Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

CD drive activates unnecessarily


  • This topic is locked This topic is locked
16 replies to this topic

#1 Seraiel

Seraiel

  • Validating
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:16 AM

Posted 19 September 2016 - 07:43 AM

Hi :) .

 

I'm quite sure to have a clean computer, but for some reason my CD-drive activates about 1 minute after I logon into Windows. I had some sort of Malware-infection that got detected by ESET NOD32 which I use and JRT cleaned up something, unfortunately I cannot provide the logs but remember that JRT told something about the temporary internet files in the log.

 

Here is a fresh FRST64:

 

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 18-09-2016
durchgeführt von Seraiel (Administrator) auf AWM17XR4 (19-09-2016 14:41:04)
Gestartet von C:\Users\Seraiel\Desktop\Sicherheit
Geladene Profile: Seraiel (Verfügbare Profile: Seraiel)
Platform: Windows 7 Professional Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 9 (Standard-Browser: Chrome)
Start-Modus: Normal
 
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
 
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CtHdaSvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(SoftPerfect) C:\Program Files\SoftPerfect RAM Disk\ramdiskws.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
(Google Inc.) C:\Users\Seraiel\AppData\Local\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(Google Inc.) C:\Users\Seraiel\AppData\Local\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
() C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\SBRcni.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\CTJckCfg.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DeviceAgent.exe
(2BrightSparks Pte. Ltd.) C:\Program Files (x86)\2BrightSparks\SyncBackFree\SyncBackFree.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Piotr Pawlowski) C:\Program Files (x86)\foobar2000\foobar2000.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) T:\Chrome SxS\Application\chrome.exe
(Google Inc.) T:\Chrome SxS\Application\chrome.exe
(Google Inc.) T:\Chrome SxS\Application\chrome.exe
(Google Inc.) T:\Chrome SxS\Application\chrome.exe
(Google Inc.) T:\Chrome SxS\Application\chrome.exe
(Google Inc.) T:\Chrome SxS\Application\chrome.exe
(Google Inc.) T:\Chrome SxS\Application\chrome.exe
(Google Inc.) T:\Chrome SxS\Application\chrome.exe
(Google Inc.) T:\Chrome SxS\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Google Inc.) T:\Chrome SxS\Application\chrome.exe
(The Document Foundation) C:\Program Files\LibreOffice 5\program\scalc.exe
(The Document Foundation) C:\Program Files\LibreOffice 5\program\soffice.exe
(The Document Foundation) C:\Program Files\LibreOffice 5\program\soffice.bin
(Google Inc.) T:\Chrome SxS\Application\chrome.exe
() C:\Program Files (x86)\qBittorrent\qbittorrent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) T:\Chrome SxS\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\calc.exe
(Google Inc.) T:\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
 
HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll [7822648 2014-10-28] (Motorola Solutions, Inc.)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [15818872 2016-04-29] (Logitech Inc.)
HKLM\...\Run: [RAMDiskForWorkstations] => C:\Program Files\SoftPerfect RAM Disk\RAMDiskWS.exe [4920136 2016-04-25] (SoftPerfect)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [7536520 2016-09-07] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-09-17] (Intel Corporation)
HKLM-x32\...\Run: [AlienwareOn-ScreenDisplay] => C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe [1636208 2011-12-01] ()
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Sound Blaster Recon3Di Control Panel] => C:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\SBRcni.exe [880640 2011-12-21] (Creative Technology Ltd)
HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe [58640 2016-08-05] (Raptr, Inc)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [DBAgent] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1563424 2016-06-28] (Seagate Technology LLC)
HKU\S-1-5-21-3157455879-1380111954-4074870653-1000\...\Run: [Google Update] => C:\Users\Seraiel\AppData\Local\Google\Update\GoogleUpdate.exe [154440 2016-07-25] (Google Inc.)
HKU\S-1-5-21-3157455879-1380111954-4074870653-1000\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [127816 2016-06-28] (Seagate Technology LLC)
HKU\S-1-5-21-3157455879-1380111954-4074870653-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2857248 2016-08-23] (Valve Corporation)
HKU\S-1-5-21-3157455879-1380111954-4074870653-1000\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x00000000
ShellIconOverlayIdentifiers: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2015-10-04] (Hermann Schinagl)
ShellIconOverlayIdentifiers: [IconOverlayHardLink] -> {0A479751-02BC-11d3-A855-0004AC2568DD} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2015-10-04] (Hermann Schinagl)
ShellIconOverlayIdentifiers: [IconOverlaySymbolicLink] -> {0A479751-02BC-11d3-A855-0004AC2568EE} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2015-10-04] (Hermann Schinagl)
ShellIconOverlayIdentifiers-x32: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\32\HardlinkShellExt.dll [2015-10-04] (Hermann Schinagl)
ShellIconOverlayIdentifiers-x32: [IconOverlayHardLink] -> {0A479751-02BC-11d3-A855-0004AC2568DD} => C:\Program Files\LinkShellExtension\32\HardlinkShellExt.dll [2015-10-04] (Hermann Schinagl)
ShellIconOverlayIdentifiers-x32: [IconOverlaySymbolicLink] -> {0A479751-02BC-11d3-A855-0004AC2568EE} => C:\Program Files\LinkShellExtension\32\HardlinkShellExt.dll [2015-10-04] (Hermann Schinagl)
 
==================== Internet (Nicht auf der Ausnahmeliste) ====================
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{7954837D-298B-4267-83A8-21AB4275D1A0}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{9E4739BD-69D6-4436-B67D-32CFC49F7B97}: [NameServer] 31.7.56.129 31.7.56.131
Tcpip\..\Interfaces\{A129E1FD-B3AC-4A92-AF6E-D4A88BB78236}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{AFA583E5-3479-452E-B78A-DA339B90B12F}: [DhcpNameServer] 192.168.178.1
 
Internet Explorer:
==================
HKU\S-1-5-21-3157455879-1380111954-4074870653-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://duckduckgo.com/
SearchScopes: HKU\S-1-5-21-3157455879-1380111954-4074870653-1000 -> DefaultScope {0190C044-7A8F-4B0E-AF38-5A927A0A03D3} URL = hxxps://duckduckgo.com/?q={searchTerms}&atb=v23_c
SearchScopes: HKU\S-1-5-21-3157455879-1380111954-4074870653-1000 -> {0190C044-7A8F-4B0E-AF38-5A927A0A03D3} URL = hxxps://duckduckgo.com/?q={searchTerms}&atb=v23_c
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll [2016-07-25] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-07-25] (Oracle Corporation)
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-07-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-07-25] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin HKU\S-1-5-21-3157455879-1380111954-4074870653-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Seraiel\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin HKU\S-1-5-21-3157455879-1380111954-4074870653-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Seraiel\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://duckduckgo.com/"
CHR DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> duckduckgo.com
CHR DefaultSuggestURL: Default -> hxxps://ac.duckduckgo.com/ac/?q={searchTerms}&type=list
CHR Session Restore: Default -> ist aktiviert.
CHR Profile: C:\Users\Seraiel\AppData\Local\Google\Chrome\User Data\Default [2016-09-19]
CHR Extension: (Google Präsentationen) - C:\Users\Seraiel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-07-25]
CHR Extension: (Google Docs) - C:\Users\Seraiel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-07-25]
CHR Extension: (Google Drive) - C:\Users\Seraiel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-07-25]
CHR Extension: (YouTube) - C:\Users\Seraiel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-07-25]
CHR Extension: (Google Tabellen) - C:\Users\Seraiel\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-07-25]
CHR Extension: (HTTPS Everywhere) - C:\Users\Seraiel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2016-09-02]
CHR Extension: (Google Docs Offline) - C:\Users\Seraiel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-07-25]
CHR Extension: (AdBlock) - C:\Users\Seraiel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-09-17]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Seraiel\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2016-08-31]
CHR Extension: (Referer Control) - C:\Users\Seraiel\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnkcfpcejkafcihlgbojoidoihckciin [2016-07-25]
CHR Extension: (Ghostery) - C:\Users\Seraiel\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2016-09-07]
CHR Extension: (DInstagram) - C:\Users\Seraiel\AppData\Local\Google\Chrome\User Data\Default\Extensions\neppgmfjfhgdcbophaohghbgmfbinanl [2016-07-25]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Seraiel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-07-25]
CHR Extension: (Google Mail) - C:\Users\Seraiel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-07-25]
CHR Extension: (Chrome Media Router) - C:\Users\Seraiel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-18]
 
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
 
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2016-07-24] (Creative Labs) [Datei ist nicht signiert]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2016-07-24] (Creative Labs) [Datei ist nicht signiert]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [423424 2011-10-19] (Creative Technology Ltd) [Datei ist nicht signiert]
R2 CtHdaSvc; C:\Windows\sysWow64\CtHdaSvc.exe [133640 2015-06-12] (Creative Technology Ltd)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2779136 2016-08-26] (ESET)
S2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [127216 2015-01-21] (Intel Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [Datei ist nicht signiert]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319096 2016-05-12] (Intel Corporation)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193656 2016-04-29] (Logitech Inc.)
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2015-08-13] ()
R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16216 2016-06-28] (Seagate Technology LLC)
R2 Seagate MobileBackup Service; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [143656 2016-06-28] (Seagate Technology LLC)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3831712 2015-08-13] (Intel® Corporation)
 
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
 
R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [79120 2016-03-03] (Advanced Micro Devices, Inc.)
R3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [141624 2014-10-28] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1448248 2014-11-26] (Motorola Solutions, Inc.)
R3 cthda; C:\Windows\System32\drivers\cthda.sys [1075496 2015-06-12] (Creative Technology Ltd)
R3 dcdbas; C:\Windows\System32\DRIVERS\dcdbas64.sys [38472 2011-02-02] (Dell Inc.)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [263296 2016-08-03] (ESET)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [197288 2016-06-23] (ESET)
R2 epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [181416 2016-06-23] (ESET)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [104048 2012-03-02] (Qualcomm Atheros Co., Ltd.)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\Windows\System32\drivers\LGJoyXlCore.sys [85160 2016-04-19] (Logitech Inc.)
S3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
S3 LGSUsbFilt; C:\Windows\System32\DRIVERS\LGSUsbFilt.Sys [41752 2013-05-30] (Logitech Inc.)
R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [140672 2016-03-10] (Malwarebytes)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
R3 NETwNs64; C:\Windows\System32\DRIVERS\NETwsw01.sys [11534096 2015-05-04] (Intel Corporation)
U5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [777944 2016-06-07] (Realsil Semiconductor Corporation)
U5 RTSUER; C:\Windows\System32\Drivers\RTSUER.sys [413912 2016-06-07] (Realsil Semiconductor Corporation)
R1 scbfs5; C:\Windows\system32\drivers\scbfs5.sys [416440 2015-02-12] (Seagate Corporation)
R1 SPVDPort; C:\Windows\System32\DRIVERS\spvdbus.sys [99768 2016-03-13] ()
R1 SPVVEngine; C:\Windows\system32\Drivers\spvve.sys [248248 2016-03-13] ()
R3 ST_ACCEL; C:\Windows\System32\DRIVERS\ST_ACCEL.sys [67184 2012-03-14] (STMicroelectronics)
R3 svpnpbus; C:\Windows\System32\DRIVERS\svpnpbus.sys [18616 2015-02-12] (Seagate Corporation)
 
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
 
 
==================== Ein Monat: Erstellte Dateien und Ordner ========
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
 
