ADWARE/Hicosmea.140800 und weitere "Viren" gefunden

Nagato · 17.05.2015, 14:01

Guten Tag liebes Trojaner-Board Team ,
ich habe seit einigen Tagen leichte Probleme mit meinem PC und habe zur Vorsicht mein Antiviren-Programm durchlaufen lassen.
Im Anhang können sie diese "Viren" inklusive Namen in meiner Quarantäne betrachten.
Ich danke Ihnen schonmals im Vorraus und hoffe das wir dieses Problem schnell beseitigt bekommen

.

mfg Nagato

Bootsektor · 17.05.2015, 14:24

Mein Name ist Sandra und ich werde Dir bei Deinem Problem behilflich sein.

Bitte arbeite alle Schritte der Reihe nach ab.
Lese die Anleitungen sorgfältig durch bevor Du beginnst. Wenn es Probleme gibt oder Du etwas nicht verstehst, dann stoppe mit Deiner Ausführung und beschreibe mir das Problem
Führe bitte nur Scans durch zu denen Du von mir aufgefordert wirst.
Bitte kein Crossposting ( posten in mehreren Foren).
Installiere oder deinstalliere während der Bereinigung keine Software, ausser Du wurdest dazu aufgefordert.
Poste die Logfiles direkt in deinen Thread in Code-Tags.
Bedenke, dass wir hier alle während unserer Freizeit tätig sind, wenn du innerhalb von 2 Tagen nichts von mir hörst, dann schreibe mir bitte eine PM.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der schnellere und bei einem Befall durch Malware immer der sicherste Weg. Adware lässt sich in den allermeisten Fällen problemlos entfernen.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Dir jemand vom Team sagt, dass Du clean bist.

Posten in Code Tags
Bitte füge die Logs immer in Code-Tags ein. Wenn Du das nicht machst, erschwert es mir sehr das Auswerten. Danke.
Dazu:

Klicke über dem Antwortfenster auf die Raute #, dann steht dort in eckigen Klammern [] CODE /CODE.
Zwischen den beiden code-Bausteinen fügst Du dann deine Logfiles ein. Also CODE Logfile /CODE
Wenn die Logs zu lang sein sollten, dann teile sie bitte auf und poste sie dann hier in Deinem Thread, notfalls in mehreren Antworten.

Schritt 1
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Nagato · 17.05.2015, 16:01

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-05-2015 02
Ran by Scripted (administrator) on SCRIPTED-PC on 17-05-2015 16:58:33
Running from C:\Users\Scripted\Downloads
Loaded Profiles: Scripted (Available profiles: Scripted)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Akamai Technologies, Inc.) C:\Users\Scripted\AppData\Local\Akamai\netsession_win.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Akamai Technologies, Inc.) C:\Users\Scripted\AppData\Local\Akamai\netsession_win.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\Core\64bit\RzOvlMon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10151968 2010-04-20] (Realtek Semiconductor)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [728312 2015-05-07] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585536 2015-01-06] (Razer Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Aeria Ignite] => C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe [1925656 2013-06-06] (Aeria Games & Entertainment)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-651886148-2220087869-3585668557-1001\...\Run: [GoogleChromeAutoLaunch_98545E0278EA30FD847F8FF7481975A4] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [866120 2015-05-05] (Google Inc.)
HKU\S-1-5-21-651886148-2220087869-3585668557-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31280256 2015-04-17] (Skype Technologies S.A.)
HKU\S-1-5-21-651886148-2220087869-3585668557-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Scripted\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-30] (Akamai Technologies, Inc.)
HKU\S-1-5-21-651886148-2220087869-3585668557-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2888384 2015-05-15] (Valve Corporation)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2015-01-08] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-651886148-2220087869-3585668557-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
Winsock: Catalog9 01 C:\Windows\SysWOW64\abengine.dll [341952 2015-05-15] (Abengine)
Winsock: Catalog9 02 C:\Windows\SysWOW64\abengine.dll [341952 2015-05-15] (Abengine)
Winsock: Catalog9 03 C:\Windows\SysWOW64\abengine.dll [341952 2015-05-15] (Abengine)
Winsock: Catalog9 04 C:\Windows\SysWOW64\abengine.dll [341952 2015-05-15] (Abengine)
Winsock: Catalog9 15 C:\Windows\SysWOW64\abengine.dll [341952 2015-05-15] (Abengine)
Winsock: Catalog9-x64 01 C:\Windows\system32\abengine64.dll [409168 2015-05-15] (Abengine)
Winsock: Catalog9-x64 02 C:\Windows\system32\abengine64.dll [409168 2015-05-15] (Abengine)
Winsock: Catalog9-x64 03 C:\Windows\system32\abengine64.dll [409168 2015-05-15] (Abengine)
Winsock: Catalog9-x64 04 C:\Windows\system32\abengine64.dll [409168 2015-05-15] (Abengine)
Winsock: Catalog9-x64 15 C:\Windows\system32\abengine64.dll [409168 2015-05-15] (Abengine)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Scripted\AppData\Roaming\Mozilla\Firefox\Profiles\oieo3Z2A.default
FF Plugin: @unity3d.com/UnityPlayer64,version=1.0 -> C:\Program Files\Unity\WebPlayer64\loader-x64\npUnity3D64.dll [2014-12-05] (Unity Technologies ApS)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin-x32: @ogplanet.com/npOGPPlugin -> C:\Windows\system32\npOGPPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Extension: Avira Browser Safety - C:\Users\Scripted\AppData\Roaming\Mozilla\Firefox\Profiles\oieo3Z2A.default\Extensions\abs@avira.com [2015-01-06]

Chrome: 
=======
CHR HomePage: Default -> https://www.youtube.com/
CHR StartupUrls: Default -> ""
CHR Profile: C:\Users\Scripted\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Scripted\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-06]
CHR Extension: (Google Docs) - C:\Users\Scripted\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-06]
CHR Extension: (Google Drive) - C:\Users\Scripted\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-06]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Scripted\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-03-12]
CHR Extension: (YouTube) - C:\Users\Scripted\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-06]
CHR Extension: (Google Search) - C:\Users\Scripted\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-06]
CHR Extension: (PSO2 Extension) - C:\Users\Scripted\AppData\Local\Google\Chrome\User Data\Default\Extensions\febdkhimnahpmjpbidcofjdpjjggojhj [2015-01-27]
CHR Extension: (Google Sheets) - C:\Users\Scripted\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-06]
CHR Extension: (Bookmark Manager) - C:\Users\Scripted\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-17]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Scripted\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-12]
CHR Extension: (Google Wallet) - C:\Users\Scripted\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-06]
CHR Extension: (Gmail) - C:\Users\Scripted\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-06]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827640 2015-05-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-05-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-05-07] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1185584 2015-05-07] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3472368 2014-12-01] (INCA Internet Co., Ltd.)
S2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [186048 2014-12-10] ()
R2 RzOvlMon; C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe [32960 2014-04-18] (Razer, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [152744 2015-05-07] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-05-07] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-10] (Avira Operations GmbH & Co. KG)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
R3 RzDxgk; C:\Windows\system32\drivers\RzDxgk.sys [129472 2014-04-18] (Razer, Inc.)
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39592 2014-12-30] (Razer Inc)
R1 RzFilter; C:\Windows\system32\drivers\RzFilter.sys [74432 2014-04-18] (Razer, Inc.)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2014-12-10] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2014-12-10] (Razer, Inc.)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 X6va029; \??\C:\Windows\SysWOW64\Drivers\X6va029 [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-17 16:58 - 2015-05-17 16:58 - 02107392 _____ (Farbar) C:\Users\Scripted\Downloads\FRST64.exe
2015-05-17 16:58 - 2015-05-17 16:58 - 00011919 _____ () C:\Users\Scripted\Downloads\FRST.txt
2015-05-17 16:58 - 2015-05-17 16:58 - 00000000 ____D () C:\FRST
2015-05-17 14:49 - 2015-05-17 14:49 - 00000000 ____D () C:\Users\Scripted\AppData\Roaming\plztxpiu
2015-05-17 14:40 - 2015-05-17 14:49 - 00000000 ____D () C:\Users\Scripted\AppData\Roaming\hulpgcds
2015-05-15 13:59 - 2015-05-15 14:58 - 00000000 ____D () C:\Users\Scripted\AppData\Roaming\OBS
2015-05-15 13:58 - 2015-05-15 13:58 - 00000935 _____ () C:\Users\Scripted\Desktop\Open Broadcaster Software.lnk
2015-05-15 13:58 - 2015-05-15 13:58 - 00000000 ____D () C:\Users\Scripted\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software
2015-05-15 13:58 - 2015-05-15 13:58 - 00000000 ____D () C:\Program Files\OBS
2015-05-15 13:58 - 2015-05-15 13:58 - 00000000 ____D () C:\Program Files (x86)\OBS
2015-05-15 13:57 - 2015-05-15 13:58 - 07516302 _____ () C:\Users\Scripted\Downloads\OBS_0_64b_Installer.exe
2015-05-15 13:52 - 2015-05-15 13:52 - 00000000 ____D () C:\Users\Scripted\Documents\Action!
2015-05-15 13:50 - 2015-05-15 13:50 - 20600608 _____ (Mirillis Ltd.) C:\Users\Scripted\Downloads\action_1_18_0_setup (1).exe
2015-05-15 13:50 - 2015-05-15 13:50 - 00000000 ____D () C:\Program Files (x86)\Mirillis
2015-05-15 13:48 - 2015-05-15 13:48 - 18051072 _____ (Mirillis Ltd.) C:\Users\Scripted\Downloads\Unconfirmed 581980.crdownload
2015-05-15 13:45 - 2015-05-15 13:45 - 20600608 _____ (Mirillis Ltd.) C:\Users\Scripted\Downloads\Unconfirmed 346762.crdownload
2015-05-15 13:44 - 2015-05-15 13:44 - 00000000 ____D () C:\Users\Scripted\AppData\Roaming\sursenel
2015-05-15 13:43 - 2015-05-15 14:09 - 00009144 _____ () C:\Windows\SysWOW64\abengineOff.ini
2015-05-15 13:43 - 2015-05-15 14:09 - 00009144 _____ () C:\Windows\system32\abengineOff.ini
2015-05-15 13:43 - 2015-05-15 13:43 - 00003096 _____ () C:\Windows\System32\Tasks\iren3006
2015-05-15 13:43 - 2015-04-22 16:51 - 00341952 _____ (Abengine) C:\Windows\SysWOW64\abengine.dll
2015-05-15 13:42 - 2015-04-22 16:51 - 00409168 _____ (Abengine) C:\Windows\system32\abengine64.dll
2015-05-15 02:19 - 2015-05-15 14:58 - 00000000 ____D () C:\Users\Scripted\AppData\Roaming\vlc
2015-05-15 02:18 - 2015-05-15 04:04 - 597598984 _____ () C:\Users\Scripted\Documents\Elsword 420x..mxf
2015-05-15 02:18 - 2015-05-15 04:04 - 00000080 _____ () C:\Users\Scripted\Documents\Elsword 420x..mxf.sfl
2015-05-15 02:09 - 2015-05-15 02:10 - 00014296 _____ () C:\Users\Scripted\Downloads\Thug Life Music.mp3.sfk
2015-05-15 02:05 - 2015-05-15 02:05 - 00000000 ____D () C:\Users\Scripted\Desktop\MLG
2015-05-15 01:59 - 2015-05-15 01:59 - 00347152 _____ () C:\Users\Scripted\Downloads\BlazeBlue Theme - Black Onslaught II (Unlimited Ragnas Theme).mp3.sfk
2015-05-15 01:37 - 2015-05-15 01:37 - 00292792 _____ () C:\Users\Scripted\Downloads\Blazblue Calamity Trigger OST  - Taokakas Theme Song.mp3.sfk
2015-05-15 01:31 - 2015-05-15 01:32 - 00304448 _____ () C:\Users\Scripted\Downloads\K MISSING KINGS PV.avi.sfk
2015-05-15 01:30 - 2015-05-15 01:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack x64
2015-05-15 01:30 - 2015-05-15 01:30 - 00000000 ____D () C:\Program Files\K-Lite Codec Pack x64
2015-05-15 01:30 - 2013-06-21 20:00 - 00127488 _____ () C:\Windows\system32\ff_vfw.dll
2015-05-15 01:30 - 2012-06-09 19:21 - 00206336 _____ () C:\Windows\system32\unrar64.dll
2015-05-15 01:30 - 2011-12-07 19:37 - 00148992 _____ ( ) C:\Windows\system32\lagarith.dll
2015-05-15 01:28 - 2015-05-15 01:28 - 00000871 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2015-05-15 01:28 - 2015-05-15 01:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-05-15 01:28 - 2015-05-15 01:28 - 00000000 ____D () C:\Program Files\VideoLAN
2015-05-15 01:26 - 2015-05-15 01:26 - 01203488 _____ () C:\Users\Scripted\Downloads\VLC media player 64 Bit - CHIP-Installer.exe
2015-05-15 01:24 - 2015-05-17 14:55 - 00000000 ____D () C:\Fraps
2015-05-15 01:24 - 2015-05-15 01:25 - 12414036 _____ ( ) C:\Users\Scripted\Downloads\K-Lite_Codec_Pack_999_x64.exe
2015-05-15 01:24 - 2015-05-15 01:24 - 00000572 _____ () C:\Users\Public\Desktop\Fraps.lnk
2015-05-15 01:24 - 2015-05-15 01:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps
2015-05-15 01:22 - 2015-05-15 01:23 - 02628149 _____ () C:\Users\Scripted\Downloads\F_v3.5.9.zip
2015-05-15 01:21 - 2015-05-15 01:22 - 47210464 _____ () C:\Users\Scripted\Downloads\K MISSING KINGS PV.avi
2015-05-15 01:17 - 2015-05-15 01:39 - 00000000 ____D () C:\Users\Scripted\AppData\Local\LooksBuilder
2015-05-15 01:17 - 2015-05-15 01:17 - 00004218 _____ () C:\Windows\System32\Tasks\Red Giant Link
2015-05-15 01:16 - 2015-05-15 01:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Red Giant
2015-05-15 01:16 - 2015-05-15 01:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Magic Bullet Looks
2015-05-15 01:16 - 2015-05-15 01:16 - 00000000 ____D () C:\Program Files\Magic Bullet Looks Vegas
2015-05-15 01:16 - 2015-05-15 01:16 - 00000000 ____D () C:\Program Files (x86)\Red Giant Link
2015-05-15 01:16 - 2015-05-15 01:16 - 00000000 ____D () C:\Program Files (x86)\LooksBuilder
2015-05-15 01:15 - 2015-05-15 01:15 - 00000000 ____D () C:\Users\Scripted\AppData\Local\Downloaded Installations
2015-05-15 01:14 - 2015-05-15 01:15 - 83000735 _____ () C:\Users\Scripted\Downloads\MBL 64BITS FG®.rar
2015-05-15 01:14 - 2015-05-15 01:14 - 00000000 ____D () C:\Users\Scripted\AppData\Roaming\Sony Creative Software Inc
2015-05-15 01:08 - 2015-05-15 01:18 - 00000000 ____D () C:\Users\Scripted\AppData\Roaming\Red Giant Link
2015-05-15 01:06 - 2015-05-15 01:06 - 00000000 ____D () C:\ProgramData\RedGiant
2015-05-15 01:00 - 2015-05-15 01:00 - 00000000 ____D () C:\Users\Scripted\AppData\Roaming\Publish Providers
2015-05-15 00:55 - 2015-05-15 01:00 - 00000000 ____D () C:\Users\Scripted\AppData\Local\Sony
2015-05-15 00:55 - 2015-05-15 00:55 - 00001038 _____ () C:\Users\Public\Desktop\Vegas Pro 13.0 (64-bit).lnk
2015-05-15 00:55 - 2015-05-15 00:55 - 00000000 ____D () C:\ProgramData\Sony
2015-05-15 00:55 - 2015-05-15 00:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2015-05-15 00:55 - 2015-05-15 00:55 - 00000000 ____D () C:\Program Files\Sony
2015-05-15 00:55 - 2015-05-15 00:55 - 00000000 ____D () C:\Program Files (x86)\Sony
2015-05-15 00:47 - 2015-05-15 02:18 - 00000000 ____D () C:\Users\Scripted\AppData\Roaming\Sony
2015-05-15 00:35 - 2015-05-15 00:46 - 411058696 _____ (Sony Creative Software Inc.) C:\Users\Scripted\Downloads\vegaspro13.0.373_64bit.exe
2015-05-14 03:00 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 03:00 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 14:21 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-13 14:21 - 2015-04-21 19:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-13 14:21 - 2015-04-21 18:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-13 14:21 - 2015-04-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-13 14:21 - 2015-04-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-13 14:21 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-13 14:21 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-13 14:21 - 2015-04-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-13 14:21 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-13 14:21 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-13 14:21 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-13 14:21 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-13 14:21 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-13 14:21 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-13 14:21 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-13 14:21 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-13 14:21 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-13 14:21 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-13 14:20 - 2015-04-22 04:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-13 14:20 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-13 14:20 - 2015-04-21 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-13 14:20 - 2015-04-21 18:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-13 14:20 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-13 14:20 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-13 14:20 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-13 14:20 - 2015-04-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-13 14:20 - 2015-04-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-13 14:20 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-13 14:20 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-13 14:20 - 2015-04-21 18:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-13 14:20 - 2015-04-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-13 14:20 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-13 14:20 - 2015-04-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-13 14:20 - 2015-04-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-13 14:20 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-13 14:20 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-13 14:20 - 2015-04-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-13 14:20 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-13 14:20 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-13 14:20 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-13 14:20 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-13 14:20 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-13 14:20 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-13 14:20 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-13 14:20 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-13 14:20 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-13 14:20 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-13 14:20 - 2015-04-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-13 14:20 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-13 14:20 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-13 14:20 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-13 14:20 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-13 14:20 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-13 14:20 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-13 14:20 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-13 14:20 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-13 14:20 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-13 14:20 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-13 14:20 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-13 14:20 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-13 14:16 - 2015-05-05 03:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-13 14:16 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-13 14:16 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-13 14:16 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-13 14:16 - 2015-04-04 05:29 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-13 14:16 - 2015-04-04 05:29 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-13 14:16 - 2015-04-04 05:22 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-13 14:16 - 2015-04-04 05:22 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-13 14:16 - 2015-04-04 05:22 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-13 14:16 - 2015-04-04 05:22 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-13 14:16 - 2015-04-04 05:22 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-13 14:16 - 2015-04-04 05:22 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-13 14:16 - 2015-04-04 05:22 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-13 14:16 - 2015-04-04 05:22 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-13 14:16 - 2015-04-04 05:22 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-13 14:16 - 2015-04-04 05:22 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-13 14:16 - 2015-04-04 05:20 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-13 14:16 - 2015-04-04 05:20 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-13 14:16 - 2015-04-04 05:17 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-13 14:16 - 2015-04-04 05:17 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-13 14:16 - 2015-04-04 05:15 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-13 14:16 - 2015-04-04 05:05 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-13 14:16 - 2015-04-04 05:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-13 14:16 - 2015-04-04 05:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-13 14:16 - 2015-04-04 05:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-13 14:16 - 2015-04-04 05:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-13 14:16 - 2015-04-04 05:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-13 14:16 - 2015-04-04 05:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-13 14:16 - 2015-04-04 05:04 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-13 14:16 - 2015-04-04 05:04 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-13 14:16 - 2015-04-04 05:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-13 14:16 - 2015-04-04 05:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-13 14:16 - 2015-04-04 04:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-13 14:11 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-13 14:11 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-13 14:11 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-13 14:11 - 2015-04-20 04:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-13 14:11 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-13 14:11 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-13 14:11 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-13 14:11 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-13 14:11 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-13 14:11 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-10 17:51 - 2015-05-10 17:58 - 00000000 ____D () C:\Program Files (x86)\Heroes of the Storm
2015-05-09 20:21 - 2015-05-09 20:21 - 00000777 _____ () C:\Users\Scripted\Desktop\VOID Elsword.lnk
2015-05-09 20:21 - 2015-05-09 20:21 - 00000000 ____D () C:\Users\Scripted\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOID Elsword
2015-05-09 20:21 - 2015-05-09 20:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VOID Elsword
2015-05-09 20:19 - 2015-05-09 20:19 - 00000000 ____D () C:\Elsword
2015-05-09 20:18 - 2005-05-10 18:54 - 00258352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\unicows.dll
2015-04-29 17:38 - 2015-04-29 17:38 - 00000221 _____ () C:\Users\Scripted\Desktop\Killing Floor Mod Defence Alliance 2.url
2015-04-29 17:37 - 2015-04-29 17:38 - 00000220 _____ () C:\Users\Scripted\Desktop\Killing Floor.url
2015-04-29 16:28 - 2015-04-29 16:33 - 00000000 ____D () C:\Users\Scripted\AppData\Roaming\FiestaOnline
2015-04-28 17:20 - 2015-03-14 02:20 - 00000000 ____D () C:\Fiesta Online
2015-04-26 19:29 - 2015-04-26 19:29 - 00000000 ____D () C:\Users\Scripted\AppData\Roaming\.mono
2015-04-26 19:29 - 2015-04-26 19:29 - 00000000 ____D () C:\ProgramData\.mono
2015-04-26 19:26 - 2015-04-26 19:26 - 00000222 _____ () C:\Users\Scripted\Desktop\Deepworld.url
2015-04-22 19:00 - 2015-04-22 19:00 - 00000219 _____ () C:\Users\Scripted\Desktop\Left 4 Dead 2.url
2015-04-19 20:58 - 2015-04-23 19:47 - 00000000 ____D () C:\Users\Scripted\Documents\Gunz2
2015-04-19 20:58 - 2015-04-19 20:58 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2015-04-19 20:58 - 2015-04-19 20:58 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2015-04-19 19:57 - 2015-04-19 19:57 - 00000222 _____ () C:\Users\Scripted\Desktop\GunZ 2 The Second Duel.url

