-        c:\windows\system32\MpSigStub.exe

2015-02-24 03:15 . 2015-03-11 11:16        389800        ----a-w-        c:\windows\system32\iedkcs32.dll

2015-02-21 01:16 . 2015-03-11 11:16        25021440        ----a-w-        c:\windows\system32\mshtml.dll

2015-02-20 23:58 . 2015-03-11 11:16        92160        ----a-w-        c:\windows\system32\mshtmled.dll

2015-02-20 04:41 . 2015-03-11 11:18        41984        ----a-w-        c:\windows\system32\lpk.dll

2015-02-20 04:40 . 2015-03-11 11:18        100864        ----a-w-        c:\windows\system32\fontsub.dll

2015-02-20 04:40 . 2015-03-11 11:18        14336        ----a-w-        c:\windows\system32\dciman32.dll

2015-02-20 04:40 . 2015-03-11 11:18        46080        ----a-w-        c:\windows\system32\atmlib.dll

2015-02-20 04:13 . 2015-03-11 11:18        70656        ----a-w-        c:\windows\SysWow64\fontsub.dll

2015-02-20 04:13 . 2015-03-11 11:18        10240        ----a-w-        c:\windows\SysWow64\dciman32.dll

2015-02-20 04:13 . 2015-03-11 11:18        34304        ----a-w-        c:\windows\SysWow64\atmlib.dll

2015-02-20 04:12 . 2015-03-11 11:18        25600        ----a-w-        c:\windows\SysWow64\lpk.dll

2015-02-20 03:29 . 2015-03-11 11:18        372224        ----a-w-        c:\windows\system32\atmfd.dll

2015-02-20 03:09 . 2015-03-11 11:18        299008        ----a-w-        c:\windows\SysWow64\atmfd.dll

2015-02-20 03:06 . 2015-03-11 11:17        2724864        ----a-w-        c:\windows\system32\mshtml.tlb

2015-02-20 03:05 . 2015-03-11 11:16        4096        ----a-w-        c:\windows\system32\ieetwcollectorres.dll

2015-02-20 02:50 . 2015-03-11 11:16        66560        ----a-w-        c:\windows\system32\iesetup.dll

2015-02-20 02:49 . 2015-03-11 11:17        48640        ----a-w-        c:\windows\system32\ieetwproxystub.dll

2015-02-20 02:49 . 2015-03-11 11:16        584192        ----a-w-        c:\windows\system32\vbscript.dll

2015-02-20 02:48 . 2015-03-11 11:16        2886144        ----a-w-        c:\windows\system32\iertutil.dll

2015-02-20 02:47 . 2015-03-11 11:16        88064        ----a-w-        c:\windows\system32\MshtmlDac.dll

2015-02-20 02:41 . 2015-03-11 11:16        54784        ----a-w-        c:\windows\system32\jsproxy.dll

2015-02-20 02:40 . 2015-03-11 11:17        34304        ----a-w-        c:\windows\system32\iernonce.dll

2015-02-20 02:36 . 2015-03-11 11:16        633856        ----a-w-        c:\windows\system32\ieui.dll

2015-02-20 02:35 . 2015-03-11 11:16        144384        ----a-w-        c:\windows\system32\ieUnatt.exe

2015-02-20 02:35 . 2015-03-11 11:17        114688        ----a-w-        c:\windows\system32\ieetwcollector.exe

2015-02-20 02:34 . 2015-03-11 11:16        814080        ----a-w-        c:\windows\system32\jscript9diag.dll

2015-02-20 02:32 . 2015-03-11 11:16        6035456        ----a-w-        c:\windows\system32\jscript9.dll

2015-02-20 02:26 . 2015-03-11 11:16        968704        ----a-w-        c:\windows\system32\MsSpellCheckingFacility.exe

2015-02-20 02:22 . 2015-03-11 11:17        2724864        ----a-w-        c:\windows\SysWow64\mshtml.tlb

