Trojan Generic,virus gefunden
Guten Tag,
ich habe einen Laptop mit windows 7 system,64 bit.
vor ein paar Tagen ,wurde das System von selbst heruntergefahren mit einem Signal und blauem Desktop, wegen Systemfehlern.
ein Malware Programm fand einen Trojan und Virus,es ließ sich nicht löschen.
das Programm hat es mir geraten,mich an die Profis zu wenden,die mir weiter helfen können.
Ich habe dieses Forum ein paar Tage durchgelesen,um alle Regeln richtig zu befolgen.
das sind die Logfiles, von dem Programm "FRST"
vielen,lieben Dank für Ihre Mühe im Vorraus Code:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:55:27, on 25.04.2015
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17416)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Users\Ruslan\Documents\Downloads\HiJackThis204.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll
O4 - HKLM\..\Run: [CLMLServer_For_P2G8] "C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
O4 - HKLM\..\Run: [CLVirtualDrive] "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [YouCam Service] "C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe" /s
O4 - HKLM\..\Run: [Avira Systray] C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Users\Ruslan\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [KSS] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" /autorun
O4 - HKUS\S-1-5-21-599557344-2466952469-489558975-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [uTorrent] "C:\Users\Ruslan\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED (User '?')
O4 - HKUS\S-1-5-21-599557344-2466952469-489558975-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun (User '?')
O4 - HKUS\S-1-5-21-599557344-2466952469-489558975-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\..\Run: [uTorrent] "C:\Users\Ruslan\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED (User '?')
O4 - HKUS\S-1-5-21-599557344-2466952469-489558975-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\..\Run: [uTorrent] "C:\Users\Ruslan\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED (User '?')
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
O9 - Extra button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-154514-44482-15/4 (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-154514-44482-15/4 (file missing) (HKCU)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: _C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC32LO~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira Email-Schutz (AntiVirMailService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
O23 - Service: Avira Planer (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Echtzeit-Scanner (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Browser-Schutz (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
O23 - Service: Avira Service Host (Avira.OE.ServiceHost) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
O23 - Service: BTDevManager - Unknown owner - C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: CyberLink PowerDVD 10 MS Monitor Service - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe
O23 - Service: CyberLink PowerDVD 10 MS Service - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update-Dienst (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Kaspersky Security Scan Service (KSS) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe (file missing)
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo64 Service(CRVS) (RichVideo64) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo64.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 10443 bytes
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-04-2015
Ran by Ruslan (administrator) on RUSLANBOGUN on 25-04-2015 17:28:52
Running from C:\Users\Ruslan\Documents\Downloads
Loaded Profiles: Ruslan & (Available profiles: Ruslan)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTDevMgr.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [280576 2013-09-29] (Realtek Semiconductor Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13653720 2013-09-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1353944 2013-09-16] (Realtek Semiconductor)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111576 2013-08-05] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [490760 2013-11-26] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-11] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2013-09-18] (CyberLink Corp.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [726320 2015-04-01] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [ConfirmFileDelete] 1
HKU\S-1-5-21-599557344-2466952469-489558975-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31683168 2015-03-25] (Skype Technologies S.A.)
HKU\S-1-5-21-599557344-2466952469-489558975-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [uTorrent] => "C:\Users\Ruslan\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
HKU\S-1-5-21-599557344-2466952469-489558975-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31683168 2015-03-25] (Skype Technologies S.A.)
HKU\S-1-5-21-599557344-2466952469-489558975-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [uTorrent] => "C:\Users\Ruslan\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
HKU\S-1-5-21-599557344-2466952469-489558975-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31683168 2015-03-25] (Skype Technologies S.A.)
HKU\S-1-5-21-599557344-2466952469-489558975-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Run: [uTorrent] => "C:\Users\Ruslan\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
HKU\S-1-5-21-599557344-2466952469-489558975-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31683168 2015-03-25] (Skype Technologies S.A.)