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-17 16:51 - 2015-01-06 18:23 - 00000000 ____D () C:\Users\Scripted\AppData\Roaming\Skype
2015-05-17 16:19 - 2015-01-06 17:57 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-17 16:18 - 2015-01-06 17:57 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-17 16:13 - 2015-01-06 17:57 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-17 16:13 - 2015-01-06 17:57 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-17 15:06 - 2015-01-06 18:14 - 00000000 ____D () C:\Users\Scripted\Downloads\Gameforge Live
2015-05-17 14:56 - 2015-01-25 18:26 - 00000000 ____D () C:\Users\Scripted\Documents\Bandicam
2015-05-17 14:53 - 2009-07-14 06:45 - 00014192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-17 14:53 - 2009-07-14 06:45 - 00014192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-17 14:51 - 2015-04-10 21:54 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-05-17 14:49 - 2015-01-06 17:24 - 01091878 _____ () C:\Windows\WindowsUpdate.log
2015-05-17 14:44 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-17 14:44 - 2009-07-14 06:51 - 00038276 _____ () C:\Windows\setupact.log
2015-05-17 14:43 - 2015-01-07 14:53 - 00679020 _____ () C:\Windows\PFRO.log
2015-05-17 14:33 - 2015-02-23 14:57 - 00000000 ____D () C:\Users\Scripted\AppData\Roaming\IMVU
2015-05-15 13:56 - 2015-01-25 19:03 - 00004600 _____ () C:\Windows\windefendam.log
2015-05-15 13:56 - 2015-01-25 19:03 - 00000020 _____ () C:\Windows\capsys184523.log
2015-05-15 13:56 - 2015-01-25 19:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mirillis
2015-05-15 13:43 - 2015-03-15 18:51 - 00000002 _____ () C:\END
2015-05-15 12:16 - 2015-01-06 17:58 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-15 04:35 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-05-15 02:06 - 2015-01-06 18:08 - 00000000 ____D () C:\Users\Scripted\AppData\Roaming\AIMP3
2015-05-15 01:16 - 2015-01-06 17:33 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-05-14 22:21 - 2015-04-11 22:01 - 00000000 ____D () C:\Users\Scripted\Documents\TmForever
2015-05-14 20:27 - 2015-01-25 15:51 - 00000000 ____D () C:\Users\Scripted\AppData\Local\osu!
2015-05-14 14:14 - 2009-07-14 06:45 - 00276008 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-14 03:08 - 2009-07-14 20:18 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-10 17:56 - 2015-04-07 23:08 - 00000000 ____D () C:\Users\Scripted\AppData\Local\Battle.net
2015-05-10 12:37 - 2015-04-07 23:10 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2015-05-10 12:26 - 2015-04-07 23:08 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2015-05-08 20:16 - 2012-02-16 18:57 - 00000000 ____D () C:\Users\Scripted\Desktop\LOLPBE
2015-05-07 17:59 - 2015-01-06 18:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-05-07 17:58 - 2015-01-06 18:05 - 00152744 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-05-07 17:58 - 2015-01-06 18:05 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-05-06 13:54 - 2015-01-06 18:23 - 00000000 ____D () C:\ProgramData\Skype
2015-04-30 18:07 - 2015-03-20 21:12 - 00000000 ____D () C:\Users\Scripted\AppData\Roaming\TS3Client
2015-04-30 14:07 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-29 17:38 - 2015-02-16 16:21 - 00000000 ____D () C:\Users\Scripted\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-04-28 17:13 - 2009-07-14 19:58 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2015-04-28 17:13 - 2009-07-14 19:58 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2015-04-28 17:13 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-19 16:38 - 2015-02-23 14:57 - 00001893 _____ () C:\Users\Scripted\Desktop\IMVU.lnk
2015-04-19 16:37 - 2015-02-23 14:57 - 00000000 ____D () C:\Users\Scripted\AppData\Roaming\IMVUClient

Some content of TEMP:
====================
C:\Users\Scripted\AppData\Local\Temp\amd-catalyst-omega-14.12-with-dotnet45-win7-64bit.exe
C:\Users\Scripted\AppData\Local\Temp\AutoDetectUtilApp.exe
C:\Users\Scripted\AppData\Local\Temp\avgnt.exe
C:\Users\Scripted\AppData\Local\Temp\bdfilters.dll
C:\Users\Scripted\AppData\Local\Temp\downloader.dll
C:\Users\Scripted\AppData\Local\Temp\ec96a427c11d98789bff57dd278bd61b.dll
C:\Users\Scripted\AppData\Local\Temp\fb1d5c12ab65a33663c67a42c8bf47b2.dll
C:\Users\Scripted\AppData\Local\Temp\InstallIMVU_516.0.exe
C:\Users\Scripted\AppData\Local\Temp\InstallIMVU_517.0.exe
C:\Users\Scripted\AppData\Local\Temp\raptrpatch.exe
C:\Users\Scripted\AppData\Local\Temp\raptr_stub.exe
C:\Users\Scripted\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Scripted\AppData\Local\Temp\Uninstaller-10412.exe
C:\Users\Scripted\AppData\Local\Temp\Uninstaller-12292.exe
C:\Users\Scripted\AppData\Local\Temp\Uninstaller-12732.exe
C:\Users\Scripted\AppData\Local\Temp\Uninstaller-13076.exe
C:\Users\Scripted\AppData\Local\Temp\Uninstaller-13836.exe
C:\Users\Scripted\AppData\Local\Temp\Uninstaller-7476.exe
C:\Users\Scripted\AppData\Local\Temp\utt155F.tmp.exe
C:\Users\Scripted\AppData\Local\Temp\utt5CCA.tmp.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-15 04:27

==================== End Of Log ============================

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-05-2015 02
Ran by Scripted at 2015-05-17 16:59:16
Running from C:\Users\Scripted\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-651886148-2220087869-3585668557-500 - Administrator - Disabled)
Gast (S-1-5-21-651886148-2220087869-3585668557-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-651886148-2220087869-3585668557-1002 - Limited - Enabled)
Scripted (S-1-5-21-651886148-2220087869-3585668557-1001 - Administrator - Enabled) => C:\Users\Scripted

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Aeria Ignite (HKLM-x32\...\Aeria Ignite 1.13.3296) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (HKLM-x32\...\Aeria Ignite) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (x32 Version: 1.13.3296 - Aeria Games & Entertainment) Hidden
AIMP3 (HKLM-x32\...\AIMP3) (Version: v3.60.1470, 16.01.2015 - AIMP DevTeam)
Akamai NetSession Interface (HKU\S-1-5-21-651886148-2220087869-3585668557-1001\...\Akamai) (Version:  - Akamai Technologies, Inc)
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.14 - Atheros Communications Inc.)
ATI AVIVO64 Codecs (Version: 11.1.0.50406 - ATI Technologies Inc.) Hidden
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
Avira (HKLM-x32\...\{b5675cc4-ab8b-4945-8c1d-4c5479556d6a}) (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.10.434 - Avira Operations GmbH & Co. KG)
Bandicam (HKLM-x32\...\Bandicam) (Version: 2.1.2.740 - Bandisoft.com)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - Bandisoft.com)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Deepworld (HKLM-x32\...\Steam App 340810) (Version:  - Bytebin)
Elsword (HKLM-x32\...\Elsword_de_is1) (Version:  - )
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Gameforge Live 2.0.6 (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.6 - Gameforge)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.152 - Google Inc.)
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
GunZ 2: The Second Duel (HKLM-x32\...\Steam App 242720) (Version:  - MAIET Entertainment)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
IMVU Avatar Chat Software (HKU\S-1-5-21-651886148-2220087869-3585668557-1001\...\IMVU Avatar chat client software BETA) (Version:  - )
Killing Floor (HKLM-x32\...\Steam App 1250) (Version:  - Tripwire Interactive)
Killing Floor Mod: Defence Alliance 2 (HKLM-x32\...\Steam App 35420) (Version:  - Defence Alliance Team)
K-Lite Codec Pack 9.9.9 (64-bit) (HKLM\...\KLiteCodecPack64_is1) (Version: 9.9.9 - )
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Magic Bullet Suite 64-bit (HKLM-x32\...\InstallShield_{3C09DE13-867C-4289-9F95-4510BB3A5F57}) (Version: 11.4.0 - Red Giant Software)
Magic Bullet Suite 64-bit (Version: 11.4.0 - Red Giant Software) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
MSI Afterburner 1.5.1 (HKLM-x32\...\Afterburner) (Version: 1.5.1 - MSI Co., LTD)
NVIDIA PhysX (HKLM-x32\...\{80407BA7-7763-4395-AB98-5233F1B34E65}) (Version: 9.13.1220 - NVIDIA Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
osu! (HKLM-x32\...\{ebd5d4c3-ce92-41cd-ba8c-c4651695916a}) (Version: latest - ppy Pty Ltd)
Phantasy Star Online 2: EPISODE 3 (HKLM-x32\...\{38CA1868-3A03-4B5D-93A1-FD6F61D6723A}_is1) (Version:  - SEGA)
Razer Core (HKLM-x32\...\Razer Core) (Version: 1.0.1.66 - Razer Inc)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.19.23944 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6093 - Realtek Semiconductor Corp.)
S4 League (HKLM-x32\...\S4 League) (Version:  - )
Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
sursenel (HKLM-x32\...\{7d0ff442-6ee9-4afb-74ec-015a61fc9fd0}) (Version: 1.0.0 - sidecom)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TmNationsForever (HKLM-x32\...\TmNationsForever_is1) (Version:  - Nadeo)
Unity Web Player (x64) (All users) (HKLM\...\UnityWebPlayer) (Version: 4.6.1f1 - Unity Technologies ApS)
Vegas Pro 13.0 (64-bit) (HKLM\...\{386F5740-091D-11E4-B13E-F04DA23A5C58}) (Version: 13.0.373 - Sony)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WinRAR 5.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-651886148-2220087869-3585668557-1001_Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InprocServer32 -> C:\Users\Scripted\AppData\Roaming\plztxpiu\ticyver.dll () <==== ATTENTION

==================== Restore Points  =========================

17-05-2015 16:53:35 Geplanter Prüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2015-01-27 20:43 - 00001484 ____A C:\Windows\system32\Drivers\etc\hosts
106.185.32.13 gs001.pso2gs.net #PSO2Proxy Public Network Ship 01
106.185.32.13 gs016.pso2gs.net #PSO2Proxy Public Network Ship 02
106.185.32.13 gs031.pso2gs.net #PSO2Proxy Public Network Ship 03
106.185.32.13 gs046.pso2gs.net #PSO2Proxy Public Network Ship 04
106.185.32.13 gs061.pso2gs.net #PSO2Proxy Public Network Ship 05
106.185.32.13 gs076.pso2gs.net #PSO2Proxy Public Network Ship 06
106.185.32.13 gs091.pso2gs.net #PSO2Proxy Public Network Ship 07
106.185.32.13 gs106.pso2gs.net #PSO2Proxy Public Network Ship 08
106.185.32.13 gs121.pso2gs.net #PSO2Proxy Public Network Ship 09
106.185.32.13 gs136.pso2gs.net #PSO2Proxy Public Network Ship 10


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {8B3015B2-3866-4623-8D8F-0B0A883FEA90} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-06] (Google Inc.)
Task: {9F3C99F4-F7C9-4FD7-B985-CED2DDBCDF55} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-06] (Google Inc.)
Task: {B3E23BEF-77AC-4035-83FC-1C17B906715F} - System32\Tasks\iren3006 => C:\PROGRA~2\HIGHLI~1\iren3006.exe <==== ATTENTION
Task: {F31389B0-F922-4632-A67F-7E39602C90CE} - System32\Tasks\Red Giant Link => C:\Program Files (x86)\Red Giant Link\Common\Red Giant Link.exe [2012-06-25] ()
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2015-05-17 14:49 - 2015-05-17 14:49 - 00168960 _____ () C:\Users\Scripted\AppData\Roaming\plztxpiu\ticyver.dll
2015-05-17 14:40 - 2015-05-17 14:40 - 00168960 _____ () C:\Users\Scripted\AppData\Roaming\hulpgcds\ticyver.dll
2015-05-15 12:16 - 2015-05-05 05:19 - 01633608 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.152\libglesv2.dll
2015-05-15 12:16 - 2015-05-05 05:19 - 00093000 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.152\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\abengine => ""="service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-651886148-2220087869-3585668557-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Scripted\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [{5A9E19DE-2A47-40E1-B4DA-588BB84E74AE}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{7D9F3215-D38F-46F4-A8C5-6BEA7A6191AF}] => (Allow) C:\Program Files (x86)\GameforgeLive\Games\DEU_deu\Elsword\data\x2.exe
FirewallRules: [{21E97794-F449-42F6-89D7-AA9B8EDA5705}] => (Allow) C:\Program Files (x86)\GameforgeLive\Games\DEU_deu\Elsword\data\x2.exe
FirewallRules: [TCP Query User{DD4757BC-BE19-46BA-BCDF-6A63E8356062}C:\cyberstep\getamped2_us\ga2.exe] => (Allow) C:\cyberstep\getamped2_us\ga2.exe
FirewallRules: [UDP Query User{7104D405-872E-440B-B2B8-31A457FE254B}C:\cyberstep\getamped2_us\ga2.exe] => (Allow) C:\cyberstep\getamped2_us\ga2.exe
FirewallRules: [TCP Query User{06B329F6-FB50-4993-9731-F8C97BC22C8F}C:\gamekiss\freestyle2\freestyle2.exe] => (Allow) C:\gamekiss\freestyle2\freestyle2.exe
FirewallRules: [UDP Query User{A133C1CB-F264-4E16-AE8E-89A5D8013871}C:\gamekiss\freestyle2\freestyle2.exe] => (Allow) C:\gamekiss\freestyle2\freestyle2.exe
FirewallRules: [TCP Query User{EE4DA531-B9AF-4A12-B1DD-75D4CBE58202}C:\cyberstep\getamped2_us\ga2.exe] => (Allow) C:\cyberstep\getamped2_us\ga2.exe
FirewallRules: [UDP Query User{6ADB1D5B-1EFC-455F-A872-3FF2C82D2F36}C:\cyberstep\getamped2_us\ga2.exe] => (Allow) C:\cyberstep\getamped2_us\ga2.exe
FirewallRules: [{B641BFD2-7AA8-4BCB-A674-39509D2B722A}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{AC1E048A-4B98-4B74-A1F9-F0D883904CFC}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{57E4F588-5682-4517-AFD9-3B00E4FAC4B2}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{64482C36-B4C8-4693-9C08-D467F390A53F}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{C4BE6CC1-4888-4CAB-AA35-D91EEF0C8DC5}] => (Allow) %USERPROFILE%\Downloads\Tweaker\PSO2 Tweaker.exe
FirewallRules: [TCP Query User{4007D01F-6347-4D1C-9D12-5F6FAF72430E}C:\users\scripted\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\scripted\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{1963AC41-F9CE-445C-8EDA-A3C715F3F6F1}C:\users\scripted\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\scripted\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{A407D60C-1D82-4565-B547-7993853F0E66}C:\users\scripted\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\scripted\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{11E00AD4-5AE9-49BA-A5A8-D5B1D25AF049}C:\users\scripted\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\scripted\appdata\local\akamai\netsession_win.exe
FirewallRules: [{DABA5152-3CE8-4136-B987-D3B310B42E01}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{7D7FD110-ED9B-4844-8DAF-A8F49A6BB6AB}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{FC5F7B42-8F7D-4225-8F50-7D24F87B572D}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{5A324DAF-6A5F-4589-B0D9-1DD97F0CE79C}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{CEDDC430-13B8-4185-9777-4C31AE3C75BD}] => (Allow) C:\Program Files (x86)\GameforgeLive\gfl_client.exe
FirewallRules: [{CD3B0611-810B-4C9C-9AD9-64CA4BF3E664}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rise_of_Incarnates\exe\roi.exe
FirewallRules: [{51AA787C-18F7-4D6D-AACE-BF17B143B168}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rise_of_Incarnates\exe\roi.exe
FirewallRules: [TCP Query User{C962BE46-1B62-4E23-BD00-520D15A4BB62}C:\users\public\sony online entertainment\installed games\dc universe online\unreal3\binaries\win32\dcgame.exe] => (Allow) C:\users\public\sony online entertainment\installed games\dc universe online\unreal3\binaries\win32\dcgame.exe
FirewallRules: [UDP Query User{F54D5580-6005-4340-8715-282E782E5969}C:\users\public\sony online entertainment\installed games\dc universe online\unreal3\binaries\win32\dcgame.exe] => (Allow) C:\users\public\sony online entertainment\installed games\dc universe online\unreal3\binaries\win32\dcgame.exe
FirewallRules: [TCP Query User{8D85142E-DCAD-4CEC-BFB1-BF6F7F3043B7}C:\program files (x86)\cabal online (eu)\launcher\launcher.exe] => (Allow) C:\program files (x86)\cabal online (eu)\launcher\launcher.exe
FirewallRules: [UDP Query User{11D02590-B38B-406F-A3EB-A80D69713A3F}C:\program files (x86)\cabal online (eu)\launcher\launcher.exe] => (Allow) C:\program files (x86)\cabal online (eu)\launcher\launcher.exe
FirewallRules: [{1D1EC7E6-0C6A-460E-A4BD-318F2522F988}] => (Allow) C:\Program Files (x86)\NexonEU\LostSagaEU\autoupgrade.exe
FirewallRules: [{A031E76A-EC44-4E97-8223-0A4699EB3D29}] => (Allow) C:\Program Files (x86)\NexonEU\LostSagaEU\autoupgrade.exe
FirewallRules: [{72E541C8-7686-4687-B45A-83344220A77A}] => (Allow) C:\Program Files (x86)\NexonEU\LostSagaEU\lostsaga.exe
FirewallRules: [{299149A4-4305-447D-8C2F-DB6C23BFB9BE}] => (Allow) C:\Program Files (x86)\NexonEU\LostSagaEU\lostsaga.exe
FirewallRules: [{6E927467-3D16-4DF7-A015-9C8EB2B34C95}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{A5791A22-A7BF-4DAD-A515-263376526DEE}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{4E78DB07-BF3F-458F-938C-4D44E26EA11D}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{ADF4EE00-AF05-4D0B-84F3-1947C4120451}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [TCP Query User{91CCA3D7-C00E-4FD5-8CCC-2809EC6A09D0}C:\program files (x86)\tmnationsforever\tmforever.exe] => (Allow) C:\program files (x86)\tmnationsforever\tmforever.exe
FirewallRules: [UDP Query User{DF7A8C5D-70D2-44EC-8FE1-3A8CE299192E}C:\program files (x86)\tmnationsforever\tmforever.exe] => (Allow) C:\program files (x86)\tmnationsforever\tmforever.exe
FirewallRules: [{17003637-8513-4F66-A78A-F1000AA8C73C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GunZ 2 The Second Duel\Gunz2_Steam.exe
FirewallRules: [{2F53FB02-F7A6-44C9-91C4-D31A96438DC9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GunZ 2 The Second Duel\Gunz2_Steam.exe
FirewallRules: [{7BA063C4-2D6A-47EB-9AC0-F6DE7D24233C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{3F9985CF-BD6D-4BEA-B5C1-2ECD340993A1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{18EE82D1-774C-4E92-9FE0-EA3030FDFBD4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Deepworld\Deepworld.exe
FirewallRules: [{3335C80D-389C-45A8-BFA9-C8654ACD8619}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Deepworld\Deepworld.exe
FirewallRules: [{ECD53EE2-D338-4D1A-A0B2-0643C59A90B7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\killingfloor\System\KillingFloor.exe
FirewallRules: [{9C04C64A-E0FB-445B-B660-9D6D93CCA296}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\killingfloor\System\KillingFloor.exe
FirewallRules: [{61497DD1-F960-49E6-A3EF-DEAE82483353}] => (Allow) C:\Elsword\VOID Elsword\data\x2.exe
FirewallRules: [{CD1A167F-636F-413D-B324-58AC8B007E36}] => (Allow) C:\Elsword\VOID Elsword\data\x2.exe
FirewallRules: [TCP Query User{FED5C433-EF1B-4C11-B6F6-04773DD3F598}C:\program files\sony\vegas pro 13.0\vegas130.exe] => (Allow) C:\program files\sony\vegas pro 13.0\vegas130.exe
FirewallRules: [UDP Query User{1CB633C7-2A29-46E8-BFFF-483A11DD4E79}C:\program files\sony\vegas pro 13.0\vegas130.exe] => (Allow) C:\program files\sony\vegas pro 13.0\vegas130.exe
FirewallRules: [{D2462279-DCA4-4D75-BB42-9486A81E3F45}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/17/2015 03:11:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: GoogleUpdate.exe, Version: 1.3.25.11, Zeitstempel: 0x545bb4ac
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x014796e3
ID des fehlerhaften Prozesses: 0xcd0
Startzeit der fehlerhaften Anwendung: 0xGoogleUpdate.exe0
Pfad der fehlerhaften Anwendung: GoogleUpdate.exe1
Pfad des fehlerhaften Moduls: GoogleUpdate.exe2
Berichtskennung: GoogleUpdate.exe3

Error: (05/17/2015 02:57:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: bdcam.exe, Version: 2.1.2.740, Zeitstempel: 0x54929335
Name des fehlerhaften Moduls: bdcam.exe, Version: 2.1.2.740, Zeitstempel: 0x54929335
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000195fe
ID des fehlerhaften Prozesses: 0x1298
Startzeit der fehlerhaften Anwendung: 0xbdcam.exe0
Pfad der fehlerhaften Anwendung: bdcam.exe1
Pfad des fehlerhaften Moduls: bdcam.exe2
Berichtskennung: bdcam.exe3

Error: (05/15/2015 03:42:51 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.18063 - Fehler beim Initialisieren der Profilerstellungs-API-Anfügeinfrastruktur. Dieser Prozess ermöglicht einem Profiler das Anfügen nicht. HRESULT: 0x80004005.  Prozess-ID (dezimal): 9240. Meldungs-ID: [0x2509].

