Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Befunde durch mein Internet Security Programm (https://www.trojaner-board.de/164461-befunde-internet-security-programm.html)

Madyou 25.02.2015 17:39
Befunde durch mein Internet Security Programm
 
Mein Internet Security Programm meldet nach einen System Scan folgenden Befunden

Emsisoft Internet Security Log
Code:
Emsisoft Internet Security - Version 9.0
Letztes Update: 24.02.2015 11:06:14
Benutzerkonto: Home-PC\Shorty

Scan-Einstellungen:

Scan Methode: Eigener Scan
Objekte: Rootkits, Speicher, Traces, C:\, D:\

PUPs-Erkennung: An
Archiv-Scan: An
ADS Scan: An
Dateitypen-Filter: An
Exclusion filter:
Erweitertes Caching: An
Direkter Festplattenzugriff: An

Scan-Beginn:        24.02.2015 11:08:26
Value: HKEY_USERS\S-1-5-21-2283336931-498017777-3949958785-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR        gefunden: Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-21-2283336931-498017777-3949958785-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS        gefunden: Setting.DisableRegistryTools (A)


Gescannt        492584
Gefunden        2

Scan-Ende:        24.02.2015 13:54:47
Scan-Zeit:        2:46:21
Werde jetzt sämtliche Logs von der Programmen die ich Verwendet habe Posten, werde dafür aber mehre Beitrage nacheinander posten müssen

Defogger Log
Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 11:06 on 24/02/2015 (Shorty)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
Farbar's Recovery Scan Tool FRST Log

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-02-2015
Ran by Shorty (administrator) on HOME-PC on 25-02-2015 10:23:17
Running from C:\Users\Shorty\Desktop\Anti Virus
Loaded Profiles: Shorty (Available profiles: Shorty)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Internet Security\a2service.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Internet Security\a2guard.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Overwolf LTD) C:\Program Files (x86)\Overwolf\Overwolf.exe
(Overwolf LTD) C:\Program Files (x86)\Common Files\Overwolf\0.82.106.0\OverwolfHelper.exe
(Overwolf LTD) C:\Program Files (x86)\Common Files\Overwolf\0.82.106.0\OverwolfHelper64.exe
(Overwolf LTD) C:\Program Files (x86)\Overwolf\0.82.106.0\OverwolfBrowser.exe
(Overwolf LTD) C:\Program Files (x86)\Overwolf\0.82.106.0\OverwolfTSHelper.exe
(TeamSpeak Systems GmbH) C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [emsisoft anti-malware] => c:\program files (x86)\emsisoft internet security\a2guard.exe [4997872 2014-12-31] (Emsisoft GmbH)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-2283336931-498017777-3949958785-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2283336931-498017777-3949958785-1001\...\Policies\Explorer: [CDRAutoRun] 0
HKU\S-1-5-21-2283336931-498017777-3949958785-1001\...\MountPoints2: {6a841102-8abf-11e4-83eb-00241dd5bc54} - E:\IG2_Setup.exe
BootExecute: autocheck autochk /r \??\D:autocheck autochk *

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2283336931-498017777-3949958785-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Shorty\AppData\Roaming\Mozilla\Firefox\Profiles\z661wixb.default
FF Homepage: https://www.google.de/?gfe_rd=cr&ei=h0qJVKCUK4yh8weK44DoBA
FF NetworkProxy: "http", "94.23.59.45"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll No File
FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-2283336931-498017777-3949958785-1001: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-2283336931-498017777-3949958785-1001: @updates.epicbrowser.com/Epic Privacy Browser Update;version=3 -> C:\Users\Shorty\AppData\Local\Epic Privacy Browser\Update\1.3.27.13\npEpicUpdate3.dll No File
FF Plugin HKU\S-1-5-21-2283336931-498017777-3949958785-1001: @updates.epicbrowser.com/Epic Privacy Browser Update;version=9 -> C:\Users\Shorty\AppData\Local\Epic Privacy Browser\Update\1.3.27.13\npEpicUpdate3.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Extension: German Dictionary - C:\Users\Shorty\AppData\Roaming\Mozilla\Firefox\Profiles\z661wixb.default\Extensions\de-DE@dictionaries.addons.mozilla.org [2014-12-31]
FF Extension: YouTube Unblocker - C:\Users\Shorty\AppData\Roaming\Mozilla\Firefox\Profiles\z661wixb.default\Extensions\youtubeunblocker@unblocker.yt [2015-01-21]
FF Extension: Flashblock - C:\Users\Shorty\AppData\Roaming\Mozilla\Firefox\Profiles\z661wixb.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2014-12-29]
FF Extension: FT DeepDark - C:\Users\Shorty\AppData\Roaming\Mozilla\Firefox\Profiles\z661wixb.default\Extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66} [2015-01-21]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Shorty\AppData\Roaming\Mozilla\Firefox\Profiles\z661wixb.default\Extensions\adblockpopups@jessehakanen.net.xpi [2014-12-21]
FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\Shorty\AppData\Roaming\Mozilla\Firefox\Profiles\z661wixb.default\Extensions\elemhidehelper@adblockplus.org.xpi [2014-12-20]
FF Extension: UploadProgress - C:\Users\Shorty\AppData\Roaming\Mozilla\Firefox\Profiles\z661wixb.default\Extensions\fvicente@gmail.com.xpi [2015-02-07]
FF Extension: Telekom YouTube Turbo - C:\Users\Shorty\AppData\Roaming\Mozilla\Firefox\Profiles\z661wixb.default\Extensions\info@maltegoetz.de.xpi [2014-12-20]
FF Extension: YouTube ALL HTML5 - C:\Users\Shorty\AppData\Roaming\Mozilla\Firefox\Profiles\z661wixb.default\Extensions\jid1-qj0w91o64N7Eeg@jetpack.xpi [2014-12-20]
FF Extension: Menu Wizard - C:\Users\Shorty\AppData\Roaming\Mozilla\Firefox\Profiles\z661wixb.default\Extensions\s3menu@wizard.xpi [2014-12-20]
FF Extension: Secure Login - C:\Users\Shorty\AppData\Roaming\Mozilla\Firefox\Profiles\z661wixb.default\Extensions\secureLogin@blueimp.net.xpi [2014-12-20]
FF Extension: Status-4-Evar - C:\Users\Shorty\AppData\Roaming\Mozilla\Firefox\Profiles\z661wixb.default\Extensions\status4evar@caligonstudios.com.xpi [2014-12-20]
FF Extension: New Tab Homepage - C:\Users\Shorty\AppData\Roaming\Mozilla\Firefox\Profiles\z661wixb.default\Extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi [2015-01-19]
FF Extension: Disable Anti-Adblock - C:\Users\Shorty\AppData\Roaming\Mozilla\Firefox\Profiles\z661wixb.default\Extensions\{d49a148e-817e-4025-bee3-5d541376de3b}.xpi [2014-12-20]
FF Extension: User Agent Switcher - C:\Users\Shorty\AppData\Roaming\Mozilla\Firefox\Profiles\z661wixb.default\Extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi [2015-01-22]
FF Extension: Adblock Edge - C:\Users\Shorty\AppData\Roaming\Mozilla\Firefox\Profiles\z661wixb.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2014-12-20]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2015-01-08]
FF HKU\S-1-5-21-2283336931-498017777-3949958785-1001\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Internet Security\a2service.exe [4920104 2014-12-31] (Emsisoft GmbH)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT INTERNET SECURITY\a2accx64.sys [71472 2014-05-12] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files (x86)\Emsisoft Internet Security\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH)
R1 a2injectiondriver; C:\Program Files (x86)\Emsisoft Internet Security\a2dix64.sys [45208 2013-09-30] (Emsisoft GmbH)
R1 a2util; C:\Program Files (x86)\Emsisoft Internet Security\a2util64.sys [23088 2014-05-12] (Emsisoft GmbH)
R0 amdide64; C:\Windows\System32\DRIVERS\amdide64.sys [11944 2014-12-22] (Advanced Micro Devices Inc.)
R3 cleanhlp; C:\Program Files (x86)\Emsisoft Internet Security\cleanhlp64.sys [57024 2013-12-04] (Emsisoft GmbH)
R3 fwndis; C:\Windows\System32\DRIVERS\fwndis64.sys [491632 2015-01-01] ()
R1 fwwfp; C:\Program Files (x86)\Emsisoft Internet Security\fwwfp764.sys [414936 2015-01-01] ()
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2014-12-22] (REALiX(tm))
R1 UimBus; C:\Windows\System32\DRIVERS\UimBus.sys [102664 2014-05-19] ()
R1 Uim_DEVIM; C:\Windows\System32\DRIVERS\uim_devim.sys [25992 2014-05-19] ()
R1 Uim_IM; C:\Windows\System32\DRIVERS\uim_im.sys [700296 2014-05-19] ()
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S3 dtultrascsibus; system32\DRIVERS\dtultrascsibus.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-25 09:43 - 2015-02-25 10:23 - 00000000 ____D () C:\FRST
2015-02-25 09:39 - 2015-02-25 09:40 - 00000000 ____D () C:\AdwCleaner
2015-02-25 09:19 - 2015-02-25 09:19 - 42714248 _____ () C:\Users\Shorty\Downloads\firefox-37.0a2.de.win64.installer.exe
2015-02-25 09:14 - 2015-02-25 09:14 - 40620016 _____ () C:\Users\Shorty\Downloads\Firefox Setup 37.0b1.exe
2015-02-24 23:45 - 2015-02-24 23:46 - 00000000 ____D () C:\Windows\LastGood
2015-02-24 23:27 - 2015-02-04 04:56 - 31515280 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-02-24 23:27 - 2015-02-04 04:56 - 24198856 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-02-24 23:27 - 2015-02-04 04:56 - 22993224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-02-24 23:27 - 2015-02-04 04:56 - 17559432 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-02-24 23:27 - 2015-02-04 04:56 - 15294280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-02-24 23:27 - 2015-02-04 04:56 - 13916280 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-02-24 23:27 - 2015-02-04 04:56 - 13828032 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-02-24 23:27 - 2015-02-04 04:56 - 12894024 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-02-24 23:27 - 2015-02-04 04:56 - 11272240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-02-24 23:27 - 2015-02-04 04:56 - 11209192 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-02-24 23:27 - 2015-02-04 04:56 - 04244680 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-02-24 23:27 - 2015-02-04 04:56 - 03987600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-02-24 23:27 - 2015-02-04 04:56 - 03209736 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-02-24 23:27 - 2015-02-04 04:56 - 01907400 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434144.dll
2015-02-24 23:27 - 2015-02-04 04:56 - 01555656 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434144.dll
2015-02-24 23:27 - 2015-02-04 04:56 - 00965360 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-02-24 23:27 - 2015-02-04 04:56 - 00944328 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-02-24 23:27 - 2015-02-04 04:56 - 00907464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-02-24 23:27 - 2015-02-04 04:56 - 00902344 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-02-24 23:27 - 2015-02-04 04:56 - 00870032 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-02-24 23:27 - 2015-02-04 04:56 - 00846880 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-02-24 23:27 - 2015-02-04 04:56 - 00499912 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-02-24 23:27 - 2015-02-04 04:56 - 00416584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-02-24 23:27 - 2015-02-04 04:56 - 00389320 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-02-24 23:27 - 2015-02-04 04:56 - 00355272 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-02-24 23:27 - 2015-02-04 04:56 - 00346952 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-02-24 23:27 - 2015-02-04 04:56 - 00307184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-02-24 23:27 - 2015-02-04 04:56 - 00167312 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-02-24 23:27 - 2015-02-04 04:56 - 00147576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-02-24 23:18 - 2015-02-24 23:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-02-24 16:34 - 2015-02-24 16:34 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-HOME-PC-Windows-7-Ultimate-(64-bit).dat
2015-02-24 16:34 - 2015-02-24 16:34 - 00000000 ____D () C:\RegBackup
2015-02-24 11:06 - 2015-02-24 11:06 - 00000000 _____ () C:\Users\Shorty\defogger_reenable
2015-02-24 04:24 - 2015-02-24 04:24 - 00002613 _____ () C:\Users\Shorty\AppData\Local\recently-used.xbel
2015-02-24 04:03 - 2015-02-24 04:24 - 00000000 ____D () C:\Users\Shorty\AppData\Local\gtk-2.0
2015-02-24 04:03 - 2015-02-24 04:03 - 00000000 ____D () C:\Users\Shorty\.thumbnails
2015-02-24 04:00 - 2015-02-24 04:00 - 00000000 ____D () C:\Users\Shorty\AppData\Local\gegl-0.2
2015-02-24 03:35 - 2015-02-24 03:35 - 00000000 ____D () C:\Users\Shorty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MW Graphics
2015-02-24 03:35 - 2009-03-10 23:25 - 00191488 ____N (MW Graphics) C:\Windows\SysWOW64\mwgfx.dll
2015-02-24 03:35 - 2008-10-20 13:44 - 00237056 ____N (MW Publishing) C:\Windows\SysWOW64\mwgfx24.dll
2015-02-24 03:35 - 2008-09-05 08:32 - 00104960 ____N (MW Graphics) C:\Windows\SysWOW64\mwdds.dll
2015-02-24 03:35 - 2007-08-19 09:37 - 00028672 ____N (MW Graphics) C:\Windows\SysWOW64\mwgfxcopy.exe
2015-02-24 03:35 - 2004-05-14 11:13 - 00056832 ____N (MW Graphics) C:\Windows\SysWOW64\mwace.dll
2015-02-23 21:44 - 2015-02-25 09:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-20 11:10 - 2015-02-20 11:13 - 00000010 _____ () C:\Users\Shorty\Documents\Dokument 2.txt
2015-02-20 09:53 - 2015-02-20 11:16 - 00000000 ____D () C:\Users\Shorty\AppData\Roaming\ALFBanCo6
2015-02-20 09:42 - 2015-02-20 09:42 - 00000000 ____D () C:\Users\Shorty\AppData\Local\ALF_AG
2015-02-20 09:39 - 2015-02-20 09:52 - 00000000 ____D () C:\ProgramData\AlfBanCo5
2015-02-20 09:39 - 2015-02-20 09:39 - 00000000 ____D () C:\Users\Shorty\Desktop\ALFBanCo5
2015-02-20 09:39 - 2015-02-20 09:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ALF-BanCo 5
2015-02-20 09:39 - 2015-02-20 09:39 - 00000000 ____D () C:\Program Files (x86)\ALFBanCo5
2015-02-20 09:39 - 2009-06-23 12:58 - 00462848 _____ (REINER SCT ) C:\Windows\SysWOW64\rsct_ot.ocx
2015-02-20 09:39 - 2004-06-14 14:04 - 00874248 _____ (Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com) C:\Windows\SysWOW64\SmartUI2.ocx
2015-02-20 09:39 - 2002-09-27 17:47 - 00442368 _____ (ComponentOne) C:\Windows\SysWOW64\vsflex7l.ocx
2015-02-20 09:39 - 2001-02-07 15:17 - 01066176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCTL.1
2015-02-20 09:39 - 2000-10-01 23:00 - 00125712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VB6DE.DLL
2015-02-20 09:39 - 2000-05-21 23:00 - 01066176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscomctl.ocx
2015-02-20 09:39 - 2000-05-21 23:00 - 01009336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCHRT20.ocx
2015-02-20 09:39 - 2000-05-21 23:00 - 00647872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscomct2.ocx
2015-02-20 09:39 - 2000-05-21 23:00 - 00140488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comdlg32.ocx
2015-02-20 09:39 - 1998-07-05 23:00 - 00064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCC2DE.DLL
2015-02-20 09:39 - 1998-07-05 23:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CmDlgDE.dll
2015-02-20 09:39 - 1998-07-05 19:00 - 00158208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCMCDE.DLL
2015-02-20 09:34 - 2015-02-20 09:54 - 00000000 ____D () C:\Users\Shorty\AppData\Roaming\ALFBanCo5
2015-02-20 09:02 - 2015-02-20 11:16 - 00000000 ____D () C:\ProgramData\AlfBanCo6
2015-02-20 07:44 - 2015-02-20 07:44 - 00000293 _____ () C:\Users\Shorty\Desktop\Digitally Imported - Chillout Dreams.pls
2015-02-19 08:41 - 2015-02-19 08:41 - 00000000 ____D () C:\Users\Shorty\AppData\Local\Steam
2015-02-18 18:15 - 2015-02-18 18:15 - 00000000 ____D () C:\Users\Shorty\AppData\Roaming\Macromedia
2015-02-18 18:15 - 2015-02-18 18:15 - 00000000 ____D () C:\Users\Shorty\AppData\Local\Macromedia
2015-02-17 23:16 - 2015-02-17 23:16 - 00001042 _____ () C:\Users\Public\Desktop\PDF-XChange Editor.lnk
2015-02-17 23:16 - 2015-02-17 23:16 - 00000000 ____D () C:\Users\Shorty\AppData\Roaming\Tracker Software
2015-02-17 23:16 - 2015-02-17 23:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF-XChange
2015-02-17 23:16 - 2015-02-17 23:16 - 00000000 ____D () C:\Program Files\Tracker Software
2015-02-17 23:14 - 2015-02-17 23:15 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-16 17:47 - 2015-02-16 17:48 - 00000000 ____D () C:\Users\Shorty\AppData\Local\PES_2013_BAL_Editor_v1.2
2015-02-16 01:35 - 2015-02-22 21:45 - 00001777 _____ () C:\Users\Public\Desktop\Play Euro Truck Simulator 2 Multiplayer.lnk
2015-02-15 14:45 - 2015-02-25 10:23 - 00000000 ____D () C:\Users\Shorty\Desktop\Anti Virus
2015-02-12 09:24 - 2015-01-23 05:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-12 09:24 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-12 09:24 - 2015-01-23 04:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-12 09:24 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-11 15:33 - 2015-02-22 21:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Euro Truck Simulator 2 Multiplayer
2015-02-11 15:33 - 2015-02-16 01:35 - 00000000 ____D () C:\Users\Shorty\Documents\ETS2MP
2015-02-11 15:33 - 2015-02-11 15:33 - 00000000 ____D () C:\Program Files (x86)\Euro Truck Simulator 2 Multiplayer
2015-02-11 10:33 - 2015-02-11 10:33 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2015-02-11 10:33 - 2015-02-11 10:33 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2015-02-11 10:18 - 2015-01-15 09:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 10:18 - 2015-01-15 09:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-11 10:18 - 2015-01-15 09:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 10:18 - 2015-01-15 09:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-11 10:18 - 2015-01-15 09:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-11 10:18 - 2015-01-15 09:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-11 10:18 - 2015-01-15 09:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-11 10:18 - 2015-01-15 09:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-11 10:18 - 2015-01-15 09:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 10:18 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-11 10:18 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-11 10:18 - 2015-01-15 08:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-11 10:18 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-11 10:18 - 2015-01-15 05:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 10:17 - 2015-01-15 09:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 10:17 - 2015-01-15 09:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-11 10:17 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-11 10:17 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-11 10:17 - 2015-01-14 06:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 10:17 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-11 10:17 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 10:17 - 2015-01-12 04:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 10:17 - 2015-01-12 04:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-11 10:17 - 2015-01-12 03:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-11 10:17 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 10:17 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 10:17 - 2015-01-12 03:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-11 10:17 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-11 10:17 - 2015-01-12 03:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 10:17 - 2015-01-12 03:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-11 10:17 - 2015-01-12 03:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 10:17 - 2015-01-12 03:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-11 10:17 - 2015-01-12 03:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-11 10:17 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-11 10:17 - 2015-01-12 03:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-11 10:17 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-11 10:17 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 10:17 - 2015-01-12 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-11 10:17 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-11 10:17 - 2015-01-12 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-11 10:17 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 10:17 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-11 10:17 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-11 10:17 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-11 10:17 - 2015-01-12 03:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 10:17 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-11 10:17 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-11 10:17 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-11 10:17 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-11 10:17 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-11 10:17 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 10:17 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 10:17 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 10:17 - 2015-01-12 02:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-11 10:17 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-11 10:17 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 10:17 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-11 10:17 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-11 10:17 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-11 10:17 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-11 10:17 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 10:17 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-11 10:17 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-11 10:17 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-11 10:17 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-11 10:17 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 10:17 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-11 10:17 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-11 10:17 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-11 10:17 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-11 10:17 - 2015-01-10 07:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-11 10:17 - 2015-01-10 07:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 10:17 - 2015-01-10 07:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-11 10:17 - 2015-01-10 07:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-11 10:17 - 2015-01-10 07:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-11 10:17 - 2015-01-10 07:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-11 10:17 - 2015-01-10 07:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-11 10:17 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-11 10:17 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-11 10:17 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-11 10:17 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-11 10:17 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-11 10:17 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-11 10:17 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-11 10:17 - 2014-12-12 06:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-11 10:17 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-11 10:17 - 2014-07-07 03:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-02-11 10:17 - 2014-07-07 03:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-02-11 10:17 - 2014-07-07 02:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-02-11 10:17 - 2014-07-07 02:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-02-11 10:16 - 2015-01-14 07:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 10:16 - 2015-01-14 07:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-11 10:16 - 2015-01-14 07:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-11 10:16 - 2015-01-14 07:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-11 10:16 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-11 10:16 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-11 10:16 - 2015-01-14 06:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-11 10:16 - 2015-01-13 04:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 10:16 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 10:16 - 2015-01-09 04:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-02-11 10:16 - 2015-01-09 04:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-02-11 10:16 - 2015-01-09 04:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-02-11 10:16 - 2015-01-09 03:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-02-11 10:16 - 2014-12-08 04:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 10:16 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 10:16 - 2014-11-26 04:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 10:16 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-11 10:03 - 2015-01-09 03:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-10 21:21 - 2015-02-04 03:21 - 00932040 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-02-10 21:19 - 2015-02-05 22:01 - 14119744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\SET391B.tmp
2015-02-10 21:19 - 2015-02-05 22:01 - 02902784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\SET229A.tmp
2015-02-10 21:19 - 2015-02-05 22:01 - 01895240 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434752.dll
2015-02-10 21:19 - 2015-02-05 22:01 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434752.dll
2015-02-10 21:19 - 2015-02-04 04:56 - 14497568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-02-10 21:19 - 2015-02-04 04:56 - 02823992 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-02-10 21:18 - 2015-02-10 21:18 - 00000000 ____D () C:\NVIDIA
2015-02-10 15:33 - 2015-02-10 15:33 - 00000222 _____ () C:\Users\Shorty\Desktop\Euro Truck Simulator 2.url
2015-01-31 16:41 - 2015-01-31 16:41 - 00000364 _____ () C:\Windows\DirectX.log
2015-01-31 16:41 - 2015-01-31 16:41 - 00000000 ____D () C:\Users\Shorty\Documents\My Games
2015-01-31 16:36 - 2015-01-31 16:36 - 00000222 _____ () C:\Users\Shorty\Desktop\Landwirtschafts Simulator 2013.url
2015-01-31 16:14 - 2015-01-31 16:14 - 00000000 ____D () C:\ProgramData\FlyVPN

