Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Probleme mit SaleItCoupon usw. (https://www.trojaner-board.de/168321-probleme-saleitcoupon-usw.html)

marvin1105 29.06.2015 17:46
Probleme mit SaleItCoupon usw.
 
Hallo liebe Community,

Ich habe ein Problem, seit kurzem öffnen sich in meinem Browser unheimlich viel Werbung, ich werde unerwünscht weitergeleitet usw. Außerdem bewirken diese Trojaner definitiv ein langsameres Handeln meines Pc und es schließen sich auch einfach meine Programme.
Bei der Werbung steht immer "SaleItCoupon". Nun bitte ich Euch mir zu helfen dieses Problem zu beheben.

Grüße und danke im Vorraus

M-K-D-B 29.06.2015 18:06
:hallo:


Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.


Bitte beachte folgende Hinweise:
  • Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
  • Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
  • Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo. Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
  • Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
  • Bitte beachten: Download bei filepony.de: So ladet Ihr unsere Tools richtig!
  • Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!


Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:
So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke aauf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

Danke für deine Mitarbeit!




Zur ersten Analyse bitte FRST und TDSS-Killer ausführen:


Schritt 1
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)






Schritt 2
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.







Bitte poste mit deiner nächsten Antwort
  • die Logdatei von TDSS-Killer,
  • die beiden neuen Logdateien von FRST.

marvin1105 29.06.2015 18:39
Logs
 
Danke für die schnelle Antwort

FRST

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:28-06-2015 01
Ran by Marvin (administrator) on MARVIN-PC on 29-06-2015 19:28:16
Running from C:\Users\Marvin\Downloads
Loaded Profiles: Marvin (Available Profiles: Marvin & Gast)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11895400 2011-06-25] (Realtek Semiconductor)
HKU\S-1-5-21-2545573064-1671415295-1629012448-1000\...\Run: [Spotify Web Helper] => C:\Users\Marvin\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2021944 2015-05-29] (Spotify Ltd)
HKU\S-1-5-21-2545573064-1671415295-1629012448-1000\...\MountPoints2: {1013e0d4-2e68-11e1-9e83-e81132d93976} - G:\StartUp.exe
HKU\S-1-5-21-2545573064-1671415295-1629012448-1000\...\MountPoints2: {5c8679ea-a52f-11e3-8f82-e81132d93976} - F:\SETUP.EXE
HKU\S-1-5-21-2545573064-1671415295-1629012448-1000\...\MountPoints2: {78c78f8e-2f32-11e1-928f-e81132d93976} - F:\SETUP.EXE
HKU\S-1-5-21-2545573064-1671415295-1629012448-1000\...\MountPoints2: {e3cbb629-554c-11e4-8d5e-e81132d93976} - G:\setup_vmb_lite.exe /checkApplicationPresence
IFEO\AcroRd32.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO\dtlite.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO\excel.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO\groove.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO\hamachi-2-ui.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO\infopath.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO\manager1.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO\misc.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO\msaccess.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO\msoxmled.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO\mspub.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO\mstore.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO\ois.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO\onenote.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO\outlook.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO\powerpnt.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO\skype.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO\sptdinst-x64.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO\switchboard.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO\uninstall.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO\Winword.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-2545573064-1671415295-1629012448-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKU\S-1-5-21-2545573064-1671415295-1629012448-1000\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://go.microsoft.com/fwlink/?LinkID=226786&Mkt=de-DE&Src=MSE&Tid=000328B0&OHP=http%3A%2F%2Fwww.google.com&OSP=http%3A%2F%2Fwww.bing.com%2Fsearch%3Fq%3D%7BsearchTerms%7D%26src%3DIE%2DSearchBox%26FORM%3DIE8SRC
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2012-01-25] (SEIKO EPSON CORPORATION)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2013-02-28] (SEIKO EPSON CORPORATION)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-08-14] (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-08-14] (Oracle Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2012-01-25] (SEIKO EPSON CORPORATION)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2013-02-28] (SEIKO EPSON CORPORATION)
Toolbar: HKU\S-1-5-21-2545573064-1671415295-1629012448-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{2A94E516-2DE9-4155-BD74-533A45A480A3}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{917C8FB1-DBBD-4071-BBA1-49971A587E96}: [DhcpNameServer] 139.7.30.126 139.7.30.125

FireFox:
========
FF ProfilePath: C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\gsf1j48l.default
FF NetworkProxy: "ftp", "77.248.92.156"
FF NetworkProxy: "ftp_port", 80
FF NetworkProxy: "http", "77.248.92.156"
FF NetworkProxy: "http_port", 80
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "77.248.92.156"
FF NetworkProxy: "socks_port", 80
FF NetworkProxy: "ssl", "77.248.92.156"
FF NetworkProxy: "ssl_port", 80
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_17_0_0_190.dll [2015-06-27] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_190.dll [2015-06-27] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\windows\SysWOW64\npDeployJava1.dll [2013-08-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-08-14] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npNxGameeu.dll [2012-07-06] (Nexon)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2545573064-1671415295-1629012448-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Marvin\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-2545573064-1671415295-1629012448-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Marvin\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-2545573064-1671415295-1629012448-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Marvin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2012-08-20] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2013-06-11] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2013-06-11] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2013-06-11] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2013-06-11] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2013-06-11] (Apple Inc.)
FF Extension: Ciuvo Price Comparison - C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\gsf1j48l.default\Extensions\extension@ciuvo.com.xpi [2011-12-29]
FF Extension: Stealthy - C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\gsf1j48l.default\Extensions\stealthyextension@gmail.com.xpi [2012-01-10]
FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2014-04-30]
FF Extension: No Name - C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\gsf1j48l.default\extensions\hfpf_cgpkgdrje@zpnpaawfkczpibh.org [not found]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-05-17]
CHR Extension: (Google Search) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-17]
CHR Extension: (Tampermonkey) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2015-06-13]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-17]
CHR Extension: (Google Wallet) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-17]
CHR Extension: (Gmail) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-17]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-03-28] (Advanced Micro Devices, Inc.) [File not signed]
S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
S4 EpsonScanSvc; C:\windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
S2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [58387104 2014-07-12] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
S2 PnkBstrA; C:\windows\SysWOW64\PnkBstrA.exe [76888 2014-05-29] ()
S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [441504 2014-07-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31920 2014-04-09] (Wondershare)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-03-07] (Disc Soft Ltd)
S3 GenericMount; C:\Windows\System32\DRIVERS\GenericMount.sys [54320 2009-09-21] (Symantec Corporation)
S3 hitmanpro37; C:\windows\system32\drivers\hitmanpro37.sys [43664 2015-05-17] ()
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
S3 MotioninJoyXFilter; C:\Windows\System32\DRIVERS\MijXfilt.sys [121416 2012-05-12] (MotioninJoy) [File not signed]
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [22528 2011-08-02] (Apple Inc.) [File not signed]
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2011-10-21] (Windows (R) 2003 DDK 3790 provider)
U2 V2iMount; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-29 19:28 - 2015-06-29 19:29 - 00019458 _____ C:\Users\Marvin\Downloads\FRST.txt
2015-06-29 19:28 - 2015-06-29 19:28 - 02112512 _____ (Farbar) C:\Users\Marvin\Desktop\FRST64.exe
2015-06-29 19:28 - 2015-06-29 19:28 - 00000000 ____D C:\FRST
2015-06-29 18:39 - 2015-06-29 18:39 - 05530096 _____ (Advanced System Protector ) C:\Users\Marvin\Downloads\aspsetup.exe
2015-06-29 18:35 - 2015-06-29 18:35 - 00000024 _____ C:\Users\Marvin\AppData\Roaming\appdataFr25.bin
2015-06-29 18:34 - 2015-06-29 18:34 - 00002761 _____ C:\Users\Marvin\Desktop\JRT.txt
2015-06-29 18:29 - 2015-06-29 18:29 - 00000000 ____D C:\RegBackup
2015-06-29 18:27 - 2015-06-29 18:27 - 02950645 _____ (Malwarebytes Corporation) C:\Users\Marvin\Desktop\JRT_7.2.1.exe
2015-06-27 10:28 - 2015-06-29 18:13 - 00000168 _____ C:\windows\setupact.log
2015-06-27 10:28 - 2015-06-27 10:28 - 00000350 _____ C:\windows\PFRO.log
2015-06-27 10:28 - 2015-06-27 10:28 - 00000000 _____ C:\windows\setuperr.log
2015-06-27 10:22 - 2015-06-27 10:22 - 02244096 _____ C:\Users\Marvin\Desktop\adwcleaner_4.207.exe
2015-06-27 07:28 - 2015-06-27 09:57 - 00000000 ____D C:\Program Files (x86)\Responsive Inspector
2015-06-20 15:37 - 2015-06-20 15:38 - 03930567 _____ C:\Users\Marvin\Downloads\95d8e1bfc946e8efccd53137830f544fe7928335.torrent
2015-06-20 14:52 - 2015-06-20 14:52 - 00000000 ____D C:\Users\Marvin\AppData\Local\WarThunder
2015-06-20 14:48 - 2015-06-20 15:02 - 00017880 _____ C:\Users\Marvin\Desktop\clickerHeroSave.txt
2015-06-14 13:03 - 2015-06-14 13:03 - 00000000 ____D C:\Users\Marvin\AppData\Local\Activision
2015-06-14 11:39 - 2015-06-14 11:39 - 00000000 ____D C:\Users\Marvin\AppData\Local\Steam
2015-06-13 15:02 - 2015-06-13 22:44 - 00000000 ____D C:\Users\Marvin\Desktop\backuppic
2015-06-13 14:26 - 2015-06-13 14:26 - 00026565 _____ C:\windows\SysWOW64\msrsb04.dll
2015-06-13 14:26 - 2015-06-13 14:26 - 00000000 ____D C:\Users\Marvin\AppData\Local\IsolatedStorage
2015-06-13 14:25 - 2015-06-13 14:25 - 00002198 _____ C:\Users\Marvin\Desktop\iDevice Manager.lnk
2015-06-13 14:25 - 2015-06-13 14:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iDevice Manager
2015-06-10 16:25 - 2015-05-28 04:02 - 19291136 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-06-10 16:25 - 2015-05-25 20:24 - 05569984 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-06-10 16:25 - 2015-05-25 20:23 - 00155584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-06-10 16:25 - 2015-05-25 20:23 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-06-10 16:25 - 2015-05-25 20:21 - 01728960 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2015-06-10 16:25 - 2015-05-25 20:19 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-06-10 16:25 - 2015-05-25 20:19 - 01255424 _____ (Microsoft Corporation) C:\windows\system32\diagtrack.dll
2015-06-10 16:25 - 2015-05-25 20:19 - 01162752 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2015-06-10 16:25 - 2015-05-25 20:19 - 00879104 _____ (Microsoft Corporation) C:\windows\system32\tdh.dll
2015-06-10 16:25 - 2015-05-25 20:19 - 00728576 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-06-10 16:25 - 2015-05-25 20:19 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-06-10 16:25 - 2015-05-25 20:19 - 00424960 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2015-06-10 16:25 - 2015-05-25 20:19 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2015-06-10 16:25 - 2015-05-25 20:19 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-06-10 16:25 - 2015-05-25 20:19 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-06-10 16:25 - 2015-05-25 20:19 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-06-10 16:25 - 2015-05-25 20:19 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2015-06-10 16:25 - 2015-05-25 20:19 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2015-06-10 16:25 - 2015-05-25 20:19 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-06-10 16:25 - 2015-05-25 20:19 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-06-10 16:25 - 2015-05-25 20:19 - 00113664 _____ (Microsoft Corporation) C:\windows\system32\sechost.dll
2015-06-10 16:25 - 2015-05-25 20:19 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-06-10 16:25 - 2015-05-25 20:19 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-06-10 16:25 - 2015-05-25 20:19 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-06-10 16:25 - 2015-05-25 20:19 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-06-10 16:25 - 2015-05-25 20:19 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2015-06-10 16:25 - 2015-05-25 20:19 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2015-06-10 16:25 - 2015-05-25 20:18 - 00879104 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2015-06-10 16:25 - 2015-05-25 20:18 - 00404992 _____ (Microsoft Corporation) C:\windows\system32\tracerpt.exe
2015-06-10 16:25 - 2015-05-25 20:18 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2015-06-10 16:25 - 2015-05-25 20:18 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-06-10 16:25 - 2015-05-25 20:18 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2015-06-10 16:25 - 2015-05-25 20:18 - 00104448 _____ (Microsoft Corporation) C:\windows\system32\logman.exe
2015-06-10 16:25 - 2015-05-25 20:18 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-06-10 16:25 - 2015-05-25 20:18 - 00047104 _____ (Microsoft Corporation) C:\windows\system32\typeperf.exe
2015-06-10 16:25 - 2015-05-25 20:18 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2015-06-10 16:25 - 2015-05-25 20:18 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\relog.exe
2015-06-10 16:25 - 2015-05-25 20:18 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-06-10 16:25 - 2015-05-25 20:18 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-06-10 16:25 - 2015-05-25 20:18 - 00019456 _____ (Microsoft Corporation) C:\windows\system32\diskperf.exe
2015-06-10 16:25 - 2015-05-25 20:14 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-06-10 16:25 - 2015-05-25 20:14 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-06-10 16:25 - 2015-05-25 20:11 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-06-10 16:25 - 2015-05-25 20:11 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2015-06-10 16:25 - 2015-05-25 20:11 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 20:11 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 20:11 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 20:11 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 20:07 - 03989440 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-06-10 16:25 - 2015-05-25 20:07 - 03934144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-06-10 16:25 - 2015-05-25 20:04 - 01310744 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2015-06-10 16:25 - 2015-05-25 20:01 - 00641536 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2015-06-10 16:25 - 2015-05-25 20:01 - 00635392 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdh.dll
2015-06-10 16:25 - 2015-05-25 20:01 - 00551424 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-06-10 16:25 - 2015-05-25 20:01 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-06-10 16:25 - 2015-05-25 20:01 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-06-10 16:25 - 2015-05-25 20:01 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-06-10 16:25 - 2015-05-25 20:01 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2015-06-10 16:25 - 2015-05-25 20:01 - 00092160 _____ (Microsoft Corporation) C:\windows\SysWOW64\sechost.dll
2015-06-10 16:25 - 2015-05-25 20:01 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2015-06-10 16:25 - 2015-05-25 20:01 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-06-10 16:25 - 2015-05-25 20:01 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2015-06-10 16:25 - 2015-05-25 20:01 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2015-06-10 16:25 - 2015-05-25 20:01 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2015-06-10 16:25 - 2015-05-25 20:00 - 00364544 _____ (Microsoft Corporation) C:\windows\SysWOW64\tracerpt.exe
2015-06-10 16:25 - 2015-05-25 20:00 - 00082944 _____ (Microsoft Corporation) C:\windows\SysWOW64\logman.exe
2015-06-10 16:25 - 2015-05-25 20:00 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2015-06-10 16:25 - 2015-05-25 20:00 - 00040448 _____ (Microsoft Corporation) C:\windows\SysWOW64\typeperf.exe
2015-06-10 16:25 - 2015-05-25 20:00 - 00037888 _____ (Microsoft Corporation) C:\windows\SysWOW64\relog.exe
2015-06-10 16:25 - 2015-05-25 20:00 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2015-06-10 16:25 - 2015-05-25 20:00 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\diskperf.exe
2015-06-10 16:25 - 2015-05-25 19:59 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2015-06-10 16:25 - 2015-05-25 19:59 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2015-06-10 16:25 - 2015-05-25 19:59 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2015-06-10 16:25 - 2015-05-25 19:59 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2015-06-10 16:25 - 2015-05-25 19:57 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-06-10 16:25 - 2015-05-25 19:57 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2015-06-10 16:25 - 2015-05-25 19:55 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-06-10 16:25 - 2015-05-25 19:55 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2015-06-10 16:25 - 2015-05-25 19:55 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 19:55 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 19:00 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\UtcResources.dll
2015-06-10 16:25 - 2015-05-25 18:50 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2015-06-10 16:25 - 2015-05-25 18:50 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2015-06-10 16:25 - 2015-05-25 18:48 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 18:48 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 18:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 18:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-06-10 16:25 - 2015-04-29 20:22 - 14635008 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2015-06-10 16:25 - 2015-04-29 20:21 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\spwmp.dll
2015-06-10 16:25 - 2015-04-29 20:21 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\msdxm.ocx
2015-06-10 16:25 - 2015-04-29 20:21 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\dxmasf.dll
2015-06-10 16:25 - 2015-04-29 20:19 - 12625920 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL
2015-06-10 16:25 - 2015-04-29 20:07 - 11411456 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmp.dll
2015-06-10 16:25 - 2015-04-29 20:07 - 00008192 _____ (Microsoft Corporation) C:\windows\SysWOW64\spwmp.dll
2015-06-10 16:25 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\msdxm.ocx
2015-06-10 16:25 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxmasf.dll
2015-06-10 16:25 - 2015-04-29 20:05 - 12625408 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmploc.DLL
2015-06-10 16:25 - 2015-04-24 20:17 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\comctl32.dll
2015-06-10 16:25 - 2015-04-24 19:56 - 00530432 _____ (Microsoft Corporation) C:\windows\SysWOW64\comctl32.dll
2015-06-10 16:24 - 2015-05-28 04:04 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-06-10 16:24 - 2015-05-28 04:03 - 02237440 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-06-10 16:24 - 2015-05-28 04:03 - 01409024 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-06-10 16:24 - 2015-05-28 04:03 - 00601600 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-06-10 16:24 - 2015-05-28 04:02 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-06-10 16:24 - 2015-05-28 04:02 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-06-10 16:24 - 2015-05-28 04:02 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-06-10 16:24 - 2015-05-28 04:01 - 15415808 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-06-10 16:24 - 2015-05-28 04:01 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-06-10 16:24 - 2015-05-28 04:01 - 02656768 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-06-10 16:24 - 2015-05-28 04:01 - 00856064 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-06-10 16:24 - 2015-05-28 04:01 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-06-10 16:24 - 2015-05-28 04:01 - 00451584 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-06-10 16:24 - 2015-05-28 04:01 - 00281600 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-06-10 16:24 - 2015-05-28 04:01 - 00255488 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-06-10 16:24 - 2015-05-28 04:01 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2015-06-10 16:24 - 2015-05-28 04:01 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-06-10 16:24 - 2015-05-28 04:01 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-06-10 16:24 - 2015-05-28 04:01 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-06-10 16:24 - 2015-05-28 04:00 - 01509376 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-06-10 16:24 - 2015-05-28 02:45 - 01763328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-06-10 16:24 - 2015-05-28 02:45 - 01181696 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-06-10 16:24 - 2015-05-28 02:45 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-06-10 16:24 - 2015-05-28 02:44 - 14383104 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-06-10 16:24 - 2015-05-28 02:44 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-06-10 16:24 - 2015-05-28 02:44 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-06-10 16:24 - 2015-05-28 02:44 - 00080384 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-06-10 16:24 - 2015-05-28 02:43 - 13771776 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-06-10 16:24 - 2015-05-28 02:43 - 02865152 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-06-10 16:24 - 2015-05-28 02:43 - 02055680 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-06-10 16:24 - 2015-05-28 02:43 - 01441280 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-06-10 16:24 - 2015-05-28 02:43 - 00690176 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-06-10 16:24 - 2015-05-28 02:43 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-06-10 16:24 - 2015-05-28 02:43 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-06-10 16:24 - 2015-05-28 02:43 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-06-10 16:24 - 2015-05-28 02:43 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-06-10 16:24 - 2015-05-28 02:43 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2015-06-10 16:24 - 2015-05-28 02:43 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-06-10 16:24 - 2015-05-28 02:43 - 00039936 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-06-10 16:24 - 2015-05-28 02:43 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-06-10 16:24 - 2015-05-28 02:24 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-06-10 16:24 - 2015-05-28 02:23 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-06-10 16:24 - 2015-05-28 02:00 - 00441856 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-06-10 16:24 - 2015-05-28 01:55 - 00361984 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2015-06-10 16:24 - 2015-05-28 01:34 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2015-06-10 16:24 - 2015-05-28 01:32 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2015-06-10 16:20 - 2015-05-25 19:08 - 03206144 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-06-10 16:20 - 2015-04-11 05:19 - 00069888 _____ (Microsoft Corporation) C:\windows\system32\Drivers\stream.sys
2015-06-09 19:20 - 2015-06-27 09:57 - 00000000 ____D C:\Program Files (x86)\VIA3  Video Conferencing Messaging
2015-06-06 20:53 - 2015-06-27 10:06 - 00000000 ____D C:\Program Files (x86)\SoftwareForce
2015-06-05 20:07 - 2015-05-22 20:18 - 01021440 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-06-05 20:07 - 2015-05-22 20:18 - 00757248 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-06-05 20:07 - 2015-05-22 20:18 - 00700416 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-06-05 20:07 - 2015-05-22 20:18 - 00423424 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-06-05 20:07 - 2015-05-22 20:18 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-06-05 20:07 - 2015-05-22 20:18 - 00045568 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2015-06-05 20:07 - 2015-05-22 20:13 - 01119232 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-06-05 20:07 - 2015-05-21 15:19 - 00193536 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-29 19:26 - 2012-03-29 16:21 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-06-29 19:24 - 2015-05-17 20:13 - 00001110 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-29 19:06 - 2011-07-21 21:51 - 01908638 _____ C:\windows\WindowsUpdate.log
2015-06-29 18:30 - 2015-05-15 10:04 - 00136408 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-29 18:30 - 2015-05-15 10:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-29 18:30 - 2013-11-09 14:51 - 00000000 ____D C:\AdwCleaner
2015-06-29 18:21 - 2009-07-14 06:45 - 00028624 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-29 18:21 - 2009-07-14 06:45 - 00028624 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-29 18:19 - 2011-07-21 21:18 - 00765838 _____ C:\windows\system32\perfh007.dat
2015-06-29 18:19 - 2011-07-21 21:18 - 00175036 _____ C:\windows\system32\perfc007.dat
2015-06-29 18:19 - 2009-07-14 07:13 - 01807338 _____ C:\windows\system32\PerfStringBackup.INI
2015-06-29 18:13 - 2015-05-17 20:13 - 00001106 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-29 18:13 - 2009-07-14 07:08 - 00032632 _____ C:\windows\Tasks\SCHEDLGU.TXT
2015-06-29 18:13 - 2009-07-14 07:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-06-27 11:59 - 2014-05-04 14:06 - 00000000 ____D C:\Users\Marvin\AppData\Roaming\Spotify
2015-06-27 11:51 - 2015-05-18 20:36 - 00000000 ____D C:\Users\Marvin\AppData\Local\Spotify
2015-06-27 10:24 - 2015-05-25 09:16 - 00000000 ____D C:\Users\Marvin\AppData\Local\CrashDumps
2015-06-27 10:24 - 2013-09-05 16:20 - 00000000 ____D C:\Program Files (x86)\Steam
2015-06-27 10:24 - 2012-07-22 10:07 - 00002774 _____ C:\windows\System32\Tasks\CCleanerSkipUAC
2015-06-27 10:24 - 2011-02-11 21:57 - 00000000 ____D C:\windows\Panther
2015-06-27 10:19 - 2015-05-18 17:30 - 00000000 ____D C:\Users\Marvin\Desktop\System
2015-06-27 10:05 - 2011-12-26 01:51 - 00000000 ____D C:\Users\Marvin\AppData\Roaming\Skype
2015-06-27 09:57 - 2015-05-17 18:40 - 00000000 ____D C:\Program Files (x86)\b05f4dc8-3eb1-4310-b007-92743b80b6d6
2015-06-27 09:57 - 2013-09-15 15:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-27 09:57 - 2011-12-28 03:28 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-06-27 09:42 - 2015-05-17 19:09 - 00000000 ____D C:\Users\Marvin\AppData\Local\Mozilla
2015-06-27 00:26 - 2012-03-29 16:21 - 00778416 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-06-27 00:26 - 2012-03-29 16:21 - 00003822 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-06-27 00:26 - 2011-12-25 01:01 - 00142512 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-26 23:25 - 2015-05-17 20:13 - 00002135 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-20 12:26 - 2012-07-04 14:20 - 00000000 ____D C:\Users\Marvin\AppData\Local\Google
2015-06-14 11:47 - 2013-03-08 17:22 - 00000000 ____D C:\ProgramData\Electronic Arts
2015-06-14 11:46 - 2015-05-03 13:37 - 00000000 ____D C:\Program Files (x86)\SpeedFan
2015-06-14 11:46 - 2009-07-14 07:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-06-13 15:11 - 2009-07-14 07:09 - 00000000 ____D C:\windows\System32\Tasks\WPD
2015-06-13 14:34 - 2011-12-31 01:17 - 00000000 ____D C:\Users\Marvin\Desktop\Sonstiges
2015-06-12 18:01 - 2009-07-14 05:20 - 00000000 ____D C:\windows\rescache
2015-06-12 16:40 - 2015-05-15 20:03 - 05043400 _____ C:\windows\system32\FNTCACHE.DAT
2015-06-11 19:12 - 2012-01-12 17:34 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-11 19:06 - 2013-07-25 14:56 - 00000000 ____D C:\windows\system32\MRT
2015-06-11 18:37 - 2011-12-25 11:53 - 140135120 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-06-11 18:36 - 2009-07-14 04:34 - 00000580 _____ C:\windows\win.ini
2015-06-09 13:42 - 2014-12-13 19:23 - 00000000 ____D C:\windows\system32\appraiser
2015-06-09 13:42 - 2014-04-28 14:35 - 00000000 ___SD C:\windows\system32\CompatTel
2015-06-01 17:27 - 2009-07-14 05:20 - 00000000 ____D C:\windows\system32\NDF

==================== Files in the root of some directories =======

2015-04-14 18:28 - 2015-04-14 18:28 - 0004387 _____ () C:\Users\Marvin\AppData\Roaming\09grw4H1Lq1DtjJuwoG
2015-06-29 18:35 - 2015-06-29 18:35 - 0000024 _____ () C:\Users\Marvin\AppData\Roaming\appdataFr25.bin
2012-09-17 18:04 - 2012-12-05 19:44 - 0000000 _____ () C:\Users\Marvin\AppData\Roaming\Brother
2015-04-19 14:20 - 2015-04-19 14:20 - 0005872 _____ () C:\Users\Marvin\AppData\Roaming\D4Bmst5g3iT3eCVS4UrxT8h2
2012-01-23 15:58 - 2012-01-29 18:26 - 0000600 _____ () C:\Users\Marvin\AppData\Roaming\winscp.rnd
2015-05-22 19:37 - 2015-05-22 19:37 - 0002713 _____ () C:\Users\Marvin\AppData\Local\recently-used.xbel
2012-09-17 18:12 - 2012-09-17 18:12 - 0000000 _____ () C:\ProgramData\Bundle
2011-12-26 01:52 - 2011-12-26 01:52 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2012-09-17 18:04 - 2012-12-05 19:42 - 0000000 ____H () C:\ProgramData\PKP_DLes.DAT
2012-09-17 18:04 - 2012-12-05 19:44 - 0000000 ____H () C:\ProgramData\PKP_DLet.DAT
2012-09-17 18:03 - 2012-09-17 18:12 - 0000000 ____H () C:\ProgramData\PKP_DLeu.DAT
2012-09-17 18:04 - 2012-12-05 19:44 - 0000000 ____H () C:\ProgramData\PKP_DLev.DAT
2011-07-21 06:19 - 2011-07-21 06:20 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2011-07-21 06:11 - 2011-07-21 06:12 - 0000113 _____ () C:\ProgramData\{34FBC7C4-CD31-4D93-A428-0E524EAC4586}.log
2011-07-21 06:16 - 2011-07-21 06:17 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2011-07-21 06:12 - 2011-07-21 06:16 - 0000106 _____ () C:\ProgramData\{80E158EA-7181-40FE-A701-301CE6BE64AB}.log
2011-07-21 06:17 - 2011-07-21 06:19 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log

Some files in TEMP:
====================
C:\Users\Marvin\AppData\Local\Temp\Quarantine.exe
C:\Users\Marvin\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Marvin\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-26 23:57

==================== End of log ============================
--- --- ---


Addition
[CODE]Additional
FRST Logfile:
Code:
scan result of Farbar Recovery Scan Tool (x64) Version:28-06-2015 01
Ran by Marvin at 2015-06-29 19:29:33
Running from C:\Users\Marvin\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2545573064-1671415295-1629012448-500 - Administrator - Disabled)
Gast (S-1-5-21-2545573064-1671415295-1629012448-501 - Limited - Enabled) => C:\Users\Gast
HomeGroupUser$ (S-1-5-21-2545573064-1671415295-1629012448-1002 - Limited - Enabled)
Marvin (S-1-5-21-2545573064-1671415295-1629012448-1000 - Administrator - Enabled) => C:\Users\Marvin

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Disabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

„Windows Live Essentials“ (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
„Windows Live“ fotogalerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.2.1.650 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.190 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.190 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{2748FDE2-7BA8-1D20-11A2-FF01CEB009A5}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-Bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Atheros)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
AVG 2013 (Version: 13.0.2641 - AVG Technologies) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 5.60.48.55 - Broadcom Corporation)
Call of Duty(R) - World at War(TM) (HKLM-x32\...\InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}) (Version: 1.7 - Activision)
Call of Duty(R) - World at War(TM) (x32 Version: 1.0 - Activision) Hidden
Call of Duty(R) - World at War(TM) 1.1 Patch (x32 Version:  - ) Hidden
Call of Duty(R) - World at War(TM) 1.1 Patch (x32 Version: 1.1 - Activision) Hidden
Call of Duty(R) - World at War(TM) 1.2 Patch (x32 Version:  - ) Hidden
Call of Duty(R) - World at War(TM) 1.2 Patch (x32 Version: 1.2 - Activision) Hidden
Call of Duty(R) - World at War(TM) 1.3 Patch (x32 Version:  - ) Hidden
Call of Duty(R) - World at War(TM) 1.3 Patch (x32 Version: 1.3 - Activision) Hidden
Call of Duty(R) - World at War(TM) 1.4 Patch (x32 Version:  - ) Hidden
Call of Duty(R) - World at War(TM) 1.4 Patch (x32 Version: 1.4 - Activision) Hidden
Call of Duty(R) - World at War(TM) 1.5 Patch (x32 Version:  - ) Hidden
Call of Duty(R) - World at War(TM) 1.5 Patch (x32 Version: 1.5 - Activision) Hidden
Call of Duty(R) - World at War(TM) 1.6 Patch (x32 Version:  - ) Hidden
Call of Duty(R) - World at War(TM) 1.6 Patch (x32 Version: 1.6 - Activision) Hidden
Call of Duty(R) - World at War(TM) 1.7 Patch (x32 Version:  - ) Hidden
Call of Duty(R) - World at War(TM) 1.7 Patch (x32 Version: 1.7 - Activision) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.07 - Piriform)
CPUID CPU-Z 1.72 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.4013 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.48.1.0347 - Disc Soft Ltd)
Download Navigator (HKLM-x32\...\{04A86A16-2082-46EE-8AD2-9A6FDC96DD27}) (Version: 3.3.0 - SEIKO EPSON CORPORATION)
Druckerdeinstallation für EPSON XP-302 303 305 306 Series (HKLM\...\EPSON XP-302 303 305 306 Series) (Version:  - SEIKO EPSON Corporation)
Elements 9 Organizer (x32 Version: 9.0 - Ihr Firmenname) Hidden
Elements STI Installer (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Epson Easy Photo Print 2 (HKLM-x32\...\{02A312B5-1542-47B6-BFE9-F51358C39E86}) (Version: 2.4.0.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION2)
Epson E-Web Print (HKLM-x32\...\{CEC98C2A-9ED5-49DA-9F3A-92434E0A4FA3}) (Version: 1.19.0000 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Free YouTube to MP3 Converter version 3.12.59.505 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.59.505 - DVDVideoSoft Ltd.)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Garry)
GDR 5520 für SQL Server 2008 (KB 2977321) (64-bit) (HKLM\...\KB2977321) (Version: 10.3.5520.0 - Microsoft Corporation)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
globalupdate Helper (x32 Version: 1.3.25.0 - globalupdate Inc.) Hidden <==== ATTENTION
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.130 - Google Inc.)
Google Chrome (HKU\S-1-5-21-2545573064-1671415295-1629012448-1000\...\Google Chrome) (Version: 42.0.2311.152 - Google Inc.)
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Grand Theft Auto IV (x32 Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.242 - SurfRight B.V.)
iBackupBot 5.2.5 (HKLM-x32\...\iBackupBot) (Version: 5.2.5 - VOWSoft, Ltd.)
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)
Intel PROSet Wireless (x32 Version:  - ) Hidden
Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{3C41721F-AF0F-4086-AA1C-4C7F29076228}) (Version: 14.01.1000 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
jahPlayer (HKLM-x32\...\jahPlayer) (Version:  - )
Java 7 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
K-Lite Codec Pack 5.2.0 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 5.2.0 - )
Kontrola Windows Live Mesh ActiveX za daljinske veze (HKLM-x32\...\{19CBDE24-2761-49A5-816B-D2BA65D0CA8D}) (Version: 15.4.5722.2 - Microsoft Corporation)
Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave (HKLM-x32\...\{CA227A9D-09BE-4BFB-9764-48FED2DA5454}) (Version: 15.4.5722.2 - Microsoft Corporation)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.0 Language Pack - DEU (HKLM\...\Microsoft Help Viewer 1.0 Language Pack - DEU) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 (64-bit) (HKLM\...\Microsoft SQL Server 10 Release) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 Browser (HKLM-x32\...\{4AF2248C-B3DF-46FB-9596-87F5DB193689}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{12FE6AA6-65D2-40EE-B925-62193128A0E6}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{A106D33E-6B43-42C0-9BFC-D03303261FA7}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{393CA5BF-0362-42FD-ABC2-BA9D22EF925E}) (Version: 10.3.5520.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 DEU (HKLM-x32\...\{0125D081-30D0-4A97-82A8-C28D444B6256}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 DEU (HKLM\...\{C3EAE456-7E7A-451F-80EF-F34C7A13C558}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{5A08C9D1-37AD-4A8D-90D3-33F92C578AA5}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{28D06854-572C-4A65-83E5-F8CAF26B9FDC}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Runtime - 10.0.30319 (HKLM\...\{94D70749-4281-39AC-AD90-B56A0E0A402E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{616C6F39-4CE1-3434-A665-2F6A04C09A7F}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU (HKLM\...\{3C983A67-DFB2-3D3D-AD9E-CA1A5A09FD18}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 37.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 de)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 37.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
msxml4 (HKLM-x32\...\{5AE3D9F1-9E9E-4015-8787-E22705AA32C5}) (Version: 1.0.0 - Default Company Name)
Multimedia POP (HKLM-x32\...\{331ECF61-69AF-4F57-AC35-AFED610231C3}) (Version: 1.1 - )
Nero Backup Drivers (HKLM\...\{D600D357-5CB9-4DE9-8FD4-14E208BD1970}) (Version: 1.0.11100.8.0 - Nero AG)
Nur Entfernen der CopyTrans Suite möglich (HKU\S-1-5-21-2545573064-1671415295-1629012448-1000\...\CopyTrans Suite) (Version: 2.37 - WindSolutions)
OpenLibraries (HKLM-x32\...\OpenLibraries) (Version:  - )
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
ProtectDisc Driver, Version 11 (HKLM-x32\...\ProtectDisc Driver 11) (Version: 11.0.0.14 - ProtectDisc Software GmbH)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.45.516.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6400 - Realtek Semiconductor Corp.)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Samsung Control Center (HKLM-x32\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 1.0 - Samsung Electronics Co., Ltd.)
Samsung Recovery Solution 5 (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 5.0.1.3 - Samsung)
Samsung Support Center 1.0 (HKLM-x32\...\{F687E657-F636-44DF-8125-9FEEA2C362F5}) (Version: 1.1.38 - Samsung)
Samsung Universal Print Driver (HKLM-x32\...\Samsung Universal Print Driver) (Version: 2.02.05.00:27 - Samsung Electronics Co., Ltd.)
Samsung Universal Scan Driver (HKLM-x32\...\Samsung Universal Scan Driver) (Version: 1.2.5.0 - Samsung Electronics Co., Ltd.)
Samsung Update Plus (HKLM-x32\...\{142D8CA7-2C6F-45A7-83E3-099AAFD99133}) (Version: 3.0.0.17 - Samsung Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 3 für SQL Server 2008 (KB2546951) (64-bit) (HKLM\...\KB2546951) (Version: 10.3.5500.0 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Software Updater (HKLM-x32\...\{C09D747A-BD47-42A9-915E-CEB6B1BB7C11}) (Version: 4.2.7 - SEIKO EPSON CORPORATION)
Spotify (HKU\S-1-5-21-2545573064-1671415295-1629012448-1000\...\Spotify) (Version: 1.0.6.80.g2a801a53 - Spotify AB)
Sql Server Customer Experience Improvement Program (Version: 10.3.5500.0 - Microsoft Corporation) Hidden
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.13.1 - TeamSpeak Systems GmbH)
TuneUp Companion 2.2.7 (HKLM-x32\...\TuneUpMedia) (Version: 2.2.7 - TuneUp Media, Inc.)
TuneUp Utilities 2013 (HKLM-x32\...\TuneUp Utilities 2013) (Version: 13.0.2013.194 - TuneUp Software)
TuneUp Utilities 2013 (x32 Version: 13.0.2013.194 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (en-US) (x32 Version: 13.0.2013.194 - TuneUp Software) Hidden
Unity Web Player (HKU\S-1-5-21-2545573064-1671415295-1629012448-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VLC media player 1.1.11 (HKLM-x32\...\VLC media player) (Version: 1.1.11 - VideoLAN)
War Thunder (HKLM-x32\...\Steam App 236390) (Version:  - Gaijin Entertainment)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR 4.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
WordCaptureX Pro (HKLM-x32\...\{139C1D95-9037-3AB3-F5F4-4A79BF6831EC}) (Version: 4.0.0 - Deskperience)
Your Product (HKLM-x32\...\Your Product1.0) (Version: 1.0 - Your Company)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

20-06-2015 12:35:58 Windows Update
26-06-2015 22:58:30 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {11EE5FD4-E46E-4D3E-BE64-5D42B308EC2F} - System32\Tasks\SUPBackground => C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe [2011-01-12] (Samsung Electronics)
Task: {12E2745D-D8DB-4F12-9F37-2544B87A80B0} - System32\Tasks\{FD9645F9-CA54-488A-9AE1-E059EA60D436} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{17283B95-21A8-4996-97DA-547A48DB266F}\setup.exe" -d "C:\Program Files (x86)\InstallShield Installation Information\{17283B95-21A8-4996-97DA-547A48DB266F}"
Task: {133FDAA6-03EA-47D8-8B8E-AAEDD164486C} - System32\Tasks\{F91F98E5-501B-4F99-AAF9-64E3DFA60859} => pcalua.exe -a C:\Users\Marvin\Downloads\PSE_5.0_WIN_ESD1_DE.exe -d C:\Users\Marvin\Downloads
Task: {146831AB-977B-4466-A37C-8132E2964E9C} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\Samsung Control Center\EBM\EasyBatteryMgr4.exe [2011-05-09] (SAMSUNG Electronics co., LTD.)
Task: {197AB0E6-09EB-48CA-A83F-35DD5C94EC16} - System32\Tasks\{C183DF6C-42C2-44E2-AB22-AD47C67E1724} => C:\Program Files (x86)\iPhoneBrowser\iPhoneBrowser.exe
Task: {24B9B3AC-9A92-4DC7-BDBC-2BE32EE60A00} - System32\Tasks\{66D3EC76-D9DC-48A8-9D96-C7630F815A91} => C:\Program Files (x86)\Rockstar Games\GTA San Andreas\gta_sa.exe
Task: {340351E2-7790-4A6E-8A49-E35601FE80B0} - System32\Tasks\SvcDelay => C:\Windows\temp\SvcDelay.exe
Task: {46CC1074-1FAC-4981-BB9E-F27BC91583AB} - System32\Tasks\{B7349295-B75B-45FF-B29A-F3724694F7F9} => pcalua.exe -a C:\Users\Marvin\AppData\Local\Temp\Temp1_pbsetup.zip\pbsetup.exe
Task: {4E481420-08F6-4F19-AB66-A4BA5205FFDC} - System32\Tasks\SamsungSupportCenter => C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe [2011-09-04] (SAMSUNG Electronics)
Task: {5002D113-FD9A-4186-8930-47553D453087} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2013\OneClick.exe [2012-09-17] (TuneUp Software)
Task: {54493605-DA64-4842-B8B7-91C17101956E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-17] (Google Inc.)
Task: {60D0E33B-2CF4-4071-B7E7-825D91288EEF} - System32\Tasks\{FA6BA6FF-86F1-4376-A173-1C5D4553B892} => pcalua.exe -a C:\Users\Marvin\AppData\Local\Temp\Temp1_WBFSManager3.0.1-RTW-x64.zip\setup.exe
Task: {61B481F5-46AD-46BC-8EB9-EBF82037F967} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-17] (Google Inc.)
Task: {6ECC35CD-3826-42A4-9F38-DEFF395803E1} - System32\Tasks\{41119750-8CDB-43D3-A18D-49A7D6E34E8D} => pcalua.exe -a C:\Users\Marvin\Downloads\SetupiPhoneBrowser.1.91.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {73AA9B64-FF9E-4B7C-805F-EFCF590D45AD} - System32\Tasks\{CE526F6F-E8DC-40A6-8703-6D10C232F564} => C:\Program Files (x86)\iPhoneBrowser\iPhoneBrowser.exe
Task: {7558D982-20FC-4565-AD2D-34F983BA56A1} - System32\Tasks\AdobeAAMUpdater-1.0-Marvin-PC-Marvin => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated)
Task: {7B719969-F143-4B5D-A94D-F10D79BDA580} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-10-22] (Piriform Ltd)
Task: {81B46C8D-F2F6-43A2-A560-F23BA244C322} - System32\Tasks\advSRS5 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe [2011-03-29] (SEC)
Task: {8A273E5B-B2D4-4392-BEAB-70A0364E2107} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {8DE93BA1-ECE0-4A07-BD4B-7B4F402F782E} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Samsung Control Center\dmhkcore.exe [2011-06-15] (Samsung Electronics Co., Ltd.)
Task: {91F305C2-7AAC-4AD1-A2D7-18F2778CAE0E} - System32\Tasks\MovieColorEnhancer => C:\Program Files (x86)\Samsung\Samsung Control Center\MovieColorEnhancer.exe [2011-02-16] (Samsung Electronics Co., Ltd.)
Task: {97224D5F-7F24-4EBC-8CC1-E4D7DA323A62} - System32\Tasks\{DA8BD37B-D4DB-4009-930E-D3328DF2D69A} => C:\Program Files (x86)\Rockstar Games\GTA San Andreas\gta_sa.exe
Task: {9E69DAE8-AC47-478E-8BAC-0EA28B695205} - System32\Tasks\{555A58B4-EE2D-4E5F-A488-58366B1C4CC3} => C:\Program Files (x86)\Rockstar Games\GTA San Andreas\gta_sa.exe
Task: {C2C98F00-AD81-4AF6-A160-D1ECA910D769} - System32\Tasks\{28680E42-0417-4147-8F36-E0B29C155489} => C:\Program Files (x86)\Rockstar Games\GTA San Andreas\gta_sa.exe
Task: {C5F246C3-01C1-4425-9059-361BB99B99F1} - System32\Tasks\SmartSetting => C:\Program Files (x86)\Samsung\Samsung Control Center\SmartSetting.exe [2011-06-04] (Samsung Electronics Co., Ltd.)
Task: {CE561253-E65B-4601-8363-2BE5F3BA00F1} - System32\Tasks\EasyPartitionManager => C:\Windows\MSetup\BA46-12225A02\EPM.exe
Task: {D01A72E6-4909-4893-ACB5-1B4D037E2F0A} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-03-12] (Oracle Corporation)
Task: {D625583E-4F39-42A9-847A-C12E40A23386} - System32\Tasks\{CE73ADFF-0AD8-4D35-846A-846F72E35E02} => C:\Program Files (x86)\Rockstar Games\GTA San Andreas\gta_sa.exe
Task: {DC4097BB-80E7-4AA8-8677-2016C868A029} - System32\Tasks\SCCSpeedBoot => C:\Program Files (x86)\Samsung\Samsung Control Center\SCCSpeedBoot.exe [2011-05-18] (Samsung Electronics Co., Ltd.)
Task: {E17E0554-C5C1-4C6E-A08B-3BFD458C5EE1} - System32\Tasks\Google Updater and Installer => C:\Users\Marvin\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {E69545C2-A3B7-4E78-8563-A33D8EB77554} - System32\Tasks\WifiManager => C:\Program Files (x86)\Samsung\Samsung Control Center\WifiManager.exe [2011-06-15] (Samsung Electronics Co., Ltd.)
Task: {EA9AD490-377C-4893-990C-B638421AF152} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-04-14] (CyberLink)
Task: {FAC99DC5-D88D-42BE-83F9-866CE977D2BA} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-27] (Adobe Systems Incorporated)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2011-12-25 22:04 - 2011-05-28 23:05 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2011-07-21 20:58 - 2010-10-21 20:22 - 00709632 _____ () C:\windows\system32\SnMinDrv.dll
2011-07-21 20:58 - 2008-06-05 01:53 - 00027648 _____ () C:\windows\System32\spd__l.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:05EE1EEF
AlternateDataStreams: C:\ProgramData\Temp:AD022376

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2545573064-1671415295-1629012448-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Marvin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: Apple Mobile Device Service => 2
MSCONFIG\Services: EpsonScanSvc => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: Samsung UPD Service => 3
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"                                                                                                                                                                                                       
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"                                                                                                                                                                                   
MSCONFIG\startupreg: ApplePhotoStreams => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices                                                                                                                                                                                           
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun                                                                                                                                                                                                         
MSCONFIG\startupreg: EEventManager => "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"                                                                                                                                                                                                 
MSCONFIG\startupreg: EPLTarget =>
MSCONFIG\startupreg: Google Update => "C:\Users\Marvin\AppData\Local\Google\Update\GoogleUpdate.exe" /c                                                                                                                                                                                                       
MSCONFIG\startupreg: GoogleChromeAutoLaunch_46F1CB28F09B935A713F72D4B90FE680 => "C:\Users\Marvin\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: iCloudServices => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start                                                                                                                                                                                                 
MSCONFIG\startupreg: Spotify => "C:\Users\Marvin\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Marvin\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent                                                                                                                                                                                                                       
MSCONFIG\startupreg: uTorrent => "C:\Users\Marvin\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED                                                                                                                                                                                                     

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{B533BEAD-760B-4082-9DA0-54BF2F0D93C5}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\USDAgent.exe
FirewallRules: [{76536418-9980-4136-A940-01AC3FDA8068}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\USDAgent.exe
FirewallRules: [{5DE60AAD-259B-4A32-997B-29A78B957E08}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\ICCUpdater.exe
FirewallRules: [{33D218BC-2254-4513-8885-4EF0CBA07F96}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\ICCUpdater.exe
FirewallRules: [{752DF0A3-F849-4572-8243-3EA33FA265B2}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{CE794129-3BA4-4148-A605-5F5B1C8EC197}] => (Allow) LPort=2869
FirewallRules: [{70925FC6-7C9E-49DF-916D-4B49F27C6092}] => (Allow) LPort=1900
FirewallRules: [{AF431D3E-9319-4C5C-BC4C-36E81D16814F}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{090304E7-4608-4716-AFFB-13236A9BEBE9}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [TCP Query User{311EA05E-61F9-4D51-B362-3C0A7F8B5F98}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe] => (Allow) C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe
FirewallRules: [UDP Query User{7A5FC880-C91E-4783-91EE-668D73EE285A}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe] => (Allow) C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe
FirewallRules: [{64204237-5179-4897-9C62-A6C190C39DA8}] => (Allow) C:\ProgramData\NexonEU\NGM\NGM.exe
FirewallRules: [{0F6B505D-6288-4150-8B1A-CBCDA16F29E0}] => (Allow) C:\ProgramData\NexonEU\NGM\NGM.exe
FirewallRules: [TCP Query User{DAC72453-0B67-463A-A625-49C699FD1E88}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe] => (Allow) C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe
FirewallRules: [UDP Query User{04A2CDF2-379E-47AD-9A66-EC56940C5960}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe] => (Allow) C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe
FirewallRules: [TCP Query User{A8726F37-409A-4859-BA0E-84C5DC5757C4}C:\windows\syswow64\javaw.exe] => (Allow) C:\windows\syswow64\javaw.exe
FirewallRules: [UDP Query User{4E7A4E00-4DB8-48C9-BBD3-44FDE2BF2FCE}C:\windows\syswow64\javaw.exe] => (Allow) C:\windows\syswow64\javaw.exe
FirewallRules: [{33A47B9A-18C7-4298-AF7F-DB7E2CFDFBB8}] => (Allow) %ProgramFiles% (x86)\Java\jre7\bin\javaw.exe
FirewallRules: [{3C235533-BA45-4310-B379-7AB6359C9057}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{A3F4F4CF-321B-492C-9759-8D76033C0FE8}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{A013F280-B5D8-4F2D-9B37-BDC102B4C941}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F5207462-1BE0-4F9A-A07C-86DA37CD3283}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D8A731BE-EDCF-420D-A0E6-533363A7D61D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{596F2A3F-A471-46E0-B473-44FF05F785DE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1083B88C-75C1-49F1-BF62-E87E96D8CFC0}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{7165D37D-C72C-43D8-A528-17E4F9961474}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{BB95D659-AAF1-4497-950B-8738E2C588A0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\War Thunder\launcher.exe
FirewallRules: [{07DCCCA0-50F8-4CD3-AB06-EADC885321FB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\War Thunder\launcher.exe
FirewallRules: [{207283C6-2643-4BF5-8E6B-627A25FFDFB7}] => (Allow) E:\Network\EpsonNetSetup\ENEasyApp.exe
FirewallRules: [{E2ADDE8C-F09C-4465-9B7B-709258F715C8}] => (Allow) E:\Network\EpsonNetSetup\ENEasyApp.exe
FirewallRules: [TCP Query User{216C37FA-CEA0-4C06-85B6-F6D33947CE92}C:\users\marvin\desktop\sonstiges\nazi_zombies\nazi zombies\codwaw.exe] => (Allow) C:\users\marvin\desktop\sonstiges\nazi_zombies\nazi zombies\codwaw.exe
FirewallRules: [UDP Query User{4F5595A1-D40C-4701-95CF-12AB17D92CBF}C:\users\marvin\desktop\sonstiges\nazi_zombies\nazi zombies\codwaw.exe] => (Allow) C:\users\marvin\desktop\sonstiges\nazi_zombies\nazi zombies\codwaw.exe
FirewallRules: [TCP Query User{73434ACF-7C3F-4F19-B789-E3E06A5390AB}C:\users\marvin\desktop\sonstiges\nazi_zombies\nazi zombies\codwaw.exe] => (Allow) C:\users\marvin\desktop\sonstiges\nazi_zombies\nazi zombies\codwaw.exe
FirewallRules: [UDP Query User{1FC8939C-0094-41DA-BD96-CB6530E6B27C}C:\users\marvin\desktop\sonstiges\nazi_zombies\nazi zombies\codwaw.exe] => (Allow) C:\users\marvin\desktop\sonstiges\nazi_zombies\nazi zombies\codwaw.exe
FirewallRules: [{86983096-69A5-4B3E-8A42-8E22DD308E51}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{A6B95520-617C-4E87-90F3-5B5CCE18B990}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{ED6E9610-CEEB-488A-9CA1-7C751A8BF5B1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{FE8CEFA3-27C6-4D21-8579-B4AD4E9BB2B2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{B56A0034-A2DF-4C5C-85F7-ACD4A30D86DE}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{04D5B1A0-41E6-4EC0-AEB8-3414CCCAC4BE}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{CF2B409A-C062-4BCF-A3C5-FEBA0538B698}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{4C03FCE1-D5AC-41DA-8A60-14F0A58ABD9F}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{C7208592-41A2-4CDE-8B2A-3C7134200749}] => (Allow) C:\Program Files (x86)\Activision\Call of Duty - World at War\CoDWaW.exe
FirewallRules: [{980F6C00-8469-4844-B056-F29BA37B8067}] => (Allow) C:\Program Files (x86)\Activision\Call of Duty - World at War\CoDWaW.exe
FirewallRules: [{C51DD5C0-01E8-4E01-9011-D9F331655B1C}] => (Allow) C:\Program Files (x86)\Activision\Call of Duty - World at War\CoDWaWmp.exe
FirewallRules: [{B214461C-9B7E-4F6F-80DF-AE78621D8239}] => (Allow) C:\Program Files (x86)\Activision\Call of Duty - World at War\CoDWaWmp.exe
FirewallRules: [{F5F99662-CC56-492C-9B42-B578477B4917}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{72FBCD98-EA65-4A28-A8BB-FF0AAA44F93A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{E9C9C8FE-5C70-45FF-990A-D7C259D97F21}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{50CD923A-CC65-428F-9792-3E9FA6EEB094}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [TCP Query User{2DAF7A75-5A30-4150-A6BA-88B22E4591DB}C:\users\marvin\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\marvin\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{31D60B47-97BE-4EFE-8E7A-AEF129E8169E}C:\users\marvin\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\marvin\appdata\roaming\spotify\spotify.exe
FirewallRules: [{BF6CE0CC-365D-48F1-8D3F-569347A8B55E}] => (Block) C:\users\marvin\appdata\roaming\spotify\spotify.exe
FirewallRules: [{C46CC1FD-B110-4AF8-B834-7AB26F5BD313}] => (Block) C:\users\marvin\appdata\roaming\spotify\spotify.exe
FirewallRules: [{EEC9249E-D2F2-4C4F-B6D9-A6242B4C9ECD}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{C5DE302A-04E1-4A0B-957C-DC44B34C99D4}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{728286ED-FCAD-49D6-BC6D-EC7B5912A7A2}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{9AFE2C43-788F-4F47-B694-7031E2CD1FE7}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [TCP Query User{451184ED-707F-49BD-943B-31F0BCFE9FED}C:\program files (x86)\activision\call of duty - world at war\codwaw.exe] => (Allow) C:\program files (x86)\activision\call of duty - world at war\codwaw.exe
FirewallRules: [UDP Query User{A9BC098D-A9F9-401C-8830-F6545E90B399}C:\program files (x86)\activision\call of duty - world at war\codwaw.exe] => (Allow) C:\program files (x86)\activision\call of duty - world at war\codwaw.exe
FirewallRules: [{40E30453-F4E3-4AFD-9778-5E3C7C2C7D46}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A16FE5EA-2645-459B-91E5-09B435885D1C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{ED1B3443-6F10-446B-A057-FDAB89C955CE}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{1F5321BB-CFCC-4A7C-99FC-03ECC8B5066D}] => (Allow) C:\Program Files (x86)\Software4u\iDevice Manager\Software4u.IDeviceManager.exe
FirewallRules: [{7F0909DD-69AC-42A8-B289-B1B961AC70F6}] => (Allow) C:\Program Files (x86)\Software4u\iDevice Manager\Software4u.IDeviceManager.exe
FirewallRules: [{19030F3C-F544-4BF5-AC76-F02ABFA7429C}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{E9AE5F1F-5B26-4310-A0E2-A64BF65F8F12}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{A7CCF692-9405-41FE-BF4E-F8866AE5D11B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/14/2015 11:42:00 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Steam.exe, Version 2.81.34.6 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1264

Startzeit: 01d0a685ec635dd4

Endzeit: 0

Anwendungspfad: C:\Program Files (x86)\Steam\Steam.exe

Berichts-ID: 67e719c3-1279-11e5-85ce-e81132d93976

Error: (06/14/2015 00:01:50 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (06/13/2015 01:35:32 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (06/11/2015 08:14:06 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (06/10/2015 08:40:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: atieclxx.exe, Version: 6.14.11.1143, Zeitstempel: 0x5154efc9
Name des fehlerhaften Moduls: atieclxx.exe, Version: 6.14.11.1143, Zeitstempel: 0x5154efc9
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000002ea19
ID des fehlerhaften Prozesses: 0x108c
Startzeit der fehlerhaften Anwendung: 0xatieclxx.exe0
Pfad der fehlerhaften Anwendung: atieclxx.exe1
Pfad des fehlerhaften Moduls: atieclxx.exe2
Berichtskennung: atieclxx.exe3

Error: (05/25/2015 09:16:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: TuneUpSystemStatusCheck.exe, Version: 13.0.2013.194, Zeitstempel: 0x5056f399
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00002070
ID des fehlerhaften Prozesses: 0x1580
Startzeit der fehlerhaften Anwendung: 0xTuneUpSystemStatusCheck.exe0
Pfad der fehlerhaften Anwendung: TuneUpSystemStatusCheck.exe1
Pfad des fehlerhaften Moduls: TuneUpSystemStatusCheck.exe2
Berichtskennung: TuneUpSystemStatusCheck.exe3

Error: (05/18/2015 08:21:48 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddWin32ServiceFiles: Unable to back up image of service Update Edu App since QueryServiceConfig API failed

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (05/17/2015 08:08:16 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "RegSetValueExW(0x0000029c,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,00000000030AEDF0.72)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.