2015-02-20 02:22 . 2015-03-11 11:16        490496        ----a-w-        c:\windows\system32\dxtmsft.dll

2015-02-20 02:13 . 2015-03-11 11:17        77824        ----a-w-        c:\windows\system32\JavaScriptCollectionAgent.dll

2015-02-20 02:09 . 2015-03-11 11:16        503296        ----a-w-        c:\windows\SysWow64\vbscript.dll

2015-02-20 02:08 . 2015-03-11 11:16        62464        ----a-w-        c:\windows\SysWow64\iesetup.dll

2015-02-20 02:08 . 2015-03-11 11:16        199680        ----a-w-        c:\windows\system32\msrating.dll

2015-02-20 02:08 . 2015-03-11 11:17        47616        ----a-w-        c:\windows\SysWow64\ieetwproxystub.dll

2015-02-20 02:06 . 2015-03-11 11:17        64000        ----a-w-        c:\windows\SysWow64\MshtmlDac.dll

2015-02-20 02:05 . 2015-03-11 11:16        316928        ----a-w-        c:\windows\system32\dxtrans.dll

2015-02-20 01:56 . 2015-03-11 11:16        115712        ----a-w-        c:\windows\SysWow64\ieUnatt.exe

2015-02-20 01:56 . 2015-03-11 11:16        620032        ----a-w-        c:\windows\SysWow64\jscript9diag.dll

2015-02-20 01:49 . 2015-03-11 11:17        718848        ----a-w-        c:\windows\system32\ie4uinit.exe

2015-02-20 01:49 . 2015-03-11 11:16        801280        ----a-w-        c:\windows\system32\msfeeds.dll

2015-02-20 01:47 . 2015-03-11 11:16        1359360        ----a-w-        c:\windows\system32\mshtmlmedia.dll

2015-02-20 01:46 . 2015-03-11 11:16        2125824        ----a-w-        c:\windows\system32\inetcpl.cpl

2015-02-20 01:43 . 2015-03-11 11:16        14398976        ----a-w-        c:\windows\system32\ieframe.dll

2015-02-20 01:41 . 2015-03-11 11:17        60416        ----a-w-        c:\windows\SysWow64\JavaScriptCollectionAgent.dll

2015-02-20 01:30 . 2015-03-11 11:16        4300288        ----a-w-        c:\windows\SysWow64\jscript9.dll

2015-02-20 01:28 . 2015-03-11 11:16        2358784        ----a-w-        c:\windows\system32\wininet.dll

2015-02-20 01:24 . 2015-03-11 11:16        2052608        ----a-w-        c:\windows\SysWow64\inetcpl.cpl

2015-02-20 01:23 . 2015-03-11 11:16        1155072        ----a-w-        c:\windows\SysWow64\mshtmlmedia.dll

2015-02-20 01:16 . 2015-03-11 11:16        1548288        ----a-w-        c:\windows\system32\urlmon.dll

2015-02-20 01:03 . 2015-03-11 11:16        800768        ----a-w-        c:\windows\system32\ieapfltr.dll

2015-02-20 01:01 . 2015-03-11 11:16        1888256        ----a-w-        c:\windows\SysWow64\wininet.dll

2009-12-06 17:18        26624        --sh--w-        c:\windows\bfcs2.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"puush"="c:\program files (x86)\puush\puush.exe" [2015-03-30 568904]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2015-03-25 31682144]

"Arvo"="c:\program files (x86)\ROCCAT\Arvo Keyboard\ArvoHID.EXE" [2010-04-01 582144]

"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2012-11-16 393216]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]

"Malwarebytes Anti-Exploit"="c:\program files (x86)\Malwarebytes Anti-Exploit\mbae.exe" [2014-12-10 2561848]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-04-29 642304]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute        REG_MULTI_SZ           autocheck autochk *\0??í??????????????1

.