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-25 10:13 - 2014-12-22 00:09 - 00000000 ____D () C:\Users\Shorty\AppData\Roaming\TS3Client
2015-02-25 10:12 - 2015-01-13 17:51 - 00000000 ____D () C:\Users\Shorty\AppData\Local\Overwolf
2015-02-25 10:12 - 2014-12-21 14:16 - 00000000 ____D () C:\Users\Shorty\AppData\Roaming\vlc
2015-02-25 10:07 - 2015-01-01 03:45 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Internet Security
2015-02-25 09:40 - 2014-12-20 11:09 - 01735850 _____ () C:\Windows\WindowsUpdate.log
2015-02-25 09:14 - 2015-01-21 00:19 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-02-25 09:09 - 2015-01-19 12:54 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-25 02:56 - 2014-12-21 22:22 - 00393770 _____ () C:\Windows\system32\perfh011.dat
2015-02-25 02:56 - 2014-12-21 22:22 - 00111148 _____ () C:\Windows\system32\perfc011.dat
2015-02-25 02:56 - 2014-12-21 22:04 - 00474682 _____ () C:\Windows\system32\perfh006.dat
2015-02-25 02:56 - 2014-12-21 22:04 - 00086370 _____ () C:\Windows\system32\perfc006.dat
2015-02-25 02:56 - 2014-12-21 21:25 - 00386380 _____ () C:\Windows\system32\prfh0404.dat
2015-02-25 02:56 - 2014-12-21 21:25 - 00111192 _____ () C:\Windows\system32\prfc0404.dat
2015-02-25 02:56 - 2014-12-21 21:10 - 00679128 _____ () C:\Windows\system32\prfh0416.dat
2015-02-25 02:56 - 2014-12-21 21:10 - 00134942 _____ () C:\Windows\system32\prfc0416.dat
2015-02-25 02:56 - 2014-12-21 20:55 - 00693408 _____ () C:\Windows\system32\prfh0816.dat
2015-02-25 02:56 - 2014-12-21 20:55 - 00139680 _____ () C:\Windows\system32\prfc0816.dat
2015-02-25 02:56 - 2014-12-21 20:42 - 00706172 _____ () C:\Windows\system32\perfh015.dat
2015-02-25 02:56 - 2014-12-21 20:42 - 00143026 _____ () C:\Windows\system32\perfc015.dat
2015-02-25 02:56 - 2014-12-21 20:29 - 00623474 _____ () C:\Windows\system32\perfh01F.dat
2015-02-25 02:56 - 2014-12-21 20:29 - 00127160 _____ () C:\Windows\system32\perfc01F.dat
2015-02-25 02:56 - 2014-12-21 20:06 - 00361828 _____ () C:\Windows\system32\prfh0804.dat
2015-02-25 02:56 - 2014-12-21 20:06 - 00108714 _____ () C:\Windows\system32\prfc0804.dat
2015-02-25 02:56 - 2014-12-21 19:21 - 00689166 _____ () C:\Windows\system32\perfh019.dat
2015-02-25 02:56 - 2014-12-21 19:21 - 00136882 _____ () C:\Windows\system32\perfc019.dat
2015-02-25 02:56 - 2014-12-21 19:09 - 00461784 _____ () C:\Windows\system32\perfh014.dat
2015-02-25 02:56 - 2014-12-21 19:09 - 00083050 _____ () C:\Windows\system32\perfc014.dat
2015-02-25 02:56 - 2014-12-21 18:56 - 00569414 _____ () C:\Windows\system32\perfh008.dat
2015-02-25 02:56 - 2014-12-21 18:56 - 00097958 _____ () C:\Windows\system32\perfc008.dat
2015-02-25 02:56 - 2014-12-21 18:44 - 00631692 _____ () C:\Windows\system32\perfh01D.dat
2015-02-25 02:56 - 2014-12-21 18:44 - 00129892 _____ () C:\Windows\system32\perfc01D.dat
2015-02-25 02:56 - 2014-12-21 18:33 - 00405726 _____ () C:\Windows\system32\perfh012.dat
2015-02-25 02:56 - 2014-12-21 18:33 - 00109432 _____ () C:\Windows\system32\perfc012.dat
2015-02-25 02:56 - 2014-12-21 18:21 - 00635988 _____ () C:\Windows\system32\perfh005.dat
2015-02-25 02:56 - 2014-12-21 18:21 - 00129338 _____ () C:\Windows\system32\perfc005.dat
2015-02-25 02:56 - 2014-12-21 17:52 - 00706446 _____ () C:\Windows\system32\perfh013.dat
2015-02-25 02:56 - 2014-12-21 17:52 - 00139702 _____ () C:\Windows\system32\perfc013.dat
2015-02-25 02:56 - 2014-12-21 17:33 - 00448744 _____ () C:\Windows\system32\perfh00B.dat
2015-02-25 02:56 - 2014-12-21 17:33 - 00088100 _____ () C:\Windows\system32\perfc00B.dat
2015-02-25 02:56 - 2014-12-21 17:24 - 00649200 _____ () C:\Windows\system32\perfh00E.dat
2015-02-25 02:56 - 2014-12-21 17:24 - 00157556 _____ () C:\Windows\system32\perfc00E.dat
2015-02-25 02:56 - 2014-12-21 17:07 - 00709354 _____ () C:\Windows\system32\perfh00A.dat
2015-02-25 02:56 - 2014-12-21 17:07 - 00145038 _____ () C:\Windows\system32\perfc00A.dat
2015-02-25 02:56 - 2014-12-21 16:57 - 00364110 _____ () C:\Windows\system32\perfh00D.dat
2015-02-25 02:56 - 2014-12-21 16:57 - 00073806 _____ () C:\Windows\system32\perfc00D.dat
2015-02-25 02:56 - 2014-12-21 16:35 - 00704830 _____ () C:\Windows\system32\perfh010.dat
2015-02-25 02:56 - 2014-12-21 16:35 - 00134444 _____ () C:\Windows\system32\perfc010.dat
2015-02-25 02:56 - 2014-12-21 16:26 - 00711250 _____ () C:\Windows\system32\perfh00C.dat
2015-02-25 02:56 - 2014-12-21 16:26 - 00447360 _____ () C:\Windows\system32\perfh001.dat
2015-02-25 02:56 - 2014-12-21 16:26 - 00136800 _____ () C:\Windows\system32\perfc00C.dat
2015-02-25 02:56 - 2014-12-21 16:26 - 00083820 _____ () C:\Windows\system32\perfc001.dat
2015-02-25 02:56 - 2011-04-12 08:43 - 00660662 _____ () C:\Windows\system32\perfh007.dat
2015-02-25 02:56 - 2011-04-12 08:43 - 00135494 _____ () C:\Windows\system32\perfc007.dat
2015-02-25 02:56 - 2009-07-14 06:13 - 16757306 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-25 02:28 - 2014-12-20 11:36 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-02-25 02:16 - 2014-12-21 02:05 - 00000000 ____D () C:\Users\Shorty\Documents\Euro Truck Simulator 2
2015-02-24 23:47 - 2014-12-29 13:28 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-24 23:18 - 2014-12-20 11:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-24 20:44 - 2009-07-14 05:45 - 00021280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-24 20:44 - 2009-07-14 05:45 - 00021280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-24 20:39 - 2014-12-20 11:42 - 00067088 _____ () C:\Users\Shorty\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-24 17:59 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-24 17:58 - 2009-07-14 05:45 - 00308144 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-24 17:57 - 2015-01-22 23:47 - 00006590 _____ () C:\Windows\PFRO.log
2015-02-24 17:57 - 2015-01-22 23:47 - 00002150 _____ () C:\Windows\setupact.log
2015-02-24 17:56 - 2011-04-12 08:54 - 00000000 ____D () C:\Windows\CSC
2015-02-24 17:50 - 2009-07-14 03:34 - 00000474 _____ () C:\Windows\win.ini
2015-02-24 11:06 - 2014-12-20 11:16 - 00000000 ____D () C:\Users\Shorty
2015-02-24 10:55 - 2014-12-20 11:29 - 00000000 ____D () C:\Users\Shorty\AppData\Local\JDownloader v2.0
2015-02-20 09:40 - 2014-12-20 11:17 - 00000000 ____D () C:\Users\Shorty\AppData\Local\VirtualStore
2015-02-20 09:36 - 2014-12-31 00:29 - 00000000 ____D () C:\Users\Shorty\AppData\Roaming\dvdcss
2015-02-20 07:30 - 2015-01-16 10:32 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-20 07:30 - 2015-01-16 10:32 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-20 07:30 - 2014-12-20 14:12 - 00000000 ____D () C:\Users\Shorty\AppData\Local\Adobe
2015-02-19 20:45 - 2014-12-29 15:09 - 00000000 ____D () C:\Users\Shorty\AppData\Local\Microsoft Help
2015-02-17 09:03 - 2014-12-29 17:26 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-15 12:36 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-02-11 11:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing
2015-02-11 11:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\zh-HK
2015-02-11 11:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\uk-UA
2015-02-11 11:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\tr-TR
2015-02-11 11:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\th-TH
2015-02-11 11:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\sr-Latn-CS
2015-02-11 11:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\sl-SI
2015-02-11 11:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\sk-SK
2015-02-11 11:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\ro-RO
2015-02-11 11:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\lv-LV
2015-02-11 11:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\lt-LT
2015-02-11 11:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\hr-HR
2015-02-11 11:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\he-IL
2015-02-11 11:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\et-EE
2015-02-11 11:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\bg-BG
2015-02-11 11:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\ar-SA
2015-02-11 11:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\zh-HK
2015-02-11 11:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\uk-UA
2015-02-11 11:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\tr-TR
2015-02-11 11:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\th-TH
2015-02-11 11:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\sr-Latn-CS
2015-02-11 11:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\sl-SI
2015-02-11 11:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\sk-SK
2015-02-11 11:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\ro-RO
2015-02-11 11:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\lv-LV
2015-02-11 11:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\lt-LT
2015-02-11 11:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\hr-HR
2015-02-11 11:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\he-IL
2015-02-11 11:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\et-EE
2015-02-11 11:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\bg-BG
2015-02-11 11:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\ar-SA
2015-02-11 11:12 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-02-11 10:36 - 2014-12-30 05:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-02-11 10:29 - 2015-01-13 22:57 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-11 10:25 - 2014-12-20 18:03 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-09 14:14 - 2015-01-17 01:46 - 00000000 ____D () C:\Program Files (x86)\Pro Evolution Soccer 2015
2015-02-09 13:51 - 2015-01-23 00:15 - 00001672 _____ () C:\Users\Shorty\Desktop\PESGalaxySwitch - Verknüpfung.lnk
2015-02-09 13:50 - 2015-01-23 00:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pesgalaxy.com Patch 2015
2015-02-05 22:01 - 2015-01-22 16:15 - 16017040 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\SET5BDE.tmp
2015-02-05 22:01 - 2014-12-20 11:22 - 18575880 _____ (NVIDIA Corporation) C:\Windows\system32\SET1C5D.tmp
2015-02-04 04:56 - 2015-01-22 16:15 - 16128576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-02-04 04:56 - 2014-12-20 11:23 - 00072904 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-02-04 04:56 - 2014-12-20 11:23 - 00059592 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-02-04 04:56 - 2014-12-20 11:22 - 18634072 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-02-04 04:56 - 2014-12-20 11:22 - 00026155 _____ () C:\Windows\system32\nvinfo.pb
2015-02-04 03:21 - 2014-12-20 11:23 - 06782152 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-02-04 03:21 - 2014-12-20 11:23 - 03522376 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-02-04 03:21 - 2014-12-20 11:23 - 02558792 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-02-04 03:21 - 2014-12-20 11:23 - 00384200 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-02-04 03:21 - 2014-12-20 11:23 - 00062792 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-02-03 17:18 - 2014-12-20 11:23 - 04229086 _____ () C:\Windows\system32\nvcoproc.bin
2015-02-02 08:41 - 2015-01-09 17:32 - 00000000 ____D () C:\Users\Shorty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-01-31 16:36 - 2014-12-20 20:46 - 00000000 ____D () C:\Users\Shorty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-01-29 17:08 - 2014-12-23 05:33 - 00007669 _____ () C:\Users\Shorty\AppData\Local\resmon.resmoncfg
2015-01-29 12:48 - 2015-01-13 17:52 - 00000000 ____D () C:\Program Files (x86)\Overwolf
2015-01-29 11:51 - 2011-04-12 08:54 - 00000000 __SHD () C:\Windows\BitLockerDiscoveryVolumeContents
2015-01-29 11:14 - 2015-01-08 15:23 - 00000000 ____D () C:\Users\Shorty\AppData\Roaming\HP

==================== Files in the root of some directories =======

2015-02-24 04:24 - 2015-02-24 04:24 - 0002613 _____ () C:\Users\Shorty\AppData\Local\recently-used.xbel
2014-12-23 05:33 - 2015-01-29 17:08 - 0007669 _____ () C:\Users\Shorty\AppData\Local\resmon.resmoncfg

Some content of TEMP:
====================
C:\Users\Shorty\AppData\Local\Temp\proxy_vole5080829650816756054.dll
C:\Users\Shorty\AppData\Local\Temp\sdan.exe
C:\Users\Shorty\AppData\Local\Temp\sdapk.exe
C:\Users\Shorty\AppData\Local\Temp\sdaspwn.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-23 12:14

==================== End Of Log ============================
--- --- ---

--- --- ---


Farbar's Recovery Scan Tool Addition Log
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-02-2015
Ran by Shorty at 2015-02-25 10:23:50
Running from C:\Users\Shorty\Desktop\Anti Virus
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Emsisoft Internet Security (Enabled - Up to date) {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Emsisoft Internet Security (Enabled - Up to date) {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
FW: Emsisoft Internet Security (Enabled) {BD3F5FCA-866B-1E2E-0A68-58900A751EA1}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4500_G510gm_Help (x32 Version: 000.0.440.000 - Hewlett-Packard) Hidden
4500G510gm (x32 Version: 000.0.423.000 - Hewlett-Packard) Hidden
4500G510gm_Software_Min (x32 Version: 000.0.423.000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 9.35 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0935-000001000000}) (Version: 9.35.00.0 - Igor Pavlov)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
ALF-BanCo 5 (HKLM-x32\...\Alf-BanCo5_is1) (Version: 5.4.3 - ALF AG)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version:  - Cheat Engine)
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.372.000 - Hewlett-Packard) Hidden
DocMgr (x32 Version: 130.0.000.000 - Ihr Firmenname) Hidden
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Emsisoft Internet Security (HKLM-x32\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 9.0 - Emsisoft Ltd.)
Euro Truck Simulator 2 (HKLM-x32\...\Steam App 227300) (Version:  - SCS Software)
Euro Truck Simulator 2 Multiplayer 0.1.4 R3 Alpha (HKLM-x32\...\{A227B892-C548-4490-9C5D-DB341F8194A6}_is1) (Version: 0.1.4 R3 Alpha - ETS2MP Team)
Farming Simulator 2013 (HKLM-x32\...\Steam App 220260) (Version:  - Giants Software)
Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Officejet 4500 G510g-m (HKLM\...\{E5083D57-D93F-404C-A91F-1C50D67C2BEB}) (Version: 13.0 - HP)
HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Installer (x32 Version: 1.0.0 - Sierra Entertainment, Inc.) Hidden
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4.5.2 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (dansk) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1030) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (español) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (Français) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1036) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (Italiano) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1040) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (Nederlands) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1043) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (Polski) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1045) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (Português do Brasil) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1046) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (Português) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 2070) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (suomi) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1035) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (svenska) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1053) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (Türkçe) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1055) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (Ελληνικά) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1032) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (Русский) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1049) (Version: 4.5.51209 - Корпорация Майкрософт)
Microsoft .NET Framework 4.5.2 (עברית) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1037) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (العربية) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1025) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (日本語) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1041) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (简体中文) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 2052) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2(한국어) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1042) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2, norsk språkpakke (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1044) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET-keretrendszer 4.5.2 (magyar) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1038) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Baseline Security Analyzer 2.3 (HKLM\...\{C058FC5D-565F-4360-A562-0527A3D993DC}) (Version: 2.3.2211 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{09298F26-A95C-31E2-9D95-2C60F586F075}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 37.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 37.0 (x86 de)) (Version: 37.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 37.0a2 - Mozilla)
Mozilla Thunderbird 31.5.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.5.0 (x86 de)) (Version: 31.5.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NBA 2K15 (HKLM-x32\...\Steam App 282350) (Version:  - Visual Concepts)
Network64 (Version: 130.0.550.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
NirSoft BlueScreenView (HKLM-x32\...\NirSoft BlueScreenView) (Version:  - )
NVIDIA Grafiktreiber 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.44 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.82.106.0 - Overwolf Ltd.)
Paragon Backup and Recovery™ 2014 Free (HKLM\...\{C268B5E1-A5DA-11DF-A289-005056C00008}) (Version: 90.00.0003 - Paragon Software)
PDF-XChange Editor (HKLM-x32\...\{d88fb4ce-640a-4893-b96e-ab3f641b997a}) (Version: 5.5.312.0 - Tracker Software Products (Canada) Ltd.)
PDF-XChange Editor (Version: 5.5.312.0 - Tracker Software Products (Canada) Ltd.) Hidden
Pesgalaxy.com Patch 2015 (HKLM-x32\...\Pesgalaxy.com Patch 2015 2.50) (Version: 2.50 - Pesgalaxy)
Pesgalaxy.com Patch 2015 (HKLM-x32\...\Pesgalaxy.com Patch 2015 2.51 Patch 1.03 Fix) (Version: 2.51 Patch 1.03 Fix - Pesgalaxy)
Pesgalaxy.com Patch 2015 (HKLM-x32\...\Pesgalaxy.com Patch 2015 2.51) (Version: 2.51 - Pesgalaxy)
Pesgalaxy.com Patch 2015 DLC Installer (HKLM-x32\...\Pesgalaxy.com Patch 2015 DLC Installer 2.50) (Version: 2.50 - Pesgalaxy)
Pro Evolution Soccer 2015 Version 1.01 (HKLM-x32\...\{62727D50-FA74-4A53-B57F-0DCBD9D8C1BB}_is1) (Version: 1.01 - Konami)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.90.826.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7373 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 3.1.2 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.2 - VS Revo Group, Ltd.)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
SmartWebPrinting (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Status (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SWAT 4 - THE STETCHKOV SYNDICATE (HKLM-x32\...\InstallShield_{97E12F84-C033-4DA2-97D2-F540C3E292EA}) (Version: 1.0.0 - Sierra Entertainment, Inc.)
SWAT 4 (HKLM-x32\...\InstallShield_{8E1CCF20-9E12-4824-BD59-7AD9E0486DD8}) (Version: 1.0.31763 - Ihr Firmenname)
SWAT 4 (x32 Version: 1.0.31763 - Ihr Firmenname) Hidden
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.376.000 - Hewlett-Packard) Hidden
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

12-02-2015 09:24:50 Windows Update
17-02-2015 08:59:23 Windows Update
17-02-2015 23:13:48 PDF-XChange Editor
17-02-2015 23:49:29 PDF-XChange Editor
24-02-2015 10:25:29 Removed Google Earth Pro.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2015-02-24 17:51 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {4C1928B3-8F77-446D-8408-21729F31928C} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {E1076A32-D786-4E42-9EEF-732291288399} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)