Error: (05/17/2015 08:08:16 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "RegSetValueExW(0x00000500,(null),0,REG_BINARY,0000000002D4DF70.72)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.


Vorgang:
  BackupShutdown-Ereignis

Kontext:
  Ausführungskontext: Writer
  Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
  Generatorname: System Writer
  Generatorinstanz-ID: {130076cd-72ab-48d4-9561-72eb9e14f473}

Error: (05/17/2015 08:08:16 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "RegSetValueExW(0x0000063c,(null),0,REG_BINARY,00000000020EE2B0.72)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.


Vorgang:
  BackupShutdown-Ereignis

Kontext:
  Ausführungskontext: Writer
  Generatorklassen-ID: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
  Generatorname: WMI Writer
  Generatorinstanz-ID: {c556a64c-57ca-442a-a325-e14aa300e0a4}


System errors:
=============
Error: (06/29/2015 06:30:29 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (06/29/2015 06:30:28 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Live ID Sign-in Assistant" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (06/29/2015 06:29:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Modules Installer" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (06/29/2015 06:29:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (06/29/2015 06:29:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "SQL Server (SQLEXPRESS)" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (06/29/2015 06:29:56 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Druckwarteschlange" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (06/29/2015 06:29:56 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Live ID Sign-in Assistant" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (06/29/2015 06:29:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "TuneUp Utilities Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (06/29/2015 06:29:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "PnkBstrA" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (06/29/2015 06:29:55 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "AMD FUEL Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


Microsoft Office:
=========================
Error: (06/14/2015 11:42:00 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Steam.exe2.81.34.6126401d0a685ec635dd40C:\Program Files (x86)\Steam\Steam.exe67e719c3-1279-11e5-85ce-e81132d93976

Error: (06/14/2015 00:01:50 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\program files (x86)\common files\adobe air\Versions\1.0\Adobe AIR.dllc:\program files (x86)\common files\adobe air\Versions\1.0\Adobe AIR.dll3

Error: (06/13/2015 01:35:32 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\program files (x86)\common files\adobe air\Versions\1.0\Adobe AIR.dllc:\program files (x86)\common files\adobe air\Versions\1.0\Adobe AIR.dll3

Error: (06/11/2015 08:14:06 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\program files (x86)\common files\adobe air\Versions\1.0\Adobe AIR.dllc:\program files (x86)\common files\adobe air\Versions\1.0\Adobe AIR.dll3

Error: (06/10/2015 08:40:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: atieclxx.exe6.14.11.11435154efc9atieclxx.exe6.14.11.11435154efc9c0000005000000000002ea19108c01d0a3ace73c4920C:\windows\system32\atieclxx.exeC:\windows\system32\atieclxx.exe25cfb97a-0fa0-11e5-beb3-e81132d93976

Error: (05/25/2015 09:16:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: TuneUpSystemStatusCheck.exe13.0.2013.1945056f399unknown0.0.0.000000000c000000500002070158001d096baab557310C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpSystemStatusCheck.exeunknownf17e1d07-02ad-11e5-ae55-e81132d93976

Error: (05/18/2015 08:21:48 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service Update Edu App since QueryServiceConfig API failed

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (05/17/2015 08:08:16 PM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x0000029c,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,00000000030AEDF0.72)0x80070005, Zugriff verweigert

Error: (05/17/2015 08:08:16 PM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x00000500,(null),0,REG_BINARY,0000000002D4DF70.72)0x80070005, Zugriff verweigert


Vorgang:
  BackupShutdown-Ereignis

Kontext:
  Ausführungskontext: Writer
  Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
  Generatorname: System Writer
  Generatorinstanz-ID: {130076cd-72ab-48d4-9561-72eb9e14f473}

Error: (05/17/2015 08:08:16 PM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x0000063c,(null),0,REG_BINARY,00000000020EE2B0.72)0x80070005, Zugriff verweigert


Vorgang:
  BackupShutdown-Ereignis

Kontext:
  Ausführungskontext: Writer
  Generatorklassen-ID: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
  Generatorname: WMI Writer
  Generatorinstanz-ID: {c556a64c-57ca-442a-a325-e14aa300e0a4}


CodeIntegrity Errors:
===================================
  Date: 2015-05-17 18:58:14.829
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-17 18:58:14.735
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-17 18:58:05.102
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-17 18:58:05.008
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-17 18:58:02.696
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-17 18:58:02.586
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-17 18:58:01.652
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-17 18:58:01.558
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-17 18:57:48.140
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-17 18:57:48.046
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Processor: AMD A6-3410MX APU with Radeon(tm) HD Graphics
Percentage of memory in use: 32%
Total physical RAM: 5611.75 MB
Available physical RAM: 3791.96 MB
Total Pagefile: 11221.7 MB
Available Pagefile: 9165.14 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:230 GB) (Free:68.41 GB) NTFS
Drive d: () (Fixed) (Total:342.9 GB) (Free:69.11 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 596.2 GB) (Disk ID: C469F6B2)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=230 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=342.9 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=23.2 GB) - (Type=27)