Error: (05/15/2015 02:55:23 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.18063 - Fehler beim Initialisieren der Profilerstellungs-API-Anfügeinfrastruktur. Dieser Prozess ermöglicht einem Profiler das Anfügen nicht. HRESULT: 0x80004005.  Prozess-ID (dezimal): 8200. Meldungs-ID: [0x2509].

Error: (05/15/2015 02:53:28 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.18063 - Fehler beim Initialisieren der Profilerstellungs-API-Anfügeinfrastruktur. Dieser Prozess ermöglicht einem Profiler das Anfügen nicht. HRESULT: 0x80004005.  Prozess-ID (dezimal): 7796. Meldungs-ID: [0x2509].

Error: (05/15/2015 02:51:18 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.18063 - Fehler beim Initialisieren der Profilerstellungs-API-Anfügeinfrastruktur. Dieser Prozess ermöglicht einem Profiler das Anfügen nicht. HRESULT: 0x80004005.  Prozess-ID (dezimal): 3880. Meldungs-ID: [0x2509].

Error: (05/15/2015 02:49:19 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.18063 - Fehler beim Initialisieren der Profilerstellungs-API-Anfügeinfrastruktur. Dieser Prozess ermöglicht einem Profiler das Anfügen nicht. HRESULT: 0x80004005.  Prozess-ID (dezimal): 5524. Meldungs-ID: [0x2509].

Error: (05/15/2015 02:47:44 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.18063 - Fehler beim Initialisieren der Profilerstellungs-API-Anfügeinfrastruktur. Dieser Prozess ermöglicht einem Profiler das Anfügen nicht. HRESULT: 0x80004005.  Prozess-ID (dezimal): 7044. Meldungs-ID: [0x2509].

Error: (05/15/2015 02:46:11 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.18063 - Fehler beim Initialisieren der Profilerstellungs-API-Anfügeinfrastruktur. Dieser Prozess ermöglicht einem Profiler das Anfügen nicht. HRESULT: 0x80004005.  Prozess-ID (dezimal): 7376. Meldungs-ID: [0x2509].

Error: (05/15/2015 02:45:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: OBS.exe, Version: 0.6.3.8, Zeitstempel: 0x54c2efb8
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x046096e3
ID des fehlerhaften Prozesses: 0x920
Startzeit der fehlerhaften Anwendung: 0xOBS.exe0
Pfad der fehlerhaften Anwendung: OBS.exe1
Pfad des fehlerhaften Moduls: OBS.exe2
Berichtskennung: OBS.exe3


System errors:
=============
Error: (05/17/2015 03:11:10 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Google Update-Dienst (gupdate)" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/17/2015 02:46:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (05/17/2015 02:46:01 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht.

Error: (05/17/2015 02:44:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Razer Game Scanner" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (05/17/2015 02:44:42 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Razer Game Scanner erreicht.

Error: (05/17/2015 02:42:06 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows-Fehlerberichterstattungsdienst erreicht.

Error: (05/17/2015 02:40:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "abengine" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/17/2015 02:21:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Razer Game Scanner" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (05/17/2015 02:21:05 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Razer Game Scanner erreicht.

Error: (05/15/2015 04:33:43 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}


Microsoft Office Sessions:
=========================
Error: (05/17/2015 03:11:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: GoogleUpdate.exe1.3.25.11545bb4acunknown0.0.0.000000000c0000005014796e3cd001d090a2e9ce3942C:\Program Files (x86)\Google\Update\GoogleUpdate.exeunknown2b74f3b3-fc96-11e4-9fbe-bcaec527bbe4

Error: (05/17/2015 02:57:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: bdcam.exe2.1.2.74054929335bdcam.exe2.1.2.74054929335c0000005000195fe129801d090a0f27f7003C:\Program Files (x86)\Bandicam\bdcam.exeC:\Program Files (x86)\Bandicam\bdcam.exe4f504c87-fc94-11e4-9fbe-bcaec527bbe4

Error: (05/15/2015 03:42:51 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.18063 - Fehler beim Initialisieren der Profilerstellungs-API-Anfügeinfrastruktur. Dieser Prozess ermöglicht einem Profiler das Anfügen nicht. HRESULT: 0x80004005.  Prozess-ID (dezimal): 9240. Meldungs-ID: [0x2509].

Error: (05/15/2015 02:55:23 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.18063 - Fehler beim Initialisieren der Profilerstellungs-API-Anfügeinfrastruktur. Dieser Prozess ermöglicht einem Profiler das Anfügen nicht. HRESULT: 0x80004005.  Prozess-ID (dezimal): 8200. Meldungs-ID: [0x2509].

Error: (05/15/2015 02:53:28 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.18063 - Fehler beim Initialisieren der Profilerstellungs-API-Anfügeinfrastruktur. Dieser Prozess ermöglicht einem Profiler das Anfügen nicht. HRESULT: 0x80004005.  Prozess-ID (dezimal): 7796. Meldungs-ID: [0x2509].

Error: (05/15/2015 02:51:18 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.18063 - Fehler beim Initialisieren der Profilerstellungs-API-Anfügeinfrastruktur. Dieser Prozess ermöglicht einem Profiler das Anfügen nicht. HRESULT: 0x80004005.  Prozess-ID (dezimal): 3880. Meldungs-ID: [0x2509].

Error: (05/15/2015 02:49:19 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.18063 - Fehler beim Initialisieren der Profilerstellungs-API-Anfügeinfrastruktur. Dieser Prozess ermöglicht einem Profiler das Anfügen nicht. HRESULT: 0x80004005.  Prozess-ID (dezimal): 5524. Meldungs-ID: [0x2509].

Error: (05/15/2015 02:47:44 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.18063 - Fehler beim Initialisieren der Profilerstellungs-API-Anfügeinfrastruktur. Dieser Prozess ermöglicht einem Profiler das Anfügen nicht. HRESULT: 0x80004005.  Prozess-ID (dezimal): 7044. Meldungs-ID: [0x2509].

Error: (05/15/2015 02:46:11 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.18063 - Fehler beim Initialisieren der Profilerstellungs-API-Anfügeinfrastruktur. Dieser Prozess ermöglicht einem Profiler das Anfügen nicht. HRESULT: 0x80004005.  Prozess-ID (dezimal): 7376. Meldungs-ID: [0x2509].

Error: (05/15/2015 02:45:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: OBS.exe0.6.3.854c2efb8unknown0.0.0.000000000c0000005046096e392001d08f0d0ba4d853C:\Program Files (x86)\OBS\OBS.exeunknown4d3ee865-fb00-11e4-92a5-bcaec527bbe4


CodeIntegrity Errors:
===================================
  Date: 2015-01-06 16:36:13.572
  Description: Windows konnte die Abbildintegrität der Datei "\Device\CdRom0\NTGLM7X.SYS" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-01-06 16:36:13.557
  Description: Windows konnte die Abbildintegrität der Datei "\Device\CdRom0\NTGLM7X.SYS" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-01-06 16:36:10.983
  Description: Windows konnte die Abbildintegrität der Datei "\Device\CdRom0\Install\GMSIPCI.SYS" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-01-06 16:36:10.951
  Description: Windows konnte die Abbildintegrität der Datei "\Device\CdRom0\Install\GMSIPCI.SYS" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Processor: Pentium(R) Dual-Core CPU E6700 @ 3.20GHz
Percentage of memory in use: 54%
Total physical RAM: 4095.12 MB
Available physical RAM: 1879.4 MB
Total Pagefile: 8188.43 MB
Available Pagefile: 5474.05 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:777.75 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 71DB28AC)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Hier sind die Logs

Bootsektor · 17.05.2015, 23:05

Hallo,

sagt dir ein Programm mit dem Namen sursenel was? Wenn nein bitte deinstallieren.

Hast du da was in den Hosts eingestellt?

Code:

ATTFilter

106.185.32.13 gs001.pso2gs.net #PSO2Proxy Public Network Ship 01
106.185.32.13 gs016.pso2gs.net #PSO2Proxy Public Network Ship 02
106.185.32.13 gs031.pso2gs.net #PSO2Proxy Public Network Ship 03
106.185.32.13 gs046.pso2gs.net #PSO2Proxy Public Network Ship 04
106.185.32.13 gs061.pso2gs.net #PSO2Proxy Public Network Ship 05
106.185.32.13 gs076.pso2gs.net #PSO2Proxy Public Network Ship 06
106.185.32.13 gs091.pso2gs.net #PSO2Proxy Public Network Ship 07
106.185.32.13 gs106.pso2gs.net #PSO2Proxy Public Network Ship 08
106.185.32.13 gs121.pso2gs.net #PSO2Proxy Public Network Ship 09
106.185.32.13 gs136.pso2gs.net #PSO2Proxy Public Network Ship 10

?

Schritt 1
Bitte deinstalliere folgende Programme (falls vorhanden) :
sursenel
Dazu gehe auf:
den Windowsbutton in der Taskleiste --> Systemsteuerung --> Programme (Unterpunkt Programme deinstallieren) --> Programm auswählen --> entfernen

Falls du ein Programm nicht deinstallieren kannst, lade dir von hier den Revo-uninstaller herunter und deinstalliere es damit, wähle dabei den moderaten Modus.

Schritt 2

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
C:\Windows\SysWOW64\abengine.dll
cmd: netsh winsock reset
empyttemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Schritt 2
Starte noch einmal FRST.

Ändere keine der Voreinstellungen und drücke auf Scan.
Wenn der Scan abgeschlossen ist, wird ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.

Nagato · 18.05.2015, 14:39

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-05-2015 02
Ran by Scripted at 2015-05-18 15:34:02 Run:1
Running from C:\Users\Scripted\Downloads
Loaded Profiles: Scripted (Available profiles: Scripted)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
C:\Windows\SysWOW64\abengine.dll
cmd: netsh winsock reset
empyttemp:
*****************

"HKLM\SOFTWARE\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk" => Key deleted successfully.
C:\Windows\SysWOW64\abengine.dll => Moved successfully.

=========  netsh winsock reset =========


Der Winsock-Katalog wurde zur�ckgesetzt.
Sie m�ssen den Computer neu starten, um den Vorgang abzuschlie�en.


========= End of CMD: =========

empyttemp: => Error: No automatic fix found for this entry.

==== End of Fixlog 15:34:09 ====

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-05-2015 02
Ran by Scripted (administrator) on SCRIPTED-PC on 18-05-2015 15:35:08
Running from C:\Users\Scripted\Downloads
Loaded Profiles: Scripted (Available profiles: Scripted)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Akamai Technologies, Inc.) C:\Users\Scripted\AppData\Local\Akamai\netsession_win.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Akamai Technologies, Inc.) C:\Users\Scripted\AppData\Local\Akamai\netsession_win.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\Core\64bit\RzOvlMon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10151968 2010-04-20] (Realtek Semiconductor)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [728312 2015-05-07] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585536 2015-01-06] (Razer Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Aeria Ignite] => C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe [1925656 2013-06-06] (Aeria Games & Entertainment)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-651886148-2220087869-3585668557-1001\...\Run: [GoogleChromeAutoLaunch_98545E0278EA30FD847F8FF7481975A4] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [866120 2015-05-05] (Google Inc.)
HKU\S-1-5-21-651886148-2220087869-3585668557-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31280256 2015-04-17] (Skype Technologies S.A.)
HKU\S-1-5-21-651886148-2220087869-3585668557-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Scripted\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-30] (Akamai Technologies, Inc.)
HKU\S-1-5-21-651886148-2220087869-3585668557-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2888384 2015-05-15] (Valve Corporation)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2015-01-08] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-651886148-2220087869-3585668557-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Scripted\AppData\Roaming\Mozilla\Firefox\Profiles\oieo3Z2A.default
FF Plugin: @unity3d.com/UnityPlayer64,version=1.0 -> C:\Program Files\Unity\WebPlayer64\loader-x64\npUnity3D64.dll [2014-12-05] (Unity Technologies ApS)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin-x32: @ogplanet.com/npOGPPlugin -> C:\Windows\system32\npOGPPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Extension: Avira Browser Safety - C:\Users\Scripted\AppData\Roaming\Mozilla\Firefox\Profiles\oieo3Z2A.default\Extensions\abs@avira.com [2015-01-06]

Chrome: 
=======
CHR HomePage: Default -> https://www.youtube.com/
CHR StartupUrls: Default -> ""
CHR Profile: C:\Users\Scripted\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Scripted\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-06]
CHR Extension: (Google Docs) - C:\Users\Scripted\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-06]
CHR Extension: (Google Drive) - C:\Users\Scripted\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-06]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Scripted\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-03-12]
CHR Extension: (YouTube) - C:\Users\Scripted\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-06]
CHR Extension: (Google Search) - C:\Users\Scripted\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-06]
CHR Extension: (PSO2 Extension) - C:\Users\Scripted\AppData\Local\Google\Chrome\User Data\Default\Extensions\febdkhimnahpmjpbidcofjdpjjggojhj [2015-01-27]
CHR Extension: (Google Sheets) - C:\Users\Scripted\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-06]
CHR Extension: (Bookmark Manager) - C:\Users\Scripted\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-17]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Scripted\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-12]
CHR Extension: (Google Wallet) - C:\Users\Scripted\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-06]
CHR Extension: (Gmail) - C:\Users\Scripted\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-06]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827640 2015-05-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-05-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-05-07] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1185584 2015-05-07] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3472368 2014-12-01] (INCA Internet Co., Ltd.)
S2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [186048 2014-12-10] ()
R2 RzOvlMon; C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe [32960 2014-04-18] (Razer, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [152744 2015-05-07] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-05-07] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-10] (Avira Operations GmbH & Co. KG)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
R3 RzDxgk; C:\Windows\system32\drivers\RzDxgk.sys [129472 2014-04-18] (Razer, Inc.)
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39592 2014-12-30] (Razer Inc)
R1 RzFilter; C:\Windows\system32\drivers\RzFilter.sys [74432 2014-04-18] (Razer, Inc.)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2014-12-10] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2014-12-10] (Razer, Inc.)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 X6va029; \??\C:\Windows\SysWOW64\Drivers\X6va029 [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-18 15:35 - 2015-05-18 15:38 - 00011379 _____ () C:\Users\Scripted\Downloads\FRST.txt
2015-05-17 16:58 - 2015-05-18 15:35 - 00000000 ____D () C:\FRST
2015-05-17 16:58 - 2015-05-17 16:58 - 02107392 _____ (Farbar) C:\Users\Scripted\Downloads\FRST64.exe
2015-05-17 14:49 - 2015-05-17 14:49 - 00000000 ____D () C:\Users\Scripted\AppData\Roaming\plztxpiu
2015-05-17 14:40 - 2015-05-17 14:49 - 00000000 ____D () C:\Users\Scripted\AppData\Roaming\hulpgcds
2015-05-15 13:59 - 2015-05-15 14:58 - 00000000 ____D () C:\Users\Scripted\AppData\Roaming\OBS
2015-05-15 13:58 - 2015-05-15 13:58 - 00000935 _____ () C:\Users\Scripted\Desktop\Open Broadcaster Software.lnk
2015-05-15 13:58 - 2015-05-15 13:58 - 00000000 ____D () C:\Users\Scripted\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software
2015-05-15 13:58 - 2015-05-15 13:58 - 00000000 ____D () C:\Program Files\OBS
2015-05-15 13:58 - 2015-05-15 13:58 - 00000000 ____D () C:\Program Files (x86)\OBS
2015-05-15 13:52 - 2015-05-15 13:52 - 00000000 ____D () C:\Users\Scripted\Documents\Action!
2015-05-15 13:50 - 2015-05-15 13:50 - 00000000 ____D () C:\Program Files (x86)\Mirillis
2015-05-15 13:43 - 2015-05-15 14:09 - 00009144 _____ () C:\Windows\SysWOW64\abengineOff.ini
2015-05-15 13:43 - 2015-05-15 14:09 - 00009144 _____ () C:\Windows\system32\abengineOff.ini
2015-05-15 13:43 - 2015-05-15 13:43 - 00003096 _____ () C:\Windows\System32\Tasks\iren3006
2015-05-15 13:42 - 2015-04-22 16:51 - 00409168 _____ (Abengine) C:\Windows\system32\abengine64.dll
2015-05-15 02:19 - 2015-05-15 14:58 - 00000000 ____D () C:\Users\Scripted\AppData\Roaming\vlc
2015-05-15 02:18 - 2015-05-15 04:04 - 597598984 _____ () C:\Users\Scripted\Documents\Elsword 420x..mxf
2015-05-15 02:18 - 2015-05-15 04:04 - 00000080 _____ () C:\Users\Scripted\Documents\Elsword 420x..mxf.sfl
2015-05-15 02:05 - 2015-05-15 02:05 - 00000000 ____D () C:\Users\Scripted\Desktop\MLG
2015-05-15 01:30 - 2015-05-15 01:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack x64
2015-05-15 01:30 - 2015-05-15 01:30 - 00000000 ____D () C:\Program Files\K-Lite Codec Pack x64
2015-05-15 01:30 - 2013-06-21 20:00 - 00127488 _____ () C:\Windows\system32\ff_vfw.dll
2015-05-15 01:30 - 2012-06-09 19:21 - 00206336 _____ () C:\Windows\system32\unrar64.dll
2015-05-15 01:30 - 2011-12-07 19:37 - 00148992 _____ ( ) C:\Windows\system32\lagarith.dll
2015-05-15 01:28 - 2015-05-15 01:28 - 00000871 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2015-05-15 01:28 - 2015-05-15 01:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-05-15 01:28 - 2015-05-15 01:28 - 00000000 ____D () C:\Program Files\VideoLAN
2015-05-15 01:24 - 2015-05-17 14:55 - 00000000 ____D () C:\Fraps
2015-05-15 01:24 - 2015-05-15 01:24 - 00000572 _____ () C:\Users\Public\Desktop\Fraps.lnk
2015-05-15 01:24 - 2015-05-15 01:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps
2015-05-15 01:22 - 2015-05-15 01:23 - 02628149 _____ () C:\Users\Scripted\Downloads\F_v3.5.9.zip
2015-05-15 01:17 - 2015-05-15 01:39 - 00000000 ____D () C:\Users\Scripted\AppData\Local\LooksBuilder
2015-05-15 01:17 - 2015-05-15 01:17 - 00004218 _____ () C:\Windows\System32\Tasks\Red Giant Link
2015-05-15 01:16 - 2015-05-15 01:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Red Giant
2015-05-15 01:16 - 2015-05-15 01:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Magic Bullet Looks
2015-05-15 01:16 - 2015-05-15 01:16 - 00000000 ____D () C:\Program Files\Magic Bullet Looks Vegas
2015-05-15 01:16 - 2015-05-15 01:16 - 00000000 ____D () C:\Program Files (x86)\Red Giant Link
2015-05-15 01:16 - 2015-05-15 01:16 - 00000000 ____D () C:\Program Files (x86)\LooksBuilder
2015-05-15 01:15 - 2015-05-15 01:15 - 00000000 ____D () C:\Users\Scripted\AppData\Local\Downloaded Installations
2015-05-15 01:14 - 2015-05-15 01:14 - 00000000 ____D () C:\Users\Scripted\AppData\Roaming\Sony Creative Software Inc
2015-05-15 01:08 - 2015-05-15 01:18 - 00000000 ____D () C:\Users\Scripted\AppData\Roaming\Red Giant Link
2015-05-15 01:06 - 2015-05-15 01:06 - 00000000 ____D () C:\ProgramData\RedGiant
2015-05-15 01:00 - 2015-05-15 01:00 - 00000000 ____D () C:\Users\Scripted\AppData\Roaming\Publish Providers
2015-05-15 00:55 - 2015-05-15 01:00 - 00000000 ____D () C:\Users\Scripted\AppData\Local\Sony
2015-05-15 00:55 - 2015-05-15 00:55 - 00001038 _____ () C:\Users\Public\Desktop\Vegas Pro 13.0 (64-bit).lnk
2015-05-15 00:55 - 2015-05-15 00:55 - 00000000 ____D () C:\ProgramData\Sony
2015-05-15 00:55 - 2015-05-15 00:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2015-05-15 00:55 - 2015-05-15 00:55 - 00000000 ____D () C:\Program Files\Sony
2015-05-15 00:55 - 2015-05-15 00:55 - 00000000 ____D () C:\Program Files (x86)\Sony
2015-05-15 00:47 - 2015-05-15 02:18 - 00000000 ____D () C:\Users\Scripted\AppData\Roaming\Sony
2015-05-14 03:00 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 03:00 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 14:21 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-13 14:21 - 2015-04-21 19:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-13 14:21 - 2015-04-21 18:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-13 14:21 - 2015-04-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-13 14:21 - 2015-04-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-13 14:21 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-13 14:21 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-13 14:21 - 2015-04-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-13 14:21 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-13 14:21 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-13 14:21 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-13 14:21 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-13 14:21 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-13 14:21 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-13 14:21 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-13 14:21 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-13 14:21 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-13 14:21 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-13 14:20 - 2015-04-22 04:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-13 14:20 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-13 14:20 - 2015-04-21 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-13 14:20 - 2015-04-21 18:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-13 14:20 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-13 14:20 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-13 14:20 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-13 14:20 - 2015-04-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-13 14:20 - 2015-04-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-13 14:20 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-13 14:20 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-13 14:20 - 2015-04-21 18:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-13 14:20 - 2015-04-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-13 14:20 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-13 14:20 - 2015-04-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-13 14:20 - 2015-04-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-13 14:20 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-13 14:20 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-13 14:20 - 2015-04-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-13 14:20 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-13 14:20 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-13 14:20 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-13 14:20 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-13 14:20 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-13 14:20 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-13 14:20 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-13 14:20 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-13 14:20 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-13 14:20 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-13 14:20 - 2015-04-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-13 14:20 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-13 14:20 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-13 14:20 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-13 14:20 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-13 14:20 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-13 14:20 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-13 14:20 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-13 14:20 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-13 14:20 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-13 14:20 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-13 14:20 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-13 14:20 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-13 14:16 - 2015-05-05 03:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-13 14:16 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-13 14:16 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-13 14:16 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-13 14:16 - 2015-04-04 05:29 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-13 14:16 - 2015-04-04 05:29 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-13 14:16 - 2015-04-04 05:22 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-13 14:16 - 2015-04-04 05:22 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-13 14:16 - 2015-04-04 05:22 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-13 14:16 - 2015-04-04 05:22 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-13 14:16 - 2015-04-04 05:22 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-13 14:16 - 2015-04-04 05:22 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-13 14:16 - 2015-04-04 05:22 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-13 14:16 - 2015-04-04 05:22 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-13 14:16 - 2015-04-04 05:22 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-13 14:16 - 2015-04-04 05:22 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-13 14:16 - 2015-04-04 05:20 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-13 14:16 - 2015-04-04 05:20 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-13 14:16 - 2015-04-04 05:17 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-13 14:16 - 2015-04-04 05:17 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-13 14:16 - 2015-04-04 05:15 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-13 14:16 - 2015-04-04 05:05 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-13 14:16 - 2015-04-04 05:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-13 14:16 - 2015-04-04 05:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-13 14:16 - 2015-04-04 05:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-13 14:16 - 2015-04-04 05:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-13 14:16 - 2015-04-04 05:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-13 14:16 - 2015-04-04 05:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-13 14:16 - 2015-04-04 05:04 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-13 14:16 - 2015-04-04 05:04 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-13 14:16 - 2015-04-04 05:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-13 14:16 - 2015-04-04 05:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-13 14:16 - 2015-04-04 04:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-13 14:11 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-13 14:11 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-13 14:11 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-13 14:11 - 2015-04-20 04:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-13 14:11 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-13 14:11 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-13 14:11 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-13 14:11 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-13 14:11 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-13 14:11 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-10 17:51 - 2015-05-10 17:58 - 00000000 ____D () C:\Program Files (x86)\Heroes of the Storm
2015-05-09 20:21 - 2015-05-09 20:21 - 00000777 _____ () C:\Users\Scripted\Desktop\VOID Elsword.lnk
2015-05-09 20:21 - 2015-05-09 20:21 - 00000000 ____D () C:\Users\Scripted\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOID Elsword
2015-05-09 20:21 - 2015-05-09 20:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VOID Elsword
2015-05-09 20:19 - 2015-05-09 20:19 - 00000000 ____D () C:\Elsword
2015-05-09 20:18 - 2005-05-10 18:54 - 00258352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\unicows.dll
2015-04-29 17:38 - 2015-04-29 17:38 - 00000221 _____ () C:\Users\Scripted\Desktop\Killing Floor Mod Defence Alliance 2.url
2015-04-29 17:37 - 2015-04-29 17:38 - 00000220 _____ () C:\Users\Scripted\Desktop\Killing Floor.url
2015-04-29 16:28 - 2015-04-29 16:33 - 00000000 ____D () C:\Users\Scripted\AppData\Roaming\FiestaOnline
2015-04-28 17:20 - 2015-03-14 02:20 - 00000000 ____D () C:\Fiesta Online
2015-04-26 19:29 - 2015-04-26 19:29 - 00000000 ____D () C:\Users\Scripted\AppData\Roaming\.mono
2015-04-26 19:29 - 2015-04-26 19:29 - 00000000 ____D () C:\ProgramData\.mono
2015-04-26 19:26 - 2015-04-26 19:26 - 00000222 _____ () C:\Users\Scripted\Desktop\Deepworld.url
2015-04-22 19:00 - 2015-04-22 19:00 - 00000219 _____ () C:\Users\Scripted\Desktop\Left 4 Dead 2.url
2015-04-19 20:58 - 2015-04-23 19:47 - 00000000 ____D () C:\Users\Scripted\Documents\Gunz2
2015-04-19 20:58 - 2015-04-19 20:58 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2015-04-19 20:58 - 2015-04-19 20:58 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2015-04-19 19:57 - 2015-04-19 19:57 - 00000222 _____ () C:\Users\Scripted\Desktop\GunZ 2 The Second Duel.url