2016-09-19 14:40 - 2016-09-19 14:41 - 00000000 ____D C:\FRST
2016-09-18 16:27 - 2016-09-18 16:30 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-09-18 16:27 - 2016-09-18 16:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-09-18 16:27 - 2016-09-18 16:27 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-09-18 16:27 - 2016-09-18 16:27 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-09-18 16:27 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-09-18 16:27 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-09-18 16:27 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-09-18 16:21 - 2016-09-18 16:23 - 00000000 ____D C:\AdwCleaner
2016-09-17 23:39 - 2016-09-17 23:39 - 00010709 _____ C:\Users\Seraiel\wastintime.ods
2016-09-14 10:35 - 2016-09-02 17:40 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-09-14 10:35 - 2016-09-02 17:35 - 05548264 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-09-14 10:35 - 2016-09-02 17:35 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-09-14 10:35 - 2016-09-02 17:35 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-09-14 10:35 - 2016-09-02 17:35 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-09-14 10:35 - 2016-09-02 17:34 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-09-14 10:35 - 2016-09-02 17:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-09-14 10:35 - 2016-09-02 17:31 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-09-14 10:35 - 2016-09-02 17:31 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-09-14 10:35 - 2016-09-02 17:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-09-14 10:35 - 2016-09-02 17:31 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-09-14 10:35 - 2016-09-02 17:31 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-09-14 10:35 - 2016-09-02 17:31 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-09-14 10:35 - 2016-09-02 17:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-09-14 10:35 - 2016-09-02 17:31 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-09-14 10:35 - 2016-09-02 17:31 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-09-14 10:35 - 2016-09-02 17:30 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-09-14 10:35 - 2016-09-02 17:30 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-09-14 10:35 - 2016-09-02 17:30 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-09-14 10:35 - 2016-09-02 17:30 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-09-14 10:35 - 2016-09-02 17:30 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-09-14 10:35 - 2016-09-02 17:30 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-09-14 10:35 - 2016-09-02 17:30 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-09-14 10:35 - 2016-09-02 17:30 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-09-14 10:35 - 2016-09-02 17:30 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-09-14 10:35 - 2016-09-02 17:30 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-09-14 10:35 - 2016-09-02 17:30 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-09-14 10:35 - 2016-09-02 17:30 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-09-14 10:35 - 2016-09-02 17:30 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-09-14 10:35 - 2016-09-02 17:30 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-09-14 10:35 - 2016-09-02 17:30 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-09-14 10:35 - 2016-09-02 17:30 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-09-14 10:35 - 2016-09-02 17:30 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-09-14 10:35 - 2016-09-02 17:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-09-14 10:35 - 2016-09-02 17:30 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-09-14 10:35 - 2016-09-02 17:30 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-09-14 10:35 - 2016-09-02 17:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-09-14 10:35 - 2016-09-02 17:30 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-09-14 10:35 - 2016-09-02 17:30 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-09-14 10:35 - 2016-09-02 17:30 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-09-14 10:35 - 2016-09-02 17:30 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-09-14 10:35 - 2016-09-02 17:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-09-14 10:35 - 2016-09-02 17:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-09-14 10:35 - 2016-09-02 17:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-09-14 10:35 - 2016-09-02 17:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-09-14 10:35 - 2016-09-02 17:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-09-14 10:35 - 2016-09-02 17:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-09-14 10:35 - 2016-09-02 17:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-09-14 10:35 - 2016-09-02 17:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-09-14 10:35 - 2016-09-02 17:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-09-14 10:35 - 2016-09-02 17:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-09-14 10:35 - 2016-09-02 17:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-09-14 10:35 - 2016-09-02 17:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-09-14 10:35 - 2016-09-02 17:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-09-14 10:35 - 2016-09-02 17:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-09-14 10:35 - 2016-09-02 17:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-09-14 10:35 - 2016-09-02 17:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-09-14 10:35 - 2016-09-02 17:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-09-14 10:35 - 2016-09-02 17:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-09-14 10:35 - 2016-09-02 17:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-09-14 10:35 - 2016-09-02 17:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-09-14 10:35 - 2016-09-02 17:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-09-14 10:35 - 2016-09-02 17:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-09-14 10:35 - 2016-09-02 17:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-09-14 10:35 - 2016-09-02 17:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-09-14 10:35 - 2016-09-02 17:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-09-14 10:35 - 2016-09-02 17:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-09-14 10:35 - 2016-09-02 17:21 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-09-14 10:35 - 2016-09-02 17:21 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-09-14 10:35 - 2016-09-02 17:18 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-09-14 10:35 - 2016-09-02 17:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-09-14 10:35 - 2016-09-02 17:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-09-14 10:35 - 2016-09-02 17:16 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-09-14 10:35 - 2016-09-02 17:16 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-09-14 10:35 - 2016-09-02 17:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-09-14 10:35 - 2016-09-02 17:16 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-09-14 10:35 - 2016-09-02 17:16 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-09-14 10:35 - 2016-09-02 17:16 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-09-14 10:35 - 2016-09-02 17:16 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-09-14 10:35 - 2016-09-02 17:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-09-14 10:35 - 2016-09-02 17:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-09-14 10:35 - 2016-09-02 17:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-09-14 10:35 - 2016-09-02 17:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-09-14 10:35 - 2016-09-02 17:16 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-09-14 10:35 - 2016-09-02 17:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-09-14 10:35 - 2016-09-02 17:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-09-14 10:35 - 2016-09-02 17:16 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-09-14 10:35 - 2016-09-02 17:16 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-09-14 10:35 - 2016-09-02 17:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-09-14 10:35 - 2016-09-02 17:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-09-14 10:35 - 2016-09-02 17:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-09-14 10:35 - 2016-09-02 17:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-09-14 10:35 - 2016-09-02 17:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-09-14 10:35 - 2016-09-02 17:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-09-14 10:35 - 2016-09-02 17:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-09-14 10:35 - 2016-09-02 17:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-09-14 10:35 - 2016-09-02 17:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-09-14 10:35 - 2016-09-02 17:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-09-14 10:35 - 2016-09-02 17:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-09-14 10:35 - 2016-09-02 17:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-09-14 10:35 - 2016-09-02 17:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-09-14 10:35 - 2016-09-02 17:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-09-14 10:35 - 2016-09-02 17:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-09-14 10:35 - 2016-09-02 17:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-09-14 10:35 - 2016-09-02 17:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-09-14 10:35 - 2016-09-02 17:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-09-14 10:35 - 2016-09-02 17:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-09-14 10:35 - 2016-09-02 17:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-09-14 10:35 - 2016-09-02 17:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-09-14 10:35 - 2016-09-02 17:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-09-14 10:35 - 2016-09-02 17:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-09-14 10:35 - 2016-09-02 17:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-09-14 10:35 - 2016-09-02 17:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-09-14 10:35 - 2016-09-02 17:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-09-14 10:35 - 2016-09-02 17:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-09-14 10:35 - 2016-09-02 17:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-09-14 10:35 - 2016-09-02 17:02 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-09-14 10:35 - 2016-09-02 17:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-09-14 10:35 - 2016-09-02 17:02 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-09-14 10:35 - 2016-09-02 17:01 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-09-14 10:35 - 2016-09-02 16:58 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-09-14 10:35 - 2016-09-02 16:57 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-09-14 10:35 - 2016-09-02 16:55 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-09-14 10:35 - 2016-09-02 16:54 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-09-14 10:35 - 2016-09-02 16:54 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-09-14 10:35 - 2016-09-02 16:53 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-09-14 10:35 - 2016-09-02 16:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-09-14 10:35 - 2016-09-02 16:53 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-09-14 10:35 - 2016-09-02 16:49 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-09-14 10:35 - 2016-09-02 16:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-09-14 10:35 - 2016-09-02 16:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-09-14 10:35 - 2016-09-02 16:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-09-14 10:35 - 2016-09-02 16:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-09-14 10:35 - 2016-09-02 16:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-09-14 10:35 - 2016-09-02 16:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-09-14 10:35 - 2016-09-02 16:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-09-14 10:35 - 2016-09-02 16:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-09-14 10:32 - 2016-09-14 10:32 - 00000000 ____D C:\ProgramData\firebird
2016-09-14 10:32 - 2016-08-12 18:26 - 00464896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-09-14 10:32 - 2016-08-12 18:26 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-09-14 10:32 - 2016-08-12 18:26 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-09-14 10:31 - 2016-08-16 19:36 - 01009152 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2016-09-14 10:31 - 2016-08-16 04:48 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2016-09-14 10:31 - 2016-08-16 04:35 - 03218432 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-09-14 10:31 - 2016-08-06 17:31 - 00877056 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-09-14 10:31 - 2016-08-06 17:15 - 00581632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2016-09-12 12:16 - 2016-09-12 12:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent
2016-09-08 14:20 - 2016-09-08 14:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings
2016-09-08 11:02 - 2016-09-08 11:02 - 00000000 ____D C:\Users\Seraiel\AppData\Local\ESET
2016-09-07 17:48 - 2016-09-07 17:48 - 00145400 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdave64.dll
2016-09-07 17:48 - 2016-09-07 17:48 - 00141280 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdhcp64.dll
2016-09-07 17:48 - 2016-09-07 17:48 - 00125288 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdhcp32.dll
2016-09-07 17:48 - 2016-09-07 17:48 - 00124776 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdave32.dll
2016-09-07 17:48 - 2016-09-07 17:48 - 00109856 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll
2016-09-07 17:48 - 2016-09-07 17:48 - 00109856 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll
2016-09-07 17:48 - 2016-09-07 17:48 - 00092328 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2016-09-07 17:48 - 2016-09-07 17:48 - 00092328 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2016-09-07 17:47 - 2016-09-07 17:47 - 10981024 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd6a.dll
2016-09-07 17:47 - 2016-09-07 17:47 - 09983912 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll
2016-09-07 17:47 - 2016-09-07 17:47 - 09089920 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
2016-09-07 17:47 - 2016-09-07 17:47 - 07212736 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll
2016-09-07 17:47 - 2016-09-07 17:47 - 01271160 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
2016-09-07 17:47 - 2016-09-07 17:47 - 00150544 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiu9p64.dll
2016-09-07 17:47 - 2016-09-07 17:47 - 00139720 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
2016-09-07 17:47 - 2016-09-07 17:47 - 00123776 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll
2016-09-07 17:46 - 2016-09-07 17:46 - 08847376 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd64.dll
2016-09-07 17:46 - 2016-09-07 17:46 - 00305544 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdacpksd.sys
2016-09-07 17:42 - 2016-09-07 17:42 - 26542592 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmdag.sys
2016-09-07 17:42 - 2016-09-07 17:42 - 00502272 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys
2016-09-07 17:42 - 2016-09-07 17:42 - 00270336 _____ (AMD) C:\Windows\system32\atitmm64.dll
2016-09-07 17:42 - 2016-09-07 17:42 - 00143360 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantle64.dll
2016-09-07 17:42 - 2016-09-07 17:42 - 00119808 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atisamu64.dll
2016-09-07 17:42 - 2016-09-07 17:42 - 00118272 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantle32.dll
2016-09-07 17:42 - 2016-09-07 17:42 - 00113152 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantleaxl64.dll
2016-09-07 17:42 - 2016-09-07 17:42 - 00101376 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atisamu32.dll
2016-09-07 17:42 - 2016-09-07 17:42 - 00092160 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantleaxl32.dll
2016-09-07 17:42 - 2016-09-07 17:42 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\detoured.dll
2016-09-07 17:42 - 2016-09-07 17:42 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\detoured.dll
2016-09-07 17:41 - 2016-09-07 17:41 - 48805888 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl64.dll
2016-09-07 17:41 - 2016-09-07 17:41 - 38250496 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
2016-09-07 17:41 - 2016-09-07 17:41 - 33263104 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atio6axx.dll
2016-09-07 17:41 - 2016-09-07 17:41 - 27473408 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl12cl64.dll
2016-09-07 17:41 - 2016-09-07 17:41 - 27297280 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
2016-09-07 17:41 - 2016-09-07 17:41 - 21624320 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl12cl.dll
2016-09-07 17:41 - 2016-09-07 17:41 - 15711744 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticaldd64.dll
2016-09-07 17:41 - 2016-09-07 17:41 - 14302720 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
2016-09-07 17:41 - 2016-09-07 17:41 - 01316864 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll
2016-09-07 17:41 - 2016-09-07 17:41 - 00981504 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2016-09-07 17:41 - 2016-09-07 17:41 - 00981504 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxx.dll
2016-09-07 17:41 - 2016-09-07 17:41 - 00505856 _____ (AMD) C:\Windows\system32\atieclxx.exe
2016-09-07 17:41 - 2016-09-07 17:41 - 00442368 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll
2016-09-07 17:41 - 2016-09-07 17:41 - 00385536 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiapfxx.exe
2016-09-07 17:41 - 2016-09-07 17:41 - 00332800 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\ATIODE.exe
2016-09-07 17:41 - 2016-09-07 17:41 - 00269824 _____ (AMD) C:\Windows\system32\atiesrxx.exe
2016-09-07 17:41 - 2016-09-07 17:41 - 00185344 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll
2016-09-07 17:41 - 2016-09-07 17:41 - 00159232 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2016-09-07 17:41 - 2016-09-07 17:41 - 00106496 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6pxx.dll
2016-09-07 17:41 - 2016-09-07 17:41 - 00094208 _____ (AMD) C:\Windows\system32\atimuixx.dll
2016-09-07 17:41 - 2016-09-07 17:41 - 00091136 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
2016-09-07 17:41 - 2016-09-07 17:41 - 00091136 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiglpxx.dll
2016-09-07 17:41 - 2016-09-07 17:41 - 00062464 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalrt64.dll
2016-09-07 17:41 - 2016-09-07 17:41 - 00055808 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalcl64.dll
2016-09-07 17:41 - 2016-09-07 17:41 - 00052224 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
2016-09-07 17:41 - 2016-09-07 17:41 - 00051200 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\ATIODCLI.exe
2016-09-07 17:41 - 2016-09-07 17:41 - 00050688 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmmcl6.dll
2016-09-07 17:41 - 2016-09-07 17:41 - 00049152 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
2016-09-07 17:41 - 2016-09-07 17:41 - 00043520 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\ati2erec.dll
2016-09-07 17:41 - 2016-09-07 17:41 - 00038400 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmmcl.dll
2016-09-07 17:40 - 2016-09-07 17:40 - 08724992 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmantle64.dll
2016-09-07 17:40 - 2016-09-07 17:40 - 07046656 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmantle32.dll
2016-09-07 17:40 - 2016-09-07 17:40 - 00096256 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2016-09-07 17:40 - 2016-09-07 17:40 - 00087040 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2016-09-07 17:36 - 2016-09-07 17:36 - 02222592 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amfrt64.dll
2016-09-07 17:35 - 2016-09-07 17:35 - 01902080 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amfrt32.dll
2016-09-07 17:34 - 2016-09-07 17:34 - 09364992 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdvlk64.dll
2016-09-07 17:24 - 2016-09-07 17:24 - 07568384 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdvlk32.dll
2016-09-07 16:56 - 2016-09-07 16:56 - 00252928 _____ C:\Windows\system32\clinfo.exe
2016-09-07 16:52 - 2016-09-07 16:52 - 00733696 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdlvr64.dll
2016-09-07 16:51 - 2016-09-07 16:51 - 00608768 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdlvr32.dll
2016-09-07 16:28 - 2016-09-07 16:28 - 03437632 _____ C:\Windows\system32\atiumd6a.cap
2016-09-07 16:17 - 2016-09-07 16:17 - 03471376 _____ C:\Windows\SysWOW64\atiumdva.cap
2016-09-07 16:16 - 2016-09-07 16:16 - 00875008 _____ (AMD) C:\Windows\system32\coinst_16.40.dll
2016-09-07 16:15 - 2016-09-07 16:15 - 00748320 _____ C:\Windows\SysWOW64\atiapfxx.blb
2016-09-07 16:15 - 2016-09-07 16:15 - 00748320 _____ C:\Windows\system32\atiapfxx.blb
2016-09-07 16:09 - 2016-09-07 16:09 - 00138752 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amduve64.dll
2016-09-07 16:08 - 2016-09-07 16:08 - 00118272 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amduve32.dll
2016-09-07 16:07 - 2016-09-07 16:07 - 00275456 _____ C:\Windows\system32\dgtrayicon.exe
2016-09-07 16:07 - 2016-09-07 16:07 - 00258560 _____ C:\Windows\system32\GameManager64.dll
2016-09-07 16:07 - 2016-09-07 16:07 - 00223744 _____ C:\Windows\SysWOW64\GameManager32.dll
2016-09-07 16:07 - 2016-09-07 16:07 - 00214016 _____ C:\Windows\system32\atieah64.exe
2016-09-07 16:07 - 2016-09-07 16:07 - 00192000 _____ C:\Windows\SysWOW64\atieah32.exe
2016-09-07 16:06 - 2016-09-07 16:06 - 00231936 _____ C:\Windows\system32\amdgfxinfo64.dll
2016-09-07 16:06 - 2016-09-07 16:06 - 00204800 _____ C:\Windows\SysWOW64\amdgfxinfo32.dll
2016-09-07 15:57 - 2016-09-07 15:57 - 00251392 _____ C:\Windows\system32\hsa-thunk64.dll
2016-09-07 15:57 - 2016-09-07 15:57 - 00217088 _____ C:\Windows\SysWOW64\hsa-thunk.dll
2016-08-25 14:01 - 2016-08-25 14:01 - 00000000 ____D C:\Users\Seraiel\AppData\Roaming\ATI
2016-08-25 14:01 - 2016-08-25 14:01 - 00000000 ____D C:\Users\Seraiel\AppData\Local\ATI
2016-08-25 14:01 - 2016-08-25 14:01 - 00000000 ____D C:\ProgramData\ATI
2016-08-25 13:55 - 2016-08-25 13:55 - 00000000 ____D C:\Users\Seraiel\AppData\Roaming\PlaysTV
2016-08-25 13:54 - 2016-08-25 13:54 - 00000000 ____D C:\Users\Seraiel\AppData\Local\AMD
2016-08-25 13:54 - 2016-08-25 13:54 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2016-08-25 13:54 - 2016-08-25 13:54 - 00000000 ____D C:\Program Files (x86)\Raptr Inc
2016-08-25 13:54 - 2016-08-25 13:54 - 00000000 ____D C:\Program Files (x86)\AMD
2016-08-25 13:54 - 2016-07-21 17:47 - 00265504 _____ C:\Windows\SysWOW64\vulkan-1.dll
2016-08-25 13:54 - 2016-07-21 17:47 - 00110880 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2016-08-25 13:54 - 2016-07-21 17:46 - 00258336 _____ C:\Windows\system32\vulkan-1.dll
2016-08-25 13:54 - 2016-07-21 17:46 - 00125216 _____ C:\Windows\system32\vulkaninfo.exe
2016-08-25 13:54 - 2016-03-03 08:31 - 00079120 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\amdkmpfd.sys
2016-08-25 13:53 - 2016-09-08 14:18 - 00000000 ____D C:\Program Files\AMD
2016-08-25 13:50 - 2016-08-25 13:50 - 00019530 _____ C:\Windows\system32\results.xml
2016-08-25 13:47 - 2016-08-25 13:47 - 00000704 _____ C:\Users\Public\Desktop\Intel® HD Graphics Control Panel.lnk
2016-08-25 13:30 - 2016-09-08 14:20 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-08-25 11:22 - 2016-09-18 18:42 - 00065536 _____ C:\Windows\system32\spu_storage.bin
2016-08-25 11:19 - 2016-09-08 14:17 - 00000000 ____D C:\AMD
 
==================== Ein Monat: Geänderte Dateien und Ordner ========
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
 