==================== End of log ============================
--- --- ---

marvin1105 29.06.2015 18:40
Code:
19:34:34.0999 0x0c50  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
19:34:38.0381 0x0c50  ============================================================
19:34:38.0381 0x0c50  Current date / time: 2015/06/29 19:34:38.0381
19:34:38.0381 0x0c50  SystemInfo:
19:34:38.0381 0x0c50 
19:34:38.0381 0x0c50  OS Version: 6.1.7601 ServicePack: 1.0
19:34:38.0381 0x0c50  Product type: Workstation
19:34:38.0381 0x0c50  ComputerName: MARVIN-PC
19:34:38.0382 0x0c50  UserName: Marvin
19:34:38.0382 0x0c50  Windows directory: C:\windows
19:34:38.0382 0x0c50  System windows directory: C:\windows
19:34:38.0382 0x0c50  Running under WOW64
19:34:38.0382 0x0c50  Processor architecture: Intel x64
19:34:38.0382 0x0c50  Number of processors: 4
19:34:38.0382 0x0c50  Page size: 0x1000
19:34:38.0382 0x0c50  Boot type: Normal boot
19:34:38.0382 0x0c50  ============================================================
19:34:38.0576 0x0c50  KLMD registered as C:\windows\system32\drivers\60007355.sys
19:34:38.0904 0x0c50  System UUID: {04BC9994-7AC8-1D8A-AC77-D5159D9E20F4}
19:34:39.0517 0x0c50  Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 ( 596.17 Gb ), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:34:39.0522 0x0c50  ============================================================
19:34:39.0522 0x0c50  \Device\Harddisk0\DR0:
19:34:39.0523 0x0c50  MBR partitions:
19:34:39.0523 0x0c50  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
19:34:39.0523 0x0c50  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1CC00000
19:34:39.0546 0x0c50  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1CC33000, BlocksNum 0x2ADCC800
19:34:39.0546 0x0c50  ============================================================
19:34:39.0599 0x0c50  C: <-> \Device\Harddisk0\DR0\Partition2
19:34:39.0639 0x0c50  D: <-> \Device\Harddisk0\DR0\Partition3
19:34:39.0639 0x0c50  ============================================================
19:34:39.0639 0x0c50  Initialize success
19:34:39.0639 0x0c50  ============================================================
19:35:01.0777 0x0cd4  ============================================================
19:35:01.0777 0x0cd4  Scan started
19:35:01.0777 0x0cd4  Mode: Manual;
19:35:01.0777 0x0cd4  ============================================================
19:35:01.0777 0x0cd4  KSN ping started
19:35:04.0176 0x0cd4  KSN ping finished: true
19:35:04.0926 0x0cd4  ================ Scan system memory ========================
19:35:04.0926 0x0cd4  System memory - ok
19:35:04.0926 0x0cd4  ================ Scan services =============================
19:35:05.0126 0x0cd4  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\windows\system32\drivers\1394ohci.sys
19:35:05.0134 0x0cd4  1394ohci - ok
19:35:05.0193 0x0cd4  [ A3769020F7E8A70FD3E824C050F33306, BAAB18DD28C753EC90E9552BD5FFC316AD8815505A7998BCE51D21448B373D86 ] acedrv11        C:\windows\system32\drivers\acedrv11.sys
19:35:05.0199 0x0cd4  acedrv11 - ok
19:35:05.0237 0x0cd4  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\windows\system32\drivers\ACPI.sys
19:35:05.0247 0x0cd4  ACPI - ok
19:35:05.0285 0x0cd4  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi        C:\windows\system32\drivers\acpipmi.sys
19:35:05.0286 0x0cd4  AcpiPmi - ok
19:35:05.0386 0x0cd4  [ C004F38974F4D321B4C20A240E1175C0, FCCABDF4397AC56D5AE794584384039BAFD3B67FD47C56F4F9491C9175C60763 ] AdobeActiveFileMonitor9.0 C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
19:35:05.0392 0x0cd4  AdobeActiveFileMonitor9.0 - ok
19:35:05.0444 0x0cd4  [ 4C72FDD915D62EAEF149BD9C73AB9CF4, 8EA45A1B88DFD819F0ADA3AF36D464E1BF52574269592370E0CC8D0490680E1F ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:35:05.0447 0x0cd4  AdobeARMservice - ok
19:35:05.0613 0x0cd4  [ 6259A5B669AE018A5E53247259A101C3, 1CD2102FAF1DCEB6B8278D098A7C1A85ED6D6E5DCF7F70E0E9A5166B67C8D057 ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:35:05.0621 0x0cd4  AdobeFlashPlayerUpdateSvc - ok
19:35:05.0680 0x0cd4  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx        C:\windows\system32\drivers\adp94xx.sys
19:35:05.0696 0x0cd4  adp94xx - ok
19:35:05.0749 0x0cd4  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci        C:\windows\system32\drivers\adpahci.sys
19:35:05.0759 0x0cd4  adpahci - ok
19:35:05.0804 0x0cd4  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320        C:\windows\system32\drivers\adpu320.sys
19:35:05.0810 0x0cd4  adpu320 - ok
19:35:05.0854 0x0cd4  [ 83BFCCAC53795E8A5055A93672D0C46C, B2B03473D950A5BA9DE59D81E7B14C1FAFF17B2A4D8A5808588F5CC21D63B291 ] AeLookupSvc    C:\windows\System32\aelupsvc.dll
19:35:05.0857 0x0cd4  AeLookupSvc - ok
19:35:05.0910 0x0cd4  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD            C:\windows\system32\drivers\afd.sys
19:35:05.0934 0x0cd4  AFD - ok
19:35:05.0981 0x0cd4  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\windows\system32\drivers\agp440.sys
19:35:05.0983 0x0cd4  agp440 - ok
19:35:06.0017 0x0cd4  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG            C:\windows\System32\alg.exe
19:35:06.0020 0x0cd4  ALG - ok
19:35:06.0060 0x0cd4  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\windows\system32\drivers\aliide.sys
19:35:06.0061 0x0cd4  aliide - ok
19:35:06.0103 0x0cd4  [ 310F86335B0505DDC6D2DD48E66EF06B, 936273CA046B3AE0944E6C1557CECB2A0C61D034977BBB9FACBE062617CF3A2C ] AMD External Events Utility C:\windows\system32\atiesrxx.exe
19:35:06.0110 0x0cd4  AMD External Events Utility - ok
19:35:06.0210 0x0cd4  AMD FUEL Service - ok
19:35:06.0230 0x0cd4  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\windows\system32\drivers\amdide.sys
19:35:06.0231 0x0cd4  amdide - ok
19:35:06.0264 0x0cd4  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8          C:\windows\system32\drivers\amdk8.sys
19:35:06.0267 0x0cd4  AmdK8 - ok
19:35:06.0892 0x0cd4  [ 79CC9BE187E3144E1B58A54B842475E7, 89DD3177B5CE649AC0093603CE13FBFD93AC24F8E16C52672549110141106F4A ] amdkmdag        C:\windows\system32\DRIVERS\atikmdag.sys
19:35:07.0341 0x0cd4  amdkmdag - ok
19:35:07.0418 0x0cd4  [ 07561D3B7FD99F6E186C49C2D0628E38, D2D72EB45EAD29A3099C040E99A4F1F4902D3BDC0466800C63ECD33343DC1224 ] amdkmdap        C:\windows\system32\DRIVERS\atikmpag.sys
19:35:07.0438 0x0cd4  amdkmdap - ok
19:35:07.0494 0x0cd4  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\windows\system32\DRIVERS\amdppm.sys
19:35:07.0496 0x0cd4  AmdPPM - ok
19:35:07.0541 0x0cd4  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata        C:\windows\system32\drivers\amdsata.sys
19:35:07.0544 0x0cd4  amdsata - ok
19:35:07.0568 0x0cd4  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\windows\system32\drivers\amdsbs.sys
19:35:07.0575 0x0cd4  amdsbs - ok
19:35:07.0607 0x0cd4  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata        C:\windows\system32\drivers\amdxata.sys
19:35:07.0608 0x0cd4  amdxata - ok
19:35:07.0628 0x0cd4  [ 2FBB00A7616106B95104574C6CD640C2, 06DE79B42EBBBBA01DAB289D4280E131D780066CD7E4499229CD5EB1E597A017 ] amd_sata        C:\windows\system32\DRIVERS\amd_sata.sys
19:35:07.0631 0x0cd4  amd_sata - ok
19:35:07.0645 0x0cd4  [ 87D0D7645CB0D53220649BD5FE15D93E, 195B25BC640BE5D802F530FAA68D3325A6C076DE8A7E56833372C3B2B53B673B ] amd_xata        C:\windows\system32\DRIVERS\amd_xata.sys
19:35:07.0647 0x0cd4  amd_xata - ok
19:35:07.0667 0x0cd4  [ 5A528A540B1AEE8B1C77ED65094E8CDF, 6E3DE68E630B81425056AB58E64721DD41F56491DD2D281CBB86AA7EF9CAD0E0 ] AODDriver4.2    C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
19:35:07.0669 0x0cd4  AODDriver4.2 - ok
19:35:07.0697 0x0cd4  [ 4542CC17440E85D2D2D73A7D40FAED0A, F157F9A137DEACFC5A1A982265F5CE05A79C0CF8F13291773E2351BEFCB94E08 ] Apowersoft_AudioDevice C:\windows\system32\drivers\Apowersoft_AudioDevice.sys
19:35:07.0698 0x0cd4  Apowersoft_AudioDevice - ok
19:35:07.0740 0x0cd4  [ 90C53BD47979FB8814F465A08B885102, 5EDFC1909FC1FF9133A534DFCC5408CF3A777AC41FB21FAD375436E3D86C02EC ] AppID          C:\windows\system32\drivers\appid.sys
19:35:07.0743 0x0cd4  AppID - ok
19:35:07.0768 0x0cd4  [ 72D4757510FDA69D729169C00AFC211E, FB9686D0D94EE7C19A3994C29E8331A6EC3020B2980B2CC75F72F3AB25512C15 ] AppIDSvc        C:\windows\System32\appidsvc.dll
19:35:07.0772 0x0cd4  AppIDSvc - ok
19:35:07.0844 0x0cd4  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo        C:\windows\System32\appinfo.dll
19:35:07.0846 0x0cd4  Appinfo - ok
19:35:07.0952 0x0cd4  [ 612CB66D93ED0F2F21BB109840C7D813, 75484123DA27B8942B13148FCF061C75A08A50386A095143736B593E9C772173 ] Apple Mobile Device Service C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:35:07.0955 0x0cd4  Apple Mobile Device Service - ok
19:35:07.0995 0x0cd4  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc            C:\windows\system32\drivers\arc.sys
19:35:08.0000 0x0cd4  arc - ok
19:35:08.0044 0x0cd4  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\windows\system32\drivers\arcsas.sys
19:35:08.0048 0x0cd4  arcsas - ok
19:35:08.0136 0x0cd4  [ F15AB80B867D3332D5DDFB0A05B9CE04, 5A16577106246AB5DCC04FE0A0B00B7C5702557B75F958721E4C00383AB99809 ] aspnet_state    C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
19:35:08.0140 0x0cd4  aspnet_state - ok
19:35:08.0165 0x0cd4  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\windows\system32\DRIVERS\asyncmac.sys
19:35:08.0166 0x0cd4  AsyncMac - ok
19:35:08.0200 0x0cd4  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi          C:\windows\system32\drivers\atapi.sys
19:35:08.0201 0x0cd4  atapi - ok
19:35:08.0372 0x0cd4  [ 3D68A1EEF77307142636AF5127990BCB, 30926B2E1371287FF39C69C363BE4FAC67C558867D903C555A12316D303A43E8 ] athr            C:\windows\system32\DRIVERS\athrx.sys
19:35:08.0475 0x0cd4  athr - ok
19:35:08.0521 0x0cd4  [ ED3A041014FBBFDC23D6C04F9C7A5D79, A039D8F4C0EA2101898A253E13DFED5FA8500C412ACC47835415E27C9BD068FF ] AtiHDAudioService C:\windows\system32\drivers\AtihdW76.sys
19:35:08.0524 0x0cd4  AtiHDAudioService - ok
19:35:08.0588 0x0cd4  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
19:35:08.0613 0x0cd4  AudioEndpointBuilder - ok
19:35:08.0653 0x0cd4  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv        C:\windows\System32\Audiosrv.dll
19:35:08.0690 0x0cd4  AudioSrv - ok
19:35:08.0727 0x0cd4  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\windows\System32\AxInstSV.dll
19:35:08.0731 0x0cd4  AxInstSV - ok
19:35:08.0780 0x0cd4  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv        C:\windows\system32\drivers\bxvbda.sys
19:35:08.0806 0x0cd4  b06bdrv - ok
19:35:08.0843 0x0cd4  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\windows\system32\DRIVERS\b57nd60a.sys
19:35:08.0852 0x0cd4  b57nd60a - ok
19:35:08.0865 0x0cd4  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\windows\System32\bdesvc.dll
19:35:08.0869 0x0cd4  BDESVC - ok
19:35:08.0895 0x0cd4  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\windows\system32\drivers\Beep.sys
19:35:08.0897 0x0cd4  Beep - ok
19:35:08.0951 0x0cd4  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE            C:\windows\System32\bfe.dll
19:35:08.0987 0x0cd4  BFE - ok
19:35:09.0051 0x0cd4  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\windows\System32\qmgr.dll
19:35:09.0079 0x0cd4  BITS - ok
19:35:09.0093 0x0cd4  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\windows\system32\DRIVERS\blbdrive.sys
19:35:09.0095 0x0cd4  blbdrive - ok
19:35:09.0155 0x0cd4  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
19:35:09.0180 0x0cd4  Bonjour Service - ok
19:35:09.0215 0x0cd4  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\windows\system32\DRIVERS\bowser.sys
19:35:09.0219 0x0cd4  bowser - ok
19:35:09.0248 0x0cd4  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\windows\system32\drivers\BrFiltLo.sys
19:35:09.0249 0x0cd4  BrFiltLo - ok
19:35:09.0269 0x0cd4  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\windows\system32\drivers\BrFiltUp.sys
19:35:09.0270 0x0cd4  BrFiltUp - ok
19:35:09.0311 0x0cd4  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser        C:\windows\System32\browser.dll
19:35:09.0316 0x0cd4  Browser - ok
19:35:09.0347 0x0cd4  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid        C:\windows\System32\Drivers\Brserid.sys
19:35:09.0356 0x0cd4  Brserid - ok
19:35:09.0378 0x0cd4  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\windows\System32\Drivers\BrSerWdm.sys
19:35:09.0380 0x0cd4  BrSerWdm - ok
19:35:09.0402 0x0cd4  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\windows\System32\Drivers\BrUsbMdm.sys
19:35:09.0403 0x0cd4  BrUsbMdm - ok
19:35:09.0424 0x0cd4  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\windows\System32\Drivers\BrUsbSer.sys
19:35:09.0426 0x0cd4  BrUsbSer - ok
19:35:09.0478 0x0cd4  [ 9D95F74875491CECBF9E10A5936A570E, 55BDA43FB0C0623CFB7899D0A42BA6696A0A314F9DB5D0EC27A606C2AD9AF34C ] BtFilter        C:\windows\system32\DRIVERS\btfilter.sys
19:35:09.0493 0x0cd4  BtFilter - ok
19:35:09.0542 0x0cd4  [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum        C:\windows\system32\drivers\BthEnum.sys
19:35:09.0544 0x0cd4  BthEnum - ok
19:35:09.0571 0x0cd4  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\windows\system32\drivers\bthmodem.sys
19:35:09.0574 0x0cd4  BTHMODEM - ok
19:35:09.0619 0x0cd4  [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan          C:\windows\system32\DRIVERS\bthpan.sys
19:35:09.0623 0x0cd4  BthPan - ok
19:35:09.0667 0x0cd4  [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT        C:\windows\System32\Drivers\BTHport.sys
19:35:09.0692 0x0cd4  BTHPORT - ok
19:35:09.0754 0x0cd4  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv        C:\windows\system32\bthserv.dll
19:35:09.0757 0x0cd4  bthserv - ok
19:35:09.0777 0x0cd4  [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB          C:\windows\System32\Drivers\BTHUSB.sys
19:35:09.0780 0x0cd4  BTHUSB - ok
19:35:09.0821 0x0cd4  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\windows\system32\DRIVERS\cdfs.sys
19:35:09.0824 0x0cd4  cdfs - ok
19:35:09.0845 0x0cd4  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom          C:\windows\system32\DRIVERS\cdrom.sys
19:35:09.0850 0x0cd4  cdrom - ok
19:35:09.0867 0x0cd4  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc    C:\windows\System32\certprop.dll
19:35:09.0870 0x0cd4  CertPropSvc - ok
19:35:09.0902 0x0cd4  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\windows\system32\drivers\circlass.sys
19:35:09.0905 0x0cd4  circlass - ok
19:35:09.0961 0x0cd4  [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS            C:\windows\system32\CLFS.sys
19:35:09.0973 0x0cd4  CLFS - ok
19:35:10.0067 0x0cd4  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:35:10.0070 0x0cd4  clr_optimization_v2.0.50727_32 - ok
19:35:10.0130 0x0cd4  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:35:10.0144 0x0cd4  clr_optimization_v2.0.50727_64 - ok
19:35:10.0249 0x0cd4  [ F5AB4D2E36625F355E81539239765107, 48E6AD65EEFD6C54F938F5753EF58377CDA77ADBB41CD8635F0040D61EFB92A4 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:35:10.0253 0x0cd4  clr_optimization_v4.0.30319_32 - ok
19:35:10.0292 0x0cd4  [ 9ACBE5EC13C2CC95833BFB7636CA8B1A, 6224DA9FB335D2A8374C60B8DEA539DD3A0E43230DB888B137B71A56EC57D6AF ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:35:10.0297 0x0cd4  clr_optimization_v4.0.30319_64 - ok
19:35:10.0330 0x0cd4  [ 50F92C943F18B070F166D019DFAB3D9A, A997EAFFC1598B1D0A9E1A4475F25418CA8AA6B703B53A71B1AF028E247C9950 ] clwvd          C:\windows\system32\DRIVERS\clwvd.sys
19:35:10.0331 0x0cd4  clwvd - ok
19:35:10.0348 0x0cd4  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\windows\system32\DRIVERS\CmBatt.sys
19:35:10.0349 0x0cd4  CmBatt - ok
19:35:10.0383 0x0cd4  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\windows\system32\drivers\cmdide.sys
19:35:10.0384 0x0cd4  cmdide - ok
19:35:10.0431 0x0cd4  [ 27667A788130A7F7A5858DE27572E6D7, 5501D80BCCB7A811ECCED3828DFD0A5D948BBED8504E9BCC4A3BFB840DD41CBC ] CNG            C:\windows\system32\Drivers\cng.sys
19:35:10.0445 0x0cd4  CNG - ok
19:35:10.0485 0x0cd4  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\windows\system32\DRIVERS\compbatt.sys
19:35:10.0487 0x0cd4  Compbatt - ok
19:35:10.0499 0x0cd4  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\windows\system32\DRIVERS\CompositeBus.sys
19:35:10.0503 0x0cd4  CompositeBus - ok
19:35:10.0509 0x0cd4  COMSysApp - ok
19:35:10.0573 0x0cd4  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk        C:\windows\system32\drivers\crcdisk.sys
19:35:10.0574 0x0cd4  crcdisk - ok
19:35:10.0624 0x0cd4  [ 1CD76A83B9E8E9A5A3519B39E28354D9, F9931743B99820FFBFB13136DFFD92F86802D543F9D8478648CDC554FB38899D ] CryptSvc        C:\windows\system32\cryptsvc.dll
19:35:10.0635 0x0cd4  CryptSvc - ok
19:35:10.0724 0x0cd4  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\windows\system32\rpcss.dll
19:35:10.0743 0x0cd4  DcomLaunch - ok
19:35:10.0788 0x0cd4  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc      C:\windows\System32\defragsvc.dll
19:35:10.0798 0x0cd4  defragsvc - ok
19:35:10.0856 0x0cd4  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\windows\system32\Drivers\dfsc.sys
19:35:10.0860 0x0cd4  DfsC - ok
19:35:10.0894 0x0cd4  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\windows\system32\dhcpcore.dll
19:35:10.0914 0x0cd4  Dhcp - ok
19:35:11.0027 0x0cd4  [ AA5319FA8602676B5D3A2B4A1355896D, 57532E16FF0DDE3D62B6B6DC35E2598DD453140E9277247965A1E835645E588A ] DiagTrack      C:\windows\system32\diagtrack.dll
19:35:11.0067 0x0cd4  DiagTrack - ok
19:35:11.0091 0x0cd4  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\windows\system32\drivers\discache.sys
19:35:11.0093 0x0cd4  discache - ok
19:35:11.0102 0x0cd4  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\windows\system32\drivers\disk.sys
19:35:11.0105 0x0cd4  Disk - ok
19:35:11.0138 0x0cd4  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\windows\System32\dnsrslvr.dll
19:35:11.0145 0x0cd4  Dnscache - ok
19:35:11.0179 0x0cd4  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc        C:\windows\System32\dot3svc.dll
19:35:11.0192 0x0cd4  dot3svc - ok
19:35:11.0220 0x0cd4  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS            C:\windows\system32\dps.dll
19:35:11.0226 0x0cd4  DPS - ok
19:35:11.0260 0x0cd4  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud        C:\windows\system32\drivers\drmkaud.sys
19:35:11.0260 0x0cd4  drmkaud - ok
19:35:11.0303 0x0cd4  [ 6A0E850DDCB136AA3D2FB7234382DF12, C01863E95F45E1B74AC65C9CD12C8DC769299218255B3C94E3EBF58C4D79FEF3 ] dtsoftbus01    C:\windows\system32\DRIVERS\dtsoftbus01.sys
19:35:11.0312 0x0cd4  dtsoftbus01 - ok
19:35:11.0381 0x0cd4  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl        C:\windows\System32\drivers\dxgkrnl.sys
19:35:11.0423 0x0cd4  DXGKrnl - ok
19:35:11.0479 0x0cd4  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost        C:\windows\System32\eapsvc.dll
19:35:11.0484 0x0cd4  EapHost - ok
19:35:11.0668 0x0cd4  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv          C:\windows\system32\drivers\evbda.sys
19:35:11.0795 0x0cd4  ebdrv - ok
19:35:11.0870 0x0cd4  [ 17A6A9AAD04CCC6EE53290585BFC43AF, E4901D86C6470D21ABA0F6D9615A613E5C74A3FEF931E497F51B6AFA5715332B ] EFS            C:\windows\System32\lsass.exe
19:35:11.0873 0x0cd4  EFS - ok
19:35:11.0948 0x0cd4  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr        C:\windows\ehome\ehRecvr.exe
19:35:11.0974 0x0cd4  ehRecvr - ok
19:35:12.0031 0x0cd4  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched        C:\windows\ehome\ehsched.exe
19:35:12.0036 0x0cd4  ehSched - ok
19:35:12.0084 0x0cd4  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor        C:\windows\system32\drivers\elxstor.sys
19:35:12.0101 0x0cd4  elxstor - ok
19:35:12.0153 0x0cd4  [ 20ECD0A490A121CB34F553FAD1DBBD39, 17C9DA33E78FBC7582B0AA53C611929B80FBBE1343B84A179D515B51C964D218 ] EpsonScanSvc    C:\windows\system32\EscSvc64.exe
19:35:12.0158 0x0cd4  EpsonScanSvc - ok
19:35:12.0177 0x0cd4  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\windows\system32\drivers\errdev.sys
19:35:12.0179 0x0cd4  ErrDev - ok
19:35:12.0240 0x0cd4  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem    C:\windows\system32\es.dll
19:35:12.0253 0x0cd4  EventSystem - ok
19:35:12.0282 0x0cd4  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat          C:\windows\system32\drivers\exfat.sys
19:35:12.0288 0x0cd4  exfat - ok
19:35:12.0329 0x0cd4  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat        C:\windows\system32\drivers\fastfat.sys
19:35:12.0342 0x0cd4  fastfat - ok
19:35:12.0401 0x0cd4  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax            C:\windows\system32\fxssvc.exe
19:35:12.0438 0x0cd4  Fax - ok
19:35:12.0471 0x0cd4  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc            C:\windows\system32\drivers\fdc.sys
19:35:12.0472 0x0cd4  fdc - ok
19:35:12.0493 0x0cd4  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost        C:\windows\system32\fdPHost.dll
19:35:12.0495 0x0cd4  fdPHost - ok
19:35:12.0515 0x0cd4  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\windows\system32\fdrespub.dll
19:35:12.0517 0x0cd4  FDResPub - ok
19:35:12.0541 0x0cd4  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\windows\system32\drivers\fileinfo.sys
19:35:12.0544 0x0cd4  FileInfo - ok
19:35:12.0564 0x0cd4  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace      C:\windows\system32\drivers\filetrace.sys
19:35:12.0567 0x0cd4  Filetrace - ok
19:35:12.0587 0x0cd4  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\windows\system32\drivers\flpydisk.sys
19:35:12.0590 0x0cd4  flpydisk - ok
19:35:12.0624 0x0cd4  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\windows\system32\drivers\fltmgr.sys
19:35:12.0641 0x0cd4  FltMgr - ok
19:35:12.0757 0x0cd4  [ E612E86FA15EA1EF9A52433A2743C447, 8A66164541D2EE2334B6DE3995C31138EA85E3A06BC7FD901E60D345E4E1E8A8 ] FontCache      C:\windows\system32\FntCache.dll
19:35:12.0818 0x0cd4  FontCache - ok
19:35:12.0880 0x0cd4  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:35:12.0882 0x0cd4  FontCache3.0.0.0 - ok
19:35:12.0904 0x0cd4  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends      C:\windows\system32\drivers\FsDepends.sys
19:35:12.0906 0x0cd4  FsDepends - ok
19:35:12.0943 0x0cd4  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\windows\system32\drivers\Fs_Rec.sys
19:35:12.0945 0x0cd4  Fs_Rec - ok
19:35:12.0974 0x0cd4  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\windows\system32\DRIVERS\fvevol.sys
19:35:12.0981 0x0cd4  fvevol - ok
19:35:13.0005 0x0cd4  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\windows\system32\drivers\gagp30kx.sys
19:35:13.0010 0x0cd4  gagp30kx - ok
19:35:13.0042 0x0cd4  [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM    C:\windows\system32\DRIVERS\GEARAspiWDM.sys
19:35:13.0044 0x0cd4  GEARAspiWDM - ok
19:35:13.0076 0x0cd4  [ 022807B149127B8FAA3DBEB13A7D9B41, 0D871B7AC3FB37BB5664C0DFE3D4084FB1457BF4FD9E1C338F3CB2F0801EEBD2 ] GenericMount    C:\windows\system32\DRIVERS\GenericMount.sys
19:35:13.0080 0x0cd4  GenericMount - ok
19:35:13.0157 0x0cd4  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc          C:\windows\System32\gpsvc.dll
19:35:13.0182 0x0cd4  gpsvc - ok
19:35:13.0291 0x0cd4  [ E1B44A75947137F4143308D566889837, EC7E883E7AF38BF3AC0AC513CFDE0186038443E9ACC7AD616EE6BD0EC09AACB9 ] gupdate        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:35:13.0295 0x0cd4  gupdate - ok
19:35:13.0305 0x0cd4  [ E1B44A75947137F4143308D566889837, EC7E883E7AF38BF3AC0AC513CFDE0186038443E9ACC7AD616EE6BD0EC09AACB9 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:35:13.0309 0x0cd4  gupdatem - ok
19:35:13.0345 0x0cd4  [ 1E6438D4EA6E1174A3B3B1EDC4DE660B, F9995CFEC7BBFE10B06EEE04CA6B49658275C43096E57747BFF9C2C31A0F9011 ] hamachi        C:\windows\system32\DRIVERS\hamachi.sys
19:35:13.0347 0x0cd4  hamachi - ok
19:35:13.0385 0x0cd4  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\windows\system32\drivers\hcw85cir.sys
19:35:13.0387 0x0cd4  hcw85cir - ok
19:35:13.0421 0x0cd4  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
19:35:13.0443 0x0cd4  HdAudAddService - ok
19:35:13.0504 0x0cd4  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\windows\system32\DRIVERS\HDAudBus.sys
19:35:13.0508 0x0cd4  HDAudBus - ok
19:35:13.0531 0x0cd4  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt        C:\windows\system32\drivers\HidBatt.sys
19:35:13.0533 0x0cd4  HidBatt - ok
19:35:13.0550 0x0cd4  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\windows\system32\drivers\hidbth.sys
19:35:13.0554 0x0cd4  HidBth - ok
19:35:13.0573 0x0cd4  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr          C:\windows\system32\drivers\hidir.sys
19:35:13.0575 0x0cd4  HidIr - ok
19:35:13.0612 0x0cd4  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv        C:\windows\system32\hidserv.dll
19:35:13.0617 0x0cd4  hidserv - ok
19:35:13.0659 0x0cd4  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\windows\system32\DRIVERS\hidusb.sys
19:35:13.0662 0x0cd4  HidUsb - ok
19:35:13.0710 0x0cd4  [ 258DE302160DEEAFAB4453BB292CCF8F, A4333211D7B7FF8FAA630F5BA409564DC5C94E700E2AF59401D7E5BDE6B839EC ] hitmanpro37    C:\windows\system32\drivers\hitmanpro37.sys
19:35:13.0712 0x0cd4  hitmanpro37 - ok
19:35:13.0745 0x0cd4  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\windows\system32\kmsvc.dll
19:35:13.0749 0x0cd4  hkmsvc - ok
19:35:13.0779 0x0cd4  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\windows\system32\ListSvc.dll
19:35:13.0798 0x0cd4  HomeGroupListener - ok
19:35:13.0865 0x0cd4  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\windows\system32\provsvc.dll
19:35:13.0881 0x0cd4  HomeGroupProvider - ok
19:35:13.0950 0x0cd4  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\windows\system32\drivers\HpSAMD.sys
19:35:13.0953 0x0cd4  HpSAMD - ok
19:35:14.0025 0x0cd4  [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP            C:\windows\system32\drivers\HTTP.sys
19:35:14.0069 0x0cd4  HTTP - ok
19:35:14.0113 0x0cd4  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\windows\system32\drivers\hwpolicy.sys
19:35:14.0114 0x0cd4  hwpolicy - ok
19:35:14.0138 0x0cd4  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\windows\system32\DRIVERS\i8042prt.sys
19:35:14.0141 0x0cd4  i8042prt - ok
19:35:14.0206 0x0cd4  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV        C:\windows\system32\drivers\iaStorV.sys
19:35:14.0232 0x0cd4  iaStorV - ok
19:35:14.0346 0x0cd4  [ 1CF03C69B49ACB70C722DF92755C0C8C, C227850C133F29BB9DED91A26A22AE077FD69629CEF35B67D305F016C4BDAA81 ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
19:35:14.0352 0x0cd4  IDriverT - ok
19:35:14.0435 0x0cd4  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc          C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:35:14.0462 0x0cd4  idsvc - ok
19:35:14.0830 0x0cd4  [ A87261EF1546325B559374F5689CF5BC, 8DE48A8A13A32AAAC54CDDF58F3F61BE3E2802C1D9CA1CA98E57EB0D65FB6002 ] igfx            C:\windows\system32\DRIVERS\igdkmd64.sys
19:35:15.0090 0x0cd4  igfx - ok
19:35:15.0153 0x0cd4  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp          C:\windows\system32\drivers\iirsp.sys
19:35:15.0156 0x0cd4  iirsp - ok
19:35:15.0234 0x0cd4  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\windows\System32\ikeext.dll
19:35:15.0289 0x0cd4  IKEEXT - ok
19:35:15.0497 0x0cd4  [ 65F70696BE5ABC11634FCF96AF7D7896, A1950B4A64B25E8F8FA3F905B61B8EE9FE448B8403D9A3632A7214F90276D17A ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
19:35:15.0633 0x0cd4  IntcAzAudAddService - ok
19:35:15.0700 0x0cd4  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\windows\system32\drivers\intelide.sys
19:35:15.0702 0x0cd4  intelide - ok
19:35:15.0723 0x0cd4  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\windows\system32\drivers\intelppm.sys
19:35:15.0725 0x0cd4  intelppm - ok
19:35:15.0760 0x0cd4  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum      C:\windows\system32\ipbusenum.dll
19:35:15.0766 0x0cd4  IPBusEnum - ok
19:35:15.0823 0x0cd4  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\windows\system32\DRIVERS\ipfltdrv.sys
19:35:15.0827 0x0cd4  IpFilterDriver - ok
19:35:15.0891 0x0cd4  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\windows\System32\iphlpsvc.dll
19:35:15.0930 0x0cd4  iphlpsvc - ok
19:35:15.0974 0x0cd4  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV        C:\windows\system32\drivers\IPMIDrv.sys
19:35:15.0976 0x0cd4  IPMIDRV - ok
19:35:16.0000 0x0cd4  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT          C:\windows\system32\drivers\ipnat.sys
19:35:16.0004 0x0cd4  IPNAT - ok
19:35:16.0102 0x0cd4  [ E61BB95A7CB49696D25A0C4EBD108156, 65D95A0DBC408AD18D5E344A5E875551E6CC044038DE438E4EA1102A234FC529 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
19:35:16.0123 0x0cd4  iPod Service - ok
19:35:16.0144 0x0cd4  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\windows\system32\drivers\irenum.sys
19:35:16.0145 0x0cd4  IRENUM - ok
19:35:16.0173 0x0cd4  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\windows\system32\drivers\isapnp.sys
19:35:16.0175 0x0cd4  isapnp - ok
19:35:16.0226 0x0cd4  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\windows\system32\drivers\msiscsi.sys
19:35:16.0235 0x0cd4  iScsiPrt - ok
19:35:16.0260 0x0cd4  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\windows\system32\DRIVERS\kbdclass.sys
19:35:16.0265 0x0cd4  kbdclass - ok
19:35:16.0290 0x0cd4  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\windows\system32\DRIVERS\kbdhid.sys
19:35:16.0293 0x0cd4  kbdhid - ok
19:35:16.0315 0x0cd4  [ 17A6A9AAD04CCC6EE53290585BFC43AF, E4901D86C6470D21ABA0F6D9615A613E5C74A3FEF931E497F51B6AFA5715332B ] KeyIso          C:\windows\system32\lsass.exe
19:35:16.0317 0x0cd4  KeyIso - ok
19:35:16.0351 0x0cd4  [ BF69D973523D539A35807946C6DA7E16, 38F2C59B0857131961DBEA48C4A5DFA9BE7B564941935086B8DC8DBEF896F3EC ] KSecDD          C:\windows\system32\Drivers\ksecdd.sys
19:35:16.0358 0x0cd4  KSecDD - ok
19:35:16.0386 0x0cd4  [ 272C27711C8AA6E7815EE33F8ACA9C66, 0A5A10A7A3E87DB92E06395A6676B94FE8B7AD6704864075D443CDC9BABDB4DF ] KSecPkg        C:\windows\system32\Drivers\ksecpkg.sys
19:35:16.0391 0x0cd4  KSecPkg - ok
19:35:16.0404 0x0cd4  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk        C:\windows\system32\drivers\ksthunk.sys
19:35:16.0406 0x0cd4  ksthunk - ok
19:35:16.0458 0x0cd4  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm          C:\windows\system32\msdtckrm.dll
19:35:16.0482 0x0cd4  KtmRm - ok
19:35:16.0540 0x0cd4  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\windows\system32\srvsvc.dll
19:35:16.0549 0x0cd4  LanmanServer - ok
19:35:16.0586 0x0cd4  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\windows\System32\wkssvc.dll
19:35:16.0592 0x0cd4  LanmanWorkstation - ok
19:35:16.0614 0x0cd4  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\windows\system32\DRIVERS\lltdio.sys
19:35:16.0619 0x0cd4  lltdio - ok
19:35:16.0672 0x0cd4  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc        C:\windows\System32\lltdsvc.dll
19:35:16.0695 0x0cd4  lltdsvc - ok
19:35:16.0736 0x0cd4  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts        C:\windows\System32\lmhsvc.dll
19:35:16.0739 0x0cd4  lmhosts - ok
19:35:16.0768 0x0cd4  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\windows\system32\drivers\lsi_fc.sys
19:35:16.0772 0x0cd4  LSI_FC - ok
19:35:16.0811 0x0cd4  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS        C:\windows\system32\drivers\lsi_sas.sys
19:35:16.0819 0x0cd4  LSI_SAS - ok
19:35:16.0839 0x0cd4  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\windows\system32\drivers\lsi_sas2.sys
19:35:16.0842 0x0cd4  LSI_SAS2 - ok
19:35:16.0869 0x0cd4  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\windows\system32\drivers\lsi_scsi.sys
19:35:16.0873 0x0cd4  LSI_SCSI - ok
19:35:16.0896 0x0cd4  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv          C:\windows\system32\drivers\luafv.sys
19:35:16.0900 0x0cd4  luafv - ok
19:35:16.0931 0x0cd4  [ 1E9E32AEC3E1EB1B31B8169F33168B56, 39114585E1FDBBA31E1F781C6A627281907183F94626EB347B08D1F78992ED2A ] MBAMProtector  C:\windows\system32\drivers\mbam.sys
19:35:16.0932 0x0cd4  MBAMProtector - ok
19:35:17.0058 0x0cd4  [ 2B983F067AEE3F9EB4DF5E97F45D21D1, 0B9ED0E91FF01A5445927650113E320C3C0EA16F1401AA55A509DDBF704DF22F ] MBAMService    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
19:35:17.0092 0x0cd4  MBAMService - ok
19:35:17.0117 0x0cd4  [ F49FB3C88E263AE9A246593B0BB29294, FB53D6FA4A98B98334DCFF81E40712265256D31A9E9FF36022887BABD50F39EB ] MBAMWebAccessControl C:\windows\system32\drivers\mwac.sys
19:35:17.0120 0x0cd4  MBAMWebAccessControl - ok
19:35:17.0154 0x0cd4  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc        C:\windows\system32\Mcx2Svc.dll
19:35:17.0158 0x0cd4  Mcx2Svc - ok
19:35:17.0194 0x0cd4  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas        C:\windows\system32\drivers\megasas.sys
19:35:17.0197 0x0cd4  megasas - ok
19:35:17.0241 0x0cd4  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\windows\system32\drivers\MegaSR.sys
19:35:17.0249 0x0cd4  MegaSR - ok
19:35:17.0328 0x0cd4  Microsoft SharePoint Workspace Audit Service - ok
19:35:17.0367 0x0cd4  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS          C:\windows\system32\mmcss.dll
19:35:17.0371 0x0cd4  MMCSS - ok
19:35:17.0396 0x0cd4  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem          C:\windows\system32\drivers\modem.sys
19:35:17.0399 0x0cd4  Modem - ok
19:35:17.0425 0x0cd4  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor        C:\windows\system32\DRIVERS\monitor.sys
19:35:17.0428 0x0cd4  monitor - ok
19:35:17.0476 0x0cd4  [ C030F9E822A057C1A7A9BB4EA3E8877E, 2CCEC87DEB972B6B0196A08D3781002929E9107137FE3A61F1626D3BEE26630A ] MotioninJoyXFilter C:\windows\system32\DRIVERS\MijXfilt.sys
19:35:17.0480 0x0cd4  MotioninJoyXFilter - ok
19:35:17.0506 0x0cd4  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\windows\system32\DRIVERS\mouclass.sys
19:35:17.0510 0x0cd4  mouclass - ok
19:35:17.0528 0x0cd4  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\windows\system32\DRIVERS\mouhid.sys
19:35:17.0531 0x0cd4  mouhid - ok
19:35:17.0578 0x0cd4  [ 87BCD1034CBF33537D4D4C251D39BA26, CB9DD235B62B79383F99873D75E26EEA5EE7914CA89E4B75992207F83420437F ] mountmgr        C:\windows\system32\drivers\mountmgr.sys
19:35:17.0585 0x0cd4  mountmgr - ok
19:35:17.0666 0x0cd4  [ 03D14BF1DC59130002F6B8BA3AD89DB9, 1729CCD8AAF51CDB86ED67569974D0B6B1CFFA5F90EF6E6004B0D8A305D88C27 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:35:17.0671 0x0cd4  MozillaMaintenance - ok
19:35:17.0699 0x0cd4  [ 73150F67D20270FF95A021A22E64F28A, A8878DEFBE437FB453F8E9243FB5C787D07AC7415A4475388D479C10417C524F ] MpFilter        C:\windows\system32\DRIVERS\MpFilter.sys
19:35:17.0709 0x0cd4  MpFilter - ok
19:35:17.0762 0x0cd4  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\windows\system32\drivers\mpio.sys
19:35:17.0773 0x0cd4  mpio - ok
19:35:17.0821 0x0cd4  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\windows\system32\drivers\mpsdrv.sys
19:35:17.0824 0x0cd4  mpsdrv - ok
19:35:17.0894 0x0cd4  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\windows\system32\mpssvc.dll
19:35:17.0922 0x0cd4  MpsSvc - ok
19:35:17.0970 0x0cd4  [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV          C:\windows\system32\drivers\mrxdav.sys
19:35:17.0975 0x0cd4  MRxDAV - ok
19:35:18.0003 0x0cd4  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\windows\system32\DRIVERS\mrxsmb.sys
19:35:18.0009 0x0cd4  mrxsmb - ok
19:35:18.0052 0x0cd4  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\windows\system32\DRIVERS\mrxsmb10.sys
19:35:18.0061 0x0cd4  mrxsmb10 - ok
19:35:18.0080 0x0cd4  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\windows\system32\DRIVERS\mrxsmb20.sys
19:35:18.0089 0x0cd4  mrxsmb20 - ok
19:35:18.0125 0x0cd4  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\windows\system32\drivers\msahci.sys
19:35:18.0127 0x0cd4  msahci - ok
19:35:18.0164 0x0cd4  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm          C:\windows\system32\drivers\msdsm.sys
19:35:18.0168 0x0cd4  msdsm - ok
19:35:18.0192 0x0cd4  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC          C:\windows\System32\msdtc.exe
19:35:18.0198 0x0cd4  MSDTC - ok
19:35:18.0247 0x0cd4  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\windows\system32\drivers\Msfs.sys
19:35:18.0250 0x0cd4  Msfs - ok
19:35:18.0276 0x0cd4  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf      C:\windows\System32\drivers\mshidkmdf.sys
19:35:18.0277 0x0cd4  mshidkmdf - ok
19:35:18.0284 0x0cd4  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\windows\system32\drivers\msisadrv.sys
19:35:18.0285 0x0cd4  msisadrv - ok
19:35:18.0326 0x0cd4  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI        C:\windows\system32\iscsiexe.dll
19:35:18.0333 0x0cd4  MSiSCSI - ok
19:35:18.0339 0x0cd4  msiserver - ok
19:35:18.0393 0x0cd4  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV        C:\windows\system32\drivers\MSKSSRV.sys
19:35:18.0394 0x0cd4  MSKSSRV - ok
19:35:18.0554 0x0cd4  [ CE996C1821021ADF8E28E80A54E846A8, 99042E895B6C2EA80F3BA65563A12C8EBA882E3AD6A21DD8E799B0112C75DDD2 ] MsMpSvc        c:\Program Files\Microsoft Security Client\MsMpEng.exe
19:35:18.0557 0x0cd4  MsMpSvc - ok
19:35:18.0590 0x0cd4  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\windows\system32\drivers\MSPCLOCK.sys
19:35:18.0591 0x0cd4  MSPCLOCK - ok
19:35:18.0641 0x0cd4  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM          C:\windows\system32\drivers\MSPQM.sys
19:35:18.0643 0x0cd4  MSPQM - ok
19:35:18.0686 0x0cd4  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC          C:\windows\system32\drivers\MsRPC.sys
19:35:18.0702 0x0cd4  MsRPC - ok
19:35:18.0747 0x0cd4  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\windows\system32\DRIVERS\mssmbios.sys
19:35:18.0748 0x0cd4  mssmbios - ok
19:35:18.0836 0x0cd4  MSSQL$SQLEXPRESS - ok
19:35:18.0906 0x0cd4  [ 7A2A8C975356858EB38466A6B1592E8D, 97C3DFCCBE1BA92EE7E4848993D6F369D543A53344A6512C84EF03E7D737A482 ] MSSQLServerADHelper100 C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
19:35:18.0908 0x0cd4  MSSQLServerADHelper100 - ok
19:35:18.0939 0x0cd4  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE          C:\windows\system32\drivers\MSTEE.sys
19:35:18.0940 0x0cd4  MSTEE - ok
19:35:19.0000 0x0cd4  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\windows\system32\drivers\MTConfig.sys
19:35:19.0003 0x0cd4  MTConfig - ok
19:35:19.0046 0x0cd4  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup            C:\windows\system32\Drivers\mup.sys
19:35:19.0048 0x0cd4  Mup - ok
19:35:19.0122 0x0cd4  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\windows\system32\qagentRT.dll
19:35:19.0150 0x0cd4  napagent - ok
19:35:19.0221 0x0cd4  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP    C:\windows\system32\DRIVERS\nwifi.sys
19:35:19.0231 0x0cd4  NativeWifiP - ok
19:35:19.0312 0x0cd4  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\windows\system32\drivers\ndis.sys
19:35:19.0356 0x0cd4  NDIS - ok
19:35:19.0419 0x0cd4  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap        C:\windows\system32\DRIVERS\ndiscap.sys
19:35:19.0420 0x0cd4  NdisCap - ok
19:35:19.0445 0x0cd4  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\windows\system32\DRIVERS\ndistapi.sys
19:35:19.0502 0x0cd4  NdisTapi - ok
19:35:19.0618 0x0cd4  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio        C:\windows\system32\DRIVERS\ndisuio.sys
19:35:19.0620 0x0cd4  Ndisuio - ok
19:35:19.0632 0x0cd4  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan        C:\windows\system32\DRIVERS\ndiswan.sys
19:35:19.0638 0x0cd4  NdisWan - ok
19:35:19.0675 0x0cd4  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy        C:\windows\system32\drivers\NDProxy.sys
19:35:19.0678 0x0cd4  NDProxy - ok
19:35:19.0721 0x0cd4  [ 6F4607E2333FE21E9E3FF8133A88B35B, F7B7B262D85D03552A8D0F3F91E795B31E3D09020DDA1E3D62A4A3209D916BB6 ] Netaapl        C:\windows\system32\DRIVERS\netaapl64.sys
19:35:19.0722 0x0cd4  Netaapl - ok
19:35:19.0748 0x0cd4  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS        C:\windows\system32\DRIVERS\netbios.sys
19:35:19.0750 0x0cd4  NetBIOS - ok
19:35:19.0777 0x0cd4  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT          C:\windows\system32\DRIVERS\netbt.sys
19:35:19.0786 0x0cd4  NetBT - ok
19:35:19.0828 0x0cd4  [ 17A6A9AAD04CCC6EE53290585BFC43AF, E4901D86C6470D21ABA0F6D9615A613E5C74A3FEF931E497F51B6AFA5715332B ] Netlogon        C:\windows\system32\lsass.exe
19:35:19.0832 0x0cd4  Netlogon - ok
19:35:19.0901 0x0cd4  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\windows\System32\netman.dll
19:35:19.0913 0x0cd4  Netman - ok
19:35:19.0965 0x0cd4  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetMsmqActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:35:19.0974 0x0cd4  NetMsmqActivator - ok
19:35:19.0993 0x0cd4  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetPipeActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:35:20.0002 0x0cd4  NetPipeActivator - ok
19:35:20.0105 0x0cd4  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\windows\System32\netprofm.dll
19:35:20.0121 0x0cd4  netprofm - ok
19:35:20.0132 0x0cd4  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:35:20.0137 0x0cd4  NetTcpActivator - ok
19:35:20.0147 0x0cd4  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:35:20.0152 0x0cd4  NetTcpPortSharing - ok
19:35:20.0209 0x0cd4  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960        C:\windows\system32\drivers\nfrd960.sys
19:35:20.0211 0x0cd4  nfrd960 - ok
19:35:20.0262 0x0cd4  [ 4774AD83C650001B337B92E5E5DA337B, 138ECC7F556D8A12AE58B78B68F6515BE4C00F9F062596B48B6CA6C010F13035 ] NisDrv          C:\windows\system32\DRIVERS\NisDrvWFP.sys
19:35:20.0271 0x0cd4  NisDrv - ok
19:35:20.0387 0x0cd4  [ 96B7D15161A778B359E707796CCEA646, 9E4A25D9848FAECC517474EAD548E7975CBE3F41AAA964E5245E78F2A723925E ] NisSrv          c:\Program Files\Microsoft Security Client\NisSrv.exe
19:35:20.0398 0x0cd4  NisSrv - ok
19:35:20.0447 0x0cd4  [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc          C:\windows\System32\nlasvc.dll
19:35:20.0458 0x0cd4  NlaSvc - ok
19:35:20.0503 0x0cd4  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\windows\system32\drivers\Npfs.sys
19:35:20.0506 0x0cd4  Npfs - ok
19:35:20.0554 0x0cd4  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi            C:\windows\system32\nsisvc.dll
19:35:20.0560 0x0cd4  nsi - ok
19:35:20.0624 0x0cd4  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\windows\system32\drivers\nsiproxy.sys
19:35:20.0625 0x0cd4  nsiproxy - ok
19:35:20.0793 0x0cd4  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\windows\system32\drivers\Ntfs.sys
19:35:20.0885 0x0cd4  Ntfs - ok
19:35:20.0930 0x0cd4  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\windows\system32\drivers\Null.sys
19:35:20.0931 0x0cd4  Null - ok
19:35:20.0964 0x0cd4  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\windows\system32\drivers\nvraid.sys
19:35:20.0969 0x0cd4  nvraid - ok
19:35:21.0029 0x0cd4  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\windows\system32\drivers\nvstor.sys
19:35:21.0035 0x0cd4  nvstor - ok
19:35:21.0088 0x0cd4  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\windows\system32\drivers\nv_agp.sys
19:35:21.0096 0x0cd4  nv_agp - ok
19:35:21.0113 0x0cd4  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\windows\system32\drivers\ohci1394.sys
19:35:21.0119 0x0cd4  ohci1394 - ok
19:35:21.0190 0x0cd4  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose            C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:35:21.0195 0x0cd4  ose - ok
19:35:21.0531 0x0cd4  [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc        C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:35:21.0790 0x0cd4  osppsvc - ok
19:35:21.0885 0x0cd4  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\windows\system32\pnrpsvc.dll
19:35:21.0897 0x0cd4  p2pimsvc - ok
19:35:21.0961 0x0cd4  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\windows\system32\p2psvc.dll
19:35:21.0976 0x0cd4  p2psvc - ok
19:35:22.0014 0x0cd4  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport        C:\windows\system32\drivers\parport.sys
19:35:22.0018 0x0cd4  Parport - ok
19:35:22.0079 0x0cd4  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr        C:\windows\system32\drivers\partmgr.sys
19:35:22.0082 0x0cd4  partmgr - ok
19:35:22.0127 0x0cd4  [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc          C:\windows\System32\pcasvc.dll
19:35:22.0135 0x0cd4  PcaSvc - ok
19:35:22.0171 0x0cd4  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci            C:\windows\system32\drivers\pci.sys
19:35:22.0182 0x0cd4  pci - ok
19:35:22.0238 0x0cd4  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\windows\system32\drivers\pciide.sys
19:35:22.0240 0x0cd4  pciide - ok
19:35:22.0268 0x0cd4  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\windows\system32\drivers\pcmcia.sys
19:35:22.0275 0x0cd4  pcmcia - ok
19:35:22.0283 0x0cd4  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw            C:\windows\system32\drivers\pcw.sys
19:35:22.0286 0x0cd4  pcw - ok
19:35:22.0378 0x0cd4  [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH          C:\windows\system32\drivers\peauth.sys
19:35:22.0423 0x0cd4  PEAUTH - ok
19:35:22.0613 0x0cd4  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\windows\SysWow64\perfhost.exe
19:35:22.0616 0x0cd4  PerfHost - ok
19:35:22.0776 0x0cd4  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla            C:\windows\system32\pla.dll
19:35:22.0837 0x0cd4  pla - ok
19:35:22.0924 0x0cd4  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\windows\system32\umpnpmgr.dll
19:35:22.0939 0x0cd4  PlugPlay - ok
19:35:22.0946 0x0cd4  PnkBstrA - ok
19:35:22.0983 0x0cd4  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg    C:\windows\system32\pnrpauto.dll
19:35:22.0987 0x0cd4  PNRPAutoReg - ok
19:35:23.0019 0x0cd4  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc        C:\windows\system32\pnrpsvc.dll
19:35:23.0030 0x0cd4  PNRPsvc - ok
19:35:23.0100 0x0cd4  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent    C:\windows\System32\ipsecsvc.dll
19:35:23.0121 0x0cd4  PolicyAgent - ok
19:35:23.0200 0x0cd4  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power          C:\windows\system32\umpo.dll
19:35:23.0208 0x0cd4  Power - ok
19:35:23.0251 0x0cd4  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\windows\system32\DRIVERS\raspptp.sys
19:35:23.0255 0x0cd4  PptpMiniport - ok
19:35:23.0281 0x0cd4  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor      C:\windows\system32\drivers\processr.sys
19:35:23.0284 0x0cd4  Processor - ok
19:35:23.0327 0x0cd4  [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc        C:\windows\system32\profsvc.dll
19:35:23.0336 0x0cd4  ProfSvc - ok
19:35:23.0360 0x0cd4  [ 17A6A9AAD04CCC6EE53290585BFC43AF, E4901D86C6470D21ABA0F6D9615A613E5C74A3FEF931E497F51B6AFA5715332B ] ProtectedStorage C:\windows\system32\lsass.exe
19:35:23.0362 0x0cd4  ProtectedStorage - ok
19:35:23.0380 0x0cd4  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\windows\system32\DRIVERS\pacer.sys
19:35:23.0385 0x0cd4  Psched - ok
19:35:23.0585 0x0cd4  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\windows\system32\drivers\ql2300.sys
19:35:23.0656 0x0cd4  ql2300 - ok
19:35:23.0700 0x0cd4  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\windows\system32\drivers\ql40xx.sys
19:35:23.0704 0x0cd4  ql40xx - ok
19:35:23.0748 0x0cd4  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE          C:\windows\system32\qwave.dll
19:35:23.0763 0x0cd4  QWAVE - ok
19:35:23.0836 0x0cd4  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\windows\system32\drivers\qwavedrv.sys
19:35:23.0838 0x0cd4  QWAVEdrv - ok
19:35:23.0869 0x0cd4  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\windows\system32\DRIVERS\rasacd.sys
19:35:23.0872 0x0cd4  RasAcd - ok
19:35:23.0911 0x0cd4  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn    C:\windows\system32\DRIVERS\AgileVpn.sys
19:35:23.0913 0x0cd4  RasAgileVpn - ok
19:35:23.0945 0x0cd4  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto        C:\windows\System32\rasauto.dll
19:35:23.0950 0x0cd4  RasAuto - ok
19:35:23.0969 0x0cd4  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp        C:\windows\system32\DRIVERS\rasl2tp.sys
19:35:23.0974 0x0cd4  Rasl2tp - ok
19:35:24.0026 0x0cd4  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\windows\System32\rasmans.dll
19:35:24.0039 0x0cd4  RasMan - ok
19:35:24.0051 0x0cd4  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\windows\system32\DRIVERS\raspppoe.sys
19:35:24.0055 0x0cd4  RasPppoe - ok
19:35:24.0092 0x0cd4  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp        C:\windows\system32\DRIVERS\rassstp.sys
19:35:24.0097 0x0cd4  RasSstp - ok
19:35:24.0157 0x0cd4  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss          C:\windows\system32\DRIVERS\rdbss.sys
19:35:24.0177 0x0cd4  rdbss - ok
19:35:24.0221 0x0cd4  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\windows\system32\drivers\rdpbus.sys
19:35:24.0223 0x0cd4  rdpbus - ok
19:35:24.0242 0x0cd4  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\windows\system32\DRIVERS\RDPCDD.sys
19:35:24.0243 0x0cd4  RDPCDD - ok
19:35:24.0264 0x0cd4  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\windows\system32\drivers\rdpencdd.sys
19:35:24.0265 0x0cd4  RDPENCDD - ok
19:35:24.0277 0x0cd4  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\windows\system32\drivers\rdprefmp.sys
19:35:24.0278 0x0cd4  RDPREFMP - ok
19:35:24.0385 0x0cd4  [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\windows\system32\drivers\rdpvideominiport.sys
19:35:24.0386 0x0cd4  RdpVideoMiniport - ok
19:35:24.0427 0x0cd4  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD          C:\windows\system32\drivers\RDPWD.sys
19:35:24.0436 0x0cd4  RDPWD - ok
19:35:24.0488 0x0cd4  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\windows\system32\drivers\rdyboost.sys
19:35:24.0495 0x0cd4  rdyboost - ok
19:35:24.0557 0x0cd4  [ 84C83C7577407C4FF6AB1379EE944610, 497695C775D193357996BE6009247026596907B5568BDD32DA8677042F9BA302 ] regi            C:\windows\system32\drivers\regi.sys
19:35:24.0559 0x0cd4  regi - ok
19:35:24.0593 0x0cd4  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\windows\System32\mprdim.dll
19:35:24.0597 0x0cd4  RemoteAccess - ok
19:35:24.0640 0x0cd4  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\windows\system32\regsvc.dll
19:35:24.0647 0x0cd4  RemoteRegistry - ok
19:35:24.0708 0x0cd4  [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM          C:\windows\system32\DRIVERS\rfcomm.sys
19:35:24.0714 0x0cd4  RFCOMM - ok
19:35:24.0763 0x0cd4  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\windows\System32\RpcEpMap.dll
19:35:24.0767 0x0cd4  RpcEptMapper - ok
19:35:24.0806 0x0cd4  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\windows\system32\locator.exe
19:35:24.0808 0x0cd4  RpcLocator - ok
19:35:24.0844 0x0cd4  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs          C:\windows\system32\rpcss.dll
19:35:24.0863 0x0cd4  RpcSs - ok
19:35:24.0930 0x0cd4  [ C9FE05A63C500ABE3AFA5786504C4D36, F076B57B9EF6A179A37D5E00E1891236025D451CF067D2F1A1CBA2113218FEB6 ] RsFx0105        C:\windows\system32\DRIVERS\RsFx0105.sys
19:35:24.0940 0x0cd4  RsFx0105 - ok
19:35:24.0991 0x0cd4  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\windows\system32\DRIVERS\rspndr.sys
19:35:24.0994 0x0cd4  rspndr - ok
19:35:25.0045 0x0cd4  [ E50CFB92986DCAB49DE93788FD695813, EAE103008B967B0F064EDDA551AA553EE7C22D39D14FA0BBFEF41C4D1B6C99E5 ] RTL8167        C:\windows\system32\DRIVERS\Rt64win7.sys
19:35:25.0076 0x0cd4  RTL8167 - ok
19:35:25.0174 0x0cd4  [ 4CA0DBA9E224473D664C25E411F5A3BD, 71423A66165782EFB4DB7BE6CE48DDB463D9F65FD0F266D333A6558791D158E5 ] rtport          C:\windows\SysWOW64\drivers\rtport.sys
19:35:25.0175 0x0cd4  rtport - ok
19:35:25.0212 0x0cd4  [ 62DB6CC4B0818F1B5F3441241B098F12, 7A53B3FBA3F82EDE6FA688E531FBE7EC9E1AE329090C0AFE0DCD64F65BD90F21 ] SABI            C:\windows\system32\Drivers\SABI.sys
19:35:25.0213 0x0cd4  SABI - ok
19:35:25.0238 0x0cd4  [ 17A6A9AAD04CCC6EE53290585BFC43AF, E4901D86C6470D21ABA0F6D9615A613E5C74A3FEF931E497F51B6AFA5715332B ] SamSs          C:\windows\system32\lsass.exe
19:35:25.0240 0x0cd4  SamSs - ok
19:35:25.0269 0x0cd4  [ D641337B75B9A9D5AE10687AA1097755, 1495654D9090FDE04EF8605D1C8A4B0ACA1A50A4E0A992DE2F049CB8413E860C ] Samsung UPD Service C:\windows\System32\SUPDSvc.exe
19:35:25.0276 0x0cd4  Samsung UPD Service - ok
19:35:25.0336 0x0cd4  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\windows\system32\drivers\sbp2port.sys
19:35:25.0340 0x0cd4  sbp2port - ok
19:35:25.0383 0x0cd4  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\windows\System32\SCardSvr.dll
19:35:25.0391 0x0cd4  SCardSvr - ok
19:35:25.0465 0x0cd4  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\windows\system32\DRIVERS\scfilter.sys
19:35:25.0467 0x0cd4  scfilter - ok
19:35:25.0527 0x0cd4  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\windows\system32\schedsvc.dll
19:35:25.0574 0x0cd4  Schedule - ok
19:35:25.0634 0x0cd4  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc    C:\windows\System32\certprop.dll
19:35:25.0638 0x0cd4  SCPolicySvc - ok
19:35:25.0675 0x0cd4  [ 111E0EBC0AD79CB0FA014B907B231CF0, B7D43D156C2524938503CF8E99C4D1F7A5C55E16C0368F57F4CD23C6D833B38F ] sdbus          C:\windows\system32\DRIVERS\sdbus.sys
19:35:25.0679 0x0cd4  sdbus - ok
19:35:25.0703 0x0cd4  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\windows\System32\SDRSVC.dll
19:35:25.0711 0x0cd4  SDRSVC - ok
19:35:25.0794 0x0cd4  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\windows\system32\drivers\secdrv.sys
19:35:25.0796 0x0cd4  secdrv - ok
19:35:25.0811 0x0cd4  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\windows\system32\seclogon.dll
19:35:25.0815 0x0cd4  seclogon - ok
19:35:25.0840 0x0cd4  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\windows\System32\sens.dll
19:35:25.0844 0x0cd4  SENS - ok
19:35:25.0862 0x0cd4  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\windows\system32\sensrsvc.dll
19:35:25.0865 0x0cd4  SensrSvc - ok
19:35:25.0887 0x0cd4  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum        C:\windows\system32\drivers\serenum.sys
19:35:25.0888 0x0cd4  Serenum - ok
19:35:25.0908 0x0cd4  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\windows\system32\drivers\serial.sys
19:35:25.0911 0x0cd4  Serial - ok
19:35:25.0930 0x0cd4  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\windows\system32\drivers\sermouse.sys
19:35:25.0931 0x0cd4  sermouse - ok
19:35:25.0997 0x0cd4  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\windows\system32\sessenv.dll
19:35:26.0003 0x0cd4  SessionEnv - ok
19:35:26.0019 0x0cd4  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk        C:\windows\system32\drivers\sffdisk.sys
19:35:26.0020 0x0cd4  sffdisk - ok
19:35:26.0038 0x0cd4  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\windows\system32\drivers\sffp_mmc.sys
19:35:26.0039 0x0cd4  sffp_mmc - ok
19:35:26.0055 0x0cd4  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd        C:\windows\system32\drivers\sffp_sd.sys
19:35:26.0057 0x0cd4  sffp_sd - ok
19:35:26.0078 0x0cd4  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy        C:\windows\system32\drivers\sfloppy.sys
19:35:26.0079 0x0cd4  sfloppy - ok
19:35:26.0147 0x0cd4  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\windows\System32\ipnathlp.dll
19:35:26.0159 0x0cd4  SharedAccess - ok
19:35:26.0247 0x0cd4  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\windows\System32\shsvcs.dll
19:35:26.0260 0x0cd4  ShellHWDetection - ok
19:35:26.0320 0x0cd4  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\windows\system32\drivers\SiSRaid2.sys
19:35:26.0322 0x0cd4  SiSRaid2 - ok
19:35:26.0348 0x0cd4  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\windows\system32\drivers\sisraid4.sys
19:35:26.0351 0x0cd4  SiSRaid4 - ok
19:35:26.0416 0x0cd4  [ F6EF225A23D336CA30001E5007644C24, B0A4B1256C1074F1B4F73E3BBA16FD4683D6EEA583DEEF8E11EFD29BA7541F2A ] SkypeUpdate    C:\Program Files (x86)\Skype\Updater\Updater.exe
19:35:26.0426 0x0cd4  SkypeUpdate - ok
19:35:26.0461 0x0cd4  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb            C:\windows\system32\DRIVERS\smb.sys
19:35:26.0464 0x0cd4  Smb - ok
19:35:26.0505 0x0cd4  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\windows\System32\snmptrap.exe
19:35:26.0508 0x0cd4  SNMPTRAP - ok
19:35:26.0550 0x0cd4  [ 0FFE35F0B0CD5A324BBE22F02569AE3B, F4EE803EEFDB4EAEEDB3024C3516F1F9A202C77F4870D6B74356BBDE32B3B560 ] speedfan        C:\windows\SysWOW64\speedfan.sys
19:35:26.0552 0x0cd4  speedfan - ok
19:35:26.0605 0x0cd4  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr          C:\windows\system32\drivers\spldr.sys
19:35:26.0606 0x0cd4  spldr - ok
19:35:26.0663 0x0cd4  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler        C:\windows\System32\spoolsv.exe
19:35:26.0682 0x0cd4  Spooler - ok
19:35:26.0880 0x0cd4  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\windows\system32\sppsvc.exe
19:35:27.0003 0x0cd4  sppsvc - ok
19:35:27.0043 0x0cd4  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify    C:\windows\system32\sppuinotify.dll
19:35:27.0048 0x0cd4  sppuinotify - ok
19:35:27.0140 0x0cd4  [ 2E21D0699F3DFFFFD141763E3AA99D9A, 60063207F002B67B3E2BC78BBD15A2725AE8CFBC3289D21BE598F13F53C929B1 ] SQLAgent$SQLEXPRESS C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
19:35:27.0155 0x0cd4  SQLAgent$SQLEXPRESS - ok
19:35:27.0229 0x0cd4  [ 10D936DCED9EACD1A1B3FCDDA6D7A4EB, EE66162AEAF6A583A04BB5AF1220318C9ADD3A62987CDCEE0505C6FF37AB30FF ] SQLBrowser      C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
19:35:27.0238 0x0cd4  SQLBrowser - ok
19:35:27.0296 0x0cd4  [ F92E5F93BE572B512DA3C016B675EDE0, 3BBE8B952A329E4BCD6F0C8D6225F809B99217A196301B6FE543B26C3689A37B ] SQLWriter      C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
19:35:27.0301 0x0cd4  SQLWriter - ok
19:35:27.0368 0x0cd4  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv            C:\windows\system32\DRIVERS\srv.sys
19:35:27.0382 0x0cd4  srv - ok
19:35:27.0405 0x0cd4  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\windows\system32\DRIVERS\srv2.sys
19:35:27.0417 0x0cd4  srv2 - ok
19:35:27.0432 0x0cd4  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\windows\system32\DRIVERS\srvnet.sys
19:35:27.0438 0x0cd4  srvnet - ok
19:35:27.0507 0x0cd4  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV        C:\windows\System32\ssdpsrv.dll
19:35:27.0523 0x0cd4  SSDPSRV - ok
19:35:27.0580 0x0cd4  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc        C:\windows\system32\sstpsvc.dll
19:35:27.0584 0x0cd4  SstpSvc - ok
19:35:27.0622 0x0cd4  [ EF806D212D34B0E173BAEB3564D53E37, 6EF229A7B7AFF0268CDF47B77F961BD44335C3B35499BB00CBA494A22B2BA39E ] ss_bbus        C:\windows\system32\DRIVERS\ss_bbus.sys
19:35:27.0626 0x0cd4  ss_bbus - ok
19:35:27.0643 0x0cd4  [ 08B1B34ABEBEB6AC2DEA06900C56411E, 928EF9B9F194DB07049BA2D7127756B021C2729F562E54F7FECD0F2B2FF5A209 ] ss_bmdfl        C:\windows\system32\DRIVERS\ss_bmdfl.sys
19:35:27.0644 0x0cd4  ss_bmdfl - ok
19:35:27.0682 0x0cd4  [ 71A9DA6BEAA4CB54DFB827FB78600A5D, 6393CA17CF6A6F30447FF599B2D27CAB44BA1A709D986AC5E14463303094BE5F ] ss_bmdm        C:\windows\system32\DRIVERS\ss_bmdm.sys
19:35:27.0693 0x0cd4  ss_bmdm - ok
19:35:27.0783 0x0cd4  [ 0A3544D7E9AF7D8C991C904339157EDC, 1E1DE4D808AE1174B0CB37E93EBADFC98FEBCD70D612CFE393DDA513581CD123 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
19:35:27.0810 0x0cd4  Steam Client Service - ok
19:35:27.0883 0x0cd4  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\windows\system32\drivers\stexstor.sys
19:35:27.0885 0x0cd4  stexstor - ok
19:35:27.0916 0x0cd4  [ DECACB6921DED1A38642642685D77DAC, 1633711CE973F818EBCCCA28538772431167C33ECDD44D1E846A9436598B52DC ] StillCam        C:\windows\system32\DRIVERS\serscan.sys
19:35:27.0917 0x0cd4  StillCam - ok
19:35:27.0993 0x0cd4  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\windows\System32\wiaservc.dll
19:35:28.0035 0x0cd4  stisvc - ok
19:35:28.0093 0x0cd4  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\windows\system32\DRIVERS\swenum.sys
19:35:28.0094 0x0cd4  swenum - ok
19:35:28.0146 0x0cd4  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv          C:\windows\System32\swprv.dll
19:35:28.0165 0x0cd4  swprv - ok
19:35:28.0315 0x0cd4  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain        C:\windows\system32\sysmain.dll
19:35:28.0398 0x0cd4  SysMain - ok
19:35:28.0449 0x0cd4  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\windows\System32\TabSvc.dll
19:35:28.0460 0x0cd4  TabletInputService - ok
19:35:28.0502 0x0cd4  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv        C:\windows\System32\tapisrv.dll
19:35:28.0514 0x0cd4  TapiSrv - ok
19:35:28.0540 0x0cd4  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS            C:\windows\System32\tbssvc.dll
19:35:28.0544 0x0cd4  TBS - ok
19:35:28.0688 0x0cd4  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip          C:\windows\system32\drivers\tcpip.sys
19:35:28.0765 0x0cd4  Tcpip - ok
19:35:28.0883 0x0cd4  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\windows\system32\DRIVERS\tcpip.sys
19:35:28.0966 0x0cd4  TCPIP6 - ok
19:35:29.0010 0x0cd4  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\windows\system32\drivers\tcpipreg.sys
19:35:29.0012 0x0cd4  tcpipreg - ok
19:35:29.0051 0x0cd4  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\windows\system32\drivers\tdpipe.sys
19:35:29.0052 0x0cd4  TDPIPE - ok
19:35:29.0088 0x0cd4  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP          C:\windows\system32\drivers\tdtcp.sys
19:35:29.0090 0x0cd4  TDTCP - ok
19:35:29.0124 0x0cd4  [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx            C:\windows\system32\DRIVERS\tdx.sys
19:35:29.0129 0x0cd4  tdx - ok
19:35:29.0139 0x0cd4  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\windows\system32\DRIVERS\termdd.sys
19:35:29.0141 0x0cd4  TermDD - ok
19:35:29.0201 0x0cd4  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService    C:\windows\System32\termsrv.dll
19:35:29.0224 0x0cd4  TermService - ok
19:35:29.0265 0x0cd4  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\windows\system32\themeservice.dll
19:35:29.0269 0x0cd4  Themes - ok
19:35:29.0312 0x0cd4  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER    C:\windows\system32\mmcss.dll
19:35:29.0316 0x0cd4  THREADORDER - ok
19:35:29.0334 0x0cd4  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\windows\System32\trkwks.dll
19:35:29.0340 0x0cd4  TrkWks - ok
19:35:29.0410 0x0cd4  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
19:35:29.0416 0x0cd4  TrustedInstaller - ok
19:35:29.0461 0x0cd4  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\windows\system32\DRIVERS\tssecsrv.sys
19:35:29.0463 0x0cd4  tssecsrv - ok
19:35:29.0500 0x0cd4  [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt        C:\windows\system32\drivers\tsusbflt.sys
19:35:29.0503 0x0cd4  TsUsbFlt - ok
19:35:29.0541 0x0cd4  [ AD64450A4ABE076F5CB34CC08EEACB07, B5C386635441A19178E7FEEE299BA430C8D72F9110866C13A216B12A1080AD12 ] TsUsbGD        C:\windows\system32\drivers\TsUsbGD.sys
19:35:29.0542 0x0cd4  TsUsbGD - ok
19:35:29.0586 0x0cd4  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\windows\system32\DRIVERS\tunnel.sys
19:35:29.0590 0x0cd4  tunnel - ok
19:35:29.0616 0x0cd4  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\windows\system32\drivers\uagp35.sys
19:35:29.0618 0x0cd4  uagp35 - ok
19:35:29.0648 0x0cd4  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\windows\system32\DRIVERS\udfs.sys
19:35:29.0658 0x0cd4  udfs - ok
19:35:29.0732 0x0cd4  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect      C:\windows\system32\UI0Detect.exe
19:35:29.0736 0x0cd4  UI0Detect - ok
19:35:29.0746 0x0cd4  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\windows\system32\drivers\uliagpkx.sys
19:35:29.0749 0x0cd4  uliagpkx - ok
19:35:29.0762 0x0cd4  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus          C:\windows\system32\DRIVERS\umbus.sys
19:35:29.0764 0x0cd4  umbus - ok
19:35:29.0789 0x0cd4  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\windows\system32\drivers\umpass.sys
19:35:29.0790 0x0cd4  UmPass - ok
19:35:29.0828 0x0cd4  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\windows\System32\upnphost.dll
19:35:29.0841 0x0cd4  upnphost - ok
19:35:29.0884 0x0cd4  [ 5C3BE22E485B9BF11FCEFDC676C728D0, F55061066ECF6920D56518A677BB538C18B7F1BB150ED6DB3591408F44E8D53A ] USBAAPL64      C:\windows\system32\Drivers\usbaapl64.sys
19:35:29.0886 0x0cd4  USBAAPL64 - ok
19:35:29.0933 0x0cd4  [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio        C:\windows\system32\drivers\usbaudio.sys
19:35:29.0937 0x0cd4  usbaudio - ok
19:35:29.0972 0x0cd4  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp        C:\windows\system32\DRIVERS\usbccgp.sys
19:35:29.0975 0x0cd4  usbccgp - ok
19:35:30.0010 0x0cd4  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\windows\system32\drivers\usbcir.sys
19:35:30.0014 0x0cd4  usbcir - ok
19:35:30.0047 0x0cd4  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci        C:\windows\system32\DRIVERS\usbehci.sys
19:35:30.0049 0x0cd4  usbehci - ok
19:35:30.0082 0x0cd4  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\windows\system32\DRIVERS\usbhub.sys
19:35:30.0093 0x0cd4  usbhub - ok
19:35:30.0109 0x0cd4  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci        C:\windows\system32\DRIVERS\usbohci.sys
19:35:30.0110 0x0cd4  usbohci - ok
19:35:30.0151 0x0cd4  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\windows\system32\DRIVERS\usbprint.sys
19:35:30.0153 0x0cd4  usbprint - ok
19:35:30.0192 0x0cd4  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR        C:\windows\system32\DRIVERS\USBSTOR.SYS
19:35:30.0195 0x0cd4  USBSTOR - ok
19:35:30.0228 0x0cd4  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci        C:\windows\system32\drivers\usbuhci.sys
19:35:30.0229 0x0cd4  usbuhci - ok
19:35:30.0256 0x0cd4  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\windows\System32\Drivers\usbvideo.sys
19:35:30.0262 0x0cd4  usbvideo - ok
19:35:30.0294 0x0cd4  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms          C:\windows\System32\uxsms.dll
19:35:30.0297 0x0cd4  UxSms - ok
19:35:30.0326 0x0cd4  [ 17A6A9AAD04CCC6EE53290585BFC43AF, E4901D86C6470D21ABA0F6D9615A613E5C74A3FEF931E497F51B6AFA5715332B ] VaultSvc        C:\windows\system32\lsass.exe
19:35:30.0329 0x0cd4  VaultSvc - ok
19:35:30.0364 0x0cd4  [ FD911873C0BB6945FA38C16E9A2B58F9, EF8C833321449A6E8B671890F2EBC82ABC276B890D274AADDB626D763EE98964 ] VClone          C:\windows\system32\DRIVERS\VClone.sys
19:35:30.0365 0x0cd4  VClone - ok
19:35:30.0385 0x0cd4  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\windows\system32\drivers\vdrvroot.sys
19:35:30.0387 0x0cd4  vdrvroot - ok
19:35:30.0415 0x0cd4  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds            C:\windows\System32\vds.exe
19:35:30.0430 0x0cd4  vds - ok
19:35:30.0464 0x0cd4  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga            C:\windows\system32\DRIVERS\vgapnp.sys
19:35:30.0466 0x0cd4  vga - ok
19:35:30.0486 0x0cd4  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave        C:\windows\System32\drivers\vga.sys
19:35:30.0488 0x0cd4  VgaSave - ok
19:35:30.0520 0x0cd4  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp          C:\windows\system32\drivers\vhdmp.sys
19:35:30.0527 0x0cd4  vhdmp - ok
19:35:30.0562 0x0cd4  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\windows\system32\drivers\viaide.sys
19:35:30.0563 0x0cd4  viaide - ok
19:35:30.0574 0x0cd4  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\windows\system32\drivers\volmgr.sys
19:35:30.0577 0x0cd4  volmgr - ok
19:35:30.0598 0x0cd4  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx        C:\windows\system32\drivers\volmgrx.sys
19:35:30.0609 0x0cd4  volmgrx - ok
19:35:30.0628 0x0cd4  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap        C:\windows\system32\drivers\volsnap.sys
19:35:30.0637 0x0cd4  volsnap - ok
19:35:30.0664 0x0cd4  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid        C:\windows\system32\drivers\vsmraid.sys
19:35:30.0670 0x0cd4  vsmraid - ok
19:35:30.0773 0x0cd4  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS            C:\windows\system32\vssvc.exe
19:35:30.0841 0x0cd4  VSS - ok
19:35:30.0871 0x0cd4  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\windows\system32\DRIVERS\vwifibus.sys
19:35:30.0872 0x0cd4  vwifibus - ok
19:35:30.0912 0x0cd4  [ 13A0DECD1794DE60A8427862C8669D27, 4024AF9F2F052BC80C85F5B9A671499C20AF38838206CC649E6EFE37C380D3BF ] vwififlt        C:\windows\system32\DRIVERS\vwififlt.sys
19:35:30.0915 0x0cd4  vwififlt - ok
19:35:30.0934 0x0cd4  [ 49003B357D101CDC474937437ECF5ABC, D3EC570D616DC39FE6BF02DA1CD6C30CD07C27CC5B4B6FD6DACB5D8A4F1596A6 ] vwifimp        C:\windows\system32\DRIVERS\vwifimp.sys
19:35:30.0935 0x0cd4  vwifimp - ok
19:35:30.0977 0x0cd4  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time        C:\windows\system32\w32time.dll
19:35:30.0990 0x0cd4  W32Time - ok
19:35:31.0016 0x0cd4  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\windows\system32\drivers\wacompen.sys
19:35:31.0018 0x0cd4  WacomPen - ok
19:35:31.0029 0x0cd4  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\windows\system32\DRIVERS\wanarp.sys
19:35:31.0032 0x0cd4  WANARP - ok
19:35:31.0043 0x0cd4  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\windows\system32\DRIVERS\wanarp.sys
19:35:31.0046 0x0cd4  Wanarpv6 - ok
19:35:31.0143 0x0cd4  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\windows\system32\wbengine.exe
19:35:31.0205 0x0cd4  wbengine - ok
19:35:31.0264 0x0cd4  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\windows\System32\wbiosrvc.dll
19:35:31.0272 0x0cd4  WbioSrvc - ok
19:35:31.0316 0x0cd4  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc        C:\windows\System32\wcncsvc.dll
19:35:31.0329 0x0cd4  wcncsvc - ok
19:35:31.0376 0x0cd4  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
19:35:31.0380 0x0cd4  WcsPlugInService - ok
19:35:31.0410 0x0cd4  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\windows\system32\drivers\wd.sys
19:35:31.0410 0x0cd4  Wd - ok
19:35:31.0490 0x0cd4  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\windows\system32\drivers\Wdf01000.sys
19:35:31.0515 0x0cd4  Wdf01000 - ok
19:35:31.0570 0x0cd4  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost  C:\windows\system32\wdi.dll
19:35:31.0575 0x0cd4  WdiServiceHost - ok
19:35:31.0585 0x0cd4  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost  C:\windows\system32\wdi.dll
19:35:31.0591 0x0cd4  WdiSystemHost - ok
19:35:31.0663 0x0cd4  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient      C:\windows\System32\webclnt.dll
19:35:31.0673 0x0cd4  WebClient - ok
19:35:31.0737 0x0cd4  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\windows\system32\wecsvc.dll
19:35:31.0746 0x0cd4  Wecsvc - ok
19:35:31.0802 0x0cd4  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport  C:\windows\System32\wercplsupport.dll
19:35:31.0809 0x0cd4  wercplsupport - ok
19:35:31.0884 0x0cd4  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\windows\System32\WerSvc.dll
19:35:31.0889 0x0cd4  WerSvc - ok
19:35:31.0909 0x0cd4  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\windows\system32\DRIVERS\wfplwf.sys
19:35:31.0910 0x0cd4  WfpLwf - ok
19:35:31.0945 0x0cd4  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\windows\system32\drivers\wimmount.sys
19:35:31.0947 0x0cd4  WIMMount - ok
19:35:31.0978 0x0cd4  WinDefend - ok
19:35:31.0996 0x0cd4  WinHttpAutoProxySvc - ok
19:35:32.0093 0x0cd4  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt        C:\windows\system32\wbem\WMIsvc.dll
19:35:32.0102 0x0cd4  Winmgmt - ok
19:35:32.0255 0x0cd4  [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM          C:\windows\system32\WsmSvc.dll
19:35:32.0351 0x0cd4  WinRM - ok
19:35:32.0416 0x0cd4  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\windows\system32\drivers\WinUsb.sys
19:35:32.0418 0x0cd4  WinUsb - ok
19:35:32.0503 0x0cd4  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc        C:\windows\System32\wlansvc.dll
19:35:32.0533 0x0cd4  Wlansvc - ok
19:35:32.0717 0x0cd4  [ 2BACD71123F42CEA603F4E205E1AE337, 1FEF20554110371D738F462ECFFA999158EFEED02062414C58C1B61C422BF0B9 ] wlidsvc        C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:35:32.0799 0x0cd4  wlidsvc - ok
19:35:32.0827 0x0cd4  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi        C:\windows\system32\drivers\wmiacpi.sys
19:35:32.0828 0x0cd4  WmiAcpi - ok
19:35:32.0879 0x0cd4  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\windows\system32\wbem\WmiApSrv.exe
19:35:32.0885 0x0cd4  wmiApSrv - ok
19:35:32.0893 0x0cd4  WMPNetworkSvc - ok
19:35:32.0926 0x0cd4  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\windows\System32\wpcsvc.dll
19:35:32.0929 0x0cd4  WPCSvc - ok
19:35:32.0950 0x0cd4  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\windows\system32\wpdbusenum.dll
19:35:32.0956 0x0cd4  WPDBusEnum - ok
19:35:32.0991 0x0cd4  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl        C:\windows\system32\drivers\ws2ifsl.sys
19:35:32.0992 0x0cd4  ws2ifsl - ok
19:35:33.0012 0x0cd4  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\windows\System32\wscsvc.dll
19:35:33.0018 0x0cd4  wscsvc - ok
19:35:33.0026 0x0cd4  WSearch - ok
19:35:33.0179 0x0cd4  [ 0814A74C853F50B354F08F83DDA9F7FB, 0A63BAA8DE451B8C2C71FEF961718E769B9BAC305C76D24048C664CB27D0DF28 ] wuauserv        C:\windows\system32\wuaueng.dll
19:35:33.0259 0x0cd4  wuauserv - ok
19:35:33.0304 0x0cd4  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\windows\system32\drivers\WudfPf.sys
19:35:33.0308 0x0cd4  WudfPf - ok
19:35:33.0340 0x0cd4  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\windows\system32\drivers\WUDFRd.sys
19:35:33.0347 0x0cd4  WUDFRd - ok
19:35:33.0368 0x0cd4  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc        C:\windows\System32\WUDFSvc.dll
19:35:33.0374 0x0cd4  wudfsvc - ok
19:35:33.0421 0x0cd4  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc        C:\windows\System32\wwansvc.dll
19:35:33.0430 0x0cd4  WwanSvc - ok
19:35:33.0502 0x0cd4  [ 9176C0822FAA649E45121875BE32F5D2, B7A7A906A7BB0F760ED241F998C647D728C4DB5D8778AFE585DF38331165803F ] xusb21          C:\windows\system32\DRIVERS\xusb21.sys
19:35:33.0505 0x0cd4  xusb21 - ok
19:35:33.0568 0x0cd4  ================ Scan global ===============================
19:35:33.0662 0x0cd4  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\windows\system32\basesrv.dll
19:35:33.0698 0x0cd4  [ 2313AF8D5A9CEB4A55400A01DD311A95, A5779FE967EA2703E86BEDC32CD736617AF278C72048228F038DFC628E1E0AA2 ] C:\windows\system32\winsrv.dll
19:35:33.0718 0x0cd4  [ 2313AF8D5A9CEB4A55400A01DD311A95, A5779FE967EA2703E86BEDC32CD736617AF278C72048228F038DFC628E1E0AA2 ] C:\windows\system32\winsrv.dll
19:35:33.0780 0x0cd4  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\windows\system32\sxssrv.dll
19:35:33.0825 0x0cd4  [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\windows\system32\services.exe
19:35:33.0837 0x0cd4  [ Global ] - ok
19:35:33.0837 0x0cd4  ================ Scan MBR ==================================
19:35:33.0864 0x0cd4  [ 2E5DEBB2116B3417023E0D6562D7ED07 ] \Device\Harddisk0\DR0
19:35:34.0399 0x0cd4  \Device\Harddisk0\DR0 - ok
19:35:34.0400 0x0cd4  ================ Scan VBR ==================================
19:35:34.0404 0x0cd4  [ BB38EEC56DC0B07378DC81F6AB87771B ] \Device\Harddisk0\DR0\Partition1
19:35:34.0407 0x0cd4  \Device\Harddisk0\DR0\Partition1 - ok
19:35:34.0411 0x0cd4  [ DB115299BC0FF95F9EF0BF600398E530 ] \Device\Harddisk0\DR0\Partition2
19:35:34.0413 0x0cd4  \Device\Harddisk0\DR0\Partition2 - ok
19:35:34.0450 0x0cd4  [ 1CD169FF6D493D7D81D5E5D32E4957EB ] \Device\Harddisk0\DR0\Partition3
19:35:34.0452 0x0cd4  \Device\Harddisk0\DR0\Partition3 - ok
19:35:34.0453 0x0cd4  ================ Scan generic autorun ======================
19:35:34.0560 0x0cd4  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
19:35:34.0671 0x0cd4  Sidebar - ok
19:35:34.0715 0x0cd4  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
19:35:34.0720 0x0cd4  mctadmin - ok
19:35:34.0775 0x0cd4  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
19:35:34.0810 0x0cd4  Sidebar - ok
19:35:34.0822 0x0cd4  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
19:35:34.0826 0x0cd4  mctadmin - ok
19:35:35.0009 0x0cd4  [ C3E6128725B7C509EB6742A6F2310576, C8348D91AF275185FE90BAB2315AC05B4009E36ECF321E5CECF34D1C3F8AC8B6 ] C:\Users\Marvin\AppData\Roaming\Spotify\SpotifyWebHelper.exe
19:35:35.0113 0x0cd4  Spotify Web Helper - ok
19:35:35.0226 0x0cd4  FlashPlayerUpdate - ok
19:35:35.0227 0x0cd4  Waiting for KSN requests completion. In queue: 80
19:35:36.0227 0x0cd4  Waiting for KSN requests completion. In queue: 80
19:35:37.0228 0x0cd4  Waiting for KSN requests completion. In queue: 80
19:35:38.0246 0x0cd4  AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.8.204.0 ), 0x60000 ( disabled : updated )
19:35:38.0267 0x0cd4  Win FW state via NFP2: disabled
19:35:40.0673 0x0cd4  ============================================================
19:35:40.0673 0x0cd4  Scan finished
19:35:40.0673 0x0cd4  ============================================================
19:35:40.0687 0x0b44  Detected object count: 0
19:35:40.0687 0x0b44  Actual detected object count: 0
19:35:46.0273 0x0f24  Deinitialize success