==================== Loaded Modules (whitelisted) ==============

2010-07-15 05:44 - 2010-07-15 05:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2014-12-20 11:23 - 2015-02-04 03:21 - 00115400 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-02-28 10:14 - 2014-02-28 10:14 - 00173568 _____ () C:\Program Files\TeamSpeak 3 Client\quazip.dll
2014-02-27 15:51 - 2014-02-27 15:51 - 01080832 _____ () C:\Program Files\TeamSpeak 3 Client\platforms\qwindows.dll
2014-02-27 15:51 - 2014-02-27 15:51 - 00833024 _____ () C:\Program Files\TeamSpeak 3 Client\sqldrivers\qsqlite.dll
2014-08-04 14:43 - 2014-08-04 14:43 - 00102344 _____ () C:\Program Files\TeamSpeak 3 Client\soundbackends\directsound_win64.dll
2014-08-04 14:43 - 2014-08-04 14:43 - 00108488 _____ () C:\Program Files\TeamSpeak 3 Client\soundbackends\windowsaudiosession_win64.dll
2014-02-27 15:51 - 2014-02-27 15:51 - 00030208 _____ () C:\Program Files\TeamSpeak 3 Client\imageformats\qgif.dll
2014-02-27 15:51 - 2014-02-27 15:51 - 00233984 _____ () C:\Program Files\TeamSpeak 3 Client\imageformats\qjpeg.dll
2014-08-04 14:46 - 2014-08-04 14:46 - 00563656 _____ () C:\Program Files\TeamSpeak 3 Client\plugins\clientquery_plugin.dll
2014-08-04 14:46 - 2014-08-04 14:46 - 00579016 _____ () C:\Program Files\TeamSpeak 3 Client\plugins\teamspeak_control_plugin.dll
2014-02-27 15:51 - 2014-02-27 15:51 - 00159232 _____ () C:\Program Files\TeamSpeak 3 Client\accessible\qtaccessiblewidgets.dll
2015-01-15 10:04 - 2015-01-15 10:04 - 00025600 _____ () C:\Program Files (x86)\Overwolf\0.82.106.0\CoreAudioApi.dll
2015-01-15 10:04 - 2015-01-15 10:04 - 38713856 _____ () C:\Program Files (x86)\Overwolf\0.82.106.0\libcef.DLL
2015-01-15 10:04 - 2015-01-15 10:04 - 00514528 _____ () C:\Program Files (x86)\Overwolf\0.82.106.0\libglesv2.dll
2015-01-15 10:04 - 2015-01-15 10:04 - 00105952 _____ () C:\Program Files (x86)\Overwolf\0.82.106.0\libegl.dll
2015-01-15 10:04 - 2015-01-15 10:04 - 01565128 _____ () C:\Program Files (x86)\Overwolf\0.82.106.0\teamspeak_control_win32.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2283336931-498017777-3949958785-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Shorty\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AxInstSV => 3
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: MpsSvc => 2

==================== Accounts: =============================

Administrator (S-1-5-21-2283336931-498017777-3949958785-500 - Administrator - Disabled)
Gast (S-1-5-21-2283336931-498017777-3949958785-501 - Limited - Disabled)
Shorty (S-1-5-21-2283336931-498017777-3949958785-1001 - Administrator - Enabled) => C:\Users\Shorty

==================== Faulty Device Manager Devices =============

Name: Diskettenlaufwerk
Description: Diskettenlaufwerk
Class Guid: {4d36e980-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standarddiskettenlaufwerke)
Service: flpydisk
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/25/2015 09:38:04 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (02/24/2015 06:00:14 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (02/24/2015 06:00:14 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_64) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (02/24/2015 05:36:24 PM) (Source: WinMgmt) (EventID: 4) (User: )
Description: 0x8004401eC:\WINDOWS\SYSTEM32\WBEM\JA-JP\AACLIENT.MFL

Error: (02/24/2015 05:36:17 PM) (Source: WinMgmt) (EventID: 4) (User: )
Description: 0x8004401eC:\WINDOWS\SYSTEM32\WBEM\DA-DK\AACLIENT.MFL

Error: (02/24/2015 05:36:12 PM) (Source: WinMgmt) (EventID: 4) (User: )
Description: 0x8004401eC:\WINDOWS\SYSTEM32\WBEM\RO-RO\AACLIENT.MFL

Error: (02/24/2015 05:36:06 PM) (Source: WinMgmt) (EventID: 4) (User: )
Description: 0x8004401eC:\WINDOWS\SYSTEM32\WBEM\HR-HR\AACLIENT.MFL

Error: (02/24/2015 05:35:59 PM) (Source: WinMgmt) (EventID: 4) (User: )
Description: 0x8004401eC:\WINDOWS\SYSTEM32\WBEM\ZH-HK\AACLIENT.MFL

Error: (02/24/2015 05:35:54 PM) (Source: WinMgmt) (EventID: 4) (User: )
Description: 0x8004401eC:\WINDOWS\SYSTEM32\WBEM\PT-BR\AACLIENT.MFL

Error: (02/24/2015 05:35:48 PM) (Source: WinMgmt) (EventID: 4) (User: )
Description: 0x8004401eC:\WINDOWS\SYSTEM32\WBEM\PT-PT\AACLIENT.MFL


System errors:
=============
Error: (02/24/2015 05:59:56 PM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: Dieser Computer ist als Mitglied einer Arbeitsgruppe konfiguriert, nicht als
Mitglied einer Domäne. Der Anmeldedienst braucht bei dieser
Konfiguration nicht gestartet zu sein.

Error: (02/24/2015 05:59:21 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Windows-Audio" wurde nicht richtig gestartet.

Error: (02/24/2015 05:54:32 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (02/24/2015 05:51:44 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.

Error: (02/24/2015 05:51:39 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.

Error: (02/24/2015 02:59:27 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem Fehler beendet: %%-2147023143.

Error: (02/24/2015 02:58:52 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (02/24/2015 02:32:24 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (02/24/2015 00:02:15 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (02/24/2015 00:00:32 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.


Microsoft Office Sessions:
=========================
Error: (02/25/2015 09:38:04 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Shorty\Desktop\Anti Virus\esetsmartinstaller_deu.exe

Error: (02/24/2015 06:00:14 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (02/24/2015 06:00:14 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_64) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (02/24/2015 05:36:24 PM) (Source: WinMgmt) (EventID: 4) (User: )
Description: 0x8004401eC:\WINDOWS\SYSTEM32\WBEM\JA-JP\AACLIENT.MFL

Error: (02/24/2015 05:36:17 PM) (Source: WinMgmt) (EventID: 4) (User: )
Description: 0x8004401eC:\WINDOWS\SYSTEM32\WBEM\DA-DK\AACLIENT.MFL

Error: (02/24/2015 05:36:12 PM) (Source: WinMgmt) (EventID: 4) (User: )
Description: 0x8004401eC:\WINDOWS\SYSTEM32\WBEM\RO-RO\AACLIENT.MFL

Error: (02/24/2015 05:36:06 PM) (Source: WinMgmt) (EventID: 4) (User: )
Description: 0x8004401eC:\WINDOWS\SYSTEM32\WBEM\HR-HR\AACLIENT.MFL

Error: (02/24/2015 05:35:59 PM) (Source: WinMgmt) (EventID: 4) (User: )
Description: 0x8004401eC:\WINDOWS\SYSTEM32\WBEM\ZH-HK\AACLIENT.MFL

Error: (02/24/2015 05:35:54 PM) (Source: WinMgmt) (EventID: 4) (User: )
Description: 0x8004401eC:\WINDOWS\SYSTEM32\WBEM\PT-BR\AACLIENT.MFL

Error: (02/24/2015 05:35:48 PM) (Source: WinMgmt) (EventID: 4) (User: )
Description: 0x8004401eC:\WINDOWS\SYSTEM32\WBEM\PT-PT\AACLIENT.MFL


==================== Memory info ===========================

Processor: AMD Athlon(tm) II X4 620 Processor
Percentage of memory in use: 29%
Total physical RAM: 8189.55 MB
Available physical RAM: 5812.3 MB
Total Pagefile: 16377.3 MB
Available Pagefile: 13314.28 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.79 GB) (Free:74.7 GB) NTFS
Drive d: () (Fixed) (Total:1397.26 GB) (Free:661.44 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 7CBE7CBE)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 1397.3 GB) (Disk ID: 0002CBBC)
Partition 1: (Not Active) - (Size=1397.3 GB) - (Type=07 NTFS)

==================== End Of Log ============================

schrauber 25.02.2015 17:43
Hi,

die beiden Funde sind weniger wild. Ist der Proxy in Firefox mit Absicht drin?

Madyou 25.02.2015 17:51
Gmer Log
Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-02-25 11:12:31
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-4 WDC_WD2500AAJS-00B4A0 rev.01.03A01 232,89GB
Running: 3x35l5v3.exe; Driver: C:\Users\Shorty\AppData\Local\Temp\kxldipow.sys


---- Kernel code sections - GMER 2.1 ----

.text  C:\Windows\System32\win32k.sys!W32pServiceTable                                                                                              fffff96000144900 7 bytes [00, 99, F3, FF, 41, AC, F0]
.text  C:\Windows\System32\win32k.sys!W32pServiceTable + 8                                                                                          fffff96000144908 3 bytes [00, 07, 02]