AppInit_DLLs-x32: _C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC32LO~1.DLL => "C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC32LO~1.DLL" File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2014-12-29]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:52911;https=127.0.0.1:52911
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-599557344-2466952469-489558975-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-599557344-2466952469-489558975-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-599557344-2466952469-489558975-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-599557344-2466952469-489558975-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF ProfilePath: C:\Users\Ruslan\AppData\Roaming\Mozilla\Firefox\Profiles\yn51tymn.default
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-04-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-04-06] (Google Inc.)
FF user.js: detected! => C:\Users\Ruslan\AppData\Roaming\Mozilla\Firefox\Profiles\yn51tymn.default\user.js [2015-01-18]
FF SearchPlugin: C:\Users\Ruslan\AppData\Roaming\Mozilla\Firefox\Profiles\yn51tymn.default\searchplugins\avira-safesearch.xml [2015-04-03]
FF Extension: Avira Browser Safety - C:\Users\Ruslan\AppData\Roaming\Mozilla\Firefox\Profiles\yn51tymn.default\Extensions\abs@avira.com [2015-04-03]
FF Extension: Avira SafeSearch - C:\Users\Ruslan\AppData\Roaming\Mozilla\Firefox\Profiles\yn51tymn.default\Extensions\safesearch@avira.com [2015-04-03]
FF HKU\S-1-5-21-599557344-2466952469-489558975-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
FF HKU\S-1-5-21-599557344-2466952469-489558975-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF HKU\S-1-5-21-599557344-2466952469-489558975-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF HKU\S-1-5-21-599557344-2466952469-489558975-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-30]
CHR Extension: (Google Docs) - C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-30]
CHR Extension: (Google Drive) - C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-30]
CHR Extension: (YouTube) - C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-30]
CHR Extension: (Google Search) - C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-30]
CHR Extension: (Google Sheets) - C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-30]
CHR Extension: (Avira Browser Safety) - C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-12-30]
CHR Extension: (Bookmark Manager) - C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-10]
CHR Extension: (OkTools) - C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jicldjademmddamblmdllfneeaeeclik [2015-01-28]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Google Wallet) - C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-30]
CHR Extension: (Bitdefender QuickScan) - C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie [2015-04-25]
CHR Extension: (Gmail) - C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-30]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [815920 2015-04-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-04-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-04-01] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1004280 2015-04-01] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [61440 2013-09-26] () [File not signed]
R2 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [74712 2013-03-11] (CyberLink)
R2 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [316376 2013-03-11] (CyberLink)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2013-03-06] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-03-10] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132120 2015-03-10] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-03-10] (Avira Operations GmbH & Co. KG)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-04-25] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R3 PegaRadioSwitch; C:\Windows\System32\drivers\PegaRadioSwitch.sys [23552 2013-08-22] (Windows (R) Win 7 DDK provider)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2014-05-27] ()
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [548056 2013-09-05] (Realtek Semiconductor Corporation)