2016-09-19 14:41 - 2016-07-25 14:51 - 00000000 ____D C:\Users\Seraiel\Desktop\Sicherheit
2016-09-19 14:34 - 2016-07-25 16:30 - 00000000 ____D C:\Users\Seraiel\AppData\Roaming\qBittorrent
2016-09-19 14:29 - 2016-08-10 18:07 - 00000000 ___RD C:\Users\Seraiel\Documents\Wichtig
2016-09-19 14:29 - 2016-08-10 18:06 - 00000000 ___RD C:\Users\Seraiel\Documents\Glaube
2016-09-19 14:14 - 2016-07-25 13:50 - 00002444 _____ C:\Users\Seraiel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome Canary.lnk
2016-09-19 14:14 - 2016-07-25 13:49 - 00001128 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3157455879-1380111954-4074870653-1000UA.job
2016-09-19 14:05 - 2016-07-25 14:46 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-19 13:48 - 2016-07-25 14:38 - 00000000 ____D C:\Users\Seraiel\AppData\Roaming\foobar2000
2016-09-19 02:08 - 2016-07-25 13:49 - 00001076 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3157455879-1380111954-4074870653-1000Core.job
2016-09-19 02:05 - 2016-07-25 14:46 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-18 18:51 - 2009-07-14 06:45 - 00031888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-09-18 18:51 - 2009-07-14 06:45 - 00031888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-09-18 18:49 - 2011-04-12 09:43 - 00699342 _____ C:\Windows\system32\perfh007.dat
2016-09-18 18:49 - 2011-04-12 09:43 - 00149450 _____ C:\Windows\system32\perfc007.dat
2016-09-18 18:49 - 2009-07-14 07:13 - 01619284 _____ C:\Windows\system32\PerfStringBackup.INI
2016-09-18 18:49 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-09-18 18:43 - 2016-08-08 19:56 - 00000000 ____D C:\Program Files (x86)\Steam
2016-09-18 18:43 - 2016-07-29 17:11 - 00000000 __SHD C:\Users\Seraiel\IntelGraphicsProfiles
2016-09-18 18:43 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-09-18 18:42 - 2016-08-01 15:36 - 1610620928 _____ C:\Users\Seraiel\Documents\CANARY.img
2016-09-18 16:57 - 2016-08-16 19:16 - 00000000 ____D C:\Users\Seraiel\AppData\Local\CrashDumps
2016-09-18 00:08 - 2016-08-06 16:30 - 00000000 ____D C:\Users\Seraiel\AppData\Roaming\FileZilla
2016-09-17 23:39 - 2016-07-24 17:00 - 00000000 ____D C:\Users\Seraiel
2016-09-17 23:37 - 2016-08-06 16:30 - 00001858 _____ C:\Users\Public\Desktop\FileZilla Client.lnk
2016-09-17 23:37 - 2016-08-06 16:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2016-09-17 23:37 - 2016-08-06 16:30 - 00000000 ____D C:\Program Files\FileZilla FTP Client
2016-09-17 03:07 - 2016-07-25 14:46 - 00002187 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-09-16 13:52 - 2016-07-29 23:42 - 00000000 ____D C:\Users\Seraiel\AppData\Roaming\vlc
2016-09-14 13:10 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2016-09-14 10:42 - 2009-07-14 06:45 - 00374336 _____ C:\Windows\system32\FNTCACHE.DAT
2016-09-14 10:40 - 2016-07-29 10:02 - 00000000 ____D C:\Windows\system32\MRT
2016-09-14 10:36 - 2016-07-29 10:02 - 144199024 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-09-12 12:16 - 2016-07-25 16:30 - 00001047 _____ C:\Users\Public\Desktop\qBittorrent.lnk
2016-09-12 12:16 - 2016-07-25 16:30 - 00000000 ____D C:\Program Files (x86)\qBittorrent
2016-09-08 14:21 - 2016-07-29 17:17 - 00004230 _____ C:\Windows\System32\Tasks\AMD Updater
2016-09-07 19:33 - 2016-07-31 15:44 - 00000000 ___RD C:\System
2016-09-07 18:13 - 2016-07-24 17:12 - 00076176 _____ C:\Users\Seraiel\AppData\Local\GDIPFONTCACHEV1.DAT
2016-09-07 17:48 - 2016-07-19 00:21 - 00170072 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiuxp64.dll
2016-09-07 17:47 - 2016-07-19 00:21 - 10931560 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atidxx64.dll
2016-09-07 17:47 - 2016-07-19 00:21 - 01546712 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\aticfx64.dll
2016-08-25 14:03 - 2016-07-29 17:17 - 00002023 _____ C:\Users\Public\Desktop\Raptr.lnk
2016-08-25 14:03 - 2016-07-29 17:15 - 00000000 ____D C:\Users\Seraiel\AppData\Roaming\Raptr
2016-08-25 13:50 - 2016-07-29 17:11 - 00000451 _____ C:\Windows\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2016-08-25 13:47 - 2016-07-24 17:23 - 00000000 ____D C:\Program Files (x86)\Intel
2016-08-25 13:46 - 2016-07-24 17:23 - 00000000 ____D C:\Intel
2016-08-25 11:45 - 2016-07-29 12:43 - 00000000 ____D C:\Users\Public\Creative
2016-08-25 07:56 - 2016-08-16 13:23 - 00000000 ____D C:\Camelot Unchained
2016-08-24 15:14 - 2016-07-25 14:30 - 00000000 ____D C:\ProgramData\LogiShrd
 
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
 
2016-08-06 11:58 - 2016-08-06 11:58 - 0007605 _____ () C:\Users\Seraiel\AppData\Local\Resmon.ResmonCfg
 
==================== Bamital & volsnap =================
 
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
 
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert
 
 
LastRegBack: 2016-09-15 00:56
 
==================== Ende von FRST.txt ============================
 
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 18-09-2016
durchgeführt von Seraiel (19-09-2016 14:41:29)
Gestartet von C:\Users\Seraiel\Desktop\Sicherheit
Windows 7 Professional Service Pack 1 (X64) (2016-07-24 15:00:49)
Start-Modus: Normal
==========================================================
 
 
==================== Konten: =============================
 
Administrator (S-1-5-21-3157455879-1380111954-4074870653-500 - Administrator - Disabled)
Gast (S-1-5-21-3157455879-1380111954-4074870653-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3157455879-1380111954-4074870653-1002 - Limited - Enabled)
Seraiel (S-1-5-21-3157455879-1380111954-4074870653-1000 - Administrator - Enabled) => C:\Users\Seraiel
 
==================== Sicherheits-Center ========================
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
 
AV: ESET NOD32 Antivirus 9.0.402.1 (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET NOD32 Antivirus 9.0.402.1 (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installierte Programme ======================
 
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
 
7-Zip 16.00 (x64) (HKLM\...\7-Zip) (Version: 16.00 - Igor Pavlov)
Adobe Flash Player 22 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 22.0.0.207 - Adobe Systems Incorporated)
Alienware On-Screen Display (HKLM-x32\...\InstallShield_{0D69462F-99CC-4F8D-942E-666E21CE59F8}) (Version: 0.32.0.2C - )
Alienware On-Screen Display (x32 Version: 0.32.0.2C - ) Hidden
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.6 - Advanced Micro Devices, Inc.)
Camelot Unchained Version 2.0.0 (HKLM-x32\...\{AD022452-FCDE-4C3D-834E-93037A1A9CEA}_is1) (Version: 2.0.0 - )
Catalyst Control Center Next Localization BR (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.20 - Piriform)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.7.6229 - CDBurnerXP)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version:  - Valve)
dBpoweramp (HKLM-x32\...\dBpoweramp) (Version: Release 16.0 - Illustrate)
EMSC (x32 Version: 0.0.0.22C - Compal Electronics, Inc.) Hidden
ESET NOD32 Antivirus (HKLM\...\{6A816859-EC01-43F5-9EE2-B3B168CC52CB}) (Version: 9.0.386.1 - ESET, spol. s r.o.)
Exact Audio Copy 1.1 (HKLM-x32\...\Exact Audio Copy) (Version: 1.1 - Andre Wiethoff)
FileZilla Client 3.21.0 (HKLM-x32\...\FileZilla Client) (Version: 3.21.0 - Tim Kosse)
foobar2000 v1.3.10 (HKLM-x32\...\foobar2000) (Version: 1.3.10 - Peter Pawlowski)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 53.0.2785.116 - Google Inc.)
Google Chrome Canary (HKU\S-1-5-21-3157455879-1380111954-4074870653-1000\...\Google Chrome SxS) (Version: 55.0.2865.0 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4425 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.10.255 - Intel Corporation)
Intel® Wireless Bluetooth®(patch version 17.1.1504.516) (HKLM\...\{302600C1-6BDF-4FD1-1411-148929CC1385}) (Version: 17.1.1411.0506 - Intel Corporation)
Intel® Chipsatz-Gerätesoftware (x32 Version: 10.1.2.10 - Intel® Corporation) Hidden
Intel® PROSet/Wireless Software (HKLM-x32\...\{cc892976-0919-4ba9-ab52-ae15d2127a12}) (Version: 18.21.0 - Intel Corporation)
IrfanView 64 (remove only) (HKLM\...\IrfanView64) (Version: 4.42 - Irfan Skiljan)
Java 8 Update 101 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
LibreOffice 5.1.4.2 (HKLM\...\{3D0938AC-CEED-48CF-9649-D433CE8A4AF7}) (Version: 5.1.4.2 - The Document Foundation)
Link Shell Extension (HKLM\...\HardlinkShellExt) (Version: 3.8.6.3 - Hermann Schinagl)
Logitech Gaming Software 8.83 (HKLM\...\Logitech Gaming Software) (Version: 8.83.85 - Logitech Inc.)
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.2.0 - Mozilla)
Mozilla Thunderbird 45.2.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 45.2.0 (x86 de)) (Version: 45.2.0 - Mozilla)
Mp3tag v2.78 (HKLM-x32\...\Mp3tag) (Version: v2.78 - Florian Heidenreich)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
qBittorrent 3.3.7 (HKLM-x32\...\qBittorrent) (Version: 3.3.7 - The qBittorrent project)
Qualcomm Atheros Ethernet Controller (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.0.14.15 - Qualcomm Atheros Inc.)
Raptr (HKLM-x32\...\Raptr) (Version: 5.2.5-r115042-release - Raptr, Inc)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.370.125 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 3.1.6 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.6 - VS Revo Group, Ltd.)
Sdrive 2.5.8 (HKLM-x32\...\{74048A6E-4BAB-4F5F-8382-651C88F085B8}_is1) (Version: 2.5.8 - Seagate)
Seagate Dashboard (HKLM-x32\...\{EA266F00-A8E7-43A0-8DED-FBFE3F076934}) (Version: 4.4.19.0 - Seagate)
Sid Meier's Civilization 4 - Beyond the Sword (HKLM-x32\...\{32E4F0D2-C135-475E-A841-1D59A0D22989}) (Version: 3.19 - Firaxis Games)
Sid Meier's Civilization 4 Complete (HKLM-x32\...\{30D1F3D2-54CF-481D-A005-F94B0E98FEEC}) (Version: 1.74 - Firaxis Games)
SoftPerfect RAM Disk 3.4.7 (HKLM\...\{33A14ED9-0340-4193-BEDB-B95BC8196182}_is1) (Version:  - SoftPerfect)
Sound Blaster Recon3Di (HKLM-x32\...\{C8AAFCDC-CD3A-40AD-9FA9-07FB70F08224}) (Version: 1.00.08 - Creative Technology Limited)
Sound Blaster Recon3Di Extras (HKLM-x32\...\{C45E715E-442E-4D82-BD46-A08A0870957C}) (Version: 1.0 - Creative Technology Limited)
ST Microelectronics 3 Axis Digital Accelerometer Solution (HKLM-x32\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}) (Version: 4.12.0022 - ST Microelectronics)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SyncBackFree (HKLM-x32\...\SyncBackFree_is1) (Version: 7.6.28.0 - 2BrightSparks)
VisiPics V1.31 (HKLM-x32\...\VisiPics_is1) (Version:  - Ozone)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.17.0 (HKLM\...\VulkanRT1.0.17.0-2) (Version: 1.0.17.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.17.0 (Version: 1.0.17.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.21.0 (HKLM\...\VulkanRT1.0.21.0) (Version: 1.0.21.0 - LunarG, Inc.)
 
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
 
CustomCLSID: HKU\S-1-5-21-3157455879-1380111954-4074870653-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Seraiel\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3157455879-1380111954-4074870653-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-3157455879-1380111954-4074870653-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Seraiel\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)
 
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
 
Task: {14FD8AE9-DE98-4D40-9432-C1A5AFFB08C0} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3157455879-1380111954-4074870653-1000Core => C:\Users\Seraiel\AppData\Local\Google\Update\GoogleUpdate.exe [2016-07-25] (Google Inc.)
Task: {3EC51784-F139-4E52-99E5-1AFB4EF8D973} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-07-13] (Piriform Ltd)
Task: {4902F3B5-198F-4039-9F3D-5965496CFD09} - System32\Tasks\{F29B1EAA-2C6D-4B65-9AAC-ECC95305CC34} => pcalua.exe -a C:\System\Windows\HardLinkShellExt_X64.exe -d C:\System\Windows
Task: {7338E060-56FA-4819-A582-C75936A340D8} - System32\Tasks\Seagate_Install_Launch => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe [2016-06-28] (Seagate Technology LLC)
Task: {75B870F4-D373-418F-9222-57C14214CAE5} - System32\Tasks\2BrightSparks\SyncBackFree\AWM17XR4-Seraiel\SyncBackFree => C:\Program Files (x86)\2BrightSparks\SyncBackFree\SyncBackFree.exe [2016-08-04] (2BrightSparks Pte. Ltd.)
Task: {7B31FB82-32E3-4A21-AED5-C55AA4EE1084} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-07-25] (Google Inc.)
Task: {A8249FAF-01E2-4092-8496-D7C89745AB85} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2016-09-07] (Advanced Micro Devices, Inc.)
Task: {D3F6A2E2-6C44-4170-BA5D-013557F893DF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3157455879-1380111954-4074870653-1000UA => C:\Users\Seraiel\AppData\Local\Google\Update\GoogleUpdate.exe [2016-07-25] (Google Inc.)
Task: {D4AE6D69-E47E-44E0-A14B-83DCFF6D25F7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-07-25] (Google Inc.)
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
 
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3157455879-1380111954-4074870653-1000Core.job => C:\Users\Seraiel\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3157455879-1380111954-4074870653-1000UA.job => C:\Users\Seraiel\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Verknüpfungen =============================
 
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
 
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
 
2004-09-30 20:15 - 2004-09-30 20:15 - 00192000 _____ () C:\Program Files\LinkShellExtension\RockallDLL.dll
2016-08-23 15:05 - 2016-08-23 15:05 - 00052400 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2015-03-07 02:07 - 2015-03-07 02:07 - 00908568 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2016-04-29 00:49 - 2016-04-29 00:49 - 01095448 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2015-03-07 02:07 - 2015-03-07 02:07 - 00060184 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2016-04-29 00:49 - 2016-04-29 00:49 - 00240408 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2016-07-25 16:32 - 2016-03-13 09:52 - 00159160 _____ () C:\Program Files\SoftPerfect RAM Disk\vvlib.dll
2015-06-25 17:34 - 2015-06-25 17:34 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2015-06-25 17:37 - 2015-06-25 17:37 - 00739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-06-25 17:35 - 2015-06-25 17:35 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2015-06-25 17:38 - 2015-06-25 17:38 - 00071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-06-25 16:53 - 2015-06-25 16:53 - 00011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
2015-06-25 16:51 - 2015-06-25 16:51 - 02013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2011-12-01 20:00 - 2011-12-01 20:00 - 01636208 _____ () C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
2016-09-17 03:07 - 2016-09-14 04:52 - 02280264 _____ () C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\libglesv2.dll
2016-09-17 03:07 - 2016-09-14 04:52 - 00107848 _____ () C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\libegl.dll
2016-09-18 13:09 - 2016-09-18 10:56 - 02386248 _____ () T:\Chrome SxS\Application\55.0.2864.0\libglesv2.dll
2016-09-18 13:09 - 2016-09-18 10:56 - 00105800 _____ () T:\Chrome SxS\Application\55.0.2864.0\libegl.dll
2016-06-15 11:14 - 2016-06-15 11:14 - 01348200 _____ () C:\Program Files\LibreOffice 5\program\libxml2.dll
2016-06-15 11:14 - 2016-06-15 11:14 - 00440424 _____ () C:\Program Files\LibreOffice 5\program\glew32.dll
2016-06-15 11:14 - 2016-06-15 11:14 - 00229480 _____ () C:\Program Files\LibreOffice 5\program\libxslt.dll
2016-06-15 11:15 - 2016-06-15 11:15 - 00128104 _____ () C:\Program Files\LibreOffice 5\program\python3.dll
2016-06-15 10:32 - 2016-06-15 10:32 - 00051200 _____ () C:\Program Files\LibreOffice 5\program\python-core-3.3.0\lib\_socket.pyd
2016-09-11 21:49 - 2016-09-11 21:49 - 15859712 _____ () C:\Program Files (x86)\qBittorrent\qbittorrent.exe
2016-09-07 16:07 - 2016-09-07 16:07 - 00223744 _____ () C:\Windows\SysWOW64\GameManager32.dll
2016-08-08 19:57 - 2016-08-09 01:27 - 00785920 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2016-08-08 19:57 - 2015-07-02 00:06 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2016-08-08 19:57 - 2015-07-02 00:06 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2016-08-08 19:57 - 2015-07-02 00:06 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2016-08-08 19:57 - 2016-08-23 21:33 - 02321184 _____ () C:\Program Files (x86)\Steam\video.dll
2016-08-08 19:57 - 2016-01-27 09:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2016-08-08 19:57 - 2016-01-27 09:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2016-08-08 19:57 - 2016-01-27 09:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2016-08-08 19:57 - 2016-01-27 09:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2016-08-08 19:57 - 2016-01-27 09:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2016-08-08 19:57 - 2016-08-23 21:33 - 00835360 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-08-08 19:57 - 2016-07-05 00:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2009-12-18 11:07 - 2009-12-18 11:07 - 00577536 _____ () C:\Program Files (x86)\Alienware On-Screen Display\EMSC.dll
2011-12-22 18:31 - 2011-12-22 18:31 - 00593920 _____ () C:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\de-DE\SBRcni.resources.dll
2016-08-08 19:57 - 2016-08-04 22:56 - 49825056 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2016-03-17 14:58 - 2016-03-17 14:58 - 00095696 _____ () C:\Program Files (x86)\foobar2000\zlib1.dll
2016-03-25 13:04 - 2016-03-25 13:04 - 00160704 _____ () C:\Program Files (x86)\foobar2000\shared.dll
2016-03-25 12:58 - 2016-03-25 12:58 - 00263168 _____ () C:\Program Files (x86)\foobar2000\components\foo_unpack.dll
2016-07-25 14:39 - 2016-07-25 14:39 - 00290816 _____ () C:\Users\Seraiel\AppData\Roaming\foobar2000\user-components\foo_abx\foo_abx.dll
2016-03-09 14:44 - 2016-03-09 14:44 - 00536064 _____ () C:\Program Files (x86)\foobar2000\components\foo_converter.dll
2016-03-09 14:44 - 2016-03-09 14:44 - 00250368 _____ () C:\Program Files (x86)\foobar2000\components\foo_dsp_std.dll
2016-03-25 13:04 - 2016-03-25 13:04 - 01409496 _____ () C:\Program Files (x86)\foobar2000\components\foo_input_std.dll
2016-03-09 14:42 - 2016-03-09 14:42 - 00307200 _____ () C:\Program Files (x86)\foobar2000\components\foo_freedb2.dll
2016-03-09 14:42 - 2016-03-09 14:42 - 00294912 _____ () C:\Program Files (x86)\foobar2000\components\foo_fileops.dll
2016-03-25 12:58 - 2016-03-25 12:58 - 00309760 _____ () C:\Program Files (x86)\foobar2000\components\foo_cdda.dll
2016-03-09 14:44 - 2016-03-09 14:44 - 00205312 _____ () C:\Program Files (x86)\foobar2000\components\foo_dsp_eq.dll
2016-03-09 14:44 - 2016-03-09 14:44 - 00356352 _____ () C:\Program Files (x86)\foobar2000\components\foo_albumlist.dll
2016-07-25 14:40 - 2016-07-25 14:40 - 00271872 _____ () C:\Users\Seraiel\AppData\Roaming\foobar2000\user-components\foo_input_monkey\foo_input_monkey.dll
2016-03-25 13:04 - 2016-03-25 13:04 - 01087960 _____ () C:\Program Files (x86)\foobar2000\components\foo_ui_std.dll
2016-07-25 14:40 - 2016-07-25 14:40 - 00730112 _____ () C:\Users\Seraiel\AppData\Roaming\foobar2000\user-components\foo_uie_lyrics3\foo_uie_lyrics3.dll
2016-07-28 23:07 - 2010-09-01 10:15 - 00190464 _____ () C:\Program Files (x86)\foobar2000\components\foo_quicktag.dll
2016-07-25 14:40 - 2016-07-25 14:40 - 00147456 _____ () C:\Users\Seraiel\AppData\Roaming\foobar2000\user-components\foo_out_wasapi\foo_out_wasapi.dll
2016-03-09 14:44 - 2016-03-09 14:44 - 00375296 _____ () C:\Program Files (x86)\foobar2000\components\foo_rgscan.dll
2016-07-25 14:40 - 2016-07-25 14:40 - 00248320 _____ () \\?\C:\Users\Seraiel\AppData\Roaming\foobar2000\user-components\foo_wave_seekbar\frontend_direct2d.dll
2016-07-25 14:40 - 2016-07-25 14:40 - 00310784 _____ () \\?\C:\Users\Seraiel\AppData\Roaming\foobar2000\user-components\foo_wave_seekbar\frontend_direct3d9.dll
2016-07-31 01:52 - 2016-07-31 01:52 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\5a8eeeddc97028a9f94d0518c22f4c2c\IsdiInterop.ni.dll
2016-07-31 01:52 - 2011-11-29 20:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2004-09-30 19:09 - 2004-09-30 19:09 - 00155648 _____ () C:\Program Files\LinkShellExtension\32\RockallDLL.dll
 