---- User code sections - GMER 2.1 ----

.text  C:\Windows\system32\Dwm.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                00000000772e1510 6 bytes {JMP QWORD [RIP+0x8e5eb20]}
.text  C:\Windows\system32\Dwm.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile                                                          00000000772e1520 6 bytes {JMP QWORD [RIP+0x8ebeb10]}
.text  C:\Windows\system32\Dwm.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                    00000000772e15e0 6 bytes {JMP QWORD [RIP+0x8e9ea50]}
.text  C:\Windows\system32\Dwm.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                  00000000772e1800 6 bytes {JMP QWORD [RIP+0x8e7e830]}
.text  C:\Windows\system32\Dwm.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey                                                                00000000772e18b0 6 bytes {JMP QWORD [RIP+0x8e1e780]}
.text  C:\Windows\system32\Dwm.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey                                                              00000000772e1e40 6 bytes {JMP QWORD [RIP+0x8e3e1f0]}
.text  C:\Windows\system32\Dwm.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                            00000000772e27e0 6 bytes {JMP QWORD [RIP+0x8edd850]}
.text  C:\Windows\system32\Dwm.exe[1472] C:\Windows\system32\kernel32.dll!CreateProcessInternalW                                                    000000007708db80 6 bytes {JMP QWORD [RIP+0x91524b0]}
.text  C:\Windows\system32\Dwm.exe[1472] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                    000007fefd169055 3 bytes [B5, 6F, 06]
.text  C:\Windows\Explorer.EXE[1500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                    00000000772e1510 6 bytes {JMP QWORD [RIP+0x8e5eb20]}
.text  C:\Windows\Explorer.EXE[1500] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile                                                              00000000772e1520 6 bytes {JMP QWORD [RIP+0x8ebeb10]}
.text  C:\Windows\Explorer.EXE[1500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                        00000000772e15e0 6 bytes {JMP QWORD [RIP+0x8e9ea50]}
.text  C:\Windows\Explorer.EXE[1500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                      00000000772e1800 6 bytes {JMP QWORD [RIP+0x8e7e830]}
.text  C:\Windows\Explorer.EXE[1500] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey                                                                    00000000772e18b0 6 bytes {JMP QWORD [RIP+0x8e1e780]}
.text  C:\Windows\Explorer.EXE[1500] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey                                                                  00000000772e1e40 6 bytes {JMP QWORD [RIP+0x8e3e1f0]}
.text  C:\Windows\Explorer.EXE[1500] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                00000000772e27e0 6 bytes {JMP QWORD [RIP+0x8edd850]}
.text  C:\Windows\Explorer.EXE[1500] C:\Windows\system32\kernel32.dll!CreateProcessInternalW                                                        000000007708db80 6 bytes JMP 0
.text  C:\Windows\Explorer.EXE[1500] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                        000007fefd169055 3 bytes [B5, 6F, 06]
.text  C:\Windows\Explorer.EXE[1500] C:\Windows\system32\WINSPOOL.DRV!AddPrintProvidorA                                                              000007fef60f7b34 6 bytes {JMP QWORD [RIP+0x1484fc]}
.text  C:\Windows\Explorer.EXE[1500] C:\Windows\system32\WINSPOOL.DRV!AddPrintProvidorW                                                              000007fef61003c0 6 bytes {JMP QWORD [RIP+0x15fc70]}
.text  C:\Windows\Explorer.EXE[1500] C:\Windows\system32\msi.dll!MsiSetInternalUI                                                                    000007fef4d15c70 6 bytes JMP 0
.text  C:\Windows\Explorer.EXE[1500] C:\Windows\system32\msi.dll!MsiInstallProductA                                                                  000007fef4d92ad4 2 bytes JMP 0
.text  C:\Windows\Explorer.EXE[1500] C:\Windows\system32\msi.dll!MsiInstallProductA + 3                                                              000007fef4d92ad7 3 bytes JMP 0
.text  C:\Windows\Explorer.EXE[1500] C:\Windows\system32\msi.dll!MsiInstallProductW                                                                  000007fef4da167c 6 bytes JMP 0
.text  C:\Windows\Explorer.EXE[1500] C:\Windows\system32\WS2_32.dll!WSALookupServiceBeginW                                                          000007fefe453030 6 bytes {JMP QWORD [RIP+0xe3d000]}
.text  C:\Windows\Explorer.EXE[1500] C:\Windows\system32\WS2_32.dll!connect + 1                                                                      000007fefe4545c1 5 bytes {JMP QWORD [RIP+0xddba70]}
.text  C:\Windows\Explorer.EXE[1500] C:\Windows\system32\WS2_32.dll!listen                                                                          000007fefe458290 6 bytes {JMP QWORD [RIP+0xe17da0]}
.text  C:\Windows\Explorer.EXE[1500] C:\Windows\system32\WS2_32.dll!WSAConnect                                                                      000007fefe47e0f0 6 bytes {JMP QWORD [RIP+0xdd1f40]}
.text  C:\Windows\system32\taskhost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                            00000000772e1510 6 bytes {JMP QWORD [RIP+0x8e5eb20]}
.text  C:\Windows\system32\taskhost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile                                                    00000000772e1520 6 bytes {JMP QWORD [RIP+0x8ebeb10]}
.text  C:\Windows\system32\taskhost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                              00000000772e15e0 6 bytes {JMP QWORD [RIP+0x8e9ea50]}
.text  C:\Windows\system32\taskhost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                            00000000772e1800 6 bytes {JMP QWORD [RIP+0x8e7e830]}
.text  C:\Windows\system32\taskhost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey                                                            00000000772e18b0 6 bytes {JMP QWORD [RIP+0x8e1e780]}
.text  C:\Windows\system32\taskhost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey                                                        00000000772e1e40 6 bytes {JMP QWORD [RIP+0x8e3e1f0]}
.text  C:\Windows\system32\taskhost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                      00000000772e27e0 6 bytes {JMP QWORD [RIP+0x8edd850]}
.text  C:\Windows\system32\taskhost.exe[1832] C:\Windows\system32\kernel32.dll!CreateProcessInternalW                                                000000007708db80 6 bytes {JMP QWORD [RIP+0x91524b0]}
.text  C:\Windows\system32\taskhost.exe[1832] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                000007fefd169055 3 bytes [B5, 6F, 06]
.text  C:\Windows\system32\taskhost.exe[1832] C:\Windows\system32\ADVAPI32.dll!CreateServiceW                                                        000007fefeac55c8 6 bytes {JMP QWORD [RIP+0x3daa68]}
.text  C:\Windows\system32\taskhost.exe[1832] C:\Windows\system32\ADVAPI32.dll!CreateServiceA                                                        000007fefeadb85c 6 bytes JMP 0
.text  C:\Program Files (x86)\Overwolf\Overwolf.exe[464] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess                                                000000007748fc20 3 bytes JMP 7184000a
.text  C:\Program Files (x86)\Overwolf\Overwolf.exe[464] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 4                                            000000007748fc24 2 bytes JMP 7184000a
.text  C:\Program Files (x86)\Overwolf\Overwolf.exe[464] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile                                          000000007748fc38 3 bytes JMP 717b000a
.text  C:\Program Files (x86)\Overwolf\Overwolf.exe[464] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 4                                      000000007748fc3c 2 bytes JMP 717b000a
.text  C:\Program Files (x86)\Overwolf\Overwolf.exe[464] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile                                                    000000007748fd64 3 bytes JMP 717e000a
.text  C:\Program Files (x86)\Overwolf\Overwolf.exe[464] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4                                                000000007748fd68 2 bytes JMP 717e000a
.text  C:\Program Files (x86)\Overwolf\Overwolf.exe[464] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile                                                  00000000774900b4 3 bytes JMP 7181000a
.text  C:\Program Files (x86)\Overwolf\Overwolf.exe[464] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4                                              00000000774900b8 2 bytes JMP 7181000a
.text  C:\Program Files (x86)\Overwolf\Overwolf.exe[464] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey                                                00000000774901c4 3 bytes JMP 718a000a
.text  C:\Program Files (x86)\Overwolf\Overwolf.exe[464] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey + 4                                            00000000774901c8 2 bytes JMP 718a000a
.text  C:\Program Files (x86)\Overwolf\Overwolf.exe[464] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey                                              0000000077490a44 3 bytes JMP 7187000a
.text  C:\Program Files (x86)\Overwolf\Overwolf.exe[464] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4                                          0000000077490a48 2 bytes JMP 7187000a
.text  C:\Program Files (x86)\Overwolf\Overwolf.exe[464] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                            0000000077491920 3 bytes JMP 7178000a
.text  C:\Program Files (x86)\Overwolf\Overwolf.exe[464] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread + 4                                        0000000077491924 2 bytes JMP 7178000a
.text  C:\Program Files (x86)\Overwolf\Overwolf.exe[464] C:\Windows\syswow64\KERNEL32.dll!CreateProcessInternalW                                    0000000075bf3bbb 3 bytes JMP 7175000a
.text  C:\Program Files (x86)\Overwolf\Overwolf.exe[464] C:\Windows\syswow64\KERNEL32.dll!CreateProcessInternalW + 4                                0000000075bf3bbf 2 bytes JMP 7175000a
.text  C:\Program Files (x86)\Overwolf\Overwolf.exe[464] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493                                    0000000075a22c9e 4 bytes CALL 71af0000
.text  C:\Program Files (x86)\Overwolf\Overwolf.exe[464] C:\Windows\syswow64\USER32.dll!GetMessageW                                                  00000000758778e2 5 bytes JMP 00000001628f8240
.text  C:\Program Files (x86)\Overwolf\Overwolf.exe[464] C:\Windows\syswow64\USER32.dll!SendMessageW                                                0000000075879679 6 bytes JMP 7199000a
.text  C:\Program Files (x86)\Overwolf\Overwolf.exe[464] C:\Windows\syswow64\USER32.dll!ShowWindow                                                  0000000075880dfb 5 bytes JMP 00000001628f87d0
.text  C:\Program Files (x86)\Overwolf\Overwolf.exe[464] C:\Windows\syswow64\USER32.dll!GetCursorPos                                                0000000075881218 5 bytes JMP 00000001628f7c80
.text  C:\Program Files (x86)\Overwolf\Overwolf.exe[464] C:\Windows\syswow64\USER32.dll!PostMessageW                                                00000000758812a5 6 bytes JMP 7193000a
.text  C:\Program Files (x86)\Overwolf\Overwolf.exe[464] C:\Windows\syswow64\USER32.dll!UpdateLayeredWindowIndirect                                  00000000758828da 5 bytes JMP 00000001628f70f0
.text  C:\Program Files (x86)\Overwolf\Overwolf.exe[464] C:\Windows\syswow64\USER32.dll!PostMessageA                                                0000000075883baa 6 bytes JMP 7196000a
.text  C:\Program Files (x86)\Overwolf\Overwolf.exe[464] C:\Windows\syswow64\USER32.dll!SendMessageA                                                000000007588612e 6 bytes JMP 719c000a
.text  C:\Program Files (x86)\Overwolf\Overwolf.exe[464] C:\Windows\syswow64\USER32.dll!WindowFromPoint                                              000000007589ed12 5 bytes JMP 00000001628f76f0
.text  C:\Program Files (x86)\Overwolf\Overwolf.exe[464] C:\Windows\syswow64\USER32.dll!AttachThreadInput                                            000000007589f188 5 bytes JMP 00000001628fa6c0
.text  C:\Program Files (x86)\Overwolf\Overwolf.exe[464] C:\Windows\syswow64\USER32.dll!SendInput                                                    000000007589ff4a 3 bytes JMP 719f000a
.text  C:\Program Files (x86)\Overwolf\Overwolf.exe[464] C:\Windows\syswow64\USER32.dll!SendInput + 4                                                000000007589ff4e 2 bytes JMP 719f000a
.text  C:\Program Files (x86)\Overwolf\Overwolf.exe[464] C:\Windows\syswow64\USER32.dll!mouse_event                                                  00000000758d027b 6 bytes JMP 71a5000a
.text  C:\Program Files (x86)\Overwolf\Overwolf.exe[464] C:\Windows\syswow64\USER32.dll!keybd_event                                                  00000000758d02bf 6 bytes JMP 71a2000a
.text  C:\Program Files (x86)\Overwolf\Overwolf.exe[464] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW                                            00000000759870c4 6 bytes JMP 718d000a
.text  C:\Program Files (x86)\Overwolf\Overwolf.exe[464] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA                                            00000000759a3264 6 bytes JMP 7190000a
.text  C:\Program Files (x86)\Overwolf\Overwolf.exe[464] C:\Windows\syswow64\SHELL32.dll!ShellExecuteW                                              0000000076383c39 4 bytes JMP 00000001628fa4f0
.text  C:\Program Files (x86)\Overwolf\Overwolf.exe[464] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17                                    00000000756b1401 2 bytes JMP 75c0b21b C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Overwolf\Overwolf.exe[464] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17                                      00000000756b1419 2 bytes JMP 75c0b346 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Overwolf\Overwolf.exe[464] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17                                    00000000756b1431 2 bytes JMP 75c88ea9 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Overwolf\Overwolf.exe[464] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42                                    00000000756b144a 2 bytes CALL 75be48ad C:\Windows\syswow64\KERNEL32.dll
.text  ...                                                                                                                                          * 9
.text  C:\Program Files (x86)\Overwolf\Overwolf.exe[464] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17                                        00000000756b14dd 2 bytes JMP 75c887a2 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Overwolf\Overwolf.exe[464] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17                                00000000756b14f5 2 bytes JMP 75c88978 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Overwolf\Overwolf.exe[464] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17                                        00000000756b150d 2 bytes JMP 75c88698 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Overwolf\Overwolf.exe[464] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17                                00000000756b1525 2 bytes JMP 75c88a62 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Overwolf\Overwolf.exe[464] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17                                      00000000756b153d 2 bytes JMP 75bffca8 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Overwolf\Overwolf.exe[464] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17                                            00000000756b1555 2 bytes JMP 75c068ef C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Overwolf\Overwolf.exe[464] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17                                    00000000756b156d 2 bytes JMP 75c88f61 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Overwolf\Overwolf.exe[464] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17                                      00000000756b1585 2 bytes JMP 75c88ac2 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Overwolf\Overwolf.exe[464] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17                                          00000000756b159d 2 bytes JMP 75c8865c C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Overwolf\Overwolf.exe[464] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17                                      00000000756b15b5 2 bytes JMP 75bffd41 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Overwolf\Overwolf.exe[464] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17                                    00000000756b15cd 2 bytes JMP 75c0b2dc C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Overwolf\Overwolf.exe[464] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20                                00000000756b16b2 2 bytes JMP 75c88e24 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Overwolf\Overwolf.exe[464] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31                                00000000756b16bd 2 bytes JMP 75c885f1 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Overwolf\Overwolf.exe[464] C:\Windows\syswow64\WS2_32.dll!WSALookupServiceBeginW                                      00000000753d575a 6 bytes JMP 7169000a
.text  C:\Program Files (x86)\Overwolf\Overwolf.exe[464] C:\Windows\syswow64\WS2_32.dll!connect                                                      00000000753d6bdd 6 bytes JMP 7172000a
.text  C:\Program Files (x86)\Overwolf\Overwolf.exe[464] C:\Windows\syswow64\WS2_32.dll!listen                                                      00000000753db001 6 bytes JMP 716c000a
.text  C:\Program Files (x86)\Overwolf\Overwolf.exe[464] C:\Windows\syswow64\WS2_32.dll!WSAConnect                                                  00000000753dcc3f 6 bytes JMP 716f000a
.text  C:\Program Files (x86)\Overwolf\Overwolf.exe[464] C:\Windows\syswow64\COMDLG32.dll!GetOpenFileNameW                                          00000000750ea2d5 5 bytes JMP 00000001628fa2b0
.text  C:\Program Files (x86)\Overwolf\Overwolf.exe[464] C:\Windows\syswow64\COMDLG32.dll!GetSaveFileNameW                                          00000000750ea36e 5 bytes JMP 00000001628fa3d0
.text  C:\Program Files (x86)\Common Files\Overwolf\0.82.106.0\OverwolfHelper.exe[2940] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess                  000000007748fc20 3 bytes JMP 718a000a
.text  C:\Program Files (x86)\Common Files\Overwolf\0.82.106.0\OverwolfHelper.exe[2940] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 4              000000007748fc24 2 bytes JMP 718a000a
.text  C:\Program Files (x86)\Common Files\Overwolf\0.82.106.0\OverwolfHelper.exe[2940] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile          000000007748fc38 3 bytes JMP 7181000a
.text  C:\Program Files (x86)\Common Files\Overwolf\0.82.106.0\OverwolfHelper.exe[2940] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 4      000000007748fc3c 2 bytes JMP 7181000a
.text  C:\Program Files (x86)\Common Files\Overwolf\0.82.106.0\OverwolfHelper.exe[2940] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile                    000000007748fd64 3 bytes JMP 7184000a
.text  C:\Program Files (x86)\Common Files\Overwolf\0.82.106.0\OverwolfHelper.exe[2940] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4                000000007748fd68 2 bytes JMP 7184000a
.text  C:\Program Files (x86)\Common Files\Overwolf\0.82.106.0\OverwolfHelper.exe[2940] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile                  00000000774900b4 3 bytes JMP 7187000a
.text  C:\Program Files (x86)\Common Files\Overwolf\0.82.106.0\OverwolfHelper.exe[2940] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4              00000000774900b8 2 bytes JMP 7187000a
.text  C:\Program Files (x86)\Common Files\Overwolf\0.82.106.0\OverwolfHelper.exe[2940] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey                  00000000774901c4 3 bytes JMP 7190000a
.text  C:\Program Files (x86)\Common Files\Overwolf\0.82.106.0\OverwolfHelper.exe[2940] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey + 4              00000000774901c8 2 bytes JMP 7190000a
.text  C:\Program Files (x86)\Common Files\Overwolf\0.82.106.0\OverwolfHelper.exe[2940] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey              0000000077490a44 3 bytes JMP 718d000a
.text  C:\Program Files (x86)\Common Files\Overwolf\0.82.106.0\OverwolfHelper.exe[2940] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4          0000000077490a48 2 bytes JMP 718d000a
.text  C:\Program Files (x86)\Common Files\Overwolf\0.82.106.0\OverwolfHelper.exe[2940] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread            0000000077491920 3 bytes JMP 717e000a
.text  C:\Program Files (x86)\Common Files\Overwolf\0.82.106.0\OverwolfHelper.exe[2940] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread + 4        0000000077491924 2 bytes JMP 717e000a
.text  C:\Program Files (x86)\Common Files\Overwolf\0.82.106.0\OverwolfHelper.exe[2940] C:\Windows\syswow64\KERNEL32.dll!CreateProcessInternalW      0000000075bf3bbb 3 bytes JMP 717b000a
.text  C:\Program Files (x86)\Common Files\Overwolf\0.82.106.0\OverwolfHelper.exe[2940] C:\Windows\syswow64\KERNEL32.dll!CreateProcessInternalW + 4  0000000075bf3bbf 2 bytes JMP 717b000a
.text  C:\Program Files (x86)\Common Files\Overwolf\0.82.106.0\OverwolfHelper.exe[2940] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493      0000000075a22c9e 4 bytes CALL 71af0000
.text  C:\Program Files (x86)\Common Files\Overwolf\0.82.106.0\OverwolfHelper.exe[2940] C:\Windows\syswow64\USER32.dll!SendMessageW                  0000000075879679 6 bytes JMP 719f000a
.text  C:\Program Files (x86)\Common Files\Overwolf\0.82.106.0\OverwolfHelper.exe[2940] C:\Windows\syswow64\USER32.dll!PostMessageW                  00000000758812a5 6 bytes JMP 7199000a
.text  C:\Program Files (x86)\Common Files\Overwolf\0.82.106.0\OverwolfHelper.exe[2940] C:\Windows\syswow64\USER32.dll!PostMessageA                  0000000075883baa 6 bytes JMP 719c000a
.text  C:\Program Files (x86)\Common Files\Overwolf\0.82.106.0\OverwolfHelper.exe[2940] C:\Windows\syswow64\USER32.dll!SendMessageA                  000000007588612e 6 bytes JMP 71a2000a
.text  C:\Program Files (x86)\Common Files\Overwolf\0.82.106.0\OverwolfHelper.exe[2940] C:\Windows\syswow64\USER32.dll!SendInput                    000000007589ff4a 3 bytes JMP 71a5000a
.text  C:\Program Files (x86)\Common Files\Overwolf\0.82.106.0\OverwolfHelper.exe[2940] C:\Windows\syswow64\USER32.dll!SendInput + 4                000000007589ff4e 2 bytes JMP 71a5000a
.text  C:\Program Files (x86)\Common Files\Overwolf\0.82.106.0\OverwolfHelper.exe[2940] C:\Windows\syswow64\USER32.dll!mouse_event                  00000000758d027b 6 bytes JMP 71ab000a
.text  C:\Program Files (x86)\Common Files\Overwolf\0.82.106.0\OverwolfHelper.exe[2940] C:\Windows\syswow64\USER32.dll!keybd_event                  00000000758d02bf 6 bytes JMP 71a8000a
.text  C:\Program Files (x86)\Common Files\Overwolf\0.82.106.0\OverwolfHelper.exe[2940] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW              00000000759870c4 6 bytes JMP 7193000a
.text  C:\Program Files (x86)\Common Files\Overwolf\0.82.106.0\OverwolfHelper.exe[2940] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA              00000000759a3264 6 bytes JMP 7196000a
.text  C:\Program Files (x86)\Common Files\Overwolf\0.82.106.0\OverwolfHelper.exe[2940] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17      00000000756b1401 2 bytes JMP 75c0b21b C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Common Files\Overwolf\0.82.106.0\OverwolfHelper.exe[2940] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17        00000000756b1419 2 bytes JMP 75c0b346 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Common Files\Overwolf\0.82.106.0\OverwolfHelper.exe[2940] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17      00000000756b1431 2 bytes JMP 75c88ea9 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Common Files\Overwolf\0.82.106.0\OverwolfHelper.exe[2940] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42      00000000756b144a 2 bytes CALL 75be48ad C:\Windows\syswow64\KERNEL32.dll
.text  ...                                                                                                                                          * 9
.text  C:\Program Files (x86)\Common Files\Overwolf\0.82.106.0\OverwolfHelper.exe[2940] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17        00000000756b14dd 2 bytes JMP 75c887a2 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Common Files\Overwolf\0.82.106.0\OverwolfHelper.exe[2940] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17  00000000756b14f5 2 bytes JMP 75c88978 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Common Files\Overwolf\0.82.106.0\OverwolfHelper.exe[2940] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17        00000000756b150d 2 bytes JMP 75c88698 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Common Files\Overwolf\0.82.106.0\OverwolfHelper.exe[2940] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17  00000000756b1525 2 bytes JMP 75c88a62 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Common Files\Overwolf\0.82.106.0\OverwolfHelper.exe[2940] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17        00000000756b153d 2 bytes JMP 75bffca8 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Common Files\Overwolf\0.82.106.0\OverwolfHelper.exe[2940] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17            00000000756b1555 2 bytes JMP 75c068ef C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Common Files\Overwolf\0.82.106.0\OverwolfHelper.exe[2940] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17      00000000756b156d 2 bytes JMP 75c88f61 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Common Files\Overwolf\0.82.106.0\OverwolfHelper.exe[2940] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17        00000000756b1585 2 bytes JMP 75c88ac2 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Common Files\Overwolf\0.82.106.0\OverwolfHelper.exe[2940] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17          00000000756b159d 2 bytes JMP 75c8865c C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Common Files\Overwolf\0.82.106.0\OverwolfHelper.exe[2940] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17        00000000756b15b5 2 bytes JMP 75bffd41 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Common Files\Overwolf\0.82.106.0\OverwolfHelper.exe[2940] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17      00000000756b15cd 2 bytes JMP 75c0b2dc C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Common Files\Overwolf\0.82.106.0\OverwolfHelper.exe[2940] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20  00000000756b16b2 2 bytes JMP 75c88e24 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Common Files\Overwolf\0.82.106.0\OverwolfHelper.exe[2940] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31  00000000756b16bd 2 bytes JMP 75c885f1 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Common Files\Overwolf\0.82.106.0\OverwolfHelper64.exe[4324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                00000000772e1510 6 bytes {JMP QWORD [RIP+0x8e5eb20]}
.text  C:\Program Files (x86)\Common Files\Overwolf\0.82.106.0\OverwolfHelper64.exe[4324] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile        00000000772e1520 6 bytes {JMP QWORD [RIP+0x8ebeb10]}
.text  C:\Program Files (x86)\Common Files\Overwolf\0.82.106.0\OverwolfHelper64.exe[4324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                  00000000772e15e0 6 bytes {JMP QWORD [RIP+0x8e9ea50]}
.text  C:\Program Files (x86)\Common Files\Overwolf\0.82.106.0\OverwolfHelper64.exe[4324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                00000000772e1800 6 bytes {JMP QWORD [RIP+0x8e7e830]}
.text  C:\Program Files (x86)\Common Files\Overwolf\0.82.106.0\OverwolfHelper64.exe[4324] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey                00000000772e18b0 6 bytes {JMP QWORD [RIP+0x8e1e780]}
.text  C:\Program Files (x86)\Common Files\Overwolf\0.82.106.0\OverwolfHelper64.exe[4324] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey            00000000772e1e40 6 bytes {JMP QWORD [RIP+0x8e3e1f0]}
.text  C:\Program Files (x86)\Common Files\Overwolf\0.82.106.0\OverwolfHelper64.exe[4324] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread          00000000772e27e0 6 bytes {JMP QWORD [RIP+0x8edd850]}
.text  C:\Program Files (x86)\Common Files\Overwolf\0.82.106.0\OverwolfHelper64.exe[4324] C:\Windows\system32\kernel32.dll!CreateProcessInternalW    000000007708db80 6 bytes {JMP QWORD [RIP+0x91524b0]}
.text  C:\Program Files (x86)\Common Files\Overwolf\0.82.106.0\OverwolfHelper64.exe[4324] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357    000007fefd169055 3 bytes [B5, 6F, 06]
.text  C:\Program Files (x86)\Overwolf\0.82.106.0\OverwolfBrowser.exe[1588] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess                              000000007748fc20 3 bytes JMP 7184000a
.text  C:\Program Files (x86)\Overwolf\0.82.106.0\OverwolfBrowser.exe[1588] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 4                          000000007748fc24 2 bytes JMP 7184000a
.text  C:\Program Files (x86)\Overwolf\0.82.106.0\OverwolfBrowser.exe[1588] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile                      000000007748fc38 3 bytes JMP 717b000a
.text  C:\Program Files (x86)\Overwolf\0.82.106.0\OverwolfBrowser.exe[1588] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 4                  000000007748fc3c 2 bytes JMP 717b000a
.text  C:\Program Files (x86)\Overwolf\0.82.106.0\OverwolfBrowser.exe[1588] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile                                000000007748fd64 3 bytes JMP 717e000a
.text  C:\Program Files (x86)\Overwolf\0.82.106.0\OverwolfBrowser.exe[1588] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4                            000000007748fd68 2 bytes JMP 717e000a
.text  C:\Program Files (x86)\Overwolf\0.82.106.0\OverwolfBrowser.exe[1588] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile                              00000000774900b4 3 bytes JMP 7181000a
.text  C:\Program Files (x86)\Overwolf\0.82.106.0\OverwolfBrowser.exe[1588] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4                          00000000774900b8 2 bytes JMP 7181000a
.text  C:\Program Files (x86)\Overwolf\0.82.106.0\OverwolfBrowser.exe[1588] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey                              00000000774901c4 3 bytes JMP 718a000a
.text  C:\Program Files (x86)\Overwolf\0.82.106.0\OverwolfBrowser.exe[1588] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey + 4                          00000000774901c8 2 bytes JMP 718a000a
.text  C:\Program Files (x86)\Overwolf\0.82.106.0\OverwolfBrowser.exe[1588] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey                          0000000077490a44 3 bytes JMP 7187000a
.text  C:\Program Files (x86)\Overwolf\0.82.106.0\OverwolfBrowser.exe[1588] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4                      0000000077490a48 2 bytes JMP 7187000a
.text  C:\Program Files (x86)\Overwolf\0.82.106.0\OverwolfBrowser.exe[1588] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                        0000000077491920 3 bytes JMP 7178000a
.text  C:\Program Files (x86)\Overwolf\0.82.106.0\OverwolfBrowser.exe[1588] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread + 4                    0000000077491924 2 bytes JMP 7178000a
.text  C:\Program Files (x86)\Overwolf\0.82.106.0\OverwolfBrowser.exe[1588] C:\Windows\syswow64\KERNEL32.dll!CreateProcessInternalW                  0000000075bf3bbb 3 bytes JMP 7175000a
.text  C:\Program Files (x86)\Overwolf\0.82.106.0\OverwolfBrowser.exe[1588] C:\Windows\syswow64\KERNEL32.dll!CreateProcessInternalW + 4              0000000075bf3bbf 2 bytes JMP 7175000a
.text  C:\Program Files (x86)\Overwolf\0.82.106.0\OverwolfBrowser.exe[1588] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493                  0000000075a22c9e 4 bytes CALL 71af0000
.text  C:\Program Files (x86)\Overwolf\0.82.106.0\OverwolfBrowser.exe[1588] C:\Windows\syswow64\USER32.dll!SendMessageW                              0000000075879679 6 bytes JMP 7199000a
.text  C:\Program Files (x86)\Overwolf\0.82.106.0\OverwolfBrowser.exe[1588] C:\Windows\syswow64\USER32.dll!PostMessageW                              00000000758812a5 6 bytes JMP 7193000a
.text  C:\Program Files (x86)\Overwolf\0.82.106.0\OverwolfBrowser.exe[1588] C:\Windows\syswow64\USER32.dll!PostMessageA                              0000000075883baa 6 bytes JMP 7196000a
.text  C:\Program Files (x86)\Overwolf\0.82.106.0\OverwolfBrowser.exe[1588] C:\Windows\syswow64\USER32.dll!SendMessageA                              000000007588612e 6 bytes JMP 719c000a
.text  C:\Program Files (x86)\Overwolf\0.82.106.0\OverwolfBrowser.exe[1588] C:\Windows\syswow64\USER32.dll!SendInput                                000000007589ff4a 3 bytes JMP 719f000a
.text  C:\Program Files (x86)\Overwolf\0.82.106.0\OverwolfBrowser.exe[1588] C:\Windows\syswow64\USER32.dll!SendInput + 4                            000000007589ff4e 2 bytes JMP 719f000a
.text  C:\Program Files (x86)\Overwolf\0.82.106.0\OverwolfBrowser.exe[1588] C:\Windows\syswow64\USER32.dll!mouse_event                              00000000758d027b 6 bytes JMP 71a5000a
.text  C:\Program Files (x86)\Overwolf\0.82.106.0\OverwolfBrowser.exe[1588] C:\Windows\syswow64\USER32.dll!keybd_event                              00000000758d02bf 6 bytes JMP 71a2000a
.text  C:\Program Files (x86)\Overwolf\0.82.106.0\OverwolfBrowser.exe[1588] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW                          00000000759870c4 6 bytes JMP 718d000a
.text  C:\Program Files (x86)\Overwolf\0.82.106.0\OverwolfBrowser.exe[1588] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA                          00000000759a3264 6 bytes JMP 7190000a
.text  C:\Program Files (x86)\Overwolf\0.82.106.0\OverwolfBrowser.exe[1588] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                  00000000756b1401 2 bytes JMP 75c0b21b C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Overwolf\0.82.106.0\OverwolfBrowser.exe[1588] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                    00000000756b1419 2 bytes JMP 75c0b346 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Overwolf\0.82.106.0\OverwolfBrowser.exe[1588] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                  00000000756b1431 2 bytes JMP 75c88ea9 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Overwolf\0.82.106.0\OverwolfBrowser.exe[1588] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                  00000000756b144a 2 bytes CALL 75be48ad C:\Windows\syswow64\KERNEL32.dll
.text  ...                                                                                                                                          * 9
.text  C:\Program Files (x86)\Overwolf\0.82.106.0\OverwolfBrowser.exe[1588] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                    00000000756b14dd 2 bytes JMP 75c887a2 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Overwolf\0.82.106.0\OverwolfBrowser.exe[1588] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17              00000000756b14f5 2 bytes JMP 75c88978 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Overwolf\0.82.106.0\OverwolfBrowser.exe[1588] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                    00000000756b150d 2 bytes JMP 75c88698 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Overwolf\0.82.106.0\OverwolfBrowser.exe[1588] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17              00000000756b1525 2 bytes JMP 75c88a62 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Overwolf\0.82.106.0\OverwolfBrowser.exe[1588] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                    00000000756b153d 2 bytes JMP 75bffca8 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Overwolf\0.82.106.0\OverwolfBrowser.exe[1588] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                        00000000756b1555 2 bytes JMP 75c068ef C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Overwolf\0.82.106.0\OverwolfBrowser.exe[1588] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                  00000000756b156d 2 bytes JMP 75c88f61 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Overwolf\0.82.106.0\OverwolfBrowser.exe[1588] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                    00000000756b1585 2 bytes JMP 75c88ac2 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Overwolf\0.82.106.0\OverwolfBrowser.exe[1588] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                      00000000756b159d 2 bytes JMP 75c8865c C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Overwolf\0.82.106.0\OverwolfBrowser.exe[1588] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                    00000000756b15b5 2 bytes JMP 75bffd41 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Overwolf\0.82.106.0\OverwolfBrowser.exe[1588] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                  00000000756b15cd 2 bytes JMP 75c0b2dc C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Overwolf\0.82.106.0\OverwolfBrowser.exe[1588] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20              00000000756b16b2 2 bytes JMP 75c88e24 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Overwolf\0.82.106.0\OverwolfBrowser.exe[1588] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31              00000000756b16bd 2 bytes JMP 75c885f1 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Overwolf\0.82.106.0\OverwolfBrowser.exe[1588] C:\Windows\syswow64\WS2_32.dll!WSALookupServiceBeginW                    00000000753d575a 6 bytes JMP 7169000a
.text  C:\Program Files (x86)\Overwolf\0.82.106.0\OverwolfBrowser.exe[1588] C:\Windows\syswow64\WS2_32.dll!connect                                  00000000753d6bdd 6 bytes JMP 7172000a
.text  C:\Program Files (x86)\Overwolf\0.82.106.0\OverwolfBrowser.exe[1588] C:\Windows\syswow64\WS2_32.dll!listen                                    00000000753db001 6 bytes JMP 716c000a
.text  C:\Program Files (x86)\Overwolf\0.82.106.0\OverwolfBrowser.exe[1588] C:\Windows\syswow64\WS2_32.dll!WSAConnect                                00000000753dcc3f 6 bytes JMP 716f000a
.text  C:\Program Files (x86)\Overwolf\0.82.106.0\OverwolfTSHelper.exe[3956] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess                            000000007748fc20 3 bytes JMP 7178000a
.text  C:\Program Files (x86)\Overwolf\0.82.106.0\OverwolfTSHelper.exe[3956] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 4                        000000007748fc24 2 bytes JMP 7178000a
.text  C:\Program Files (x86)\Overwolf\0.82.106.0\OverwolfTSHelper.exe[3956] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile                      000000007748fc38 3 bytes JMP 716f000a
.text  C:\Program Files (x86)\Overwolf\0.82.106.0\OverwolfTSHelper.exe[3956] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 4                  000000007748fc3c 2 bytes JMP 716f000a
.text  C:\Program Files (x86)\Overwolf\0.82.106.0\OverwolfTSHelper.exe[3956] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile                                000000007748fd64 3 bytes JMP 7172000a
.text  C:\Program Files (x86)\Overwolf\0.82.106.0\OverwolfTSHelper.exe[3956] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4                            000000007748fd68 2 bytes JMP 7172000a
.text  C:\Program Files (x86)\Overwolf\0.82.106.0\OverwolfTSHelper.exe[3956] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile                              00000000774900b4 3 bytes JMP 7175000a
.text  C:\Program Files (x86)\Overwolf\0.82.106.0\OverwolfTSHelper.exe[3956] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4                          00000000774900b8 2 bytes JMP 7175000a
.text  C:\Program Files (x86)\Overwolf\0.82.106.0\OverwolfTSHelper.exe[3956] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey                            00000000774901c4 3 bytes JMP 717e000a
.text  C:\Program Files (x86)\Overwolf\0.82.106.0\OverwolfTSHelper.exe[3956] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey + 4                        00000000774901c8 2 bytes JMP 717e000a
.text  C:\Program Files (x86)\Overwolf\0.82.106.0\OverwolfTSHelper.exe[3956] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey                          0000000077490a44 3 bytes JMP 717b000a
.text  C:\Program Files (x86)\Overwolf\0.82.106.0\OverwolfTSHelper.exe[3956] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4                      0000000077490a48 2 bytes JMP 717b000a
.text  C:\Program Files (x86)\Overwolf\0.82.106.0\OverwolfTSHelper.exe[3956] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                        0000000077491920 3 bytes JMP 716c000a
.text  C:\Program Files (x86)\Overwolf\0.82.106.0\OverwolfTSHelper.exe[3956] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread + 4                    0000000077491924 2 bytes JMP 716c000a
.text  C:\Program Files (x86)\Overwolf\0.82.106.0\OverwolfTSHelper.exe[3956] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW                0000000075bf3bbb 3 bytes JMP 7169000a
.text  C:\Program Files (x86)\Overwolf\0.82.106.0\OverwolfTSHelper.exe[3956] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4            0000000075bf3bbf 2 bytes JMP 7169000a
.text  C:\Program Files (x86)\Overwolf\0.82.106.0\OverwolfTSHelper.exe[3956] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493                0000000075a22c9e 4 bytes CALL 71af0000
.text  C:\Program Files (x86)\Overwolf\0.82.106.0\OverwolfTSHelper.exe[3956] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW                        00000000759870c4 6 bytes JMP 7181000a
.text  C:\Program Files (x86)\Overwolf\0.82.106.0\OverwolfTSHelper.exe[3956] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA                        00000000759a3264 6 bytes JMP 7184000a
.text  C:\Program Files (x86)\Overwolf\0.82.106.0\OverwolfTSHelper.exe[3956] C:\Windows\syswow64\USER32.dll!SendMessageW                            0000000075879679 6 bytes JMP 718d000a
.text  C:\Program Files (x86)\Overwolf\0.82.106.0\OverwolfTSHelper.exe[3956] C:\Windows\syswow64\USER32.dll!PostMessageW                            00000000758812a5 6 bytes JMP 7187000a
.text  C:\Program Files (x86)\Overwolf\0.82.106.0\OverwolfTSHelper.exe[3956] C:\Windows\syswow64\USER32.dll!PostMessageA                            0000000075883baa 6 bytes JMP 718a000a
.text  C:\Program Files (x86)\Overwolf\0.82.106.0\OverwolfTSHelper.exe[3956] C:\Windows\syswow64\USER32.dll!SendMessageA                            000000007588612e 6 bytes JMP 7190000a
.text  C:\Program Files (x86)\Overwolf\0.82.106.0\OverwolfTSHelper.exe[3956] C:\Windows\syswow64\USER32.dll!SendInput                                000000007589ff4a 3 bytes JMP 7193000a
.text  C:\Program Files (x86)\Overwolf\0.82.106.0\OverwolfTSHelper.exe[3956] C:\Windows\syswow64\USER32.dll!SendInput + 4                            000000007589ff4e 2 bytes JMP 7193000a
.text  C:\Program Files (x86)\Overwolf\0.82.106.0\OverwolfTSHelper.exe[3956] C:\Windows\syswow64\USER32.dll!mouse_event                              00000000758d027b 6 bytes JMP 7199000a
.text  C:\Program Files (x86)\Overwolf\0.82.106.0\OverwolfTSHelper.exe[3956] C:\Windows\syswow64\USER32.dll!keybd_event                              00000000758d02bf 6 bytes JMP 7196000a
.text  C:\Program Files (x86)\Overwolf\0.82.106.0\OverwolfTSHelper.exe[3956] C:\Windows\syswow64\WS2_32.dll!WSALookupServiceBeginW                  00000000753d575a 6 bytes JMP 719c000a
.text  C:\Program Files (x86)\Overwolf\0.82.106.0\OverwolfTSHelper.exe[3956] C:\Windows\syswow64\WS2_32.dll!connect                                  00000000753d6bdd 6 bytes JMP 71a5000a
.text  C:\Program Files (x86)\Overwolf\0.82.106.0\OverwolfTSHelper.exe[3956] C:\Windows\syswow64\WS2_32.dll!listen                                  00000000753db001 6 bytes JMP 719f000a
.text  C:\Program Files (x86)\Overwolf\0.82.106.0\OverwolfTSHelper.exe[3956] C:\Windows\syswow64\WS2_32.dll!WSAConnect                              00000000753dcc3f 6 bytes JMP 71a2000a
.text  C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                    00000000772e1510 6 bytes {JMP QWORD [RIP+0x8e5eb20]}
.text  C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile                              00000000772e1520 6 bytes {JMP QWORD [RIP+0x8ebeb10]}
.text  C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                        00000000772e15e0 6 bytes {JMP QWORD [RIP+0x8e9ea50]}
.text  C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                      00000000772e1800 6 bytes JMP 0
.text  C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey                                    00000000772e18b0 6 bytes {JMP QWORD [RIP+0x8e1e780]}
.text  C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey                                  00000000772e1e40 6 bytes {JMP QWORD [RIP+0x8e3e1f0]}
.text  C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                00000000772e27e0 6 bytes {JMP QWORD [RIP+0x8edd850]}
.text  C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[4980] C:\Windows\system32\kernel32.dll!CreateProcessInternalW                        000000007708db80 6 bytes {JMP QWORD [RIP+0x91524b0]}
.text  C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[4980] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                        000007fefd169055 3 bytes [B5, 6F, 1D]
.text  C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[4980] C:\Windows\system32\GDI32.dll!BitBlt                                            000007feff0a24c0 5 bytes JMP 000007ffead789b0
.text  C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[4980] C:\Windows\system32\ole32.dll!CoCreateInstance                                  000007fefec77490 5 bytes JMP 000007ffead79ed0
.text  C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[4980] C:\Windows\system32\ADVAPI32.dll!CreateServiceW                                000007fefeac55c8 6 bytes JMP 0
.text  C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[4980] C:\Windows\system32\ADVAPI32.dll!CreateServiceA                                000007fefeadb85c 6 bytes JMP 0
.text  C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[4980] C:\Windows\system32\WS2_32.dll!WSALookupServiceBeginW                          000007fefe453030 6 bytes {JMP QWORD [RIP+0xcd000]}
.text  C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[4980] C:\Windows\system32\WS2_32.dll!connect + 1                                      000007fefe4545c1 5 bytes JMP 89a3
.text  C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[4980] C:\Windows\system32\WS2_32.dll!listen                                          000007fefe458290 6 bytes {JMP QWORD [RIP+0xa7da0]}
.text  C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[4980] C:\Windows\system32\WS2_32.dll!WSAConnect                                      000007fefe47e0f0 6 bytes JMP 22000000
.text  C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[4980] C:\Windows\system32\COMDLG32.dll!GetOpenFileNameW                              000007feff2656b8 5 bytes JMP 000007ffead796e0
.text  C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[4980] C:\Windows\system32\COMDLG32.dll!GetSaveFileNameW                              000007feff26575c 5 bytes JMP 000007ffead798b0
.text  C:\Windows\system32\taskhost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                            00000000772e1510 6 bytes {JMP QWORD [RIP+0x8e5eb20]}
.text  C:\Windows\system32\taskhost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile                                                      00000000772e1520 6 bytes {JMP QWORD [RIP+0x8ebeb10]}
.text  C:\Windows\system32\taskhost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                00000000772e15e0 6 bytes {JMP QWORD [RIP+0x8e9ea50]}
.text  C:\Windows\system32\taskhost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                              00000000772e1800 6 bytes {JMP QWORD [RIP+0x8e7e830]}
.text  C:\Windows\system32\taskhost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey                                                            00000000772e18b0 6 bytes {JMP QWORD [RIP+0x8e1e780]}
.text  C:\Windows\system32\taskhost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey                                                          00000000772e1e40 6 bytes {JMP QWORD [RIP+0x8e3e1f0]}
.text  C:\Windows\system32\taskhost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                        00000000772e27e0 6 bytes {JMP QWORD [RIP+0x8edd850]}
.text  C:\Windows\system32\taskhost.exe[712] C:\Windows\system32\kernel32.dll!CreateProcessInternalW                                                000000007708db80 6 bytes {JMP QWORD [RIP+0x91524b0]}
.text  C:\Windows\system32\taskhost.exe[712] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                000007fefd169055 3 bytes CALL 77000026
.text  C:\Windows\system32\taskhost.exe[712] C:\Windows\system32\WS2_32.dll!WSALookupServiceBeginW                                                  000007fefe453030 6 bytes {JMP QWORD [RIP+0xcd000]}
.text  C:\Windows\system32\taskhost.exe[712] C:\Windows\system32\WS2_32.dll!connect + 1                                                              000007fefe4545c1 5 bytes {JMP QWORD [RIP+0x6ba70]}
.text  C:\Windows\system32\taskhost.exe[712] C:\Windows\system32\WS2_32.dll!listen                                                                  000007fefe458290 6 bytes {JMP QWORD [RIP+0xa7da0]}
.text  C:\Windows\system32\taskhost.exe[712] C:\Windows\system32\WS2_32.dll!WSAConnect                                                              000007fefe47e0f0 6 bytes JMP 19a3
.text  C:\Users\Shorty\Desktop\Anti Virus\3x35l5v3.exe[4904] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess                                            000000007748fc20 3 bytes JMP 718a000a
.text  C:\Users\Shorty\Desktop\Anti Virus\3x35l5v3.exe[4904] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 4                                        000000007748fc24 2 bytes JMP 718a000a
.text  C:\Users\Shorty\Desktop\Anti Virus\3x35l5v3.exe[4904] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile                                      000000007748fc38 3 bytes JMP 7181000a
.text  C:\Users\Shorty\Desktop\Anti Virus\3x35l5v3.exe[4904] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 4                                  000000007748fc3c 2 bytes JMP 7181000a
.text  C:\Users\Shorty\Desktop\Anti Virus\3x35l5v3.exe[4904] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile                                                000000007748fd64 3 bytes JMP 7184000a
.text  C:\Users\Shorty\Desktop\Anti Virus\3x35l5v3.exe[4904] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4                                            000000007748fd68 2 bytes JMP 7184000a
.text  C:\Users\Shorty\Desktop\Anti Virus\3x35l5v3.exe[4904] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile                                              00000000774900b4 3 bytes JMP 7187000a
.text  C:\Users\Shorty\Desktop\Anti Virus\3x35l5v3.exe[4904] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4                                          00000000774900b8 2 bytes JMP 7187000a
.text  C:\Users\Shorty\Desktop\Anti Virus\3x35l5v3.exe[4904] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey                                            00000000774901c4 3 bytes JMP 7190000a
.text  C:\Users\Shorty\Desktop\Anti Virus\3x35l5v3.exe[4904] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey + 4                                        00000000774901c8 2 bytes JMP 7190000a
.text  C:\Users\Shorty\Desktop\Anti Virus\3x35l5v3.exe[4904] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey                                          0000000077490a44 3 bytes JMP 718d000a
.text  C:\Users\Shorty\Desktop\Anti Virus\3x35l5v3.exe[4904] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4                                      0000000077490a48 2 bytes JMP 718d000a
.text  C:\Users\Shorty\Desktop\Anti Virus\3x35l5v3.exe[4904] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                        0000000077491920 3 bytes JMP 717e000a
.text  C:\Users\Shorty\Desktop\Anti Virus\3x35l5v3.exe[4904] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread + 4                                    0000000077491924 2 bytes JMP 717e000a
.text  C:\Users\Shorty\Desktop\Anti Virus\3x35l5v3.exe[4904] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW                                0000000075bf3bbb 3 bytes JMP 717b000a
.text  C:\Users\Shorty\Desktop\Anti Virus\3x35l5v3.exe[4904] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4                            0000000075bf3bbf 2 bytes JMP 717b000a
.text  C:\Users\Shorty\Desktop\Anti Virus\3x35l5v3.exe[4904] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493                                0000000075a22c9e 4 bytes CALL 71af0000
.text  C:\Users\Shorty\Desktop\Anti Virus\3x35l5v3.exe[4904] C:\Windows\syswow64\USER32.dll!SendMessageW                                            0000000075879679 6 bytes JMP 719f000a
.text  C:\Users\Shorty\Desktop\Anti Virus\3x35l5v3.exe[4904] C:\Windows\syswow64\USER32.dll!PostMessageW                                            00000000758812a5 6 bytes JMP 7199000a
.text  C:\Users\Shorty\Desktop\Anti Virus\3x35l5v3.exe[4904] C:\Windows\syswow64\USER32.dll!PostMessageA                                            0000000075883baa 6 bytes JMP 719c000a
.text  C:\Users\Shorty\Desktop\Anti Virus\3x35l5v3.exe[4904] C:\Windows\syswow64\USER32.dll!SendMessageA                                            000000007588612e 6 bytes JMP 71a2000a
.text  C:\Users\Shorty\Desktop\Anti Virus\3x35l5v3.exe[4904] C:\Windows\syswow64\USER32.dll!SendInput                                                000000007589ff4a 3 bytes JMP 71a5000a
.text  C:\Users\Shorty\Desktop\Anti Virus\3x35l5v3.exe[4904] C:\Windows\syswow64\USER32.dll!SendInput + 4                                            000000007589ff4e 2 bytes JMP 71a5000a
.text  C:\Users\Shorty\Desktop\Anti Virus\3x35l5v3.exe[4904] C:\Windows\syswow64\USER32.dll!mouse_event                                              00000000758d027b 6 bytes JMP 71ab000a
.text  C:\Users\Shorty\Desktop\Anti Virus\3x35l5v3.exe[4904] C:\Windows\syswow64\USER32.dll!keybd_event                                              00000000758d02bf 6 bytes JMP 71a8000a
.text  C:\Users\Shorty\Desktop\Anti Virus\3x35l5v3.exe[4904] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW                                        00000000759870c4 6 bytes JMP 7193000a
.text  C:\Users\Shorty\Desktop\Anti Virus\3x35l5v3.exe[4904] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA                                        00000000759a3264 6 bytes JMP 7196000a