R1 alnbpfpe;alnbpfpe; [x]

R1 MpKslaf5d7170;MpKslaf5d7170; [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 LiveTuner2PM;Ashampoo LiveTuner 2 Driver;c:\program files (x86)\Ashampoo\Ashampoo WinOptimizer 11\LiveTuner64.sys;c:\program files (x86)\Ashampoo\Ashampoo WinOptimizer 11\LiveTuner64.sys [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R3 camfilt2;camfilt2;c:\windows\system32\DRIVERS\camfilt2.sys;c:\windows\SYSNATIVE\DRIVERS\camfilt2.sys [x]

R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;d:\programme (x86)\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe;d:\programme (x86)\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [x]

R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]

R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [x]

R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]

R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]

R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]

R3 OM0530;Hercules Deluxe Webcam;c:\windows\system32\Drivers\ov530vx.sys;c:\windows\SYSNATIVE\Drivers\ov530vx.sys [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]

R3 RZMAELSTROMVADService;Razer Surround Audio Enhancer Service;c:\windows\system32\drivers\RzMaelstromVAD.sys;c:\windows\SYSNATIVE\drivers\RzMaelstromVAD.sys [x]

R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys;c:\windows\SYSNATIVE\drivers\ScreamingBAudio64.sys [x]

R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]

R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]

R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]

R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\DRIVERS\vcsvad.sys;c:\windows\SYSNATIVE\DRIVERS\vcsvad.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]

R3 X6va017;X6va017;c:\windows\SysWOW64\Drivers\X6va017;c:\windows\SysWOW64\Drivers\X6va017 [x]

R3 X6va019;X6va019;c:\windows\SysWOW64\Drivers\X6va019;c:\windows\SysWOW64\Drivers\X6va019 [x]

R3 X6va021;X6va021;c:\windows\SysWOW64\Drivers\X6va021;c:\windows\SysWOW64\Drivers\X6va021 [x]

R3 X6va022;X6va022;c:\windows\SysWOW64\Drivers\X6va022;c:\windows\SysWOW64\Drivers\X6va022 [x]

R3 X6va029;X6va029;c:\windows\SysWOW64\Drivers\X6va029;c:\windows\SysWOW64\Drivers\X6va029 [x]

R3 xhunter1;xhunter1;c:\windows\xhunter1.sys;c:\windows\xhunter1.sys [x]

R4 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]

R4 BAVS;BAVSdienst.exe;cmd.exe /k c:\windows\SysWOW64\BAVS\BAVSdienst.exe;cmd.exe /k c:\windows\SysWOW64\BAVS\BAVSdienst.exe [x]

R4 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe;c:\program files (x86)\Common Files\Desura\desura_service.exe [x]

R4 EasyAntiCheat;EasyAntiCheat;c:\windows\system32\EasyAntiCheat.exe;c:\windows\SYSNATIVE\EasyAntiCheat.exe [x]

R4 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]

R4 HideIPLaucherService;HideIPLaucherService;c:\program files (x86)\Hide ALL IP\LauncherService.exe;c:\program files (x86)\Hide ALL IP\LauncherService.exe [x]

R4 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [x]

R4 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]

R4 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]

R4 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]

R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]

R4 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x]

R4 UnsignedThemes;Unsigned Themes;c:\windows\UnsignedThemesSvc.exe;c:\windows\UnsignedThemesSvc.exe [x]

R4 WO_LiveService2;Ashampoo LiveTuner 2 Service;c:\program files (x86)\Ashampoo\Ashampoo WinOptimizer 11\LiveTunerService.exe;c:\program files (x86)\Ashampoo\Ashampoo WinOptimizer 11\LiveTunerService.exe [x]

S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys;c:\windows\SYSNATIVE\Drivers\SmartDefragDriver.sys [x]

S1 ESProtectionDriver;Malwarebytes Anti-Exploit;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae64.sys;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [x]

S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]

S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]

S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]