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
 
 
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
 
 
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
 
 
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
 
 
==================== Hosts Inhalt: ===============================
 
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
 
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Andere Bereiche ============================
 
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
 
HKU\S-1-5-21-3157455879-1380111954-4074870653-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Seraiel\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 31.7.56.129 - 31.7.56.131
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
 
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
 
 
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{26BB6915-2319-46A9-B979-A47E4E1AD051}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [TCP Query User{48DF330D-28BB-4E95-A148-883F6449D83A}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{DE1C05DD-2619-46F8-85B3-2F048432F363}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [{941A0D92-DF77-43B9-9F56-A46549E4862C}] => (Allow) LPort=8888
FirewallRules: [{7B070939-8AA3-4526-9E0C-2408161CF58A}] => (Allow) LPort=8888
FirewallRules: [{B5F7092F-8D70-4CC2-989D-3D985795E4B1}] => (Allow) %ProgramFiles% (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{8E7427EA-B24B-4D34-B7D1-73A3FFBF7807}] => (Allow) %ProgramFiles% (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{FFF9915F-7195-4229-9BDF-FB7915D0AB1B}] => (Block) %ProgramFiles% (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{3C067893-8AE0-4A30-A056-6EC69E70B1F7}] => (Block) %ProgramFiles% (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [TCP Query User{12EC042B-3BB3-4024-8258-AA3C5AF94A14}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [UDP Query User{D1CCA258-A27E-4A5A-8883-034CABC0DDA2}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [TCP Query User{28D5435C-5FAD-4B08-92E0-E7459311B915}C:\program files (x86)\seagate\sdrive\sdrive.exe] => (Allow) C:\program files (x86)\seagate\sdrive\sdrive.exe
FirewallRules: [UDP Query User{5BD6D323-AF01-44CD-B366-82F8B0C635C8}C:\program files (x86)\seagate\sdrive\sdrive.exe] => (Allow) C:\program files (x86)\seagate\sdrive\sdrive.exe
FirewallRules: [{38BF35B4-A20D-421F-BC5E-03DD34622FA7}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{5DAF25EC-B249-407E-A4B0-D7E39C3DF5D4}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{ACC93B03-C605-45F0-9E37-534E90B5463D}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{EC8A1CFE-A152-49C6-BD24-A346C83B3C69}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{03DBEF50-01C3-49E6-B960-5DFB83EB9A4F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{982492D3-71AC-4444-AA11-CC06BCAF9E9C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [TCP Query User{06D79165-F00F-430C-B4BE-8BA26F353C75}C:\camelot unchained\bin\4\client\client.exe] => (Allow) C:\camelot unchained\bin\4\client\client.exe
FirewallRules: [UDP Query User{22DD3152-2728-4811-B0E0-313AF14D851B}C:\camelot unchained\bin\4\client\client.exe] => (Allow) C:\camelot unchained\bin\4\client\client.exe
FirewallRules: [TCP Query User{6CB08761-7CF0-4293-AB44-BF029ECCC79D}C:\camelot unchained\bin\10\client\client.exe] => (Allow) C:\camelot unchained\bin\10\client\client.exe
FirewallRules: [UDP Query User{CC6D6AF0-CA9F-4F7D-B6A3-817F1A08A2DD}C:\camelot unchained\bin\10\client\client.exe] => (Allow) C:\camelot unchained\bin\10\client\client.exe
FirewallRules: [{EAF435FD-90DF-4AED-AE7B-B6963CBDBA22}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{ED433F99-2789-436B-A1DB-6516FFE3FFC2}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{32F0455B-8BF8-42C0-BE12-374C09671442}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{6F60D96B-BC6A-457F-9615-C7905650A4F3}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{EA8B7402-992C-418C-88F5-B3AEEE5B41ED}] => (Allow) %ProgramFiles% (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{FF60F49C-B1BA-4A7B-A68E-F79EEF82B0FF}] => (Allow) %ProgramFiles% (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{5A8C6457-2420-4AE3-8C33-40D88F4C277C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Wiederherstellungspunkte =========================
 
25-08-2016 11:36:28 DDU System Restored Point
25-08-2016 11:42:16 DDU Restore Point
25-08-2016 11:49:29 Revo Uninstaller Pro's restore point - Raptr
25-08-2016 13:40:19 DDU Restore Point
25-08-2016 13:51:46 Vor ATI Radeon Treiber Installation
25-08-2016 14:01:22 Gerätetreiber-Paketinstallation: Advanced Micro Devices, Inc. Grafikkarte
29-08-2016 04:00:06 Windows-Sicherung
05-09-2016 04:00:07 Windows-Sicherung
08-09-2016 12:10:52 Windows-Sicherung
08-09-2016 14:18:54 Gerätetreiber-Paketinstallation: Advanced Micro Devices, Inc. Grafikkarte
08-09-2016 14:38:21 Windows-Sicherung
12-09-2016 04:00:07 Windows-Sicherung
14-09-2016 10:36:00 Windows Update
18-09-2016 16:23:20 JRT Pre-Junkware Removal
19-09-2016 04:00:10 Windows-Sicherung
 
==================== Fehlerhafte Geräte im Gerätemanager =============
 
Name: Personal Cloud
Description: Personal Cloud
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: SM-Bus-Controller
Description: SM-Bus-Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Fehlereinträge in der Ereignisanzeige: =========================
 
Applikationsfehler:
==================
Error: (09/18/2016 06:43:55 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: Der Index kann nicht initialisiert werden.
 
Details:
Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (09/18/2016 06:43:55 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Die Anwendung kann nicht initialisiert werden.
 
Kontext: Windows Anwendung
 
Details:
Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (09/18/2016 06:43:55 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Das Gatherer-Objekt kann nicht initialisiert werden.
 
Kontext: Windows Anwendung, SystemIndex Katalog
 
Details:
Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (09/18/2016 06:43:55 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden.
 
Kontext: Windows Anwendung, SystemIndex Katalog
 
Details:
Element nicht gefunden.  (HRESULT : 0x80070490) (0x80070490)
 
Error: (09/18/2016 06:43:55 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Plug-In in <Search.JetPropStore> kann nicht initialisiert werden.
 
Kontext: Windows Anwendung, SystemIndex Katalog
 
Details:
Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (09/18/2016 06:43:55 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Die Eigenschaftenspeicherdaten können von Windows Search nicht geladen werden.
 
Kontext: Windows Anwendung, SystemIndex Katalog
 
Details:
Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800) (0xc0041800)
 
Error: (09/18/2016 06:43:55 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: Windows Search wird aufgrund eines Problems bei der Indizierung The catalog is corrupt beendet.
 
Details:
Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (09/18/2016 06:43:55 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: Vom Suchdienst wurden beschädigte Datendateien im Index {id=4700} erkannt. Vom Dienst wird versucht, dieses Problem durch Neuerstellung des Indexes automatisch zu beheben.
 
Details:
Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (09/18/2016 06:43:55 PM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description: Der Jet-Eigenschaftenspeicher kann von Windows Search nicht geöffnet werden.
 
Details:
0x%08x (0xc0041800 - Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800))
 
Error: (09/18/2016 06:43:55 PM) (Source: ESENT) (EventID: 455) (User: )
Description: Windows (4900) Windows: Fehler -1811 beim Öffnen von Protokolldatei C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS001EC.log.
 
 
Systemfehler:
=============
Error: (09/18/2016 06:48:50 PM) (Source: ACPI) (EventID: 6) (User: )
Description: IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz 0, Funktion "1". Wenden Sie sich an den Systemhersteller, um technische Unterstützung zu erhalten.
 
Error: (09/18/2016 06:48:50 PM) (Source: ACPI) (EventID: 6) (User: )
Description: IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz 0, Funktion "1". Wenden Sie sich an den Systemhersteller, um technische Unterstützung zu erhalten.
 
Error: (09/18/2016 06:48:50 PM) (Source: ACPI) (EventID: 6) (User: )
Description: IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz 0, Funktion "1". Wenden Sie sich an den Systemhersteller, um technische Unterstützung zu erhalten.
 
Error: (09/18/2016 06:48:50 PM) (Source: ACPI) (EventID: 6) (User: )
Description: IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz 0, Funktion "1". Wenden Sie sich an den Systemhersteller, um technische Unterstützung zu erhalten.
 
Error: (09/18/2016 06:48:50 PM) (Source: ACPI) (EventID: 6) (User: )
Description: IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz 0, Funktion "1". Wenden Sie sich an den Systemhersteller, um technische Unterstützung zu erhalten.
 
Error: (09/18/2016 06:48:50 PM) (Source: ACPI) (EventID: 6) (User: )
Description: IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz 0, Funktion "1". Wenden Sie sich an den Systemhersteller, um technische Unterstützung zu erhalten.
 
Error: (09/18/2016 06:44:25 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: 
Es wird bereits eine Instanz des Dienstes ausgeführt.
 
Error: (09/18/2016 06:43:55 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
 
Error: (09/18/2016 06:43:55 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1073473535.
 
Error: (09/18/2016 06:43:17 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
 
 
CodeIntegrity:
===================================
  Date: 2016-07-29 09:51:13.011
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\LgCoreTemp.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 
  Date: 2016-07-29 09:51:12.980
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\LgCoreTemp.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 
  Date: 2016-07-29 09:46:03.132
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\LgCoreTemp.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 
  Date: 2016-07-29 09:46:03.101
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\LgCoreTemp.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 
  Date: 2016-07-28 23:51:33.884
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\LgCoreTemp.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 
  Date: 2016-07-28 23:51:33.852
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\LgCoreTemp.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 
  Date: 2016-07-28 15:06:09.009
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\LgCoreTemp.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 
  Date: 2016-07-28 15:06:08.978
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\LgCoreTemp.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 
  Date: 2016-07-28 15:01:48.405
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\LgCoreTemp.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 
  Date: 2016-07-28 15:01:48.374
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\LgCoreTemp.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 
 
==================== Speicherinformationen =========================== 
 
Prozessor: Intel® Core™ i7-3630QM CPU @ 2.40GHz
Prozentuale Nutzung des RAM: 44%
Installierter physikalischer RAM: 16263.27 MB
Verfügbarer physikalischer RAM: 9017.71 MB
Summe virtueller Speicher: 16261.46 MB
Verfügbarer virtueller Speicher: 8752.39 MB
 
==================== Laufwerke ================================
 
Drive c: () (Fixed) (Total:238.25 GB) (Free:135.05 GB) NTFS
Drive d: (HDD) (Fixed) (Total:1630.01 GB) (Free:102.12 GB) NTFS
Drive t: (Canary) (Fixed) (Total:1.5 GB) (Free:0.77 GB) NTFS
Drive y: (Public) (Network) (Total:4616.02 GB) (Free:4419.36 GB) NTFS
Drive z: (Seraiel) (Network) (Total:4616.02 GB) (Free:4419.36 GB) NTFS
 
==================== MBR & Partitionstabelle ==================
 
========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 715044EA)
 
Partition: GPT.
 
========================================================
Disk: 1 (Size: 1630.1 GB) (Disk ID: AF0B1DFB)
 
Partition: GPT.
 
==================== Ende von Addition.txt ============================

Edited by hamluis, 19 September 2016 - 10:25 AM.
Deleted dupes, moved from AII to MRL - Hamluis.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,179 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:16 PM

Posted 20 September 2016 - 09:05 AM

Greetings Seraiel and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

I would like to get the FRST reports in English so that it is easier for me to review. Please right click on the FRST icon, select Rename, and rename it to FRSTenglish or FRST64english depending on which version you are using. Be sure Addition.txt is checked before you click scan and then copy and paste both documents in your reply.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Seraiel

Seraiel
  • Topic Starter

  • Validating
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:16 AM

Posted 21 September 2016 - 04:38 AM

Hi Gary :) .

 

TY for your support :bowdown:   :warrior: .