---- EOF - GMER 2.1 ----
Malware AntiBytes Log
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 25.02.2015
Suchlauf-Zeit: 09:09:33
Logdatei: Malwarebytes Anti Malware.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2015.02.25.03
Rootkit Datenbank: v2015.02.22.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Shorty

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 355594
Verstrichene Zeit: 19 Min, 44 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 0
(Keine schädliche Elemente erkannt)

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)
AdwCleaner Log
Code:
# AdwCleaner v4.111 - Bericht erstellt 25/02/2015 um 09:39:13
# Aktualisiert 18/02/2015 von Xplode
# Datenbank : 2015-02-18.3 [Server]
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (x64)
# Benutzername : Shorty - HOME-PC
# Gestarted von : C:\Users\Shorty\Desktop\Anti Virus\AdwCleaner_4.111.exe
# Option : Suchlauf

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Datei Gefunden : C:\Users\Shorty\AppData\Roaming\Mozilla\Firefox\Profiles\z661wixb.default\Extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17631


-\\ Mozilla Firefox v37.0 (x86 de)

*************************

AdwCleaner[R7].txt - [806 Bytes] - [25/02/2015 09:39:13]

########## EOF - C:\AdwCleaner\AdwCleaner[R7].txt - [864 Bytes] ##########
Junkware Removal Tool Log
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Ultimate x64
Ran by Shorty on 25.02.2015 at 11:50:11,57
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 25.02.2015 at 12:00:43,55
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-02-2015
Ran by Shorty (administrator) on HOME-PC on 25-02-2015 13:06:11
Running from C:\Users\Shorty\Desktop\Anti Virus
Loaded Profiles: Shorty (Available profiles: Shorty)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Internet Security\a2service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Internet Security\a2guard.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [emsisoft anti-malware] => c:\program files (x86)\emsisoft internet security\a2guard.exe [4997872 2014-12-31] (Emsisoft GmbH)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-2283336931-498017777-3949958785-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2283336931-498017777-3949958785-1001\...\Policies\Explorer: [CDRAutoRun] 0
HKU\S-1-5-21-2283336931-498017777-3949958785-1001\...\MountPoints2: {6a841102-8abf-11e4-83eb-00241dd5bc54} - E:\IG2_Setup.exe
BootExecute: autocheck autochk /r \??\D:autocheck autochk *