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-18 15:35 - 2015-01-06 17:24 - 01142025 _____ () C:\Windows\WindowsUpdate.log
2015-05-18 15:35 - 2009-07-14 06:45 - 00014192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-18 15:35 - 2009-07-14 06:45 - 00014192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-18 15:29 - 2015-01-06 18:23 - 00000000 ____D () C:\Users\Scripted\AppData\Roaming\Skype
2015-05-18 15:27 - 2015-04-10 21:54 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-05-18 15:25 - 2015-01-06 17:57 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-18 15:25 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-18 15:24 - 2009-07-14 06:51 - 00038388 _____ () C:\Windows\setupact.log
2015-05-17 22:18 - 2015-02-23 14:57 - 00000000 ____D () C:\Users\Scripted\AppData\Roaming\IMVU
2015-05-17 22:18 - 2015-01-06 17:57 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-17 17:05 - 2015-01-06 18:14 - 00000000 ____D () C:\Users\Scripted\Downloads\Gameforge Live
2015-05-17 16:13 - 2015-01-06 17:57 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-17 16:13 - 2015-01-06 17:57 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-17 14:56 - 2015-01-25 18:26 - 00000000 ____D () C:\Users\Scripted\Documents\Bandicam
2015-05-17 14:43 - 2015-01-07 14:53 - 00679020 _____ () C:\Windows\PFRO.log
2015-05-15 13:56 - 2015-01-25 19:03 - 00004600 _____ () C:\Windows\windefendam.log
2015-05-15 13:56 - 2015-01-25 19:03 - 00000020 _____ () C:\Windows\capsys184523.log
2015-05-15 13:56 - 2015-01-25 19:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mirillis
2015-05-15 13:43 - 2015-03-15 18:51 - 00000002 _____ () C:\END
2015-05-15 12:16 - 2015-01-06 17:58 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-15 04:35 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-05-15 02:06 - 2015-01-06 18:08 - 00000000 ____D () C:\Users\Scripted\AppData\Roaming\AIMP3
2015-05-15 01:16 - 2015-01-06 17:33 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-05-14 22:21 - 2015-04-11 22:01 - 00000000 ____D () C:\Users\Scripted\Documents\TmForever
2015-05-14 20:27 - 2015-01-25 15:51 - 00000000 ____D () C:\Users\Scripted\AppData\Local\osu!
2015-05-14 14:14 - 2009-07-14 06:45 - 00276008 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-14 03:08 - 2009-07-14 20:18 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-10 17:56 - 2015-04-07 23:08 - 00000000 ____D () C:\Users\Scripted\AppData\Local\Battle.net
2015-05-10 12:37 - 2015-04-07 23:10 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2015-05-10 12:26 - 2015-04-07 23:08 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2015-05-08 20:16 - 2012-02-16 18:57 - 00000000 ____D () C:\Users\Scripted\Desktop\LOLPBE
2015-05-07 17:59 - 2015-01-06 18:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-05-07 17:58 - 2015-01-06 18:05 - 00152744 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-05-07 17:58 - 2015-01-06 18:05 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-05-06 13:54 - 2015-01-06 18:23 - 00000000 ____D () C:\ProgramData\Skype
2015-04-30 18:07 - 2015-03-20 21:12 - 00000000 ____D () C:\Users\Scripted\AppData\Roaming\TS3Client
2015-04-30 14:07 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-29 17:38 - 2015-02-16 16:21 - 00000000 ____D () C:\Users\Scripted\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-04-28 17:13 - 2009-07-14 19:58 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2015-04-28 17:13 - 2009-07-14 19:58 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2015-04-28 17:13 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-19 16:38 - 2015-02-23 14:57 - 00001893 _____ () C:\Users\Scripted\Desktop\IMVU.lnk
2015-04-19 16:37 - 2015-02-23 14:57 - 00000000 ____D () C:\Users\Scripted\AppData\Roaming\IMVUClient

Some content of TEMP:
====================
C:\Users\Scripted\AppData\Local\Temp\amd-catalyst-omega-14.12-with-dotnet45-win7-64bit.exe
C:\Users\Scripted\AppData\Local\Temp\AutoDetectUtilApp.exe
C:\Users\Scripted\AppData\Local\Temp\avgnt.exe
C:\Users\Scripted\AppData\Local\Temp\bdfilters.dll
C:\Users\Scripted\AppData\Local\Temp\downloader.dll
C:\Users\Scripted\AppData\Local\Temp\ec96a427c11d98789bff57dd278bd61b.dll
C:\Users\Scripted\AppData\Local\Temp\fb1d5c12ab65a33663c67a42c8bf47b2.dll
C:\Users\Scripted\AppData\Local\Temp\InstallIMVU_516.0.exe
C:\Users\Scripted\AppData\Local\Temp\InstallIMVU_517.0.exe
C:\Users\Scripted\AppData\Local\Temp\raptrpatch.exe
C:\Users\Scripted\AppData\Local\Temp\raptr_stub.exe
C:\Users\Scripted\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Scripted\AppData\Local\Temp\Uninstaller-10412.exe
C:\Users\Scripted\AppData\Local\Temp\Uninstaller-12292.exe
C:\Users\Scripted\AppData\Local\Temp\Uninstaller-12732.exe
C:\Users\Scripted\AppData\Local\Temp\Uninstaller-13076.exe
C:\Users\Scripted\AppData\Local\Temp\Uninstaller-13836.exe
C:\Users\Scripted\AppData\Local\Temp\Uninstaller-7476.exe
C:\Users\Scripted\AppData\Local\Temp\utt155F.tmp.exe
C:\Users\Scripted\AppData\Local\Temp\utt5CCA.tmp.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-15 04:27

==================== End Of Log ============================

--- --- ---

Hier sind die Logs

Bootsektor · 18.05.2015, 22:41

Meine Frage bzgl. der Hostsdatei?

Nagato · 20.05.2015, 13:08

Sursenel oder wie diese Datei hieß habe ich wie von ihnen beschrieben per Systemsteuerung usw. beseitigt also deinstalliert.

Bootsektor · 23.05.2015, 01:54

Hallo,

was ist mit den Hosts?

Nagato · 23.05.2015, 11:45

Die Hosts sind für einen privat Server den ich aber nicht mehr benutze.
Falls ich diese löschen muss müssen sie mir nur Angaben machen wie dies geht.

Nagato · 31.05.2015, 18:23

Falls sie die Frage immernoch als unbeantwortet gelten lassen.
Wie es aussieht habe ich in den Hosts was verändert damit ich dieses Online Spiel spielen kann ja.
Wenn ich sie aber irgendwie wieder ändern muss würde ich sie gerne um Hilfe bitten falls dies nötig ist.

mfg Nagato

Bootsektor · 31.05.2015, 22:30

Hallo,

ja, die Einträge löschen. Ich mach das mal mit.

Schritt 1

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

Emptytemp:
Hosts:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Schritt 2
Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 3
Downloade Dir bitte Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad.
Starte Malwarebytes' Anti-Malware (MBAM).
Sollte die Benutzeroberfläche noch in Englisch sein, klicke auf Settings und wähle bei Language Deutsch aus.
Klicke im Anschluss auf Suchlauf, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf jetzt starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Aktionen anwenden.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Suchlauf-Protokoll aus und klicke auf Ansicht. Wähle Exportieren auf Textdatei (.txt) und speichere die Datei als mbam.txt auf dem Desktop ab.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Schritt 4
Starte noch einmal FRST.

Setze den Haken bei addition.txt und drücke auf Scan.
Wenn der Scan abgeschlossen ist, werden zwei neue Logfiles FRST.txt und addition.txt erstellt und auf dem Desktop (oder in dem Verzeichnis in dem FRST liegt) gespeichert.
Poste den Inhalt dieser Logfiles bitte hier in deinen Thread.

Nagato · 01.06.2015, 14:01

Code:

ATTFilter

Fix result of Farbar Recovery Scan Tool (x64) Version: 29-05-2015
Ran by Scripted at 2015-06-01 13:43:03 Run:2
Running from C:\Users\Scripted\Desktop
Loaded Profiles: Scripted (Available Profiles: Scripted)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Emptytemp:
Hosts:
*****************

"C:\Windows\System32\Drivers\etc\hosts" => Could not move.
Could not restore Hosts.
EmptyTemp: => Removed 822.5 MB temporary data.


The system needed a reboot. 

==== End of Fixlog 13:43:50 ====

Code:

ATTFilter

# AdwCleaner v4.206 - Bericht erstellt 01/06/2015 um 13:58:51
# Aktualisiert 01/06/2015 von Xplode
# Datenbank : 2015-05-31.5 [Server]
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (x64)
# Benutzername : Scripted - SCRIPTED-PC
# Gestarted von : C:\Users\Scripted\Downloads\AdwCleaner_4.206.exe
# Option : Suchlauf

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Datei Gefunden : C:\END
Datei Gefunden : C:\Windows\System32\abengine64.dll
Datei Gefunden : C:\Windows\System32\abengineOff.ini
Datei Gefunden : C:\Windows\SysWOW64\abengineOff.ini
Ordner Gefunden : C:\Program Files (x86)\HighlightSearches
Ordner Gefunden : C:\ProgramData\apn
Ordner Gefunden : C:\Windows\SysWOW64\config\systemprofile\AppData\Local\abengine

***** [ Geplante Tasks ] *****

Task Gefunden : iren3006
Task Gefunden : amiupdaterExd
Task Gefunden : amiupdaterExi

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Daten Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gefunden : HKCU\Software\InstalledBrowserExtensions
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.fr
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\timesheraldonline.com
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.timesheraldonline.com
Schlüssel Gefunden : HKCU\Software\OCS
Schlüssel Gefunden : HKCU\Software\sidecom
Schlüssel Gefunden : [x64] HKCU\Software\InstalledBrowserExtensions
Schlüssel Gefunden : [x64] HKCU\Software\OCS
Schlüssel Gefunden : [x64] HKCU\Software\sidecom
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\abengine.EXE
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{025EEF9C-90F5-417E-9196-09FA4AAB4C92}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{03F13205-38FF-4361-BECE-EE939A002FA2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{1FAAF6AB-B931-4D05-BA12-B0ECCCCE2D0F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{4AEC2270-2E5F-40C8-BE5A-E5A5264714C0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{52E8E39B-2773-448F-BC20-547CD8DA4685}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{62163814-0C94-4DC3-BA99-5E9E2420C914}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{68AEA825-D48B-4A56-87F0-6FCE988A2C48}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{6A0F07D3-F28E-4F45-8D4C-BBF8000F5BB8}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{7AF435BC-80A9-466E-938B-32E4482EBD65}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{85CEBABD-A775-41E2-8B67-FE06104F06ED}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{AE92A5AB-E575-4487-BCC0-96D333E5346C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C622315B-3049-43D4-9B41-D4B2DC2CD706}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{CDB85458-AE08-4106-B699-B946FF4A61CD}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{1BCB34DC-BA6D-4B44-B786-4E259598A7C8}
Schlüssel Gefunden : HKLM\SOFTWARE\TabNav
Schlüssel Gefunden : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\abengine
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{025EEF9C-90F5-417E-9196-09FA4AAB4C92}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{03F13205-38FF-4361-BECE-EE939A002FA2}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{1FAAF6AB-B931-4D05-BA12-B0ECCCCE2D0F}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{4AEC2270-2E5F-40C8-BE5A-E5A5264714C0}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{52E8E39B-2773-448F-BC20-547CD8DA4685}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{62163814-0C94-4DC3-BA99-5E9E2420C914}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{68AEA825-D48B-4A56-87F0-6FCE988A2C48}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{6A0F07D3-F28E-4F45-8D4C-BBF8000F5BB8}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{7AF435BC-80A9-466E-938B-32E4482EBD65}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{85CEBABD-A775-41E2-8B67-FE06104F06ED}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{AE92A5AB-E575-4487-BCC0-96D333E5346C}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{C622315B-3049-43D4-9B41-D4B2DC2CD706}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{CDB85458-AE08-4106-B699-B946FF4A61CD}

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17801


-\\ Mozilla Firefox v


-\\ Google Chrome v43.0.2357.81

Code:

ATTFilter

# AdwCleaner v4.206 - Bericht erstellt 01/06/2015 um 14:02:13
# Aktualisiert 01/06/2015 von Xplode
# Datenbank : 2015-05-31.5 [Server]
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (x64)
# Benutzername : Scripted - SCRIPTED-PC
# Gestarted von : C:\Users\Scripted\Downloads\AdwCleaner_4.206.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\apn
Ordner Gelöscht : C:\Program Files (x86)\HighlightSearches
Ordner Gelöscht : C:\Windows\SysWOW64\config\systemprofile\AppData\Local\abengine
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Windows\SysWOW64\abengineOff.ini
Datei Gelöscht : C:\Windows\System32\abengine64.dll
Datei Gelöscht : C:\Windows\System32\abengineOff.ini

***** [ Geplante Tasks ] *****

Task Gelöscht : iren3006
Task Gelöscht : amiupdaterExd
Task Gelöscht : amiupdaterExi

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\abengine.EXE
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\abengine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4AEC2270-2E5F-40C8-BE5A-E5A5264714C0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{52E8E39B-2773-448F-BC20-547CD8DA4685}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{62163814-0C94-4DC3-BA99-5E9E2420C914}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{68AEA825-D48B-4A56-87F0-6FCE988A2C48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6A0F07D3-F28E-4F45-8D4C-BBF8000F5BB8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7AF435BC-80A9-466E-938B-32E4482EBD65}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{85CEBABD-A775-41E2-8B67-FE06104F06ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AE92A5AB-E575-4487-BCC0-96D333E5346C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C622315B-3049-43D4-9B41-D4B2DC2CD706}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{CDB85458-AE08-4106-B699-B946FF4A61CD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{025EEF9C-90F5-417E-9196-09FA4AAB4C92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03F13205-38FF-4361-BECE-EE939A002FA2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1FAAF6AB-B931-4D05-BA12-B0ECCCCE2D0F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{1BCB34DC-BA6D-4B44-B786-4E259598A7C8}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4AEC2270-2E5F-40C8-BE5A-E5A5264714C0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{52E8E39B-2773-448F-BC20-547CD8DA4685}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{62163814-0C94-4DC3-BA99-5E9E2420C914}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{68AEA825-D48B-4A56-87F0-6FCE988A2C48}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{6A0F07D3-F28E-4F45-8D4C-BBF8000F5BB8}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{7AF435BC-80A9-466E-938B-32E4482EBD65}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{85CEBABD-A775-41E2-8B67-FE06104F06ED}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{AE92A5AB-E575-4487-BCC0-96D333E5346C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C622315B-3049-43D4-9B41-D4B2DC2CD706}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{CDB85458-AE08-4106-B699-B946FF4A61CD}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{025EEF9C-90F5-417E-9196-09FA4AAB4C92}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{03F13205-38FF-4361-BECE-EE939A002FA2}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1FAAF6AB-B931-4D05-BA12-B0ECCCCE2D0F}
Schlüssel Gelöscht : HKCU\Software\InstalledBrowserExtensions
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\sidecom
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKLM\SOFTWARE\TabNav
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.fr
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\timesheraldonline.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.timesheraldonline.com
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17801


-\\ Mozilla Firefox v


-\\ Google Chrome v43.0.2357.81


*************************

AdwCleaner[R0].txt - [4866 Bytes] - [01/06/2015 13:58:51]
AdwCleaner[S0].txt - [4569 Bytes] - [01/06/2015 14:02:13]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4628  Bytes] ##########

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 01.06.2015
Suchlauf-Zeit: 14:20:55
Logdatei: mbam.txt
Administrator: Ja

Version: 2.01.6.1022
Malware Datenbank: v2015.06.01.02
Rootkit Datenbank: v2015.05.31.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Scripted

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 372037
Verstrichene Zeit: 26 Min, 21 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 0
(Keine schädliche Elemente gefunden)

Registrierungswerte: 0
(Keine schädliche Elemente gefunden)

Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)

Ordner: 0
(Keine schädliche Elemente gefunden)