 

Here are the logs of FRST64english:

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-09-2016
Ran by Seraiel (administrator) on AWM17XR4 (21-09-2016 11:31:25)
Running from C:\Users\Seraiel\Desktop\Sicherheit
Loaded Profiles: Seraiel (Available Profiles: Seraiel)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CtHdaSvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(SoftPerfect) C:\Program Files\SoftPerfect RAM Disk\ramdiskws.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
(Google Inc.) C:\Users\Seraiel\AppData\Local\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(Google Inc.) C:\Users\Seraiel\AppData\Local\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
() C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\SBRcni.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\CTJckCfg.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DeviceAgent.exe
(2BrightSparks Pte. Ltd.) C:\Program Files (x86)\2BrightSparks\SyncBackFree\SyncBackFree.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Piotr Pawlowski) C:\Program Files (x86)\foobar2000\foobar2000.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(The Document Foundation) C:\Program Files\LibreOffice 5\program\scalc.exe
(The Document Foundation) C:\Program Files\LibreOffice 5\program\soffice.exe
(The Document Foundation) C:\Program Files\LibreOffice 5\program\soffice.bin
() C:\Program Files (x86)\qBittorrent\qbittorrent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\calc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) T:\Chrome SxS\Application\chrome.exe
(Google Inc.) T:\Chrome SxS\Application\chrome.exe
(Google Inc.) T:\Chrome SxS\Application\chrome.exe
(Google Inc.) T:\Chrome SxS\Application\chrome.exe
(Google Inc.) T:\Chrome SxS\Application\chrome.exe
(Google Inc.) T:\Chrome SxS\Application\chrome.exe
(Google Inc.) T:\Chrome SxS\Application\chrome.exe
(Google Inc.) T:\Chrome SxS\Application\chrome.exe
(Google Inc.) T:\Chrome SxS\Application\chrome.exe
(Google Inc.) T:\Chrome SxS\Application\chrome.exe
(Google Inc.) T:\Chrome SxS\Application\chrome.exe
(Google Inc.) T:\Chrome SxS\Application\chrome.exe
(Google Inc.) T:\Chrome SxS\Application\chrome.exe
(Google Inc.) T:\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Seraiel\Desktop\Sicherheit\FRST64english.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll [7822648 2014-10-28] (Motorola Solutions, Inc.)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [15818872 2016-04-29] (Logitech Inc.)
HKLM\...\Run: [RAMDiskForWorkstations] => C:\Program Files\SoftPerfect RAM Disk\RAMDiskWS.exe [4920136 2016-04-25] (SoftPerfect)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [7536520 2016-09-07] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-09-17] (Intel Corporation)
HKLM-x32\...\Run: [AlienwareOn-ScreenDisplay] => C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe [1636208 2011-12-01] ()
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Sound Blaster Recon3Di Control Panel] => C:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\SBRcni.exe [880640 2011-12-21] (Creative Technology Ltd)
HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe [58640 2016-08-05] (Raptr, Inc)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [DBAgent] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1563424 2016-06-28] (Seagate Technology LLC)
HKU\S-1-5-21-3157455879-1380111954-4074870653-1000\...\Run: [Google Update] => C:\Users\Seraiel\AppData\Local\Google\Update\GoogleUpdate.exe [154440 2016-07-25] (Google Inc.)
HKU\S-1-5-21-3157455879-1380111954-4074870653-1000\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [127816 2016-06-28] (Seagate Technology LLC)
HKU\S-1-5-21-3157455879-1380111954-4074870653-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2857248 2016-08-23] (Valve Corporation)
HKU\S-1-5-21-3157455879-1380111954-4074870653-1000\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x00000000
ShellIconOverlayIdentifiers: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2015-10-04] (Hermann Schinagl)
ShellIconOverlayIdentifiers: [IconOverlayHardLink] -> {0A479751-02BC-11d3-A855-0004AC2568DD} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2015-10-04] (Hermann Schinagl)
ShellIconOverlayIdentifiers: [IconOverlaySymbolicLink] -> {0A479751-02BC-11d3-A855-0004AC2568EE} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2015-10-04] (Hermann Schinagl)
ShellIconOverlayIdentifiers-x32: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\32\HardlinkShellExt.dll [2015-10-04] (Hermann Schinagl)
ShellIconOverlayIdentifiers-x32: [IconOverlayHardLink] -> {0A479751-02BC-11d3-A855-0004AC2568DD} => C:\Program Files\LinkShellExtension\32\HardlinkShellExt.dll [2015-10-04] (Hermann Schinagl)
ShellIconOverlayIdentifiers-x32: [IconOverlaySymbolicLink] -> {0A479751-02BC-11d3-A855-0004AC2568EE} => C:\Program Files\LinkShellExtension\32\HardlinkShellExt.dll [2015-10-04] (Hermann Schinagl)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{7954837D-298B-4267-83A8-21AB4275D1A0}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{9E4739BD-69D6-4436-B67D-32CFC49F7B97}: [NameServer] 176.10.106.18 176.10.106.20
Tcpip\..\Interfaces\{A129E1FD-B3AC-4A92-AF6E-D4A88BB78236}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{AFA583E5-3479-452E-B78A-DA339B90B12F}: [DhcpNameServer] 192.168.178.1
 