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2283336931-498017777-3949958785-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Shorty\AppData\Roaming\Mozilla\Firefox\Profiles\z661wixb.default
FF Homepage: https://www.google.de/?gfe_rd=cr&ei=h0qJVKCUK4yh8weK44DoBA
FF NetworkProxy: "http", "94.23.59.45"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll No File
FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-2283336931-498017777-3949958785-1001: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-2283336931-498017777-3949958785-1001: @updates.epicbrowser.com/Epic Privacy Browser Update;version=3 -> C:\Users\Shorty\AppData\Local\Epic Privacy Browser\Update\1.3.27.13\npEpicUpdate3.dll No File
FF Plugin HKU\S-1-5-21-2283336931-498017777-3949958785-1001: @updates.epicbrowser.com/Epic Privacy Browser Update;version=9 -> C:\Users\Shorty\AppData\Local\Epic Privacy Browser\Update\1.3.27.13\npEpicUpdate3.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Extension: German Dictionary - C:\Users\Shorty\AppData\Roaming\Mozilla\Firefox\Profiles\z661wixb.default\Extensions\de-DE@dictionaries.addons.mozilla.org [2014-12-31]
FF Extension: YouTube Unblocker - C:\Users\Shorty\AppData\Roaming\Mozilla\Firefox\Profiles\z661wixb.default\Extensions\youtubeunblocker@unblocker.yt [2015-01-21]
FF Extension: Flashblock - C:\Users\Shorty\AppData\Roaming\Mozilla\Firefox\Profiles\z661wixb.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2014-12-29]
FF Extension: FT DeepDark - C:\Users\Shorty\AppData\Roaming\Mozilla\Firefox\Profiles\z661wixb.default\Extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66} [2015-01-21]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Shorty\AppData\Roaming\Mozilla\Firefox\Profiles\z661wixb.default\Extensions\adblockpopups@jessehakanen.net.xpi [2014-12-21]
FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\Shorty\AppData\Roaming\Mozilla\Firefox\Profiles\z661wixb.default\Extensions\elemhidehelper@adblockplus.org.xpi [2014-12-20]
FF Extension: UploadProgress - C:\Users\Shorty\AppData\Roaming\Mozilla\Firefox\Profiles\z661wixb.default\Extensions\fvicente@gmail.com.xpi [2015-02-07]
FF Extension: Telekom YouTube Turbo - C:\Users\Shorty\AppData\Roaming\Mozilla\Firefox\Profiles\z661wixb.default\Extensions\info@maltegoetz.de.xpi [2014-12-20]
FF Extension: YouTube ALL HTML5 - C:\Users\Shorty\AppData\Roaming\Mozilla\Firefox\Profiles\z661wixb.default\Extensions\jid1-qj0w91o64N7Eeg@jetpack.xpi [2014-12-20]
FF Extension: Menu Wizard - C:\Users\Shorty\AppData\Roaming\Mozilla\Firefox\Profiles\z661wixb.default\Extensions\s3menu@wizard.xpi [2014-12-20]
FF Extension: Secure Login - C:\Users\Shorty\AppData\Roaming\Mozilla\Firefox\Profiles\z661wixb.default\Extensions\secureLogin@blueimp.net.xpi [2014-12-20]
FF Extension: Status-4-Evar - C:\Users\Shorty\AppData\Roaming\Mozilla\Firefox\Profiles\z661wixb.default\Extensions\status4evar@caligonstudios.com.xpi [2014-12-20]
FF Extension: New Tab Homepage - C:\Users\Shorty\AppData\Roaming\Mozilla\Firefox\Profiles\z661wixb.default\Extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi [2015-01-19]
FF Extension: Disable Anti-Adblock - C:\Users\Shorty\AppData\Roaming\Mozilla\Firefox\Profiles\z661wixb.default\Extensions\{d49a148e-817e-4025-bee3-5d541376de3b}.xpi [2014-12-20]
FF Extension: User Agent Switcher - C:\Users\Shorty\AppData\Roaming\Mozilla\Firefox\Profiles\z661wixb.default\Extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi [2015-01-22]
FF Extension: Adblock Edge - C:\Users\Shorty\AppData\Roaming\Mozilla\Firefox\Profiles\z661wixb.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2014-12-20]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2015-01-08]
FF HKU\S-1-5-21-2283336931-498017777-3949958785-1001\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Internet Security\a2service.exe [4920104 2014-12-31] (Emsisoft GmbH)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT INTERNET SECURITY\a2accx64.sys [71472 2014-05-12] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files (x86)\Emsisoft Internet Security\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH)
R1 a2injectiondriver; C:\Program Files (x86)\Emsisoft Internet Security\a2dix64.sys [45208 2013-09-30] (Emsisoft GmbH)
R1 a2util; C:\Program Files (x86)\Emsisoft Internet Security\a2util64.sys [23088 2014-05-12] (Emsisoft GmbH)
R0 amdide64; C:\Windows\System32\DRIVERS\amdide64.sys [11944 2014-12-22] (Advanced Micro Devices Inc.)
R3 cleanhlp; C:\Program Files (x86)\Emsisoft Internet Security\cleanhlp64.sys [57024 2013-12-04] (Emsisoft GmbH)
R3 fwndis; C:\Windows\System32\DRIVERS\fwndis64.sys [491632 2015-01-01] ()
R1 fwwfp; C:\Program Files (x86)\Emsisoft Internet Security\fwwfp764.sys [414936 2015-01-01] ()
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2014-12-22] (REALiX(tm))
R1 UimBus; C:\Windows\System32\DRIVERS\UimBus.sys [102664 2014-05-19] ()
R1 Uim_DEVIM; C:\Windows\System32\DRIVERS\uim_devim.sys [25992 2014-05-19] ()
R1 Uim_IM; C:\Windows\System32\DRIVERS\uim_im.sys [700296 2014-05-19] ()
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S3 dtultrascsibus; system32\DRIVERS\dtultrascsibus.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-25 11:49 - 2015-02-25 11:49 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-02-25 09:43 - 2015-02-25 13:06 - 00000000 ____D () C:\FRST
2015-02-25 09:39 - 2015-02-25 13:05 - 00000000 ____D () C:\AdwCleaner
2015-02-25 09:19 - 2015-02-25 09:19 - 42714248 _____ () C:\Users\Shorty\Downloads\firefox-37.0a2.de.win64.installer.exe
2015-02-25 09:14 - 2015-02-25 09:14 - 40620016 _____ () C:\Users\Shorty\Downloads\Firefox Setup 37.0b1.exe
2015-02-24 23:27 - 2015-02-04 04:56 - 31515280 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-02-24 23:27 - 2015-02-04 04:56 - 24198856 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-02-24 23:27 - 2015-02-04 04:56 - 22993224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-02-24 23:27 - 2015-02-04 04:56 - 17559432 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-02-24 23:27 - 2015-02-04 04:56 - 15294280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-02-24 23:27 - 2015-02-04 04:56 - 13916280 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-02-24 23:27 - 2015-02-04 04:56 - 13828032 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-02-24 23:27 - 2015-02-04 04:56 - 12894024 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-02-24 23:27 - 2015-02-04 04:56 - 11272240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-02-24 23:27 - 2015-02-04 04:56 - 11209192 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-02-24 23:27 - 2015-02-04 04:56 - 04244680 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-02-24 23:27 - 2015-02-04 04:56 - 03987600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-02-24 23:27 - 2015-02-04 04:56 - 03209736 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-02-24 23:27 - 2015-02-04 04:56 - 01907400 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434144.dll
2015-02-24 23:27 - 2015-02-04 04:56 - 01555656 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434144.dll
2015-02-24 23:27 - 2015-02-04 04:56 - 00965360 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-02-24 23:27 - 2015-02-04 04:56 - 00944328 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-02-24 23:27 - 2015-02-04 04:56 - 00907464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-02-24 23:27 - 2015-02-04 04:56 - 00902344 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-02-24 23:27 - 2015-02-04 04:56 - 00870032 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-02-24 23:27 - 2015-02-04 04:56 - 00846880 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-02-24 23:27 - 2015-02-04 04:56 - 00499912 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-02-24 23:27 - 2015-02-04 04:56 - 00416584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-02-24 23:27 - 2015-02-04 04:56 - 00389320 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-02-24 23:27 - 2015-02-04 04:56 - 00355272 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-02-24 23:27 - 2015-02-04 04:56 - 00346952 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-02-24 23:27 - 2015-02-04 04:56 - 00307184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-02-24 23:27 - 2015-02-04 04:56 - 00167312 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-02-24 23:27 - 2015-02-04 04:56 - 00147576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-02-24 23:18 - 2015-02-24 23:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-02-24 16:34 - 2015-02-24 16:34 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-HOME-PC-Windows-7-Ultimate-(64-bit).dat
2015-02-24 16:34 - 2015-02-24 16:34 - 00000000 ____D () C:\RegBackup
2015-02-24 11:06 - 2015-02-24 11:06 - 00000000 _____ () C:\Users\Shorty\defogger_reenable
2015-02-24 04:24 - 2015-02-24 04:24 - 00002613 _____ () C:\Users\Shorty\AppData\Local\recently-used.xbel
2015-02-24 04:03 - 2015-02-24 04:24 - 00000000 ____D () C:\Users\Shorty\AppData\Local\gtk-2.0
2015-02-24 04:03 - 2015-02-24 04:03 - 00000000 ____D () C:\Users\Shorty\.thumbnails
2015-02-24 04:00 - 2015-02-24 04:00 - 00000000 ____D () C:\Users\Shorty\AppData\Local\gegl-0.2
2015-02-24 03:35 - 2015-02-24 03:35 - 00000000 ____D () C:\Users\Shorty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MW Graphics
2015-02-24 03:35 - 2009-03-10 23:25 - 00191488 ____N (MW Graphics) C:\Windows\SysWOW64\mwgfx.dll
2015-02-24 03:35 - 2008-10-20 13:44 - 00237056 ____N (MW Publishing) C:\Windows\SysWOW64\mwgfx24.dll
2015-02-24 03:35 - 2008-09-05 08:32 - 00104960 ____N (MW Graphics) C:\Windows\SysWOW64\mwdds.dll
2015-02-24 03:35 - 2007-08-19 09:37 - 00028672 ____N (MW Graphics) C:\Windows\SysWOW64\mwgfxcopy.exe
2015-02-24 03:35 - 2004-05-14 11:13 - 00056832 ____N (MW Graphics) C:\Windows\SysWOW64\mwace.dll
2015-02-23 21:44 - 2015-02-25 09:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-20 11:10 - 2015-02-20 11:13 - 00000010 _____ () C:\Users\Shorty\Documents\Dokument 2.txt
2015-02-20 09:53 - 2015-02-20 11:16 - 00000000 ____D () C:\Users\Shorty\AppData\Roaming\ALFBanCo6
2015-02-20 09:42 - 2015-02-20 09:42 - 00000000 ____D () C:\Users\Shorty\AppData\Local\ALF_AG
2015-02-20 09:39 - 2015-02-20 09:52 - 00000000 ____D () C:\ProgramData\AlfBanCo5
2015-02-20 09:39 - 2015-02-20 09:39 - 00000000 ____D () C:\Users\Shorty\Desktop\ALFBanCo5
2015-02-20 09:39 - 2015-02-20 09:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ALF-BanCo 5
2015-02-20 09:39 - 2015-02-20 09:39 - 00000000 ____D () C:\Program Files (x86)\ALFBanCo5
2015-02-20 09:39 - 2009-06-23 12:58 - 00462848 _____ (REINER SCT ) C:\Windows\SysWOW64\rsct_ot.ocx
2015-02-20 09:39 - 2004-06-14 14:04 - 00874248 _____ (Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com) C:\Windows\SysWOW64\SmartUI2.ocx
2015-02-20 09:39 - 2002-09-27 17:47 - 00442368 _____ (ComponentOne) C:\Windows\SysWOW64\vsflex7l.ocx
2015-02-20 09:39 - 2001-02-07 15:17 - 01066176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCTL.1
2015-02-20 09:39 - 2000-10-01 23:00 - 00125712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VB6DE.DLL
2015-02-20 09:39 - 2000-05-21 23:00 - 01066176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscomctl.ocx
2015-02-20 09:39 - 2000-05-21 23:00 - 01009336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCHRT20.ocx
2015-02-20 09:39 - 2000-05-21 23:00 - 00647872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscomct2.ocx
2015-02-20 09:39 - 2000-05-21 23:00 - 00140488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comdlg32.ocx
2015-02-20 09:39 - 1998-07-05 23:00 - 00064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCC2DE.DLL
2015-02-20 09:39 - 1998-07-05 23:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CmDlgDE.dll
2015-02-20 09:39 - 1998-07-05 19:00 - 00158208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCMCDE.DLL
2015-02-20 09:34 - 2015-02-20 09:54 - 00000000 ____D () C:\Users\Shorty\AppData\Roaming\ALFBanCo5
2015-02-20 09:02 - 2015-02-20 11:16 - 00000000 ____D () C:\ProgramData\AlfBanCo6
2015-02-20 07:44 - 2015-02-20 07:44 - 00000293 _____ () C:\Users\Shorty\Desktop\Digitally Imported - Chillout Dreams.pls
2015-02-19 08:41 - 2015-02-19 08:41 - 00000000 ____D () C:\Users\Shorty\AppData\Local\Steam
2015-02-18 18:15 - 2015-02-18 18:15 - 00000000 ____D () C:\Users\Shorty\AppData\Roaming\Macromedia
2015-02-18 18:15 - 2015-02-18 18:15 - 00000000 ____D () C:\Users\Shorty\AppData\Local\Macromedia
2015-02-17 23:16 - 2015-02-17 23:16 - 00001042 _____ () C:\Users\Public\Desktop\PDF-XChange Editor.lnk
2015-02-17 23:16 - 2015-02-17 23:16 - 00000000 ____D () C:\Users\Shorty\AppData\Roaming\Tracker Software
2015-02-17 23:16 - 2015-02-17 23:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF-XChange
2015-02-17 23:16 - 2015-02-17 23:16 - 00000000 ____D () C:\Program Files\Tracker Software
2015-02-17 23:14 - 2015-02-17 23:15 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-16 17:47 - 2015-02-16 17:48 - 00000000 ____D () C:\Users\Shorty\AppData\Local\PES_2013_BAL_Editor_v1.2
2015-02-16 01:35 - 2015-02-22 21:45 - 00001777 _____ () C:\Users\Public\Desktop\Play Euro Truck Simulator 2 Multiplayer.lnk
2015-02-15 14:45 - 2015-02-25 13:06 - 00000000 ____D () C:\Users\Shorty\Desktop\Anti Virus
2015-02-13 11:53 - 2015-02-13 11:53 - 00000000 ____D () C:\Users\Shorty\Desktop\Bushido - Carlo Cokxxx Nutten 3 (Limited Deluxe Edition)
2015-02-12 09:24 - 2015-01-23 05:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-12 09:24 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-12 09:24 - 2015-01-23 04:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-12 09:24 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-11 15:33 - 2015-02-22 21:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Euro Truck Simulator 2 Multiplayer
2015-02-11 15:33 - 2015-02-16 01:35 - 00000000 ____D () C:\Users\Shorty\Documents\ETS2MP
2015-02-11 15:33 - 2015-02-11 15:33 - 00000000 ____D () C:\Program Files (x86)\Euro Truck Simulator 2 Multiplayer
2015-02-11 10:33 - 2015-02-11 10:33 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2015-02-11 10:33 - 2015-02-11 10:33 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2015-02-11 10:18 - 2015-01-15 09:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 10:18 - 2015-01-15 09:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-11 10:18 - 2015-01-15 09:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 10:18 - 2015-01-15 09:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-11 10:18 - 2015-01-15 09:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-11 10:18 - 2015-01-15 09:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-11 10:18 - 2015-01-15 09:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-11 10:18 - 2015-01-15 09:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-11 10:18 - 2015-01-15 09:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 10:18 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-11 10:18 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-11 10:18 - 2015-01-15 08:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-11 10:18 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-11 10:18 - 2015-01-15 05:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 10:17 - 2015-01-15 09:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 10:17 - 2015-01-15 09:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-11 10:17 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-11 10:17 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-11 10:17 - 2015-01-14 06:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 10:17 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-11 10:17 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 10:17 - 2015-01-12 04:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 10:17 - 2015-01-12 04:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-11 10:17 - 2015-01-12 03:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-11 10:17 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 10:17 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 10:17 - 2015-01-12 03:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-11 10:17 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-11 10:17 - 2015-01-12 03:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 10:17 - 2015-01-12 03:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-11 10:17 - 2015-01-12 03:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 10:17 - 2015-01-12 03:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-11 10:17 - 2015-01-12 03:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-11 10:17 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-11 10:17 - 2015-01-12 03:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-11 10:17 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-11 10:17 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 10:17 - 2015-01-12 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-11 10:17 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-11 10:17 - 2015-01-12 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-11 10:17 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 10:17 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-11 10:17 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-11 10:17 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-11 10:17 - 2015-01-12 03:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 10:17 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-11 10:17 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-11 10:17 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-11 10:17 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-11 10:17 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-11 10:17 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 10:17 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 10:17 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 10:17 - 2015-01-12 02:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-11 10:17 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-11 10:17 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 10:17 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-11 10:17 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-11 10:17 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-11 10:17 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-11 10:17 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 10:17 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-11 10:17 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-11 10:17 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-11 10:17 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-11 10:17 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 10:17 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-11 10:17 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-11 10:17 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-11 10:17 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-11 10:17 - 2015-01-10 07:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-11 10:17 - 2015-01-10 07:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 10:17 - 2015-01-10 07:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-11 10:17 - 2015-01-10 07:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-11 10:17 - 2015-01-10 07:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-11 10:17 - 2015-01-10 07:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-11 10:17 - 2015-01-10 07:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-11 10:17 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-11 10:17 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-11 10:17 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-11 10:17 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-11 10:17 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-11 10:17 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-11 10:17 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-11 10:17 - 2014-12-12 06:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-11 10:17 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-11 10:17 - 2014-07-07 03:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-02-11 10:17 - 2014-07-07 03:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-02-11 10:17 - 2014-07-07 02:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-02-11 10:17 - 2014-07-07 02:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-02-11 10:16 - 2015-01-14 07:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 10:16 - 2015-01-14 07:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-11 10:16 - 2015-01-14 07:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-11 10:16 - 2015-01-14 07:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-11 10:16 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-11 10:16 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-11 10:16 - 2015-01-14 06:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-11 10:16 - 2015-01-13 04:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 10:16 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 10:16 - 2015-01-09 04:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-02-11 10:16 - 2015-01-09 04:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-02-11 10:16 - 2015-01-09 04:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-02-11 10:16 - 2015-01-09 03:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-02-11 10:16 - 2014-12-08 04:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 10:16 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 10:16 - 2014-11-26 04:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 10:16 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-11 10:03 - 2015-01-09 03:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-10 21:21 - 2015-02-04 03:21 - 00932040 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-02-10 21:19 - 2015-02-05 22:01 - 01895240 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434752.dll
2015-02-10 21:19 - 2015-02-05 22:01 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434752.dll
2015-02-10 21:19 - 2015-02-04 04:56 - 14497568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-02-10 21:19 - 2015-02-04 04:56 - 02823992 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-02-10 21:18 - 2015-02-10 21:18 - 00000000 ____D () C:\NVIDIA
2015-02-10 15:33 - 2015-02-10 15:33 - 00000222 _____ () C:\Users\Shorty\Desktop\Euro Truck Simulator 2.url
2015-02-10 10:14 - 2015-02-10 10:14 - 00027811 _____ () C:\Users\Shorty\Desktop\Briefvorlage_nach_DIN_5008.dotx
2015-01-31 16:41 - 2015-01-31 16:41 - 00000364 _____ () C:\Windows\DirectX.log
2015-01-31 16:41 - 2015-01-31 16:41 - 00000000 ____D () C:\Users\Shorty\Documents\My Games
2015-01-31 16:36 - 2015-01-31 16:36 - 00000222 _____ () C:\Users\Shorty\Desktop\Landwirtschafts Simulator 2013.url
2015-01-31 16:14 - 2015-01-31 16:14 - 00000000 ____D () C:\ProgramData\FlyVPN