M-K-D-B 29.06.2015 19:48
Servus,



Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

marvin1105 29.06.2015 20:29
Ohne Probleme und danke soweit

Code:
ComboFix 15-06-27.01 - Marvin 29.06.2015  21:09:47.1.4 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.5612.3763 [GMT 2:00]
ausgeführt von:: c:\users\Marvin\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Disabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\vn2c9pwe.default\extensions\staged\A3C@K.com
c:\users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\vn2c9pwe.default\extensions\staged\A3C@K.com\bootstrap.js
c:\users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\vn2c9pwe.default\extensions\staged\A3C@K.com\chrome.manifest
c:\users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\vn2c9pwe.default\extensions\staged\A3C@K.com\content\bg.js
c:\users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\vn2c9pwe.default\extensions\staged\A3C@K.com\install.rdf
c:\users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\vn2c9pwe.default\extensions\staged\vpmI@X.net
c:\users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\vn2c9pwe.default\extensions\staged\vpmI@X.net\bootstrap.js
c:\users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\vn2c9pwe.default\extensions\staged\vpmI@X.net\chrome.manifest
c:\users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\vn2c9pwe.default\extensions\staged\vpmI@X.net\content\bg.js
c:\users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\vn2c9pwe.default\extensions\staged\vpmI@X.net\install.rdf
c:\windows\IsUn0407.exe
.
.
(((((((((((((((((((((((((((((((((((((((  Treiber/Dienste  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ACEDRV11
-------\Service_acedrv11
.
.
(((((((((((((((((((((((  Dateien erstellt von 2015-05-28 bis 2015-06-29  ))))))))))))))))))))))))))))))
.
.
2015-06-29 17:28 . 2015-06-29 17:30        --------        d-----w-        C:\FRST
2015-06-29 16:35 . 2015-06-29 16:35        24        ----a-w-        c:\users\Marvin\AppData\Roaming\appdataFr25.bin
2015-06-29 16:29 . 2015-06-29 16:29        --------        d-----w-        C:\RegBackup
2015-06-29 16:25 . 2015-06-12 07:50        12221144        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2908A74F-7C45-4FDB-9588-2A59C413233D}\mpengine.dll
2015-06-27 05:28 . 2015-06-27 07:57        --------        d-----w-        c:\program files (x86)\Responsive Inspector
2015-06-27 00:21 . 2015-06-12 07:50        12221144        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-06-20 12:52 . 2015-06-20 12:52        --------        d-----w-        c:\users\Marvin\AppData\Local\WarThunder
2015-06-14 11:03 . 2015-06-14 11:03        --------        d-----w-        c:\users\Marvin\AppData\Local\Activision
2015-06-14 09:39 . 2015-06-14 09:39        --------        d-----w-        c:\users\Marvin\AppData\Local\Steam
2015-06-13 12:26 . 2015-06-13 12:26        26565        ----a-w-        c:\windows\SysWow64\msrsb04.dll
2015-06-13 12:26 . 2015-06-13 12:26        --------        d-----w-        c:\users\Marvin\AppData\Local\IsolatedStorage
2015-06-12 14:53 . 2015-04-02 19:43        1187344        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9A6C9960-32E4-4B93-A13D-2C08A1112D5C}\gapaengine.dll
2015-06-10 14:20 . 2015-05-25 17:08        3206144        ----a-w-        c:\windows\system32\win32k.sys
2015-06-10 14:20 . 2015-04-11 03:19        69888        ----a-w-        c:\windows\system32\drivers\stream.sys
2015-06-09 17:20 . 2015-06-27 07:57        --------        d-----w-        c:\program files (x86)\VIA3  Video Conferencing Messaging
2015-06-06 18:53 . 2015-06-27 08:06        --------        d-----w-        c:\program files (x86)\SoftwareForce
2015-06-05 18:07 . 2015-05-22 18:18        700416        ----a-w-        c:\windows\system32\generaltel.dll
2015-06-05 18:07 . 2015-05-22 18:18        1021440        ----a-w-        c:\windows\system32\appraiser.dll
2015-06-05 18:07 . 2015-05-21 13:19        193536        ----a-w-        c:\windows\system32\aepic.dll
2015-06-05 18:07 . 2015-05-22 18:18        757248        ----a-w-        c:\windows\system32\invagent.dll
2015-06-05 18:07 . 2015-05-22 18:18        423424        ----a-w-        c:\windows\system32\devinv.dll
2015-06-05 18:07 . 2015-05-22 18:13        1119232        ----a-w-        c:\windows\system32\aeinv.dll
2015-06-05 18:07 . 2015-05-22 18:18        45568        ----a-w-        c:\windows\system32\acmigration.dll
2015-06-05 18:07 . 2015-05-22 18:18        227328        ----a-w-        c:\windows\system32\aepdu.dll
2015-06-01 15:27 . 2015-06-01 15:27        --------        d-----w-        c:\users\Marvin\AppData\Local\Diagnostics
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-06-29 19:06 . 2015-05-15 08:04        136408        ----a-w-        c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-06-26 22:26 . 2012-03-29 14:21        778416        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2015-06-26 22:26 . 2011-12-24 23:01        142512        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-06-11 16:37 . 2011-12-25 09:53        140135120        ----a-w-        c:\windows\system32\MRT.exe
2015-05-25 18:01 . 2015-06-10 14:25        44032        ----a-w-        c:\windows\apppatch\acwow64.dll
2015-05-17 18:09 . 2015-05-17 18:09        43664        ----a-w-        c:\windows\system32\drivers\hitmanpro37.sys
2015-05-01 13:17 . 2015-05-14 20:15        124112        ----a-w-        c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-01 13:16 . 2015-05-14 20:15        102608        ----a-w-        c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-04-20 03:17 . 2015-05-14 18:36        1179136        ----a-w-        c:\windows\system32\FntCache.dll
2015-04-20 03:17 . 2015-05-14 18:36        1647104        ----a-w-        c:\windows\system32\DWrite.dll
2015-04-20 02:56 . 2015-05-14 18:36        1250816        ----a-w-        c:\windows\SysWow64\DWrite.dll
2015-04-18 03:10 . 2015-05-14 18:38        460800        ----a-w-        c:\windows\system32\certcli.dll
2015-04-18 02:56 . 2015-05-14 18:38        342016        ----a-w-        c:\windows\SysWow64\certcli.dll
2015-04-14 07:37 . 2015-05-15 08:04        63704        ----a-w-        c:\windows\system32\drivers\mwac.sys
2015-04-14 07:37 . 2015-05-15 08:04        107736        ----a-w-        c:\windows\system32\drivers\mbamchameleon.sys
2015-04-14 07:37 . 2013-10-06 17:23        25816        ----a-w-        c:\windows\system32\drivers\mbam.sys
2015-04-14 01:38 . 2015-04-14 01:38        1217192        ----a-w-        c:\windows\SysWow64\FM20.DLL
2015-04-13 03:28 . 2015-05-14 18:37        328704        ----a-w-        c:\windows\system32\services.exe
2015-04-08 03:29 . 2015-05-14 18:36        275456        ----a-w-        c:\windows\system32\InkEd.dll
2015-04-08 03:14 . 2015-05-14 18:36        216064        ----a-w-        c:\windows\SysWow64\InkEd.dll
2015-04-02 19:43 . 2013-08-22 17:54        1187344        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\users\Marvin\AppData\Roaming\Spotify\SpotifyWebHelper.exe" [2015-06-29 2023480]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys;c:\windows\SYSNATIVE\drivers\Apowersoft_AudioDevice.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
R3 GenericMount;Generic Mount Driver;c:\windows\system32\DRIVERS\GenericMount.sys;c:\windows\SYSNATIVE\DRIVERS\GenericMount.sys [x]
R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys;c:\windows\SYSNATIVE\drivers\hitmanpro37.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys;c:\windows\SYSNATIVE\DRIVERS\MijXfilt.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bbus.sys [x]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdfl.sys [x]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R4 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
R4 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc64.exe;c:\windows\SYSNATIVE\EscSvc64.exe [x]
R4 MSSQLServerADHelper100;SQL Server Hilfsdienst für Active Directory;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0105.sys [x]
R4 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe;c:\windows\SYSNATIVE\SUPDSvc.exe [x]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R4 SQLAgent$SQLEXPRESS;SQL Server-Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys;c:\windows\SYSNATIVE\Drivers\SABI.sys [x]
S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 regi;regi;c:\windows\system32\drivers\regi.sys;c:\windows\SYSNATIVE\drivers\regi.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-06-26 21:24        990024        ----a-w-        c:\program files (x86)\Google\Chrome\Application\43.0.2357.130\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-06-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 22:26]
.
2015-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-05-17 18:12]
.
2015-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-05-17 18:12]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-25 11895400]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\gsf1j48l.default\
FF - prefs.js: network.proxy.ftp - 77.248.92.156
FF - prefs.js: network.proxy.ftp_port - 80
FF - prefs.js: network.proxy.http - 77.248.92.156
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.socks - 77.248.92.156
FF - prefs.js: network.proxy.socks_port - 80
FF - prefs.js: network.proxy.ssl - 77.248.92.156
FF - prefs.js: network.proxy.ssl_port - 80
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
HKLM_Wow6432Node-ActiveSetup-installed components - c:\program files (x86)\Crossbrowse\Crossbrowse\Application\39.6.2171.95\Installer\chrmstp.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
AddRemove-Your Product1.0 - c:\program files (x86)\Your Product\uninstall.exe
AddRemove-Google Chrome - c:\users\Marvin\AppData\Local\Google\Chrome\Application\42.0.2311.152\Installer\setup.exe
AddRemove-UnityWebPlayer - c:\users\Marvin\AppData\Local\Unity\WebPlayer\Uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2545573064-1671415295-1629012448-1000\Software\SecuROM\License information*]
"datasecu"=hex:60,30,e4,76,16,4e,4b,ea,67,87,29,07,ce,b8,79,d9,70,f9,ad,ad,bf,
  f6,2c,72,d0,1b,fe,04,77,9b,ae,4b,ae,9b,6b,01,6d,ca,ce,d5,e9,48,74,70,f6,a8,\
"rkeysecu"=hex:99,ca,3f,b3,0e,4c,53,ee,3e,57,9f,fe,6d,ef,ab,a1
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_190_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_190_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_190_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_190_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_190.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.17"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_190.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_190.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_190.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Samsung\Samsung Control Center\MovieColorEnhancer.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-06-29  21:27:14 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2015-06-29 19:27
.
Vor Suchlauf: 16 Verzeichnis(se), 72.986.984.448 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 72.206.852.096 Bytes frei
.
- - End Of File - - 7FEB0B69A903EAC405CF2D4318A21AED
2E5DEBB2116B3417023E0D6562D7ED07

M-K-D-B 30.06.2015 04:38
Schritt 1
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).






Schritt 2
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.







Schritt 3

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.







Schritt 4
  • Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
  • FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.






Bitte poste mit deiner nächsten Antwort
  • die Logdatei von AdwCleaner,
  • die Logdatei von MBAM,
  • die Logdatei von JRT,
  • die beiden neuen Logdateien von FRST.

marvin1105 30.06.2015 07:21
AdwCleaner
Code:
# AdwCleaner v4.207 - Bericht erstellt 30/06/2015 um 07:07:54
# Aktualisiert 21/06/2015 von Xplode
# Datenbank : 2015-06-29.1 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : Marvin - MARVIN-PC
# Gestarted von : C:\Users\Marvin\Desktop\adwcleaner_4.207.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
Datei Gelöscht : C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.pricepeep00.pricepeep.net_0.localstorage
Datei Gelöscht : C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.pricepeep00.pricepeep.net_0.localstorage-journal

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Internetbrowser ] *****

-\\ Internet Explorer v10.0.9200.17377


-\\ Mozilla Firefox v37.0.2 (x86 de)


-\\ Google Chrome v43.0.2357.130


*************************

AdwCleaner[R0].txt - [26673 Bytes] - [09/11/2013 14:51:18]
AdwCleaner[R1].txt - [27813 Bytes] - [17/05/2015 19:11:39]
AdwCleaner[R2].txt - [26434 Bytes] - [17/05/2015 19:30:56]
AdwCleaner[R3].txt - [3192 Bytes] - [27/06/2015 10:25:53]
AdwCleaner[R4].txt - [1559 Bytes] - [29/06/2015 18:27:04]
AdwCleaner[R5].txt - [1800 Bytes] - [30/06/2015 07:06:44]
AdwCleaner[S0].txt - [23819 Bytes] - [09/11/2013 14:52:46]
AdwCleaner[S1].txt - [22199 Bytes] - [17/05/2015 19:51:30]
AdwCleaner[S2].txt - [3240 Bytes] - [27/06/2015 10:27:18]
AdwCleaner[S3].txt - [1618 Bytes] - [29/06/2015 18:30:01]
AdwCleaner[S4].txt - [1720 Bytes] - [30/06/2015 07:07:54]

########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [1779  Bytes] ##########
MBAM
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 30.06.2015
Suchlauf-Zeit: 07:10:45
Logdatei: mbam.txt
Administrator: Ja

Version: 2.01.6.1022
Malware Datenbank: v2015.06.30.01
Rootkit Datenbank: v2015.06.26.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Marvin

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 527576
Verstrichene Zeit: 50 Min, 54 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Warnen
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 0
(Keine schädliche Elemente gefunden)

Registrierungswerte: 0
(Keine schädliche Elemente gefunden)

Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)

Ordner: 0
(Keine schädliche Elemente gefunden)

Dateien: 1
PUP.Optional.AppDataFR.A, C:\Users\Marvin\AppData\Roaming\appdataFr25.bin, In Quarantäne, [8653a41c4842d56143bdbc3c63a0fb05],

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)
JRT
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.2.2 (06.29.2015:1)
OS: Windows 7 Home Premium x64
Ran by Marvin on 30.06.2015 at  8:08:59,53
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\Users\Marvin\AppData\Roaming\appdataFr25.bin



~~~ Folders



~~~ Chrome


[C:\Users\Marvin\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Marvin\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Marvin\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Marvin\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 30.06.2015 at  8:13:28,98
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:28-06-2015 01
Ran by Marvin (administrator) on MARVIN-PC on 30-06-2015 08:14:27
Running from C:\Users\Marvin\Desktop
Loaded Profiles: Marvin (Available Profiles: Marvin & Gast)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Samsung Electronics) C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11895400 2011-06-25] (Realtek Semiconductor)
HKU\S-1-5-21-2545573064-1671415295-1629012448-1000\...\Run: [Spotify Web Helper] => C:\Users\Marvin\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2023480 2015-06-29] (Spotify Ltd)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2545573064-1671415295-1629012448-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2545573064-1671415295-1629012448-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2545573064-1671415295-1629012448-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKU\S-1-5-21-2545573064-1671415295-1629012448-1000\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://go.microsoft.com/fwlink/?LinkID=226786&Mkt=de-DE&Src=MSE&Tid=000328B0&OHP=http%3A%2F%2Fwww.google.com&OSP=http%3A%2F%2Fwww.bing.com%2Fsearch%3Fq%3D%7BsearchTerms%7D%26src%3DIE%2DSearchBox%26FORM%3DIE8SRC
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2012-01-25] (SEIKO EPSON CORPORATION)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2013-02-28] (SEIKO EPSON CORPORATION)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-08-14] (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-08-14] (Oracle Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2012-01-25] (SEIKO EPSON CORPORATION)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2013-02-28] (SEIKO EPSON CORPORATION)
Toolbar: HKU\S-1-5-21-2545573064-1671415295-1629012448-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{2A94E516-2DE9-4155-BD74-533A45A480A3}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{917C8FB1-DBBD-4071-BBA1-49971A587E96}: [DhcpNameServer] 139.7.30.126 139.7.30.125

FireFox:
========
FF ProfilePath: C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\gsf1j48l.default
FF NetworkProxy: "ftp", "77.248.92.156"
FF NetworkProxy: "ftp_port", 80
FF NetworkProxy: "http", "77.248.92.156"
FF NetworkProxy: "http_port", 80
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "77.248.92.156"
FF NetworkProxy: "socks_port", 80
FF NetworkProxy: "ssl", "77.248.92.156"
FF NetworkProxy: "ssl_port", 80
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_17_0_0_190.dll [2015-06-27] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_190.dll [2015-06-27] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\windows\SysWOW64\npDeployJava1.dll [2013-08-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-08-14] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npNxGameeu.dll [2012-07-06] (Nexon)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2545573064-1671415295-1629012448-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Marvin\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-2545573064-1671415295-1629012448-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Marvin\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-2545573064-1671415295-1629012448-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Marvin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2012-08-20] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2013-06-11] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2013-06-11] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2013-06-11] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2013-06-11] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2013-06-11] (Apple Inc.)
FF Extension: Ciuvo Price Comparison - C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\gsf1j48l.default\Extensions\extension@ciuvo.com.xpi [2011-12-29]
FF Extension: Stealthy - C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\gsf1j48l.default\Extensions\stealthyextension@gmail.com.xpi [2012-01-10]
FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2014-04-30]
FF Extension: No Name - C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\gsf1j48l.default\extensions\hfpf_cgpkgdrje@zpnpaawfkczpibh.org [not found]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-05-17]
CHR Extension: (Google Search) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-17]
CHR Extension: (Tampermonkey) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2015-06-13]
CHR Extension: (Google Wallet) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-17]
CHR Extension: (Gmail) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-17]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-03-28] (Advanced Micro Devices, Inc.) [File not signed]
S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
S4 EpsonScanSvc; C:\windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
S2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [58387104 2014-07-12] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
S2 PnkBstrA; C:\windows\SysWOW64\PnkBstrA.exe [76888 2014-05-29] ()
S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [441504 2014-07-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31920 2014-04-09] (Wondershare)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-03-07] (Disc Soft Ltd)
S3 GenericMount; C:\Windows\System32\DRIVERS\GenericMount.sys [54320 2009-09-21] (Symantec Corporation)
S3 hitmanpro37; C:\windows\system32\drivers\hitmanpro37.sys [43664 2015-05-17] ()
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-06-30] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
S3 MotioninJoyXFilter; C:\Windows\System32\DRIVERS\MijXfilt.sys [121416 2012-05-12] (MotioninJoy) [File not signed]
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [22528 2011-08-02] (Apple Inc.) [File not signed]
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2011-10-21] (Windows (R) 2003 DDK 3790 provider)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U2 V2iMount; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-30 08:14 - 2015-06-30 08:14 - 00017374 _____ C:\Users\Marvin\Desktop\FRST.txt
2015-06-30 08:13 - 2015-06-30 08:13 - 00001148 _____ C:\Users\Marvin\Desktop\JRT.txt
2015-06-30 08:13 - 2015-06-30 08:13 - 00000024 _____ C:\Users\Marvin\AppData\Roaming\appdataFr25.bin
2015-06-30 08:09 - 2015-06-30 08:09 - 00000207 _____ C:\windows\tweaking.com-regbackup-MARVIN-PC-Windows-7-Home-Premium-(64-bit).dat
2015-06-30 08:08 - 2015-06-30 00:19 - 02950579 _____ (Malwarebytes Corporation) C:\Users\Marvin\Desktop\JRT.exe
2015-06-30 08:07 - 2015-06-30 08:07 - 00001299 _____ C:\Users\Marvin\Desktop\mbam.txt
2015-06-30 07:09 - 2015-06-30 07:09 - 00001859 _____ C:\Users\Marvin\Desktop\AdwCleaner[S4].txt
2015-06-29 21:27 - 2015-06-29 21:27 - 00023309 _____ C:\ComboFix.txt
2015-06-29 21:05 - 2015-06-29 21:05 - 00001123 _____ C:\Users\Marvin\Desktop\ComboFix - Verknüpfung.lnk
2015-06-29 21:02 - 2011-06-26 08:45 - 00256000 _____ C:\windows\PEV.exe
2015-06-29 21:02 - 2010-11-07 19:20 - 00208896 _____ C:\windows\MBR.exe
2015-06-29 21:02 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2015-06-29 21:02 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2015-06-29 21:02 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2015-06-29 21:02 - 2000-08-31 02:00 - 00098816 _____ C:\windows\sed.exe
2015-06-29 21:02 - 2000-08-31 02:00 - 00080412 _____ C:\windows\grep.exe
2015-06-29 21:02 - 2000-08-31 02:00 - 00068096 _____ C:\windows\zip.exe
2015-06-29 21:01 - 2015-06-29 21:27 - 00000000 ____D C:\Qoobox
2015-06-29 21:01 - 2015-06-29 21:25 - 00000000 ____D C:\windows\erdnt
2015-06-29 21:01 - 2015-06-29 21:01 - 05630589 ____R (Swearware) C:\Users\Marvin\Downloads\ComboFix.exe
2015-06-29 19:34 - 2015-06-29 19:34 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Marvin\Desktop\tdsskiller.exe
2015-06-29 19:29 - 2015-06-29 19:30 - 00056775 _____ C:\Users\Marvin\Downloads\Addition.txt
2015-06-29 19:28 - 2015-06-30 08:14 - 00000000 ____D C:\FRST
2015-06-29 19:28 - 2015-06-29 19:30 - 00053074 _____ C:\Users\Marvin\Downloads\FRST.txt
2015-06-29 19:28 - 2015-06-29 19:28 - 02112512 _____ (Farbar) C:\Users\Marvin\Desktop\FRST64.exe
2015-06-29 18:39 - 2015-06-29 18:39 - 05530096 _____ (Advanced System Protector ) C:\Users\Marvin\Downloads\aspsetup.exe
2015-06-29 18:29 - 2015-06-29 18:29 - 00000000 ____D C:\RegBackup
2015-06-29 18:27 - 2015-06-29 18:27 - 02950645 _____ (Malwarebytes Corporation) C:\Users\Marvin\Desktop\JRT_7.2.1.exe
2015-06-27 10:28 - 2015-06-30 08:05 - 00000392 _____ C:\windows\setupact.log
2015-06-27 10:28 - 2015-06-29 21:20 - 00000902 _____ C:\windows\PFRO.log
2015-06-27 10:28 - 2015-06-27 10:28 - 00000000 _____ C:\windows\setuperr.log
2015-06-27 10:22 - 2015-06-27 10:22 - 02244096 _____ C:\Users\Marvin\Desktop\adwcleaner_4.207.exe
2015-06-27 07:28 - 2015-06-27 09:57 - 00000000 ____D C:\Program Files (x86)\Responsive Inspector
2015-06-20 15:37 - 2015-06-20 15:38 - 03930567 _____ C:\Users\Marvin\Downloads\95d8e1bfc946e8efccd53137830f544fe7928335.torrent
2015-06-20 14:52 - 2015-06-20 14:52 - 00000000 ____D C:\Users\Marvin\AppData\Local\WarThunder
2015-06-20 14:48 - 2015-06-20 15:02 - 00017880 _____ C:\Users\Marvin\Desktop\clickerHeroSave.txt
2015-06-14 13:03 - 2015-06-14 13:03 - 00000000 ____D C:\Users\Marvin\AppData\Local\Activision
2015-06-14 11:39 - 2015-06-14 11:39 - 00000000 ____D C:\Users\Marvin\AppData\Local\Steam
2015-06-13 15:02 - 2015-06-13 22:44 - 00000000 ____D C:\Users\Marvin\Desktop\backuppic
2015-06-13 14:26 - 2015-06-13 14:26 - 00026565 _____ C:\windows\SysWOW64\msrsb04.dll
2015-06-13 14:26 - 2015-06-13 14:26 - 00000000 ____D C:\Users\Marvin\AppData\Local\IsolatedStorage
2015-06-13 14:25 - 2015-06-13 14:25 - 00002198 _____ C:\Users\Marvin\Desktop\iDevice Manager.lnk
2015-06-13 14:25 - 2015-06-13 14:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iDevice Manager
2015-06-10 16:25 - 2015-05-28 04:02 - 19291136 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-06-10 16:25 - 2015-05-25 20:24 - 05569984 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-06-10 16:25 - 2015-05-25 20:23 - 00155584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-06-10 16:25 - 2015-05-25 20:23 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-06-10 16:25 - 2015-05-25 20:21 - 01728960 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2015-06-10 16:25 - 2015-05-25 20:19 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-06-10 16:25 - 2015-05-25 20:19 - 01255424 _____ (Microsoft Corporation) C:\windows\system32\diagtrack.dll
2015-06-10 16:25 - 2015-05-25 20:19 - 01162752 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2015-06-10 16:25 - 2015-05-25 20:19 - 00879104 _____ (Microsoft Corporation) C:\windows\system32\tdh.dll
2015-06-10 16:25 - 2015-05-25 20:19 - 00728576 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-06-10 16:25 - 2015-05-25 20:19 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-06-10 16:25 - 2015-05-25 20:19 - 00424960 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2015-06-10 16:25 - 2015-05-25 20:19 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2015-06-10 16:25 - 2015-05-25 20:19 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-06-10 16:25 - 2015-05-25 20:19 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-06-10 16:25 - 2015-05-25 20:19 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-06-10 16:25 - 2015-05-25 20:19 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2015-06-10 16:25 - 2015-05-25 20:19 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2015-06-10 16:25 - 2015-05-25 20:19 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-06-10 16:25 - 2015-05-25 20:19 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-06-10 16:25 - 2015-05-25 20:19 - 00113664 _____ (Microsoft Corporation) C:\windows\system32\sechost.dll
2015-06-10 16:25 - 2015-05-25 20:19 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-06-10 16:25 - 2015-05-25 20:19 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-06-10 16:25 - 2015-05-25 20:19 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-06-10 16:25 - 2015-05-25 20:19 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-06-10 16:25 - 2015-05-25 20:19 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2015-06-10 16:25 - 2015-05-25 20:19 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2015-06-10 16:25 - 2015-05-25 20:18 - 00879104 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2015-06-10 16:25 - 2015-05-25 20:18 - 00404992 _____ (Microsoft Corporation) C:\windows\system32\tracerpt.exe
2015-06-10 16:25 - 2015-05-25 20:18 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2015-06-10 16:25 - 2015-05-25 20:18 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-06-10 16:25 - 2015-05-25 20:18 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2015-06-10 16:25 - 2015-05-25 20:18 - 00104448 _____ (Microsoft Corporation) C:\windows\system32\logman.exe
2015-06-10 16:25 - 2015-05-25 20:18 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-06-10 16:25 - 2015-05-25 20:18 - 00047104 _____ (Microsoft Corporation) C:\windows\system32\typeperf.exe
2015-06-10 16:25 - 2015-05-25 20:18 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2015-06-10 16:25 - 2015-05-25 20:18 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\relog.exe
2015-06-10 16:25 - 2015-05-25 20:18 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-06-10 16:25 - 2015-05-25 20:18 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-06-10 16:25 - 2015-05-25 20:18 - 00019456 _____ (Microsoft Corporation) C:\windows\system32\diskperf.exe
2015-06-10 16:25 - 2015-05-25 20:14 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-06-10 16:25 - 2015-05-25 20:14 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-06-10 16:25 - 2015-05-25 20:11 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-06-10 16:25 - 2015-05-25 20:11 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2015-06-10 16:25 - 2015-05-25 20:11 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 20:11 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 20:11 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 20:11 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 20:07 - 03989440 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-06-10 16:25 - 2015-05-25 20:07 - 03934144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-06-10 16:25 - 2015-05-25 20:04 - 01310744 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2015-06-10 16:25 - 2015-05-25 20:01 - 00641536 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2015-06-10 16:25 - 2015-05-25 20:01 - 00635392 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdh.dll
2015-06-10 16:25 - 2015-05-25 20:01 - 00551424 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-06-10 16:25 - 2015-05-25 20:01 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-06-10 16:25 - 2015-05-25 20:01 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-06-10 16:25 - 2015-05-25 20:01 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-06-10 16:25 - 2015-05-25 20:01 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2015-06-10 16:25 - 2015-05-25 20:01 - 00092160 _____ (Microsoft Corporation) C:\windows\SysWOW64\sechost.dll
2015-06-10 16:25 - 2015-05-25 20:01 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2015-06-10 16:25 - 2015-05-25 20:01 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-06-10 16:25 - 2015-05-25 20:01 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2015-06-10 16:25 - 2015-05-25 20:01 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2015-06-10 16:25 - 2015-05-25 20:01 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2015-06-10 16:25 - 2015-05-25 20:00 - 00364544 _____ (Microsoft Corporation) C:\windows\SysWOW64\tracerpt.exe
2015-06-10 16:25 - 2015-05-25 20:00 - 00082944 _____ (Microsoft Corporation) C:\windows\SysWOW64\logman.exe
2015-06-10 16:25 - 2015-05-25 20:00 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2015-06-10 16:25 - 2015-05-25 20:00 - 00040448 _____ (Microsoft Corporation) C:\windows\SysWOW64\typeperf.exe
2015-06-10 16:25 - 2015-05-25 20:00 - 00037888 _____ (Microsoft Corporation) C:\windows\SysWOW64\relog.exe
2015-06-10 16:25 - 2015-05-25 20:00 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2015-06-10 16:25 - 2015-05-25 20:00 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\diskperf.exe
2015-06-10 16:25 - 2015-05-25 19:59 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2015-06-10 16:25 - 2015-05-25 19:59 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2015-06-10 16:25 - 2015-05-25 19:59 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2015-06-10 16:25 - 2015-05-25 19:59 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2015-06-10 16:25 - 2015-05-25 19:57 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-06-10 16:25 - 2015-05-25 19:57 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2015-06-10 16:25 - 2015-05-25 19:55 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-06-10 16:25 - 2015-05-25 19:55 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2015-06-10 16:25 - 2015-05-25 19:55 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 19:55 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 19:00 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\UtcResources.dll
2015-06-10 16:25 - 2015-05-25 18:50 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2015-06-10 16:25 - 2015-05-25 18:50 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2015-06-10 16:25 - 2015-05-25 18:48 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 18:48 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 18:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 18:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-06-10 16:25 - 2015-04-29 20:22 - 14635008 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2015-06-10 16:25 - 2015-04-29 20:21 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\spwmp.dll
2015-06-10 16:25 - 2015-04-29 20:21 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\msdxm.ocx
2015-06-10 16:25 - 2015-04-29 20:21 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\dxmasf.dll
2015-06-10 16:25 - 2015-04-29 20:19 - 12625920 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL
2015-06-10 16:25 - 2015-04-29 20:07 - 11411456 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmp.dll
2015-06-10 16:25 - 2015-04-29 20:07 - 00008192 _____ (Microsoft Corporation) C:\windows\SysWOW64\spwmp.dll
2015-06-10 16:25 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\msdxm.ocx
2015-06-10 16:25 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxmasf.dll
2015-06-10 16:25 - 2015-04-29 20:05 - 12625408 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmploc.DLL
2015-06-10 16:25 - 2015-04-24 20:17 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\comctl32.dll
2015-06-10 16:25 - 2015-04-24 19:56 - 00530432 _____ (Microsoft Corporation) C:\windows\SysWOW64\comctl32.dll
2015-06-10 16:24 - 2015-05-28 04:04 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-06-10 16:24 - 2015-05-28 04:03 - 02237440 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-06-10 16:24 - 2015-05-28 04:03 - 01409024 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-06-10 16:24 - 2015-05-28 04:03 - 00601600 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-06-10 16:24 - 2015-05-28 04:02 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-06-10 16:24 - 2015-05-28 04:02 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-06-10 16:24 - 2015-05-28 04:02 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-06-10 16:24 - 2015-05-28 04:01 - 15415808 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-06-10 16:24 - 2015-05-28 04:01 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-06-10 16:24 - 2015-05-28 04:01 - 02656768 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-06-10 16:24 - 2015-05-28 04:01 - 00856064 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-06-10 16:24 - 2015-05-28 04:01 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-06-10 16:24 - 2015-05-28 04:01 - 00451584 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-06-10 16:24 - 2015-05-28 04:01 - 00281600 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-06-10 16:24 - 2015-05-28 04:01 - 00255488 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-06-10 16:24 - 2015-05-28 04:01 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2015-06-10 16:24 - 2015-05-28 04:01 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-06-10 16:24 - 2015-05-28 04:01 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-06-10 16:24 - 2015-05-28 04:01 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-06-10 16:24 - 2015-05-28 04:00 - 01509376 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-06-10 16:24 - 2015-05-28 02:45 - 01763328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-06-10 16:24 - 2015-05-28 02:45 - 01181696 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-06-10 16:24 - 2015-05-28 02:45 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-06-10 16:24 - 2015-05-28 02:44 - 14383104 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-06-10 16:24 - 2015-05-28 02:44 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-06-10 16:24 - 2015-05-28 02:44 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-06-10 16:24 - 2015-05-28 02:44 - 00080384 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-06-10 16:24 - 2015-05-28 02:43 - 13771776 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-06-10 16:24 - 2015-05-28 02:43 - 02865152 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-06-10 16:24 - 2015-05-28 02:43 - 02055680 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-06-10 16:24 - 2015-05-28 02:43 - 01441280 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-06-10 16:24 - 2015-05-28 02:43 - 00690176 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-06-10 16:24 - 2015-05-28 02:43 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-06-10 16:24 - 2015-05-28 02:43 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-06-10 16:24 - 2015-05-28 02:43 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-06-10 16:24 - 2015-05-28 02:43 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-06-10 16:24 - 2015-05-28 02:43 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2015-06-10 16:24 - 2015-05-28 02:43 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-06-10 16:24 - 2015-05-28 02:43 - 00039936 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-06-10 16:24 - 2015-05-28 02:43 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-06-10 16:24 - 2015-05-28 02:24 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-06-10 16:24 - 2015-05-28 02:23 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-06-10 16:24 - 2015-05-28 02:00 - 00441856 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-06-10 16:24 - 2015-05-28 01:55 - 00361984 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2015-06-10 16:24 - 2015-05-28 01:34 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2015-06-10 16:24 - 2015-05-28 01:32 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2015-06-10 16:20 - 2015-05-25 19:08 - 03206144 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-06-10 16:20 - 2015-04-11 05:19 - 00069888 _____ (Microsoft Corporation) C:\windows\system32\Drivers\stream.sys
2015-06-09 19:20 - 2015-06-27 09:57 - 00000000 ____D C:\Program Files (x86)\VIA3  Video Conferencing Messaging
2015-06-06 20:53 - 2015-06-27 10:06 - 00000000 ____D C:\Program Files (x86)\SoftwareForce
2015-06-05 20:07 - 2015-05-22 20:18 - 01021440 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-06-05 20:07 - 2015-05-22 20:18 - 00757248 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-06-05 20:07 - 2015-05-22 20:18 - 00700416 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-06-05 20:07 - 2015-05-22 20:18 - 00423424 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-06-05 20:07 - 2015-05-22 20:18 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-06-05 20:07 - 2015-05-22 20:18 - 00045568 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2015-06-05 20:07 - 2015-05-22 20:13 - 01119232 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-06-05 20:07 - 2015-05-21 15:19 - 00193536 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-30 08:12 - 2011-07-21 21:18 - 00765838 _____ C:\windows\system32\perfh007.dat
2015-06-30 08:12 - 2011-07-21 21:18 - 00175036 _____ C:\windows\system32\perfc007.dat
2015-06-30 08:12 - 2009-07-14 07:13 - 01807338 _____ C:\windows\system32\PerfStringBackup.INI
2015-06-30 08:09 - 2009-07-14 06:45 - 00028624 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-30 08:09 - 2009-07-14 06:45 - 00028624 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-30 08:08 - 2011-07-21 21:51 - 01946647 _____ C:\windows\WindowsUpdate.log
2015-06-30 08:06 - 2015-05-15 10:04 - 00136408 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-30 08:05 - 2015-05-17 20:13 - 00001106 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-30 08:05 - 2009-07-14 07:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-06-30 07:26 - 2012-03-29 16:21 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-06-30 07:24 - 2015-05-17 20:13 - 00001110 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-30 07:07 - 2013-11-09 14:51 - 00000000 ____D C:\AdwCleaner
2015-06-29 21:27 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2015-06-29 21:21 - 2009-07-14 04:34 - 00000215 _____ C:\windows\system.ini
2015-06-29 21:20 - 2009-07-14 04:34 - 25427968 _____ C:\windows\system32\config\system.bak
2015-06-29 21:20 - 2009-07-14 04:34 - 103809024 _____ C:\windows\system32\config\software.bak
2015-06-29 21:20 - 2009-07-14 04:34 - 01835008 _____ C:\windows\system32\config\default.bak
2015-06-29 21:20 - 2009-07-14 04:34 - 00065536 _____ C:\windows\system32\config\sam.bak
2015-06-29 21:20 - 2009-07-14 04:34 - 00028672 _____ C:\windows\system32\config\security.bak
2015-06-29 21:05 - 2015-05-15 10:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-29 21:04 - 2015-05-18 17:30 - 00000000 ____D C:\Users\Marvin\Desktop\System
2015-06-29 19:46 - 2014-05-04 14:06 - 00000000 ____D C:\Users\Marvin\AppData\Roaming\Spotify
2015-06-29 19:41 - 2015-05-18 20:36 - 00000000 ____D C:\Users\Marvin\AppData\Local\Spotify
2015-06-29 18:13 - 2009-07-14 07:08 - 00032632 _____ C:\windows\Tasks\SCHEDLGU.TXT
2015-06-27 10:24 - 2015-05-25 09:16 - 00000000 ____D C:\Users\Marvin\AppData\Local\CrashDumps
2015-06-27 10:24 - 2013-09-05 16:20 - 00000000 ____D C:\Program Files (x86)\Steam
2015-06-27 10:24 - 2012-07-22 10:07 - 00002774 _____ C:\windows\System32\Tasks\CCleanerSkipUAC
2015-06-27 10:24 - 2011-02-11 21:57 - 00000000 ____D C:\windows\Panther
2015-06-27 10:05 - 2011-12-26 01:51 - 00000000 ____D C:\Users\Marvin\AppData\Roaming\Skype
2015-06-27 09:57 - 2015-05-17 18:40 - 00000000 ____D C:\Program Files (x86)\b05f4dc8-3eb1-4310-b007-92743b80b6d6
2015-06-27 09:57 - 2013-09-15 15:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-27 09:57 - 2011-12-28 03:28 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-06-27 09:42 - 2015-05-17 19:09 - 00000000 ____D C:\Users\Marvin\AppData\Local\Mozilla
2015-06-27 00:26 - 2012-03-29 16:21 - 00778416 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-06-27 00:26 - 2012-03-29 16:21 - 00003822 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-06-27 00:26 - 2011-12-25 01:01 - 00142512 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-26 23:25 - 2015-05-17 20:13 - 00002135 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-20 12:26 - 2012-07-04 14:20 - 00000000 ____D C:\Users\Marvin\AppData\Local\Google
2015-06-14 11:47 - 2013-03-08 17:22 - 00000000 ____D C:\ProgramData\Electronic Arts
2015-06-14 11:46 - 2015-05-03 13:37 - 00000000 ____D C:\Program Files (x86)\SpeedFan
2015-06-14 11:46 - 2009-07-14 07:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-06-13 15:11 - 2009-07-14 07:09 - 00000000 ____D C:\windows\System32\Tasks\WPD
2015-06-13 14:34 - 2011-12-31 01:17 - 00000000 ____D C:\Users\Marvin\Desktop\Sonstiges
2015-06-12 18:01 - 2009-07-14 05:20 - 00000000 ____D C:\windows\rescache
2015-06-12 16:40 - 2015-05-15 20:03 - 05043400 _____ C:\windows\system32\FNTCACHE.DAT
2015-06-11 19:12 - 2012-01-12 17:34 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-11 19:06 - 2013-07-25 14:56 - 00000000 ____D C:\windows\system32\MRT
2015-06-11 18:37 - 2011-12-25 11:53 - 140135120 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-06-11 18:36 - 2009-07-14 04:34 - 00000580 _____ C:\windows\win.ini
2015-06-09 13:42 - 2014-12-13 19:23 - 00000000 ____D C:\windows\system32\appraiser
2015-06-09 13:42 - 2014-04-28 14:35 - 00000000 ___SD C:\windows\system32\CompatTel
2015-06-01 17:27 - 2009-07-14 05:20 - 00000000 ____D C:\windows\system32\NDF

==================== Files in the root of some directories =======

2015-04-14 18:28 - 2015-04-14 18:28 - 0004387 _____ () C:\Users\Marvin\AppData\Roaming\09grw4H1Lq1DtjJuwoG
2015-06-30 08:13 - 2015-06-30 08:13 - 0000024 _____ () C:\Users\Marvin\AppData\Roaming\appdataFr25.bin
2012-09-17 18:04 - 2012-12-05 19:44 - 0000000 _____ () C:\Users\Marvin\AppData\Roaming\Brother
2015-04-19 14:20 - 2015-04-19 14:20 - 0005872 _____ () C:\Users\Marvin\AppData\Roaming\D4Bmst5g3iT3eCVS4UrxT8h2
2012-01-23 15:58 - 2012-01-29 18:26 - 0000600 _____ () C:\Users\Marvin\AppData\Roaming\winscp.rnd
2015-05-22 19:37 - 2015-05-22 19:37 - 0002713 _____ () C:\Users\Marvin\AppData\Local\recently-used.xbel
2012-09-17 18:12 - 2012-09-17 18:12 - 0000000 _____ () C:\ProgramData\Bundle
2011-12-26 01:52 - 2011-12-26 01:52 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2012-09-17 18:04 - 2012-12-05 19:42 - 0000000 ____H () C:\ProgramData\PKP_DLes.DAT
2012-09-17 18:04 - 2012-12-05 19:44 - 0000000 ____H () C:\ProgramData\PKP_DLet.DAT
2012-09-17 18:03 - 2012-09-17 18:12 - 0000000 ____H () C:\ProgramData\PKP_DLeu.DAT
2012-09-17 18:04 - 2012-12-05 19:44 - 0000000 ____H () C:\ProgramData\PKP_DLev.DAT
2011-07-21 06:19 - 2011-07-21 06:20 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2011-07-21 06:11 - 2011-07-21 06:12 - 0000113 _____ () C:\ProgramData\{34FBC7C4-CD31-4D93-A428-0E524EAC4586}.log
2011-07-21 06:16 - 2011-07-21 06:17 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2011-07-21 06:12 - 2011-07-21 06:16 - 0000106 _____ () C:\ProgramData\{80E158EA-7181-40FE-A701-301CE6BE64AB}.log
2011-07-21 06:17 - 2011-07-21 06:19 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log

Some files in TEMP:
====================
C:\Users\Marvin\AppData\Local\Temp\Quarantine.exe
C:\Users\Marvin\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-26 23:57

==================== End of log ============================
--- --- ---


Addition
[CODE]Additional
FRST Logfile:
Code:
scan result of Farbar Recovery Scan Tool (x64) Version:28-06-2015 01
Ran by Marvin at 2015-06-30 08:15:30
Running from C:\Users\Marvin\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2545573064-1671415295-1629012448-500 - Administrator - Disabled)
Gast (S-1-5-21-2545573064-1671415295-1629012448-501 - Limited - Enabled) => C:\Users\Gast
HomeGroupUser$ (S-1-5-21-2545573064-1671415295-1629012448-1002 - Limited - Enabled)
Marvin (S-1-5-21-2545573064-1671415295-1629012448-1000 - Administrator - Enabled) => C:\Users\Marvin

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Disabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

„Windows Live Essentials“ (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
„Windows Live“ fotogalerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.2.1.650 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.190 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.190 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{2748FDE2-7BA8-1D20-11A2-FF01CEB009A5}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-Bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Atheros)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
AVG 2013 (Version: 13.0.2641 - AVG Technologies) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 5.60.48.55 - Broadcom Corporation)
Call of Duty(R) - World at War(TM) (HKLM-x32\...\InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}) (Version: 1.7 - Activision)
Call of Duty(R) - World at War(TM) (x32 Version: 1.0 - Activision) Hidden
Call of Duty(R) - World at War(TM) 1.1 Patch (x32 Version:  - ) Hidden
Call of Duty(R) - World at War(TM) 1.1 Patch (x32 Version: 1.1 - Activision) Hidden
Call of Duty(R) - World at War(TM) 1.2 Patch (x32 Version:  - ) Hidden
Call of Duty(R) - World at War(TM) 1.2 Patch (x32 Version: 1.2 - Activision) Hidden
Call of Duty(R) - World at War(TM) 1.3 Patch (x32 Version:  - ) Hidden
Call of Duty(R) - World at War(TM) 1.3 Patch (x32 Version: 1.3 - Activision) Hidden
Call of Duty(R) - World at War(TM) 1.4 Patch (x32 Version:  - ) Hidden
Call of Duty(R) - World at War(TM) 1.4 Patch (x32 Version: 1.4 - Activision) Hidden
Call of Duty(R) - World at War(TM) 1.5 Patch (x32 Version:  - ) Hidden
Call of Duty(R) - World at War(TM) 1.5 Patch (x32 Version: 1.5 - Activision) Hidden
Call of Duty(R) - World at War(TM) 1.6 Patch (x32 Version:  - ) Hidden
Call of Duty(R) - World at War(TM) 1.6 Patch (x32 Version: 1.6 - Activision) Hidden
Call of Duty(R) - World at War(TM) 1.7 Patch (x32 Version:  - ) Hidden
Call of Duty(R) - World at War(TM) 1.7 Patch (x32 Version: 1.7 - Activision) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.07 - Piriform)
CPUID CPU-Z 1.72 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.4013 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.48.1.0347 - Disc Soft Ltd)
Download Navigator (HKLM-x32\...\{04A86A16-2082-46EE-8AD2-9A6FDC96DD27}) (Version: 3.3.0 - SEIKO EPSON CORPORATION)
Druckerdeinstallation für EPSON XP-302 303 305 306 Series (HKLM\...\EPSON XP-302 303 305 306 Series) (Version:  - SEIKO EPSON Corporation)
Elements 9 Organizer (x32 Version: 9.0 - Ihr Firmenname) Hidden
Elements STI Installer (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Epson Easy Photo Print 2 (HKLM-x32\...\{02A312B5-1542-47B6-BFE9-F51358C39E86}) (Version: 2.4.0.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION2)
Epson E-Web Print (HKLM-x32\...\{CEC98C2A-9ED5-49DA-9F3A-92434E0A4FA3}) (Version: 1.19.0000 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Free YouTube to MP3 Converter version 3.12.59.505 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.59.505 - DVDVideoSoft Ltd.)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Garry)
GDR 5520 für SQL Server 2008 (KB 2977321) (64-bit) (HKLM\...\KB2977321) (Version: 10.3.5520.0 - Microsoft Corporation)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
globalupdate Helper (x32 Version: 1.3.25.0 - globalupdate Inc.) Hidden <==== ATTENTION
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.130 - Google Inc.)
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Grand Theft Auto IV (x32 Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.242 - SurfRight B.V.)
iBackupBot 5.2.5 (HKLM-x32\...\iBackupBot) (Version: 5.2.5 - VOWSoft, Ltd.)
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)
Intel PROSet Wireless (x32 Version:  - ) Hidden
Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{3C41721F-AF0F-4086-AA1C-4C7F29076228}) (Version: 14.01.1000 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
jahPlayer (HKLM-x32\...\jahPlayer) (Version:  - )
Java 7 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
K-Lite Codec Pack 5.2.0 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 5.2.0 - )
Kontrola Windows Live Mesh ActiveX za daljinske veze (HKLM-x32\...\{19CBDE24-2761-49A5-816B-D2BA65D0CA8D}) (Version: 15.4.5722.2 - Microsoft Corporation)
Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave (HKLM-x32\...\{CA227A9D-09BE-4BFB-9764-48FED2DA5454}) (Version: 15.4.5722.2 - Microsoft Corporation)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.0 Language Pack - DEU (HKLM\...\Microsoft Help Viewer 1.0 Language Pack - DEU) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 (64-bit) (HKLM\...\Microsoft SQL Server 10 Release) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 Browser (HKLM-x32\...\{4AF2248C-B3DF-46FB-9596-87F5DB193689}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{12FE6AA6-65D2-40EE-B925-62193128A0E6}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{A106D33E-6B43-42C0-9BFC-D03303261FA7}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{393CA5BF-0362-42FD-ABC2-BA9D22EF925E}) (Version: 10.3.5520.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 DEU (HKLM-x32\...\{0125D081-30D0-4A97-82A8-C28D444B6256}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 DEU (HKLM\...\{C3EAE456-7E7A-451F-80EF-F34C7A13C558}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{5A08C9D1-37AD-4A8D-90D3-33F92C578AA5}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{28D06854-572C-4A65-83E5-F8CAF26B9FDC}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Runtime - 10.0.30319 (HKLM\...\{94D70749-4281-39AC-AD90-B56A0E0A402E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{616C6F39-4CE1-3434-A665-2F6A04C09A7F}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU (HKLM\...\{3C983A67-DFB2-3D3D-AD9E-CA1A5A09FD18}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 37.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 de)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 37.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
msxml4 (HKLM-x32\...\{5AE3D9F1-9E9E-4015-8787-E22705AA32C5}) (Version: 1.0.0 - Default Company Name)
Multimedia POP (HKLM-x32\...\{331ECF61-69AF-4F57-AC35-AFED610231C3}) (Version: 1.1 - )
Nero Backup Drivers (HKLM\...\{D600D357-5CB9-4DE9-8FD4-14E208BD1970}) (Version: 1.0.11100.8.0 - Nero AG)
Nur Entfernen der CopyTrans Suite möglich (HKU\S-1-5-21-2545573064-1671415295-1629012448-1000\...\CopyTrans Suite) (Version: 2.37 - WindSolutions)
OpenLibraries (HKLM-x32\...\OpenLibraries) (Version:  - )
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
ProtectDisc Driver, Version 11 (HKLM-x32\...\ProtectDisc Driver 11) (Version: 11.0.0.14 - ProtectDisc Software GmbH)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.45.516.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6400 - Realtek Semiconductor Corp.)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Samsung Control Center (HKLM-x32\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 1.0 - Samsung Electronics Co., Ltd.)
Samsung Recovery Solution 5 (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 5.0.1.3 - Samsung)
Samsung Support Center 1.0 (HKLM-x32\...\{F687E657-F636-44DF-8125-9FEEA2C362F5}) (Version: 1.1.38 - Samsung)
Samsung Universal Print Driver (HKLM-x32\...\Samsung Universal Print Driver) (Version: 2.02.05.00:27 - Samsung Electronics Co., Ltd.)
Samsung Universal Scan Driver (HKLM-x32\...\Samsung Universal Scan Driver) (Version: 1.2.5.0 - Samsung Electronics Co., Ltd.)
Samsung Update Plus (HKLM-x32\...\{142D8CA7-2C6F-45A7-83E3-099AAFD99133}) (Version: 3.0.0.17 - Samsung Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 3 für SQL Server 2008 (KB2546951) (64-bit) (HKLM\...\KB2546951) (Version: 10.3.5500.0 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Software Updater (HKLM-x32\...\{C09D747A-BD47-42A9-915E-CEB6B1BB7C11}) (Version: 4.2.7 - SEIKO EPSON CORPORATION)
Spotify (HKU\S-1-5-21-2545573064-1671415295-1629012448-1000\...\Spotify) (Version: 1.0.7.157.g2a6526f9 - Spotify AB)
Sql Server Customer Experience Improvement Program (Version: 10.3.5500.0 - Microsoft Corporation) Hidden
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.13.1 - TeamSpeak Systems GmbH)
TuneUp Companion 2.2.7 (HKLM-x32\...\TuneUpMedia) (Version: 2.2.7 - TuneUp Media, Inc.)
TuneUp Utilities 2013 (HKLM-x32\...\TuneUp Utilities 2013) (Version: 13.0.2013.194 - TuneUp Software)
TuneUp Utilities 2013 (x32 Version: 13.0.2013.194 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (en-US) (x32 Version: 13.0.2013.194 - TuneUp Software) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VLC media player 1.1.11 (HKLM-x32\...\VLC media player) (Version: 1.1.11 - VideoLAN)
War Thunder (HKLM-x32\...\Steam App 236390) (Version:  - Gaijin Entertainment)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR 4.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
WordCaptureX Pro (HKLM-x32\...\{139C1D95-9037-3AB3-F5F4-4A79BF6831EC}) (Version: 4.0.0 - Deskperience)
Your Product (HKLM-x32\...\Your Product1.0) (Version: 1.0 - Your Company)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

20-06-2015 12:35:58 Windows Update
26-06-2015 22:58:30 Windows Update
29-06-2015 21:02:09 ComboFix created restore point