Internet Explorer:
==================
HKU\S-1-5-21-3157455879-1380111954-4074870653-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://duckduckgo.com/
SearchScopes: HKU\S-1-5-21-3157455879-1380111954-4074870653-1000 -> DefaultScope {0190C044-7A8F-4B0E-AF38-5A927A0A03D3} URL = hxxps://duckduckgo.com/?q={searchTerms}&atb=v23_c
SearchScopes: HKU\S-1-5-21-3157455879-1380111954-4074870653-1000 -> {0190C044-7A8F-4B0E-AF38-5A927A0A03D3} URL = hxxps://duckduckgo.com/?q={searchTerms}&atb=v23_c
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll [2016-07-25] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-07-25] (Oracle Corporation)
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-07-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-07-25] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin HKU\S-1-5-21-3157455879-1380111954-4074870653-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Seraiel\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin HKU\S-1-5-21-3157455879-1380111954-4074870653-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Seraiel\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://duckduckgo.com/"
CHR DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> duckduckgo.com
CHR DefaultSuggestURL: Default -> hxxps://ac.duckduckgo.com/ac/?q={searchTerms}&type=list
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Seraiel\AppData\Local\Google\Chrome\User Data\Default [2016-09-21]
CHR Extension: (Google Präsentationen) - C:\Users\Seraiel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-07-25]
CHR Extension: (Google Docs) - C:\Users\Seraiel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-07-25]
CHR Extension: (Google Drive) - C:\Users\Seraiel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-07-25]
CHR Extension: (YouTube) - C:\Users\Seraiel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-07-25]
CHR Extension: (Google Tabellen) - C:\Users\Seraiel\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-07-25]
CHR Extension: (HTTPS Everywhere) - C:\Users\Seraiel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2016-09-02]
CHR Extension: (Google Docs Offline) - C:\Users\Seraiel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-07-25]
CHR Extension: (AdBlock) - C:\Users\Seraiel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-09-20]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Seraiel\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2016-08-31]
CHR Extension: (Referer Control) - C:\Users\Seraiel\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnkcfpcejkafcihlgbojoidoihckciin [2016-07-25]
CHR Extension: (Ghostery) - C:\Users\Seraiel\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2016-09-20]
CHR Extension: (DInstagram) - C:\Users\Seraiel\AppData\Local\Google\Chrome\User Data\Default\Extensions\neppgmfjfhgdcbophaohghbgmfbinanl [2016-07-25]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Seraiel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-07-25]
CHR Extension: (Google Mail) - C:\Users\Seraiel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-07-25]
CHR Extension: (Chrome Media Router) - C:\Users\Seraiel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-18]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2016-07-24] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2016-07-24] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [423424 2011-10-19] (Creative Technology Ltd) [File not signed]
R2 CtHdaSvc; C:\Windows\sysWow64\CtHdaSvc.exe [133640 2015-06-12] (Creative Technology Ltd)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2779136 2016-08-26] (ESET)
S2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [127216 2015-01-21] (Intel Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319096 2016-05-12] (Intel Corporation)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193656 2016-04-29] (Logitech Inc.)
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2015-08-13] ()
R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16216 2016-06-28] (Seagate Technology LLC)
R2 Seagate MobileBackup Service; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [143656 2016-06-28] (Seagate Technology LLC)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3831712 2015-08-13] (Intel® Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [79120 2016-03-03] (Advanced Micro Devices, Inc.)
R3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [141624 2014-10-28] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1448248 2014-11-26] (Motorola Solutions, Inc.)
R3 cthda; C:\Windows\System32\drivers\cthda.sys [1075496 2015-06-12] (Creative Technology Ltd)
R3 dcdbas; C:\Windows\System32\DRIVERS\dcdbas64.sys [38472 2011-02-02] (Dell Inc.)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [263296 2016-08-03] (ESET)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [197288 2016-06-23] (ESET)
R2 epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [181416 2016-06-23] (ESET)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [104048 2012-03-02] (Qualcomm Atheros Co., Ltd.)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\Windows\System32\drivers\LGJoyXlCore.sys [85160 2016-04-19] (Logitech Inc.)
S3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
S3 LGSUsbFilt; C:\Windows\System32\DRIVERS\LGSUsbFilt.Sys [41752 2013-05-30] (Logitech Inc.)
R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [140672 2016-03-10] (Malwarebytes)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
R3 NETwNs64; C:\Windows\System32\DRIVERS\NETwsw01.sys [11534096 2015-05-04] (Intel Corporation)
U5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [777944 2016-06-07] (Realsil Semiconductor Corporation)
U5 RTSUER; C:\Windows\System32\Drivers\RTSUER.sys [413912 2016-06-07] (Realsil Semiconductor Corporation)
R1 scbfs5; C:\Windows\system32\drivers\scbfs5.sys [416440 2015-02-12] (Seagate Corporation)
R1 SPVDPort; C:\Windows\System32\DRIVERS\spvdbus.sys [99768 2016-03-13] ()
R1 SPVVEngine; C:\Windows\system32\Drivers\spvve.sys [248248 2016-03-13] ()
R3 ST_ACCEL; C:\Windows\System32\DRIVERS\ST_ACCEL.sys [67184 2012-03-14] (STMicroelectronics)
R3 svpnpbus; C:\Windows\System32\DRIVERS\svpnpbus.sys [18616 2015-02-12] (Seagate Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-09-19 14:40 - 2016-09-21 11:31 - 00000000 ____D C:\FRST
2016-09-18 16:27 - 2016-09-18 16:30 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-09-18 16:27 - 2016-09-18 16:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-09-18 16:27 - 2016-09-18 16:27 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-09-18 16:27 - 2016-09-18 16:27 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-09-18 16:27 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-09-18 16:27 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-09-18 16:27 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-09-18 16:21 - 2016-09-18 16:23 - 00000000 ____D C:\AdwCleaner
2016-09-14 10:35 - 2016-09-02 17:40 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-09-14 10:35 - 2016-09-02 17:35 - 05548264 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-09-14 10:35 - 2016-09-02 17:35 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-09-14 10:35 - 2016-09-02 17:35 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-09-14 10:35 - 2016-09-02 17:35 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-09-14 10:35 - 2016-09-02 17:34 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-09-14 10:35 - 2016-09-02 17:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-09-14 10:35 - 2016-09-02 17:31 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-09-14 10:35 - 2016-09-02 17:31 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-09-14 10:35 - 2016-09-02 17:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-09-14 10:35 - 2016-09-02 17:31 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-09-14 10:35 - 2016-09-02 17:31 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-09-14 10:35 - 2016-09-02 17:31 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-09-14 10:35 - 2016-09-02 17:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-09-14 10:35 - 2016-09-02 17:31 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-09-14 10:35 - 2016-09-02 17:31 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-09-14 10:35 - 2016-09-02 17:30 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-09-14 10:35 - 2016-09-02 17:30 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-09-14 10:35 - 2016-09-02 17:30 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-09-14 10:35 - 2016-09-02 17:30 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-09-14 10:35 - 2016-09-02 17:30 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-09-14 10:35 - 2016-09-02 17:30 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-09-14 10:35 - 2016-09-02 17:30 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-09-14 10:35 - 2016-09-02 17:30 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-09-14 10:35 - 2016-09-02 17:30 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-09-14 10:35 - 2016-09-02 17:30 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-09-14 10:35 - 2016-09-02 17:30 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-09-14 10:35 - 2016-09-02 17:30 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-09-14 10:35 - 2016-09-02 17:30 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-09-14 10:35 - 2016-09-02 17:30 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-09-14 10:35 - 2016-09-02 17:30 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-09-14 10:35 - 2016-09-02 17:30 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-09-14 10:35 - 2016-09-02 17:30 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-09-14 10:35 - 2016-09-02 17:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-09-14 10:35 - 2016-09-02 17:30 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-09-14 10:35 - 2016-09-02 17:30 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-09-14 10:35 - 2016-09-02 17:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-09-14 10:35 - 2016-09-02 17:30 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-09-14 10:35 - 2016-09-02 17:30 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-09-14 10:35 - 2016-09-02 17:30 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-09-14 10:35 - 2016-09-02 17:30 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-09-14 10:35 - 2016-09-02 17:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-09-14 10:35 - 2016-09-02 17:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-09-14 10:35 - 2016-09-02 17:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-09-14 10:35 - 2016-09-02 17:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-09-14 10:35 - 2016-09-02 17:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-09-14 10:35 - 2016-09-02 17:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-09-14 10:35 - 2016-09-02 17:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-09-14 10:35 - 2016-09-02 17:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-09-14 10:35 - 2016-09-02 17:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-09-14 10:35 - 2016-09-02 17:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-09-14 10:35 - 2016-09-02 17:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-09-14 10:35 - 2016-09-02 17:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-09-14 10:35 - 2016-09-02 17:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-09-14 10:35 - 2016-09-02 17:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-09-14 10:35 - 2016-09-02 17:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-09-14 10:35 - 2016-09-02 17:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-09-14 10:35 - 2016-09-02 17:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-09-14 10:35 - 2016-09-02 17:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-09-14 10:35 - 2016-09-02 17:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-09-14 10:35 - 2016-09-02 17:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-09-14 10:35 - 2016-09-02 17:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-09-14 10:35 - 2016-09-02 17:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-09-14 10:35 - 2016-09-02 17:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-09-14 10:35 - 2016-09-02 17:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-09-14 10:35 - 2016-09-02 17:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-09-14 10:35 - 2016-09-02 17:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-09-14 10:35 - 2016-09-02 17:21 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-09-14 10:35 - 2016-09-02 17:21 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-09-14 10:35 - 2016-09-02 17:18 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-09-14 10:35 - 2016-09-02 17:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-09-14 10:35 - 2016-09-02 17:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-09-14 10:35 - 2016-09-02 17:16 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-09-14 10:35 - 2016-09-02 17:16 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-09-14 10:35 - 2016-09-02 17:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-09-14 10:35 - 2016-09-02 17:16 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-09-14 10:35 - 2016-09-02 17:16 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-09-14 10:35 - 2016-09-02 17:16 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-09-14 10:35 - 2016-09-02 17:16 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-09-14 10:35 - 2016-09-02 17:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-09-14 10:35 - 2016-09-02 17:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-09-14 10:35 - 2016-09-02 17:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-09-14 10:35 - 2016-09-02 17:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-09-14 10:35 - 2016-09-02 17:16 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-09-14 10:35 - 2016-09-02 17:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-09-14 10:35 - 2016-09-02 17:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-09-14 10:35 - 2016-09-02 17:16 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-09-14 10:35 - 2016-09-02 17:16 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-09-14 10:35 - 2016-09-02 17:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-09-14 10:35 - 2016-09-02 17:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-09-14 10:35 - 2016-09-02 17:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-09-14 10:35 - 2016-09-02 17:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-09-14 10:35 - 2016-09-02 17:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-09-14 10:35 - 2016-09-02 17:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-09-14 10:35 - 2016-09-02 17:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-09-14 10:35 - 2016-09-02 17:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-09-14 10:35 - 2016-09-02 17:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-09-14 10:35 - 2016-09-02 17:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-09-14 10:35 - 2016-09-02 17:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-09-14 10:35 - 2016-09-02 17:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-09-14 10:35 - 2016-09-02 17:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-09-14 10:35 - 2016-09-02 17:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-09-14 10:35 - 2016-09-02 17:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-09-14 10:35 - 2016-09-02 17:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-09-14 10:35 - 2016-09-02 17:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-09-14 10:35 - 2016-09-02 17:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-09-14 10:35 - 2016-09-02 17:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-09-14 10:35 - 2016-09-02 17:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-09-14 10:35 - 2016-09-02 17:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-09-14 10:35 - 2016-09-02 17:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-09-14 10:35 - 2016-09-02 17:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-09-14 10:35 - 2016-09-02 17:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-09-14 10:35 - 2016-09-02 17:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-09-14 10:35 - 2016-09-02 17:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-09-14 10:35 - 2016-09-02 17:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-09-14 10:35 - 2016-09-02 17:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-09-14 10:35 - 2016-09-02 17:02 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-09-14 10:35 - 2016-09-02 17:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-09-14 10:35 - 2016-09-02 17:02 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-09-14 10:35 - 2016-09-02 17:01 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-09-14 10:35 - 2016-09-02 16:58 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-09-14 10:35 - 2016-09-02 16:57 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-09-14 10:35 - 2016-09-02 16:55 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-09-14 10:35 - 2016-09-02 16:54 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-09-14 10:35 - 2016-09-02 16:54 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-09-14 10:35 - 2016-09-02 16:53 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-09-14 10:35 - 2016-09-02 16:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-09-14 10:35 - 2016-09-02 16:53 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-09-14 10:35 - 2016-09-02 16:49 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-09-14 10:35 - 2016-09-02 16:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-09-14 10:35 - 2016-09-02 16:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-09-14 10:35 - 2016-09-02 16:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-09-14 10:35 - 2016-09-02 16:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-09-14 10:35 - 2016-09-02 16:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-09-14 10:35 - 2016-09-02 16:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-09-14 10:35 - 2016-09-02 16:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-09-14 10:35 - 2016-09-02 16:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-09-14 10:32 - 2016-09-14 10:32 - 00000000 ____D C:\ProgramData\firebird
2016-09-14 10:32 - 2016-08-12 18:26 - 00464896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-09-14 10:32 - 2016-08-12 18:26 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-09-14 10:32 - 2016-08-12 18:26 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-09-14 10:31 - 2016-08-16 19:36 - 01009152 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2016-09-14 10:31 - 2016-08-16 04:48 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2016-09-14 10:31 - 2016-08-16 04:35 - 03218432 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-09-14 10:31 - 2016-08-06 17:31 - 00877056 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-09-14 10:31 - 2016-08-06 17:15 - 00581632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2016-09-12 12:16 - 2016-09-12 12:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent
2016-09-08 14:20 - 2016-09-08 14:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings
2016-09-08 11:02 - 2016-09-08 11:02 - 00000000 ____D C:\Users\Seraiel\AppData\Local\ESET
2016-09-07 17:48 - 2016-09-07 17:48 - 00145400 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdave64.dll
2016-09-07 17:48 - 2016-09-07 17:48 - 00141280 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdhcp64.dll
2016-09-07 17:48 - 2016-09-07 17:48 - 00125288 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdhcp32.dll
2016-09-07 17:48 - 2016-09-07 17:48 - 00124776 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdave32.dll
2016-09-07 17:48 - 2016-09-07 17:48 - 00109856 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll
2016-09-07 17:48 - 2016-09-07 17:48 - 00109856 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll
2016-09-07 17:48 - 2016-09-07 17:48 - 00092328 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2016-09-07 17:48 - 2016-09-07 17:48 - 00092328 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2016-09-07 17:47 - 2016-09-07 17:47 - 10981024 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd6a.dll
2016-09-07 17:47 - 2016-09-07 17:47 - 09983912 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll
2016-09-07 17:47 - 2016-09-07 17:47 - 09089920 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
2016-09-07 17:47 - 2016-09-07 17:47 - 07212736 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll
2016-09-07 17:47 - 2016-09-07 17:47 - 01271160 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
2016-09-07 17:47 - 2016-09-07 17:47 - 00150544 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiu9p64.dll
2016-09-07 17:47 - 2016-09-07 17:47 - 00139720 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
2016-09-07 17:47 - 2016-09-07 17:47 - 00123776 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll
2016-09-07 17:46 - 2016-09-07 17:46 - 08847376 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd64.dll
2016-09-07 17:46 - 2016-09-07 17:46 - 00305544 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdacpksd.sys
2016-09-07 17:42 - 2016-09-07 17:42 - 26542592 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmdag.sys
2016-09-07 17:42 - 2016-09-07 17:42 - 00502272 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys
2016-09-07 17:42 - 2016-09-07 17:42 - 00270336 _____ (AMD) C:\Windows\system32\atitmm64.dll
2016-09-07 17:42 - 2016-09-07 17:42 - 00143360 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantle64.dll
2016-09-07 17:42 - 2016-09-07 17:42 - 00119808 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atisamu64.dll
2016-09-07 17:42 - 2016-09-07 17:42 - 00118272 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantle32.dll
2016-09-07 17:42 - 2016-09-07 17:42 - 00113152 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantleaxl64.dll
2016-09-07 17:42 - 2016-09-07 17:42 - 00101376 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atisamu32.dll
2016-09-07 17:42 - 2016-09-07 17:42 - 00092160 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantleaxl32.dll
2016-09-07 17:42 - 2016-09-07 17:42 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\detoured.dll
2016-09-07 17:42 - 2016-09-07 17:42 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\detoured.dll
2016-09-07 17:41 - 2016-09-07 17:41 - 48805888 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl64.dll
2016-09-07 17:41 - 2016-09-07 17:41 - 38250496 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
2016-09-07 17:41 - 2016-09-07 17:41 - 33263104 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atio6axx.dll
2016-09-07 17:41 - 2016-09-07 17:41 - 27473408 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl12cl64.dll
2016-09-07 17:41 - 2016-09-07 17:41 - 27297280 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
2016-09-07 17:41 - 2016-09-07 17:41 - 21624320 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl12cl.dll
2016-09-07 17:41 - 2016-09-07 17:41 - 15711744 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticaldd64.dll
2016-09-07 17:41 - 2016-09-07 17:41 - 14302720 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
2016-09-07 17:41 - 2016-09-07 17:41 - 01316864 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll
2016-09-07 17:41 - 2016-09-07 17:41 - 00981504 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2016-09-07 17:41 - 2016-09-07 17:41 - 00981504 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxx.dll
2016-09-07 17:41 - 2016-09-07 17:41 - 00505856 _____ (AMD) C:\Windows\system32\atieclxx.exe
2016-09-07 17:41 - 2016-09-07 17:41 - 00442368 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll
2016-09-07 17:41 - 2016-09-07 17:41 - 00385536 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiapfxx.exe
2016-09-07 17:41 - 2016-09-07 17:41 - 00332800 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\ATIODE.exe
2016-09-07 17:41 - 2016-09-07 17:41 - 00269824 _____ (AMD) C:\Windows\system32\atiesrxx.exe
2016-09-07 17:41 - 2016-09-07 17:41 - 00185344 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll
2016-09-07 17:41 - 2016-09-07 17:41 - 00159232 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2016-09-07 17:41 - 2016-09-07 17:41 - 00106496 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6pxx.dll
2016-09-07 17:41 - 2016-09-07 17:41 - 00094208 _____ (AMD) C:\Windows\system32\atimuixx.dll
2016-09-07 17:41 - 2016-09-07 17:41 - 00091136 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
2016-09-07 17:41 - 2016-09-07 17:41 - 00091136 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiglpxx.dll
2016-09-07 17:41 - 2016-09-07 17:41 - 00062464 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalrt64.dll
2016-09-07 17:41 - 2016-09-07 17:41 - 00055808 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalcl64.dll
2016-09-07 17:41 - 2016-09-07 17:41 - 00052224 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
2016-09-07 17:41 - 2016-09-07 17:41 - 00051200 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\ATIODCLI.exe
2016-09-07 17:41 - 2016-09-07 17:41 - 00050688 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmmcl6.dll
2016-09-07 17:41 - 2016-09-07 17:41 - 00049152 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
2016-09-07 17:41 - 2016-09-07 17:41 - 00043520 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\ati2erec.dll
2016-09-07 17:41 - 2016-09-07 17:41 - 00038400 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmmcl.dll
2016-09-07 17:40 - 2016-09-07 17:40 - 08724992 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmantle64.dll
2016-09-07 17:40 - 2016-09-07 17:40 - 07046656 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmantle32.dll
2016-09-07 17:40 - 2016-09-07 17:40 - 00096256 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2016-09-07 17:40 - 2016-09-07 17:40 - 00087040 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2016-09-07 17:36 - 2016-09-07 17:36 - 02222592 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amfrt64.dll
2016-09-07 17:35 - 2016-09-07 17:35 - 01902080 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amfrt32.dll
2016-09-07 17:34 - 2016-09-07 17:34 - 09364992 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdvlk64.dll
2016-09-07 17:24 - 2016-09-07 17:24 - 07568384 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdvlk32.dll
2016-09-07 16:56 - 2016-09-07 16:56 - 00252928 _____ C:\Windows\system32\clinfo.exe
2016-09-07 16:52 - 2016-09-07 16:52 - 00733696 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdlvr64.dll
2016-09-07 16:51 - 2016-09-07 16:51 - 00608768 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdlvr32.dll
2016-09-07 16:28 - 2016-09-07 16:28 - 03437632 _____ C:\Windows\system32\atiumd6a.cap
2016-09-07 16:17 - 2016-09-07 16:17 - 03471376 _____ C:\Windows\SysWOW64\atiumdva.cap
2016-09-07 16:16 - 2016-09-07 16:16 - 00875008 _____ (AMD) C:\Windows\system32\coinst_16.40.dll
2016-09-07 16:15 - 2016-09-07 16:15 - 00748320 _____ C:\Windows\SysWOW64\atiapfxx.blb
2016-09-07 16:15 - 2016-09-07 16:15 - 00748320 _____ C:\Windows\system32\atiapfxx.blb
2016-09-07 16:09 - 2016-09-07 16:09 - 00138752 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amduve64.dll
2016-09-07 16:08 - 2016-09-07 16:08 - 00118272 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amduve32.dll
2016-09-07 16:07 - 2016-09-07 16:07 - 00275456 _____ C:\Windows\system32\dgtrayicon.exe
2016-09-07 16:07 - 2016-09-07 16:07 - 00258560 _____ C:\Windows\system32\GameManager64.dll
2016-09-07 16:07 - 2016-09-07 16:07 - 00223744 _____ C:\Windows\SysWOW64\GameManager32.dll
2016-09-07 16:07 - 2016-09-07 16:07 - 00214016 _____ C:\Windows\system32\atieah64.exe
2016-09-07 16:07 - 2016-09-07 16:07 - 00192000 _____ C:\Windows\SysWOW64\atieah32.exe
2016-09-07 16:06 - 2016-09-07 16:06 - 00231936 _____ C:\Windows\system32\amdgfxinfo64.dll
2016-09-07 16:06 - 2016-09-07 16:06 - 00204800 _____ C:\Windows\SysWOW64\amdgfxinfo32.dll
2016-09-07 15:57 - 2016-09-07 15:57 - 00251392 _____ C:\Windows\system32\hsa-thunk64.dll
2016-09-07 15:57 - 2016-09-07 15:57 - 00217088 _____ C:\Windows\SysWOW64\hsa-thunk.dll
2016-08-25 14:01 - 2016-08-25 14:01 - 00000000 ____D C:\Users\Seraiel\AppData\Roaming\ATI
2016-08-25 14:01 - 2016-08-25 14:01 - 00000000 ____D C:\Users\Seraiel\AppData\Local\ATI
2016-08-25 14:01 - 2016-08-25 14:01 - 00000000 ____D C:\ProgramData\ATI
2016-08-25 13:55 - 2016-08-25 13:55 - 00000000 ____D C:\Users\Seraiel\AppData\Roaming\PlaysTV
2016-08-25 13:54 - 2016-08-25 13:54 - 00000000 ____D C:\Users\Seraiel\AppData\Local\AMD
2016-08-25 13:54 - 2016-08-25 13:54 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2016-08-25 13:54 - 2016-08-25 13:54 - 00000000 ____D C:\Program Files (x86)\Raptr Inc
2016-08-25 13:54 - 2016-08-25 13:54 - 00000000 ____D C:\Program Files (x86)\AMD
2016-08-25 13:54 - 2016-07-21 17:47 - 00265504 _____ C:\Windows\SysWOW64\vulkan-1.dll
2016-08-25 13:54 - 2016-07-21 17:47 - 00110880 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2016-08-25 13:54 - 2016-07-21 17:46 - 00258336 _____ C:\Windows\system32\vulkan-1.dll
2016-08-25 13:54 - 2016-07-21 17:46 - 00125216 _____ C:\Windows\system32\vulkaninfo.exe
2016-08-25 13:54 - 2016-03-03 08:31 - 00079120 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\amdkmpfd.sys
2016-08-25 13:53 - 2016-09-08 14:18 - 00000000 ____D C:\Program Files\AMD
2016-08-25 13:50 - 2016-08-25 13:50 - 00019530 _____ C:\Windows\system32\results.xml
2016-08-25 13:47 - 2016-08-25 13:47 - 00000704 _____ C:\Users\Public\Desktop\Intel® HD Graphics Control Panel.lnk
2016-08-25 13:30 - 2016-09-08 14:20 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-08-25 11:22 - 2016-09-18 18:42 - 00065536 _____ C:\Windows\system32\spu_storage.bin
2016-08-25 11:19 - 2016-09-08 14:17 - 00000000 ____D C:\AMD
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-09-21 11:31 - 2016-07-25 14:51 - 00000000 ____D C:\Users\Seraiel\Desktop\Sicherheit
2016-09-21 11:24 - 2016-07-25 14:38 - 00000000 ____D C:\Users\Seraiel\AppData\Roaming\foobar2000
2016-09-21 11:20 - 2016-07-25 16:30 - 00000000 ____D C:\Users\Seraiel\AppData\Roaming\qBittorrent
2016-09-21 11:08 - 2016-07-25 13:49 - 00001128 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3157455879-1380111954-4074870653-1000UA.job
2016-09-21 11:05 - 2016-07-25 14:46 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-21 02:08 - 2016-07-25 13:49 - 00001076 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3157455879-1380111954-4074870653-1000Core.job
2016-09-21 02:05 - 2016-07-25 14:46 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-21 01:12 - 2016-08-10 18:06 - 00000000 ___RD C:\Users\Seraiel\Documents\Glaube
2016-09-20 23:20 - 2016-08-10 18:07 - 00000000 ___RD C:\Users\Seraiel\Documents\Wichtig
2016-09-20 19:33 - 2009-07-14 06:45 - 00031888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-09-20 19:33 - 2009-07-14 06:45 - 00031888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-09-20 16:13 - 2016-07-25 13:50 - 00002444 _____ C:\Users\Seraiel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome Canary.lnk
2016-09-19 18:11 - 2011-04-12 09:43 - 00699342 _____ C:\Windows\system32\perfh007.dat
2016-09-19 18:11 - 2011-04-12 09:43 - 00149450 _____ C:\Windows\system32\perfc007.dat
2016-09-19 18:11 - 2009-07-14 07:13 - 01619284 _____ C:\Windows\system32\PerfStringBackup.INI
2016-09-19 18:11 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-09-19 14:47 - 2016-07-24 17:00 - 00000000 ____D C:\Users\Seraiel
2016-09-18 18:43 - 2016-08-08 19:56 - 00000000 ____D C:\Program Files (x86)\Steam
2016-09-18 18:43 - 2016-07-29 17:11 - 00000000 __SHD C:\Users\Seraiel\IntelGraphicsProfiles
2016-09-18 18:43 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-09-18 18:42 - 2016-08-01 15:36 - 1610620928 _____ C:\Users\Seraiel\Documents\CANARY.img
2016-09-18 16:57 - 2016-08-16 19:16 - 00000000 ____D C:\Users\Seraiel\AppData\Local\CrashDumps
2016-09-18 00:08 - 2016-08-06 16:30 - 00000000 ____D C:\Users\Seraiel\AppData\Roaming\FileZilla
2016-09-17 23:37 - 2016-08-06 16:30 - 00001858 _____ C:\Users\Public\Desktop\FileZilla Client.lnk
2016-09-17 23:37 - 2016-08-06 16:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2016-09-17 23:37 - 2016-08-06 16:30 - 00000000 ____D C:\Program Files\FileZilla FTP Client
2016-09-17 03:07 - 2016-07-25 14:46 - 00002187 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-09-16 13:52 - 2016-07-29 23:42 - 00000000 ____D C:\Users\Seraiel\AppData\Roaming\vlc
2016-09-14 13:10 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2016-09-14 10:42 - 2009-07-14 06:45 - 00374336 _____ C:\Windows\system32\FNTCACHE.DAT
2016-09-14 10:40 - 2016-07-29 10:02 - 00000000 ____D C:\Windows\system32\MRT
2016-09-14 10:36 - 2016-07-29 10:02 - 144199024 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-09-12 12:16 - 2016-07-25 16:30 - 00001047 _____ C:\Users\Public\Desktop\qBittorrent.lnk
2016-09-12 12:16 - 2016-07-25 16:30 - 00000000 ____D C:\Program Files (x86)\qBittorrent
2016-09-08 14:21 - 2016-07-29 17:17 - 00004230 _____ C:\Windows\System32\Tasks\AMD Updater
2016-09-07 19:33 - 2016-07-31 15:44 - 00000000 ___RD C:\System
2016-09-07 18:13 - 2016-07-24 17:12 - 00076176 _____ C:\Users\Seraiel\AppData\Local\GDIPFONTCACHEV1.DAT
2016-09-07 17:48 - 2016-07-19 00:21 - 00170072 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiuxp64.dll
2016-09-07 17:47 - 2016-07-19 00:21 - 10931560 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atidxx64.dll
2016-09-07 17:47 - 2016-07-19 00:21 - 01546712 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\aticfx64.dll
2016-08-25 14:03 - 2016-07-29 17:17 - 00002023 _____ C:\Users\Public\Desktop\Raptr.lnk
2016-08-25 14:03 - 2016-07-29 17:15 - 00000000 ____D C:\Users\Seraiel\AppData\Roaming\Raptr
2016-08-25 13:50 - 2016-07-29 17:11 - 00000451 _____ C:\Windows\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2016-08-25 13:47 - 2016-07-24 17:23 - 00000000 ____D C:\Program Files (x86)\Intel
2016-08-25 13:46 - 2016-07-24 17:23 - 00000000 ____D C:\Intel
2016-08-25 11:45 - 2016-07-29 12:43 - 00000000 ____D C:\Users\Public\Creative
2016-08-25 07:56 - 2016-08-16 13:23 - 00000000 ____D C:\Camelot Unchained
2016-08-24 15:14 - 2016-07-25 14:30 - 00000000 ____D C:\ProgramData\LogiShrd
 
==================== Files in the root of some directories =======
 
2016-08-06 11:58 - 2016-08-06 11:58 - 0007605 _____ () C:\Users\Seraiel\AppData\Local\Resmon.ResmonCfg
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-09-15 00:56
 