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-25 13:06 - 2014-12-20 11:09 - 01974588 _____ () C:\Windows\WindowsUpdate.log
2015-02-25 13:02 - 2015-01-01 03:45 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Internet Security
2015-02-25 11:55 - 2009-07-14 05:45 - 00021280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-25 11:55 - 2009-07-14 05:45 - 00021280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-25 11:50 - 2014-12-21 22:22 - 00393770 _____ () C:\Windows\system32\perfh011.dat
2015-02-25 11:50 - 2014-12-21 22:22 - 00111148 _____ () C:\Windows\system32\perfc011.dat
2015-02-25 11:50 - 2014-12-21 22:04 - 00474682 _____ () C:\Windows\system32\perfh006.dat
2015-02-25 11:50 - 2014-12-21 22:04 - 00086370 _____ () C:\Windows\system32\perfc006.dat
2015-02-25 11:50 - 2014-12-21 21:25 - 00386380 _____ () C:\Windows\system32\prfh0404.dat
2015-02-25 11:50 - 2014-12-21 21:25 - 00111192 _____ () C:\Windows\system32\prfc0404.dat
2015-02-25 11:50 - 2014-12-21 21:10 - 00679128 _____ () C:\Windows\system32\prfh0416.dat
2015-02-25 11:50 - 2014-12-21 21:10 - 00134942 _____ () C:\Windows\system32\prfc0416.dat
2015-02-25 11:50 - 2014-12-21 20:55 - 00693408 _____ () C:\Windows\system32\prfh0816.dat
2015-02-25 11:50 - 2014-12-21 20:55 - 00139680 _____ () C:\Windows\system32\prfc0816.dat
2015-02-25 11:50 - 2014-12-21 20:42 - 00706172 _____ () C:\Windows\system32\perfh015.dat
2015-02-25 11:50 - 2014-12-21 20:42 - 00143026 _____ () C:\Windows\system32\perfc015.dat
2015-02-25 11:50 - 2014-12-21 20:29 - 00623474 _____ () C:\Windows\system32\perfh01F.dat
2015-02-25 11:50 - 2014-12-21 20:29 - 00127160 _____ () C:\Windows\system32\perfc01F.dat
2015-02-25 11:50 - 2014-12-21 20:06 - 00361828 _____ () C:\Windows\system32\prfh0804.dat
2015-02-25 11:50 - 2014-12-21 20:06 - 00108714 _____ () C:\Windows\system32\prfc0804.dat
2015-02-25 11:50 - 2014-12-21 19:21 - 00689166 _____ () C:\Windows\system32\perfh019.dat
2015-02-25 11:50 - 2014-12-21 19:21 - 00136882 _____ () C:\Windows\system32\perfc019.dat
2015-02-25 11:50 - 2014-12-21 19:09 - 00461784 _____ () C:\Windows\system32\perfh014.dat
2015-02-25 11:50 - 2014-12-21 19:09 - 00083050 _____ () C:\Windows\system32\perfc014.dat
2015-02-25 11:50 - 2014-12-21 18:56 - 00569414 _____ () C:\Windows\system32\perfh008.dat
2015-02-25 11:50 - 2014-12-21 18:56 - 00097958 _____ () C:\Windows\system32\perfc008.dat
2015-02-25 11:50 - 2014-12-21 18:44 - 00631692 _____ () C:\Windows\system32\perfh01D.dat
2015-02-25 11:50 - 2014-12-21 18:44 - 00129892 _____ () C:\Windows\system32\perfc01D.dat
2015-02-25 11:50 - 2014-12-21 18:33 - 00405726 _____ () C:\Windows\system32\perfh012.dat
2015-02-25 11:50 - 2014-12-21 18:33 - 00109432 _____ () C:\Windows\system32\perfc012.dat
2015-02-25 11:50 - 2014-12-21 18:21 - 00635988 _____ () C:\Windows\system32\perfh005.dat
2015-02-25 11:50 - 2014-12-21 18:21 - 00129338 _____ () C:\Windows\system32\perfc005.dat
2015-02-25 11:50 - 2014-12-21 17:52 - 00706446 _____ () C:\Windows\system32\perfh013.dat
2015-02-25 11:50 - 2014-12-21 17:52 - 00139702 _____ () C:\Windows\system32\perfc013.dat
2015-02-25 11:50 - 2014-12-21 17:33 - 00448744 _____ () C:\Windows\system32\perfh00B.dat
2015-02-25 11:50 - 2014-12-21 17:33 - 00088100 _____ () C:\Windows\system32\perfc00B.dat
2015-02-25 11:50 - 2014-12-21 17:24 - 00649200 _____ () C:\Windows\system32\perfh00E.dat
2015-02-25 11:50 - 2014-12-21 17:24 - 00157556 _____ () C:\Windows\system32\perfc00E.dat
2015-02-25 11:50 - 2014-12-21 17:07 - 00709354 _____ () C:\Windows\system32\perfh00A.dat
2015-02-25 11:50 - 2014-12-21 17:07 - 00145038 _____ () C:\Windows\system32\perfc00A.dat
2015-02-25 11:50 - 2014-12-21 16:57 - 00364110 _____ () C:\Windows\system32\perfh00D.dat
2015-02-25 11:50 - 2014-12-21 16:57 - 00073806 _____ () C:\Windows\system32\perfc00D.dat
2015-02-25 11:50 - 2014-12-21 16:35 - 00704830 _____ () C:\Windows\system32\perfh010.dat
2015-02-25 11:50 - 2014-12-21 16:35 - 00134444 _____ () C:\Windows\system32\perfc010.dat
2015-02-25 11:50 - 2014-12-21 16:26 - 00711250 _____ () C:\Windows\system32\perfh00C.dat
2015-02-25 11:50 - 2014-12-21 16:26 - 00447360 _____ () C:\Windows\system32\perfh001.dat
2015-02-25 11:50 - 2014-12-21 16:26 - 00136800 _____ () C:\Windows\system32\perfc00C.dat
2015-02-25 11:50 - 2014-12-21 16:26 - 00083820 _____ () C:\Windows\system32\perfc001.dat
2015-02-25 11:50 - 2011-04-12 08:43 - 00660662 _____ () C:\Windows\system32\perfh007.dat
2015-02-25 11:50 - 2011-04-12 08:43 - 00135494 _____ () C:\Windows\system32\perfc007.dat
2015-02-25 11:50 - 2009-07-14 06:13 - 16757306 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-25 11:46 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-25 11:45 - 2015-01-22 23:47 - 00007290 _____ () C:\Windows\PFRO.log
2015-02-25 11:45 - 2015-01-22 23:47 - 00002206 _____ () C:\Windows\setupact.log
2015-02-25 11:45 - 2014-12-20 11:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-25 11:27 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-25 11:21 - 2014-12-21 14:16 - 00000000 ____D () C:\Users\Shorty\AppData\Roaming\vlc
2015-02-25 11:09 - 2014-12-22 00:09 - 00000000 ____D () C:\Users\Shorty\AppData\Roaming\TS3Client
2015-02-25 10:12 - 2015-01-13 17:51 - 00000000 ____D () C:\Users\Shorty\AppData\Local\Overwolf
2015-02-25 09:14 - 2015-01-21 00:19 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-02-25 09:09 - 2015-01-19 12:54 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-25 02:28 - 2014-12-20 11:36 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-02-25 02:16 - 2014-12-21 02:05 - 00000000 ____D () C:\Users\Shorty\Documents\Euro Truck Simulator 2
2015-02-24 23:47 - 2014-12-29 13:28 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-24 20:39 - 2014-12-20 11:42 - 00067088 _____ () C:\Users\Shorty\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-24 17:58 - 2009-07-14 05:45 - 00308144 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-24 17:56 - 2011-04-12 08:54 - 00000000 ____D () C:\Windows\CSC
2015-02-24 17:50 - 2009-07-14 03:34 - 00000474 _____ () C:\Windows\win.ini
2015-02-24 11:06 - 2014-12-20 11:16 - 00000000 ____D () C:\Users\Shorty
2015-02-24 10:55 - 2014-12-20 11:29 - 00000000 ____D () C:\Users\Shorty\AppData\Local\JDownloader v2.0
2015-02-20 09:40 - 2014-12-20 11:17 - 00000000 ____D () C:\Users\Shorty\AppData\Local\VirtualStore
2015-02-20 09:36 - 2014-12-31 00:29 - 00000000 ____D () C:\Users\Shorty\AppData\Roaming\dvdcss
2015-02-20 07:30 - 2015-01-16 10:32 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-20 07:30 - 2015-01-16 10:32 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-20 07:30 - 2014-12-20 14:12 - 00000000 ____D () C:\Users\Shorty\AppData\Local\Adobe
2015-02-19 20:45 - 2014-12-29 15:09 - 00000000 ____D () C:\Users\Shorty\AppData\Local\Microsoft Help
2015-02-17 09:03 - 2014-12-29 17:26 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-15 12:36 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-02-11 11:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing
2015-02-11 11:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\zh-HK
2015-02-11 11:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\uk-UA
2015-02-11 11:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\tr-TR
2015-02-11 11:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\th-TH
2015-02-11 11:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\sr-Latn-CS
2015-02-11 11:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\sl-SI
2015-02-11 11:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\sk-SK
2015-02-11 11:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\ro-RO
2015-02-11 11:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\lv-LV
2015-02-11 11:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\lt-LT
2015-02-11 11:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\hr-HR
2015-02-11 11:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\he-IL
2015-02-11 11:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\et-EE
2015-02-11 11:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\bg-BG
2015-02-11 11:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\ar-SA
2015-02-11 11:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\zh-HK
2015-02-11 11:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\uk-UA
2015-02-11 11:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\tr-TR
2015-02-11 11:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\th-TH
2015-02-11 11:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\sr-Latn-CS
2015-02-11 11:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\sl-SI
2015-02-11 11:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\sk-SK
2015-02-11 11:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\ro-RO
2015-02-11 11:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\lv-LV
2015-02-11 11:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\lt-LT
2015-02-11 11:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\hr-HR
2015-02-11 11:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\he-IL
2015-02-11 11:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\et-EE
2015-02-11 11:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\bg-BG
2015-02-11 11:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\ar-SA
2015-02-11 11:12 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-02-11 10:36 - 2014-12-30 05:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-02-11 10:29 - 2015-01-13 22:57 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-11 10:25 - 2014-12-20 18:03 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-09 14:14 - 2015-01-17 01:46 - 00000000 ____D () C:\Program Files (x86)\Pro Evolution Soccer 2015
2015-02-09 13:51 - 2015-01-23 00:15 - 00001672 _____ () C:\Users\Shorty\Desktop\PESGalaxySwitch - Verknüpfung.lnk
2015-02-09 13:50 - 2015-01-23 00:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pesgalaxy.com Patch 2015
2015-02-04 04:56 - 2015-01-22 16:15 - 16128576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-02-04 04:56 - 2014-12-20 11:23 - 00072904 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-02-04 04:56 - 2014-12-20 11:23 - 00059592 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-02-04 04:56 - 2014-12-20 11:22 - 18634072 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-02-04 04:56 - 2014-12-20 11:22 - 00026155 _____ () C:\Windows\system32\nvinfo.pb
2015-02-04 03:21 - 2014-12-20 11:23 - 06782152 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-02-04 03:21 - 2014-12-20 11:23 - 03522376 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-02-04 03:21 - 2014-12-20 11:23 - 02558792 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-02-04 03:21 - 2014-12-20 11:23 - 00384200 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-02-04 03:21 - 2014-12-20 11:23 - 00062792 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-02-03 17:18 - 2014-12-20 11:23 - 04229086 _____ () C:\Windows\system32\nvcoproc.bin
2015-02-02 08:41 - 2015-01-09 17:32 - 00000000 ____D () C:\Users\Shorty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-01-31 16:36 - 2014-12-20 20:46 - 00000000 ____D () C:\Users\Shorty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-01-29 17:08 - 2014-12-23 05:33 - 00007669 _____ () C:\Users\Shorty\AppData\Local\resmon.resmoncfg
2015-01-29 12:48 - 2015-01-13 17:52 - 00000000 ____D () C:\Program Files (x86)\Overwolf
2015-01-29 11:51 - 2011-04-12 08:54 - 00000000 __SHD () C:\Windows\BitLockerDiscoveryVolumeContents
2015-01-29 11:14 - 2015-01-08 15:23 - 00000000 ____D () C:\Users\Shorty\AppData\Roaming\HP

==================== Files in the root of some directories =======

2015-02-24 04:24 - 2015-02-24 04:24 - 0002613 _____ () C:\Users\Shorty\AppData\Local\recently-used.xbel
2014-12-23 05:33 - 2015-01-29 17:08 - 0007669 _____ () C:\Users\Shorty\AppData\Local\resmon.resmoncfg

Some content of TEMP:
====================
C:\Users\Shorty\AppData\Local\Temp\proxy_vole5080829650816756054.dll
C:\Users\Shorty\AppData\Local\Temp\sdan.exe
C:\Users\Shorty\AppData\Local\Temp\sdapk.exe
C:\Users\Shorty\AppData\Local\Temp\sdaspwn.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-23 12:14