Dateien: 5
PUP.Optional.AudioAds.A, C:\Users\Scripted\AppData\Roaming\pithjydm\encecal.dll, In Quarantäne, [7511d3e29eecd85e913b0bd7b74cb14f], 
PUP.Optional.AudioAds.A, C:\Users\Scripted\AppData\Roaming\plztxpiu\encecal.dll, In Quarantäne, [7610367fc1c976c0735910d23ec5c838], 
PUP.Optional.AudioAds.A, C:\Users\Scripted\AppData\Roaming\hulpgcds\ticyver.dll, In Quarantäne, [5e284a6b7c0ed2640fbe15cdcc37ec14], 
PUP.Optional.AudioAds.A, C:\Users\Scripted\AppData\Roaming\pithjydm\ticyver.dll, Löschen bei Neustart, [3254d6dfff8be25424a989594eb5da26], 
PUP.Optional.AudioAds.A, C:\Users\Scripted\AppData\Roaming\plztxpiu\ticyver.dll, In Quarantäne, [bdc98f266e1ca88e2da0ebf7857eb947], 

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-05-2015
Ran by Scripted (administrator) on SCRIPTED-PC on 01-06-2015 14:58:10
Running from C:\Users\Scripted\Desktop
Loaded Profiles: Scripted (Available Profiles: Scripted)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\Core\64bit\RzOvlMon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Akamai Technologies, Inc.) C:\Users\Scripted\AppData\Local\Akamai\netsession_win.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Akamai Technologies, Inc.) C:\Users\Scripted\AppData\Local\Akamai\netsession_win.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10151968 2010-04-20] (Realtek Semiconductor)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [728312 2015-05-07] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585536 2015-01-06] (Razer Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Aeria Ignite] => C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe [1925656 2013-06-06] (Aeria Games & Entertainment)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-651886148-2220087869-3585668557-1001\...\Run: [GoogleChromeAutoLaunch_98545E0278EA30FD847F8FF7481975A4] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [861512 2015-05-22] (Google Inc.)
HKU\S-1-5-21-651886148-2220087869-3585668557-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31280256 2015-04-17] (Skype Technologies S.A.)
HKU\S-1-5-21-651886148-2220087869-3585668557-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Scripted\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-30] (Akamai Technologies, Inc.)
HKU\S-1-5-21-651886148-2220087869-3585668557-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8322328 2015-05-08] (Piriform Ltd)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2015-01-08] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-651886148-2220087869-3585668557-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Scripted\AppData\Roaming\Mozilla\Firefox\Profiles\oieo3Z2A.default
FF Plugin: @unity3d.com/UnityPlayer64,version=1.0 -> C:\Program Files\Unity\WebPlayer64\loader-x64\npUnity3D64.dll [2015-04-27] (Unity Technologies ApS)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin-x32: @ogplanet.com/npOGPPlugin -> C:\Windows\system32\npOGPPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Extension: Avira Browser Safety - C:\Users\Scripted\AppData\Roaming\Mozilla\Firefox\Profiles\oieo3Z2A.default\Extensions\abs@avira.com [2015-01-06]

Chrome: 
=======
CHR Profile: C:\Users\Scripted\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Scripted\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-06]
CHR Extension: (Google Docs) - C:\Users\Scripted\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-06]
CHR Extension: (Google Drive) - C:\Users\Scripted\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-06]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Scripted\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-03-12]
CHR Extension: (YouTube) - C:\Users\Scripted\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-06]
CHR Extension: (Google Search) - C:\Users\Scripted\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-06]
CHR Extension: (PSO2 Extension) - C:\Users\Scripted\AppData\Local\Google\Chrome\User Data\Default\Extensions\febdkhimnahpmjpbidcofjdpjjggojhj [2015-01-27]
CHR Extension: (Google Sheets) - C:\Users\Scripted\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-06]
CHR Extension: (Bookmark Manager) - C:\Users\Scripted\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-26]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Scripted\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-12]
CHR Extension: (Google Wallet) - C:\Users\Scripted\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-06]
CHR Extension: (Gmail) - C:\Users\Scripted\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-06]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827640 2015-05-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-05-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-05-07] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1185584 2015-05-07] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3472368 2014-12-01] (INCA Internet Co., Ltd.)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [186048 2014-12-10] ()
R2 RzOvlMon; C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe [32960 2014-04-18] (Razer, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [152744 2015-05-07] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-05-07] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-10] (Avira Operations GmbH & Co. KG)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
R3 RzDxgk; C:\Windows\system32\drivers\RzDxgk.sys [129472 2014-04-18] (Razer, Inc.)
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39592 2014-12-30] (Razer Inc)
R1 RzFilter; C:\Windows\system32\drivers\RzFilter.sys [74432 2014-04-18] (Razer, Inc.)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2014-12-10] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2014-12-10] (Razer, Inc.)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 X6va029; \??\C:\Windows\SysWOW64\Drivers\X6va029 [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-01 14:58 - 2015-06-01 14:58 - 00011526 _____ () C:\Users\Scripted\Desktop\FRST.txt
2015-06-01 14:56 - 2015-06-01 14:56 - 00001853 _____ () C:\Users\Scripted\Desktop\mbam.txt
2015-06-01 14:51 - 2015-06-01 14:51 - 00000000 ____D () C:\Users\Scripted\AppData\Roaming\scybjtph
2015-06-01 14:17 - 2015-06-01 14:55 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-01 14:17 - 2015-06-01 14:17 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-06-01 14:17 - 2015-06-01 14:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-06-01 14:17 - 2015-06-01 14:17 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-06-01 14:17 - 2015-06-01 14:17 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-06-01 14:17 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-01 14:17 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-01 14:17 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-06-01 14:12 - 2015-06-01 14:12 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Scripted\Downloads\mbam-setup-2.1.6.1022.exe
2015-06-01 14:02 - 2015-06-01 14:02 - 00004760 _____ () C:\Users\Scripted\Desktop\AdwCleaner[S0].txt
2015-06-01 13:58 - 2015-06-01 14:00 - 00004866 _____ () C:\Users\Scripted\Desktop\AdwCleaner[R0].txt
2015-06-01 13:52 - 2015-06-01 14:57 - 00000000 ____D () C:\AdwCleaner
2015-06-01 13:49 - 2015-06-01 13:49 - 02231296 _____ () C:\Users\Scripted\Downloads\AdwCleaner_4.206.exe
2015-06-01 13:45 - 2015-06-01 14:52 - 00002294 _____ () C:\Windows\PFRO.log
2015-06-01 13:42 - 2015-06-01 13:42 - 00000000 ____D () C:\Users\Scripted\Desktop\FRST-OlderVersion
2015-06-01 12:51 - 2015-06-01 14:52 - 00000224 _____ () C:\Windows\setupact.log
2015-06-01 12:51 - 2015-06-01 12:51 - 00000000 _____ () C:\Windows\setuperr.log
2015-05-31 19:02 - 2015-05-31 23:09 - 00000000 ____D () C:\Program Files\CCleaner
2015-05-31 19:02 - 2015-05-31 19:02 - 00002802 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-05-31 19:02 - 2015-05-31 19:02 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-05-31 19:02 - 2015-05-31 19:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-05-28 17:14 - 2015-05-28 17:14 - 00001166 _____ () C:\Users\Scripted\Desktop\TERA.lnk
2015-05-28 17:14 - 2015-05-28 17:14 - 00000000 ____D () C:\Users\Scripted\AppData\Roaming\TERA
2015-05-27 20:04 - 2015-05-27 20:04 - 00000000 ____D () C:\Users\Scripted\AppData\Roaming\NPLUTO Corporation
2015-05-27 19:55 - 2015-05-27 19:55 - 00000000 ____D () C:\GamesCampus
2015-05-27 19:52 - 2015-05-27 19:52 - 00003206 _____ () C:\Windows\System32\Tasks\{A0AC5BA2-6597-4A7A-998C-0DF2A34381F8}
2015-05-25 18:38 - 2015-06-01 14:51 - 00000000 ____D () C:\Users\Scripted\AppData\Roaming\pithjydm
2015-05-21 19:20 - 2015-05-21 19:20 - 00000000 ____D () C:\Users\Scripted\AppData\Roaming\Trove
2015-05-21 19:02 - 2015-05-28 17:10 - 00000000 ____D () C:\Users\Scripted\AppData\Local\Glyph
2015-05-21 19:02 - 2015-05-28 17:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glyph
2015-05-21 19:02 - 2015-05-28 17:10 - 00000000 ____D () C:\ProgramData\Glyph
2015-05-18 15:38 - 2015-05-18 15:39 - 00033758 _____ () C:\Users\Scripted\Downloads\Addition.txt
2015-05-17 16:58 - 2015-06-01 14:58 - 00000000 ____D () C:\FRST
2015-05-17 16:58 - 2015-06-01 13:42 - 02108928 _____ (Farbar) C:\Users\Scripted\Desktop\FRST64.exe
2015-05-17 14:49 - 2015-06-01 14:51 - 00000000 ____D () C:\Users\Scripted\AppData\Roaming\plztxpiu
2015-05-17 14:40 - 2015-06-01 14:51 - 00000000 ____D () C:\Users\Scripted\AppData\Roaming\hulpgcds
2015-05-15 13:59 - 2015-05-15 14:58 - 00000000 ____D () C:\Users\Scripted\AppData\Roaming\OBS
2015-05-15 13:58 - 2015-05-15 13:58 - 00000935 _____ () C:\Users\Scripted\Desktop\Open Broadcaster Software.lnk
2015-05-15 13:58 - 2015-05-15 13:58 - 00000000 ____D () C:\Users\Scripted\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software
2015-05-15 13:58 - 2015-05-15 13:58 - 00000000 ____D () C:\Program Files\OBS
2015-05-15 13:58 - 2015-05-15 13:58 - 00000000 ____D () C:\Program Files (x86)\OBS
2015-05-15 13:52 - 2015-05-15 13:52 - 00000000 ____D () C:\Users\Scripted\Documents\Action!
2015-05-15 13:50 - 2015-05-15 13:50 - 00000000 ____D () C:\Program Files (x86)\Mirillis
2015-05-15 02:19 - 2015-05-15 14:58 - 00000000 ____D () C:\Users\Scripted\AppData\Roaming\vlc
2015-05-15 02:18 - 2015-05-15 04:04 - 597598984 _____ () C:\Users\Scripted\Documents\Elsword 420x..mxf
2015-05-15 02:18 - 2015-05-15 04:04 - 00000080 _____ () C:\Users\Scripted\Documents\Elsword 420x..mxf.sfl
2015-05-15 02:05 - 2015-05-15 02:05 - 00000000 ____D () C:\Users\Scripted\Desktop\MLG
2015-05-15 01:30 - 2015-05-15 01:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack x64
2015-05-15 01:30 - 2015-05-15 01:30 - 00000000 ____D () C:\Program Files\K-Lite Codec Pack x64
2015-05-15 01:30 - 2013-06-21 20:00 - 00127488 _____ () C:\Windows\system32\ff_vfw.dll
2015-05-15 01:30 - 2012-06-09 19:21 - 00206336 _____ () C:\Windows\system32\unrar64.dll
2015-05-15 01:30 - 2011-12-07 19:37 - 00148992 _____ ( ) C:\Windows\system32\lagarith.dll
2015-05-15 01:28 - 2015-05-15 01:28 - 00000871 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2015-05-15 01:28 - 2015-05-15 01:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-05-15 01:28 - 2015-05-15 01:28 - 00000000 ____D () C:\Program Files\VideoLAN
2015-05-15 01:24 - 2015-05-17 14:55 - 00000000 ____D () C:\Fraps
2015-05-15 01:24 - 2015-05-15 01:24 - 00000572 _____ () C:\Users\Public\Desktop\Fraps.lnk
2015-05-15 01:24 - 2015-05-15 01:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps
2015-05-15 01:17 - 2015-05-15 01:39 - 00000000 ____D () C:\Users\Scripted\AppData\Local\LooksBuilder
2015-05-15 01:17 - 2015-05-15 01:17 - 00004218 _____ () C:\Windows\System32\Tasks\Red Giant Link
2015-05-15 01:16 - 2015-05-15 01:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Red Giant
2015-05-15 01:16 - 2015-05-15 01:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Magic Bullet Looks
2015-05-15 01:16 - 2015-05-15 01:16 - 00000000 ____D () C:\Program Files\Magic Bullet Looks Vegas
2015-05-15 01:16 - 2015-05-15 01:16 - 00000000 ____D () C:\Program Files (x86)\Red Giant Link
2015-05-15 01:16 - 2015-05-15 01:16 - 00000000 ____D () C:\Program Files (x86)\LooksBuilder
2015-05-15 01:15 - 2015-05-15 01:15 - 00000000 ____D () C:\Users\Scripted\AppData\Local\Downloaded Installations
2015-05-15 01:14 - 2015-05-15 01:14 - 00000000 ____D () C:\Users\Scripted\AppData\Roaming\Sony Creative Software Inc
2015-05-15 01:08 - 2015-05-15 01:18 - 00000000 ____D () C:\Users\Scripted\AppData\Roaming\Red Giant Link
2015-05-15 01:06 - 2015-05-15 01:06 - 00000000 ____D () C:\ProgramData\RedGiant
2015-05-15 01:00 - 2015-05-15 01:00 - 00000000 ____D () C:\Users\Scripted\AppData\Roaming\Publish Providers
2015-05-15 00:55 - 2015-05-15 01:00 - 00000000 ____D () C:\Users\Scripted\AppData\Local\Sony
2015-05-15 00:55 - 2015-05-15 00:55 - 00001038 _____ () C:\Users\Public\Desktop\Vegas Pro 13.0 (64-bit).lnk
2015-05-15 00:55 - 2015-05-15 00:55 - 00000000 ____D () C:\ProgramData\Sony
2015-05-15 00:55 - 2015-05-15 00:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2015-05-15 00:55 - 2015-05-15 00:55 - 00000000 ____D () C:\Program Files\Sony
2015-05-15 00:55 - 2015-05-15 00:55 - 00000000 ____D () C:\Program Files (x86)\Sony
2015-05-15 00:47 - 2015-05-15 02:18 - 00000000 ____D () C:\Users\Scripted\AppData\Roaming\Sony
2015-05-14 03:00 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 03:00 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 14:21 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-13 14:21 - 2015-04-21 19:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-13 14:21 - 2015-04-21 18:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-13 14:21 - 2015-04-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-13 14:21 - 2015-04-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-13 14:21 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-13 14:21 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-13 14:21 - 2015-04-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-13 14:21 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-13 14:21 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-13 14:21 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-13 14:21 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-13 14:21 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-13 14:21 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-13 14:21 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-13 14:21 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-13 14:21 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-13 14:21 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-13 14:20 - 2015-04-22 04:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-13 14:20 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-13 14:20 - 2015-04-21 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-13 14:20 - 2015-04-21 18:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-13 14:20 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-13 14:20 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-13 14:20 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-13 14:20 - 2015-04-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-13 14:20 - 2015-04-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-13 14:20 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-13 14:20 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-13 14:20 - 2015-04-21 18:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-13 14:20 - 2015-04-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-13 14:20 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-13 14:20 - 2015-04-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-13 14:20 - 2015-04-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-13 14:20 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-13 14:20 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-13 14:20 - 2015-04-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-13 14:20 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-13 14:20 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-13 14:20 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-13 14:20 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-13 14:20 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-13 14:20 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-13 14:20 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-13 14:20 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-13 14:20 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-13 14:20 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-13 14:20 - 2015-04-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-13 14:20 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-13 14:20 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-13 14:20 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-13 14:20 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-13 14:20 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-13 14:20 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-13 14:20 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-13 14:20 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-13 14:20 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-13 14:20 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-13 14:20 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-13 14:20 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-13 14:16 - 2015-05-05 03:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-13 14:16 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-13 14:16 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-13 14:16 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-13 14:16 - 2015-04-04 05:29 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-13 14:16 - 2015-04-04 05:29 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-13 14:16 - 2015-04-04 05:22 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-13 14:16 - 2015-04-04 05:22 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-13 14:16 - 2015-04-04 05:22 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-13 14:16 - 2015-04-04 05:22 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-13 14:16 - 2015-04-04 05:22 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-13 14:16 - 2015-04-04 05:22 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-13 14:16 - 2015-04-04 05:22 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-13 14:16 - 2015-04-04 05:22 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-13 14:16 - 2015-04-04 05:22 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-13 14:16 - 2015-04-04 05:22 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-13 14:16 - 2015-04-04 05:20 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-13 14:16 - 2015-04-04 05:20 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-13 14:16 - 2015-04-04 05:17 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-13 14:16 - 2015-04-04 05:17 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-13 14:16 - 2015-04-04 05:15 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-13 14:16 - 2015-04-04 05:05 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-13 14:16 - 2015-04-04 05:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-13 14:16 - 2015-04-04 05:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-13 14:16 - 2015-04-04 05:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-13 14:16 - 2015-04-04 05:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-13 14:16 - 2015-04-04 05:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-13 14:16 - 2015-04-04 05:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-13 14:16 - 2015-04-04 05:04 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-13 14:16 - 2015-04-04 05:04 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-13 14:16 - 2015-04-04 05:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-13 14:16 - 2015-04-04 05:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-13 14:16 - 2015-04-04 04:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-13 14:11 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-13 14:11 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-13 14:11 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-13 14:11 - 2015-04-20 04:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-13 14:11 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-13 14:11 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-13 14:11 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-13 14:11 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-13 14:11 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-13 14:11 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-10 17:51 - 2015-05-10 17:58 - 00000000 ____D () C:\Program Files (x86)\Heroes of the Storm
2015-05-09 20:21 - 2015-05-09 20:21 - 00000777 _____ () C:\Users\Scripted\Desktop\VOID Elsword.lnk
2015-05-09 20:21 - 2015-05-09 20:21 - 00000000 ____D () C:\Users\Scripted\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOID Elsword
2015-05-09 20:21 - 2015-05-09 20:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VOID Elsword
2015-05-09 20:19 - 2015-05-09 20:19 - 00000000 ____D () C:\Elsword
2015-05-09 20:18 - 2005-05-10 18:54 - 00258352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\unicows.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-01 14:56 - 2015-01-06 17:24 - 01747181 _____ () C:\Windows\WindowsUpdate.log
2015-06-01 14:54 - 2015-01-06 18:23 - 00000000 ____D () C:\Users\Scripted\AppData\Roaming\Skype
2015-06-01 14:52 - 2015-01-06 17:57 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-01 14:52 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-06-01 14:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Branding
2015-06-01 14:18 - 2015-01-06 17:57 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-01 14:18 - 2009-07-14 06:45 - 00014192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-01 14:18 - 2009-07-14 06:45 - 00014192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-01 13:11 - 2015-01-06 18:14 - 00000000 ____D () C:\Users\Scripted\Downloads\Gameforge Live
2015-06-01 01:54 - 2015-01-06 18:08 - 00000000 ____D () C:\Users\Scripted\AppData\Roaming\AIMP3
2015-05-31 20:04 - 2015-02-23 14:57 - 00000000 ____D () C:\Users\Scripted\AppData\Roaming\IMVU
2015-05-31 19:27 - 2015-03-20 21:12 - 00000000 ____D () C:\Users\Scripted\AppData\Roaming\TS3Client
2015-05-31 19:26 - 2015-01-29 23:06 - 00000000 ____D () C:\Windows\Minidump
2015-05-31 19:26 - 2015-01-06 17:18 - 00000000 ____D () C:\Windows\Panther
2015-05-28 17:14 - 2015-02-16 16:21 - 00000000 ____D () C:\Users\Scripted\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-05-28 17:14 - 2015-01-06 18:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge Live
2015-05-28 17:13 - 2015-01-06 18:14 - 00000000 ____D () C:\Program Files (x86)\GameforgeLive
2015-05-25 18:23 - 2015-01-06 17:58 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-17 16:13 - 2015-01-06 17:57 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-17 16:13 - 2015-01-06 17:57 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-17 14:56 - 2015-01-25 18:26 - 00000000 ____D () C:\Users\Scripted\Documents\Bandicam
2015-05-15 13:56 - 2015-01-25 19:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mirillis
2015-05-15 04:35 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-05-15 01:16 - 2015-01-06 17:33 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-05-14 22:21 - 2015-04-11 22:01 - 00000000 ____D () C:\Users\Scripted\Documents\TmForever
2015-05-14 20:27 - 2015-01-25 15:51 - 00000000 ____D () C:\Users\Scripted\AppData\Local\osu!
2015-05-14 14:14 - 2009-07-14 06:45 - 00276008 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-14 03:08 - 2009-07-14 20:18 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-10 17:56 - 2015-04-07 23:08 - 00000000 ____D () C:\Users\Scripted\AppData\Local\Battle.net
2015-05-08 20:16 - 2012-02-16 18:57 - 00000000 ____D () C:\Users\Scripted\Desktop\LOLPBE
2015-05-07 17:59 - 2015-01-06 18:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-05-07 17:58 - 2015-01-06 18:05 - 00152744 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-05-07 17:58 - 2015-01-06 18:05 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-05-06 13:54 - 2015-01-06 18:23 - 00000000 ____D () C:\ProgramData\Skype

Some files in TEMP:
====================
C:\Users\Scripted\AppData\Local\Temp\avgnt.exe
C:\Users\Scripted\AppData\Local\Temp\Quarantine.exe
C:\Users\Scripted\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-01 02:25