S2 cmcore;Clean Master Core Service;c:\program files (x86)\cmcm\Clean Master\cmcore.exe;c:\program files (x86)\cmcm\Clean Master\cmcore.exe [x]

S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x]

S2 MbaeSvc;Malwarebytes Anti-Exploit Service;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [x]

S2 uxpatch;uxpatch;c:\windows\system32\drivers\uxpatch.sys;c:\windows\SYSNATIVE\drivers\uxpatch.sys [x]

S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]

S3 ArvoFltr;ROCCAT Arvo;c:\windows\system32\drivers\ArvoFltr.sys;c:\windows\SYSNATIVE\drivers\ArvoFltr.sys [x]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]

S3 ksapi64;ksapi64;c:\windows\system32\drivers\ksapi64.sys;c:\windows\SYSNATIVE\drivers\ksapi64.sys [x]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]

S3 tapSF0901;Spotflux Virtual Network Device Driver;c:\windows\system32\DRIVERS\tapSF0901.sys;c:\windows\SYSNATIVE\DRIVERS\tapSF0901.sys [x]

S3 VASDeviceDrm;Virtual Audio Streaming with Drm (WDM);c:\windows\system32\drivers\vasdDev.sys;c:\windows\SYSNATIVE\drivers\vasdDev.sys [x]

S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]

.

.

--- Andere Dienste/Treiber im Speicher ---

.

*NewlyCreated* - WS2IFSL

.

Inhalt des "geplante Tasks" Ordners

.

2015-04-16 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-13 13:31]

.

2015-02-23 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2399221302-1085130942-1105205786-1001Core.job

- c:\users\karsten\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-05-27 14:35]

.

2015-02-23 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2399221302-1085130942-1105205786-1001UA.job

- c:\users\karsten\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-05-27 14:35]

.

2015-02-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-07 02:32]

.

2015-02-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-07 02:32]

.

2015-04-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2399221302-1085130942-1105205786-500Core.job

- c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2015-03-23 14:57]

.

2015-04-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2399221302-1085130942-1105205786-500UA.job

- c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2015-03-23 14:57]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"combofix"="c:\combofix\CF24282.3XE" [2010-11-20 345088]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x1

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

mSearch Bar = hxxp://www.google.com

IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm

IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm

IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.178.1

DPF: {4FF78044-96B4-4312-A5B7-FDA3CB328095} - 

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

Toolbar-10 - (no file)

ShellIconOverlayIdentifiers-{056D528D-CE28-4194-9BA3-BA2E9197FF8C} - (no file)

ShellIconOverlayIdentifiers-{05B38830-F4E9-4329-978B-1DD28605D202} - (no file)

ShellIconOverlayIdentifiers-{0596C850-7BDD-4C9D-AFDF-873BE6890637} - (no file)

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

Toolbar-10 - (no file)

ShellIconOverlayIdentifiers-{056D528D-CE28-4194-9BA3-BA2E9197FF8C} - (no file)

ShellIconOverlayIdentifiers-{05B38830-F4E9-4329-978B-1DD28605D202} - (no file)

ShellIconOverlayIdentifiers-{0596C850-7BDD-4C9D-AFDF-873BE6890637} - (no file)

HKLM-Run-InstallerLauncher - c:\program files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe

AddRemove-CINEMA 4D R14 - c:\program files\MAXON\CINEMA 4D R14\Uninstall.exe

AddRemove-PROPLUS - c:\program files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe

AddRemove-{4209F371-8D72-8119-66FA-897D2D41E27F}_is1 - c:\program files (x86)\Ashampoo\Ashampoo WinOptimizer 11\unins000.exe

AddRemove-{9143B17E-BBDE-4EA7-A4E3-20D384D9C8A5}_is1 - c:\windows\AppPatch\unins000.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va017]

"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va017"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va019]

"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va019"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va021]

"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va021"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va022]

"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va022"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va029]

"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va029"

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e8,dd,f5,41,78,e6,61,4d,ab,02,a3,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e8,dd,f5,41,78,e6,61,4d,ab,02,a3,\

.