==================== End Of Log ============================
--- --- ---

--- --- ---


ESET Log
Code:
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=b226986a047f3d479270c4ea058f1f71
# engine=22641
# end=stopped
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-02-25 12:03:58
# local_time=2015-02-25 01:03:58 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 5668996 176495688 0 0
# compatibility_mode_1='Emsisoft Internet Security'
# compatibility_mode=16643 16777213 100 100 635 226108126 0 0
# scanned=459
# found=0
# cleaned=0
# scan_time=41
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=b226986a047f3d479270c4ea058f1f71
# engine=22641
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-02-25 02:56:20
# local_time=2015-02-25 03:56:20 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 5679338 176506030 0 0
# compatibility_mode_1='Emsisoft Internet Security'
# compatibility_mode=16643 16777213 100 100 10433 226118468 0 0
# scanned=600893
# found=0
# cleaned=0
# scan_time=9683
Security Check Log
Code:
Results of screen317's Security Check version 0.99.96 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
Emsisoft Internet Security 
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 Java 8 Update 31 
 Java version 32-bit out of Date!
  Java 64-bit 8 Update 31 
 Adobe Flash Player 16.0.0.305 
 Mozilla Firefox (37.0)
 Mozilla Thunderbird (31.5.0)
````````Process Check: objlist.exe by Laurent```````` 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````

Madyou 25.02.2015 18:04
Die Letzte FRST Log

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-02-2015 01
Ran by Shorty (administrator) on HOME-PC on 25-02-2015 16:55:46
Running from C:\Users\Shorty\Desktop\Anti Virus
Loaded Profiles: Shorty (Available profiles: Shorty)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Internet Security\a2service.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Internet Security\a2guard.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(VideoLAN) C:\Program Files\VideoLAN\VLC\vlc.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [emsisoft anti-malware] => c:\program files (x86)\emsisoft internet security\a2guard.exe [4997872 2014-12-31] (Emsisoft GmbH)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-2283336931-498017777-3949958785-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2283336931-498017777-3949958785-1001\...\Policies\Explorer: [CDRAutoRun] 0
HKU\S-1-5-21-2283336931-498017777-3949958785-1001\...\MountPoints2: {6a841102-8abf-11e4-83eb-00241dd5bc54} - E:\IG2_Setup.exe
BootExecute: autocheck autochk /r \??\D:autocheck autochk *

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2283336931-498017777-3949958785-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Shorty\AppData\Roaming\Mozilla\Firefox\Profiles\z661wixb.default
FF Homepage: https://www.google.de/?gfe_rd=cr&ei=h0qJVKCUK4yh8weK44DoBA
FF NetworkProxy: "http", "94.23.59.45"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll No File
FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-2283336931-498017777-3949958785-1001: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-2283336931-498017777-3949958785-1001: @updates.epicbrowser.com/Epic Privacy Browser Update;version=3 -> C:\Users\Shorty\AppData\Local\Epic Privacy Browser\Update\1.3.27.13\npEpicUpdate3.dll No File
FF Plugin HKU\S-1-5-21-2283336931-498017777-3949958785-1001: @updates.epicbrowser.com/Epic Privacy Browser Update;version=9 -> C:\Users\Shorty\AppData\Local\Epic Privacy Browser\Update\1.3.27.13\npEpicUpdate3.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Extension: German Dictionary - C:\Users\Shorty\AppData\Roaming\Mozilla\Firefox\Profiles\z661wixb.default\Extensions\de-DE@dictionaries.addons.mozilla.org [2014-12-31]
FF Extension: YouTube Unblocker - C:\Users\Shorty\AppData\Roaming\Mozilla\Firefox\Profiles\z661wixb.default\Extensions\youtubeunblocker@unblocker.yt [2015-01-21]
FF Extension: Flashblock - C:\Users\Shorty\AppData\Roaming\Mozilla\Firefox\Profiles\z661wixb.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2014-12-29]
FF Extension: FT DeepDark - C:\Users\Shorty\AppData\Roaming\Mozilla\Firefox\Profiles\z661wixb.default\Extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66} [2015-01-21]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Shorty\AppData\Roaming\Mozilla\Firefox\Profiles\z661wixb.default\Extensions\adblockpopups@jessehakanen.net.xpi [2014-12-21]
FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\Shorty\AppData\Roaming\Mozilla\Firefox\Profiles\z661wixb.default\Extensions\elemhidehelper@adblockplus.org.xpi [2014-12-20]
FF Extension: UploadProgress - C:\Users\Shorty\AppData\Roaming\Mozilla\Firefox\Profiles\z661wixb.default\Extensions\fvicente@gmail.com.xpi [2015-02-07]
FF Extension: Telekom YouTube Turbo - C:\Users\Shorty\AppData\Roaming\Mozilla\Firefox\Profiles\z661wixb.default\Extensions\info@maltegoetz.de.xpi [2014-12-20]
FF Extension: YouTube ALL HTML5 - C:\Users\Shorty\AppData\Roaming\Mozilla\Firefox\Profiles\z661wixb.default\Extensions\jid1-qj0w91o64N7Eeg@jetpack.xpi [2014-12-20]
FF Extension: Menu Wizard - C:\Users\Shorty\AppData\Roaming\Mozilla\Firefox\Profiles\z661wixb.default\Extensions\s3menu@wizard.xpi [2014-12-20]
FF Extension: Secure Login - C:\Users\Shorty\AppData\Roaming\Mozilla\Firefox\Profiles\z661wixb.default\Extensions\secureLogin@blueimp.net.xpi [2014-12-20]
FF Extension: Status-4-Evar - C:\Users\Shorty\AppData\Roaming\Mozilla\Firefox\Profiles\z661wixb.default\Extensions\status4evar@caligonstudios.com.xpi [2014-12-20]
FF Extension: New Tab Homepage - C:\Users\Shorty\AppData\Roaming\Mozilla\Firefox\Profiles\z661wixb.default\Extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi [2015-01-19]
FF Extension: Disable Anti-Adblock - C:\Users\Shorty\AppData\Roaming\Mozilla\Firefox\Profiles\z661wixb.default\Extensions\{d49a148e-817e-4025-bee3-5d541376de3b}.xpi [2014-12-20]
FF Extension: User Agent Switcher - C:\Users\Shorty\AppData\Roaming\Mozilla\Firefox\Profiles\z661wixb.default\Extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi [2015-01-22]
FF Extension: Adblock Edge - C:\Users\Shorty\AppData\Roaming\Mozilla\Firefox\Profiles\z661wixb.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2014-12-20]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2015-01-08]
FF HKU\S-1-5-21-2283336931-498017777-3949958785-1001\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Internet Security\a2service.exe [4920104 2014-12-31] (Emsisoft GmbH)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT INTERNET SECURITY\a2accx64.sys [71472 2014-05-12] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files (x86)\Emsisoft Internet Security\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH)
R1 a2injectiondriver; C:\Program Files (x86)\Emsisoft Internet Security\a2dix64.sys [45208 2013-09-30] (Emsisoft GmbH)
R1 a2util; C:\Program Files (x86)\Emsisoft Internet Security\a2util64.sys [23088 2014-05-12] (Emsisoft GmbH)
R0 amdide64; C:\Windows\System32\DRIVERS\amdide64.sys [11944 2014-12-22] (Advanced Micro Devices Inc.)
R3 cleanhlp; C:\Program Files (x86)\Emsisoft Internet Security\cleanhlp64.sys [57024 2013-12-04] (Emsisoft GmbH)
R3 fwndis; C:\Windows\System32\DRIVERS\fwndis64.sys [491632 2015-01-01] ()
R1 fwwfp; C:\Program Files (x86)\Emsisoft Internet Security\fwwfp764.sys [414936 2015-01-01] ()
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2014-12-22] (REALiX(tm))
R1 UimBus; C:\Windows\System32\DRIVERS\UimBus.sys [102664 2014-05-19] ()
R1 Uim_DEVIM; C:\Windows\System32\DRIVERS\uim_devim.sys [25992 2014-05-19] ()
R1 Uim_IM; C:\Windows\System32\DRIVERS\uim_im.sys [700296 2014-05-19] ()
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S3 dtultrascsibus; system32\DRIVERS\dtultrascsibus.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-25 16:51 - 2015-02-25 16:52 - 00000000 ____D () C:\Program Files (x86)\MP3Gain
2015-02-25 16:51 - 2015-02-25 16:51 - 00000000 ____D () C:\Users\Shorty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MP3Gain
2015-02-25 16:51 - 2015-02-25 16:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP3Gain
2015-02-25 16:50 - 2015-02-25 16:50 - 01980509 _____ () C:\Users\Shorty\Downloads\mp3gain-win-full-1_3_4.exe
2015-02-25 16:31 - 2015-01-09 00:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-25 16:31 - 2015-01-09 00:43 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-02-25 16:26 - 2015-02-25 16:26 - 00852594 _____ () C:\Users\Shorty\Downloads\SecurityCheck.exe
2015-02-25 11:49 - 2015-02-25 11:49 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-02-25 09:43 - 2015-02-25 16:55 - 00000000 ____D () C:\FRST
2015-02-25 09:39 - 2015-02-25 13:05 - 00000000 ____D () C:\AdwCleaner
2015-02-25 09:19 - 2015-02-25 09:19 - 42714248 _____ () C:\Users\Shorty\Downloads\firefox-37.0a2.de.win64.installer.exe
2015-02-25 09:14 - 2015-02-25 09:14 - 40620016 _____ () C:\Users\Shorty\Downloads\Firefox Setup 37.0b1.exe
2015-02-24 23:27 - 2015-02-04 04:56 - 31515280 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-02-24 23:27 - 2015-02-04 04:56 - 24198856 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-02-24 23:27 - 2015-02-04 04:56 - 22993224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-02-24 23:27 - 2015-02-04 04:56 - 17559432 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-02-24 23:27 - 2015-02-04 04:56 - 15294280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-02-24 23:27 - 2015-02-04 04:56 - 13916280 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-02-24 23:27 - 2015-02-04 04:56 - 13828032 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-02-24 23:27 - 2015-02-04 04:56 - 12894024 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-02-24 23:27 - 2015-02-04 04:56 - 11272240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-02-24 23:27 - 2015-02-04 04:56 - 11209192 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-02-24 23:27 - 2015-02-04 04:56 - 04244680 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-02-24 23:27 - 2015-02-04 04:56 - 03987600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-02-24 23:27 - 2015-02-04 04:56 - 03209736 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-02-24 23:27 - 2015-02-04 04:56 - 01907400 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434144.dll
2015-02-24 23:27 - 2015-02-04 04:56 - 01555656 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434144.dll
2015-02-24 23:27 - 2015-02-04 04:56 - 00965360 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-02-24 23:27 - 2015-02-04 04:56 - 00944328 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-02-24 23:27 - 2015-02-04 04:56 - 00907464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-02-24 23:27 - 2015-02-04 04:56 - 00902344 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-02-24 23:27 - 2015-02-04 04:56 - 00870032 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-02-24 23:27 - 2015-02-04 04:56 - 00846880 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-02-24 23:27 - 2015-02-04 04:56 - 00499912 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-02-24 23:27 - 2015-02-04 04:56 - 00416584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-02-24 23:27 - 2015-02-04 04:56 - 00389320 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-02-24 23:27 - 2015-02-04 04:56 - 00355272 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-02-24 23:27 - 2015-02-04 04:56 - 00346952 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-02-24 23:27 - 2015-02-04 04:56 - 00307184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-02-24 23:27 - 2015-02-04 04:56 - 00167312 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-02-24 23:27 - 2015-02-04 04:56 - 00147576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-02-24 23:18 - 2015-02-24 23:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-02-24 16:34 - 2015-02-24 16:34 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-HOME-PC-Windows-7-Ultimate-(64-bit).dat
2015-02-24 16:34 - 2015-02-24 16:34 - 00000000 ____D () C:\RegBackup
2015-02-24 11:06 - 2015-02-24 11:06 - 00000000 _____ () C:\Users\Shorty\defogger_reenable
2015-02-24 04:24 - 2015-02-24 04:24 - 00002613 _____ () C:\Users\Shorty\AppData\Local\recently-used.xbel
2015-02-24 04:03 - 2015-02-24 04:24 - 00000000 ____D () C:\Users\Shorty\AppData\Local\gtk-2.0
2015-02-24 04:03 - 2015-02-24 04:03 - 00000000 ____D () C:\Users\Shorty\.thumbnails
2015-02-24 04:00 - 2015-02-24 04:00 - 00000000 ____D () C:\Users\Shorty\AppData\Local\gegl-0.2
2015-02-24 03:35 - 2015-02-24 03:35 - 00000000 ____D () C:\Users\Shorty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MW Graphics
2015-02-24 03:35 - 2009-03-10 23:25 - 00191488 ____N (MW Graphics) C:\Windows\SysWOW64\mwgfx.dll
2015-02-24 03:35 - 2008-10-20 13:44 - 00237056 ____N (MW Publishing) C:\Windows\SysWOW64\mwgfx24.dll
2015-02-24 03:35 - 2008-09-05 08:32 - 00104960 ____N (MW Graphics) C:\Windows\SysWOW64\mwdds.dll
2015-02-24 03:35 - 2007-08-19 09:37 - 00028672 ____N (MW Graphics) C:\Windows\SysWOW64\mwgfxcopy.exe
2015-02-24 03:35 - 2004-05-14 11:13 - 00056832 ____N (MW Graphics) C:\Windows\SysWOW64\mwace.dll
2015-02-23 21:44 - 2015-02-25 09:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-20 11:10 - 2015-02-20 11:13 - 00000010 _____ () C:\Users\Shorty\Documents\Dokument 2.txt
2015-02-20 09:53 - 2015-02-20 11:16 - 00000000 ____D () C:\Users\Shorty\AppData\Roaming\ALFBanCo6
2015-02-20 09:42 - 2015-02-20 09:42 - 00000000 ____D () C:\Users\Shorty\AppData\Local\ALF_AG
2015-02-20 09:39 - 2015-02-20 09:52 - 00000000 ____D () C:\ProgramData\AlfBanCo5
2015-02-20 09:39 - 2015-02-20 09:39 - 00000000 ____D () C:\Users\Shorty\Desktop\ALFBanCo5
2015-02-20 09:39 - 2015-02-20 09:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ALF-BanCo 5
2015-02-20 09:39 - 2015-02-20 09:39 - 00000000 ____D () C:\Program Files (x86)\ALFBanCo5
2015-02-20 09:39 - 2009-06-23 12:58 - 00462848 _____ (REINER SCT ) C:\Windows\SysWOW64\rsct_ot.ocx
2015-02-20 09:39 - 2004-06-14 14:04 - 00874248 _____ (Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com) C:\Windows\SysWOW64\SmartUI2.ocx
2015-02-20 09:39 - 2002-09-27 17:47 - 00442368 _____ (ComponentOne) C:\Windows\SysWOW64\vsflex7l.ocx
2015-02-20 09:39 - 2001-02-07 15:17 - 01066176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCTL.1
2015-02-20 09:39 - 2000-10-01 23:00 - 00125712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VB6DE.DLL
2015-02-20 09:39 - 2000-05-21 23:00 - 01066176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscomctl.ocx
2015-02-20 09:39 - 2000-05-21 23:00 - 01009336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCHRT20.ocx
2015-02-20 09:39 - 2000-05-21 23:00 - 00647872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscomct2.ocx
2015-02-20 09:39 - 2000-05-21 23:00 - 00140488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comdlg32.ocx
2015-02-20 09:39 - 1998-07-05 23:00 - 00064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCC2DE.DLL
2015-02-20 09:39 - 1998-07-05 23:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CmDlgDE.dll
2015-02-20 09:39 - 1998-07-05 19:00 - 00158208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCMCDE.DLL
2015-02-20 09:34 - 2015-02-20 09:54 - 00000000 ____D () C:\Users\Shorty\AppData\Roaming\ALFBanCo5
2015-02-20 09:02 - 2015-02-20 11:16 - 00000000 ____D () C:\ProgramData\AlfBanCo6
2015-02-20 07:44 - 2015-02-20 07:44 - 00000293 _____ () C:\Users\Shorty\Desktop\Digitally Imported - Chillout Dreams.pls
2015-02-19 08:41 - 2015-02-19 08:41 - 00000000 ____D () C:\Users\Shorty\AppData\Local\Steam
2015-02-18 18:15 - 2015-02-18 18:15 - 00000000 ____D () C:\Users\Shorty\AppData\Roaming\Macromedia
2015-02-18 18:15 - 2015-02-18 18:15 - 00000000 ____D () C:\Users\Shorty\AppData\Local\Macromedia
2015-02-17 23:16 - 2015-02-17 23:16 - 00001042 _____ () C:\Users\Public\Desktop\PDF-XChange Editor.lnk
2015-02-17 23:16 - 2015-02-17 23:16 - 00000000 ____D () C:\Users\Shorty\AppData\Roaming\Tracker Software
2015-02-17 23:16 - 2015-02-17 23:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF-XChange
2015-02-17 23:16 - 2015-02-17 23:16 - 00000000 ____D () C:\Program Files\Tracker Software
2015-02-17 23:14 - 2015-02-17 23:15 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-16 17:47 - 2015-02-16 17:48 - 00000000 ____D () C:\Users\Shorty\AppData\Local\PES_2013_BAL_Editor_v1.2
2015-02-16 01:35 - 2015-02-22 21:45 - 00001777 _____ () C:\Users\Public\Desktop\Play Euro Truck Simulator 2 Multiplayer.lnk
2015-02-15 14:45 - 2015-02-25 16:55 - 00000000 ____D () C:\Users\Shorty\Desktop\Anti Virus
2015-02-12 09:24 - 2015-01-23 0:42 -  00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-12 09:24 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-12 09:24 - 2015-01-23 04:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-12 09:24 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-11 15:33 - 2015-02-22 21:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Euro Truck Simulator 2 Multiplayer
2015-02-11 15:33 - 2015-02-16 01:35 - 00000000 ____D () C:\Users\Shorty\Documents\ETS2MP
2015-02-11 15:33 - 2015-02-11 15:33 - 00000000 ____D () C:\Program Files (x86)\Euro Truck Simulator 2 Multiplayer
2015-02-11 10:33 - 2015-02-11 10:33 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2015-02-11 10:33 - 2015-02-11 10:33 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2015-02-11 10:18 - 2015-01-15 09:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 10:18 - 2015-01-15 09:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-11 10:18 - 2015-01-15 09:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 10:18 - 2015-01-15 09:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-11 10:18 - 2015-01-15 09:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-11 10:18 - 2015-01-15 09:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-11 10:18 - 2015-01-15 09:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-11 10:18 - 2015-01-15 09:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-11 10:18 - 2015-01-15 09:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 10:18 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-11 10:18 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-11 10:18 - 2015-01-15 08:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-11 10:18 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-11 10:18 - 2015-01-15 05:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 10:17 - 2015-01-15 09:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 10:17 - 2015-01-15 09:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-11 10:17 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-11 10:17 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-11 10:17 - 2015-01-14 06:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 10:17 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-11 10:17 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 10:17 - 2015-01-12 04:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 10:17 - 2015-01-12 04:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-11 10:17 - 2015-01-12 03:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-11 10:17 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 10:17 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 10:17 - 2015-01-12 03:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-11 10:17 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-11 10:17 - 2015-01-12 03:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 10:17 - 2015-01-12 03:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-11 10:17 - 2015-01-12 03:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 10:17 - 2015-01-12 03:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-11 10:17 - 2015-01-12 03:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-11 10:17 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-11 10:17 - 2015-01-12 03:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-11 10:17 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-11 10:17 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 10:17 - 2015-01-12 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-11 10:17 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-11 10:17 - 2015-01-12 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-11 10:17 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 10:17 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-11 10:17 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-11 10:17 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-11 10:17 - 2015-01-12 03:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 10:17 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-11 10:17 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-11 10:17 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-11 10:17 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-11 10:17 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-11 10:17 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 10:17 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 10:17 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 10:17 - 2015-01-12 02:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-11 10:17 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-11 10:17 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 10:17 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-11 10:17 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-11 10:17 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-11 10:17 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-11 10:17 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 10:17 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-11 10:17 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-11 10:17 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-11 10:17 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-11 10:17 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 10:17 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-11 10:17 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-11 10:17 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-11 10:17 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-11 10:17 - 2015-01-10 07:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-11 10:17 - 2015-01-10 07:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 10:17 - 2015-01-10 07:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-11 10:17 - 2015-01-10 07:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-11 10:17 - 2015-01-10 07:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-11 10:17 - 2015-01-10 07:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-11 10:17 - 2015-01-10 07:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-11 10:17 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-11 10:17 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-11 10:17 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-11 10:17 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-11 10:17 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-11 10:17 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-11 10:17 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-11 10:17 - 2014-12-12 06:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-11 10:17 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-11 10:17 - 2014-07-07 03:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-02-11 10:17 - 2014-07-07 03:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-02-11 10:17 - 2014-07-07 02:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-02-11 10:17 - 2014-07-07 02:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-02-11 10:16 - 2015-01-14 07:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 10:16 - 2015-01-14 07:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-11 10:16 - 2015-01-14 07:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-11 10:16 - 2015-01-14 07:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-11 10:16 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-11 10:16 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-11 10:16 - 2015-01-14 06:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-11 10:16 - 2015-01-13 04:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 10:16 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 10:16 - 2015-01-09 04:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-02-11 10:16 - 2015-01-09 04:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-02-11 10:16 - 2015-01-09 04:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-02-11 10:16 - 2015-01-09 03:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-02-11 10:16 - 2014-12-08 04:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 10:16 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 10:16 - 2014-11-26 04:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 10:16 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-11 10:03 - 2015-01-09 03:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-10 21:21 - 2015-02-04 03:21 - 00932040 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-02-10 21:19 - 2015-02-05 22:01 - 01895240 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434752.dll
2015-02-10 21:19 - 2015-02-05 22:01 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434752.dll
2015-02-10 21:19 - 2015-02-04 04:56 - 14497568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-02-10 21:19 - 2015-02-04 04:56 - 02823992 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-02-10 21:18 - 2015-02-10 21:18 - 00000000 ____D () C:\NVIDIA
2015-02-10 15:33 - 2015-02-10 15:33 - 00000222 _____ () C:\Users\Shorty\Desktop\Euro Truck Simulator 2.url
2015-02-10 10:14 - 2015-02-10 10:14 - 00027811 _____ () C:\Users\Shorty\Desktop\Briefvorlage_nach_DIN_5008.dotx
2015-01-31 16:41 - 2015-01-31 16:41 - 00000364 _____ () C:\Windows\DirectX.log
2015-01-31 16:41 - 2015-01-31 16:41 - 00000000 ____D () C:\Users\Shorty\Documents\My Games
2015-01-31 16:36 - 2015-01-31 16:36 - 00000222 _____ () C:\Users\Shorty\Desktop\Landwirtschafts Simulator 2013.url
2015-01-31 16:14 - 2015-01-31 16:14 - 00000000 ____D () C:\ProgramData\FlyVPN

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-25 16:56 - 2015-01-01 03:45 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Internet Security
2015-02-25 16:53 - 2014-12-21 14:16 - 00000000 ____D () C:\Users\Shorty\AppData\Roaming\vlc
2015-02-25 16:42 - 2014-12-20 11:09 - 01146911 _____ () C:\Windows\WindowsUpdate.log
2015-02-25 16:42 - 2009-07-14 05:45 - 00021280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-25 16:42 - 2009-07-14 05:45 - 00021280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-25 16:41 - 2014-12-21 22:22 - 00393770 _____ () C:\Windows\system32\perfh011.dat
2015-02-25 16:41 - 2014-12-21 22:22 - 00111148 _____ () C:\Windows\system32\perfc011.dat
2015-02-25 16:41 - 2014-12-21 22:04 - 00474682 _____ () C:\Windows\system32\perfh006.dat
2015-02-25 16:41 - 2014-12-21 22:04 - 00086370 _____ () C:\Windows\system32\perfc006.dat
2015-02-25 16:41 - 2014-12-21 21:25 - 00386380 _____ () C:\Windows\system32\prfh0404.dat
2015-02-25 16:41 - 2014-12-21 21:25 - 00111192 _____ () C:\Windows\system32\prfc0404.dat
2015-02-25 16:41 - 2014-12-21 21:10 - 00679128 _____ () C:\Windows\system32\prfh0416.dat
2015-02-25 16:41 - 2014-12-21 21:10 - 00134942 _____ () C:\Windows\system32\prfc0416.dat
2015-02-25 16:41 - 2014-12-21 20:55 - 00693408 _____ () C:\Windows\system32\prfh0816.dat
2015-02-25 16:41 - 2014-12-21 20:55 - 00139680 _____ () C:\Windows\system32\prfc0816.dat
2015-02-25 16:41 - 2014-12-21 20:42 - 00706172 _____ () C:\Windows\system32\perfh015.dat
2015-02-25 16:41 - 2014-12-21 20:42 - 00143026 _____ () C:\Windows\system32\perfc015.dat
2015-02-25 16:41 - 2014-12-21 20:29 - 00623474 _____ () C:\Windows\system32\perfh01F.dat
2015-02-25 16:41 - 2014-12-21 20:29 - 00127160 _____ () C:\Windows\system32\perfc01F.dat
2015-02-25 16:41 - 2014-12-21 20:06 - 00361828 _____ () C:\Windows\system32\prfh0804.dat
2015-02-25 16:41 - 2014-12-21 20:06 - 00108714 _____ () C:\Windows\system32\prfc0804.dat
2015-02-25 16:41 - 2014-12-21 19:21 - 00689166 _____ () C:\Windows\system32\perfh019.dat
2015-02-25 16:41 - 2014-12-21 19:21 - 00136882 _____ () C:\Windows\system32\perfc019.dat
2015-02-25 16:41 - 2014-12-21 19:09 - 00461784 _____ () C:\Windows\system32\perfh014.dat
2015-02-25 16:41 - 2014-12-21 19:09 - 00083050 _____ () C:\Windows\system32\perfc014.dat
2015-02-25 16:41 - 2014-12-21 18:56 - 00569414 _____ () C:\Windows\system32\perfh008.dat
2015-02-25 16:41 - 2014-12-21 18:56 - 00097958 _____ () C:\Windows\system32\perfc008.dat
2015-02-25 16:41 - 2014-12-21 18:44 - 00631692 _____ () C:\Windows\system32\perfh01D.dat
2015-02-25 16:41 - 2014-12-21 18:44 - 00129892 _____ () C:\Windows\system32\perfc01D.dat
2015-02-25 16:41 - 2014-12-21 18:33 - 00405726 _____ () C:\Windows\system32\perfh012.dat
2015-02-25 16:41 - 2014-12-21 18:33 - 00109432 _____ () C:\Windows\system32\perfc012.dat
2015-02-25 16:41 - 2014-12-21 18:21 - 00635988 _____ () C:\Windows\system32\perfh005.dat
2015-02-25 16:41 - 2014-12-21 18:21 - 00129338 _____ () C:\Windows\system32\perfc005.dat
2015-02-25 16:41 - 2014-12-21 17:52 - 00706446 _____ () C:\Windows\system32\perfh013.dat
2015-02-25 16:41 - 2014-12-21 17:52 - 00139702 _____ () C:\Windows\system32\perfc013.dat
2015-02-25 16:41 - 2014-12-21 17:33 - 00448744 _____ () C:\Windows\system32\perfh00B.dat
2015-02-25 16:41 - 2014-12-21 17:33 - 00088100 _____ () C:\Windows\system32\perfc00B.dat
2015-02-25 16:41 - 2014-12-21 17:24 - 00649200 _____ () C:\Windows\system32\perfh00E.dat
2015-02-25 16:41 - 2014-12-21 17:24 - 00157556 _____ () C:\Windows\system32\perfc00E.dat
2015-02-25 16:41 - 2014-12-21 17:07 - 00709354 _____ () C:\Windows\system32\perfh00A.dat
2015-02-25 16:41 - 2014-12-21 17:07 - 00145038 _____ () C:\Windows\system32\perfc00A.dat
2015-02-25 16:41 - 2014-12-21 16:57 - 00364110 _____ () C:\Windows\system32\perfh00D.dat
2015-02-25 16:41 - 2014-12-21 16:57 - 00073806 _____ () C:\Windows\system32\perfc00D.dat
2015-02-25 16:41 - 2014-12-21 16:35 - 00704830 _____ () C:\Windows\system32\perfh010.dat
2015-02-25 16:41 - 2014-12-21 16:35 - 00134444 _____ () C:\Windows\system32\perfc010.dat
2015-02-25 16:41 - 2014-12-21 16:26 - 00711250 _____ () C:\Windows\system32\perfh00C.dat
2015-02-25 16:41 - 2014-12-21 16:26 - 00447360 _____ () C:\Windows\system32\perfh001.dat
2015-02-25 16:41 - 2014-12-21 16:26 - 00136800 _____ () C:\Windows\system32\perfc00C.dat
2015-02-25 16:41 - 2014-12-21 16:26 - 00083820 _____ () C:\Windows\system32\perfc001.dat
2015-02-25 16:41 - 2011-04-12 08:43 - 00660662 _____ () C:\Windows\system32\perfh007.dat
2015-02-25 16:41 - 2011-04-12 08:43 - 00135494 _____ () C:\Windows\system32\perfc007.dat
2015-02-25 16:41 - 2009-07-14 06:13 - 16757306 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-25 16:36 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-25 16:35 - 2015-01-22 23:47 - 00002262 _____ () C:\Windows\setupact.log
2015-02-25 11:45 - 2015-01-22 23:47 - 00007290 _____ () C:\Windows\PFRO.log
2015-02-25 11:45 - 2014-12-20 11:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-25 11:27 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-25 11:09 - 2014-12-22 00:09 - 00000000 ____D () C:\Users\Shorty\AppData\Roaming\TS3Client
2015-02-25 10:12 - 2015-01-13 17:51 - 00000000 ____D () C:\Users\Shorty\AppData\Local\Overwolf
2015-02-25 09:14 - 2015-01-21 00:19 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-02-25 09:09 - 2015-01-19 12:54 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-25 02:28 - 2014-12-20 11:36 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-02-25 02:16 - 2014-12-21 02:05 - 00000000 ____D () C:\Users\Shorty\Documents\Euro Truck Simulator 2
2015-02-24 23:47 - 2014-12-29 13:28 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-24 20:39 - 2014-12-20 11:42 - 00067088 _____ () C:\Users\Shorty\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-24 17:58 - 2009-07-14 05:45 - 00308144 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-24 17:56 - 2011-04-12 08:54 - 00000000 ____D () C:\Windows\CSC
2015-02-24 17:50 - 2009-07-14 03:34 - 00000474 _____ () C:\Windows\win.ini
2015-02-24 11:06 - 2014-12-20 11:16 - 00000000 ____D () C:\Users\Shorty
2015-02-24 10:55 - 2014-12-20 11:29 - 00000000 ____D () C:\Users\Shorty\AppData\Local\JDownloader v2.0
2015-02-20 09:40 - 2014-12-20 11:17 - 00000000 ____D () C:\Users\Shorty\AppData\Local\VirtualStore
2015-02-20 09:36 - 2014-12-31 00:29 - 00000000 ____D () C:\Users\Shorty\AppData\Roaming\dvdcss
2015-02-20 07:30 - 2015-01-16 10:32 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-20 07:30 - 2015-01-16 10:32 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-20 07:30 - 2014-12-20 14:12 - 00000000 ____D () C:\Users\Shorty\AppData\Local\Adobe
2015-02-19 20:45 - 2014-12-29 15:09 - 00000000 ____D () C:\Users\Shorty\AppData\Local\Microsoft Help
2015-02-17 09:03 - 2014-12-29 17:26 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-15 12:36 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-02-11 11:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing
2015-02-11 11:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\zh-HK
2015-02-11 11:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\uk-UA
2015-02-11 11:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\tr-TR
2015-02-11 11:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\th-TH
2015-02-11 11:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\sr-Latn-CS
2015-02-11 11:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\sl-SI
2015-02-11 11:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\sk-SK
2015-02-11 11:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\ro-RO
2015-02-11 11:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\lv-LV
2015-02-11 11:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\lt-LT
2015-02-11 11:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\hr-HR
2015-02-11 11:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\he-IL
2015-02-11 11:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\et-EE
2015-02-11 11:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\bg-BG
2015-02-11 11:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\ar-SA
2015-02-11 11:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\zh-HK
2015-02-11 11:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\uk-UA
2015-02-11 11:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\tr-TR
2015-02-11 11:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\th-TH
2015-02-11 11:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\sr-Latn-CS
2015-02-11 11:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\sl-SI
2015-02-11 11:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\sk-SK
2015-02-11 11:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\ro-RO
2015-02-11 11:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\lv-LV
2015-02-11 11:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\lt-LT
2015-02-11 11:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\hr-HR
2015-02-11 11:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\he-IL
2015-02-11 11:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\et-EE
2015-02-11 11:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\bg-BG
2015-02-11 11:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\ar-SA
2015-02-11 11:12 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-02-11 10:36 - 2014-12-30 05:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-02-11 10:29 - 2015-01-13 22:57 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-11 10:25 - 2014-12-20 18:03 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-09 14:14 - 2015-01-17 01:46 - 00000000 ____D () C:\Program Files (x86)\Pro Evolution Soccer 2015
2015-02-09 13:51 - 2015-01-23 00:15 - 00001672 _____ () C:\Users\Shorty\Desktop\PESGalaxySwitch - Verknüpfung.lnk
2015-02-09 13:50 - 2015-01-23 00:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pesgalaxy.com Patch 2015
2015-02-04 04:56 - 2015-01-22 16:15 - 16128576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-02-04 04:56 - 2014-12-20 11:23 - 00072904 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-02-04 04:56 - 2014-12-20 11:23 - 00059592 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-02-04 04:56 - 2014-12-20 11:22 - 18634072 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-02-04 04:56 - 2014-12-20 11:22 - 00026155 _____ () C:\Windows\system32\nvinfo.pb
2015-02-04 03:21 - 2014-12-20 11:23 - 06782152 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-02-04 03:21 - 2014-12-20 11:23 - 03522376 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-02-04 03:21 - 2014-12-20 11:23 - 02558792 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-02-04 03:21 - 2014-12-20 11:23 - 00384200 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-02-04 03:21 - 2014-12-20 11:23 - 00062792 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-02-03 17:18 - 2014-12-20 11:23 - 04229086 _____ () C:\Windows\system32\nvcoproc.bin
2015-02-02 08:41 - 2015-01-09 17:32 - 00000000 ____D () C:\Users\Shorty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-01-31 16:36 - 2014-12-20 20:46 - 00000000 ____D () C:\Users\Shorty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-01-29 17:08 - 2014-12-23 05:33 - 00007669 _____ () C:\Users\Shorty\AppData\Local\resmon.resmoncfg
2015-01-29 12:48 - 2015-01-13 17:52 - 00000000 ____D () C:\Program Files (x86)\Overwolf
2015-01-29 11:51 - 2011-04-12 08:54 - 00000000 __SHD () C:\Windows\BitLockerDiscoveryVolumeContents
2015-01-29 11:14 - 2015-01-08 15:23 - 00000000 ____D () C:\Users\Shorty\AppData\Roaming\HP

==================== Files in the root of some directories =======

2015-02-24 04:24 - 2015-02-24 04:24 - 0002613 _____ () C:\Users\Shorty\AppData\Local\recently-used.xbel
2014-12-23 05:33 - 2015-01-29 17:08 - 0007669 _____ () C:\Users\Shorty\AppData\Local\resmon.resmoncfg

Some content of TEMP:
====================
C:\Users\Shorty\AppData\Local\Temp\proxy_vole5080829650816756054.dll
C:\Users\Shorty\AppData\Local\Temp\sdan.exe
C:\Users\Shorty\AppData\Local\Temp\sdapk.exe
C:\Users\Shorty\AppData\Local\Temp\sdaspwn.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-23 12:14

==================== End Of Log ============================
--- --- ---

--- --- ---


Zitat:
Zitat von schrauber (Beitrag 1432808)
Hi,

die beiden Funde sind weniger wild. Ist der Proxy in Firefox mit Absicht drin?
die hatte ich vergessen rauszunehmen waren nur zur Testzwecken drin sind jetzt draußen

schrauber 26.02.2015 08:02
Hättest du meine erste Antwort gelesen hättest Du gewusst dass all die Scans umsonst waren :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 13:59 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55