==================== End of log ============================

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-05-2015
Ran by Scripted at 2015-06-01 14:59:05
Running from C:\Users\Scripted\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-651886148-2220087869-3585668557-500 - Administrator - Disabled)
Gast (S-1-5-21-651886148-2220087869-3585668557-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-651886148-2220087869-3585668557-1002 - Limited - Enabled)
Scripted (S-1-5-21-651886148-2220087869-3585668557-1001 - Administrator - Enabled) => C:\Users\Scripted

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Aeria Ignite (HKLM-x32\...\Aeria Ignite 1.13.3296) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (HKLM-x32\...\Aeria Ignite) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (x32 Version: 1.13.3296 - Aeria Games & Entertainment) Hidden
AIMP3 (HKLM-x32\...\AIMP3) (Version: v3.60.1470, 16.01.2015 - AIMP DevTeam)
Akamai NetSession Interface (HKU\S-1-5-21-651886148-2220087869-3585668557-1001\...\Akamai) (Version:  - Akamai Technologies, Inc)
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.14 - Atheros Communications Inc.)
ATI AVIVO64 Codecs (Version: 11.1.0.50406 - ATI Technologies Inc.) Hidden
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
Avira (HKLM-x32\...\{b5675cc4-ab8b-4945-8c1d-4c5479556d6a}) (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.10.434 - Avira Operations GmbH & Co. KG)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - Bandisoft.com)
CCleaner (HKLM\...\CCleaner) (Version: 5.06 - Piriform)
Elsword (HKLM-x32\...\Elsword_de_is1) (Version:  - )
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Gameforge Live 2.0.7 (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.7 - Gameforge)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.)
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
IMVU Avatar Chat Software (HKU\S-1-5-21-651886148-2220087869-3585668557-1001\...\IMVU Avatar chat client software BETA) (Version:  - )
K-Lite Codec Pack 9.9.9 (64-bit) (HKLM\...\KLiteCodecPack64_is1) (Version: 9.9.9 - )
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Magic Bullet Suite 64-bit (HKLM-x32\...\InstallShield_{3C09DE13-867C-4289-9F95-4510BB3A5F57}) (Version: 11.4.0 - Red Giant Software)
Magic Bullet Suite 64-bit (Version: 11.4.0 - Red Giant Software) Hidden
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
MSI Afterburner 1.5.1 (HKLM-x32\...\Afterburner) (Version: 1.5.1 - MSI Co., LTD)
NVIDIA PhysX (HKLM-x32\...\{80407BA7-7763-4395-AB98-5233F1B34E65}) (Version: 9.13.1220 - NVIDIA Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
osu! (HKLM-x32\...\{ebd5d4c3-ce92-41cd-ba8c-c4651695916a}) (Version: latest - ppy Pty Ltd)
Phantasy Star Online 2: EPISODE 3 (HKLM-x32\...\{38CA1868-3A03-4B5D-93A1-FD6F61D6723A}_is1) (Version:  - SEGA)
Razer Core (HKLM-x32\...\Razer Core) (Version: 1.0.1.66 - Razer Inc)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.19.23944 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6093 - Realtek Semiconductor Corp.)
S4 League (HKLM-x32\...\S4 League) (Version:  - )
Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TERA (HKLM-x32\...\{A2F166A0-F031-4E27-A057-C69733219434}_is1) (Version: 28 - Gameforge Productions GmbH)
TmNationsForever (HKLM-x32\...\TmNationsForever_is1) (Version:  - Nadeo)
Unity Web Player (x64) (All users) (HKLM\...\UnityWebPlayer) (Version: 4.6.5f1 - Unity Technologies ApS)
Vegas Pro 13.0 (64-bit) (HKLM\...\{386F5740-091D-11E4-B13E-F04DA23A5C58}) (Version: 13.0.373 - Sony)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WinRAR 5.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-651886148-2220087869-3585668557-1001_Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InprocServer32 -> C:\Users\Scripted\AppData\Roaming\scybjtph\ticyver.dll () <==== ATTENTION

==================== Restore Points =========================

01-06-2015 02:32:10 Geplanter Prüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2015-01-27 20:43 - 00001484 ____A C:\Windows\system32\Drivers\etc\hosts
106.185.32.13 gs001.pso2gs.net #PSO2Proxy Public Network Ship 01
106.185.32.13 gs016.pso2gs.net #PSO2Proxy Public Network Ship 02
106.185.32.13 gs031.pso2gs.net #PSO2Proxy Public Network Ship 03
106.185.32.13 gs046.pso2gs.net #PSO2Proxy Public Network Ship 04
106.185.32.13 gs061.pso2gs.net #PSO2Proxy Public Network Ship 05
106.185.32.13 gs076.pso2gs.net #PSO2Proxy Public Network Ship 06
106.185.32.13 gs091.pso2gs.net #PSO2Proxy Public Network Ship 07
106.185.32.13 gs106.pso2gs.net #PSO2Proxy Public Network Ship 08
106.185.32.13 gs121.pso2gs.net #PSO2Proxy Public Network Ship 09
106.185.32.13 gs136.pso2gs.net #PSO2Proxy Public Network Ship 10


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {46FCFDC7-AFC4-40E0-B3AB-7B3A0E79CB56} - System32\Tasks\{A0AC5BA2-6597-4A7A-998C-0DF2A34381F8} => pcalua.exe -a "C:\Users\Scripted\Desktop\Drift City\DriftCity_Setup.exe" -d "C:\Users\Scripted\Desktop\Drift City"
Task: {6A2F0138-092B-4973-8B4A-FFF448784F03} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-05-08] (Piriform Ltd)
Task: {8B3015B2-3866-4623-8D8F-0B0A883FEA90} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-06] (Google Inc.)
Task: {9F3C99F4-F7C9-4FD7-B985-CED2DDBCDF55} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-06] (Google Inc.)
Task: {F31389B0-F922-4632-A67F-7E39602C90CE} - System32\Tasks\Red Giant Link => C:\Program Files (x86)\Red Giant Link\Common\Red Giant Link.exe [2012-06-25] ()
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2015-06-01 14:51 - 2015-06-01 14:51 - 00168960 _____ () C:\Users\Scripted\AppData\Roaming\scybjtph\ticyver.dll
2014-12-10 00:22 - 2014-12-10 00:22 - 00186048 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2015-05-25 18:23 - 2015-05-22 23:09 - 01670472 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\libglesv2.dll
2015-05-25 18:23 - 2015-05-22 23:09 - 00093000 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\libegl.dll
2015-05-08 20:50 - 2015-05-08 20:50 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-651886148-2220087869-3585668557-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Scripted\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{5A9E19DE-2A47-40E1-B4DA-588BB84E74AE}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{7D9F3215-D38F-46F4-A8C5-6BEA7A6191AF}] => (Allow) C:\Program Files (x86)\GameforgeLive\Games\DEU_deu\Elsword\data\x2.exe
FirewallRules: [{21E97794-F449-42F6-89D7-AA9B8EDA5705}] => (Allow) C:\Program Files (x86)\GameforgeLive\Games\DEU_deu\Elsword\data\x2.exe
FirewallRules: [{C4BE6CC1-4888-4CAB-AA35-D91EEF0C8DC5}] => (Allow) %USERPROFILE%\Downloads\Tweaker\PSO2 Tweaker.exe
FirewallRules: [TCP Query User{4007D01F-6347-4D1C-9D12-5F6FAF72430E}C:\users\scripted\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\scripted\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{1963AC41-F9CE-445C-8EDA-A3C715F3F6F1}C:\users\scripted\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\scripted\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{A407D60C-1D82-4565-B547-7993853F0E66}C:\users\scripted\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\scripted\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{11E00AD4-5AE9-49BA-A5A8-D5B1D25AF049}C:\users\scripted\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\scripted\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{91CCA3D7-C00E-4FD5-8CCC-2809EC6A09D0}C:\program files (x86)\tmnationsforever\tmforever.exe] => (Allow) C:\program files (x86)\tmnationsforever\tmforever.exe
FirewallRules: [UDP Query User{DF7A8C5D-70D2-44EC-8FE1-3A8CE299192E}C:\program files (x86)\tmnationsforever\tmforever.exe] => (Allow) C:\program files (x86)\tmnationsforever\tmforever.exe
FirewallRules: [{61497DD1-F960-49E6-A3EF-DEAE82483353}] => (Allow) C:\Elsword\VOID Elsword\data\x2.exe
FirewallRules: [{CD1A167F-636F-413D-B324-58AC8B007E36}] => (Allow) C:\Elsword\VOID Elsword\data\x2.exe
FirewallRules: [TCP Query User{FED5C433-EF1B-4C11-B6F6-04773DD3F598}C:\program files\sony\vegas pro 13.0\vegas130.exe] => (Allow) C:\program files\sony\vegas pro 13.0\vegas130.exe
FirewallRules: [UDP Query User{1CB633C7-2A29-46E8-BFFF-483A11DD4E79}C:\program files\sony\vegas pro 13.0\vegas130.exe] => (Allow) C:\program files\sony\vegas pro 13.0\vegas130.exe
FirewallRules: [{A797056E-535D-4BA2-A09D-24B706FD5CF7}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{93E323D5-A17D-4BE7-A9A1-E4383068DE98}] => (Allow) C:\Program Files (x86)\GameforgeLive\gfl_client.exe
FirewallRules: [TCP Query User{67136640-0C5B-489A-9086-4154ED26689E}C:\program files (x86)\gameforgelive\games\deu_deu\tera\tera-launcher.exe] => (Allow) C:\program files (x86)\gameforgelive\games\deu_deu\tera\tera-launcher.exe
FirewallRules: [UDP Query User{D472E0EA-60ED-45A8-86F0-101084F1FB6D}C:\program files (x86)\gameforgelive\games\deu_deu\tera\tera-launcher.exe] => (Allow) C:\program files (x86)\gameforgelive\games\deu_deu\tera\tera-launcher.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/01/2015 01:36:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 11.0.9600.17801, Zeitstempel: 0x5536642c
Name des fehlerhaften Moduls: MSHTML.dll, Version: 11.0.9600.17801, Zeitstempel: 0x5536793e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00186c93
ID des fehlerhaften Prozesses: 0x107c
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3

Error: (05/31/2015 11:49:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: SearchIndexer.exe, Version: 7.0.7600.16385, Zeitstempel: 0x4a5bd212
Name des fehlerhaften Moduls: npggNT64.des_unloaded, Version: 0.0.0.0, Zeitstempel: 0x548016ce
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000458a679f
ID des fehlerhaften Prozesses: 0x3570
Startzeit der fehlerhaften Anwendung: 0xSearchIndexer.exe0
Pfad der fehlerhaften Anwendung: SearchIndexer.exe1
Pfad des fehlerhaften Moduls: SearchIndexer.exe2
Berichtskennung: SearchIndexer.exe3

Error: (05/31/2015 11:49:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 11.0.9600.17801, Zeitstempel: 0x55366552
Name des fehlerhaften Moduls: npggNT64.des_unloaded, Version: 0.0.0.0, Zeitstempel: 0x548016ce
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000065e679f
ID des fehlerhaften Prozesses: 0x96c
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3

Error: (05/31/2015 10:56:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: SearchIndexer.exe, Version: 7.0.7600.16385, Zeitstempel: 0x4a5bd212
Name des fehlerhaften Moduls: kernel32.dll, Version: 6.1.7601.18798, Zeitstempel: 0x5507b879
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000010275
ID des fehlerhaften Prozesses: 0x3e00
Startzeit der fehlerhaften Anwendung: 0xSearchIndexer.exe0
Pfad der fehlerhaften Anwendung: SearchIndexer.exe1
Pfad des fehlerhaften Moduls: SearchIndexer.exe2
Berichtskennung: SearchIndexer.exe3

Error: (05/31/2015 10:55:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: SearchIndexer.exe, Version: 7.0.7600.16385, Zeitstempel: 0x4a5bd212
Name des fehlerhaften Moduls: kernel32.dll, Version: 6.1.7601.18798, Zeitstempel: 0x5507b879
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000010275
ID des fehlerhaften Prozesses: 0x43f8
Startzeit der fehlerhaften Anwendung: 0xSearchIndexer.exe0
Pfad der fehlerhaften Anwendung: SearchIndexer.exe1
Pfad des fehlerhaften Moduls: SearchIndexer.exe2
Berichtskennung: SearchIndexer.exe3

Error: (05/31/2015 10:55:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: SearchIndexer.exe, Version: 7.0.7600.16385, Zeitstempel: 0x4a5bd212
Name des fehlerhaften Moduls: kernel32.dll, Version: 6.1.7601.18798, Zeitstempel: 0x5507b879
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000010275
ID des fehlerhaften Prozesses: 0x3e54
Startzeit der fehlerhaften Anwendung: 0xSearchIndexer.exe0
Pfad der fehlerhaften Anwendung: SearchIndexer.exe1
Pfad des fehlerhaften Moduls: SearchIndexer.exe2
Berichtskennung: SearchIndexer.exe3

Error: (05/31/2015 10:55:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: SearchIndexer.exe, Version: 7.0.7600.16385, Zeitstempel: 0x4a5bd212
Name des fehlerhaften Moduls: kernel32.dll, Version: 6.1.7601.18798, Zeitstempel: 0x5507b879
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000028d47
ID des fehlerhaften Prozesses: 0x3c64
Startzeit der fehlerhaften Anwendung: 0xSearchIndexer.exe0
Pfad der fehlerhaften Anwendung: SearchIndexer.exe1
Pfad des fehlerhaften Moduls: SearchIndexer.exe2
Berichtskennung: SearchIndexer.exe3

Error: (05/31/2015 10:55:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: SearchIndexer.exe, Version: 7.0.7600.16385, Zeitstempel: 0x4a5bd212
Name des fehlerhaften Moduls: kernel32.dll, Version: 6.1.7601.18798, Zeitstempel: 0x5507b879
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000028d47
ID des fehlerhaften Prozesses: 0x41e0
Startzeit der fehlerhaften Anwendung: 0xSearchIndexer.exe0
Pfad der fehlerhaften Anwendung: SearchIndexer.exe1
Pfad des fehlerhaften Moduls: SearchIndexer.exe2
Berichtskennung: SearchIndexer.exe3

Error: (05/31/2015 10:55:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: SearchIndexer.exe, Version: 7.0.7600.16385, Zeitstempel: 0x4a5bd212
Name des fehlerhaften Moduls: kernel32.dll, Version: 6.1.7601.18798, Zeitstempel: 0x5507b879
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000028d47
ID des fehlerhaften Prozesses: 0x3f64
Startzeit der fehlerhaften Anwendung: 0xSearchIndexer.exe0
Pfad der fehlerhaften Anwendung: SearchIndexer.exe1
Pfad des fehlerhaften Moduls: SearchIndexer.exe2
Berichtskennung: SearchIndexer.exe3

Error: (05/31/2015 10:49:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: SearchIndexer.exe, Version: 7.0.7600.16385, Zeitstempel: 0x4a5bd212
Name des fehlerhaften Moduls: kernel32.dll, Version: 6.1.7601.18798, Zeitstempel: 0x5507b879
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000010275
ID des fehlerhaften Prozesses: 0x3d7c
Startzeit der fehlerhaften Anwendung: 0xSearchIndexer.exe0
Pfad der fehlerhaften Anwendung: SearchIndexer.exe1
Pfad des fehlerhaften Moduls: SearchIndexer.exe2
Berichtskennung: SearchIndexer.exe3


System errors:
=============
Error: (06/01/2015 02:02:52 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: 
%%1056

Error: (06/01/2015 02:02:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Razer Game Scanner" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (06/01/2015 02:02:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (06/01/2015 02:02:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (06/01/2015 02:02:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (06/01/2015 02:02:12 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Razer Game Scanner" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (06/01/2015 02:02:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Razer Overlay Subsystem Emergency Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (06/01/2015 02:02:11 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Druckwarteschlange" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (06/01/2015 02:02:11 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "AMD External Events Utility" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (06/01/2015 01:51:07 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.


Microsoft Office:
=========================
Error: (06/01/2015 01:36:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.178015536642cMSHTML.dll11.0.9600.178015536793ec000000500186c93107c01d09c5a337d41f0C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\system32\MSHTML.dll6c1e2892-0852-11e5-99bf-bcaec527bbe4

Error: (05/31/2015 11:49:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SearchIndexer.exe7.0.7600.163854a5bd212npggNT64.des_unloaded0.0.0.0548016cec000000500000000458a679f357001d09be469f501e3C:\Windows\system32\SearchIndexer.exenpggNT64.desde88800e-07de-11e5-965e-bcaec527bbe4

Error: (05/31/2015 11:49:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.1780155366552npggNT64.des_unloaded0.0.0.0548016cec000000500000000065e679f96c01d09bc92bbb82c4C:\Program Files\Internet Explorer\IEXPLORE.EXEnpggNT64.desde071929-07de-11e5-965e-bcaec527bbe4

Error: (05/31/2015 10:56:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SearchIndexer.exe7.0.7600.163854a5bd212kernel32.dll6.1.7601.187985507b879c000000500000000000102753e0001d09be43b50526cC:\Windows\system32\SearchIndexer.exeC:\Windows\system32\kernel32.dll79e617df-07d7-11e5-965e-bcaec527bbe4

Error: (05/31/2015 10:55:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SearchIndexer.exe7.0.7600.163854a5bd212kernel32.dll6.1.7601.187985507b879c0000005000000000001027543f801d09be4288fc8f1C:\Windows\system32\SearchIndexer.exeC:\Windows\system32\kernel32.dll67624a28-07d7-11e5-965e-bcaec527bbe4

Error: (05/31/2015 10:55:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SearchIndexer.exe7.0.7600.163854a5bd212kernel32.dll6.1.7601.187985507b879c000000500000000000102753e5401d09be4269eee2bC:\Windows\system32\SearchIndexer.exeC:\Windows\system32\kernel32.dll64fd9d3f-07d7-11e5-965e-bcaec527bbe4

Error: (05/31/2015 10:55:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SearchIndexer.exe7.0.7600.163854a5bd212kernel32.dll6.1.7601.187985507b879c00000050000000000028d473c6401d09be422a7db8eC:\Windows\system32\SearchIndexer.exeC:\Windows\system32\kernel32.dll61471704-07d7-11e5-965e-bcaec527bbe4

Error: (05/31/2015 10:55:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SearchIndexer.exe7.0.7600.163854a5bd212kernel32.dll6.1.7601.187985507b879c00000050000000000028d4741e001d09be41bbaaf57C:\Windows\system32\SearchIndexer.exeC:\Windows\system32\kernel32.dll5a267dfd-07d7-11e5-965e-bcaec527bbe4

Error: (05/31/2015 10:55:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SearchIndexer.exe7.0.7600.163854a5bd212kernel32.dll6.1.7601.187985507b879c00000050000000000028d473f6401d09be4151b2f13C:\Windows\system32\SearchIndexer.exeC:\Windows\system32\kernel32.dll54c99493-07d7-11e5-965e-bcaec527bbe4

Error: (05/31/2015 10:49:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SearchIndexer.exe7.0.7600.163854a5bd212kernel32.dll6.1.7601.187985507b879c000000500000000000102753d7c01d09be344cdaf64C:\Windows\system32\SearchIndexer.exeC:\Windows\system32\kernel32.dll838fdcad-07d6-11e5-965e-bcaec527bbe4


CodeIntegrity Errors:
===================================
  Date: 2015-01-06 16:36:13.572
  Description: Windows konnte die Abbildintegrität der Datei "\Device\CdRom0\NTGLM7X.SYS" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-01-06 16:36:13.557
  Description: Windows konnte die Abbildintegrität der Datei "\Device\CdRom0\NTGLM7X.SYS" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-01-06 16:36:10.983
  Description: Windows konnte die Abbildintegrität der Datei "\Device\CdRom0\Install\GMSIPCI.SYS" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-01-06 16:36:10.951
  Description: Windows konnte die Abbildintegrität der Datei "\Device\CdRom0\Install\GMSIPCI.SYS" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Processor: Pentium(R) Dual-Core CPU E6700 @ 3.20GHz
Percentage of memory in use: 58%
Total physical RAM: 4095.12 MB
Available physical RAM: 1713.99 MB
Total Pagefile: 8188.43 MB
Available Pagefile: 5452.53 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:807.61 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 71DB28AC)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

==================== End of log ============================

Ich hoffe dass das all die nötigen Logs waren.

mfg Nagato

Bootsektor · 02.06.2015, 22:21

Hallo,

da du ja schon so schön an deinen Hosts rumgebastelt hast... ist das ne original Ultimate-Version?

Hosts löschen.

Schritt 1

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

CustomCLSID: HKU\S-1-5-21-651886148-2220087869-3585668557-1001_Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InprocServer32 -> C:\Users\Scripted\AppData\Roaming\scybjtph\ticyver.dll () <==== ATTENTION
C:\Users\Scripted\AppData\Roaming\scybjtph
C:\Users\Scripted\AppData\Roaming\plztxpiu
C:\Users\Scripted\AppData\Roaming\hulpgcds
reboot:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Schritt 2
Starte noch einmal FRST.

Setze den Haken bei addition.txt und drücke auf Scan.
Wenn der Scan abgeschlossen ist, werden zwei neue Logfiles FRST.txt und addition.txt erstellt und auf dem Desktop (oder in dem Verzeichnis in dem FRST liegt) gespeichert.
Poste den Inhalt dieser Logfiles bitte hier in deinen Thread.