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2015-06-29 21:21 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {11EE5FD4-E46E-4D3E-BE64-5D42B308EC2F} - System32\Tasks\SUPBackground => C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe [2011-01-12] (Samsung Electronics)
Task: {12E2745D-D8DB-4F12-9F37-2544B87A80B0} - System32\Tasks\{FD9645F9-CA54-488A-9AE1-E059EA60D436} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{17283B95-21A8-4996-97DA-547A48DB266F}\setup.exe" -d "C:\Program Files (x86)\InstallShield Installation Information\{17283B95-21A8-4996-97DA-547A48DB266F}"
Task: {133FDAA6-03EA-47D8-8B8E-AAEDD164486C} - System32\Tasks\{F91F98E5-501B-4F99-AAF9-64E3DFA60859} => pcalua.exe -a C:\Users\Marvin\Downloads\PSE_5.0_WIN_ESD1_DE.exe -d C:\Users\Marvin\Downloads
Task: {146831AB-977B-4466-A37C-8132E2964E9C} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\Samsung Control Center\EBM\EasyBatteryMgr4.exe [2011-05-09] (SAMSUNG Electronics co., LTD.)
Task: {197AB0E6-09EB-48CA-A83F-35DD5C94EC16} - System32\Tasks\{C183DF6C-42C2-44E2-AB22-AD47C67E1724} => C:\Program Files (x86)\iPhoneBrowser\iPhoneBrowser.exe
Task: {24B9B3AC-9A92-4DC7-BDBC-2BE32EE60A00} - System32\Tasks\{66D3EC76-D9DC-48A8-9D96-C7630F815A91} => C:\Program Files (x86)\Rockstar Games\GTA San Andreas\gta_sa.exe
Task: {340351E2-7790-4A6E-8A49-E35601FE80B0} - System32\Tasks\SvcDelay => C:\Windows\temp\SvcDelay.exe
Task: {46CC1074-1FAC-4981-BB9E-F27BC91583AB} - System32\Tasks\{B7349295-B75B-45FF-B29A-F3724694F7F9} => pcalua.exe -a C:\Users\Marvin\AppData\Local\Temp\Temp1_pbsetup.zip\pbsetup.exe
Task: {4E481420-08F6-4F19-AB66-A4BA5205FFDC} - System32\Tasks\SamsungSupportCenter => C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe [2011-09-04] (SAMSUNG Electronics)
Task: {5002D113-FD9A-4186-8930-47553D453087} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2013\OneClick.exe [2012-09-17] (TuneUp Software)
Task: {54493605-DA64-4842-B8B7-91C17101956E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-17] (Google Inc.)
Task: {60D0E33B-2CF4-4071-B7E7-825D91288EEF} - System32\Tasks\{FA6BA6FF-86F1-4376-A173-1C5D4553B892} => pcalua.exe -a C:\Users\Marvin\AppData\Local\Temp\Temp1_WBFSManager3.0.1-RTW-x64.zip\setup.exe
Task: {61B481F5-46AD-46BC-8EB9-EBF82037F967} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-17] (Google Inc.)
Task: {6ECC35CD-3826-42A4-9F38-DEFF395803E1} - System32\Tasks\{41119750-8CDB-43D3-A18D-49A7D6E34E8D} => pcalua.exe -a C:\Users\Marvin\Downloads\SetupiPhoneBrowser.1.91.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {73AA9B64-FF9E-4B7C-805F-EFCF590D45AD} - System32\Tasks\{CE526F6F-E8DC-40A6-8703-6D10C232F564} => C:\Program Files (x86)\iPhoneBrowser\iPhoneBrowser.exe
Task: {7558D982-20FC-4565-AD2D-34F983BA56A1} - System32\Tasks\AdobeAAMUpdater-1.0-Marvin-PC-Marvin => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated)
Task: {7B719969-F143-4B5D-A94D-F10D79BDA580} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-10-22] (Piriform Ltd)
Task: {81B46C8D-F2F6-43A2-A560-F23BA244C322} - System32\Tasks\advSRS5 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe [2011-03-29] (SEC)
Task: {8A273E5B-B2D4-4392-BEAB-70A0364E2107} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {8DE93BA1-ECE0-4A07-BD4B-7B4F402F782E} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Samsung Control Center\dmhkcore.exe [2011-06-15] (Samsung Electronics Co., Ltd.)
Task: {91F305C2-7AAC-4AD1-A2D7-18F2778CAE0E} - System32\Tasks\MovieColorEnhancer => C:\Program Files (x86)\Samsung\Samsung Control Center\MovieColorEnhancer.exe [2011-02-16] (Samsung Electronics Co., Ltd.)
Task: {97224D5F-7F24-4EBC-8CC1-E4D7DA323A62} - System32\Tasks\{DA8BD37B-D4DB-4009-930E-D3328DF2D69A} => C:\Program Files (x86)\Rockstar Games\GTA San Andreas\gta_sa.exe
Task: {9E69DAE8-AC47-478E-8BAC-0EA28B695205} - System32\Tasks\{555A58B4-EE2D-4E5F-A488-58366B1C4CC3} => C:\Program Files (x86)\Rockstar Games\GTA San Andreas\gta_sa.exe
Task: {C2C98F00-AD81-4AF6-A160-D1ECA910D769} - System32\Tasks\{28680E42-0417-4147-8F36-E0B29C155489} => C:\Program Files (x86)\Rockstar Games\GTA San Andreas\gta_sa.exe
Task: {C5F246C3-01C1-4425-9059-361BB99B99F1} - System32\Tasks\SmartSetting => C:\Program Files (x86)\Samsung\Samsung Control Center\SmartSetting.exe [2011-06-04] (Samsung Electronics Co., Ltd.)
Task: {CE561253-E65B-4601-8363-2BE5F3BA00F1} - System32\Tasks\EasyPartitionManager => C:\Windows\MSetup\BA46-12225A02\EPM.exe
Task: {D01A72E6-4909-4893-ACB5-1B4D037E2F0A} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-03-12] (Oracle Corporation)
Task: {D625583E-4F39-42A9-847A-C12E40A23386} - System32\Tasks\{CE73ADFF-0AD8-4D35-846A-846F72E35E02} => C:\Program Files (x86)\Rockstar Games\GTA San Andreas\gta_sa.exe
Task: {DC4097BB-80E7-4AA8-8677-2016C868A029} - System32\Tasks\SCCSpeedBoot => C:\Program Files (x86)\Samsung\Samsung Control Center\SCCSpeedBoot.exe [2011-05-18] (Samsung Electronics Co., Ltd.)
Task: {E17E0554-C5C1-4C6E-A08B-3BFD458C5EE1} - System32\Tasks\Google Updater and Installer => C:\Users\Marvin\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {E69545C2-A3B7-4E78-8563-A33D8EB77554} - System32\Tasks\WifiManager => C:\Program Files (x86)\Samsung\Samsung Control Center\WifiManager.exe [2011-06-15] (Samsung Electronics Co., Ltd.)
Task: {EA9AD490-377C-4893-990C-B638421AF152} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-04-14] (CyberLink)
Task: {FAC99DC5-D88D-42BE-83F9-866CE977D2BA} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-27] (Adobe Systems Incorporated)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2011-07-21 20:58 - 2008-06-05 01:53 - 00027648 _____ () C:\windows\System32\spd__l.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2011-07-21 20:58 - 2010-10-21 20:22 - 00709632 _____ () C:\windows\system32\SnMinDrv.dll
2015-06-26 23:25 - 2015-06-20 07:46 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\libglesv2.dll
2015-06-26 23:25 - 2015-06-20 07:46 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\libegl.dll
2015-06-26 23:25 - 2015-06-20 07:46 - 15003976 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:05EE1EEF
AlternateDataStreams: C:\ProgramData\Temp:AD022376

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2545573064-1671415295-1629012448-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Marvin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: Apple Mobile Device Service => 2
MSCONFIG\Services: EpsonScanSvc => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: Samsung UPD Service => 3
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"                                                                                                                                                                                                       
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"                                                                                                                                                                                   
MSCONFIG\startupreg: ApplePhotoStreams => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices                                                                                                                                                                                           
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun                                                                                                                                                                                                         
MSCONFIG\startupreg: EEventManager => "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"                                                                                                                                                                                                 
MSCONFIG\startupreg: EPLTarget =>
MSCONFIG\startupreg: Google Update => "C:\Users\Marvin\AppData\Local\Google\Update\GoogleUpdate.exe" /c                                                                                                                                                                                                       
MSCONFIG\startupreg: GoogleChromeAutoLaunch_46F1CB28F09B935A713F72D4B90FE680 => "C:\Users\Marvin\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: iCloudServices => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start                                                                                                                                                                                                 
MSCONFIG\startupreg: Spotify => "C:\Users\Marvin\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Marvin\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent                                                                                                                                                                                                                       
MSCONFIG\startupreg: uTorrent => "C:\Users\Marvin\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED                                                                                                                                                                                                     

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{B533BEAD-760B-4082-9DA0-54BF2F0D93C5}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\USDAgent.exe
FirewallRules: [{76536418-9980-4136-A940-01AC3FDA8068}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\USDAgent.exe
FirewallRules: [{5DE60AAD-259B-4A32-997B-29A78B957E08}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\ICCUpdater.exe
FirewallRules: [{33D218BC-2254-4513-8885-4EF0CBA07F96}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\ICCUpdater.exe
FirewallRules: [{752DF0A3-F849-4572-8243-3EA33FA265B2}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{CE794129-3BA4-4148-A605-5F5B1C8EC197}] => (Allow) LPort=2869
FirewallRules: [{70925FC6-7C9E-49DF-916D-4B49F27C6092}] => (Allow) LPort=1900
FirewallRules: [{AF431D3E-9319-4C5C-BC4C-36E81D16814F}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{090304E7-4608-4716-AFFB-13236A9BEBE9}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [TCP Query User{311EA05E-61F9-4D51-B362-3C0A7F8B5F98}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe] => (Allow) C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe
FirewallRules: [UDP Query User{7A5FC880-C91E-4783-91EE-668D73EE285A}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe] => (Allow) C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe
FirewallRules: [{64204237-5179-4897-9C62-A6C190C39DA8}] => (Allow) C:\ProgramData\NexonEU\NGM\NGM.exe
FirewallRules: [{0F6B505D-6288-4150-8B1A-CBCDA16F29E0}] => (Allow) C:\ProgramData\NexonEU\NGM\NGM.exe
FirewallRules: [TCP Query User{DAC72453-0B67-463A-A625-49C699FD1E88}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe] => (Allow) C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe
FirewallRules: [UDP Query User{04A2CDF2-379E-47AD-9A66-EC56940C5960}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe] => (Allow) C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe
FirewallRules: [TCP Query User{A8726F37-409A-4859-BA0E-84C5DC5757C4}C:\windows\syswow64\javaw.exe] => (Allow) C:\windows\syswow64\javaw.exe
FirewallRules: [UDP Query User{4E7A4E00-4DB8-48C9-BBD3-44FDE2BF2FCE}C:\windows\syswow64\javaw.exe] => (Allow) C:\windows\syswow64\javaw.exe
FirewallRules: [{33A47B9A-18C7-4298-AF7F-DB7E2CFDFBB8}] => (Allow) %ProgramFiles% (x86)\Java\jre7\bin\javaw.exe
FirewallRules: [{3C235533-BA45-4310-B379-7AB6359C9057}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{A3F4F4CF-321B-492C-9759-8D76033C0FE8}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{A013F280-B5D8-4F2D-9B37-BDC102B4C941}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F5207462-1BE0-4F9A-A07C-86DA37CD3283}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D8A731BE-EDCF-420D-A0E6-533363A7D61D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{596F2A3F-A471-46E0-B473-44FF05F785DE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1083B88C-75C1-49F1-BF62-E87E96D8CFC0}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{7165D37D-C72C-43D8-A528-17E4F9961474}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{BB95D659-AAF1-4497-950B-8738E2C588A0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\War Thunder\launcher.exe
FirewallRules: [{07DCCCA0-50F8-4CD3-AB06-EADC885321FB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\War Thunder\launcher.exe
FirewallRules: [{207283C6-2643-4BF5-8E6B-627A25FFDFB7}] => (Allow) E:\Network\EpsonNetSetup\ENEasyApp.exe
FirewallRules: [{E2ADDE8C-F09C-4465-9B7B-709258F715C8}] => (Allow) E:\Network\EpsonNetSetup\ENEasyApp.exe
FirewallRules: [TCP Query User{216C37FA-CEA0-4C06-85B6-F6D33947CE92}C:\users\marvin\desktop\sonstiges\nazi_zombies\nazi zombies\codwaw.exe] => (Allow) C:\users\marvin\desktop\sonstiges\nazi_zombies\nazi zombies\codwaw.exe
FirewallRules: [UDP Query User{4F5595A1-D40C-4701-95CF-12AB17D92CBF}C:\users\marvin\desktop\sonstiges\nazi_zombies\nazi zombies\codwaw.exe] => (Allow) C:\users\marvin\desktop\sonstiges\nazi_zombies\nazi zombies\codwaw.exe
FirewallRules: [TCP Query User{73434ACF-7C3F-4F19-B789-E3E06A5390AB}C:\users\marvin\desktop\sonstiges\nazi_zombies\nazi zombies\codwaw.exe] => (Allow) C:\users\marvin\desktop\sonstiges\nazi_zombies\nazi zombies\codwaw.exe
FirewallRules: [UDP Query User{1FC8939C-0094-41DA-BD96-CB6530E6B27C}C:\users\marvin\desktop\sonstiges\nazi_zombies\nazi zombies\codwaw.exe] => (Allow) C:\users\marvin\desktop\sonstiges\nazi_zombies\nazi zombies\codwaw.exe
FirewallRules: [{86983096-69A5-4B3E-8A42-8E22DD308E51}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{A6B95520-617C-4E87-90F3-5B5CCE18B990}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{ED6E9610-CEEB-488A-9CA1-7C751A8BF5B1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{FE8CEFA3-27C6-4D21-8579-B4AD4E9BB2B2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{B56A0034-A2DF-4C5C-85F7-ACD4A30D86DE}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{04D5B1A0-41E6-4EC0-AEB8-3414CCCAC4BE}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{CF2B409A-C062-4BCF-A3C5-FEBA0538B698}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{4C03FCE1-D5AC-41DA-8A60-14F0A58ABD9F}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{C7208592-41A2-4CDE-8B2A-3C7134200749}] => (Allow) C:\Program Files (x86)\Activision\Call of Duty - World at War\CoDWaW.exe
FirewallRules: [{980F6C00-8469-4844-B056-F29BA37B8067}] => (Allow) C:\Program Files (x86)\Activision\Call of Duty - World at War\CoDWaW.exe
FirewallRules: [{C51DD5C0-01E8-4E01-9011-D9F331655B1C}] => (Allow) C:\Program Files (x86)\Activision\Call of Duty - World at War\CoDWaWmp.exe
FirewallRules: [{B214461C-9B7E-4F6F-80DF-AE78621D8239}] => (Allow) C:\Program Files (x86)\Activision\Call of Duty - World at War\CoDWaWmp.exe
FirewallRules: [{F5F99662-CC56-492C-9B42-B578477B4917}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{72FBCD98-EA65-4A28-A8BB-FF0AAA44F93A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{E9C9C8FE-5C70-45FF-990A-D7C259D97F21}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{50CD923A-CC65-428F-9792-3E9FA6EEB094}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [TCP Query User{2DAF7A75-5A30-4150-A6BA-88B22E4591DB}C:\users\marvin\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\marvin\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{31D60B47-97BE-4EFE-8E7A-AEF129E8169E}C:\users\marvin\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\marvin\appdata\roaming\spotify\spotify.exe
FirewallRules: [{BF6CE0CC-365D-48F1-8D3F-569347A8B55E}] => (Block) C:\users\marvin\appdata\roaming\spotify\spotify.exe
FirewallRules: [{C46CC1FD-B110-4AF8-B834-7AB26F5BD313}] => (Block) C:\users\marvin\appdata\roaming\spotify\spotify.exe
FirewallRules: [{EEC9249E-D2F2-4C4F-B6D9-A6242B4C9ECD}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{C5DE302A-04E1-4A0B-957C-DC44B34C99D4}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{728286ED-FCAD-49D6-BC6D-EC7B5912A7A2}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{9AFE2C43-788F-4F47-B694-7031E2CD1FE7}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [TCP Query User{451184ED-707F-49BD-943B-31F0BCFE9FED}C:\program files (x86)\activision\call of duty - world at war\codwaw.exe] => (Allow) C:\program files (x86)\activision\call of duty - world at war\codwaw.exe
FirewallRules: [UDP Query User{A9BC098D-A9F9-401C-8830-F6545E90B399}C:\program files (x86)\activision\call of duty - world at war\codwaw.exe] => (Allow) C:\program files (x86)\activision\call of duty - world at war\codwaw.exe
FirewallRules: [{40E30453-F4E3-4AFD-9778-5E3C7C2C7D46}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A16FE5EA-2645-459B-91E5-09B435885D1C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{ED1B3443-6F10-446B-A057-FDAB89C955CE}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{1F5321BB-CFCC-4A7C-99FC-03ECC8B5066D}] => (Allow) C:\Program Files (x86)\Software4u\iDevice Manager\Software4u.IDeviceManager.exe
FirewallRules: [{7F0909DD-69AC-42A8-B289-B1B961AC70F6}] => (Allow) C:\Program Files (x86)\Software4u\iDevice Manager\Software4u.IDeviceManager.exe
FirewallRules: [{19030F3C-F544-4BF5-AC76-F02ABFA7429C}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{E9AE5F1F-5B26-4310-A0E2-A64BF65F8F12}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{A7CCF692-9405-41FE-BF4E-F8866AE5D11B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/29/2015 09:02:20 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddWin32ServiceFiles: Unable to back up image of service TuneUp Utilities Service since QueryServiceConfig API failed

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (06/29/2015 09:02:20 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary TuneUpUtilitiesDrv.

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (06/14/2015 11:42:00 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Steam.exe, Version 2.81.34.6 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1264

Startzeit: 01d0a685ec635dd4

Endzeit: 0

Anwendungspfad: C:\Program Files (x86)\Steam\Steam.exe

Berichts-ID: 67e719c3-1279-11e5-85ce-e81132d93976

Error: (06/14/2015 00:01:50 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (06/13/2015 01:35:32 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (06/11/2015 08:14:06 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (06/10/2015 08:40:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: atieclxx.exe, Version: 6.14.11.1143, Zeitstempel: 0x5154efc9
Name des fehlerhaften Moduls: atieclxx.exe, Version: 6.14.11.1143, Zeitstempel: 0x5154efc9
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000002ea19
ID des fehlerhaften Prozesses: 0x108c
Startzeit der fehlerhaften Anwendung: 0xatieclxx.exe0
Pfad der fehlerhaften Anwendung: atieclxx.exe1
Pfad des fehlerhaften Moduls: atieclxx.exe2
Berichtskennung: atieclxx.exe3

Error: (05/25/2015 09:16:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: TuneUpSystemStatusCheck.exe, Version: 13.0.2013.194, Zeitstempel: 0x5056f399
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00002070
ID des fehlerhaften Prozesses: 0x1580
Startzeit der fehlerhaften Anwendung: 0xTuneUpSystemStatusCheck.exe0
Pfad der fehlerhaften Anwendung: TuneUpSystemStatusCheck.exe1
Pfad des fehlerhaften Moduls: TuneUpSystemStatusCheck.exe2
Berichtskennung: TuneUpSystemStatusCheck.exe3

Error: (05/18/2015 08:21:48 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddWin32ServiceFiles: Unable to back up image of service Update Edu App since QueryServiceConfig API failed

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (05/17/2015 08:08:16 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "RegSetValueExW(0x0000029c,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,00000000030AEDF0.72)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.


System errors:
=============
Error: (06/30/2015 08:09:38 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (06/30/2015 08:09:38 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Software Protection" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (06/30/2015 08:09:36 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Live ID Sign-in Assistant" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (06/30/2015 08:09:36 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "PnkBstrA" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (06/30/2015 08:09:36 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "SQL Server (SQLEXPRESS)" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (06/30/2015 08:09:36 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "AMD FUEL Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (06/30/2015 08:09:36 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Adobe Active File Monitor V9" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (06/30/2015 08:09:36 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "AMD External Events Utility" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (06/30/2015 07:08:03 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Live ID Sign-in Assistant" wurde aufgrund folgenden Fehlers nicht gestartet:
%%109

Error: (06/30/2015 07:07:54 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Software Protection" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.


Microsoft Office:
=========================
Error: (06/29/2015 09:02:20 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service TuneUp Utilities Service since QueryServiceConfig API failed

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (06/29/2015 09:02:20 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary TuneUpUtilitiesDrv.

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (06/14/2015 11:42:00 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Steam.exe2.81.34.6126401d0a685ec635dd40C:\Program Files (x86)\Steam\Steam.exe67e719c3-1279-11e5-85ce-e81132d93976

Error: (06/14/2015 00:01:50 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\program files (x86)\common files\adobe air\Versions\1.0\Adobe AIR.dllc:\program files (x86)\common files\adobe air\Versions\1.0\Adobe AIR.dll3

Error: (06/13/2015 01:35:32 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\program files (x86)\common files\adobe air\Versions\1.0\Adobe AIR.dllc:\program files (x86)\common files\adobe air\Versions\1.0\Adobe AIR.dll3

Error: (06/11/2015 08:14:06 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\program files (x86)\common files\adobe air\Versions\1.0\Adobe AIR.dllc:\program files (x86)\common files\adobe air\Versions\1.0\Adobe AIR.dll3

Error: (06/10/2015 08:40:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: atieclxx.exe6.14.11.11435154efc9atieclxx.exe6.14.11.11435154efc9c0000005000000000002ea19108c01d0a3ace73c4920C:\windows\system32\atieclxx.exeC:\windows\system32\atieclxx.exe25cfb97a-0fa0-11e5-beb3-e81132d93976

Error: (05/25/2015 09:16:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: TuneUpSystemStatusCheck.exe13.0.2013.1945056f399unknown0.0.0.000000000c000000500002070158001d096baab557310C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpSystemStatusCheck.exeunknownf17e1d07-02ad-11e5-ae55-e81132d93976

Error: (05/18/2015 08:21:48 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service Update Edu App since QueryServiceConfig API failed

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (05/17/2015 08:08:16 PM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x0000029c,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,00000000030AEDF0.72)0x80070005, Zugriff verweigert


CodeIntegrity Errors:
===================================
  Date: 2015-06-29 21:18:51.887
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-06-29 21:18:51.794
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-05-17 18:58:14.829
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-17 18:58:14.735
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-17 18:58:05.102
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-17 18:58:05.008
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-17 18:58:02.696
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-17 18:58:02.586
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-17 18:58:01.652
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-17 18:58:01.558
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Processor: AMD A6-3410MX APU with Radeon(tm) HD Graphics
Percentage of memory in use: 29%
Total physical RAM: 5611.81 MB
Available physical RAM: 3981.13 MB
Total Pagefile: 11221.82 MB
Available Pagefile: 9489.1 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:230 GB) (Free:67.3 GB) NTFS
Drive d: () (Fixed) (Total:342.9 GB) (Free:69.11 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 596.2 GB) (Disk ID: C469F6B2)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=230 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=342.9 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=23.2 GB) - (Type=27)

==================== End of log ============================
--- --- ---

Danke für die ganzen Antworten. Ich habe noch mbam logfiles von vor 3 Tagen, sind diese auch interesssant? Dort wurden glaub ich eine ganze Menge infizierter Datein gefunden.

M-K-D-B 30.06.2015 15:06
Servus,


ja, bitte posten.


Zudem bitte noch Zoek ausführen:



Bitte deaktiviere dein Anti-Viren-Programm, da es das Ergebnis beeinflussen oder ggf. die Bereinigung stören kann.
Bitte lade dir zoek.exe von hier: http://hijackthis.nl/smeenk/ und speichere die Datei auf deinem Desktop.
  • Starte Zoek.exe mit einem Doppelklick.
  • Achtung: Das folgende Skript wurde nur für diesen speziellen Fall geschrieben und könnte andere Computer beschädigen.
  • Kopiere den Text der folgenden Box in das Skriptfenster von zoek:
    Code:
    iedefaults;
    resetIEproxy;
    shortcutfix;
    FFdefaults;
    CHRdefaults;
    emptyclsid;
    autoclean;
  • Nun klicke auf "Run script" und sei geduldig bis das Skript durchgelaufen ist.
  • Wenn das Tool fertig ist, wird sich Notepad mit der Logdatei öffnen (ggf. erst nach einem Neustart). Das Log befindet sich aber auch noch unter c:\ .
  • Bitte poste mir das ZOEK-Log (möglichst in CODE-Tags - #-Symbol im Antwortfenster klicken).

marvin1105 30.06.2015 16:06
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 27.06.2015
Suchlauf-Zeit: 09:03:58
Logdatei: mbam_27-06.txt
Administrator: Ja

Version: 2.01.6.1022
Malware Datenbank: v2015.06.26.08
Rootkit Datenbank: v2015.06.26.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Marvin

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 514894
Verstrichene Zeit: 53 Min, 27 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Warnen
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 1
PUP.Optional.Multiplug.A, C:\Program Files (x86)\SoftwareForce\SoftwareForce.dll, Löschen bei Neustart, [1b35596646440b2b9e34e36c6b97649c],

Registrierungsschlüssel: 56
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\CLSID\{03D3D23D-C575-4060-8BE2-C234ACCB729B}, In Quarantäne, [113f803fd9b19b9bc7a85221bd4541bf],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{03D3D23D-C575-4060-8BE2-C234ACCB729B}, In Quarantäne, [113f803fd9b19b9bc7a85221bd4541bf],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{03D3D23D-C575-4060-8BE2-C234ACCB729B}, In Quarantäne, [113f803fd9b19b9bc7a85221bd4541bf],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\P03D3D23D_C575_4060_8BE2_C234ACCB729B_.P03D3D23D_C575_4060_8BE2_C234ACCB729B_, In Quarantäne, [113f803fd9b19b9bc7a85221bd4541bf],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\P03D3D23D_C575_4060_8BE2_C234ACCB729B_.P03D3D23D_C575_4060_8BE2_C234ACCB729B_.9, In Quarantäne, [113f803fd9b19b9bc7a85221bd4541bf],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\P03D3D23D_C575_4060_8BE2_C234ACCB729B_.P03D3D23D_C575_4060_8BE2_C234ACCB729B_, In Quarantäne, [113f803fd9b19b9bc7a85221bd4541bf],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\P03D3D23D_C575_4060_8BE2_C234ACCB729B_.P03D3D23D_C575_4060_8BE2_C234ACCB729B_.9, In Quarantäne, [113f803fd9b19b9bc7a85221bd4541bf],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\P03D3D23D_C575_4060_8BE2_C234ACCB729B_.P03D3D23D_C575_4060_8BE2_C234ACCB729B_, In Quarantäne, [113f803fd9b19b9bc7a85221bd4541bf],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\P03D3D23D_C575_4060_8BE2_C234ACCB729B_.P03D3D23D_C575_4060_8BE2_C234ACCB729B_.9, In Quarantäne, [113f803fd9b19b9bc7a85221bd4541bf],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{03D3D23D-C575-4060-8BE2-C234ACCB729B}, In Quarantäne, [113f803fd9b19b9bc7a85221bd4541bf],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{03D3D23D-C575-4060-8BE2-C234ACCB729B}, In Quarantäne, [113f803fd9b19b9bc7a85221bd4541bf],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{03D3D23D-C575-4060-8BE2-C234ACCB729B}, In Quarantäne, [113f803fd9b19b9bc7a85221bd4541bf],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{03D3D23D-C575-4060-8BE2-C234ACCB729B}, In Quarantäne, [113f803fd9b19b9bc7a85221bd4541bf],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\CLSID\{03D3D23D-C575-4060-8BE2-C234ACCB729B}\INPROCSERVER32, In Quarantäne, [113f803fd9b19b9bc7a85221bd4541bf],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\CLSID\{062A6244-B07F-4074-8730-69EA166B2830}, In Quarantäne, [143c3887fd8d4aec3a35017218ea22de],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{062A6244-B07F-4074-8730-69EA166B2830}, In Quarantäne, [143c3887fd8d4aec3a35017218ea22de],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{062A6244-B07F-4074-8730-69EA166B2830}, In Quarantäne, [143c3887fd8d4aec3a35017218ea22de],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\P062A6244_B07F_4074_8730_69EA166B2830_.P062A6244_B07F_4074_8730_69EA166B2830_, In Quarantäne, [143c3887fd8d4aec3a35017218ea22de],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\P062A6244_B07F_4074_8730_69EA166B2830_.P062A6244_B07F_4074_8730_69EA166B2830_.9, In Quarantäne, [143c3887fd8d4aec3a35017218ea22de],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\P062A6244_B07F_4074_8730_69EA166B2830_.P062A6244_B07F_4074_8730_69EA166B2830_, In Quarantäne, [143c3887fd8d4aec3a35017218ea22de],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\P062A6244_B07F_4074_8730_69EA166B2830_.P062A6244_B07F_4074_8730_69EA166B2830_.9, In Quarantäne, [143c3887fd8d4aec3a35017218ea22de],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\P062A6244_B07F_4074_8730_69EA166B2830_.P062A6244_B07F_4074_8730_69EA166B2830_, In Quarantäne, [143c3887fd8d4aec3a35017218ea22de],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\P062A6244_B07F_4074_8730_69EA166B2830_.P062A6244_B07F_4074_8730_69EA166B2830_.9, In Quarantäne, [143c3887fd8d4aec3a35017218ea22de],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{062A6244-B07F-4074-8730-69EA166B2830}, In Quarantäne, [143c3887fd8d4aec3a35017218ea22de],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{062A6244-B07F-4074-8730-69EA166B2830}, In Quarantäne, [143c3887fd8d4aec3a35017218ea22de],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{062A6244-B07F-4074-8730-69EA166B2830}, In Quarantäne, [143c3887fd8d4aec3a35017218ea22de],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{062A6244-B07F-4074-8730-69EA166B2830}, In Quarantäne, [143c3887fd8d4aec3a35017218ea22de],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\CLSID\{062A6244-B07F-4074-8730-69EA166B2830}\INPROCSERVER32, In Quarantäne, [143c3887fd8d4aec3a35017218ea22de],
PUP.Optional.Multiplug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{6C998B44-82D8-CC7E-D847-4CD73036412A}, In Quarantäne, [c18f3e81008a053101f18daacb37cb35],
PUP.Optional.Multiplug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{5CDF2354-26AF-2DBC-1012-44FEDFCC75BB}, In Quarantäne, [56fa16a9aae0063081711b1c91715aa6],
PUP.Optional.Multiplug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{730C1F02-ABB6-7601-60ED-659A59700742}, In Quarantäne, [f9573c83cac02c0a60928fa88f735ba5],
PUP.Optional.Multiplug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{4E5FE462-1A84-47B4-3411-C72434AAD86C}, In Quarantäne, [e967e1de8dfd6accae44cd6ae41e1ae6],
PUP.Optional.WebSaver.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{A1965763-A486-4E1E-B574-19E44B3842E8}, In Quarantäne, [75dba21dbfcb94a24e65d13ed72d33cd],
PUP.Optional.WebSaver.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{9CABED0D-99E4-457C-A192-D528B389F53C}, In Quarantäne, [75dba21dbfcb94a24e65d13ed72d33cd],
PUP.Optional.WebSaver.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{CED50656-D422-418C-8A20-A0F455842FA5}, In Quarantäne, [75dba21dbfcb94a24e65d13ed72d33cd],
PUP.Optional.WebSaver.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{D8B5D394-6974-40D4-9DFB-DAAD64E422D6}, In Quarantäne, [75dba21dbfcb94a24e65d13ed72d33cd],
PUP.Optional.WebSaver.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{ED2A17AC-87A9-4640-9DE9-07AB5B63E902}, In Quarantäne, [75dba21dbfcb94a24e65d13ed72d33cd],
PUP.Optional.WebSaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{9CABED0D-99E4-457C-A192-D528B389F53C}, In Quarantäne, [75dba21dbfcb94a24e65d13ed72d33cd],
PUP.Optional.WebSaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{CED50656-D422-418C-8A20-A0F455842FA5}, In Quarantäne, [75dba21dbfcb94a24e65d13ed72d33cd],
PUP.Optional.WebSaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{D8B5D394-6974-40D4-9DFB-DAAD64E422D6}, In Quarantäne, [75dba21dbfcb94a24e65d13ed72d33cd],
PUP.Optional.WebSaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{ED2A17AC-87A9-4640-9DE9-07AB5B63E902}, In Quarantäne, [75dba21dbfcb94a24e65d13ed72d33cd],
PUP.Optional.WebSaver.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{9CABED0D-99E4-457C-A192-D528B389F53C}, In Quarantäne, [75dba21dbfcb94a24e65d13ed72d33cd],
PUP.Optional.WebSaver.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{CED50656-D422-418C-8A20-A0F455842FA5}, In Quarantäne, [75dba21dbfcb94a24e65d13ed72d33cd],
PUP.Optional.WebSaver.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{D8B5D394-6974-40D4-9DFB-DAAD64E422D6}, In Quarantäne, [75dba21dbfcb94a24e65d13ed72d33cd],
PUP.Optional.WebSaver.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{ED2A17AC-87A9-4640-9DE9-07AB5B63E902}, In Quarantäne, [75dba21dbfcb94a24e65d13ed72d33cd],
PUP.Optional.WebSaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{A1965763-A486-4E1E-B574-19E44B3842E8}, In Quarantäne, [75dba21dbfcb94a24e65d13ed72d33cd],
PUP.Optional.WebSaver.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{A1965763-A486-4E1E-B574-19E44B3842E8}, In Quarantäne, [75dba21dbfcb94a24e65d13ed72d33cd],
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CCLEANER.EXE, In Quarantäne, [361ae9d65a304cea6c46675d08fc58a8],
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE, In Quarantäne, [1d330db251390135bada40529c6945bb],
PUP.Optional.CinemaPlus.A, HKLM\SOFTWARE\WOW6432NODE\CinemaPlus-3.2cV17.05-nv-ie, In Quarantäne, [0e42843b1872eb4bc937927d56aea35d],
PUP.Optional.Infonaut.A, HKLM\SOFTWARE\WOW6432NODE\Infonaut_1.10.0.14, In Quarantäne, [3917cef193f75adc06d7d029f211d52b],
Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CCLEANER.EXE, In Quarantäne, [b59bbf00f7937abc6a48873d25dfbd43],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{9714eddf}, In Quarantäne, [64ecd9e6e2a8b1859550a6ea8a7b09f7],
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE, In Quarantäne, [2828308fc3c7c274553fc1d14eb79967],
PUP.Optional.SoftwareForce.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\9714eddf, In Quarantäne, [9cb4a31c5b2fe254f9097d86a95b1be5],
PUP.Optional.CinemaPlus.A, HKU\S-1-5-21-2545573064-1671415295-1629012448-1000\SOFTWARE\CinemaPlus-3.2cV17.05-nv-ie, In Quarantäne, [a1afccf37b0f2a0c47babc53ce3658a8],

Registrierungswerte: 12
PUP.Optional.CrossBrowse.C, HKLM\SOFTWARE\CLASSES\.HTML\OPENWITHPROGIDS|CRSBRWSHTML, In Quarantäne, [f65a0eb15f2b57dffbf75f2f4db87090],
PUP.Optional.CrossBrowse.C, HKLM\SOFTWARE\CLASSES\.HTM\OPENWITHPROGIDS|CRSBRWSHTML, In Quarantäne, [fa5606b902885ed8c031721c050056aa],
PUP.Optional.CrossBrowse.C, HKLM\SOFTWARE\CLASSES\WOW6432NODE\.HTML\OPENWITHPROGIDS|CRSBRWSHTML, In Quarantäne, [1f31b20d0486310533bfb1dd4abb35cb],
PUP.Optional.CrossBrowse.C, HKLM\SOFTWARE\CLASSES\WOW6432NODE\.HTM\OPENWITHPROGIDS|CRSBRWSHTML, In Quarantäne, [e7692f9005854cead61bd0be996c36ca],
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CCLEANER.EXE|Debugger, "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe", In Quarantäne, [361ae9d65a304cea6c46675d08fc58a8]
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, In Quarantäne, [1d330db251390135bada40529c6945bb]
PUP.Optional.CrossBrowse.C, HKLM\SOFTWARE\REGISTEREDAPPLICATIONS|Crossbrowse, Software\Clients\StartMenuInternet\Crossbrowse\Capabilities, In Quarantäne, [d779ecd34f3b8da9301984097c894fb1]
PUP.Optional.CrossBrowse.C, HKLM\SOFTWARE\WOW6432NODE\CLASSES\.HTML\OPENWITHPROGIDS|CRSBRWSHTML, In Quarantäne, [ee6299262268d75f7a78563823e2748c],
PUP.Optional.CrossBrowse.C, HKLM\SOFTWARE\WOW6432NODE\CLASSES\.HTM\OPENWITHPROGIDS|CRSBRWSHTML, In Quarantäne, [a6aa645b781251e56d84543aee17c13f],
Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CCLEANER.EXE|Debugger, "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe", In Quarantäne, [b59bbf00f7937abc6a48873d25dfbd43]
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, In Quarantäne, [2828308fc3c7c274553fc1d14eb79967]
PUP.Optional.CrossBrowse.C, HKLM\SOFTWARE\WOW6432NODE\REGISTEREDAPPLICATIONS|Crossbrowse, Software\Clients\StartMenuInternet\Crossbrowse\Capabilities, In Quarantäne, [ea665867f397d95d53f63c519174d62a]

Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)

Ordner: 9
PUP.Optional.WebSaver.A, C:\Program Files (x86)\wEbsaver, In Quarantäne, [75dba21dbfcb94a24e65d13ed72d33cd],
PUP.Optional.MultiPlug.A, C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\memcdolmmnmnleeiodllgpibdjlkbpim\167, In Quarantäne, [331d714e1872b58149c1701a679ec040],
PUP.Optional.MultiPlug.A, C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\memcdolmmnmnleeiodllgpibdjlkbpim, In Quarantäne, [331d714e1872b58149c1701a679ec040],
PUP.Optional.MultiPlug.A, C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\gsf1j48l.default\extensions\A3C@K.com\content, In Quarantäne, [7cd46c53b8d2d46204140d7d7f864db3],
PUP.Optional.MultiPlug.A, C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\gsf1j48l.default\extensions\A3C@K.com, In Quarantäne, [7cd46c53b8d2d46204140d7d7f864db3],
PUP.Optional.MultiPlug.A, C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\gsf1j48l.default\extensions\vpmI@X.net\content, In Quarantäne, [a1aff5caa0eaec4aa37553370ff62fd1],
PUP.Optional.MultiPlug.A, C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\gsf1j48l.default\extensions\vpmI@X.net, In Quarantäne, [a1aff5caa0eaec4aa37553370ff62fd1],
PUP.Optional.WebSaver.A, C:\Program Files (x86)\websavear, In Quarantäne, [440c37889febbb7b8b63810992737a86],
PUP.Optional.KikBlaster.A, C:\ProgramData\Kikblaster, In Quarantäne, [034d754af6947bbb50e50ee682816c94],

Dateien: 39
PUP.Optional.Multiplug.A, C:\Program Files (x86)\SoftwareForce\SoftwareForce.dll, Löschen bei Neustart, [1b35596646440b2b9e34e36c6b97649c],
PUP.Optional.MultiPlug.A, C:\Program Files (x86)\wEbsaver\1mt0Cqv7235L8K.x64.dll, In Quarantäne, [113f803fd9b19b9bc7a85221bd4541bf],
PUP.Optional.MultiPlug.A, C:\Program Files (x86)\wEbsaver\1mt0Cqv7235L8K.dll, In Quarantäne, [113f803fd9b19b9bc7a85221bd4541bf],
PUP.Optional.MultiPlug.A, C:\Program Files (x86)\websavear\OEPOkQdTgSTejJ.x64.dll, In Quarantäne, [143c3887fd8d4aec3a35017218ea22de],
PUP.Optional.MultiPlug.A, C:\Program Files (x86)\websavear\OEPOkQdTgSTejJ.dll, In Quarantäne, [143c3887fd8d4aec3a35017218ea22de],
PUP.Optional.KikBlaster.A, C:\ProgramData\Kikblaster\NSISHelper.dll, In Quarantäne, [2a262e91e9a1ae88275268f41be7bc44],
PUP.Optional.Crossrider, C:\Program Files (x86)\Adobe\b05f4dc8-3eb1-4310-b007-92743b80b6d6.dll, In Quarantäne, [93bdf5caa3e78ea8d46e1f4bac5641bf],
PUP.Optional.Crossrider, C:\Program Files (x86)\b05f4dc8-3eb1-4310-b007-92743b80b6d6\22db4f5e-694f-4323-adb1-c8de975adbc2.dll, In Quarantäne, [b39df2cd8bff5fd7c37f8dddfc06f50b],
PUP.Optional.Multiplug.A, C:\Program Files (x86)\VIA3  Video Conferencing Messaging\VIA3  Video Conferencing Messaging.exe, In Quarantäne, [c18f3e81008a053101f18daacb37cb35],
PUP.Optional.Multiplug.A, C:\Program Files (x86)\websavear\OEPOkQdTgSTejJ.exe, In Quarantäne, [f858ab145b2f9d99ea0886b117eb5fa1],
PUP.Optional.Multiplug.A, C:\Program Files (x86)\wEbsaver\1mt0Cqv7235L8K.exe, In Quarantäne, [7fd114ab0c7e5cdaeb073ef9bd4542be],
PUP.Optional.Multiplug.A, C:\Program Files (x86)\Weebsaver\Weebsaver.exe, In Quarantäne, [56fa16a9aae0063081711b1c91715aa6],
PUP.Optional.MultiPlug.A, C:\Program Files (x86)\Mozilla Firefox\dbghelp.dll, In Quarantäne, [9bb5a61995f5ea4c0106343d5aa86b95],
PUP.Optional.Multiplug.A, C:\Program Files (x86)\ReAldEal\Y05QoAd37KaLG7.exe, In Quarantäne, [f25e902f3951fa3c3cb6ae89cc363fc1],
PUP.Optional.Multiplug.A, C:\Program Files (x86)\realodeala\PFHOOcnKjn0ess.exe, In Quarantäne, [f9573c83cac02c0a60928fa88f735ba5],
PUP.Optional.Multiplug.A, C:\Program Files (x86)\reeAlddeal\reeAlddeal.exe, In Quarantäne, [e56b9a25aedccb6b09e954e3de24956b],
PUP.Optional.Multiplug.A, C:\Program Files (x86)\Responsive Inspector\Responsive Inspector.exe, In Quarantäne, [e967e1de8dfd6accae44cd6ae41e1ae6],
PUP.Optional.AppDataFR.A, C:\Users\Marvin\AppData\Roaming\appdataFr25.bin, In Quarantäne, [e46c3b842f5b86b0f43a3abcf70c8977],
PUP.Optional.PricePeep.A, C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.pricepeep00.pricepeep.net_0.localstorage, In Quarantäne, [440ce3dc98f25cdab37d31c7de258b75],
PUP.Optional.PricePeep.A, C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.pricepeep00.pricepeep.net_0.localstorage-journal, In Quarantäne, [30209827d1b91620be72a652020103fd],
PUP.Optional.WebSaver.A, C:\Program Files (x86)\wEbsaver\1mt0Cqv7235L8K.tlb, In Quarantäne, [75dba21dbfcb94a24e65d13ed72d33cd],
PUP.Optional.WebSaver.A, C:\Program Files (x86)\wEbsaver\1mt0Cqv7235L8K.dat, In Quarantäne, [75dba21dbfcb94a24e65d13ed72d33cd],
PUP.Optional.MultiPlug.A, C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\memcdolmmnmnleeiodllgpibdjlkbpim\167\lsdb.js, In Quarantäne, [331d714e1872b58149c1701a679ec040],
PUP.Optional.MultiPlug.A, C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\memcdolmmnmnleeiodllgpibdjlkbpim\167\background.html, In Quarantäne, [331d714e1872b58149c1701a679ec040],
PUP.Optional.MultiPlug.A, C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\memcdolmmnmnleeiodllgpibdjlkbpim\167\content.js, In Quarantäne, [331d714e1872b58149c1701a679ec040],
PUP.Optional.MultiPlug.A, C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\memcdolmmnmnleeiodllgpibdjlkbpim\167\L5.js, In Quarantäne, [331d714e1872b58149c1701a679ec040],
PUP.Optional.MultiPlug.A, C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\memcdolmmnmnleeiodllgpibdjlkbpim\167\manifest.json, In Quarantäne, [331d714e1872b58149c1701a679ec040],
PUP.Optional.MultiPlug.A, C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\gsf1j48l.default\extensions\A3C@K.com\content\bg.js, In Quarantäne, [7cd46c53b8d2d46204140d7d7f864db3],
PUP.Optional.MultiPlug.A, C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\gsf1j48l.default\extensions\A3C@K.com\bootstrap.js, In Quarantäne, [7cd46c53b8d2d46204140d7d7f864db3],
PUP.Optional.MultiPlug.A, C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\gsf1j48l.default\extensions\A3C@K.com\chrome.manifest, In Quarantäne, [7cd46c53b8d2d46204140d7d7f864db3],
PUP.Optional.MultiPlug.A, C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\gsf1j48l.default\extensions\A3C@K.com\install.rdf, In Quarantäne, [7cd46c53b8d2d46204140d7d7f864db3],
PUP.Optional.MultiPlug.A, C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\gsf1j48l.default\extensions\vpmI@X.net\content\bg.js, In Quarantäne, [a1aff5caa0eaec4aa37553370ff62fd1],
PUP.Optional.MultiPlug.A, C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\gsf1j48l.default\extensions\vpmI@X.net\bootstrap.js, In Quarantäne, [a1aff5caa0eaec4aa37553370ff62fd1],
PUP.Optional.MultiPlug.A, C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\gsf1j48l.default\extensions\vpmI@X.net\chrome.manifest, In Quarantäne, [a1aff5caa0eaec4aa37553370ff62fd1],
PUP.Optional.MultiPlug.A, C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\gsf1j48l.default\extensions\vpmI@X.net\install.rdf, In Quarantäne, [a1aff5caa0eaec4aa37553370ff62fd1],
PUP.Optional.WebSaver.A, C:\Program Files (x86)\websavear\OEPOkQdTgSTejJ.tlb, In Quarantäne, [440c37889febbb7b8b63810992737a86],
PUP.Optional.WebSaver.A, C:\Program Files (x86)\websavear\OEPOkQdTgSTejJ.dat, In Quarantäne, [440c37889febbb7b8b63810992737a86],
PUP.Optional.KikBlaster.A, C:\ProgramData\Kikblaster\RfndNSIS.dll, In Quarantäne, [034d754af6947bbb50e50ee682816c94],
PUP.Optional.CrossRider.A, C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\gsf1j48l.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.crossrider.bic", "14d62da8cba3b88c36a4721b1bf5971a");), Ersetzt,[f55b10af434743f3ea83533a14f259a7]

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)
P.S. wenn ich versuche die zoek.exe zu starten, dann wird gefragt, ob ich es zulassen möchte, aber danach passiert nichts mehr
Das Öffnen als Administrator hab ich schon versucht

Etwas später ging es dann doch und ich glaube es hat deutlich was gebracht
Code:
Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by Marvin on 30.06.2015 at 16:15:18,82.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Marvin\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

30.06.2015 16:19:40 Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\PROGRA~2\b05f4dc8-3eb1-4310-b007-92743b80b6d6 deleted successfully
C:\PROGRA~2\Daedalic Entertainment deleted successfully
C:\PROGRA~2\Malwarebytes' Anti-Malware deleted successfully
C:\PROGRA~2\MSXML 4.0 deleted successfully
C:\PROGRA~2\OXXOGames deleted successfully
C:\PROGRA~2\SoftwareForce deleted successfully
C:\PROGRA~2\COMMON~1\EAInstaller deleted successfully
C:\Program Files\Symantec deleted successfully
C:\PROGRA~3\DAEMON Tools Pro deleted successfully
C:\PROGRA~3\install_clap deleted successfully
C:\PROGRA~3\Reflection deleted successfully
C:\PROGRA~3\Reflector deleted successfully
C:\PROGRA~3\Synetic deleted successfully
C:\PROGRA~3\{1C6FDDD8-FC9E-4C12-9FA5-1AAD377097B3} deleted successfully
C:\PROGRA~3\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16} deleted successfully
C:\PROGRA~3\{32364CEA-7855-4A3C-B674-53D8E9B97936} deleted successfully
C:\PROGRA~3\{93E26451-CD9A-43A5-A2FA-C42392EA4001} deleted successfully
C:\PROGRA~3\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} deleted successfully
C:\Users\Marvin\AppData\Roaming\DAEMON Tools Pro deleted successfully
C:\Users\Marvin\AppData\Roaming\IrfanView deleted successfully
C:\Users\Marvin\AppData\Roaming\Malwarebytes deleted successfully
C:\Users\Marvin\AppData\Roaming\Media Player Classic deleted successfully
C:\Users\Marvin\AppData\Roaming\Opera Software deleted successfully
C:\Users\Marvin\AppData\Roaming\Solveig Multimedia deleted successfully
C:\Users\Marvin\AppData\Roaming\uTorrent deleted successfully
C:\Users\Marvin\AppData\Roaming\Video DVD Maker FREE deleted successfully
C:\Users\Marvin\AppData\Local\CrashDumps deleted successfully
C:\Users\Marvin\AppData\Local\Opera Software deleted successfully
C:\Users\Marvin\AppData\Local\WarThunder deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2545573064-1671415295-1629012448-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9421DD08-935F-4701-A9CA-22DF90AC4EA6} deleted successfully
HKEY_USERS\S-1-5-21-2545573064-1671415295-1629012448-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9421DD08-935F-4701-A9CA-22DF90AC4EA6} deleted successfully
HKEY_USERS\S-1-5-21-2545573064-1671415295-1629012448-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D} deleted successfully
HKEY_USERS\S-1-5-21-2545573064-1671415295-1629012448-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D} deleted successfully
HKEY_USERS\S-1-5-21-2545573064-1671415295-1629012448-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C442AC41-9200-4770-8CC0-7CDB4F245C55} deleted successfully
HKEY_USERS\S-1-5-21-2545573064-1671415295-1629012448-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C442AC41-9200-4770-8CC0-7CDB4F245C55} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{9421DD08-935F-4701-A9CA-22DF90AC4EA6} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9421DD08-935F-4701-A9CA-22DF90AC4EA6} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C442AC41-9200-4770-8CC0-7CDB4F245C55} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-2545573064-1671415295-1629012448-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{9421DD08-935F-4701-A9CA-22DF90AC4EA6} deleted successfully

==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\vn2c9pwe.default\prefs.js:

Added to C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\vn2c9pwe.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\gsf1j48l.default\prefs.js:
user_pref("browser.search.useDBForOrder", true);

Added to C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\gsf1j48l.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\Marvin\AppData\Roaming\Thunderbird\Profiles\ww68v8ez.default\prefs.js:

Added to C:\Users\Marvin\AppData\Roaming\Thunderbird\Profiles\ww68v8ez.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\vn2c9pwe.default