==================== End of FRST.txt ============================
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-09-2016
Ran by Seraiel (21-09-2016 11:31:50)
Running from C:\Users\Seraiel\Desktop\Sicherheit
Windows 7 Professional Service Pack 1 (X64) (2016-07-24 15:00:49)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3157455879-1380111954-4074870653-500 - Administrator - Disabled)
Gast (S-1-5-21-3157455879-1380111954-4074870653-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3157455879-1380111954-4074870653-1002 - Limited - Enabled)
Seraiel (S-1-5-21-3157455879-1380111954-4074870653-1000 - Administrator - Enabled) => C:\Users\Seraiel
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: ESET NOD32 Antivirus 9.0.402.1 (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET NOD32 Antivirus 9.0.402.1 (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 16.00 (x64) (HKLM\...\7-Zip) (Version: 16.00 - Igor Pavlov)
Adobe Flash Player 22 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 22.0.0.207 - Adobe Systems Incorporated)
Alienware On-Screen Display (HKLM-x32\...\InstallShield_{0D69462F-99CC-4F8D-942E-666E21CE59F8}) (Version: 0.32.0.2C - )
Alienware On-Screen Display (x32 Version: 0.32.0.2C - ) Hidden
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.6 - Advanced Micro Devices, Inc.)
Camelot Unchained Version 2.0.0 (HKLM-x32\...\{AD022452-FCDE-4C3D-834E-93037A1A9CEA}_is1) (Version: 2.0.0 - )
Catalyst Control Center Next Localization BR (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.20 - Piriform)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.7.6229 - CDBurnerXP)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version:  - Valve)
dBpoweramp (HKLM-x32\...\dBpoweramp) (Version: Release 16.0 - Illustrate)
EMSC (x32 Version: 0.0.0.22C - Compal Electronics, Inc.) Hidden
ESET NOD32 Antivirus (HKLM\...\{6A816859-EC01-43F5-9EE2-B3B168CC52CB}) (Version: 9.0.386.1 - ESET, spol. s r.o.)
Exact Audio Copy 1.1 (HKLM-x32\...\Exact Audio Copy) (Version: 1.1 - Andre Wiethoff)
FileZilla Client 3.21.0 (HKLM-x32\...\FileZilla Client) (Version: 3.21.0 - Tim Kosse)
foobar2000 v1.3.10 (HKLM-x32\...\foobar2000) (Version: 1.3.10 - Peter Pawlowski)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 53.0.2785.116 - Google Inc.)
Google Chrome Canary (HKU\S-1-5-21-3157455879-1380111954-4074870653-1000\...\Google Chrome SxS) (Version: 55.0.2866.0 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4425 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.10.255 - Intel Corporation)
Intel® Wireless Bluetooth®(patch version 17.1.1504.516) (HKLM\...\{302600C1-6BDF-4FD1-1411-148929CC1385}) (Version: 17.1.1411.0506 - Intel Corporation)
Intel® Chipsatz-Gerätesoftware (x32 Version: 10.1.2.10 - Intel® Corporation) Hidden
Intel® PROSet/Wireless Software (HKLM-x32\...\{cc892976-0919-4ba9-ab52-ae15d2127a12}) (Version: 18.21.0 - Intel Corporation)
IrfanView 64 (remove only) (HKLM\...\IrfanView64) (Version: 4.42 - Irfan Skiljan)
Java 8 Update 101 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
LibreOffice 5.1.4.2 (HKLM\...\{3D0938AC-CEED-48CF-9649-D433CE8A4AF7}) (Version: 5.1.4.2 - The Document Foundation)
Link Shell Extension (HKLM\...\HardlinkShellExt) (Version: 3.8.6.3 - Hermann Schinagl)
Logitech Gaming Software 8.83 (HKLM\...\Logitech Gaming Software) (Version: 8.83.85 - Logitech Inc.)
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.2.0 - Mozilla)
Mozilla Thunderbird 45.2.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 45.2.0 (x86 de)) (Version: 45.2.0 - Mozilla)
Mp3tag v2.78 (HKLM-x32\...\Mp3tag) (Version: v2.78 - Florian Heidenreich)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
qBittorrent 3.3.7 (HKLM-x32\...\qBittorrent) (Version: 3.3.7 - The qBittorrent project)
Qualcomm Atheros Ethernet Controller (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.0.14.15 - Qualcomm Atheros Inc.)
Raptr (HKLM-x32\...\Raptr) (Version: 5.2.5-r115042-release - Raptr, Inc)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.370.125 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 3.1.6 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.6 - VS Revo Group, Ltd.)
Sdrive 2.5.8 (HKLM-x32\...\{74048A6E-4BAB-4F5F-8382-651C88F085B8}_is1) (Version: 2.5.8 - Seagate)
Seagate Dashboard (HKLM-x32\...\{EA266F00-A8E7-43A0-8DED-FBFE3F076934}) (Version: 4.4.19.0 - Seagate)
Sid Meier's Civilization 4 - Beyond the Sword (HKLM-x32\...\{32E4F0D2-C135-475E-A841-1D59A0D22989}) (Version: 3.19 - Firaxis Games)
Sid Meier's Civilization 4 Complete (HKLM-x32\...\{30D1F3D2-54CF-481D-A005-F94B0E98FEEC}) (Version: 1.74 - Firaxis Games)
SoftPerfect RAM Disk 3.4.7 (HKLM\...\{33A14ED9-0340-4193-BEDB-B95BC8196182}_is1) (Version:  - SoftPerfect)
Sound Blaster Recon3Di (HKLM-x32\...\{C8AAFCDC-CD3A-40AD-9FA9-07FB70F08224}) (Version: 1.00.08 - Creative Technology Limited)
Sound Blaster Recon3Di Extras (HKLM-x32\...\{C45E715E-442E-4D82-BD46-A08A0870957C}) (Version: 1.0 - Creative Technology Limited)
ST Microelectronics 3 Axis Digital Accelerometer Solution (HKLM-x32\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}) (Version: 4.12.0022 - ST Microelectronics)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SyncBackFree (HKLM-x32\...\SyncBackFree_is1) (Version: 7.6.28.0 - 2BrightSparks)
VisiPics V1.31 (HKLM-x32\...\VisiPics_is1) (Version:  - Ozone)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.17.0 (HKLM\...\VulkanRT1.0.17.0-2) (Version: 1.0.17.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.17.0 (Version: 1.0.17.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.21.0 (HKLM\...\VulkanRT1.0.21.0) (Version: 1.0.21.0 - LunarG, Inc.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3157455879-1380111954-4074870653-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Seraiel\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3157455879-1380111954-4074870653-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-3157455879-1380111954-4074870653-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Seraiel\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {14FD8AE9-DE98-4D40-9432-C1A5AFFB08C0} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3157455879-1380111954-4074870653-1000Core => C:\Users\Seraiel\AppData\Local\Google\Update\GoogleUpdate.exe [2016-07-25] (Google Inc.)
Task: {3EC51784-F139-4E52-99E5-1AFB4EF8D973} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-07-13] (Piriform Ltd)
Task: {4902F3B5-198F-4039-9F3D-5965496CFD09} - System32\Tasks\{F29B1EAA-2C6D-4B65-9AAC-ECC95305CC34} => pcalua.exe -a C:\System\Windows\HardLinkShellExt_X64.exe -d C:\System\Windows
Task: {7338E060-56FA-4819-A582-C75936A340D8} - System32\Tasks\Seagate_Install_Launch => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe [2016-06-28] (Seagate Technology LLC)
Task: {75B870F4-D373-418F-9222-57C14214CAE5} - System32\Tasks\2BrightSparks\SyncBackFree\AWM17XR4-Seraiel\SyncBackFree => C:\Program Files (x86)\2BrightSparks\SyncBackFree\SyncBackFree.exe [2016-08-04] (2BrightSparks Pte. Ltd.)
Task: {7B31FB82-32E3-4A21-AED5-C55AA4EE1084} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-07-25] (Google Inc.)
Task: {A8249FAF-01E2-4092-8496-D7C89745AB85} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2016-09-07] (Advanced Micro Devices, Inc.)
Task: {D3F6A2E2-6C44-4170-BA5D-013557F893DF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3157455879-1380111954-4074870653-1000UA => C:\Users\Seraiel\AppData\Local\Google\Update\GoogleUpdate.exe [2016-07-25] (Google Inc.)
Task: {D4AE6D69-E47E-44E0-A14B-83DCFF6D25F7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-07-25] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3157455879-1380111954-4074870653-1000Core.job => C:\Users\Seraiel\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3157455879-1380111954-4074870653-1000UA.job => C:\Users\Seraiel\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2004-09-30 20:15 - 2004-09-30 20:15 - 00192000 _____ () C:\Program Files\LinkShellExtension\RockallDLL.dll
2016-08-23 15:05 - 2016-08-23 15:05 - 00052400 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2015-03-07 02:07 - 2015-03-07 02:07 - 00908568 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2016-04-29 00:49 - 2016-04-29 00:49 - 01095448 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2015-03-07 02:07 - 2015-03-07 02:07 - 00060184 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2016-04-29 00:49 - 2016-04-29 00:49 - 00240408 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2016-07-25 16:32 - 2016-03-13 09:52 - 00159160 _____ () C:\Program Files\SoftPerfect RAM Disk\vvlib.dll
2015-06-25 17:34 - 2015-06-25 17:34 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2015-06-25 17:37 - 2015-06-25 17:37 - 00739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-06-25 17:35 - 2015-06-25 17:35 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2015-06-25 17:38 - 2015-06-25 17:38 - 00071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-06-25 16:53 - 2015-06-25 16:53 - 00011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
2015-06-25 16:51 - 2015-06-25 16:51 - 02013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2011-12-01 20:00 - 2011-12-01 20:00 - 01636208 _____ () C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
2016-09-17 03:07 - 2016-09-14 04:52 - 02280264 _____ () C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\libglesv2.dll
2016-09-17 03:07 - 2016-09-14 04:52 - 00107848 _____ () C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\libegl.dll
2016-06-15 11:14 - 2016-06-15 11:14 - 01348200 _____ () C:\Program Files\LibreOffice 5\program\libxml2.dll
2016-06-15 11:14 - 2016-06-15 11:14 - 00440424 _____ () C:\Program Files\LibreOffice 5\program\glew32.dll
2016-06-15 11:14 - 2016-06-15 11:14 - 00229480 _____ () C:\Program Files\LibreOffice 5\program\libxslt.dll
2016-06-15 11:15 - 2016-06-15 11:15 - 00128104 _____ () C:\Program Files\LibreOffice 5\program\python3.dll
2016-06-15 10:32 - 2016-06-15 10:32 - 00051200 _____ () C:\Program Files\LibreOffice 5\program\python-core-3.3.0\lib\_socket.pyd
2016-09-11 21:49 - 2016-09-11 21:49 - 15859712 _____ () C:\Program Files (x86)\qBittorrent\qbittorrent.exe
2016-09-20 16:13 - 2016-09-20 12:26 - 02386248 _____ () T:\Chrome SxS\Application\55.0.2866.0\libglesv2.dll
2016-09-20 16:13 - 2016-09-20 12:26 - 00105800 _____ () T:\Chrome SxS\Application\55.0.2866.0\libegl.dll
2016-09-07 16:07 - 2016-09-07 16:07 - 00223744 _____ () C:\Windows\SysWOW64\GameManager32.dll
2016-08-08 19:57 - 2016-08-09 01:27 - 00785920 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2016-08-08 19:57 - 2015-07-02 00:06 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2016-08-08 19:57 - 2015-07-02 00:06 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2016-08-08 19:57 - 2015-07-02 00:06 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2016-08-08 19:57 - 2016-08-23 21:33 - 02321184 _____ () C:\Program Files (x86)\Steam\video.dll
2016-08-08 19:57 - 2016-01-27 09:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2016-08-08 19:57 - 2016-01-27 09:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2016-08-08 19:57 - 2016-01-27 09:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2016-08-08 19:57 - 2016-01-27 09:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2016-08-08 19:57 - 2016-01-27 09:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2016-08-08 19:57 - 2016-08-23 21:33 - 00835360 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-08-08 19:57 - 2016-07-05 00:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2009-12-18 11:07 - 2009-12-18 11:07 - 00577536 _____ () C:\Program Files (x86)\Alienware On-Screen Display\EMSC.dll
2011-12-22 18:31 - 2011-12-22 18:31 - 00593920 _____ () C:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\de-DE\SBRcni.resources.dll
2016-08-08 19:57 - 2016-08-04 22:56 - 49825056 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2016-03-17 14:58 - 2016-03-17 14:58 - 00095696 _____ () C:\Program Files (x86)\foobar2000\zlib1.dll
2016-03-25 13:04 - 2016-03-25 13:04 - 00160704 _____ () C:\Program Files (x86)\foobar2000\shared.dll
2016-03-25 12:58 - 2016-03-25 12:58 - 00263168 _____ () C:\Program Files (x86)\foobar2000\components\foo_unpack.dll
2016-07-25 14:39 - 2016-07-25 14:39 - 00290816 _____ () C:\Users\Seraiel\AppData\Roaming\foobar2000\user-components\foo_abx\foo_abx.dll
2016-03-09 14:44 - 2016-03-09 14:44 - 00536064 _____ () C:\Program Files (x86)\foobar2000\components\foo_converter.dll
2016-03-09 14:44 - 2016-03-09 14:44 - 00250368 _____ () C:\Program Files (x86)\foobar2000\components\foo_dsp_std.dll
2016-03-25 13:04 - 2016-03-25 13:04 - 01409496 _____ () C:\Program Files (x86)\foobar2000\components\foo_input_std.dll
2016-03-09 14:42 - 2016-03-09 14:42 - 00307200 _____ () C:\Program Files (x86)\foobar2000\components\foo_freedb2.dll
2016-03-09 14:42 - 2016-03-09 14:42 - 00294912 _____ () C:\Program Files (x86)\foobar2000\components\foo_fileops.dll
2016-03-25 12:58 - 2016-03-25 12:58 - 00309760 _____ () C:\Program Files (x86)\foobar2000\components\foo_cdda.dll
2016-03-09 14:44 - 2016-03-09 14:44 - 00205312 _____ () C:\Program Files (x86)\foobar2000\components\foo_dsp_eq.dll
2016-03-09 14:44 - 2016-03-09 14:44 - 00356352 _____ () C:\Program Files (x86)\foobar2000\components\foo_albumlist.dll
2016-07-25 14:40 - 2016-07-25 14:40 - 00271872 _____ () C:\Users\Seraiel\AppData\Roaming\foobar2000\user-components\foo_input_monkey\foo_input_monkey.dll
2016-03-25 13:04 - 2016-03-25 13:04 - 01087960 _____ () C:\Program Files (x86)\foobar2000\components\foo_ui_std.dll
2016-07-25 14:40 - 2016-07-25 14:40 - 00730112 _____ () C:\Users\Seraiel\AppData\Roaming\foobar2000\user-components\foo_uie_lyrics3\foo_uie_lyrics3.dll
2016-07-28 23:07 - 2010-09-01 10:15 - 00190464 _____ () C:\Program Files (x86)\foobar2000\components\foo_quicktag.dll
2016-07-25 14:40 - 2016-07-25 14:40 - 00147456 _____ () C:\Users\Seraiel\AppData\Roaming\foobar2000\user-components\foo_out_wasapi\foo_out_wasapi.dll
2016-03-09 14:44 - 2016-03-09 14:44 - 00375296 _____ () C:\Program Files (x86)\foobar2000\components\foo_rgscan.dll
2016-07-25 14:40 - 2016-07-25 14:40 - 00248320 _____ () \\?\C:\Users\Seraiel\AppData\Roaming\foobar2000\user-components\foo_wave_seekbar\frontend_direct2d.dll
2016-07-25 14:40 - 2016-07-25 14:40 - 00310784 _____ () \\?\C:\Users\Seraiel\AppData\Roaming\foobar2000\user-components\foo_wave_seekbar\frontend_direct3d9.dll
2004-09-30 19:09 - 2004-09-30 19:09 - 00155648 _____ () C:\Program Files\LinkShellExtension\32\RockallDLL.dll
2016-07-31 01:52 - 2016-07-31 01:52 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\5a8eeeddc97028a9f94d0518c22f4c2c\IsdiInterop.ni.dll
2016-07-31 01:52 - 2011-11-29 20:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3157455879-1380111954-4074870653-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Seraiel\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 176.10.106.18 - 176.10.106.20
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{26BB6915-2319-46A9-B979-A47E4E1AD051}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [TCP Query User{48DF330D-28BB-4E95-A148-883F6449D83A}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{DE1C05DD-2619-46F8-85B3-2F048432F363}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [{941A0D92-DF77-43B9-9F56-A46549E4862C}] => (Allow) LPort=8888
FirewallRules: [{7B070939-8AA3-4526-9E0C-2408161CF58A}] => (Allow) LPort=8888
FirewallRules: [{B5F7092F-8D70-4CC2-989D-3D985795E4B1}] => (Allow) %ProgramFiles% (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{8E7427EA-B24B-4D34-B7D1-73A3FFBF7807}] => (Allow) %ProgramFiles% (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{FFF9915F-7195-4229-9BDF-FB7915D0AB1B}] => (Block) %ProgramFiles% (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{3C067893-8AE0-4A30-A056-6EC69E70B1F7}] => (Block) %ProgramFiles% (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [TCP Query User{12EC042B-3BB3-4024-8258-AA3C5AF94A14}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [UDP Query User{D1CCA258-A27E-4A5A-8883-034CABC0DDA2}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [TCP Query User{28D5435C-5FAD-4B08-92E0-E7459311B915}C:\program files (x86)\seagate\sdrive\sdrive.exe] => (Allow) C:\program files (x86)\seagate\sdrive\sdrive.exe
FirewallRules: [UDP Query User{5BD6D323-AF01-44CD-B366-82F8B0C635C8}C:\program files (x86)\seagate\sdrive\sdrive.exe] => (Allow) C:\program files (x86)\seagate\sdrive\sdrive.exe
FirewallRules: [{38BF35B4-A20D-421F-BC5E-03DD34622FA7}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{5DAF25EC-B249-407E-A4B0-D7E39C3DF5D4}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{ACC93B03-C605-45F0-9E37-534E90B5463D}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{EC8A1CFE-A152-49C6-BD24-A346C83B3C69}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{03DBEF50-01C3-49E6-B960-5DFB83EB9A4F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{982492D3-71AC-4444-AA11-CC06BCAF9E9C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [TCP Query User{06D79165-F00F-430C-B4BE-8BA26F353C75}C:\camelot unchained\bin\4\client\client.exe] => (Allow) C:\camelot unchained\bin\4\client\client.exe
FirewallRules: [UDP Query User{22DD3152-2728-4811-B0E0-313AF14D851B}C:\camelot unchained\bin\4\client\client.exe] => (Allow) C:\camelot unchained\bin\4\client\client.exe
FirewallRules: [TCP Query User{6CB08761-7CF0-4293-AB44-BF029ECCC79D}C:\camelot unchained\bin\10\client\client.exe] => (Allow) C:\camelot unchained\bin\10\client\client.exe
FirewallRules: [UDP Query User{CC6D6AF0-CA9F-4F7D-B6A3-817F1A08A2DD}C:\camelot unchained\bin\10\client\client.exe] => (Allow) C:\camelot unchained\bin\10\client\client.exe
FirewallRules: [{EAF435FD-90DF-4AED-AE7B-B6963CBDBA22}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{ED433F99-2789-436B-A1DB-6516FFE3FFC2}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{32F0455B-8BF8-42C0-BE12-374C09671442}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{6F60D96B-BC6A-457F-9615-C7905650A4F3}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{EA8B7402-992C-418C-88F5-B3AEEE5B41ED}] => (Allow) %ProgramFiles% (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{FF60F49C-B1BA-4A7B-A68E-F79EEF82B0FF}] => (Allow) %ProgramFiles% (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{5A8C6457-2420-4AE3-8C33-40D88F4C277C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
25-08-2016 11:36:28 DDU System Restored Point
25-08-2016 11:42:16 DDU Restore Point
25-08-2016 11:49:29 Revo Uninstaller Pro's restore point - Raptr
25-08-2016 13:40:19 DDU Restore Point
25-08-2016 13:51:46 Vor ATI Radeon Treiber Installation
25-08-2016 14:01:22 Gerätetreiber-Paketinstallation: Advanced Micro Devices, Inc. Grafikkarte
29-08-2016 04:00:06 Windows-Sicherung
05-09-2016 04:00:07 Windows-Sicherung
08-09-2016 12:10:52 Windows-Sicherung
08-09-2016 14:18:54 Gerätetreiber-Paketinstallation: Advanced Micro Devices, Inc. Grafikkarte
08-09-2016 14:38:21 Windows-Sicherung
12-09-2016 04:00:07 Windows-Sicherung
14-09-2016 10:36:00 Windows Update
18-09-2016 16:23:20 JRT Pre-Junkware Removal
19-09-2016 04:00:10 Windows-Sicherung
 