Nagato · 03.06.2015, 21:14

Ja ist eine original Version ^^

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-05-2015
Ran by Scripted (administrator) on SCRIPTED-PC on 03-06-2015 22:11:02
Running from C:\Users\Scripted\Desktop
Loaded Profiles: Scripted (Available Profiles: Scripted)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Akamai Technologies, Inc.) C:\Users\Scripted\AppData\Local\Akamai\netsession_win.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Akamai Technologies, Inc.) C:\Users\Scripted\AppData\Local\Akamai\netsession_win.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\Core\64bit\RzOvlMon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(AIMP DevTeam) C:\Program Files (x86)\AIMP3\AIMP3.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10151968 2010-04-20] (Realtek Semiconductor)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [728312 2015-05-07] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585536 2015-01-06] (Razer Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Aeria Ignite] => C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe [1925656 2013-06-06] (Aeria Games & Entertainment)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-651886148-2220087869-3585668557-1001\...\Run: [GoogleChromeAutoLaunch_98545E0278EA30FD847F8FF7481975A4] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [861512 2015-05-22] (Google Inc.)
HKU\S-1-5-21-651886148-2220087869-3585668557-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31280256 2015-04-17] (Skype Technologies S.A.)
HKU\S-1-5-21-651886148-2220087869-3585668557-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Scripted\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-30] (Akamai Technologies, Inc.)
HKU\S-1-5-21-651886148-2220087869-3585668557-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8322328 2015-05-08] (Piriform Ltd)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2015-01-08] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-651886148-2220087869-3585668557-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Scripted\AppData\Roaming\Mozilla\Firefox\Profiles\oieo3Z2A.default
FF Plugin: @unity3d.com/UnityPlayer64,version=1.0 -> C:\Program Files\Unity\WebPlayer64\loader-x64\npUnity3D64.dll [2015-04-27] (Unity Technologies ApS)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin-x32: @ogplanet.com/npOGPPlugin -> C:\Windows\system32\npOGPPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Extension: Avira Browser Safety - C:\Users\Scripted\AppData\Roaming\Mozilla\Firefox\Profiles\oieo3Z2A.default\Extensions\abs@avira.com [2015-01-06]

Chrome: 
=======
CHR Profile: C:\Users\Scripted\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Scripted\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-06]
CHR Extension: (Google Docs) - C:\Users\Scripted\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-06]
CHR Extension: (Google Drive) - C:\Users\Scripted\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-06]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Scripted\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-03-12]
CHR Extension: (YouTube) - C:\Users\Scripted\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-06]
CHR Extension: (Google Search) - C:\Users\Scripted\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-06]
CHR Extension: (PSO2 Extension) - C:\Users\Scripted\AppData\Local\Google\Chrome\User Data\Default\Extensions\febdkhimnahpmjpbidcofjdpjjggojhj [2015-01-27]
CHR Extension: (Google Sheets) - C:\Users\Scripted\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-06]
CHR Extension: (Bookmark Manager) - C:\Users\Scripted\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-26]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Scripted\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-12]
CHR Extension: (Google Wallet) - C:\Users\Scripted\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-06]
CHR Extension: (Gmail) - C:\Users\Scripted\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-06]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827640 2015-05-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-05-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-05-07] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1185584 2015-05-07] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3472368 2014-12-01] (INCA Internet Co., Ltd.)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [186048 2014-12-10] ()
R2 RzOvlMon; C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe [32960 2014-04-18] (Razer, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [152744 2015-05-07] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-05-07] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-10] (Avira Operations GmbH & Co. KG)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
R3 RzDxgk; C:\Windows\system32\drivers\RzDxgk.sys [129472 2014-04-18] (Razer, Inc.)
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39592 2014-12-30] (Razer Inc)
R1 RzFilter; C:\Windows\system32\drivers\RzFilter.sys [74432 2014-04-18] (Razer, Inc.)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2014-12-10] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2014-12-10] (Razer, Inc.)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 X6va029; \??\C:\Windows\SysWOW64\Drivers\X6va029 [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-03 22:11 - 2015-06-03 22:11 - 00011709 _____ () C:\Users\Scripted\Desktop\FRST.txt
2015-06-03 22:10 - 2015-06-03 22:10 - 00000348 _____ () C:\Users\Scripted\Desktop\Fixlist.txt
2015-06-03 14:54 - 2015-06-03 14:55 - 00000000 ____D () C:\Users\Scripted\Documents\Heroes of the Storm
2015-06-03 13:32 - 2015-06-03 13:32 - 00001195 _____ () C:\Users\Public\Desktop\Heroes of the Storm.lnk
2015-06-03 13:32 - 2015-06-03 13:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of the Storm
2015-06-03 13:00 - 2015-06-03 13:01 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2015-06-03 13:00 - 2015-06-03 13:00 - 00001118 _____ () C:\Users\Public\Desktop\Battle.net.lnk
2015-06-03 13:00 - 2015-06-03 13:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2015-06-03 12:58 - 2015-06-03 12:58 - 03081784 _____ (Blizzard Entertainment) C:\Users\Scripted\Downloads\Heroes-of-the-Storm-Setup-deDE.exe
2015-06-01 22:09 - 2015-06-01 22:09 - 00000000 ____D () C:\Users\Scripted\AppData\Roaming\ycdsqfvm
2015-06-01 18:53 - 2015-06-01 18:53 - 02156048 _____ (Reloaded Technologies) C:\Users\Scripted\Downloads\Crossfire_downloader (1).exe
2015-06-01 18:28 - 2015-06-01 18:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crossfire Europe
2015-06-01 18:16 - 2015-06-01 18:16 - 00000000 ____D () C:\SG Interactive
2015-06-01 17:25 - 2015-06-01 17:25 - 02156048 _____ (Reloaded Technologies) C:\Users\Scripted\Downloads\Crossfire_downloader.exe
2015-06-01 14:51 - 2015-06-01 14:51 - 00000000 ____D () C:\Users\Scripted\AppData\Roaming\scybjtph
2015-06-01 14:17 - 2015-06-01 14:55 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-01 14:17 - 2015-06-01 14:17 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-06-01 14:17 - 2015-06-01 14:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-06-01 14:17 - 2015-06-01 14:17 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-06-01 14:17 - 2015-06-01 14:17 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-06-01 14:17 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-01 14:17 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-01 14:17 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-06-01 14:12 - 2015-06-01 14:12 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Scripted\Downloads\mbam-setup-2.1.6.1022.exe
2015-06-01 13:52 - 2015-06-01 14:57 - 00000000 ____D () C:\AdwCleaner
2015-06-01 13:49 - 2015-06-01 13:49 - 02231296 _____ () C:\Users\Scripted\Downloads\AdwCleaner_4.206.exe
2015-06-01 13:45 - 2015-06-02 15:33 - 00003112 _____ () C:\Windows\PFRO.log
2015-06-01 13:42 - 2015-06-01 13:42 - 00000000 ____D () C:\Users\Scripted\Desktop\FRST-OlderVersion
2015-06-01 12:51 - 2015-06-03 19:47 - 00000504 _____ () C:\Windows\setupact.log
2015-06-01 12:51 - 2015-06-01 12:51 - 00000000 _____ () C:\Windows\setuperr.log
2015-05-31 19:02 - 2015-05-31 23:09 - 00000000 ____D () C:\Program Files\CCleaner
2015-05-31 19:02 - 2015-05-31 19:02 - 00002802 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-05-31 19:02 - 2015-05-31 19:02 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-05-31 19:02 - 2015-05-31 19:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-05-28 17:14 - 2015-05-28 17:14 - 00001166 _____ () C:\Users\Scripted\Desktop\TERA.lnk
2015-05-28 17:14 - 2015-05-28 17:14 - 00000000 ____D () C:\Users\Scripted\AppData\Roaming\TERA
2015-05-27 20:04 - 2015-05-27 20:04 - 00000000 ____D () C:\Users\Scripted\AppData\Roaming\NPLUTO Corporation
2015-05-27 19:52 - 2015-05-27 19:52 - 00003206 _____ () C:\Windows\System32\Tasks\{A0AC5BA2-6597-4A7A-998C-0DF2A34381F8}
2015-05-25 18:38 - 2015-06-01 14:51 - 00000000 ____D () C:\Users\Scripted\AppData\Roaming\pithjydm
2015-05-21 19:20 - 2015-05-21 19:20 - 00000000 ____D () C:\Users\Scripted\AppData\Roaming\Trove
2015-05-21 19:02 - 2015-05-28 17:10 - 00000000 ____D () C:\Users\Scripted\AppData\Local\Glyph
2015-05-21 19:02 - 2015-05-28 17:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glyph
2015-05-21 19:02 - 2015-05-28 17:10 - 00000000 ____D () C:\ProgramData\Glyph
2015-05-18 15:38 - 2015-05-18 15:39 - 00033758 _____ () C:\Users\Scripted\Downloads\Addition.txt
2015-05-17 16:58 - 2015-06-03 22:11 - 00000000 ____D () C:\FRST
2015-05-17 16:58 - 2015-06-01 13:42 - 02108928 _____ (Farbar) C:\Users\Scripted\Desktop\FRST64.exe
2015-05-17 14:49 - 2015-06-01 14:51 - 00000000 ____D () C:\Users\Scripted\AppData\Roaming\plztxpiu
2015-05-17 14:40 - 2015-06-01 14:51 - 00000000 ____D () C:\Users\Scripted\AppData\Roaming\hulpgcds
2015-05-15 13:59 - 2015-05-15 14:58 - 00000000 ____D () C:\Users\Scripted\AppData\Roaming\OBS
2015-05-15 13:58 - 2015-05-15 13:58 - 00000935 _____ () C:\Users\Scripted\Desktop\Open Broadcaster Software.lnk
2015-05-15 13:58 - 2015-05-15 13:58 - 00000000 ____D () C:\Users\Scripted\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software
2015-05-15 13:58 - 2015-05-15 13:58 - 00000000 ____D () C:\Program Files\OBS
2015-05-15 13:58 - 2015-05-15 13:58 - 00000000 ____D () C:\Program Files (x86)\OBS
2015-05-15 13:52 - 2015-05-15 13:52 - 00000000 ____D () C:\Users\Scripted\Documents\Action!
2015-05-15 13:50 - 2015-05-15 13:50 - 00000000 ____D () C:\Program Files (x86)\Mirillis
2015-05-15 02:19 - 2015-05-15 14:58 - 00000000 ____D () C:\Users\Scripted\AppData\Roaming\vlc
2015-05-15 02:18 - 2015-05-15 04:04 - 597598984 _____ () C:\Users\Scripted\Documents\Elsword 420x..mxf
2015-05-15 02:18 - 2015-05-15 04:04 - 00000080 _____ () C:\Users\Scripted\Documents\Elsword 420x..mxf.sfl
2015-05-15 02:05 - 2015-05-15 02:05 - 00000000 ____D () C:\Users\Scripted\Desktop\MLG
2015-05-15 01:30 - 2015-05-15 01:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack x64
2015-05-15 01:30 - 2015-05-15 01:30 - 00000000 ____D () C:\Program Files\K-Lite Codec Pack x64
2015-05-15 01:30 - 2013-06-21 20:00 - 00127488 _____ () C:\Windows\system32\ff_vfw.dll
2015-05-15 01:30 - 2012-06-09 19:21 - 00206336 _____ () C:\Windows\system32\unrar64.dll
2015-05-15 01:30 - 2011-12-07 19:37 - 00148992 _____ ( ) C:\Windows\system32\lagarith.dll
2015-05-15 01:28 - 2015-05-15 01:28 - 00000871 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2015-05-15 01:28 - 2015-05-15 01:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-05-15 01:28 - 2015-05-15 01:28 - 00000000 ____D () C:\Program Files\VideoLAN
2015-05-15 01:24 - 2015-05-17 14:55 - 00000000 ____D () C:\Fraps
2015-05-15 01:24 - 2015-05-15 01:24 - 00000572 _____ () C:\Users\Public\Desktop\Fraps.lnk
2015-05-15 01:24 - 2015-05-15 01:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps
2015-05-15 01:17 - 2015-05-15 01:39 - 00000000 ____D () C:\Users\Scripted\AppData\Local\LooksBuilder
2015-05-15 01:17 - 2015-05-15 01:17 - 00004218 _____ () C:\Windows\System32\Tasks\Red Giant Link
2015-05-15 01:16 - 2015-05-15 01:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Red Giant
2015-05-15 01:16 - 2015-05-15 01:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Magic Bullet Looks
2015-05-15 01:16 - 2015-05-15 01:16 - 00000000 ____D () C:\Program Files\Magic Bullet Looks Vegas
2015-05-15 01:16 - 2015-05-15 01:16 - 00000000 ____D () C:\Program Files (x86)\Red Giant Link
2015-05-15 01:16 - 2015-05-15 01:16 - 00000000 ____D () C:\Program Files (x86)\LooksBuilder
2015-05-15 01:15 - 2015-05-15 01:15 - 00000000 ____D () C:\Users\Scripted\AppData\Local\Downloaded Installations
2015-05-15 01:14 - 2015-05-15 01:14 - 00000000 ____D () C:\Users\Scripted\AppData\Roaming\Sony Creative Software Inc
2015-05-15 01:08 - 2015-05-15 01:18 - 00000000 ____D () C:\Users\Scripted\AppData\Roaming\Red Giant Link
2015-05-15 01:06 - 2015-05-15 01:06 - 00000000 ____D () C:\ProgramData\RedGiant
2015-05-15 01:00 - 2015-05-15 01:00 - 00000000 ____D () C:\Users\Scripted\AppData\Roaming\Publish Providers
2015-05-15 00:55 - 2015-05-15 01:00 - 00000000 ____D () C:\Users\Scripted\AppData\Local\Sony
2015-05-15 00:55 - 2015-05-15 00:55 - 00001038 _____ () C:\Users\Public\Desktop\Vegas Pro 13.0 (64-bit).lnk
2015-05-15 00:55 - 2015-05-15 00:55 - 00000000 ____D () C:\ProgramData\Sony
2015-05-15 00:55 - 2015-05-15 00:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2015-05-15 00:55 - 2015-05-15 00:55 - 00000000 ____D () C:\Program Files\Sony
2015-05-15 00:55 - 2015-05-15 00:55 - 00000000 ____D () C:\Program Files (x86)\Sony
2015-05-15 00:47 - 2015-05-15 02:18 - 00000000 ____D () C:\Users\Scripted\AppData\Roaming\Sony
2015-05-14 03:00 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 03:00 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 14:21 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-13 14:21 - 2015-04-21 19:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-13 14:21 - 2015-04-21 18:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-13 14:21 - 2015-04-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-13 14:21 - 2015-04-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-13 14:21 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-13 14:21 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-13 14:21 - 2015-04-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-13 14:21 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-13 14:21 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-13 14:21 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-13 14:21 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-13 14:21 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-13 14:21 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-13 14:21 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-13 14:21 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-13 14:21 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-13 14:21 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-13 14:20 - 2015-04-22 04:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-13 14:20 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-13 14:20 - 2015-04-21 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-13 14:20 - 2015-04-21 18:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-13 14:20 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-13 14:20 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-13 14:20 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-13 14:20 - 2015-04-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-13 14:20 - 2015-04-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-13 14:20 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-13 14:20 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-13 14:20 - 2015-04-21 18:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-13 14:20 - 2015-04-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-13 14:20 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-13 14:20 - 2015-04-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-13 14:20 - 2015-04-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-13 14:20 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-13 14:20 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-13 14:20 - 2015-04-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-13 14:20 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-13 14:20 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-13 14:20 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-13 14:20 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-13 14:20 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-13 14:20 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-13 14:20 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-13 14:20 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-13 14:20 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-13 14:20 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-13 14:20 - 2015-04-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-13 14:20 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-13 14:20 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-13 14:20 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-13 14:20 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-13 14:20 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-13 14:20 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-13 14:20 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-13 14:20 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-13 14:20 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-13 14:20 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-13 14:20 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-13 14:20 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-13 14:16 - 2015-05-05 03:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-13 14:16 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-13 14:16 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-13 14:16 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-13 14:16 - 2015-04-04 05:29 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-13 14:16 - 2015-04-04 05:29 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-13 14:16 - 2015-04-04 05:22 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-13 14:16 - 2015-04-04 05:22 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-13 14:16 - 2015-04-04 05:22 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-13 14:16 - 2015-04-04 05:22 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-13 14:16 - 2015-04-04 05:22 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-13 14:16 - 2015-04-04 05:22 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-13 14:16 - 2015-04-04 05:22 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-13 14:16 - 2015-04-04 05:22 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-13 14:16 - 2015-04-04 05:22 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-13 14:16 - 2015-04-04 05:22 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-13 14:16 - 2015-04-04 05:20 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-13 14:16 - 2015-04-04 05:20 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-13 14:16 - 2015-04-04 05:17 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-13 14:16 - 2015-04-04 05:17 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-13 14:16 - 2015-04-04 05:15 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-13 14:16 - 2015-04-04 05:05 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-13 14:16 - 2015-04-04 05:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-13 14:16 - 2015-04-04 05:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-13 14:16 - 2015-04-04 05:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-13 14:16 - 2015-04-04 05:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-13 14:16 - 2015-04-04 05:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-13 14:16 - 2015-04-04 05:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-13 14:16 - 2015-04-04 05:04 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-13 14:16 - 2015-04-04 05:04 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-13 14:16 - 2015-04-04 05:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-13 14:16 - 2015-04-04 05:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-13 14:16 - 2015-04-04 04:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-13 14:11 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-13 14:11 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-13 14:11 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-13 14:11 - 2015-04-20 04:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-13 14:11 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-13 14:11 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-13 14:11 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-13 14:11 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-13 14:11 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-13 14:11 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-10 17:51 - 2015-06-03 20:42 - 00000000 ____D () C:\Program Files (x86)\Heroes of the Storm
2015-05-09 20:21 - 2015-05-09 20:21 - 00000777 _____ () C:\Users\Scripted\Desktop\VOID Elsword.lnk
2015-05-09 20:21 - 2015-05-09 20:21 - 00000000 ____D () C:\Users\Scripted\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOID Elsword
2015-05-09 20:21 - 2015-05-09 20:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VOID Elsword
2015-05-09 20:19 - 2015-05-09 20:19 - 00000000 ____D () C:\Elsword
2015-05-09 20:18 - 2005-05-10 18:54 - 00258352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\unicows.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-03 22:08 - 2015-01-06 18:23 - 00000000 ____D () C:\Users\Scripted\AppData\Roaming\Skype
2015-06-03 22:01 - 2015-04-07 23:08 - 00000000 ____D () C:\Users\Scripted\AppData\Local\Battle.net
2015-06-03 21:53 - 2015-01-06 18:08 - 00000000 ____D () C:\Users\Scripted\AppData\Roaming\AIMP3
2015-06-03 21:18 - 2015-01-06 17:57 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-03 19:39 - 2015-02-23 14:57 - 00000000 ____D () C:\Users\Scripted\AppData\Roaming\IMVU
2015-06-03 18:37 - 2015-02-23 14:57 - 00001893 _____ () C:\Users\Scripted\Desktop\IMVU.lnk
2015-06-03 18:10 - 2015-01-06 18:14 - 00000000 ____D () C:\Users\Scripted\Downloads\Gameforge Live
2015-06-03 16:57 - 2015-01-06 17:24 - 01836980 _____ () C:\Windows\WindowsUpdate.log
2015-06-03 16:18 - 2015-01-06 17:57 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-03 14:54 - 2015-04-07 23:08 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2015-06-03 11:56 - 2009-07-14 06:45 - 00014192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-03 11:56 - 2009-07-14 06:45 - 00014192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-03 11:46 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-06-02 16:01 - 2015-01-06 18:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge Live
2015-06-02 16:01 - 2015-01-06 18:14 - 00000000 ____D () C:\Program Files (x86)\GameforgeLive
2015-06-01 14:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Branding
2015-05-31 19:27 - 2015-03-20 21:12 - 00000000 ____D () C:\Users\Scripted\AppData\Roaming\TS3Client
2015-05-31 19:26 - 2015-01-29 23:06 - 00000000 ____D () C:\Windows\Minidump
2015-05-31 19:26 - 2015-01-06 17:18 - 00000000 ____D () C:\Windows\Panther
2015-05-28 17:14 - 2015-02-16 16:21 - 00000000 ____D () C:\Users\Scripted\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-05-25 18:23 - 2015-01-06 17:58 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-17 16:13 - 2015-01-06 17:57 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-17 16:13 - 2015-01-06 17:57 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-17 14:56 - 2015-01-25 18:26 - 00000000 ____D () C:\Users\Scripted\Documents\Bandicam
2015-05-15 13:56 - 2015-01-25 19:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mirillis
2015-05-15 04:35 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-05-15 01:16 - 2015-01-06 17:33 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-05-14 22:21 - 2015-04-11 22:01 - 00000000 ____D () C:\Users\Scripted\Documents\TmForever
2015-05-14 20:27 - 2015-01-25 15:51 - 00000000 ____D () C:\Users\Scripted\AppData\Local\osu!
2015-05-14 14:14 - 2009-07-14 06:45 - 00276008 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-14 03:08 - 2009-07-14 20:18 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-08 20:16 - 2012-02-16 18:57 - 00000000 ____D () C:\Users\Scripted\Desktop\LOLPBE
2015-05-07 17:59 - 2015-01-06 18:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-05-07 17:58 - 2015-01-06 18:05 - 00152744 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-05-07 17:58 - 2015-01-06 18:05 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-05-06 13:54 - 2015-01-06 18:23 - 00000000 ____D () C:\ProgramData\Skype