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs__1639_.backup

ProfilePath: C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\gsf1j48l.default

user.js not found
---- Lines ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893 removed from prefs.js ----
user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.active", true);
user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.addressbar", "NA");
user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.addressbarenhanced", "");
user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.backgroundver", 5);
user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.certdomaininstaller", "");
user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.changeprevious", false);
user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT+
user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.cookie.InstallationTime.value", "%221431880770%22");
user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT+0
user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.cookie.InstallerParams.value", "%7B%22source_id%22%3A%22002978%22%2
user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.comad4db60df25f14dae
user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.comad4db60df25f14dae
user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.comasyncdb_dbWasSet"
user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.comasyncdb_dbWasSet_
user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.comasyncinternaldb_d
user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.comasyncinternaldb_d
user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.description", "Lights out for YouTube");
user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.domain", "");
user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.enablesearch", false);
user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.homepage", "");
user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.iframe", false);
user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.InstallationThankYouPage", true);
user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.InstallationTime", 1431880770);
user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.internaldb.__defualt_browser__.expiration", "Fri Feb 01 2030 00:00:
user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.internaldb.__defualt_browser__.value", "%22crossbrowser%22");
user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.internaldb.installer.expiration", "Fri Feb 01 2030 00:00:00 GMT+010
user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.internaldb.installer.value", "%7B%22InstallerIdentifiers%22%3A%7B%2
user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.internaldb.InstallerIdentifiers.expiration", "Fri Feb 01 2030 00:00
user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.internaldb.InstallerIdentifiers.value", "%7B%22installer_bic%22%3A%
user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.internaldb.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 G
user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.internaldb.InstallerParams.value", "%7B%22source_id%22%3A%22002978%
user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.lastDailyReport", "1431882605866");
user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.lastUpdate", "1431882605620");
user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.manifesturl", "");
user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.name", "CinemaPlus-3.2cV17.05");
user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.newtab", "");
user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.opensearch", "");
user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.pluginsurl", "hxxp://js.basememlog.com/plugin/apps/72893/plugins/na
user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.pluginsversion", 41);
user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.publisher", "Cinema PlusV17.05");
user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.searchstatus", 0);
user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.setnewtab", false);
user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.thankyou", "");
user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.updateinterval", 360);
user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.ver", 50);
user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.apps", "72893");
user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.bic", "14d62da8cba3b88c36a4721b1bf5971a");
user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.cid", 72893);
user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.firstrun", false);
user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.hadappinstalled", true);
user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.installationdate", 1431882600);
user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.installerAdditionalInfo", "{\"asw\":[67108872, -1610612731, 536875520, 10
user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.modetype", "production");
user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.reportInstall", true);
user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.statsDailyCounter", 1);
---- Lines extensions.X2nAGQDjJoj6Sle5 removed from prefs.js ----
user_pref("extensions.X2nAGQDjJoj6Sle5.epoch", "1435477367");
user_pref("extensions.X2nAGQDjJoj6Sle5.url", "hxxp://veterances.com/sync2/?q=hfZ9oeV9CGhEAen0rjaErdaEtMqLDe49CNU0mwkMCMlNhd9Fqja7rdUFrjr6rTgMBzqUojw8r
---- Lines extensions.hlnvstiPH2NFRDt9 removed from prefs.js ----
user_pref("extensions.hlnvstiPH2NFRDt9.epoch", "1435477366");
user_pref("extensions.hlnvstiPH2NFRDt9.url", "hxxp://superpent.org/sync2/?q=hfZ9ofDVgNrMCyVUojwErdaErchTB6lKDzt4okmxtNtVh7n0rjkEqTs6rdkFrTn7tMFHhd9Fqj
---- FireFox user.js and prefs.js backups ----

prefs__1639_.backup

ProfilePath: C:\Users\Marvin\AppData\Roaming\Thunderbird\Profiles\ww68v8ez.default

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs__1639_.backup

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome.IAXQ5T3223REKSPIGQKFT7RRYQ\shell\open\command]
@="C:\\Users\\Marvin\\AppData\\Local\\Google\\Chrome\\Application\\chrome.exe"

==== Deleting Files \ Folders ======================

C:\PROGRA~2\b05f4dc8-3eb1-4310-b007-92743b80b6d6 not found
C:\PROGRA~2\Daedalic Entertainment not found
C:\PROGRA~2\OXXOGames not found
C:\PROGRA~2\SoftwareForce not found
C:\PROGRA~3\{1C6FDDD8-FC9E-4C12-9FA5-1AAD377097B3} not found
C:\PROGRA~3\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16} not found
C:\PROGRA~3\{32364CEA-7855-4A3C-B674-53D8E9B97936} not found
C:\PROGRA~3\{93E26451-CD9A-43A5-A2FA-C42392EA4001} not found
C:\PROGRA~3\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} not found
C:\PROGRA~2\UltraISO deleted
C:\PROGRA~2\Responsive Inspector deleted
C:\PROGRA~2\VIA3  Video Conferencing Messaging deleted
C:\Users\Marvin\AppData\Roaming\ProtectDISC deleted
C:\PROGRA~2\Deskperience deleted
C:\PROGRA~2\ProtectDisc Driver Installer deleted
C:\PROGRA~2\COMMON~1\DVDVideoSoft\bin deleted
C:\PROGRA~3\InstallMate deleted
C:\PROGRA~3\Package Cache deleted
C:\windows\SysNative\config\systemprofile\Searches deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\gpt.ini deleted
C:\windows\Syswow64\InstallUtil.InstallLog deleted
C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\vn2c9pwe.default\extensions\staged deleted
C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\gsf1j48l.default\extensions\extension@ciuvo.com.xpi deleted
"C:\windows\Installer\21d02f.msi" deleted
"C:\Users\Marvin\AppData\Roaming\09grw4H1Lq1DtjJuwoG" deleted
"C:\Users\Marvin\AppData\Roaming\Brother" deleted
"C:\Users\Marvin\AppData\Roaming\D4Bmst5g3iT3eCVS4UrxT8h2" deleted
"C:\ProgramData\Bundle" deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\vn2c9pwe.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\gsf1j48l.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\Marvin\AppData\Roaming\Thunderbird\Profiles\ww68v8ez.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"e-webprint@epson.com"="C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on" [30.04.2014 13:55]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\gsf1j48l.default
- Stealthy - %ProfilePath%\extensions\stealthyextension@gmail.com.xpi

ProfilePath: C:\Users\Marvin\AppData\Roaming\Thunderbird\Profiles\ww68v8ez.default
- Instrument Test - %ProfilePath%\extensions\tbtestpilot@labs.mozilla.com.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\gsf1j48l.default
9741513D6C9D76C8903BFA362AC8BF9D        - C:\ProgramData\NexonEU\NGM\npNxGameeu.dll -        Nexon Game Controller
D7324EB1EDCB8990F8522DE0311359E9        - C:\windows\SysWOW64\npDeployJava1.dll -        Java Deployment Toolkit 7.0.250.17
701F455DE89E110EF05F0413D8E3A4D1        - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_190.dll -        Shockwave Flash
6A8A6B3C42CA4D1403C8FEA50BACEC63        - C:\Users\Marvin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll -        Unity Player
15E298B5EC5B89C5994A59863969D9FF        - C:\windows\SysWOW64\npmproxy.dll -        Microsoft® Windows® Operating System


==== Chromium Look ======================

Google Chrome Version: 43.0.2357.130


Tampermonkey - Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo

==== Chromium Fix ======================

C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markit00.re-markit.co_0.localstorage deleted successfully
C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markit00.re-markit.co_0.localstorage-journal deleted successfully
C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.pricepeep00.pricepeep.net_0.localstorage deleted successfully
C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.pricepeep00.pricepeep.net_0.localstorage-journal deleted successfully
C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.re-markit00.re-markit.co_0.localstorage deleted successfully
C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.re-markit00.re-markit.co_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.msn.com/?pc=MSSE"
"Default_Search_URL"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="hxxp://www.google.com"
"Default_Page_URL"="hxxp://www.google.com"
"Search Page"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="hxxp://www.google.com"
"Default_Page_URL"="hxxp://www.google.com"
"Search Page"="hxxp://www.google.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="hxxp://www.msn.com/?pc=MSSE"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="hxxp://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

==== Reset Google Chrome ======================

C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Preferences.bad was reset successfully
C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully

==== shortcuts on Users Desktops ======================

C:\Users\Gast\Desktop\SpeedFan.lnk - C:\Program Files (x86)\SpeedFan\speedfan.exe
C:\Users\Marvin\Desktop\CoDWaW.lnk - C:\Program Files (x86)\Activision\Call of Duty - World at War\CoDWaW.exe
C:\Users\Marvin\Desktop\ComboFix - Verknüpfung.lnk - 
C:\Users\Marvin\Desktop\iDevice Manager.lnk - C:\Program Files (x86)\Software4u\iDevice Manager\Software4u.IDeviceManager.exe
C:\Users\Marvin\Desktop\TuneUp Utilities - Startoberfläche.lnk - 
C:\Users\Marvin\Desktop\Antivirus\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Users\Marvin\Desktop\Sonstiges\Drucker\Epson Easy Photo Print.lnk - C:\Program Files (x86)\EPSON Software\Easy Photo Print\EPQuicker.exe
C:\Users\Marvin\Desktop\Sonstiges\Drucker\EPSON Scan.lnk - C:\Windows\twain_32\escndv\escndv.exe
C:\Users\Marvin\Desktop\Sonstiges\Fotobearbeitung\GIMP 2.lnk - C:\Program Files\GIMP 2\bin\gimp-2.8.exe
C:\Users\Marvin\Desktop\Sonstiges\Fotobearbeitung\PhotoScape.lnk - C:\Program Files (x86)\PhotoScape\PhotoScape.exe
C:\Users\Marvin\Desktop\Sonstiges\Fotobearbeitung\Snipping Tool.lnk - 
C:\Users\Marvin\Desktop\Sonstiges\Games\CoDWaW - Verknüpfung.lnk - 
C:\Users\Marvin\Desktop\Sonstiges\Games\Steam.lnk - C:\Program Files (x86)\Steam\Steam.exe
C:\Users\Marvin\Desktop\Sonstiges\Games\TeamSpeak 3 Client.lnk - C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe
C:\Users\Marvin\Desktop\Sonstiges\Programme\Audacity.lnk - C:\Program Files (x86)\Audacity\audacity.exe
C:\Users\Marvin\Desktop\Sonstiges\Programme\ImgBurn.lnk - C:\Program Files (x86)\ImgBurn\ImgBurn.exe
C:\Users\Marvin\Desktop\Sonstiges\Programme\IrfanView.lnk - C:\Program Files (x86)\IrfanView\i_view32.exe
C:\Users\Marvin\Desktop\Sonstiges\Programme\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe
C:\Users\Marvin\Desktop\Sonstiges\Programme\Microsoft Excel 2010.lnk - C:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\xlicons.exe
C:\Users\Marvin\Desktop\Sonstiges\Programme\Spotify.lnk - C:\Users\Marvin\AppData\Roaming\Spotify\spotify.exe
C:\Users\Marvin\Desktop\Sonstiges\Programme\Windows Live Movie Maker.lnk - C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe
C:\Users\Marvin\Desktop\Sonstiges\Programme\iPhone-Programme\CopyTrans Control Center.lnk - C:\Users\Marvin\AppData\Roaming\WindSolutions\CopyTransControlCenter\Applications\CopyTransControlCenter.exe
C:\Users\Marvin\Desktop\Sonstiges\Programme\iPhone-Programme\Free YouTube to MP3 Converter.lnk - C:\Program Files (x86)\DVDVideoSoft\Free YouTube to MP3 Converter\FreeYouTubeToMP3Converter.exe
C:\Users\Marvin\Desktop\Sonstiges\Programme\iPhone-Programme\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe
C:\Users\Marvin\Desktop\Sonstiges\Programme\iPhone-Programme\mp3DirectCut.lnk - C:\Program Files (x86)\mp3DirectCut\mp3DirectCut.exe
C:\Users\Marvin\Desktop\Sonstiges\Windows\Windows Crack (Office)\Microsoft Toolkit - Verknüpfung.lnk - 
C:\Users\Marvin\Desktop\System\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe
C:\Users\Marvin\Desktop\System\CPUID CPU-Z.lnk - C:\Program Files\CPUID\CPU-Z\cpuz.exe
C:\Users\Marvin\Desktop\System\HitmanPro.lnk - C:\Program Files (x86)\HitmanPro\HitmanPro.exe
C:\Users\Marvin\Desktop\System\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\DAEMON Tools Lite.lnk - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk - C:\Program Files (x86)\Common Files\DVDVideoSoft\FreeStudioManager.exe
C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk - C:\Program Files (x86)\DVDVideoSoft\Free YouTube to MP3 Converter\FreeYouTubeToMP3Converter.exe
C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Public\Desktop\iBackupBot for iTunes.lnk - C:\Program Files (x86)\VOWSoft iPod Software\iBackupBot for iTunes\iBackupBot.exe
C:\Users\Public\Desktop\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe
C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Public\Desktop\Safari.lnk - C:\windows\Installer\{C779648B-410E-4BBA-B75B-5815BCEFE71D}\SafariIco.exe
C:\Users\Public\Desktop\Samsung Control Center.lnk - C:\Program Files (x86)\Samsung\Samsung Control Center\ControlCenter.exe
C:\Users\Public\Desktop\Skype.lnk - C:\windows\Installer\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}\SkypeIcon.exe

==== shortcuts in Users Start Menu ======================

C:\Users\Marvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Marvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk - C:\windows\Installer\{AC76BA86-7AD7-1031-7B44-AA1000000001}\SC_Reader.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk - C:\Program Files (x86)\Microsoft Security Client\msseces.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk - C:\windows\Installer\{C779648B-410E-4BBA-B75B-5815BCEFE71D}\SafariIco.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID\CPU-Z\CPU-Z.lnk - C:\Program Files\CPUID\CPU-Z\cpuz.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID\CPU-Z\Edit CPU-Z Config File.lnk - C:\Program Files\CPUID\CPU-Z\cpuz.ini
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID\CPU-Z\Uninstall CPU-Z.lnk - C:\Program Files\CPUID\CPU-Z\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\DVDVideoSoft Free Studio.lnk - C:\Program Files (x86)\Common Files\DVDVideoSoft\FreeStudioManager.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Free YouTube to MP3 Converter.lnk - C:\Program Files (x86)\DVDVideoSoft\Free YouTube to MP3 Converter\FreeYouTubeToMP3Converter.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Log Report.lnk - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\DVSSysReport.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Premium Membership.lnk - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\PremiumMembershipOffer.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Uninstall.lnk - C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\Uninstall.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro\HitmanPro 3.7 entfernen.lnk - C:\Program Files (x86)\HitmanPro\HitmanPro.exe /uninstall
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro\HitmanPro.lnk - C:\Program Files (x86)\HitmanPro\HitmanPro.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iDevice Manager\iDevice Manager deinstallieren.lnk - C:\Program Files (x86)\Software4u\iDevice Manager\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iDevice Manager\iDevice Manager im Internet.lnk - C:\Program Files (x86)\Software4u\iDevice Manager\iDevice Manager - Website.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iDevice Manager\iDevice Manager.lnk - C:\Program Files (x86)\Software4u\iDevice Manager\Software4u.IDeviceManager.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\Über iTunes.lnk - 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk - C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\Silverlight.Configuration.exe

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - 
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - 
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - 
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - 
C:\Users\Gast\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - 
C:\Users\Gast\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - 
C:\Users\Gast\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Gast\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Gast\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\windows\explorer.exe
C:\Users\Gast\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\Marvin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk - C:\windows\Installer\{C779648B-410E-4BBA-B75B-5815BCEFE71D}\SafariIco.exe
C:\Users\Marvin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Marvin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Marvin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PhotoScape.lnk - C:\Program Files (x86)\PhotoScape\PhotoScape.exe
C:\Users\Marvin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - 
C:\Users\Marvin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - 
C:\Users\Marvin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\CCleaner.lnk - C:\Program Files (x86)\CCleaner\CCleaner64.exe
C:\Users\Marvin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\TeamSpeak 3 Client.lnk - C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe
C:\Users\Marvin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Marvin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Word.lnk - C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
C:\Users\Marvin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Marvin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Spotify.lnk - C:\Users\Marvin\AppData\Roaming\Spotify\spotify.exe
C:\Users\Marvin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\windows\explorer.exe
C:\Users\Marvin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A747D90C74DB9A2419E5EC6B1BBBC711 deleted successfully
HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C09D747A-BD47-42A9-915E-CEB6B1BB7C11} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\A747D90C74DB9A2419E5EC6B1BBBC711 deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoogleChromeAutoLaunch_46F1CB28F09B935A713F72D4B90FE680 deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent deleted successfully

==== Empty IE Cache ======================

C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Gast\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Marvin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Gast\AppData\Local\Mozilla\Firefox\Profiles\vn2c9pwe.default\Cache emptied successfully
C:\Users\Marvin\AppData\Local\Mozilla\Firefox\Profiles\gsf1j48l.default\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=181 folders=57 49919527 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\Gast\AppData\Local\temp emptied successfully
C:\Users\Marvin\AppData\Local\Temp will be emptied at reboot
C:\Users\Public\AppData\Local\temp emptied successfully
C:\windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\windows\Temp successfully emptied
C:\Users\Marvin\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 30.06.2015 at 16:50:15,82 ======================
Viele der Werbungen innerhalb einer Seite sind nun nicht mehr vorhanden, aber sie sind nicht komplett verschwunden. Beispielsweise gibt es immer noch Werbung über Google-Suchergebnissen "Ads by SaleItCoupon"

Außerdem ist mein ganzes System immer noch ziemlich lahm und hängt hinterher.

Und ich wollte mal fragen wie jetzt so der Stand der Dinge ist, und was genau bedeutet es, wenn diese AppData Dateien gelöscht werden, weil ich habe gesehen, dass da auch Dateien von "normalen" Programmen gelöscht werden. Was hat das für einen Einfluss? Funktionieren jetzt manche meiner Programme nicht mehr? Oder sind diese Dateien sowas wie bei einem Spiel die Fortschrittspeicherung oder wie darf ich mir das vorstellen?

MfG und Danke für die ganze Hilfe, ich weiß diese Seite und die freiwilligen Helfer hier wirklich zu schätzen

Ach ja und mir fällt gerade noch ein, dass wenn ich zum Beispiel bei Spotify Musik höre, dann ist der Ton richtig blechernd im Gegensatz dazu bevor ich die Viren, Trojaner oder was auch immer hatte. Kann das überhaupt damit zusammenhängen?

M-K-D-B 30.06.2015 20:56
Servus,


Zoek hat nur leere Ordner entfernt, kein Grund zur Sorge. ;)


gut möglich, dass die Adware dein System/Browser derart auslastet, dass andere Dinge (Sound) in Mitleidenschaft gezogen werden.

Bitte folgendes tun:

Bitte setze deine Brower wie folgt zurück:
IE :::
Setze folgendermassen den Internet Explorer zurück:
  • Öffne den Internet Explorer und gehe zu Extras -> Internetoptionen.
  • Klicke in der Registerkarte Erweitert unter "Internet Explorer-Einstellungen zurücksetzen" auf Zurücksetzen...
  • Klicke im Dialogfeld "Internet Explorer-Einstellungen zurücksetzen" zum Bestätigen auf Zurücksetzen.
(Hier findest du die bebilderte Anleitung.)

FF :::
setze bitte Firefox wie folgt zurück:
Firefox zurücksetzen

CHR:::
Setze Google Chrome nach dieser Anleitung zurück.




Dann nochmal FRST:

  • Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
  • FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.

marvin1105 01.07.2015 05:51
Guten Morgen und vielen Dank. Ich habe nur noch 2 weitere Fragen:
1. Ich habe IE nur ohne Add-Ons gefunden, starten und zurücksetzen können, spielt das eine Rolle?
2. Chrome hatte den Eintrag "SaleItCoupon" bei Erweiterung nach Zurücksetzen der Browsereinstellungen nur deaktiviert, aber der Eintrag ist nachträglich noch vorhanden. Soll ich hier noch was machen? Eventuell den Eintrag manuell löschen?

Und hier die beiden geforderten Logfiles

FRST

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:28-06-2015 01
Ran by Marvin (administrator) on MARVIN-PC on 01-07-2015 06:43:41
Running from C:\Users\Marvin\Desktop\Antivirus
Loaded Profiles: Marvin (Available Profiles: Marvin & Gast)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Spotify Ltd) C:\Users\Marvin\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Samsung Control Center\dmhkcore.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Samsung Control Center\MovieColorEnhancer.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Samsung Control Center\SmartSetting.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Samsung Control Center\WifiManager.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Samsung Control Center\EasySpeedUpManager.exe
(SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11895400 2011-06-25] (Realtek Semiconductor)
HKU\S-1-5-21-2545573064-1671415295-1629012448-1000\...\Run: [Spotify Web Helper] => C:\Users\Marvin\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2023480 2015-06-29] (Spotify Ltd)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2545573064-1671415295-1629012448-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2545573064-1671415295-1629012448-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2545573064-1671415295-1629012448-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2545573064-1671415295-1629012448-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2013-02-28] (SEIKO EPSON CORPORATION)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-08-14] (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-08-14] (Oracle Corporation)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2013-02-28] (SEIKO EPSON CORPORATION)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{2A94E516-2DE9-4155-BD74-533A45A480A3}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{917C8FB1-DBBD-4071-BBA1-49971A587E96}: [DhcpNameServer] 139.7.30.126 139.7.30.125

FireFox:
========
FF ProfilePath: C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\pj1kto0f.default-1435725644758
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_17_0_0_190.dll [2015-06-27] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_190.dll [2015-06-27] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\windows\SysWOW64\npDeployJava1.dll [2013-08-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-08-14] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npNxGameeu.dll [2012-07-06] (Nexon)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2545573064-1671415295-1629012448-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Marvin\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-2545573064-1671415295-1629012448-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Marvin\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-2545573064-1671415295-1629012448-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Marvin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2012-08-20] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2013-06-11] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2013-06-11] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2013-06-11] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2013-06-11] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2013-06-11] (Apple Inc.)
FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2014-04-30]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-30]
CHR Extension: (Google Docs) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-30]
CHR Extension: (Google Drive) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-30]
CHR Extension: (YouTube) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-05-17]
CHR Extension: (Google Search) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-17]
CHR Extension: (Google Sheets) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-30]
CHR Extension: (Gmail) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-17]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-03-28] (Advanced Micro Devices, Inc.) [File not signed]
S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
S4 EpsonScanSvc; C:\windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [58387104 2014-07-12] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 PnkBstrA; C:\windows\SysWOW64\PnkBstrA.exe [76888 2014-05-29] ()
S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [441504 2014-07-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31920 2014-04-09] (Wondershare)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-03-07] (Disc Soft Ltd)
S3 GenericMount; C:\Windows\System32\DRIVERS\GenericMount.sys [54320 2009-09-21] (Symantec Corporation)
S3 hitmanpro37; C:\windows\system32\drivers\hitmanpro37.sys [43664 2015-05-17] ()
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
S3 MotioninJoyXFilter; C:\Windows\System32\DRIVERS\MijXfilt.sys [121416 2012-05-12] (MotioninJoy) [File not signed]
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [22528 2011-08-02] (Apple Inc.) [File not signed]
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2011-10-21] (Windows (R) 2003 DDK 3790 provider)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U2 V2iMount; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-01 06:38 - 2015-07-01 06:40 - 00000000 ____D C:\Users\Marvin\Desktop\Alte Firefox-Daten
2015-06-30 16:47 - 2015-06-30 16:15 - 00024064 _____ C:\windows\zoek-delete.exe
2015-06-30 16:19 - 2015-06-30 16:50 - 00036524 _____ C:\zoek-results.log
2015-06-30 16:15 - 2015-06-30 16:42 - 00000000 ____D C:\zoek_backup
2015-06-30 16:13 - 2015-06-30 16:13 - 01308672 _____ C:\Users\Marvin\Downloads\zoek (1).exe
2015-06-30 16:13 - 2015-06-30 16:13 - 01308672 _____ C:\Users\Marvin\Desktop\zoek.exe
2015-06-30 08:16 - 2015-06-30 16:55 - 00000000 ____D C:\Users\Marvin\Desktop\Antivirus
2015-06-30 08:13 - 2015-06-30 08:13 - 00000024 _____ C:\Users\Marvin\AppData\Roaming\appdataFr25.bin
2015-06-30 08:09 - 2015-06-30 08:09 - 00000207 _____ C:\windows\tweaking.com-regbackup-MARVIN-PC-Windows-7-Home-Premium-(64-bit).dat
2015-06-29 21:27 - 2015-06-29 21:27 - 00023309 _____ C:\ComboFix.txt
2015-06-29 21:05 - 2015-06-29 21:05 - 00001123 _____ C:\Users\Marvin\Desktop\ComboFix - Verknüpfung.lnk
2015-06-29 21:02 - 2011-06-26 08:45 - 00256000 _____ C:\windows\PEV.exe
2015-06-29 21:02 - 2010-11-07 19:20 - 00208896 _____ C:\windows\MBR.exe
2015-06-29 21:02 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2015-06-29 21:02 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2015-06-29 21:02 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2015-06-29 21:02 - 2000-08-31 02:00 - 00098816 _____ C:\windows\sed.exe
2015-06-29 21:02 - 2000-08-31 02:00 - 00080412 _____ C:\windows\grep.exe
2015-06-29 21:02 - 2000-08-31 02:00 - 00068096 _____ C:\windows\zip.exe
2015-06-29 21:01 - 2015-06-29 21:27 - 00000000 ____D C:\Qoobox
2015-06-29 21:01 - 2015-06-29 21:25 - 00000000 ____D C:\windows\erdnt
2015-06-29 21:01 - 2015-06-29 21:01 - 05630589 ____R (Swearware) C:\Users\Marvin\Downloads\ComboFix.exe
2015-06-29 19:29 - 2015-06-29 19:30 - 00056775 _____ C:\Users\Marvin\Downloads\Addition.txt
2015-06-29 19:28 - 2015-07-01 06:43 - 00000000 ____D C:\FRST
2015-06-29 19:28 - 2015-06-29 19:30 - 00053074 _____ C:\Users\Marvin\Downloads\FRST.txt
2015-06-29 18:39 - 2015-06-29 18:39 - 05530096 _____ (Advanced System Protector ) C:\Users\Marvin\Downloads\aspsetup.exe
2015-06-29 18:29 - 2015-06-29 18:29 - 00000000 ____D C:\RegBackup
2015-06-27 10:28 - 2015-06-30 16:49 - 00001236 _____ C:\windows\PFRO.log
2015-06-27 10:28 - 2015-06-30 16:49 - 00000504 _____ C:\windows\setupact.log
2015-06-27 10:28 - 2015-06-27 10:28 - 00000000 _____ C:\windows\setuperr.log
2015-06-20 15:37 - 2015-06-20 15:38 - 03930567 _____ C:\Users\Marvin\Downloads\95d8e1bfc946e8efccd53137830f544fe7928335.torrent
2015-06-14 13:03 - 2015-06-14 13:03 - 00000000 ____D C:\Users\Marvin\AppData\Local\Activision
2015-06-14 11:39 - 2015-06-14 11:39 - 00000000 ____D C:\Users\Marvin\AppData\Local\Steam
2015-06-13 15:02 - 2015-06-13 22:44 - 00000000 ____D C:\Users\Marvin\Desktop\backuppic
2015-06-13 14:26 - 2015-06-13 14:26 - 00026565 _____ C:\windows\SysWOW64\msrsb04.dll
2015-06-13 14:26 - 2015-06-13 14:26 - 00000000 ____D C:\Users\Marvin\AppData\Local\IsolatedStorage
2015-06-13 14:25 - 2015-06-13 14:25 - 00002198 _____ C:\Users\Marvin\Desktop\iDevice Manager.lnk
2015-06-13 14:25 - 2015-06-13 14:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iDevice Manager
2015-06-10 16:25 - 2015-05-28 04:02 - 19291136 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-06-10 16:25 - 2015-05-25 20:24 - 05569984 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-06-10 16:25 - 2015-05-25 20:23 - 00155584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-06-10 16:25 - 2015-05-25 20:23 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-06-10 16:25 - 2015-05-25 20:21 - 01728960 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2015-06-10 16:25 - 2015-05-25 20:19 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-06-10 16:25 - 2015-05-25 20:19 - 01255424 _____ (Microsoft Corporation) C:\windows\system32\diagtrack.dll
2015-06-10 16:25 - 2015-05-25 20:19 - 01162752 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2015-06-10 16:25 - 2015-05-25 20:19 - 00879104 _____ (Microsoft Corporation) C:\windows\system32\tdh.dll
2015-06-10 16:25 - 2015-05-25 20:19 - 00728576 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-06-10 16:25 - 2015-05-25 20:19 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-06-10 16:25 - 2015-05-25 20:19 - 00424960 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2015-06-10 16:25 - 2015-05-25 20:19 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2015-06-10 16:25 - 2015-05-25 20:19 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-06-10 16:25 - 2015-05-25 20:19 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-06-10 16:25 - 2015-05-25 20:19 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-06-10 16:25 - 2015-05-25 20:19 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2015-06-10 16:25 - 2015-05-25 20:19 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2015-06-10 16:25 - 2015-05-25 20:19 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-06-10 16:25 - 2015-05-25 20:19 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-06-10 16:25 - 2015-05-25 20:19 - 00113664 _____ (Microsoft Corporation) C:\windows\system32\sechost.dll
2015-06-10 16:25 - 2015-05-25 20:19 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-06-10 16:25 - 2015-05-25 20:19 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-06-10 16:25 - 2015-05-25 20:19 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-06-10 16:25 - 2015-05-25 20:19 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-06-10 16:25 - 2015-05-25 20:19 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2015-06-10 16:25 - 2015-05-25 20:19 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2015-06-10 16:25 - 2015-05-25 20:18 - 00879104 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2015-06-10 16:25 - 2015-05-25 20:18 - 00404992 _____ (Microsoft Corporation) C:\windows\system32\tracerpt.exe
2015-06-10 16:25 - 2015-05-25 20:18 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2015-06-10 16:25 - 2015-05-25 20:18 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-06-10 16:25 - 2015-05-25 20:18 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2015-06-10 16:25 - 2015-05-25 20:18 - 00104448 _____ (Microsoft Corporation) C:\windows\system32\logman.exe
2015-06-10 16:25 - 2015-05-25 20:18 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-06-10 16:25 - 2015-05-25 20:18 - 00047104 _____ (Microsoft Corporation) C:\windows\system32\typeperf.exe
2015-06-10 16:25 - 2015-05-25 20:18 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2015-06-10 16:25 - 2015-05-25 20:18 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\relog.exe
2015-06-10 16:25 - 2015-05-25 20:18 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-06-10 16:25 - 2015-05-25 20:18 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-06-10 16:25 - 2015-05-25 20:18 - 00019456 _____ (Microsoft Corporation) C:\windows\system32\diskperf.exe
2015-06-10 16:25 - 2015-05-25 20:14 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-06-10 16:25 - 2015-05-25 20:14 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-06-10 16:25 - 2015-05-25 20:11 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-06-10 16:25 - 2015-05-25 20:11 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2015-06-10 16:25 - 2015-05-25 20:11 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 20:11 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 20:11 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 20:11 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 20:07 - 03989440 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-06-10 16:25 - 2015-05-25 20:07 - 03934144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-06-10 16:25 - 2015-05-25 20:04 - 01310744 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2015-06-10 16:25 - 2015-05-25 20:01 - 00641536 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2015-06-10 16:25 - 2015-05-25 20:01 - 00635392 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdh.dll
2015-06-10 16:25 - 2015-05-25 20:01 - 00551424 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-06-10 16:25 - 2015-05-25 20:01 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-06-10 16:25 - 2015-05-25 20:01 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-06-10 16:25 - 2015-05-25 20:01 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-06-10 16:25 - 2015-05-25 20:01 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2015-06-10 16:25 - 2015-05-25 20:01 - 00092160 _____ (Microsoft Corporation) C:\windows\SysWOW64\sechost.dll
2015-06-10 16:25 - 2015-05-25 20:01 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2015-06-10 16:25 - 2015-05-25 20:01 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-06-10 16:25 - 2015-05-25 20:01 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2015-06-10 16:25 - 2015-05-25 20:01 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2015-06-10 16:25 - 2015-05-25 20:01 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2015-06-10 16:25 - 2015-05-25 20:00 - 00364544 _____ (Microsoft Corporation) C:\windows\SysWOW64\tracerpt.exe
2015-06-10 16:25 - 2015-05-25 20:00 - 00082944 _____ (Microsoft Corporation) C:\windows\SysWOW64\logman.exe
2015-06-10 16:25 - 2015-05-25 20:00 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2015-06-10 16:25 - 2015-05-25 20:00 - 00040448 _____ (Microsoft Corporation) C:\windows\SysWOW64\typeperf.exe
2015-06-10 16:25 - 2015-05-25 20:00 - 00037888 _____ (Microsoft Corporation) C:\windows\SysWOW64\relog.exe
2015-06-10 16:25 - 2015-05-25 20:00 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2015-06-10 16:25 - 2015-05-25 20:00 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\diskperf.exe
2015-06-10 16:25 - 2015-05-25 19:59 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2015-06-10 16:25 - 2015-05-25 19:59 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2015-06-10 16:25 - 2015-05-25 19:59 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2015-06-10 16:25 - 2015-05-25 19:59 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2015-06-10 16:25 - 2015-05-25 19:57 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-06-10 16:25 - 2015-05-25 19:57 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2015-06-10 16:25 - 2015-05-25 19:55 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-06-10 16:25 - 2015-05-25 19:55 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2015-06-10 16:25 - 2015-05-25 19:55 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 19:55 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 19:00 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\UtcResources.dll
2015-06-10 16:25 - 2015-05-25 18:50 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2015-06-10 16:25 - 2015-05-25 18:50 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2015-06-10 16:25 - 2015-05-25 18:48 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 18:48 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 18:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 18:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-06-10 16:25 - 2015-04-29 20:22 - 14635008 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2015-06-10 16:25 - 2015-04-29 20:21 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\spwmp.dll
2015-06-10 16:25 - 2015-04-29 20:21 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\msdxm.ocx
2015-06-10 16:25 - 2015-04-29 20:21 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\dxmasf.dll
2015-06-10 16:25 - 2015-04-29 20:19 - 12625920 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL
2015-06-10 16:25 - 2015-04-29 20:07 - 11411456 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmp.dll
2015-06-10 16:25 - 2015-04-29 20:07 - 00008192 _____ (Microsoft Corporation) C:\windows\SysWOW64\spwmp.dll
2015-06-10 16:25 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\msdxm.ocx
2015-06-10 16:25 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxmasf.dll
2015-06-10 16:25 - 2015-04-29 20:05 - 12625408 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmploc.DLL
2015-06-10 16:25 - 2015-04-24 20:17 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\comctl32.dll
2015-06-10 16:25 - 2015-04-24 19:56 - 00530432 _____ (Microsoft Corporation) C:\windows\SysWOW64\comctl32.dll
2015-06-10 16:24 - 2015-05-28 04:04 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-06-10 16:24 - 2015-05-28 04:03 - 02237440 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-06-10 16:24 - 2015-05-28 04:03 - 01409024 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-06-10 16:24 - 2015-05-28 04:03 - 00601600 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-06-10 16:24 - 2015-05-28 04:02 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-06-10 16:24 - 2015-05-28 04:02 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-06-10 16:24 - 2015-05-28 04:02 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-06-10 16:24 - 2015-05-28 04:01 - 15415808 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-06-10 16:24 - 2015-05-28 04:01 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-06-10 16:24 - 2015-05-28 04:01 - 02656768 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-06-10 16:24 - 2015-05-28 04:01 - 00856064 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-06-10 16:24 - 2015-05-28 04:01 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-06-10 16:24 - 2015-05-28 04:01 - 00451584 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-06-10 16:24 - 2015-05-28 04:01 - 00281600 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-06-10 16:24 - 2015-05-28 04:01 - 00255488 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-06-10 16:24 - 2015-05-28 04:01 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2015-06-10 16:24 - 2015-05-28 04:01 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-06-10 16:24 - 2015-05-28 04:01 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-06-10 16:24 - 2015-05-28 04:01 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-06-10 16:24 - 2015-05-28 04:00 - 01509376 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-06-10 16:24 - 2015-05-28 02:45 - 01763328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-06-10 16:24 - 2015-05-28 02:45 - 01181696 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-06-10 16:24 - 2015-05-28 02:45 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-06-10 16:24 - 2015-05-28 02:44 - 14383104 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-06-10 16:24 - 2015-05-28 02:44 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-06-10 16:24 - 2015-05-28 02:44 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-06-10 16:24 - 2015-05-28 02:44 - 00080384 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-06-10 16:24 - 2015-05-28 02:43 - 13771776 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-06-10 16:24 - 2015-05-28 02:43 - 02865152 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-06-10 16:24 - 2015-05-28 02:43 - 02055680 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-06-10 16:24 - 2015-05-28 02:43 - 01441280 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-06-10 16:24 - 2015-05-28 02:43 - 00690176 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-06-10 16:24 - 2015-05-28 02:43 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-06-10 16:24 - 2015-05-28 02:43 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-06-10 16:24 - 2015-05-28 02:43 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-06-10 16:24 - 2015-05-28 02:43 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-06-10 16:24 - 2015-05-28 02:43 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2015-06-10 16:24 - 2015-05-28 02:43 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-06-10 16:24 - 2015-05-28 02:43 - 00039936 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-06-10 16:24 - 2015-05-28 02:43 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-06-10 16:24 - 2015-05-28 02:24 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-06-10 16:24 - 2015-05-28 02:23 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-06-10 16:24 - 2015-05-28 02:00 - 00441856 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-06-10 16:24 - 2015-05-28 01:55 - 00361984 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2015-06-10 16:24 - 2015-05-28 01:34 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2015-06-10 16:24 - 2015-05-28 01:32 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2015-06-10 16:20 - 2015-05-25 19:08 - 03206144 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-06-10 16:20 - 2015-04-11 05:19 - 00069888 _____ (Microsoft Corporation) C:\windows\system32\Drivers\stream.sys
2015-06-05 20:07 - 2015-05-22 20:18 - 01021440 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-06-05 20:07 - 2015-05-22 20:18 - 00757248 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-06-05 20:07 - 2015-05-22 20:18 - 00700416 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-06-05 20:07 - 2015-05-22 20:18 - 00423424 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-06-05 20:07 - 2015-05-22 20:18 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-06-05 20:07 - 2015-05-22 20:18 - 00045568 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2015-06-05 20:07 - 2015-05-22 20:13 - 01119232 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-06-05 20:07 - 2015-05-21 15:19 - 00193536 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-01 06:37 - 2011-07-21 21:18 - 00765838 _____ C:\windows\system32\perfh007.dat
2015-07-01 06:37 - 2011-07-21 21:18 - 00175036 _____ C:\windows\system32\perfc007.dat
2015-07-01 06:37 - 2009-07-14 07:13 - 01807338 _____ C:\windows\system32\PerfStringBackup.INI
2015-07-01 06:26 - 2012-03-29 16:21 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-07-01 06:24 - 2015-05-17 20:13 - 00001110 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-01 06:08 - 2011-07-21 21:51 - 02014198 _____ C:\windows\WindowsUpdate.log
2015-07-01 01:24 - 2015-05-17 20:13 - 00001106 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-30 17:08 - 2015-05-18 20:36 - 00000000 ____D C:\Users\Marvin\AppData\Local\Spotify
2015-06-30 17:08 - 2014-05-04 14:06 - 00000000 ____D C:\Users\Marvin\AppData\Roaming\Spotify
2015-06-30 16:57 - 2009-07-14 06:45 - 00028624 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-30 16:57 - 2009-07-14 06:45 - 00028624 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-30 16:49 - 2009-07-14 07:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-06-30 16:39 - 2009-07-14 05:20 - 00000000 ___HD C:\windows\system32\GroupPolicy
2015-06-30 16:12 - 2015-05-15 10:04 - 00136408 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-30 07:07 - 2013-11-09 14:51 - 00000000 ____D C:\AdwCleaner
2015-06-29 21:27 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2015-06-29 21:21 - 2009-07-14 04:34 - 00000215 _____ C:\windows\system.ini
2015-06-29 21:20 - 2009-07-14 04:34 - 25427968 _____ C:\windows\system32\config\system.bak
2015-06-29 21:20 - 2009-07-14 04:34 - 103809024 _____ C:\windows\system32\config\software.bak
2015-06-29 21:20 - 2009-07-14 04:34 - 01835008 _____ C:\windows\system32\config\default.bak
2015-06-29 21:20 - 2009-07-14 04:34 - 00065536 _____ C:\windows\system32\config\sam.bak
2015-06-29 21:20 - 2009-07-14 04:34 - 00028672 _____ C:\windows\system32\config\security.bak
2015-06-29 21:05 - 2015-05-15 10:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-29 21:04 - 2015-05-18 17:30 - 00000000 ____D C:\Users\Marvin\Desktop\System
2015-06-29 18:13 - 2009-07-14 07:08 - 00032632 _____ C:\windows\Tasks\SCHEDLGU.TXT
2015-06-27 10:24 - 2013-09-05 16:20 - 00000000 ____D C:\Program Files (x86)\Steam
2015-06-27 10:24 - 2012-07-22 10:07 - 00002774 _____ C:\windows\System32\Tasks\CCleanerSkipUAC
2015-06-27 10:24 - 2011-02-11 21:57 - 00000000 ____D C:\windows\Panther
2015-06-27 10:05 - 2011-12-26 01:51 - 00000000 ____D C:\Users\Marvin\AppData\Roaming\Skype
2015-06-27 09:57 - 2013-09-15 15:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-27 09:57 - 2011-12-28 03:28 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-06-27 09:42 - 2015-05-17 19:09 - 00000000 ____D C:\Users\Marvin\AppData\Local\Mozilla
2015-06-27 00:26 - 2012-03-29 16:21 - 00778416 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-06-27 00:26 - 2012-03-29 16:21 - 00003822 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-06-27 00:26 - 2011-12-25 01:01 - 00142512 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-26 23:25 - 2015-05-17 20:13 - 00002135 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-20 12:26 - 2012-07-04 14:20 - 00000000 ____D C:\Users\Marvin\AppData\Local\Google
2015-06-14 11:47 - 2013-03-08 17:22 - 00000000 ____D C:\ProgramData\Electronic Arts
2015-06-14 11:46 - 2015-05-03 13:37 - 00000000 ____D C:\Program Files (x86)\SpeedFan
2015-06-14 11:46 - 2009-07-14 07:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-06-13 15:11 - 2009-07-14 07:09 - 00000000 ____D C:\windows\System32\Tasks\WPD
2015-06-13 14:34 - 2011-12-31 01:17 - 00000000 ____D C:\Users\Marvin\Desktop\Sonstiges
2015-06-12 18:01 - 2009-07-14 05:20 - 00000000 ____D C:\windows\rescache
2015-06-12 16:40 - 2015-05-15 20:03 - 05043400 _____ C:\windows\system32\FNTCACHE.DAT
2015-06-11 19:12 - 2012-01-12 17:34 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-11 19:06 - 2013-07-25 14:56 - 00000000 ____D C:\windows\system32\MRT
2015-06-11 18:37 - 2011-12-25 11:53 - 140135120 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-06-11 18:36 - 2009-07-14 04:34 - 00000580 _____ C:\windows\win.ini
2015-06-09 13:42 - 2014-12-13 19:23 - 00000000 ____D C:\windows\system32\appraiser
2015-06-09 13:42 - 2014-04-28 14:35 - 00000000 ___SD C:\windows\system32\CompatTel
2015-06-01 17:27 - 2009-07-14 05:20 - 00000000 ____D C:\windows\system32\NDF

==================== Files in the root of some directories =======

2015-06-30 08:13 - 2015-06-30 08:13 - 0000024 _____ () C:\Users\Marvin\AppData\Roaming\appdataFr25.bin
2012-01-23 15:58 - 2012-01-29 18:26 - 0000600 _____ () C:\Users\Marvin\AppData\Roaming\winscp.rnd
2015-05-22 19:37 - 2015-05-22 19:37 - 0002713 _____ () C:\Users\Marvin\AppData\Local\recently-used.xbel
2011-12-26 01:52 - 2011-12-26 01:52 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2012-09-17 18:04 - 2012-12-05 19:42 - 0000000 ____H () C:\ProgramData\PKP_DLes.DAT
2012-09-17 18:04 - 2012-12-05 19:44 - 0000000 ____H () C:\ProgramData\PKP_DLet.DAT
2012-09-17 18:03 - 2012-09-17 18:12 - 0000000 ____H () C:\ProgramData\PKP_DLeu.DAT
2012-09-17 18:04 - 2012-12-05 19:44 - 0000000 ____H () C:\ProgramData\PKP_DLev.DAT
2011-07-21 06:19 - 2011-07-21 06:20 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2011-07-21 06:11 - 2011-07-21 06:12 - 0000113 _____ () C:\ProgramData\{34FBC7C4-CD31-4D93-A428-0E524EAC4586}.log
2011-07-21 06:16 - 2011-07-21 06:17 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2011-07-21 06:12 - 2011-07-21 06:16 - 0000106 _____ () C:\ProgramData\{80E158EA-7181-40FE-A701-301CE6BE64AB}.log
2011-07-21 06:17 - 2011-07-21 06:19 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-26 23:57

==================== End of log ============================
--- --- ---


Addtion
[CODE]Additional
FRST Logfile:
Code:
scan result of Farbar Recovery Scan Tool (x64) Version:28-06-2015 01
Ran by Marvin at 2015-07-01 06:44:35
Running from C:\Users\Marvin\Desktop\Antivirus
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2545573064-1671415295-1629012448-500 - Administrator - Disabled)
Gast (S-1-5-21-2545573064-1671415295-1629012448-501 - Limited - Enabled) => C:\Users\Gast
HomeGroupUser$ (S-1-5-21-2545573064-1671415295-1629012448-1002 - Limited - Enabled)
Marvin (S-1-5-21-2545573064-1671415295-1629012448-1000 - Administrator - Enabled) => C:\Users\Marvin

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Disabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

„Windows Live Essentials“ (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
„Windows Live“ fotogalerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.2.1.650 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.190 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.190 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{2748FDE2-7BA8-1D20-11A2-FF01CEB009A5}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-Bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Atheros)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
AVG 2013 (Version: 13.0.2641 - AVG Technologies) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 5.60.48.55 - Broadcom Corporation)
Call of Duty(R) - World at War(TM) (HKLM-x32\...\InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}) (Version: 1.7 - Activision)
Call of Duty(R) - World at War(TM) (x32 Version: 1.0 - Activision) Hidden
Call of Duty(R) - World at War(TM) 1.1 Patch (x32 Version:  - ) Hidden
Call of Duty(R) - World at War(TM) 1.1 Patch (x32 Version: 1.1 - Activision) Hidden
Call of Duty(R) - World at War(TM) 1.2 Patch (x32 Version:  - ) Hidden
Call of Duty(R) - World at War(TM) 1.2 Patch (x32 Version: 1.2 - Activision) Hidden
Call of Duty(R) - World at War(TM) 1.3 Patch (x32 Version:  - ) Hidden
Call of Duty(R) - World at War(TM) 1.3 Patch (x32 Version: 1.3 - Activision) Hidden
Call of Duty(R) - World at War(TM) 1.4 Patch (x32 Version:  - ) Hidden
Call of Duty(R) - World at War(TM) 1.4 Patch (x32 Version: 1.4 - Activision) Hidden
Call of Duty(R) - World at War(TM) 1.5 Patch (x32 Version:  - ) Hidden
Call of Duty(R) - World at War(TM) 1.5 Patch (x32 Version: 1.5 - Activision) Hidden
Call of Duty(R) - World at War(TM) 1.6 Patch (x32 Version:  - ) Hidden
Call of Duty(R) - World at War(TM) 1.6 Patch (x32 Version: 1.6 - Activision) Hidden
Call of Duty(R) - World at War(TM) 1.7 Patch (x32 Version:  - ) Hidden
Call of Duty(R) - World at War(TM) 1.7 Patch (x32 Version: 1.7 - Activision) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.07 - Piriform)
CPUID CPU-Z 1.72 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.4013 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.48.1.0347 - Disc Soft Ltd)
Download Navigator (HKLM-x32\...\{04A86A16-2082-46EE-8AD2-9A6FDC96DD27}) (Version: 3.3.0 - SEIKO EPSON CORPORATION)
Druckerdeinstallation für EPSON XP-302 303 305 306 Series (HKLM\...\EPSON XP-302 303 305 306 Series) (Version:  - SEIKO EPSON Corporation)
Elements 9 Organizer (x32 Version: 9.0 - Ihr Firmenname) Hidden
Elements STI Installer (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Epson Easy Photo Print 2 (HKLM-x32\...\{02A312B5-1542-47B6-BFE9-F51358C39E86}) (Version: 2.4.0.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION2)
Epson E-Web Print (HKLM-x32\...\{CEC98C2A-9ED5-49DA-9F3A-92434E0A4FA3}) (Version: 1.19.0000 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Free YouTube to MP3 Converter version 3.12.59.505 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.59.505 - DVDVideoSoft Ltd.)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Garry)
GDR 5520 für SQL Server 2008 (KB 2977321) (64-bit) (HKLM\...\KB2977321) (Version: 10.3.5520.0 - Microsoft Corporation)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
globalupdate Helper (x32 Version: 1.3.25.0 - globalupdate Inc.) Hidden <==== ATTENTION
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.130 - Google Inc.)
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Grand Theft Auto IV (x32 Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.242 - SurfRight B.V.)
iBackupBot 5.2.5 (HKLM-x32\...\iBackupBot) (Version: 5.2.5 - VOWSoft, Ltd.)
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)
Intel PROSet Wireless (x32 Version:  - ) Hidden
Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{3C41721F-AF0F-4086-AA1C-4C7F29076228}) (Version: 14.01.1000 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
jahPlayer (HKLM-x32\...\jahPlayer) (Version:  - )
Java 7 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
K-Lite Codec Pack 5.2.0 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 5.2.0 - )
Kontrola Windows Live Mesh ActiveX za daljinske veze (HKLM-x32\...\{19CBDE24-2761-49A5-816B-D2BA65D0CA8D}) (Version: 15.4.5722.2 - Microsoft Corporation)
Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave (HKLM-x32\...\{CA227A9D-09BE-4BFB-9764-48FED2DA5454}) (Version: 15.4.5722.2 - Microsoft Corporation)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.0 Language Pack - DEU (HKLM\...\Microsoft Help Viewer 1.0 Language Pack - DEU) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 (64-bit) (HKLM\...\Microsoft SQL Server 10 Release) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 Browser (HKLM-x32\...\{4AF2248C-B3DF-46FB-9596-87F5DB193689}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{12FE6AA6-65D2-40EE-B925-62193128A0E6}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{A106D33E-6B43-42C0-9BFC-D03303261FA7}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{393CA5BF-0362-42FD-ABC2-BA9D22EF925E}) (Version: 10.3.5520.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 DEU (HKLM-x32\...\{0125D081-30D0-4A97-82A8-C28D444B6256}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 DEU (HKLM\...\{C3EAE456-7E7A-451F-80EF-F34C7A13C558}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{5A08C9D1-37AD-4A8D-90D3-33F92C578AA5}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{28D06854-572C-4A65-83E5-F8CAF26B9FDC}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Runtime - 10.0.30319 (HKLM\...\{94D70749-4281-39AC-AD90-B56A0E0A402E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{616C6F39-4CE1-3434-A665-2F6A04C09A7F}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU (HKLM\...\{3C983A67-DFB2-3D3D-AD9E-CA1A5A09FD18}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 37.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 de)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 37.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
msxml4 (HKLM-x32\...\{5AE3D9F1-9E9E-4015-8787-E22705AA32C5}) (Version: 1.0.0 - Default Company Name)
Multimedia POP (HKLM-x32\...\{331ECF61-69AF-4F57-AC35-AFED610231C3}) (Version: 1.1 - )
Nero Backup Drivers (HKLM\...\{D600D357-5CB9-4DE9-8FD4-14E208BD1970}) (Version: 1.0.11100.8.0 - Nero AG)
Nur Entfernen der CopyTrans Suite möglich (HKU\S-1-5-21-2545573064-1671415295-1629012448-1000\...\CopyTrans Suite) (Version: 2.37 - WindSolutions)
OpenLibraries (HKLM-x32\...\OpenLibraries) (Version:  - )
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
ProtectDisc Driver, Version 11 (HKLM-x32\...\ProtectDisc Driver 11) (Version: 11.0.0.14 - ProtectDisc Software GmbH)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.45.516.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6400 - Realtek Semiconductor Corp.)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Samsung Control Center (HKLM-x32\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 1.0 - Samsung Electronics Co., Ltd.)
Samsung Recovery Solution 5 (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 5.0.1.3 - Samsung)
Samsung Support Center 1.0 (HKLM-x32\...\{F687E657-F636-44DF-8125-9FEEA2C362F5}) (Version: 1.1.38 - Samsung)
Samsung Universal Print Driver (HKLM-x32\...\Samsung Universal Print Driver) (Version: 2.02.05.00:27 - Samsung Electronics Co., Ltd.)
Samsung Universal Scan Driver (HKLM-x32\...\Samsung Universal Scan Driver) (Version: 1.2.5.0 - Samsung Electronics Co., Ltd.)
Samsung Update Plus (HKLM-x32\...\{142D8CA7-2C6F-45A7-83E3-099AAFD99133}) (Version: 3.0.0.17 - Samsung Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 3 für SQL Server 2008 (KB2546951) (64-bit) (HKLM\...\KB2546951) (Version: 10.3.5500.0 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-2545573064-1671415295-1629012448-1000\...\Spotify) (Version: 1.0.7.157.g2a6526f9 - Spotify AB)
Sql Server Customer Experience Improvement Program (Version: 10.3.5500.0 - Microsoft Corporation) Hidden
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.13.1 - TeamSpeak Systems GmbH)
TuneUp Companion 2.2.7 (HKLM-x32\...\TuneUpMedia) (Version: 2.2.7 - TuneUp Media, Inc.)
TuneUp Utilities 2013 (HKLM-x32\...\TuneUp Utilities 2013) (Version: 13.0.2013.194 - TuneUp Software)
TuneUp Utilities 2013 (x32 Version: 13.0.2013.194 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (en-US) (x32 Version: 13.0.2013.194 - TuneUp Software) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VLC media player 1.1.11 (HKLM-x32\...\VLC media player) (Version: 1.1.11 - VideoLAN)
War Thunder (HKLM-x32\...\Steam App 236390) (Version:  - Gaijin Entertainment)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR 4.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
WordCaptureX Pro (HKLM-x32\...\{139C1D95-9037-3AB3-F5F4-4A79BF6831EC}) (Version: 4.0.0 - Deskperience)
Your Product (HKLM-x32\...\Your Product1.0) (Version: 1.0 - Your Company)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