[HKEY_USERS\S-1-5-21-2399221302-1085130942-1105205786-500\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (Administrator)

.

[HKEY_USERS\S-1-5-21-2399221302-1085130942-1105205786-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c8,b5,3d,cb,a0,e7,2c,4a,85,7e,76,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c8,b5,3d,cb,a0,e7,2c,4a,85,7e,76,\

.

[HKEY_USERS\S-1-5-21-2399221302-1085130942-1105205786-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.config\UserChoice]

@Denied: (2) (Administrator)

"Progid"="Applications\\notepad.exe"

.

[HKEY_USERS\S-1-5-21-2399221302-1085130942-1105205786-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crx\UserChoice]

@Denied: (2) (Administrator)

"Progid"="OperaStable"

.

[HKEY_USERS\S-1-5-21-2399221302-1085130942-1105205786-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ggm\UserChoice]

@Denied: (2) (Administrator)

"Progid"="Applications\\7zFM.exe"

.

[HKEY_USERS\S-1-5-21-2399221302-1085130942-1105205786-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]

@Denied: (2) (Administrator)

"Progid"="OperaStable"

.

[HKEY_USERS\S-1-5-21-2399221302-1085130942-1105205786-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]

@Denied: (2) (Administrator)

"Progid"="OperaStable"

.

[HKEY_USERS\S-1-5-21-2399221302-1085130942-1105205786-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jar\UserChoice]

@Denied: (2) (Administrator)

"Progid"="jarfile"

.

[HKEY_USERS\S-1-5-21-2399221302-1085130942-1105205786-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nex\UserChoice]

@Denied: (2) (Administrator)

"Progid"="OperaStable"

.

[HKEY_USERS\S-1-5-21-2399221302-1085130942-1105205786-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WindowsLive.PhotoGallery.png.16.4"

.

[HKEY_USERS\S-1-5-21-2399221302-1085130942-1105205786-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]

@Denied: (2) (Administrator)

"Progid"="Photoshop.Image.15"

.

[HKEY_USERS\S-1-5-21-2399221302-1085130942-1105205786-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]

@Denied: (2) (Administrator)

"Progid"="OperaStable"

.

[HKEY_USERS\S-1-5-21-2399221302-1085130942-1105205786-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.swf\UserChoice]

@Denied: (2) (Administrator)

"Progid"="Applications\\IExplore.exe"

.

[HKEY_USERS\S-1-5-21-2399221302-1085130942-1105205786-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]

@Denied: (2) (Administrator)

"Progid"="OperaStable"

.

[HKEY_USERS\S-1-5-21-2399221302-1085130942-1105205786-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]

@Denied: (2) (Administrator)

"Progid"="OperaStable"

.

[HKEY_USERS\S-1-5-21-2399221302-1085130942-1105205786-500\Software\SecuROM\License information*]

"datasecu"=hex:f7,59,20,dd,47,ef,0d,28,50,d6,a9,b6,c0,27,3c,25,11,4f,a8,aa,8d,

   a1,84,74,31,19,a9,16,98,be,d4,64,62,50,b9,80,4d,89,99,01,ab,45,d2,f3,a2,49,\

"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98

.

[HKEY_LOCAL_MACHINE\software\BlueStacks]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

   00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_182_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_182_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_182_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_182_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_182.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.13"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_182.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_182.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_182.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\windows\SysWOW64\PnkBstrA.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2015-04-16  16:12:10 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2015-04-16 14:12

.

Vor Suchlauf: 28 Verzeichnis(se), 88.909.987.840 Bytes frei

Nach Suchlauf: 32 Verzeichnis(se), 89.099.259.904 Bytes frei

.

- - End Of File - - F4159CAB1D569BE701886D0497554029

A36C5E4F47E84449FF07ED3517B43A31