==================== Faulty Device Manager Devices =============
 
Name: Personal Cloud
Description: Personal Cloud
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: SM-Bus-Controller
Description: SM-Bus-Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/18/2016 06:43:55 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: Der Index kann nicht initialisiert werden.
 
Details:
Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (09/18/2016 06:43:55 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Die Anwendung kann nicht initialisiert werden.
 
Kontext: Windows Anwendung
 
Details:
Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (09/18/2016 06:43:55 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Das Gatherer-Objekt kann nicht initialisiert werden.
 
Kontext: Windows Anwendung, SystemIndex Katalog
 
Details:
Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (09/18/2016 06:43:55 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden.
 
Kontext: Windows Anwendung, SystemIndex Katalog
 
Details:
Element nicht gefunden.  (HRESULT : 0x80070490) (0x80070490)
 
Error: (09/18/2016 06:43:55 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Plug-In in <Search.JetPropStore> kann nicht initialisiert werden.
 
Kontext: Windows Anwendung, SystemIndex Katalog
 
Details:
Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (09/18/2016 06:43:55 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Die Eigenschaftenspeicherdaten können von Windows Search nicht geladen werden.
 
Kontext: Windows Anwendung, SystemIndex Katalog
 
Details:
Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800) (0xc0041800)
 
Error: (09/18/2016 06:43:55 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: Windows Search wird aufgrund eines Problems bei der Indizierung The catalog is corrupt beendet.
 
Details:
Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (09/18/2016 06:43:55 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: Vom Suchdienst wurden beschädigte Datendateien im Index {id=4700} erkannt. Vom Dienst wird versucht, dieses Problem durch Neuerstellung des Indexes automatisch zu beheben.
 
Details:
Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (09/18/2016 06:43:55 PM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description: Der Jet-Eigenschaftenspeicher kann von Windows Search nicht geöffnet werden.
 
Details:
0x%08x (0xc0041800 - Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800))
 
Error: (09/18/2016 06:43:55 PM) (Source: ESENT) (EventID: 455) (User: )
Description: Windows (4900) Windows: Fehler -1811 beim Öffnen von Protokolldatei C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS001EC.log.
 
 
System errors:
=============
 
CodeIntegrity:
===================================
  Date: 2016-07-29 09:51:13.011
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\LgCoreTemp.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 
  Date: 2016-07-29 09:51:12.980
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\LgCoreTemp.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 
  Date: 2016-07-29 09:46:03.132
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\LgCoreTemp.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 
  Date: 2016-07-29 09:46:03.101
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\LgCoreTemp.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 
  Date: 2016-07-28 23:51:33.884
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\LgCoreTemp.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 
  Date: 2016-07-28 23:51:33.852
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\LgCoreTemp.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 
  Date: 2016-07-28 15:06:09.009
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\LgCoreTemp.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 
  Date: 2016-07-28 15:06:08.978
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\LgCoreTemp.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 
  Date: 2016-07-28 15:01:48.405
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\LgCoreTemp.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 
  Date: 2016-07-28 15:01:48.374
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\LgCoreTemp.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-3630QM CPU @ 2.40GHz
Percentage of memory in use: 44%
Total physical RAM: 16263.27 MB
Available physical RAM: 9098.26 MB
Total Virtual: 16261.46 MB
Available Virtual: 8854.52 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:238.25 GB) (Free:134.84 GB) NTFS
Drive d: (HDD) (Fixed) (Total:1630.01 GB) (Free:97 GB) NTFS
Drive t: (Canary) (Fixed) (Total:1.5 GB) (Free:0.73 GB) NTFS
Drive y: (Public) (Network) (Total:4616.02 GB) (Free:4419.36 GB) NTFS
Drive z: (Seraiel) (Network) (Total:4616.02 GB) (Free:4419.36 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 715044EA)
 
Partition: GPT.
 
========================================================
Disk: 1 (Size: 1630.1 GB) (Disk ID: AF0B1DFB)
 
Partition: GPT.
 
==================== End of Addition.txt ============================
 
 
 
 

TIA again for the support  :thumbsup:



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,179 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:16 PM

Posted 21 September 2016 - 02:47 PM

Post deleted.

Edited by Oh My!, 21 September 2016 - 02:51 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,179 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:16 PM

Posted 21 September 2016 - 04:00 PM

Greetings,

My pleasure to work with you on this.

Did you intentionally install this program?

SoftPerfect RAM Disk

-----

Please consider and do this.

===================================================

Peer to Peer (P2P) Warning

--------------------

Going over your logs I noticed that you have Peer 2 Peer (torrent) program(s) installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall Peer 2 Peer programs, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about CryptoLocker Ransomware, a type of Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities.

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
CreateRestorePoint:
CloseProcesses:
reg: reg add HKU\S-1-5-21-3157455879-1380111954-4074870653-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v "NoDriveTypeAutoRun" /t Reg_DWORD /d "0x91"
  • Right click on FRST.exe, select Run as administrator then press the Fix button
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • Monitor your computer for CD activity
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Install program?
  • Fixlog
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 Seraiel

Seraiel
  • Topic Starter

  • Validating
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:16 AM

Posted 22 September 2016 - 02:59 AM

Regarding Soft Perfect RAM Disk: Yes, I intentionally use that program to run Chrome Canary completely from the RAM. Installations like that fasten up the browsing speed by up to 50%!

 

And regarding P2P: I know of the risks and only use P2P for work and other legal use, so while risk for others, no risk for me :D .

 

Regarding the activation of the CD-Drive: The problem at startup is not completely solved, I rebooted the PC and no unnecessary activation of the CD-drive didn't happened (good) . It activated however when I cleaned the the "trash-bin" (don't know the exact english name in windows) which only had the error-logs of FRST and an ESF-key I created yesterday. I cleaned it for testing purposes just now again, and the CD-drive didn't activate, so there still seems to be something activating the drive that is unsolved.

 

Here is the fixlog.txt:

Fix result of Farbar Recovery Scan Tool (x64) Version: 21-09-2016
Ran by Seraiel (22-09-2016 00:33:12) Run:1
Running from C:\Users\Seraiel\Desktop\Sicherheit
Loaded Profiles: Seraiel (Available Profiles: Seraiel)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
reg: reg add HKU\S-1-5-21-3157455879-1380111954-4074870653-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v "NoDriveTypeAutoRun" /t Reg_DWORD /d "0x91"
*****************
 
Restore point was successfully created.
Processes closed successfully.
 
========= reg add HKU\S-1-5-21-3157455879-1380111954-4074870653-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v "NoDriveTypeAutoRun" /t Reg_DWORD /d "0x91" =========
 
Der Wert NoDriveTypeAutoRun ist vorhanden. šberschreiben (J/N)? Der Vorgang wurde erfolgreich beendet.
 
 
 
========= End of Reg: =========
 
 
 
The system needed a reboot.
 
==== End of Fixlog 00:33:23 ====
 
To translate this into english: 

 

Der Wert NoDriveTypeAutoRun ist vorhanden. šberschreiben (J/N)? Der Vorgang wurde erfolgreich beendet.

 

=

 

The value "NoDriveTypeAutoRun" is not existitent. Overwrite? (Y/N)? Proceedure ended.

 

And I didn't get any prompt to answer Y or N.



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,179 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:16 PM

Posted 22 September 2016 - 08:54 AM

Greetings and thank you for the information. The fix I provided automatically answers Yes to the question about changing the registry key. :)

When you say the problem at startup is not resolved are you talking about later on when you deleted items in the Recycle Bin?
 

I cleaned it for testing purposes just now again, and the CD-drive didn't activate, so there still seems to be something activating the drive that is unsolved.

It may be a one time quirk when you emptied the Recycle Bin. Let's monitor it to see if it happens again.

Please do this.

===================================================

Emsisoft Emergency Kit Scan

--------------------
  • Download Emsisoft Emergency Kit and save it to your desktop.
  • Double-click icon then click Install
  • A Window should open highlighting Start Emergency Kit Scanner
  • Right click on the icon and select Run as administrator
  • Click 1. Update now!
  • Once the update is completed select Settings under Scan
  • Uncheck Join the Emsisoft Anti-Malware Network
  • Click Scan at the top
  • Click On scan completion
  • Click Quarantine detected objects, then click OK
  • Click Malware Scan
  • Once completed click View Report
  • Save the file to your Desktop using the default file name
  • Copy and paste the report in your reply
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double-click icon then click Run
  • Press any key to launch the program
  • Note: If you receive an error message saying UNSUPPORTED OPERATING SYSTEM! ABORTED! reboot your computer and attempt to run it again
  • Allow the program to run
  • When completed a Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Emsisoft report
  • Security check report
  • Any CD activity?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 Seraiel

Seraiel
  • Topic Starter

  • Validating
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:16 AM

Posted 22 September 2016 - 02:05 PM

Emsisoft Emergency Kit – Version 11.9
Letztes Update: 22.09.2016 20:17:02
Benutzerkonto: AWM17XR4\Seraiel
Computer name: AWM17XR4
OS version: Windows 7x64 Service Pack 1
 
Scan-Einstellungen:
 
Scan-Methode: Eigener Scan
Objekte: Rootkits, Speicher, Traces, C:\, D:\, T:\, Y:\, Z:\
 
PUPs-Erkennung: An
Archiv-Scan: An
ADS Scan: An
Dateitypen-Filter: Aus
Erweitertes Caching: An
Direkter Festplattenzugriff: An
 
Scan-Beginn: 22.09.2016 20:18:48
 
Gescannt: 294098
Gefunden 0
 
Scan-Ende: 22.09.2016 20:46:01
Scan-Zeit: 0:27:13
 
 
Translation: Manual scan with everything activated except the Emsisoft Anti-Malware-Network you mentioned, found 0.
 
 Results of screen317's Security Check version 1.014 --- 12/23/15  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
ESET NOD32 Antivirus 9.0.402.1   
 Antivirus out of date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Java version 32-bit out of Date! 
 Mozilla Thunderbird (45.2.0) 
 Google Chrome (52.0.2743.116) 
 Google Chrome (53.0.2785.116) 
 Google Chrome (SetupMetrics...) 
````````Process Check: objlist.exe by Laurent````````  
 ESET NOD32 Antivirus egui.exe  
 ESET NOD32 Antivirus ekrn.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

The Anti-Virus is probably out of date because I disabled it during the scans.

 

I'll update the Java version.

[EDIT]

 

Java says it's up to date.



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,179 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:16 PM

Posted 22 September 2016 - 02:43 PM

Excellent,

Let's watch things for a day to see if you have any more CD episodes. Keep me posted.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,179 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:16 PM

Posted 25 September 2016 - 08:30 AM

Greetings,

===================================================

Do You Still Need Help?

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 Seraiel

Seraiel
  • Topic Starter

  • Validating
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:16 AM

Posted 25 September 2016 - 06:22 PM

Yes, I still need help.

 

The CD drive still activates about 2-3 minutes after startup, but I'm not actually sure, if it's really Malware. I didn't start any program and didnd't do anything, when it activated. It's past the time when delayed processes get started and I wouldn't know why it'd be something in the task-scheduler, which I cleaned of all the unnecessary tasks after the installation. The only clue I have is, that the problem doesn't exist longer than 4 weeks and I had a sort of infection. Maybe re-installing the system is the easier way to go, unless you got a clue. Re-installing would take me a whole day probably, because my system is set up very specificially, but I've become fast since I lost my data 3 times fully already and did at least 30 setups from scratch since I work with PCs.



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,179 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:16 PM

Posted 25 September 2016 - 07:33 PM

I don't mind trying to continue troubleshooting if that is what you would like to do. If so, please boot into Safe Mode with Networking and see if the problem persists.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 Seraiel

Seraiel
  • Topic Starter

  • Validating
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:16 AM

Posted 26 September 2016 - 04:57 PM

TY for that generous offer Oh My!

 

CD-drive activation doesn't happen in safe-mode.

 

I took a stopwatch and the Process-Monitor from Sysinternals and tracked down this:

 

The CD-drive activation happens exactly 5 minutes after the desktop and the process triggering it seems to be:

 

faulty_process_zpsxmj07qw7.jpg

 

What shall I do now. Nothing on my index relates towards the CD-drive.

 

I rebuilt the index in any case, and will tell, if it helped, because there was something about the index from Windows 7 being faulty, but the unnecessary activation of the CD-drive only exists for about 2-4 weeks, while I used the system without it having flaws at least 3 months prior to it.



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,179 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:16 PM

Posted 26 September 2016 - 09:05 PM

Greetings,

I don't think the Search function is related to the CD issue.

Here are some troubleshooting steps.

===================================================

Clean Boot

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msconfig and press Enter
  • If you are prompted for an administrator password or for a confirmation, type the password, or provide confirmation
  • Click the General tab then click Selective Startup
  • Check Load system services
  • Uncheck Load Startup Items
  • Click the Services tab
  • Click to select the Hide All Microsoft Services check box
  • Click Disable All, and then click OK
  • When you are prompted, click Restart and boot into Normal Mode
  • Check your computer performance
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Results?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 Seraiel

Seraiel
  • Topic Starter

  • Validating
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:16 AM

Posted 27 September 2016 - 02:56 AM

I'll perform the safe-boot etc.

 

I remembered a clue yesterday. The CD-drive-activation is since I first watched a DVD probably.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users