20-06-2015 12:35:58 Windows Update
26-06-2015 22:58:30 Windows Update
29-06-2015 21:02:09 ComboFix created restore point
30-06-2015 16:19:15 zoek.exe restore point

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2015-06-29 21:21 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {11EE5FD4-E46E-4D3E-BE64-5D42B308EC2F} - System32\Tasks\SUPBackground => C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe [2011-01-12] (Samsung Electronics)
Task: {12E2745D-D8DB-4F12-9F37-2544B87A80B0} - System32\Tasks\{FD9645F9-CA54-488A-9AE1-E059EA60D436} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{17283B95-21A8-4996-97DA-547A48DB266F}\setup.exe" -d "C:\Program Files (x86)\InstallShield Installation Information\{17283B95-21A8-4996-97DA-547A48DB266F}"
Task: {133FDAA6-03EA-47D8-8B8E-AAEDD164486C} - System32\Tasks\{F91F98E5-501B-4F99-AAF9-64E3DFA60859} => pcalua.exe -a C:\Users\Marvin\Downloads\PSE_5.0_WIN_ESD1_DE.exe -d C:\Users\Marvin\Downloads
Task: {146831AB-977B-4466-A37C-8132E2964E9C} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\Samsung Control Center\EBM\EasyBatteryMgr4.exe [2011-05-09] (SAMSUNG Electronics co., LTD.)
Task: {197AB0E6-09EB-48CA-A83F-35DD5C94EC16} - System32\Tasks\{C183DF6C-42C2-44E2-AB22-AD47C67E1724} => C:\Program Files (x86)\iPhoneBrowser\iPhoneBrowser.exe
Task: {24B9B3AC-9A92-4DC7-BDBC-2BE32EE60A00} - System32\Tasks\{66D3EC76-D9DC-48A8-9D96-C7630F815A91} => C:\Program Files (x86)\Rockstar Games\GTA San Andreas\gta_sa.exe
Task: {340351E2-7790-4A6E-8A49-E35601FE80B0} - System32\Tasks\SvcDelay => C:\Windows\temp\SvcDelay.exe
Task: {46CC1074-1FAC-4981-BB9E-F27BC91583AB} - System32\Tasks\{B7349295-B75B-45FF-B29A-F3724694F7F9} => pcalua.exe -a C:\Users\Marvin\AppData\Local\Temp\Temp1_pbsetup.zip\pbsetup.exe
Task: {4E481420-08F6-4F19-AB66-A4BA5205FFDC} - System32\Tasks\SamsungSupportCenter => C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe [2011-09-04] (SAMSUNG Electronics)
Task: {5002D113-FD9A-4186-8930-47553D453087} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2013\OneClick.exe [2012-09-17] (TuneUp Software)
Task: {54493605-DA64-4842-B8B7-91C17101956E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-17] (Google Inc.)
Task: {60D0E33B-2CF4-4071-B7E7-825D91288EEF} - System32\Tasks\{FA6BA6FF-86F1-4376-A173-1C5D4553B892} => pcalua.exe -a C:\Users\Marvin\AppData\Local\Temp\Temp1_WBFSManager3.0.1-RTW-x64.zip\setup.exe
Task: {61B481F5-46AD-46BC-8EB9-EBF82037F967} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-17] (Google Inc.)
Task: {6ECC35CD-3826-42A4-9F38-DEFF395803E1} - System32\Tasks\{41119750-8CDB-43D3-A18D-49A7D6E34E8D} => pcalua.exe -a C:\Users\Marvin\Downloads\SetupiPhoneBrowser.1.91.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {73AA9B64-FF9E-4B7C-805F-EFCF590D45AD} - System32\Tasks\{CE526F6F-E8DC-40A6-8703-6D10C232F564} => C:\Program Files (x86)\iPhoneBrowser\iPhoneBrowser.exe
Task: {7558D982-20FC-4565-AD2D-34F983BA56A1} - System32\Tasks\AdobeAAMUpdater-1.0-Marvin-PC-Marvin => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated)
Task: {7B719969-F143-4B5D-A94D-F10D79BDA580} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-10-22] (Piriform Ltd)
Task: {81B46C8D-F2F6-43A2-A560-F23BA244C322} - System32\Tasks\advSRS5 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe [2011-03-29] (SEC)
Task: {8A273E5B-B2D4-4392-BEAB-70A0364E2107} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {8DE93BA1-ECE0-4A07-BD4B-7B4F402F782E} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Samsung Control Center\dmhkcore.exe [2011-06-15] (Samsung Electronics Co., Ltd.)
Task: {91F305C2-7AAC-4AD1-A2D7-18F2778CAE0E} - System32\Tasks\MovieColorEnhancer => C:\Program Files (x86)\Samsung\Samsung Control Center\MovieColorEnhancer.exe [2011-02-16] (Samsung Electronics Co., Ltd.)
Task: {97224D5F-7F24-4EBC-8CC1-E4D7DA323A62} - System32\Tasks\{DA8BD37B-D4DB-4009-930E-D3328DF2D69A} => C:\Program Files (x86)\Rockstar Games\GTA San Andreas\gta_sa.exe
Task: {9E69DAE8-AC47-478E-8BAC-0EA28B695205} - System32\Tasks\{555A58B4-EE2D-4E5F-A488-58366B1C4CC3} => C:\Program Files (x86)\Rockstar Games\GTA San Andreas\gta_sa.exe
Task: {C2C98F00-AD81-4AF6-A160-D1ECA910D769} - System32\Tasks\{28680E42-0417-4147-8F36-E0B29C155489} => C:\Program Files (x86)\Rockstar Games\GTA San Andreas\gta_sa.exe
Task: {C5F246C3-01C1-4425-9059-361BB99B99F1} - System32\Tasks\SmartSetting => C:\Program Files (x86)\Samsung\Samsung Control Center\SmartSetting.exe [2011-06-04] (Samsung Electronics Co., Ltd.)
Task: {CE561253-E65B-4601-8363-2BE5F3BA00F1} - System32\Tasks\EasyPartitionManager => C:\Windows\MSetup\BA46-12225A02\EPM.exe
Task: {D01A72E6-4909-4893-ACB5-1B4D037E2F0A} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-03-12] (Oracle Corporation)
Task: {D625583E-4F39-42A9-847A-C12E40A23386} - System32\Tasks\{CE73ADFF-0AD8-4D35-846A-846F72E35E02} => C:\Program Files (x86)\Rockstar Games\GTA San Andreas\gta_sa.exe
Task: {DC4097BB-80E7-4AA8-8677-2016C868A029} - System32\Tasks\SCCSpeedBoot => C:\Program Files (x86)\Samsung\Samsung Control Center\SCCSpeedBoot.exe [2011-05-18] (Samsung Electronics Co., Ltd.)
Task: {E17E0554-C5C1-4C6E-A08B-3BFD458C5EE1} - System32\Tasks\Google Updater and Installer => C:\Users\Marvin\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {E69545C2-A3B7-4E78-8563-A33D8EB77554} - System32\Tasks\WifiManager => C:\Program Files (x86)\Samsung\Samsung Control Center\WifiManager.exe [2011-06-15] (Samsung Electronics Co., Ltd.)
Task: {EA9AD490-377C-4893-990C-B638421AF152} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-04-14] (CyberLink)
Task: {FAC99DC5-D88D-42BE-83F9-866CE977D2BA} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-27] (Adobe Systems Incorporated)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2011-07-21 20:58 - 2008-06-05 01:53 - 00027648 _____ () C:\windows\System32\spd__l.dll
2013-03-28 22:31 - 2013-03-28 22:31 - 00210944 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2012-09-23 13:53 - 2012-09-23 13:53 - 00748544 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2012-09-23 13:53 - 2012-09-23 13:53 - 03645952 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2013-03-28 22:30 - 2013-03-28 22:30 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2014-02-24 18:51 - 2014-05-29 16:48 - 00076888 _____ () C:\windows\SysWOW64\PnkBstrA.exe
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2011-12-25 22:04 - 2011-05-28 23:05 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2011-07-21 20:58 - 2010-10-21 20:22 - 00709632 _____ () C:\windows\system32\SnMinDrv.dll
2011-07-21 06:21 - 2006-08-12 05:48 - 00049152 _____ () C:\Program Files (x86)\Samsung\Samsung Control Center\HookDllPS2.dll
2011-07-21 06:21 - 2011-02-16 18:03 - 00203776 _____ () C:\Program Files (x86)\Samsung\Samsung Control Center\WinCRT.dll
2015-06-26 23:25 - 2015-06-20 07:46 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\libglesv2.dll
2015-06-26 23:25 - 2015-06-20 07:46 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\libegl.dll
2015-06-26 23:25 - 2015-06-20 07:46 - 15003976 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:05EE1EEF
AlternateDataStreams: C:\ProgramData\Temp:AD022376

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2545573064-1671415295-1629012448-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Marvin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: Apple Mobile Device Service => 2
MSCONFIG\Services: EpsonScanSvc => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: Samsung UPD Service => 3
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"                                                                                                                                                                                                       
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"                                                                                                                                                                                   
MSCONFIG\startupreg: ApplePhotoStreams => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices                                                                                                                                                                                           
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun                                                                                                                                                                                                         
MSCONFIG\startupreg: EPLTarget =>
MSCONFIG\startupreg: iCloudServices => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
MSCONFIG\startupreg: Spotify => "C:\Users\Marvin\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Marvin\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent                                                                                                                                                                                                                       

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{B533BEAD-760B-4082-9DA0-54BF2F0D93C5}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\USDAgent.exe
FirewallRules: [{76536418-9980-4136-A940-01AC3FDA8068}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\USDAgent.exe
FirewallRules: [{5DE60AAD-259B-4A32-997B-29A78B957E08}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\ICCUpdater.exe
FirewallRules: [{33D218BC-2254-4513-8885-4EF0CBA07F96}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\ICCUpdater.exe
FirewallRules: [{752DF0A3-F849-4572-8243-3EA33FA265B2}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{CE794129-3BA4-4148-A605-5F5B1C8EC197}] => (Allow) LPort=2869
FirewallRules: [{70925FC6-7C9E-49DF-916D-4B49F27C6092}] => (Allow) LPort=1900
FirewallRules: [{AF431D3E-9319-4C5C-BC4C-36E81D16814F}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{090304E7-4608-4716-AFFB-13236A9BEBE9}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [TCP Query User{311EA05E-61F9-4D51-B362-3C0A7F8B5F98}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe] => (Allow) C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe
FirewallRules: [UDP Query User{7A5FC880-C91E-4783-91EE-668D73EE285A}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe] => (Allow) C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe
FirewallRules: [{64204237-5179-4897-9C62-A6C190C39DA8}] => (Allow) C:\ProgramData\NexonEU\NGM\NGM.exe
FirewallRules: [{0F6B505D-6288-4150-8B1A-CBCDA16F29E0}] => (Allow) C:\ProgramData\NexonEU\NGM\NGM.exe
FirewallRules: [TCP Query User{DAC72453-0B67-463A-A625-49C699FD1E88}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe] => (Allow) C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe
FirewallRules: [UDP Query User{04A2CDF2-379E-47AD-9A66-EC56940C5960}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe] => (Allow) C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe
FirewallRules: [TCP Query User{A8726F37-409A-4859-BA0E-84C5DC5757C4}C:\windows\syswow64\javaw.exe] => (Allow) C:\windows\syswow64\javaw.exe
FirewallRules: [UDP Query User{4E7A4E00-4DB8-48C9-BBD3-44FDE2BF2FCE}C:\windows\syswow64\javaw.exe] => (Allow) C:\windows\syswow64\javaw.exe
FirewallRules: [{33A47B9A-18C7-4298-AF7F-DB7E2CFDFBB8}] => (Allow) %ProgramFiles% (x86)\Java\jre7\bin\javaw.exe
FirewallRules: [{3C235533-BA45-4310-B379-7AB6359C9057}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{A3F4F4CF-321B-492C-9759-8D76033C0FE8}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{A013F280-B5D8-4F2D-9B37-BDC102B4C941}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F5207462-1BE0-4F9A-A07C-86DA37CD3283}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D8A731BE-EDCF-420D-A0E6-533363A7D61D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{596F2A3F-A471-46E0-B473-44FF05F785DE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1083B88C-75C1-49F1-BF62-E87E96D8CFC0}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{7165D37D-C72C-43D8-A528-17E4F9961474}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{BB95D659-AAF1-4497-950B-8738E2C588A0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\War Thunder\launcher.exe
FirewallRules: [{07DCCCA0-50F8-4CD3-AB06-EADC885321FB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\War Thunder\launcher.exe
FirewallRules: [{207283C6-2643-4BF5-8E6B-627A25FFDFB7}] => (Allow) E:\Network\EpsonNetSetup\ENEasyApp.exe
FirewallRules: [{E2ADDE8C-F09C-4465-9B7B-709258F715C8}] => (Allow) E:\Network\EpsonNetSetup\ENEasyApp.exe
FirewallRules: [TCP Query User{216C37FA-CEA0-4C06-85B6-F6D33947CE92}C:\users\marvin\desktop\sonstiges\nazi_zombies\nazi zombies\codwaw.exe] => (Allow) C:\users\marvin\desktop\sonstiges\nazi_zombies\nazi zombies\codwaw.exe
FirewallRules: [UDP Query User{4F5595A1-D40C-4701-95CF-12AB17D92CBF}C:\users\marvin\desktop\sonstiges\nazi_zombies\nazi zombies\codwaw.exe] => (Allow) C:\users\marvin\desktop\sonstiges\nazi_zombies\nazi zombies\codwaw.exe
FirewallRules: [TCP Query User{73434ACF-7C3F-4F19-B789-E3E06A5390AB}C:\users\marvin\desktop\sonstiges\nazi_zombies\nazi zombies\codwaw.exe] => (Allow) C:\users\marvin\desktop\sonstiges\nazi_zombies\nazi zombies\codwaw.exe
FirewallRules: [UDP Query User{1FC8939C-0094-41DA-BD96-CB6530E6B27C}C:\users\marvin\desktop\sonstiges\nazi_zombies\nazi zombies\codwaw.exe] => (Allow) C:\users\marvin\desktop\sonstiges\nazi_zombies\nazi zombies\codwaw.exe
FirewallRules: [{86983096-69A5-4B3E-8A42-8E22DD308E51}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{A6B95520-617C-4E87-90F3-5B5CCE18B990}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{ED6E9610-CEEB-488A-9CA1-7C751A8BF5B1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{FE8CEFA3-27C6-4D21-8579-B4AD4E9BB2B2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{B56A0034-A2DF-4C5C-85F7-ACD4A30D86DE}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{04D5B1A0-41E6-4EC0-AEB8-3414CCCAC4BE}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{CF2B409A-C062-4BCF-A3C5-FEBA0538B698}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{4C03FCE1-D5AC-41DA-8A60-14F0A58ABD9F}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{C7208592-41A2-4CDE-8B2A-3C7134200749}] => (Allow) C:\Program Files (x86)\Activision\Call of Duty - World at War\CoDWaW.exe
FirewallRules: [{980F6C00-8469-4844-B056-F29BA37B8067}] => (Allow) C:\Program Files (x86)\Activision\Call of Duty - World at War\CoDWaW.exe
FirewallRules: [{C51DD5C0-01E8-4E01-9011-D9F331655B1C}] => (Allow) C:\Program Files (x86)\Activision\Call of Duty - World at War\CoDWaWmp.exe
FirewallRules: [{B214461C-9B7E-4F6F-80DF-AE78621D8239}] => (Allow) C:\Program Files (x86)\Activision\Call of Duty - World at War\CoDWaWmp.exe
FirewallRules: [{F5F99662-CC56-492C-9B42-B578477B4917}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{72FBCD98-EA65-4A28-A8BB-FF0AAA44F93A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{E9C9C8FE-5C70-45FF-990A-D7C259D97F21}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{50CD923A-CC65-428F-9792-3E9FA6EEB094}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [TCP Query User{2DAF7A75-5A30-4150-A6BA-88B22E4591DB}C:\users\marvin\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\marvin\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{31D60B47-97BE-4EFE-8E7A-AEF129E8169E}C:\users\marvin\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\marvin\appdata\roaming\spotify\spotify.exe
FirewallRules: [{BF6CE0CC-365D-48F1-8D3F-569347A8B55E}] => (Block) C:\users\marvin\appdata\roaming\spotify\spotify.exe
FirewallRules: [{C46CC1FD-B110-4AF8-B834-7AB26F5BD313}] => (Block) C:\users\marvin\appdata\roaming\spotify\spotify.exe
FirewallRules: [{EEC9249E-D2F2-4C4F-B6D9-A6242B4C9ECD}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{C5DE302A-04E1-4A0B-957C-DC44B34C99D4}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{728286ED-FCAD-49D6-BC6D-EC7B5912A7A2}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{9AFE2C43-788F-4F47-B694-7031E2CD1FE7}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [TCP Query User{451184ED-707F-49BD-943B-31F0BCFE9FED}C:\program files (x86)\activision\call of duty - world at war\codwaw.exe] => (Allow) C:\program files (x86)\activision\call of duty - world at war\codwaw.exe
FirewallRules: [UDP Query User{A9BC098D-A9F9-401C-8830-F6545E90B399}C:\program files (x86)\activision\call of duty - world at war\codwaw.exe] => (Allow) C:\program files (x86)\activision\call of duty - world at war\codwaw.exe
FirewallRules: [{40E30453-F4E3-4AFD-9778-5E3C7C2C7D46}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A16FE5EA-2645-459B-91E5-09B435885D1C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{ED1B3443-6F10-446B-A057-FDAB89C955CE}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{1F5321BB-CFCC-4A7C-99FC-03ECC8B5066D}] => (Allow) C:\Program Files (x86)\Software4u\iDevice Manager\Software4u.IDeviceManager.exe
FirewallRules: [{7F0909DD-69AC-42A8-B289-B1B961AC70F6}] => (Allow) C:\Program Files (x86)\Software4u\iDevice Manager\Software4u.IDeviceManager.exe
FirewallRules: [{19030F3C-F544-4BF5-AC76-F02ABFA7429C}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{E9AE5F1F-5B26-4310-A0E2-A64BF65F8F12}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{A7CCF692-9405-41FE-BF4E-F8866AE5D11B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/29/2015 09:02:20 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddWin32ServiceFiles: Unable to back up image of service TuneUp Utilities Service since QueryServiceConfig API failed

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (06/29/2015 09:02:20 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary TuneUpUtilitiesDrv.

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (06/14/2015 11:42:00 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Steam.exe, Version 2.81.34.6 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1264

Startzeit: 01d0a685ec635dd4

Endzeit: 0

Anwendungspfad: C:\Program Files (x86)\Steam\Steam.exe

Berichts-ID: 67e719c3-1279-11e5-85ce-e81132d93976

Error: (06/14/2015 00:01:50 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (06/13/2015 01:35:32 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (06/11/2015 08:14:06 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (06/10/2015 08:40:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: atieclxx.exe, Version: 6.14.11.1143, Zeitstempel: 0x5154efc9
Name des fehlerhaften Moduls: atieclxx.exe, Version: 6.14.11.1143, Zeitstempel: 0x5154efc9
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000002ea19
ID des fehlerhaften Prozesses: 0x108c
Startzeit der fehlerhaften Anwendung: 0xatieclxx.exe0
Pfad der fehlerhaften Anwendung: atieclxx.exe1
Pfad des fehlerhaften Moduls: atieclxx.exe2
Berichtskennung: atieclxx.exe3

Error: (05/25/2015 09:16:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: TuneUpSystemStatusCheck.exe, Version: 13.0.2013.194, Zeitstempel: 0x5056f399
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00002070
ID des fehlerhaften Prozesses: 0x1580
Startzeit der fehlerhaften Anwendung: 0xTuneUpSystemStatusCheck.exe0
Pfad der fehlerhaften Anwendung: TuneUpSystemStatusCheck.exe1
Pfad des fehlerhaften Moduls: TuneUpSystemStatusCheck.exe2
Berichtskennung: TuneUpSystemStatusCheck.exe3

Error: (05/18/2015 08:21:48 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddWin32ServiceFiles: Unable to back up image of service Update Edu App since QueryServiceConfig API failed

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (05/17/2015 08:08:16 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "RegSetValueExW(0x0000029c,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,00000000030AEDF0.72)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.


System errors:
=============
Error: (06/30/2015 04:39:22 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (06/30/2015 04:39:22 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (06/30/2015 04:39:21 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (06/30/2015 04:39:21 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (06/30/2015 04:39:21 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (06/30/2015 08:09:38 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (06/30/2015 08:09:38 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Software Protection" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (06/30/2015 08:09:36 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Live ID Sign-in Assistant" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (06/30/2015 08:09:36 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "PnkBstrA" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (06/30/2015 08:09:36 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "SQL Server (SQLEXPRESS)" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


Microsoft Office:
=========================
Error: (06/29/2015 09:02:20 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service TuneUp Utilities Service since QueryServiceConfig API failed

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (06/29/2015 09:02:20 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary TuneUpUtilitiesDrv.

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (06/14/2015 11:42:00 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Steam.exe2.81.34.6126401d0a685ec635dd40C:\Program Files (x86)\Steam\Steam.exe67e719c3-1279-11e5-85ce-e81132d93976

Error: (06/14/2015 00:01:50 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\program files (x86)\common files\adobe air\Versions\1.0\Adobe AIR.dllc:\program files (x86)\common files\adobe air\Versions\1.0\Adobe AIR.dll3

Error: (06/13/2015 01:35:32 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\program files (x86)\common files\adobe air\Versions\1.0\Adobe AIR.dllc:\program files (x86)\common files\adobe air\Versions\1.0\Adobe AIR.dll3

Error: (06/11/2015 08:14:06 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\program files (x86)\common files\adobe air\Versions\1.0\Adobe AIR.dllc:\program files (x86)\common files\adobe air\Versions\1.0\Adobe AIR.dll3

Error: (06/10/2015 08:40:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: atieclxx.exe6.14.11.11435154efc9atieclxx.exe6.14.11.11435154efc9c0000005000000000002ea19108c01d0a3ace73c4920C:\windows\system32\atieclxx.exeC:\windows\system32\atieclxx.exe25cfb97a-0fa0-11e5-beb3-e81132d93976

Error: (05/25/2015 09:16:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: TuneUpSystemStatusCheck.exe13.0.2013.1945056f399unknown0.0.0.000000000c000000500002070158001d096baab557310C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpSystemStatusCheck.exeunknownf17e1d07-02ad-11e5-ae55-e81132d93976

Error: (05/18/2015 08:21:48 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service Update Edu App since QueryServiceConfig API failed

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (05/17/2015 08:08:16 PM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x0000029c,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,00000000030AEDF0.72)0x80070005, Zugriff verweigert


CodeIntegrity Errors:
===================================
  Date: 2015-06-29 21:18:51.887
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-06-29 21:18:51.794
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-05-17 18:58:14.829
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-17 18:58:14.735
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-17 18:58:05.102
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-17 18:58:05.008
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-17 18:58:02.696
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-17 18:58:02.586
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-17 18:58:01.652
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-17 18:58:01.558
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Processor: AMD A6-3410MX APU with Radeon(tm) HD Graphics
Percentage of memory in use: 29%
Total physical RAM: 5611.81 MB
Available physical RAM: 3964.56 MB
Total Pagefile: 11221.82 MB
Available Pagefile: 9187.93 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:230 GB) (Free:59.03 GB) NTFS
Drive d: () (Fixed) (Total:342.9 GB) (Free:69.11 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 596.2 GB) (Disk ID: C469F6B2)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=230 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=342.9 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=23.2 GB) - (Type=27)

==================== End of log ============================
--- --- ---

M-K-D-B 01.07.2015 12:59
Servus,



Zitat:
Zitat von marvin1105 (Beitrag 1483787)
1. Ich habe IE nur ohne Add-Ons gefunden, starten und zurücksetzen können, spielt das eine Rolle?
Nein, spielt keine Rolle.


Zitat:
Zitat von marvin1105 (Beitrag 1483787)
2. Chrome hatte den Eintrag "SaleItCoupon" bei Erweiterung nach Zurücksetzen der Browsereinstellungen nur deaktiviert, aber der Eintrag ist nachträglich noch vorhanden. Soll ich hier noch was machen? Eventuell den Eintrag manuell löschen?
Ja, die Chrome Erweiterung "SaleItCoupon" bitte manuell löschen.






Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Code:
start
CloseProcesses:
HKU\S-1-5-21-2545573064-1671415295-1629012448-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
C:\Users\Marvin\Downloads\aspsetup.exe
C:\Users\Marvin\AppData\Roaming\appdataFr*.bin
Task: {12E2745D-D8DB-4F12-9F37-2544B87A80B0} - System32\Tasks\{FD9645F9-CA54-488A-9AE1-E059EA60D436} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{17283B95-21A8-4996-97DA-547A48DB266F}\setup.exe" -d "C:\Program Files (x86)\InstallShield Installation Information\{17283B95-21A8-4996-97DA-547A48DB266F}"
Task: {133FDAA6-03EA-47D8-8B8E-AAEDD164486C} - System32\Tasks\{F91F98E5-501B-4F99-AAF9-64E3DFA60859} => pcalua.exe -a C:\Users\Marvin\Downloads\PSE_5.0_WIN_ESD1_DE.exe -d C:\Users\Marvin\Downloads
Task: {340351E2-7790-4A6E-8A49-E35601FE80B0} - System32\Tasks\SvcDelay => C:\Windows\temp\SvcDelay.exe
Task: {46CC1074-1FAC-4981-BB9E-F27BC91583AB} - System32\Tasks\{B7349295-B75B-45FF-B29A-F3724694F7F9} => pcalua.exe -a C:\Users\Marvin\AppData\Local\Temp\Temp1_pbsetup.zip\pbsetup.exe
Task: {60D0E33B-2CF4-4071-B7E7-825D91288EEF} - System32\Tasks\{FA6BA6FF-86F1-4376-A173-1C5D4553B892} => pcalua.exe -a C:\Users\Marvin\AppData\Local\Temp\Temp1_WBFSManager3.0.1-RTW-x64.zip\setup.exe
Task: {6ECC35CD-3826-42A4-9F38-DEFF395803E1} - System32\Tasks\{41119750-8CDB-43D3-A18D-49A7D6E34E8D} => pcalua.exe -a C:\Users\Marvin\Downloads\SetupiPhoneBrowser.1.91.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {6ECC35CD-3826-42A4-9F38-DEFF395803E1} - System32\Tasks\{41119750-8CDB-43D3-A18D-49A7D6E34E8D} => pcalua.exe -a C:\Users\Marvin\Downloads\SetupiPhoneBrowser.1.91.exe -d "C:\Program Files (x86)\Mozilla Firefox"
AlternateDataStreams: C:\ProgramData\Temp:05EE1EEF
AlternateDataStreams: C:\ProgramData\Temp:AD022376
RemoveProxy:
EmptyTemp:
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.







Schritt 2
Lade dir die passende Version von SystemLook vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop:
SystemLook (32 bit) | SystemLook (64 bit)
  • Doppelklicke auf die SystemLook.exe, um das Tool zu starten.
  • Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:

    Code:
    :filefind
    *globalupdate*
    *appdataFr*

    :folderfind
    *globalupdate*
    *appdataFr*

    :regfind
    globalupdate
    appdataFr
  • Klicke nun auf den Button Look, um den Scan zu starten.
  • Der Suchlauf kann einige Zeit dauern.
  • Wenn der Suchlauf beendet ist, wird sich dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
  • Die Ergebnisse werden auch auf dem Desktop als SystemLook.txt gespeichert.







Schritt 3
  • Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
  • FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.





Wie läuft der Rechner aktuell? Welche Probleme gibt es noch?




Bitte poste mit deiner nächsten Antwort
  • die Logdatei des FRST-Fix,
  • die Logdatei von SystemLook,
  • die beiden neuen Logdateien von FRST,
  • die Beantwortung der gestellten Fragen.

marvin1105 01.07.2015 13:46

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:28-06-2015 01
Ran by Marvin (administrator) on MARVIN-PC on 01-07-2015 14:43:24
Running from C:\Users\Marvin\Desktop\Antivirus
Loaded Profiles: Marvin (Available Profiles: Marvin & Gast)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Spotify Ltd) C:\Users\Marvin\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Samsung Control Center\dmhkcore.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Samsung Control Center\MovieColorEnhancer.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Samsung Control Center\SmartSetting.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Samsung Control Center\WifiManager.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Samsung Control Center\EasySpeedUpManager.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11895400 2011-06-25] (Realtek Semiconductor)
HKU\S-1-5-21-2545573064-1671415295-1629012448-1000\...\Run: [Spotify Web Helper] => C:\Users\Marvin\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2023480 2015-06-29] (Spotify Ltd)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2545573064-1671415295-1629012448-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2545573064-1671415295-1629012448-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2545573064-1671415295-1629012448-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2013-02-28] (SEIKO EPSON CORPORATION)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-08-14] (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-08-14] (Oracle Corporation)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2013-02-28] (SEIKO EPSON CORPORATION)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{2A94E516-2DE9-4155-BD74-533A45A480A3}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{917C8FB1-DBBD-4071-BBA1-49971A587E96}: [DhcpNameServer] 139.7.30.126 139.7.30.125

FireFox:
========
FF ProfilePath: C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\pj1kto0f.default-1435725644758
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_17_0_0_190.dll [2015-06-27] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_190.dll [2015-06-27] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\windows\SysWOW64\npDeployJava1.dll [2013-08-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-08-14] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npNxGameeu.dll [2012-07-06] (Nexon)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2545573064-1671415295-1629012448-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Marvin\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-2545573064-1671415295-1629012448-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Marvin\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-2545573064-1671415295-1629012448-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Marvin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2012-08-20] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2013-06-11] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2013-06-11] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2013-06-11] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2013-06-11] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2013-06-11] (Apple Inc.)
FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2014-04-30]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-30]
CHR Extension: (Google Docs) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-30]
CHR Extension: (Google Drive) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-30]
CHR Extension: (YouTube) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-05-17]
CHR Extension: (Google Search) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-17]
CHR Extension: (Google Sheets) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-30]
CHR Extension: (Gmail) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-17]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-03-28] (Advanced Micro Devices, Inc.) [File not signed]
S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
S4 EpsonScanSvc; C:\windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [58387104 2014-07-12] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 PnkBstrA; C:\windows\SysWOW64\PnkBstrA.exe [76888 2014-05-29] ()
S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [441504 2014-07-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31920 2014-04-09] (Wondershare)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-03-07] (Disc Soft Ltd)
S3 GenericMount; C:\Windows\System32\DRIVERS\GenericMount.sys [54320 2009-09-21] (Symantec Corporation)
S3 hitmanpro37; C:\windows\system32\drivers\hitmanpro37.sys [43664 2015-05-17] ()
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
S3 MotioninJoyXFilter; C:\Windows\System32\DRIVERS\MijXfilt.sys [121416 2012-05-12] (MotioninJoy) [File not signed]
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [22528 2011-08-02] (Apple Inc.) [File not signed]
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2011-10-21] (Windows (R) 2003 DDK 3790 provider)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U2 V2iMount; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-01 14:33 - 2015-07-01 14:43 - 00025874 _____ C:\Users\Marvin\Downloads\SystemLook.txt
2015-07-01 14:32 - 2015-07-01 14:32 - 00165376 _____ C:\Users\Marvin\Downloads\SystemLook_x64.exe
2015-07-01 14:31 - 2015-07-01 14:31 - 00000024 _____ C:\Users\Marvin\AppData\Roaming\appdataFr25.bin
2015-07-01 06:38 - 2015-07-01 06:40 - 00000000 ____D C:\Users\Marvin\Desktop\Alte Firefox-Daten
2015-06-30 16:47 - 2015-06-30 16:15 - 00024064 _____ C:\windows\zoek-delete.exe
2015-06-30 16:19 - 2015-06-30 16:50 - 00036524 _____ C:\zoek-results.log
2015-06-30 16:15 - 2015-06-30 16:42 - 00000000 ____D C:\zoek_backup
2015-06-30 16:13 - 2015-06-30 16:13 - 01308672 _____ C:\Users\Marvin\Downloads\zoek (1).exe
2015-06-30 16:13 - 2015-06-30 16:13 - 01308672 _____ C:\Users\Marvin\Desktop\zoek.exe
2015-06-30 08:16 - 2015-07-01 14:43 - 00000000 ____D C:\Users\Marvin\Desktop\Antivirus
2015-06-30 08:09 - 2015-06-30 08:09 - 00000207 _____ C:\windows\tweaking.com-regbackup-MARVIN-PC-Windows-7-Home-Premium-(64-bit).dat
2015-06-29 21:27 - 2015-06-29 21:27 - 00023309 _____ C:\ComboFix.txt
2015-06-29 21:05 - 2015-06-29 21:05 - 00001123 _____ C:\Users\Marvin\Desktop\ComboFix - Verknüpfung.lnk
2015-06-29 21:02 - 2011-06-26 08:45 - 00256000 _____ C:\windows\PEV.exe
2015-06-29 21:02 - 2010-11-07 19:20 - 00208896 _____ C:\windows\MBR.exe
2015-06-29 21:02 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2015-06-29 21:02 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2015-06-29 21:02 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2015-06-29 21:02 - 2000-08-31 02:00 - 00098816 _____ C:\windows\sed.exe
2015-06-29 21:02 - 2000-08-31 02:00 - 00080412 _____ C:\windows\grep.exe
2015-06-29 21:02 - 2000-08-31 02:00 - 00068096 _____ C:\windows\zip.exe
2015-06-29 21:01 - 2015-06-29 21:27 - 00000000 ____D C:\Qoobox
2015-06-29 21:01 - 2015-06-29 21:25 - 00000000 ____D C:\windows\erdnt
2015-06-29 21:01 - 2015-06-29 21:01 - 05630589 ____R (Swearware) C:\Users\Marvin\Downloads\ComboFix.exe
2015-06-29 19:29 - 2015-06-29 19:30 - 00056775 _____ C:\Users\Marvin\Downloads\Addition.txt
2015-06-29 19:28 - 2015-07-01 14:43 - 00000000 ____D C:\FRST
2015-06-29 19:28 - 2015-06-29 19:30 - 00053074 _____ C:\Users\Marvin\Downloads\FRST.txt
2015-06-29 18:29 - 2015-06-29 18:29 - 00000000 ____D C:\RegBackup
2015-06-27 10:28 - 2015-07-01 14:30 - 00000616 _____ C:\windows\setupact.log
2015-06-27 10:28 - 2015-06-30 16:49 - 00001236 _____ C:\windows\PFRO.log
2015-06-27 10:28 - 2015-06-27 10:28 - 00000000 _____ C:\windows\setuperr.log
2015-06-20 15:37 - 2015-06-20 15:38 - 03930567 _____ C:\Users\Marvin\Downloads\95d8e1bfc946e8efccd53137830f544fe7928335.torrent
2015-06-14 13:03 - 2015-06-14 13:03 - 00000000 ____D C:\Users\Marvin\AppData\Local\Activision
2015-06-14 11:39 - 2015-06-14 11:39 - 00000000 ____D C:\Users\Marvin\AppData\Local\Steam
2015-06-13 15:02 - 2015-06-13 22:44 - 00000000 ____D C:\Users\Marvin\Desktop\backuppic
2015-06-13 14:26 - 2015-06-13 14:26 - 00026565 _____ C:\windows\SysWOW64\msrsb04.dll
2015-06-13 14:26 - 2015-06-13 14:26 - 00000000 ____D C:\Users\Marvin\AppData\Local\IsolatedStorage
2015-06-13 14:25 - 2015-06-13 14:25 - 00002198 _____ C:\Users\Marvin\Desktop\iDevice Manager.lnk
2015-06-13 14:25 - 2015-06-13 14:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iDevice Manager
2015-06-10 16:25 - 2015-05-28 04:02 - 19291136 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-06-10 16:25 - 2015-05-25 20:24 - 05569984 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-06-10 16:25 - 2015-05-25 20:23 - 00155584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-06-10 16:25 - 2015-05-25 20:23 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-06-10 16:25 - 2015-05-25 20:21 - 01728960 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2015-06-10 16:25 - 2015-05-25 20:19 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-06-10 16:25 - 2015-05-25 20:19 - 01255424 _____ (Microsoft Corporation) C:\windows\system32\diagtrack.dll
2015-06-10 16:25 - 2015-05-25 20:19 - 01162752 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2015-06-10 16:25 - 2015-05-25 20:19 - 00879104 _____ (Microsoft Corporation) C:\windows\system32\tdh.dll
2015-06-10 16:25 - 2015-05-25 20:19 - 00728576 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-06-10 16:25 - 2015-05-25 20:19 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-06-10 16:25 - 2015-05-25 20:19 - 00424960 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2015-06-10 16:25 - 2015-05-25 20:19 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2015-06-10 16:25 - 2015-05-25 20:19 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-06-10 16:25 - 2015-05-25 20:19 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-06-10 16:25 - 2015-05-25 20:19 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-06-10 16:25 - 2015-05-25 20:19 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2015-06-10 16:25 - 2015-05-25 20:19 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2015-06-10 16:25 - 2015-05-25 20:19 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-06-10 16:25 - 2015-05-25 20:19 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-06-10 16:25 - 2015-05-25 20:19 - 00113664 _____ (Microsoft Corporation) C:\windows\system32\sechost.dll
2015-06-10 16:25 - 2015-05-25 20:19 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-06-10 16:25 - 2015-05-25 20:19 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-06-10 16:25 - 2015-05-25 20:19 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-06-10 16:25 - 2015-05-25 20:19 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-06-10 16:25 - 2015-05-25 20:19 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2015-06-10 16:25 - 2015-05-25 20:19 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2015-06-10 16:25 - 2015-05-25 20:18 - 00879104 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2015-06-10 16:25 - 2015-05-25 20:18 - 00404992 _____ (Microsoft Corporation) C:\windows\system32\tracerpt.exe
2015-06-10 16:25 - 2015-05-25 20:18 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2015-06-10 16:25 - 2015-05-25 20:18 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-06-10 16:25 - 2015-05-25 20:18 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2015-06-10 16:25 - 2015-05-25 20:18 - 00104448 _____ (Microsoft Corporation) C:\windows\system32\logman.exe
2015-06-10 16:25 - 2015-05-25 20:18 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-06-10 16:25 - 2015-05-25 20:18 - 00047104 _____ (Microsoft Corporation) C:\windows\system32\typeperf.exe
2015-06-10 16:25 - 2015-05-25 20:18 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2015-06-10 16:25 - 2015-05-25 20:18 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\relog.exe
2015-06-10 16:25 - 2015-05-25 20:18 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-06-10 16:25 - 2015-05-25 20:18 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-06-10 16:25 - 2015-05-25 20:18 - 00019456 _____ (Microsoft Corporation) C:\windows\system32\diskperf.exe
2015-06-10 16:25 - 2015-05-25 20:14 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-06-10 16:25 - 2015-05-25 20:14 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-06-10 16:25 - 2015-05-25 20:11 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-06-10 16:25 - 2015-05-25 20:11 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2015-06-10 16:25 - 2015-05-25 20:11 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 20:11 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 20:11 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 20:11 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 20:07 - 03989440 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-06-10 16:25 - 2015-05-25 20:07 - 03934144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-06-10 16:25 - 2015-05-25 20:04 - 01310744 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2015-06-10 16:25 - 2015-05-25 20:01 - 00641536 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2015-06-10 16:25 - 2015-05-25 20:01 - 00635392 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdh.dll
2015-06-10 16:25 - 2015-05-25 20:01 - 00551424 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-06-10 16:25 - 2015-05-25 20:01 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-06-10 16:25 - 2015-05-25 20:01 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-06-10 16:25 - 2015-05-25 20:01 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-06-10 16:25 - 2015-05-25 20:01 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2015-06-10 16:25 - 2015-05-25 20:01 - 00092160 _____ (Microsoft Corporation) C:\windows\SysWOW64\sechost.dll
2015-06-10 16:25 - 2015-05-25 20:01 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2015-06-10 16:25 - 2015-05-25 20:01 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-06-10 16:25 - 2015-05-25 20:01 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2015-06-10 16:25 - 2015-05-25 20:01 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2015-06-10 16:25 - 2015-05-25 20:01 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2015-06-10 16:25 - 2015-05-25 20:00 - 00364544 _____ (Microsoft Corporation) C:\windows\SysWOW64\tracerpt.exe
2015-06-10 16:25 - 2015-05-25 20:00 - 00082944 _____ (Microsoft Corporation) C:\windows\SysWOW64\logman.exe
2015-06-10 16:25 - 2015-05-25 20:00 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2015-06-10 16:25 - 2015-05-25 20:00 - 00040448 _____ (Microsoft Corporation) C:\windows\SysWOW64\typeperf.exe
2015-06-10 16:25 - 2015-05-25 20:00 - 00037888 _____ (Microsoft Corporation) C:\windows\SysWOW64\relog.exe
2015-06-10 16:25 - 2015-05-25 20:00 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2015-06-10 16:25 - 2015-05-25 20:00 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\diskperf.exe
2015-06-10 16:25 - 2015-05-25 19:59 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2015-06-10 16:25 - 2015-05-25 19:59 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2015-06-10 16:25 - 2015-05-25 19:59 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2015-06-10 16:25 - 2015-05-25 19:59 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2015-06-10 16:25 - 2015-05-25 19:57 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-06-10 16:25 - 2015-05-25 19:57 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2015-06-10 16:25 - 2015-05-25 19:55 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-06-10 16:25 - 2015-05-25 19:55 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2015-06-10 16:25 - 2015-05-25 19:55 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 19:55 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 19:00 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\UtcResources.dll
2015-06-10 16:25 - 2015-05-25 18:50 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2015-06-10 16:25 - 2015-05-25 18:50 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2015-06-10 16:25 - 2015-05-25 18:48 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 18:48 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 18:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 16:25 - 2015-05-25 18:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-06-10 16:25 - 2015-04-29 20:22 - 14635008 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2015-06-10 16:25 - 2015-04-29 20:21 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\spwmp.dll
2015-06-10 16:25 - 2015-04-29 20:21 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\msdxm.ocx
2015-06-10 16:25 - 2015-04-29 20:21 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\dxmasf.dll
2015-06-10 16:25 - 2015-04-29 20:19 - 12625920 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL
2015-06-10 16:25 - 2015-04-29 20:07 - 11411456 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmp.dll
2015-06-10 16:25 - 2015-04-29 20:07 - 00008192 _____ (Microsoft Corporation) C:\windows\SysWOW64\spwmp.dll
2015-06-10 16:25 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\msdxm.ocx
2015-06-10 16:25 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxmasf.dll
2015-06-10 16:25 - 2015-04-29 20:05 - 12625408 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmploc.DLL
2015-06-10 16:25 - 2015-04-24 20:17 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\comctl32.dll
2015-06-10 16:25 - 2015-04-24 19:56 - 00530432 _____ (Microsoft Corporation) C:\windows\SysWOW64\comctl32.dll
2015-06-10 16:24 - 2015-05-28 04:04 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-06-10 16:24 - 2015-05-28 04:03 - 02237440 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-06-10 16:24 - 2015-05-28 04:03 - 01409024 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-06-10 16:24 - 2015-05-28 04:03 - 00601600 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-06-10 16:24 - 2015-05-28 04:02 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-06-10 16:24 - 2015-05-28 04:02 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-06-10 16:24 - 2015-05-28 04:02 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-06-10 16:24 - 2015-05-28 04:01 - 15415808 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-06-10 16:24 - 2015-05-28 04:01 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-06-10 16:24 - 2015-05-28 04:01 - 02656768 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-06-10 16:24 - 2015-05-28 04:01 - 00856064 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-06-10 16:24 - 2015-05-28 04:01 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-06-10 16:24 - 2015-05-28 04:01 - 00451584 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-06-10 16:24 - 2015-05-28 04:01 - 00281600 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-06-10 16:24 - 2015-05-28 04:01 - 00255488 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-06-10 16:24 - 2015-05-28 04:01 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2015-06-10 16:24 - 2015-05-28 04:01 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-06-10 16:24 - 2015-05-28 04:01 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-06-10 16:24 - 2015-05-28 04:01 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-06-10 16:24 - 2015-05-28 04:00 - 01509376 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-06-10 16:24 - 2015-05-28 02:45 - 01763328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-06-10 16:24 - 2015-05-28 02:45 - 01181696 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-06-10 16:24 - 2015-05-28 02:45 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-06-10 16:24 - 2015-05-28 02:44 - 14383104 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-06-10 16:24 - 2015-05-28 02:44 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-06-10 16:24 - 2015-05-28 02:44 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-06-10 16:24 - 2015-05-28 02:44 - 00080384 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-06-10 16:24 - 2015-05-28 02:43 - 13771776 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-06-10 16:24 - 2015-05-28 02:43 - 02865152 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-06-10 16:24 - 2015-05-28 02:43 - 02055680 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-06-10 16:24 - 2015-05-28 02:43 - 01441280 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-06-10 16:24 - 2015-05-28 02:43 - 00690176 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-06-10 16:24 - 2015-05-28 02:43 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-06-10 16:24 - 2015-05-28 02:43 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-06-10 16:24 - 2015-05-28 02:43 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-06-10 16:24 - 2015-05-28 02:43 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-06-10 16:24 - 2015-05-28 02:43 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2015-06-10 16:24 - 2015-05-28 02:43 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-06-10 16:24 - 2015-05-28 02:43 - 00039936 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-06-10 16:24 - 2015-05-28 02:43 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-06-10 16:24 - 2015-05-28 02:24 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-06-10 16:24 - 2015-05-28 02:23 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-06-10 16:24 - 2015-05-28 02:00 - 00441856 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-06-10 16:24 - 2015-05-28 01:55 - 00361984 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2015-06-10 16:24 - 2015-05-28 01:34 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2015-06-10 16:24 - 2015-05-28 01:32 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2015-06-10 16:20 - 2015-05-25 19:08 - 03206144 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-06-10 16:20 - 2015-04-11 05:19 - 00069888 _____ (Microsoft Corporation) C:\windows\system32\Drivers\stream.sys
2015-06-05 20:07 - 2015-05-22 20:18 - 01021440 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-06-05 20:07 - 2015-05-22 20:18 - 00757248 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-06-05 20:07 - 2015-05-22 20:18 - 00700416 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-06-05 20:07 - 2015-05-22 20:18 - 00423424 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-06-05 20:07 - 2015-05-22 20:18 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-06-05 20:07 - 2015-05-22 20:18 - 00045568 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2015-06-05 20:07 - 2015-05-22 20:13 - 01119232 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-06-05 20:07 - 2015-05-21 15:19 - 00193536 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-01 14:38 - 2009-07-14 06:45 - 00028624 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-01 14:38 - 2009-07-14 06:45 - 00028624 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-01 14:37 - 2011-07-21 21:51 - 02081528 _____ C:\windows\WindowsUpdate.log
2015-07-01 14:37 - 2011-07-21 21:18 - 00765838 _____ C:\windows\system32\perfh007.dat
2015-07-01 14:37 - 2011-07-21 21:18 - 00175036 _____ C:\windows\system32\perfc007.dat
2015-07-01 14:37 - 2009-07-14 07:13 - 01807338 _____ C:\windows\system32\PerfStringBackup.INI
2015-07-01 14:30 - 2015-05-17 20:13 - 00001106 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-01 14:30 - 2009-07-14 07:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-07-01 14:26 - 2012-03-29 16:21 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-07-01 14:24 - 2015-05-17 20:13 - 00001110 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-30 17:08 - 2015-05-18 20:36 - 00000000 ____D C:\Users\Marvin\AppData\Local\Spotify
2015-06-30 17:08 - 2014-05-04 14:06 - 00000000 ____D C:\Users\Marvin\AppData\Roaming\Spotify
2015-06-30 16:39 - 2009-07-14 05:20 - 00000000 ___HD C:\windows\system32\GroupPolicy
2015-06-30 16:12 - 2015-05-15 10:04 - 00136408 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-30 07:07 - 2013-11-09 14:51 - 00000000 ____D C:\AdwCleaner
2015-06-29 21:27 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2015-06-29 21:21 - 2009-07-14 04:34 - 00000215 _____ C:\windows\system.ini
2015-06-29 21:20 - 2009-07-14 04:34 - 25427968 _____ C:\windows\system32\config\system.bak
2015-06-29 21:20 - 2009-07-14 04:34 - 103809024 _____ C:\windows\system32\config\software.bak
2015-06-29 21:20 - 2009-07-14 04:34 - 01835008 _____ C:\windows\system32\config\default.bak
2015-06-29 21:20 - 2009-07-14 04:34 - 00065536 _____ C:\windows\system32\config\sam.bak
2015-06-29 21:20 - 2009-07-14 04:34 - 00028672 _____ C:\windows\system32\config\security.bak
2015-06-29 21:05 - 2015-05-15 10:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-29 21:04 - 2015-05-18 17:30 - 00000000 ____D C:\Users\Marvin\Desktop\System
2015-06-29 18:13 - 2009-07-14 07:08 - 00032632 _____ C:\windows\Tasks\SCHEDLGU.TXT
2015-06-27 10:24 - 2013-09-05 16:20 - 00000000 ____D C:\Program Files (x86)\Steam
2015-06-27 10:24 - 2012-07-22 10:07 - 00002774 _____ C:\windows\System32\Tasks\CCleanerSkipUAC
2015-06-27 10:24 - 2011-02-11 21:57 - 00000000 ____D C:\windows\Panther
2015-06-27 10:05 - 2011-12-26 01:51 - 00000000 ____D C:\Users\Marvin\AppData\Roaming\Skype
2015-06-27 09:57 - 2013-09-15 15:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-27 09:57 - 2011-12-28 03:28 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-06-27 09:42 - 2015-05-17 19:09 - 00000000 ____D C:\Users\Marvin\AppData\Local\Mozilla
2015-06-27 00:26 - 2012-03-29 16:21 - 00778416 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-06-27 00:26 - 2012-03-29 16:21 - 00003822 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-06-27 00:26 - 2011-12-25 01:01 - 00142512 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-26 23:25 - 2015-05-17 20:13 - 00002135 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-20 12:26 - 2012-07-04 14:20 - 00000000 ____D C:\Users\Marvin\AppData\Local\Google
2015-06-14 11:47 - 2013-03-08 17:22 - 00000000 ____D C:\ProgramData\Electronic Arts
2015-06-14 11:46 - 2015-05-03 13:37 - 00000000 ____D C:\Program Files (x86)\SpeedFan
2015-06-14 11:46 - 2009-07-14 07:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-06-13 15:11 - 2009-07-14 07:09 - 00000000 ____D C:\windows\System32\Tasks\WPD
2015-06-13 14:34 - 2011-12-31 01:17 - 00000000 ____D C:\Users\Marvin\Desktop\Sonstiges
2015-06-12 18:01 - 2009-07-14 05:20 - 00000000 ____D C:\windows\rescache
2015-06-12 16:40 - 2015-05-15 20:03 - 05043400 _____ C:\windows\system32\FNTCACHE.DAT
2015-06-11 19:12 - 2012-01-12 17:34 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-11 19:06 - 2013-07-25 14:56 - 00000000 ____D C:\windows\system32\MRT
2015-06-11 18:37 - 2011-12-25 11:53 - 140135120 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-06-11 18:36 - 2009-07-14 04:34 - 00000580 _____ C:\windows\win.ini
2015-06-09 13:42 - 2014-12-13 19:23 - 00000000 ____D C:\windows\system32\appraiser
2015-06-09 13:42 - 2014-04-28 14:35 - 00000000 ___SD C:\windows\system32\CompatTel
2015-06-01 17:27 - 2009-07-14 05:20 - 00000000 ____D C:\windows\system32\NDF