Some files in TEMP:
====================
C:\Users\Scripted\AppData\Local\Temp\avgnt.exe
C:\Users\Scripted\AppData\Local\Temp\Quarantine.exe
C:\Users\Scripted\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-03 16:50

==================== End of log ============================

--- --- ---

[CODE]Additional
FRST Logfile:

Code:

ATTFilter

scan result of Farbar Recovery Scan Tool (x64) Version: 29-05-2015
Ran by Scripted at 2015-06-03 22:12:25
Running from C:\Users\Scripted\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-651886148-2220087869-3585668557-500 - Administrator - Disabled)
Gast (S-1-5-21-651886148-2220087869-3585668557-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-651886148-2220087869-3585668557-1002 - Limited - Enabled)
Scripted (S-1-5-21-651886148-2220087869-3585668557-1001 - Administrator - Enabled) => C:\Users\Scripted

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Aeria Ignite (HKLM-x32\...\Aeria Ignite 1.13.3296) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (HKLM-x32\...\Aeria Ignite) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (x32 Version: 1.13.3296 - Aeria Games & Entertainment) Hidden
AIMP3 (HKLM-x32\...\AIMP3) (Version: v3.60.1470, 16.01.2015 - AIMP DevTeam)
Akamai NetSession Interface (HKU\S-1-5-21-651886148-2220087869-3585668557-1001\...\Akamai) (Version:  - Akamai Technologies, Inc)
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.14 - Atheros Communications Inc.)
ATI AVIVO64 Codecs (Version: 11.1.0.50406 - ATI Technologies Inc.) Hidden
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
Avira (HKLM-x32\...\{b5675cc4-ab8b-4945-8c1d-4c5479556d6a}) (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.10.434 - Avira Operations GmbH & Co. KG)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - Bandisoft.com)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
CCleaner (HKLM\...\CCleaner) (Version: 5.06 - Piriform)
Elsword (HKLM-x32\...\Elsword_de_is1) (Version:  - )
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Gameforge Live 2.0.8 (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.8 - Gameforge)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.)
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
IMVU Avatar Chat Software (HKU\S-1-5-21-651886148-2220087869-3585668557-1001\...\IMVU Avatar chat client software BETA) (Version:  - )
K-Lite Codec Pack 9.9.9 (64-bit) (HKLM\...\KLiteCodecPack64_is1) (Version: 9.9.9 - )
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Magic Bullet Suite 64-bit (HKLM-x32\...\InstallShield_{3C09DE13-867C-4289-9F95-4510BB3A5F57}) (Version: 11.4.0 - Red Giant Software)
Magic Bullet Suite 64-bit (Version: 11.4.0 - Red Giant Software) Hidden
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
MSI Afterburner 1.5.1 (HKLM-x32\...\Afterburner) (Version: 1.5.1 - MSI Co., LTD)
NVIDIA PhysX (HKLM-x32\...\{80407BA7-7763-4395-AB98-5233F1B34E65}) (Version: 9.13.1220 - NVIDIA Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
osu! (HKLM-x32\...\{ebd5d4c3-ce92-41cd-ba8c-c4651695916a}) (Version: latest - ppy Pty Ltd)
Phantasy Star Online 2: EPISODE 3 (HKLM-x32\...\{38CA1868-3A03-4B5D-93A1-FD6F61D6723A}_is1) (Version:  - SEGA)
Razer Core (HKLM-x32\...\Razer Core) (Version: 1.0.1.66 - Razer Inc)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.19.23944 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6093 - Realtek Semiconductor Corp.)
S4 League (HKLM-x32\...\S4 League) (Version:  - )
Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TERA (HKLM-x32\...\{A2F166A0-F031-4E27-A057-C69733219434}_is1) (Version: 28 - Gameforge Productions GmbH)
TmNationsForever (HKLM-x32\...\TmNationsForever_is1) (Version:  - Nadeo)
Unity Web Player (x64) (All users) (HKLM\...\UnityWebPlayer) (Version: 4.6.5f1 - Unity Technologies ApS)
Vegas Pro 13.0 (64-bit) (HKLM\...\{386F5740-091D-11E4-B13E-F04DA23A5C58}) (Version: 13.0.373 - Sony)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WinRAR 5.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-651886148-2220087869-3585668557-1001_Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InprocServer32 -> C:\Users\Scripted\AppData\Roaming\ycdsqfvm\ticyver.dll () <==== ATTENTION

==================== Restore Points =========================

01-06-2015 02:32:10 Geplanter Prüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2015-01-27 20:43 - 00001484 ____A C:\Windows\system32\Drivers\etc\hosts
106.185.32.13 gs001.pso2gs.net #PSO2Proxy Public Network Ship 01
106.185.32.13 gs016.pso2gs.net #PSO2Proxy Public Network Ship 02
106.185.32.13 gs031.pso2gs.net #PSO2Proxy Public Network Ship 03
106.185.32.13 gs046.pso2gs.net #PSO2Proxy Public Network Ship 04
106.185.32.13 gs061.pso2gs.net #PSO2Proxy Public Network Ship 05
106.185.32.13 gs076.pso2gs.net #PSO2Proxy Public Network Ship 06
106.185.32.13 gs091.pso2gs.net #PSO2Proxy Public Network Ship 07
106.185.32.13 gs106.pso2gs.net #PSO2Proxy Public Network Ship 08
106.185.32.13 gs121.pso2gs.net #PSO2Proxy Public Network Ship 09
106.185.32.13 gs136.pso2gs.net #PSO2Proxy Public Network Ship 10


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {46FCFDC7-AFC4-40E0-B3AB-7B3A0E79CB56} - System32\Tasks\{A0AC5BA2-6597-4A7A-998C-0DF2A34381F8} => pcalua.exe -a "C:\Users\Scripted\Desktop\Drift City\DriftCity_Setup.exe" -d "C:\Users\Scripted\Desktop\Drift City"
Task: {6A2F0138-092B-4973-8B4A-FFF448784F03} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-05-08] (Piriform Ltd)
Task: {8B3015B2-3866-4623-8D8F-0B0A883FEA90} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-06] (Google Inc.)
Task: {9F3C99F4-F7C9-4FD7-B985-CED2DDBCDF55} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-06] (Google Inc.)
Task: {F31389B0-F922-4632-A67F-7E39602C90CE} - System32\Tasks\Red Giant Link => C:\Program Files (x86)\Red Giant Link\Common\Red Giant Link.exe [2012-06-25] ()
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2015-06-01 22:09 - 2015-06-01 22:09 - 00168960 _____ () C:\Users\Scripted\AppData\Roaming\ycdsqfvm\ticyver.dll
2014-12-10 00:22 - 2014-12-10 00:22 - 00186048 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2015-05-25 18:23 - 2015-05-22 23:09 - 01670472 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\libglesv2.dll
2015-05-25 18:23 - 2015-05-22 23:09 - 00093000 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\libegl.dll
2015-05-08 20:50 - 2015-05-08 20:50 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2015-05-25 18:23 - 2015-05-22 23:09 - 26787144 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\PepperFlash\pepflashplayer.dll
2015-01-19 20:21 - 2015-01-19 20:21 - 00218112 _____ () C:\Program Files (x86)\AIMP3\System\libsoxr.dll
2015-01-19 20:21 - 2015-01-19 20:21 - 00220672 _____ () C:\Program Files (x86)\AIMP3\System\Encoders\MACDll.dll
2015-01-19 20:21 - 2015-01-19 20:21 - 00435200 _____ () C:\Program Files (x86)\AIMP3\System\Encoders\libFLAC.dll
2015-01-19 20:21 - 2015-01-19 20:21 - 01733120 _____ () C:\Program Files (x86)\AIMP3\System\Encoders\aimp_libvorbis.dll
2015-01-19 20:21 - 2015-01-19 20:21 - 00159232 _____ () C:\Program Files (x86)\AIMP3\Plugins\aimp_sacd\libsacd.dll
2015-01-19 20:21 - 2015-01-19 20:21 - 00026624 _____ () C:\Program Files (x86)\AIMP3\Plugins\Aorta\Aorta.dll
2015-01-19 20:21 - 2015-01-19 20:21 - 00237568 _____ () C:\Program Files (x86)\AIMP3\Plugins\OptimFROG\OptimFROG.dll
2015-01-19 20:21 - 2015-01-19 20:21 - 00152648 _____ () C:\Program Files (x86)\AIMP3\Plugins\PandemicAnalogMeter\PandemicAnalogMeter.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-651886148-2220087869-3585668557-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Scripted\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{5A9E19DE-2A47-40E1-B4DA-588BB84E74AE}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{7D9F3215-D38F-46F4-A8C5-6BEA7A6191AF}] => (Allow) C:\Program Files (x86)\GameforgeLive\Games\DEU_deu\Elsword\data\x2.exe
FirewallRules: [{21E97794-F449-42F6-89D7-AA9B8EDA5705}] => (Allow) C:\Program Files (x86)\GameforgeLive\Games\DEU_deu\Elsword\data\x2.exe
FirewallRules: [{C4BE6CC1-4888-4CAB-AA35-D91EEF0C8DC5}] => (Allow) %USERPROFILE%\Downloads\Tweaker\PSO2 Tweaker.exe
FirewallRules: [TCP Query User{4007D01F-6347-4D1C-9D12-5F6FAF72430E}C:\users\scripted\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\scripted\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{1963AC41-F9CE-445C-8EDA-A3C715F3F6F1}C:\users\scripted\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\scripted\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{A407D60C-1D82-4565-B547-7993853F0E66}C:\users\scripted\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\scripted\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{11E00AD4-5AE9-49BA-A5A8-D5B1D25AF049}C:\users\scripted\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\scripted\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{91CCA3D7-C00E-4FD5-8CCC-2809EC6A09D0}C:\program files (x86)\tmnationsforever\tmforever.exe] => (Allow) C:\program files (x86)\tmnationsforever\tmforever.exe
FirewallRules: [UDP Query User{DF7A8C5D-70D2-44EC-8FE1-3A8CE299192E}C:\program files (x86)\tmnationsforever\tmforever.exe] => (Allow) C:\program files (x86)\tmnationsforever\tmforever.exe
FirewallRules: [{61497DD1-F960-49E6-A3EF-DEAE82483353}] => (Allow) C:\Elsword\VOID Elsword\data\x2.exe
FirewallRules: [{CD1A167F-636F-413D-B324-58AC8B007E36}] => (Allow) C:\Elsword\VOID Elsword\data\x2.exe
FirewallRules: [TCP Query User{FED5C433-EF1B-4C11-B6F6-04773DD3F598}C:\program files\sony\vegas pro 13.0\vegas130.exe] => (Allow) C:\program files\sony\vegas pro 13.0\vegas130.exe
FirewallRules: [UDP Query User{1CB633C7-2A29-46E8-BFFF-483A11DD4E79}C:\program files\sony\vegas pro 13.0\vegas130.exe] => (Allow) C:\program files\sony\vegas pro 13.0\vegas130.exe
FirewallRules: [{A797056E-535D-4BA2-A09D-24B706FD5CF7}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{67136640-0C5B-489A-9086-4154ED26689E}C:\program files (x86)\gameforgelive\games\deu_deu\tera\tera-launcher.exe] => (Allow) C:\program files (x86)\gameforgelive\games\deu_deu\tera\tera-launcher.exe
FirewallRules: [UDP Query User{D472E0EA-60ED-45A8-86F0-101084F1FB6D}C:\program files (x86)\gameforgelive\games\deu_deu\tera\tera-launcher.exe] => (Allow) C:\program files (x86)\gameforgelive\games\deu_deu\tera\tera-launcher.exe
FirewallRules: [{39DB6D17-CDA9-4073-83DF-DDCEA65AFADA}] => (Allow) %SystemDrive%\SG Interactive\Crossfire Europe\CF_SGIN.exe
FirewallRules: [{EB479D69-DD67-49E9-8D87-7B6BCD9B68DC}] => (Allow) C:\Program Files (x86)\GameforgeLive\gfl_client.exe
FirewallRules: [{8BEE5D8A-C162-4D75-ADA8-D3B6F3CDFC44}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{438CD5C6-31A8-43EB-9F06-BCA79DF54332}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [TCP Query User{52AFF13A-81F8-4324-85E3-AC1D19E7B8CF}C:\program files (x86)\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{3658A9A8-F5A9-4C27-B05C-66B23E256258}C:\program files (x86)\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/03/2015 09:02:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 11.0.9600.17801, Zeitstempel: 0x5536642c
Name des fehlerhaften Moduls: MSHTML.dll, Version: 11.0.9600.17801, Zeitstempel: 0x5536793e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00186c93
ID des fehlerhaften Prozesses: 0x1540
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3

Error: (06/03/2015 08:44:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 11.0.9600.17801, Zeitstempel: 0x5536642c
Name des fehlerhaften Moduls: MSHTML.dll, Version: 11.0.9600.17801, Zeitstempel: 0x5536793e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00186c93
ID des fehlerhaften Prozesses: 0x25ec
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3

Error: (06/03/2015 04:31:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 11.0.9600.17801, Zeitstempel: 0x5536642c
Name des fehlerhaften Moduls: MSHTML.dll, Version: 11.0.9600.17801, Zeitstempel: 0x5536793e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00186c93
ID des fehlerhaften Prozesses: 0x1f14
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3

Error: (06/01/2015 10:51:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 11.0.9600.17801, Zeitstempel: 0x5536642c
Name des fehlerhaften Moduls: MSHTML.dll, Version: 11.0.9600.17801, Zeitstempel: 0x5536793e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00186c93
ID des fehlerhaften Prozesses: 0x28ec
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3

Error: (06/01/2015 10:35:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 11.0.9600.17801, Zeitstempel: 0x5536642c
Name des fehlerhaften Moduls: MSHTML.dll, Version: 11.0.9600.17801, Zeitstempel: 0x5536793e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00186c93
ID des fehlerhaften Prozesses: 0x2638
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3

Error: (06/01/2015 10:20:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 11.0.9600.17801, Zeitstempel: 0x5536642c
Name des fehlerhaften Moduls: MSHTML.dll, Version: 11.0.9600.17801, Zeitstempel: 0x5536793e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00186c93
ID des fehlerhaften Prozesses: 0x1ef4
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3

Error: (06/01/2015 07:44:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: SearchProtocolHost.exe, Version: 7.0.7600.16385, Zeitstempel: 0x4a5bd1b4
Name des fehlerhaften Moduls: npggNT64.des_unloaded, Version: 0.0.0.0, Zeitstempel: 0x548016ce
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000458aa410
ID des fehlerhaften Prozesses: 0x201c
Startzeit der fehlerhaften Anwendung: 0xSearchProtocolHost.exe0
Pfad der fehlerhaften Anwendung: SearchProtocolHost.exe1
Pfad des fehlerhaften Moduls: SearchProtocolHost.exe2
Berichtskennung: SearchProtocolHost.exe3

Error: (06/01/2015 05:00:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 11.0.9600.17801, Zeitstempel: 0x5536642c
Name des fehlerhaften Moduls: MSHTML.dll, Version: 11.0.9600.17801, Zeitstempel: 0x5536793e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00186c93
ID des fehlerhaften Prozesses: 0x1f8
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3

Error: (06/01/2015 01:36:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 11.0.9600.17801, Zeitstempel: 0x5536642c
Name des fehlerhaften Moduls: MSHTML.dll, Version: 11.0.9600.17801, Zeitstempel: 0x5536793e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00186c93
ID des fehlerhaften Prozesses: 0x107c
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3

Error: (05/31/2015 11:49:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: SearchIndexer.exe, Version: 7.0.7600.16385, Zeitstempel: 0x4a5bd212
Name des fehlerhaften Moduls: npggNT64.des_unloaded, Version: 0.0.0.0, Zeitstempel: 0x548016ce
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000458a679f
ID des fehlerhaften Prozesses: 0x3570
Startzeit der fehlerhaften Anwendung: 0xSearchIndexer.exe0
Pfad der fehlerhaften Anwendung: SearchIndexer.exe1
Pfad des fehlerhaften Moduls: SearchIndexer.exe2
Berichtskennung: SearchIndexer.exe3


System errors:
=============
Error: (06/03/2015 10:09:55 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (06/03/2015 10:09:53 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (06/03/2015 10:09:53 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (06/03/2015 10:09:53 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (06/03/2015 10:09:53 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (06/03/2015 10:09:48 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (06/03/2015 10:09:46 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (06/03/2015 10:09:46 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (06/03/2015 10:09:46 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (06/03/2015 10:09:29 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.


Microsoft Office:
=========================
Error: (06/03/2015 09:02:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.178015536642cMSHTML.dll11.0.9600.178015536793ec000000500186c93154001d09e2d76ce8e16C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\system32\MSHTML.dll18417e63-0a23-11e5-91b6-bcaec527bbe4

Error: (06/03/2015 08:44:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.178015536642cMSHTML.dll11.0.9600.178015536793ec000000500186c9325ec01d09e2acefbca3eC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\system32\MSHTML.dll9aa2b8ce-0a20-11e5-91b6-bcaec527bbe4

Error: (06/03/2015 04:31:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.178015536642cMSHTML.dll11.0.9600.178015536793ec000000500186c931f1401d09e06a14a2cdbC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\system32\MSHTML.dll487b3469-09fd-11e5-91b6-bcaec527bbe4

Error: (06/01/2015 10:51:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.178015536642cMSHTML.dll11.0.9600.178015536793ec000000500186c9328ec01d09caa874ae3dbC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\system32\MSHTML.dllef968f4c-089f-11e5-bca9-bcaec527bbe4

Error: (06/01/2015 10:35:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.178015536642cMSHTML.dll11.0.9600.178015536793ec000000500186c93263801d09ca88aba33a7C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\system32\MSHTML.dllaed8a219-089d-11e5-bca9-bcaec527bbe4

Error: (06/01/2015 10:20:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.178015536642cMSHTML.dll11.0.9600.178015536793ec000000500186c931ef401d09c8944c94a13C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\system32\MSHTML.dllb081aa2e-089b-11e5-bca9-bcaec527bbe4

Error: (06/01/2015 07:44:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SearchProtocolHost.exe7.0.7600.163854a5bd1b4npggNT64.des_unloaded0.0.0.0548016cec000000500000000458aa410201c01d09c90e5a80addC:\Windows\system32\SearchProtocolHost.exenpggNT64.dese023728c-0885-11e5-bca9-bcaec527bbe4

Error: (06/01/2015 05:00:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.178015536642cMSHTML.dll11.0.9600.178015536793ec000000500186c931f801d09c79f7b453ccC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\system32\MSHTML.dlle8e2c46f-086e-11e5-bca9-bcaec527bbe4

Error: (06/01/2015 01:36:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.178015536642cMSHTML.dll11.0.9600.178015536793ec000000500186c93107c01d09c5a337d41f0C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\system32\MSHTML.dll6c1e2892-0852-11e5-99bf-bcaec527bbe4

Error: (05/31/2015 11:49:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SearchIndexer.exe7.0.7600.163854a5bd212npggNT64.des_unloaded0.0.0.0548016cec000000500000000458a679f357001d09be469f501e3C:\Windows\system32\SearchIndexer.exenpggNT64.desde88800e-07de-11e5-965e-bcaec527bbe4


CodeIntegrity Errors:
===================================
  Date: 2015-01-06 16:36:13.572
  Description: Windows konnte die Abbildintegrität der Datei "\Device\CdRom0\NTGLM7X.SYS" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-01-06 16:36:13.557
  Description: Windows konnte die Abbildintegrität der Datei "\Device\CdRom0\NTGLM7X.SYS" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-01-06 16:36:10.983
  Description: Windows konnte die Abbildintegrität der Datei "\Device\CdRom0\Install\GMSIPCI.SYS" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-01-06 16:36:10.951
  Description: Windows konnte die Abbildintegrität der Datei "\Device\CdRom0\Install\GMSIPCI.SYS" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Processor: Pentium(R) Dual-Core CPU E6700 @ 3.20GHz
Percentage of memory in use: 52%
Total physical RAM: 4095.12 MB
Available physical RAM: 1939.99 MB
Total Pagefile: 8188.43 MB
Available Pagefile: 4565.77 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:799.38 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 71DB28AC)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

==================== End of log ============================

--- --- ---

Nagato · 06.06.2015, 23:23

Logs sind schon etwas länger gepostet .. hoffe weiterhin das mir geholfen werden kann ... die "paar" Viren belasten meinen Computer momentan so ziemlich.
Und woher auch immer diese Internet Explorer Tabs kommen die ich nur finde wenn ich meinen Task Manager öffne und diese sich nicht schließen lassen .. ich würde dies alles echt gerne weiterhin mit Ihrer Hilfe beseitigen nur dafür müssten sie mir weiterhelfen.

mfg Nagato

18.05.2015, 22:41	#6
Bootsektor Ruhe in Frieden † 2019	ADWARE/Hicosmea.140800 und weitere "Viren" gefunden Meine Frage bzgl. der Hostsdatei? __________________ --> ADWARE/Hicosmea.140800 und weitere "Viren" gefunden

23.05.2015, 01:54	#8
Bootsektor Ruhe in Frieden † 2019	ADWARE/Hicosmea.140800 und weitere "Viren" gefunden Hallo, was ist mit den Hosts? __________________ Grüße stolzes Mitglied von UNITE Du hast Lob oder Verbesserungsvorschläge? Du findest unsere Arbeit gut und möchtest uns finanziell unterstützen? -> Spende

ADWARE/Hicosmea.140800 und weitere "Viren" gefunden

Plagegeister aller Art und deren Bekämpfung: ADWARE/Hicosmea.140800 und weitere "Viren" gefunden