==================== Files in the root of some directories =======

2015-07-01 14:31 - 2015-07-01 14:31 - 0000024 _____ () C:\Users\Marvin\AppData\Roaming\appdataFr25.bin
2012-01-23 15:58 - 2012-01-29 18:26 - 0000600 _____ () C:\Users\Marvin\AppData\Roaming\winscp.rnd
2015-05-22 19:37 - 2015-05-22 19:37 - 0002713 _____ () C:\Users\Marvin\AppData\Local\recently-used.xbel
2011-12-26 01:52 - 2011-12-26 01:52 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2012-09-17 18:04 - 2012-12-05 19:42 - 0000000 ____H () C:\ProgramData\PKP_DLes.DAT
2012-09-17 18:04 - 2012-12-05 19:44 - 0000000 ____H () C:\ProgramData\PKP_DLet.DAT
2012-09-17 18:03 - 2012-09-17 18:12 - 0000000 ____H () C:\ProgramData\PKP_DLeu.DAT
2012-09-17 18:04 - 2012-12-05 19:44 - 0000000 ____H () C:\ProgramData\PKP_DLev.DAT
2011-07-21 06:19 - 2011-07-21 06:20 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2011-07-21 06:11 - 2011-07-21 06:12 - 0000113 _____ () C:\ProgramData\{34FBC7C4-CD31-4D93-A428-0E524EAC4586}.log
2011-07-21 06:16 - 2011-07-21 06:17 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2011-07-21 06:12 - 2011-07-21 06:16 - 0000106 _____ () C:\ProgramData\{80E158EA-7181-40FE-A701-301CE6BE64AB}.log
2011-07-21 06:17 - 2011-07-21 06:19 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-26 23:57

==================== End of log ============================
--- --- ---


[CODE]Additional
FRST Logfile:
Code:
scan result of Farbar Recovery Scan Tool (x64) Version:28-06-2015 01
Ran by Marvin at 2015-07-01 14:44:20
Running from C:\Users\Marvin\Desktop\Antivirus
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2545573064-1671415295-1629012448-500 - Administrator - Disabled)
Gast (S-1-5-21-2545573064-1671415295-1629012448-501 - Limited - Enabled) => C:\Users\Gast
HomeGroupUser$ (S-1-5-21-2545573064-1671415295-1629012448-1002 - Limited - Enabled)
Marvin (S-1-5-21-2545573064-1671415295-1629012448-1000 - Administrator - Enabled) => C:\Users\Marvin

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Disabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

„Windows Live Essentials“ (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
„Windows Live“ fotogalerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.2.1.650 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.190 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.190 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{2748FDE2-7BA8-1D20-11A2-FF01CEB009A5}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-Bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Atheros)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
AVG 2013 (Version: 13.0.2641 - AVG Technologies) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 5.60.48.55 - Broadcom Corporation)
Call of Duty(R) - World at War(TM) (HKLM-x32\...\InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}) (Version: 1.7 - Activision)
Call of Duty(R) - World at War(TM) (x32 Version: 1.0 - Activision) Hidden
Call of Duty(R) - World at War(TM) 1.1 Patch (x32 Version:  - ) Hidden
Call of Duty(R) - World at War(TM) 1.1 Patch (x32 Version: 1.1 - Activision) Hidden
Call of Duty(R) - World at War(TM) 1.2 Patch (x32 Version:  - ) Hidden
Call of Duty(R) - World at War(TM) 1.2 Patch (x32 Version: 1.2 - Activision) Hidden
Call of Duty(R) - World at War(TM) 1.3 Patch (x32 Version:  - ) Hidden
Call of Duty(R) - World at War(TM) 1.3 Patch (x32 Version: 1.3 - Activision) Hidden
Call of Duty(R) - World at War(TM) 1.4 Patch (x32 Version:  - ) Hidden
Call of Duty(R) - World at War(TM) 1.4 Patch (x32 Version: 1.4 - Activision) Hidden
Call of Duty(R) - World at War(TM) 1.5 Patch (x32 Version:  - ) Hidden
Call of Duty(R) - World at War(TM) 1.5 Patch (x32 Version: 1.5 - Activision) Hidden
Call of Duty(R) - World at War(TM) 1.6 Patch (x32 Version:  - ) Hidden
Call of Duty(R) - World at War(TM) 1.6 Patch (x32 Version: 1.6 - Activision) Hidden
Call of Duty(R) - World at War(TM) 1.7 Patch (x32 Version:  - ) Hidden
Call of Duty(R) - World at War(TM) 1.7 Patch (x32 Version: 1.7 - Activision) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.07 - Piriform)
CPUID CPU-Z 1.72 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.4013 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.48.1.0347 - Disc Soft Ltd)
Download Navigator (HKLM-x32\...\{04A86A16-2082-46EE-8AD2-9A6FDC96DD27}) (Version: 3.3.0 - SEIKO EPSON CORPORATION)
Druckerdeinstallation für EPSON XP-302 303 305 306 Series (HKLM\...\EPSON XP-302 303 305 306 Series) (Version:  - SEIKO EPSON Corporation)
Elements 9 Organizer (x32 Version: 9.0 - Ihr Firmenname) Hidden
Elements STI Installer (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Epson Easy Photo Print 2 (HKLM-x32\...\{02A312B5-1542-47B6-BFE9-F51358C39E86}) (Version: 2.4.0.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION2)
Epson E-Web Print (HKLM-x32\...\{CEC98C2A-9ED5-49DA-9F3A-92434E0A4FA3}) (Version: 1.19.0000 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Free YouTube to MP3 Converter version 3.12.59.505 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.59.505 - DVDVideoSoft Ltd.)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Garry)
GDR 5520 für SQL Server 2008 (KB 2977321) (64-bit) (HKLM\...\KB2977321) (Version: 10.3.5520.0 - Microsoft Corporation)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
globalupdate Helper (x32 Version: 1.3.25.0 - globalupdate Inc.) Hidden <==== ATTENTION
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.130 - Google Inc.)
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Grand Theft Auto IV (x32 Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.242 - SurfRight B.V.)
iBackupBot 5.2.5 (HKLM-x32\...\iBackupBot) (Version: 5.2.5 - VOWSoft, Ltd.)
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)
Intel PROSet Wireless (x32 Version:  - ) Hidden
Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{3C41721F-AF0F-4086-AA1C-4C7F29076228}) (Version: 14.01.1000 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
jahPlayer (HKLM-x32\...\jahPlayer) (Version:  - )
Java 7 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
K-Lite Codec Pack 5.2.0 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 5.2.0 - )
Kontrola Windows Live Mesh ActiveX za daljinske veze (HKLM-x32\...\{19CBDE24-2761-49A5-816B-D2BA65D0CA8D}) (Version: 15.4.5722.2 - Microsoft Corporation)
Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave (HKLM-x32\...\{CA227A9D-09BE-4BFB-9764-48FED2DA5454}) (Version: 15.4.5722.2 - Microsoft Corporation)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.0 Language Pack - DEU (HKLM\...\Microsoft Help Viewer 1.0 Language Pack - DEU) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 (64-bit) (HKLM\...\Microsoft SQL Server 10 Release) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 Browser (HKLM-x32\...\{4AF2248C-B3DF-46FB-9596-87F5DB193689}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{12FE6AA6-65D2-40EE-B925-62193128A0E6}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{A106D33E-6B43-42C0-9BFC-D03303261FA7}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{393CA5BF-0362-42FD-ABC2-BA9D22EF925E}) (Version: 10.3.5520.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 DEU (HKLM-x32\...\{0125D081-30D0-4A97-82A8-C28D444B6256}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 DEU (HKLM\...\{C3EAE456-7E7A-451F-80EF-F34C7A13C558}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{5A08C9D1-37AD-4A8D-90D3-33F92C578AA5}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{28D06854-572C-4A65-83E5-F8CAF26B9FDC}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Runtime - 10.0.30319 (HKLM\...\{94D70749-4281-39AC-AD90-B56A0E0A402E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{616C6F39-4CE1-3434-A665-2F6A04C09A7F}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU (HKLM\...\{3C983A67-DFB2-3D3D-AD9E-CA1A5A09FD18}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 37.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 de)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 37.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
msxml4 (HKLM-x32\...\{5AE3D9F1-9E9E-4015-8787-E22705AA32C5}) (Version: 1.0.0 - Default Company Name)
Multimedia POP (HKLM-x32\...\{331ECF61-69AF-4F57-AC35-AFED610231C3}) (Version: 1.1 - )
Nero Backup Drivers (HKLM\...\{D600D357-5CB9-4DE9-8FD4-14E208BD1970}) (Version: 1.0.11100.8.0 - Nero AG)
Nur Entfernen der CopyTrans Suite möglich (HKU\S-1-5-21-2545573064-1671415295-1629012448-1000\...\CopyTrans Suite) (Version: 2.37 - WindSolutions)
OpenLibraries (HKLM-x32\...\OpenLibraries) (Version:  - )
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
ProtectDisc Driver, Version 11 (HKLM-x32\...\ProtectDisc Driver 11) (Version: 11.0.0.14 - ProtectDisc Software GmbH)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.45.516.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6400 - Realtek Semiconductor Corp.)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Samsung Control Center (HKLM-x32\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 1.0 - Samsung Electronics Co., Ltd.)
Samsung Recovery Solution 5 (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 5.0.1.3 - Samsung)
Samsung Support Center 1.0 (HKLM-x32\...\{F687E657-F636-44DF-8125-9FEEA2C362F5}) (Version: 1.1.38 - Samsung)
Samsung Universal Print Driver (HKLM-x32\...\Samsung Universal Print Driver) (Version: 2.02.05.00:27 - Samsung Electronics Co., Ltd.)
Samsung Universal Scan Driver (HKLM-x32\...\Samsung Universal Scan Driver) (Version: 1.2.5.0 - Samsung Electronics Co., Ltd.)
Samsung Update Plus (HKLM-x32\...\{142D8CA7-2C6F-45A7-83E3-099AAFD99133}) (Version: 3.0.0.17 - Samsung Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 3 für SQL Server 2008 (KB2546951) (64-bit) (HKLM\...\KB2546951) (Version: 10.3.5500.0 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-2545573064-1671415295-1629012448-1000\...\Spotify) (Version: 1.0.7.157.g2a6526f9 - Spotify AB)
Sql Server Customer Experience Improvement Program (Version: 10.3.5500.0 - Microsoft Corporation) Hidden
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.13.1 - TeamSpeak Systems GmbH)
TuneUp Companion 2.2.7 (HKLM-x32\...\TuneUpMedia) (Version: 2.2.7 - TuneUp Media, Inc.)
TuneUp Utilities 2013 (HKLM-x32\...\TuneUp Utilities 2013) (Version: 13.0.2013.194 - TuneUp Software)
TuneUp Utilities 2013 (x32 Version: 13.0.2013.194 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (en-US) (x32 Version: 13.0.2013.194 - TuneUp Software) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VLC media player 1.1.11 (HKLM-x32\...\VLC media player) (Version: 1.1.11 - VideoLAN)
War Thunder (HKLM-x32\...\Steam App 236390) (Version:  - Gaijin Entertainment)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR 4.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
WordCaptureX Pro (HKLM-x32\...\{139C1D95-9037-3AB3-F5F4-4A79BF6831EC}) (Version: 4.0.0 - Deskperience)
Your Product (HKLM-x32\...\Your Product1.0) (Version: 1.0 - Your Company)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

01-07-2015 14:14:01 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2015-06-29 21:21 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {11EE5FD4-E46E-4D3E-BE64-5D42B308EC2F} - System32\Tasks\SUPBackground => C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe [2011-01-12] (Samsung Electronics)
Task: {146831AB-977B-4466-A37C-8132E2964E9C} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\Samsung Control Center\EBM\EasyBatteryMgr4.exe [2011-05-09] (SAMSUNG Electronics co., LTD.)
Task: {197AB0E6-09EB-48CA-A83F-35DD5C94EC16} - System32\Tasks\{C183DF6C-42C2-44E2-AB22-AD47C67E1724} => C:\Program Files (x86)\iPhoneBrowser\iPhoneBrowser.exe
Task: {24B9B3AC-9A92-4DC7-BDBC-2BE32EE60A00} - System32\Tasks\{66D3EC76-D9DC-48A8-9D96-C7630F815A91} => C:\Program Files (x86)\Rockstar Games\GTA San Andreas\gta_sa.exe
Task: {4E481420-08F6-4F19-AB66-A4BA5205FFDC} - System32\Tasks\SamsungSupportCenter => C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe [2011-09-04] (SAMSUNG Electronics)
Task: {5002D113-FD9A-4186-8930-47553D453087} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2013\OneClick.exe [2012-09-17] (TuneUp Software)
Task: {54493605-DA64-4842-B8B7-91C17101956E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-17] (Google Inc.)
Task: {61B481F5-46AD-46BC-8EB9-EBF82037F967} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-17] (Google Inc.)
Task: {73AA9B64-FF9E-4B7C-805F-EFCF590D45AD} - System32\Tasks\{CE526F6F-E8DC-40A6-8703-6D10C232F564} => C:\Program Files (x86)\iPhoneBrowser\iPhoneBrowser.exe
Task: {7558D982-20FC-4565-AD2D-34F983BA56A1} - System32\Tasks\AdobeAAMUpdater-1.0-Marvin-PC-Marvin => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated)
Task: {7B719969-F143-4B5D-A94D-F10D79BDA580} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-10-22] (Piriform Ltd)
Task: {81B46C8D-F2F6-43A2-A560-F23BA244C322} - System32\Tasks\advSRS5 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe [2011-03-29] (SEC)
Task: {8A273E5B-B2D4-4392-BEAB-70A0364E2107} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {8DE93BA1-ECE0-4A07-BD4B-7B4F402F782E} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Samsung Control Center\dmhkcore.exe [2011-06-15] (Samsung Electronics Co., Ltd.)
Task: {91F305C2-7AAC-4AD1-A2D7-18F2778CAE0E} - System32\Tasks\MovieColorEnhancer => C:\Program Files (x86)\Samsung\Samsung Control Center\MovieColorEnhancer.exe [2011-02-16] (Samsung Electronics Co., Ltd.)
Task: {97224D5F-7F24-4EBC-8CC1-E4D7DA323A62} - System32\Tasks\{DA8BD37B-D4DB-4009-930E-D3328DF2D69A} => C:\Program Files (x86)\Rockstar Games\GTA San Andreas\gta_sa.exe
Task: {9E69DAE8-AC47-478E-8BAC-0EA28B695205} - System32\Tasks\{555A58B4-EE2D-4E5F-A488-58366B1C4CC3} => C:\Program Files (x86)\Rockstar Games\GTA San Andreas\gta_sa.exe
Task: {C2C98F00-AD81-4AF6-A160-D1ECA910D769} - System32\Tasks\{28680E42-0417-4147-8F36-E0B29C155489} => C:\Program Files (x86)\Rockstar Games\GTA San Andreas\gta_sa.exe
Task: {C5F246C3-01C1-4425-9059-361BB99B99F1} - System32\Tasks\SmartSetting => C:\Program Files (x86)\Samsung\Samsung Control Center\SmartSetting.exe [2011-06-04] (Samsung Electronics Co., Ltd.)
Task: {CE561253-E65B-4601-8363-2BE5F3BA00F1} - System32\Tasks\EasyPartitionManager => C:\Windows\MSetup\BA46-12225A02\EPM.exe
Task: {D01A72E6-4909-4893-ACB5-1B4D037E2F0A} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-03-12] (Oracle Corporation)
Task: {D625583E-4F39-42A9-847A-C12E40A23386} - System32\Tasks\{CE73ADFF-0AD8-4D35-846A-846F72E35E02} => C:\Program Files (x86)\Rockstar Games\GTA San Andreas\gta_sa.exe
Task: {DC4097BB-80E7-4AA8-8677-2016C868A029} - System32\Tasks\SCCSpeedBoot => C:\Program Files (x86)\Samsung\Samsung Control Center\SCCSpeedBoot.exe [2011-05-18] (Samsung Electronics Co., Ltd.)
Task: {E17E0554-C5C1-4C6E-A08B-3BFD458C5EE1} - System32\Tasks\Google Updater and Installer => C:\Users\Marvin\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {E69545C2-A3B7-4E78-8563-A33D8EB77554} - System32\Tasks\WifiManager => C:\Program Files (x86)\Samsung\Samsung Control Center\WifiManager.exe [2011-06-15] (Samsung Electronics Co., Ltd.)
Task: {EA9AD490-377C-4893-990C-B638421AF152} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-04-14] (CyberLink)
Task: {FAC99DC5-D88D-42BE-83F9-866CE977D2BA} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-27] (Adobe Systems Incorporated)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2011-07-21 20:58 - 2008-06-05 01:53 - 00027648 _____ () C:\windows\System32\spd__l.dll
2013-03-28 22:31 - 2013-03-28 22:31 - 00210944 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2012-09-23 13:53 - 2012-09-23 13:53 - 00748544 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2012-09-23 13:53 - 2012-09-23 13:53 - 03645952 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2013-03-28 22:30 - 2013-03-28 22:30 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2014-02-24 18:51 - 2014-05-29 16:48 - 00076888 _____ () C:\windows\SysWOW64\PnkBstrA.exe
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2011-07-21 20:58 - 2010-10-21 20:22 - 00709632 _____ () C:\windows\system32\SnMinDrv.dll
2011-07-21 06:21 - 2006-08-12 05:48 - 00049152 _____ () C:\Program Files (x86)\Samsung\Samsung Control Center\HookDllPS2.dll
2011-07-21 06:21 - 2011-02-16 18:03 - 00203776 _____ () C:\Program Files (x86)\Samsung\Samsung Control Center\WinCRT.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2015-06-26 23:25 - 2015-06-20 07:46 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\libglesv2.dll
2015-06-26 23:25 - 2015-06-20 07:46 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\libegl.dll
2015-06-26 23:25 - 2015-06-20 07:46 - 15003976 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2545573064-1671415295-1629012448-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Marvin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: Apple Mobile Device Service => 2
MSCONFIG\Services: EpsonScanSvc => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: Samsung UPD Service => 3
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"                                                                                                                                                                                                       
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"                                                                                                                                                                                   
MSCONFIG\startupreg: ApplePhotoStreams => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices                                                                                                                                                                                           
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun                                                                                                                                                                                                         
MSCONFIG\startupreg: EPLTarget =>
MSCONFIG\startupreg: iCloudServices => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
MSCONFIG\startupreg: Spotify => "C:\Users\Marvin\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Marvin\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent                                                                                                                                                                                                                       

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{B533BEAD-760B-4082-9DA0-54BF2F0D93C5}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\USDAgent.exe
FirewallRules: [{76536418-9980-4136-A940-01AC3FDA8068}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\USDAgent.exe
FirewallRules: [{5DE60AAD-259B-4A32-997B-29A78B957E08}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\ICCUpdater.exe
FirewallRules: [{33D218BC-2254-4513-8885-4EF0CBA07F96}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\ICCUpdater.exe
FirewallRules: [{752DF0A3-F849-4572-8243-3EA33FA265B2}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{CE794129-3BA4-4148-A605-5F5B1C8EC197}] => (Allow) LPort=2869
FirewallRules: [{70925FC6-7C9E-49DF-916D-4B49F27C6092}] => (Allow) LPort=1900
FirewallRules: [{AF431D3E-9319-4C5C-BC4C-36E81D16814F}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{090304E7-4608-4716-AFFB-13236A9BEBE9}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [TCP Query User{311EA05E-61F9-4D51-B362-3C0A7F8B5F98}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe] => (Allow) C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe
FirewallRules: [UDP Query User{7A5FC880-C91E-4783-91EE-668D73EE285A}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe] => (Allow) C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe
FirewallRules: [{64204237-5179-4897-9C62-A6C190C39DA8}] => (Allow) C:\ProgramData\NexonEU\NGM\NGM.exe
FirewallRules: [{0F6B505D-6288-4150-8B1A-CBCDA16F29E0}] => (Allow) C:\ProgramData\NexonEU\NGM\NGM.exe
FirewallRules: [TCP Query User{DAC72453-0B67-463A-A625-49C699FD1E88}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe] => (Allow) C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe
FirewallRules: [UDP Query User{04A2CDF2-379E-47AD-9A66-EC56940C5960}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe] => (Allow) C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe
FirewallRules: [TCP Query User{A8726F37-409A-4859-BA0E-84C5DC5757C4}C:\windows\syswow64\javaw.exe] => (Allow) C:\windows\syswow64\javaw.exe
FirewallRules: [UDP Query User{4E7A4E00-4DB8-48C9-BBD3-44FDE2BF2FCE}C:\windows\syswow64\javaw.exe] => (Allow) C:\windows\syswow64\javaw.exe
FirewallRules: [{33A47B9A-18C7-4298-AF7F-DB7E2CFDFBB8}] => (Allow) %ProgramFiles% (x86)\Java\jre7\bin\javaw.exe
FirewallRules: [{3C235533-BA45-4310-B379-7AB6359C9057}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{A3F4F4CF-321B-492C-9759-8D76033C0FE8}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{A013F280-B5D8-4F2D-9B37-BDC102B4C941}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F5207462-1BE0-4F9A-A07C-86DA37CD3283}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D8A731BE-EDCF-420D-A0E6-533363A7D61D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{596F2A3F-A471-46E0-B473-44FF05F785DE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1083B88C-75C1-49F1-BF62-E87E96D8CFC0}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{7165D37D-C72C-43D8-A528-17E4F9961474}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{BB95D659-AAF1-4497-950B-8738E2C588A0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\War Thunder\launcher.exe
FirewallRules: [{07DCCCA0-50F8-4CD3-AB06-EADC885321FB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\War Thunder\launcher.exe
FirewallRules: [{207283C6-2643-4BF5-8E6B-627A25FFDFB7}] => (Allow) E:\Network\EpsonNetSetup\ENEasyApp.exe
FirewallRules: [{E2ADDE8C-F09C-4465-9B7B-709258F715C8}] => (Allow) E:\Network\EpsonNetSetup\ENEasyApp.exe
FirewallRules: [TCP Query User{216C37FA-CEA0-4C06-85B6-F6D33947CE92}C:\users\marvin\desktop\sonstiges\nazi_zombies\nazi zombies\codwaw.exe] => (Allow) C:\users\marvin\desktop\sonstiges\nazi_zombies\nazi zombies\codwaw.exe
FirewallRules: [UDP Query User{4F5595A1-D40C-4701-95CF-12AB17D92CBF}C:\users\marvin\desktop\sonstiges\nazi_zombies\nazi zombies\codwaw.exe] => (Allow) C:\users\marvin\desktop\sonstiges\nazi_zombies\nazi zombies\codwaw.exe
FirewallRules: [TCP Query User{73434ACF-7C3F-4F19-B789-E3E06A5390AB}C:\users\marvin\desktop\sonstiges\nazi_zombies\nazi zombies\codwaw.exe] => (Allow) C:\users\marvin\desktop\sonstiges\nazi_zombies\nazi zombies\codwaw.exe
FirewallRules: [UDP Query User{1FC8939C-0094-41DA-BD96-CB6530E6B27C}C:\users\marvin\desktop\sonstiges\nazi_zombies\nazi zombies\codwaw.exe] => (Allow) C:\users\marvin\desktop\sonstiges\nazi_zombies\nazi zombies\codwaw.exe
FirewallRules: [{86983096-69A5-4B3E-8A42-8E22DD308E51}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{A6B95520-617C-4E87-90F3-5B5CCE18B990}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{ED6E9610-CEEB-488A-9CA1-7C751A8BF5B1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{FE8CEFA3-27C6-4D21-8579-B4AD4E9BB2B2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{B56A0034-A2DF-4C5C-85F7-ACD4A30D86DE}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{04D5B1A0-41E6-4EC0-AEB8-3414CCCAC4BE}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{CF2B409A-C062-4BCF-A3C5-FEBA0538B698}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{4C03FCE1-D5AC-41DA-8A60-14F0A58ABD9F}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{C7208592-41A2-4CDE-8B2A-3C7134200749}] => (Allow) C:\Program Files (x86)\Activision\Call of Duty - World at War\CoDWaW.exe
FirewallRules: [{980F6C00-8469-4844-B056-F29BA37B8067}] => (Allow) C:\Program Files (x86)\Activision\Call of Duty - World at War\CoDWaW.exe
FirewallRules: [{C51DD5C0-01E8-4E01-9011-D9F331655B1C}] => (Allow) C:\Program Files (x86)\Activision\Call of Duty - World at War\CoDWaWmp.exe
FirewallRules: [{B214461C-9B7E-4F6F-80DF-AE78621D8239}] => (Allow) C:\Program Files (x86)\Activision\Call of Duty - World at War\CoDWaWmp.exe
FirewallRules: [{F5F99662-CC56-492C-9B42-B578477B4917}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{72FBCD98-EA65-4A28-A8BB-FF0AAA44F93A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{E9C9C8FE-5C70-45FF-990A-D7C259D97F21}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{50CD923A-CC65-428F-9792-3E9FA6EEB094}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [TCP Query User{2DAF7A75-5A30-4150-A6BA-88B22E4591DB}C:\users\marvin\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\marvin\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{31D60B47-97BE-4EFE-8E7A-AEF129E8169E}C:\users\marvin\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\marvin\appdata\roaming\spotify\spotify.exe
FirewallRules: [{BF6CE0CC-365D-48F1-8D3F-569347A8B55E}] => (Block) C:\users\marvin\appdata\roaming\spotify\spotify.exe
FirewallRules: [{C46CC1FD-B110-4AF8-B834-7AB26F5BD313}] => (Block) C:\users\marvin\appdata\roaming\spotify\spotify.exe
FirewallRules: [{EEC9249E-D2F2-4C4F-B6D9-A6242B4C9ECD}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{C5DE302A-04E1-4A0B-957C-DC44B34C99D4}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{728286ED-FCAD-49D6-BC6D-EC7B5912A7A2}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{9AFE2C43-788F-4F47-B694-7031E2CD1FE7}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [TCP Query User{451184ED-707F-49BD-943B-31F0BCFE9FED}C:\program files (x86)\activision\call of duty - world at war\codwaw.exe] => (Allow) C:\program files (x86)\activision\call of duty - world at war\codwaw.exe
FirewallRules: [UDP Query User{A9BC098D-A9F9-401C-8830-F6545E90B399}C:\program files (x86)\activision\call of duty - world at war\codwaw.exe] => (Allow) C:\program files (x86)\activision\call of duty - world at war\codwaw.exe
FirewallRules: [{40E30453-F4E3-4AFD-9778-5E3C7C2C7D46}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A16FE5EA-2645-459B-91E5-09B435885D1C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{ED1B3443-6F10-446B-A057-FDAB89C955CE}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{1F5321BB-CFCC-4A7C-99FC-03ECC8B5066D}] => (Allow) C:\Program Files (x86)\Software4u\iDevice Manager\Software4u.IDeviceManager.exe
FirewallRules: [{7F0909DD-69AC-42A8-B289-B1B961AC70F6}] => (Allow) C:\Program Files (x86)\Software4u\iDevice Manager\Software4u.IDeviceManager.exe
FirewallRules: [{19030F3C-F544-4BF5-AC76-F02ABFA7429C}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{E9AE5F1F-5B26-4310-A0E2-A64BF65F8F12}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{A7CCF692-9405-41FE-BF4E-F8866AE5D11B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/29/2015 09:02:20 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddWin32ServiceFiles: Unable to back up image of service TuneUp Utilities Service since QueryServiceConfig API failed

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (06/29/2015 09:02:20 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary TuneUpUtilitiesDrv.

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (06/14/2015 11:42:00 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Steam.exe, Version 2.81.34.6 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1264

Startzeit: 01d0a685ec635dd4

Endzeit: 0

Anwendungspfad: C:\Program Files (x86)\Steam\Steam.exe

Berichts-ID: 67e719c3-1279-11e5-85ce-e81132d93976

Error: (06/14/2015 00:01:50 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (06/13/2015 01:35:32 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (06/11/2015 08:14:06 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (06/10/2015 08:40:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: atieclxx.exe, Version: 6.14.11.1143, Zeitstempel: 0x5154efc9
Name des fehlerhaften Moduls: atieclxx.exe, Version: 6.14.11.1143, Zeitstempel: 0x5154efc9
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000002ea19
ID des fehlerhaften Prozesses: 0x108c
Startzeit der fehlerhaften Anwendung: 0xatieclxx.exe0
Pfad der fehlerhaften Anwendung: atieclxx.exe1
Pfad des fehlerhaften Moduls: atieclxx.exe2
Berichtskennung: atieclxx.exe3

Error: (05/25/2015 09:16:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: TuneUpSystemStatusCheck.exe, Version: 13.0.2013.194, Zeitstempel: 0x5056f399
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00002070
ID des fehlerhaften Prozesses: 0x1580
Startzeit der fehlerhaften Anwendung: 0xTuneUpSystemStatusCheck.exe0
Pfad der fehlerhaften Anwendung: TuneUpSystemStatusCheck.exe1
Pfad des fehlerhaften Moduls: TuneUpSystemStatusCheck.exe2
Berichtskennung: TuneUpSystemStatusCheck.exe3

Error: (05/18/2015 08:21:48 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddWin32ServiceFiles: Unable to back up image of service Update Edu App since QueryServiceConfig API failed

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (05/17/2015 08:08:16 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "RegSetValueExW(0x0000029c,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,00000000030AEDF0.72)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.


System errors:
=============
Error: (07/01/2015 02:29:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (07/01/2015 02:29:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "SQL Server (SQLEXPRESS)" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (07/01/2015 02:29:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Live ID Sign-in Assistant" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (07/01/2015 02:29:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "PnkBstrA" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (07/01/2015 02:29:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "AMD FUEL Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (07/01/2015 02:29:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Adobe Active File Monitor V9" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (07/01/2015 02:29:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Druckwarteschlange" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (07/01/2015 02:29:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "AMD External Events Utility" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (06/30/2015 04:39:22 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (06/30/2015 04:39:22 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.


Microsoft Office:
=========================
Error: (06/29/2015 09:02:20 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service TuneUp Utilities Service since QueryServiceConfig API failed

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (06/29/2015 09:02:20 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary TuneUpUtilitiesDrv.

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (06/14/2015 11:42:00 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Steam.exe2.81.34.6126401d0a685ec635dd40C:\Program Files (x86)\Steam\Steam.exe67e719c3-1279-11e5-85ce-e81132d93976

Error: (06/14/2015 00:01:50 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\program files (x86)\common files\adobe air\Versions\1.0\Adobe AIR.dllc:\program files (x86)\common files\adobe air\Versions\1.0\Adobe AIR.dll3

Error: (06/13/2015 01:35:32 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\program files (x86)\common files\adobe air\Versions\1.0\Adobe AIR.dllc:\program files (x86)\common files\adobe air\Versions\1.0\Adobe AIR.dll3

Error: (06/11/2015 08:14:06 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\program files (x86)\common files\adobe air\Versions\1.0\Adobe AIR.dllc:\program files (x86)\common files\adobe air\Versions\1.0\Adobe AIR.dll3

Error: (06/10/2015 08:40:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: atieclxx.exe6.14.11.11435154efc9atieclxx.exe6.14.11.11435154efc9c0000005000000000002ea19108c01d0a3ace73c4920C:\windows\system32\atieclxx.exeC:\windows\system32\atieclxx.exe25cfb97a-0fa0-11e5-beb3-e81132d93976

Error: (05/25/2015 09:16:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: TuneUpSystemStatusCheck.exe13.0.2013.1945056f399unknown0.0.0.000000000c000000500002070158001d096baab557310C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpSystemStatusCheck.exeunknownf17e1d07-02ad-11e5-ae55-e81132d93976

Error: (05/18/2015 08:21:48 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service Update Edu App since QueryServiceConfig API failed

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (05/17/2015 08:08:16 PM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x0000029c,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,00000000030AEDF0.72)0x80070005, Zugriff verweigert


CodeIntegrity Errors:
===================================
  Date: 2015-06-29 21:18:51.887
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-06-29 21:18:51.794
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-05-17 18:58:14.829
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-17 18:58:14.735
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-17 18:58:05.102
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-17 18:58:05.008
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-17 18:58:02.696
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-17 18:58:02.586
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-17 18:58:01.652
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-17 18:58:01.558
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Processor: AMD A6-3410MX APU with Radeon(tm) HD Graphics
Percentage of memory in use: 35%
Total physical RAM: 5611.81 MB
Available physical RAM: 3592.36 MB
Total Pagefile: 11221.82 MB
Available Pagefile: 9203.77 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:230 GB) (Free:72.69 GB) NTFS
Drive d: () (Fixed) (Total:342.9 GB) (Free:69.11 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 596.2 GB) (Disk ID: C469F6B2)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=230 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=342.9 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=23.2 GB) - (Type=27)

==================== End of log ============================
--- --- ---

marvin1105 01.07.2015 13:46
Code:
SystemLook 30.07.11 by jpshortstuff
Log created at 14:33 on 01/07/2015 by Marvin
Administrator - Elevation successful

========== filefind ==========

Searching for "*globalupdate*"
C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\globalupdate.exe.vir        --a---- 68608 bytes        [16:39 17/05/2015]        [16:39 17/05/2015] 3C14AAE26EA06BADAC98520773772CEB
C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\globalupdate.exe.vir        --a---- 68608 bytes        [16:39 17/05/2015]        [16:39 17/05/2015] 3C14AAE26EA06BADAC98520773772CEB
C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\globalupdateBroker.exe.vir        --a---- 46080 bytes        [16:39 17/05/2015]        [16:39 17/05/2015] 6419BCBF0B2569AACF4023942EADFCB8
C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\globalupdateCrashHandler.exe.vir        --a---- 68608 bytes        [16:39 17/05/2015]        [16:39 17/05/2015] 3C14AAE26EA06BADAC98520773772CEB
C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\globalupdateHelper.msi.vir        --a---- 32768 bytes        [16:39 17/05/2015]        [16:39 17/05/2015] F3E0BCAC0A50EA3B7571407A7DA325C7
C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\globalupdateOnDemand.exe.vir        --a---- 46080 bytes        [16:39 17/05/2015]        [16:39 17/05/2015] 8DF6560ADF608ECDCE5CAF299062A135
C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll.vir        --a---- 220672 bytes        [16:39 17/05/2015]        [16:39 17/05/2015] F4474EE9CF0F246F068A720A3A9807F3

Searching for "*appdataFr*"
C:\FRST\Quarantine\C\Users\Marvin\AppData\Roaming\appdataFrappdataFr25.bin.xBAD        --a---- 24 bytes        [06:13 30/06/2015]        [12:27 01/07/2015] F0A909F25AD651E71177F776615ABC4A
C:\Users\Marvin\AppData\Roaming\appdataFr25.bin        --a---- 24 bytes        [12:31 01/07/2015]        [12:31 01/07/2015] B34C0E08F11BA83899E8D0E00A27C446

========== folderfind ==========

Searching for "*globalupdate*"
C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate        d------        [17:51 17/05/2015]

Searching for "*appdataFr*"
No folders found.

========== regfind ==========

Searching for "globalupdate"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E]
"ProductName"="globalupdate Helper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E\SourceList]
"PackageName"="globalupdateHelper.msi"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E\SourceList]
"LastUsedSource"="n;1;C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E\SourceList\Net]
"1"="C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6EDBF8C0-C94C-4A13-956F-E393BCA5BA4B}\InprocHandler32]
@="C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\psmachine.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E\InstallProperties]
"InstallSource"="C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E\InstallProperties]
"Publisher"="globalupdate Inc."
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E\InstallProperties]
"DisplayName"="globalupdate Helper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}]
"Publisher"="globalupdate Inc."
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}]
"DisplayName"="globalupdate Helper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{6EDBF8C0-C94C-4A13-956F-E393BCA5BA4B}\InprocHandler32]
@="C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\psmachine.dll"

Searching for "appdataFr"
No data found.

Searching for "        "
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Marvin\Downloads\aspsetup.exe"="Advanced System~Protector                                  "
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]
"command"=""C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"                                                                                                                                                                                                        "
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdobeAAMUpdater-1.0]
"command"=""C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"                                                                                                                                                                                    "
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BCSSync]
"command"=""C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices                                                                                                                                                                                            "
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DAEMON Tools Lite]
"command"=""C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun                                                                                                                                                                                                          "
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Steam]
"command"=""C:\Program Files (x86)\Steam\steam.exe" -silent                                                                                                                                                                                                                        "
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{5F1DD2F9-14AD-4A01-895F-810235FBAD91}]
"RatingsInfo"="<Ratings xmlns="urn:schemas-microsoft-com:GameDescription.v1">
            <Rating ratingSystemID="{768BD93D-63BE-46A9-8994-0B53C4B5248F}" ratingID="{78D8CC82-372F-44e4-B70C-8944DB7BCC24}">
                <Descriptor descriptorID="{ABE23B46-7F9F-495b-B4A9-87F41743727F}"/>
                <Descriptor descriptorID="{4BDB9E0D-53CF-4a28-865F-B315818E7627}"/>
                <Descriptor descriptorID="{D49A8F0C-B183-4a34-8D86-33F2DC0E2D6C}"/>
            </Rating>
            <Rating ratingSystemID="{EC290BBB-D618-4cb9-9963-1CAAE515443E}" ratingID="{997B7D18-2AFA-49dc-847B-0E8A69723040}"/>
            <Rating ratingSystemID="{7F2A4D3A-23A8-4123-90E7-D986BF1D9718}" ratingID="{E2681CD6-318A-4935-8275-AF657045C333}">
                <Descriptor descriptorID="{F6C8131A-897B-4ecf-990E-07B976D1F805}"/>
                <Descriptor descriptorID="{6AB00271-515B-4a4d-8A6E-9E66BF96A437}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s                                                                                                                                                                                                                      "
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell]
"ConfigXML"="            <PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="1" XmlRenderingType="text" >                <InitializationParameters>                    <Param Name="PSVersion" Value="2.0"/>                </InitializationParameters>                <Resources>                    <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" SupportsOptions="true" ExactMatch="true">                        <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/>                        <Capability Type="Shell"/>                    </Resource>                </Res
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell32]
"ConfigXML"="<PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell32" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="1" XmlRenderingType="text" Architecture="32" >                        <InitializationParameters>                            <Param Name="PSVersion" Value="2.0"/>                        </InitializationParameters>                        <Resources>                            <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell32" SupportsOptions="true" ExactMatch="true">                                <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell32" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/>                               
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_APPLE&PROD_IPOD&REV_2.70#000A27001C117FF3&0#]
"DeviceDesc"="iPod            "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_APPLE&PROD_IPOD&REV_2.70#000A27001F36D378&0#]
"DeviceDesc"="iPod            "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_APPLE&PROD_IPOD&REV_2.70#000A2700235CBE62&0#]
"DeviceDesc"="iPod            "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_VERBATIM&PROD_&REV_#11080558011391&0#]
"DeviceDesc"="                "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_VERBATIM&PROD_&REV_#11080619004410&0#]
"DeviceDesc"="                "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_APPLE&PROD_IPOD&REV_2.70#000A27001C117FF3&0#]
"DeviceDesc"="iPod            "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_APPLE&PROD_IPOD&REV_2.70#000A27001F36D378&0#]
"DeviceDesc"="iPod            "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_APPLE&PROD_IPOD&REV_2.70#000A2700235CBE62&0#]
"DeviceDesc"="iPod            "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_VERBATIM&PROD_&REV_#11080558011391&0#]
"DeviceDesc"="                "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_VERBATIM&PROD_&REV_#11080619004410&0#]
"DeviceDesc"="                "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_APPLE&PROD_IPOD&REV_2.70#000A27001C117FF3&0#]
"DeviceDesc"="iPod            "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_APPLE&PROD_IPOD&REV_2.70#000A27001F36D378&0#]
"DeviceDesc"="iPod            "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_APPLE&PROD_IPOD&REV_2.70#000A2700235CBE62&0#]
"DeviceDesc"="iPod            "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_VERBATIM&PROD_&REV_#11080558011391&0#]
"DeviceDesc"="                "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_VERBATIM&PROD_&REV_#11080619004410&0#]
"DeviceDesc"="                "
[HKEY_USERS\S-1-5-21-2545573064-1671415295-1629012448-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Marvin\Downloads\aspsetup.exe"="Advanced System~Protector                                  "
[HKEY_USERS\S-1-5-21-2545573064-1671415295-1629012448-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Marvin\Downloads\aspsetup.exe"="Advanced System~Protector                                  "

-= EOF =-
Code:
Fix result of Farbar Recovery Scan Tool (x64) Version:28-06-2015 01
Ran by Marvin at 2015-07-01 14:29:46 Run:1
Running from C:\Users\Marvin\Desktop\Antivirus
Loaded Profiles: Marvin (Available Profiles: Marvin & Gast)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CloseProcesses:
HKU\S-1-5-21-2545573064-1671415295-1629012448-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
C:\Users\Marvin\Downloads\aspsetup.exe
C:\Users\Marvin\AppData\Roaming\appdataFr*.bin
Task: {12E2745D-D8DB-4F12-9F37-2544B87A80B0} - System32\Tasks\{FD9645F9-CA54-488A-9AE1-E059EA60D436} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{17283B95-21A8-4996-97DA-547A48DB266F}\setup.exe" -d "C:\Program Files (x86)\InstallShield Installation Information\{17283B95-21A8-4996-97DA-547A48DB266F}"
Task: {133FDAA6-03EA-47D8-8B8E-AAEDD164486C} - System32\Tasks\{F91F98E5-501B-4F99-AAF9-64E3DFA60859} => pcalua.exe -a C:\Users\Marvin\Downloads\PSE_5.0_WIN_ESD1_DE.exe -d C:\Users\Marvin\Downloads
Task: {340351E2-7790-4A6E-8A49-E35601FE80B0} - System32\Tasks\SvcDelay => C:\Windows\temp\SvcDelay.exe
Task: {46CC1074-1FAC-4981-BB9E-F27BC91583AB} - System32\Tasks\{B7349295-B75B-45FF-B29A-F3724694F7F9} => pcalua.exe -a C:\Users\Marvin\AppData\Local\Temp\Temp1_pbsetup.zip\pbsetup.exe
Task: {60D0E33B-2CF4-4071-B7E7-825D91288EEF} - System32\Tasks\{FA6BA6FF-86F1-4376-A173-1C5D4553B892} => pcalua.exe -a C:\Users\Marvin\AppData\Local\Temp\Temp1_WBFSManager3.0.1-RTW-x64.zip\setup.exe
Task: {6ECC35CD-3826-42A4-9F38-DEFF395803E1} - System32\Tasks\{41119750-8CDB-43D3-A18D-49A7D6E34E8D} => pcalua.exe -a C:\Users\Marvin\Downloads\SetupiPhoneBrowser.1.91.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {6ECC35CD-3826-42A4-9F38-DEFF395803E1} - System32\Tasks\{41119750-8CDB-43D3-A18D-49A7D6E34E8D} => pcalua.exe -a C:\Users\Marvin\Downloads\SetupiPhoneBrowser.1.91.exe -d "C:\Program Files (x86)\Mozilla Firefox"
AlternateDataStreams: C:\ProgramData\Temp:05EE1EEF
AlternateDataStreams: C:\ProgramData\Temp:AD022376
RemoveProxy:
EmptyTemp:
end
       
*****************

Processes closed successfully.
"HKU\S-1-5-21-2545573064-1671415295-1629012448-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
C:\Users\Marvin\Downloads\aspsetup.exe => moved successfully.
C:\Users\Marvin\AppData\Roaming\appdataFr*.bin => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{12E2745D-D8DB-4F12-9F37-2544B87A80B0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{12E2745D-D8DB-4F12-9F37-2544B87A80B0}" => key removed successfully
C:\Windows\System32\Tasks\{FD9645F9-CA54-488A-9AE1-E059EA60D436} => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{FD9645F9-CA54-488A-9AE1-E059EA60D436}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{133FDAA6-03EA-47D8-8B8E-AAEDD164486C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{133FDAA6-03EA-47D8-8B8E-AAEDD164486C}" => key removed successfully
C:\Windows\System32\Tasks\{F91F98E5-501B-4F99-AAF9-64E3DFA60859} => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F91F98E5-501B-4F99-AAF9-64E3DFA60859}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{340351E2-7790-4A6E-8A49-E35601FE80B0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{340351E2-7790-4A6E-8A49-E35601FE80B0}" => key removed successfully
C:\Windows\System32\Tasks\SvcDelay => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SvcDelay" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{46CC1074-1FAC-4981-BB9E-F27BC91583AB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{46CC1074-1FAC-4981-BB9E-F27BC91583AB}" => key removed successfully
C:\Windows\System32\Tasks\{B7349295-B75B-45FF-B29A-F3724694F7F9} => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{B7349295-B75B-45FF-B29A-F3724694F7F9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{60D0E33B-2CF4-4071-B7E7-825D91288EEF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{60D0E33B-2CF4-4071-B7E7-825D91288EEF}" => key removed successfully
C:\Windows\System32\Tasks\{FA6BA6FF-86F1-4376-A173-1C5D4553B892} => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{FA6BA6FF-86F1-4376-A173-1C5D4553B892}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6ECC35CD-3826-42A4-9F38-DEFF395803E1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6ECC35CD-3826-42A4-9F38-DEFF395803E1}" => key removed successfully
C:\Windows\System32\Tasks\{41119750-8CDB-43D3-A18D-49A7D6E34E8D} => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{41119750-8CDB-43D3-A18D-49A7D6E34E8D}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6ECC35CD-3826-42A4-9F38-DEFF395803E1} => key not found.
C:\Windows\System32\Tasks\{41119750-8CDB-43D3-A18D-49A7D6E34E8D} not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{41119750-8CDB-43D3-A18D-49A7D6E34E8D} => key not found.
C:\ProgramData\Temp => ":05EE1EEF" ADS removed successfully.
C:\ProgramData\Temp => ":AD022376" ADS removed successfully.

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-2545573064-1671415295-1629012448-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-2545573064-1671415295-1629012448-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========

EmptyTemp: => 28.3 MB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 14:29:49 ====


Alle Zeitangaben in WEZ +1. Es ist jetzt 02:29 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131