S3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [2968280 2014-01-15] (Realtek Semiconductor Corporation )
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [2945240 2013-09-12] (Realtek Semiconductor Corporation )
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-08-14] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-14] (Synaptics Incorporated)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [87568 2013-07-01] (Intel Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
S3 a2acc; \??\C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [X]
S1 A2DDA; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [X]
S3 GENERICDRV; \??\C:\Users\ADMINI~1\AppData\Local\Temp\UBIOS\amifldrv64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-25 17:05 - 2015-04-25 17:29 - 00000000 ____D () C:\FRST
2015-04-25 17:01 - 2015-04-25 17:01 - 00000000 _____ () C:\Users\Ruslan\defogger_reenable
2015-04-25 14:23 - 2015-04-25 14:23 - 00000000 ____D () C:\Users\Ruslan\AppData\Roaming\QuickScan
2015-04-24 20:07 - 2015-04-25 14:02 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-24 20:06 - 2015-04-24 20:06 - 00001118 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-24 20:06 - 2015-04-24 20:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-24 20:06 - 2015-04-24 20:06 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-24 20:06 - 2015-04-24 20:06 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-24 20:06 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-24 20:06 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-24 20:06 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-24 19:17 - 2015-04-24 19:17 - 00000000 ____D () C:\ProgramData\Emsisoft
2015-04-22 19:35 - 2015-04-22 19:45 - 781207552 ____R () C:\Users\Ruslan\Downloads\Старец Паисий и я, стоящий вверх ногами_745.avi
2015-04-22 18:49 - 2015-04-22 20:12 - 00000000 ____D () C:\Users\Ruslan\Downloads\Earth Sounds of Summer(2015) mp3
2015-04-22 17:02 - 2015-04-22 18:00 - 00001148 _____ () C:\Users\Ruslan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware Guard.lnk
2015-04-22 16:13 - 2015-04-22 16:13 - 00000721 _____ () C:\Users\Ruslan\Documents\Desktop - Verknüpfung.lnk
2015-04-22 15:22 - 2015-04-22 15:22 - 00000000 ____D () C:\Medion
2015-04-22 01:25 - 2015-04-22 01:30 - 00432280 _____ () C:\Windows\Minidump\042215-20218-01.dmp
2015-04-21 21:23 - 2015-04-24 20:47 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2015-04-21 21:23 - 2015-04-24 20:05 - 00000000 ____D () C:\Users\Ruslan\Documents\Anti-Malware
2015-04-21 18:59 - 2015-04-21 18:59 - 00452568 _____ () C:\Windows\Minidump\042115-18718-01.dmp
2015-04-21 17:33 - 2015-04-21 17:34 - 00451928 _____ () C:\Windows\Minidump\042115-19609-01.dmp
2015-04-20 22:39 - 2015-04-20 22:40 - 00538632 _____ () C:\Windows\Minidump\042015-37609-01.dmp
2015-04-20 17:43 - 2015-04-22 00:10 - 00000000 ____D () C:\Users\Ruslan\Downloads\Genrih.4.Navarskij.2010.XviD.DVDRip
2015-04-18 15:23 - 2015-04-18 15:23 - 00000000 ____D () C:\Users\Ruslan\Tracing
2015-04-17 00:50 - 2015-04-22 00:09 - 00000000 ____D () C:\Users\Ruslan\Downloads\Последний человек на земле. Первый сезон
2015-04-17 00:49 - 2015-04-22 00:10 - 00000000 ____D () C:\Users\Ruslan\Downloads\The Last Man on Earth Season 1 CasStudio.TV
2015-04-17 00:49 - 2015-04-17 01:03 - 00000000 ____D () C:\Users\Ruslan\Downloads\The.Last.Man.On.Earth.S01.WEB-DLRip.Jaskier
2015-04-17 00:46 - 2015-04-17 01:01 - 1467484160 _____ () C:\Users\Ruslan\Downloads\Mortdecai.2015.L1.WEB-DLRip.1400Mb.avi
2015-04-16 00:52 - 2015-04-16 00:52 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-16 00:52 - 2015-04-16 00:52 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-15 20:03 - 2015-04-22 00:55 - 00000000 ____D () C:\Users\Ruslan\AppData\Roaming\vlc
2015-04-15 20:00 - 2015-04-15 20:00 - 00000891 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2015-04-15 20:00 - 2015-04-15 20:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-04-15 19:59 - 2015-04-15 19:59 - 00000000 ____D () C:\Program Files\VideoLAN
2015-04-15 19:46 - 2013-12-14 16:27 - 00002996 _____ () C:\Users\Ruslan\Documents\M0113.CTG
2015-04-15 19:46 - 2013-11-04 15:09 - 00000900 _____ () C:\Users\Ruslan\Documents\M0112.CTG
2015-04-15 19:46 - 2013-10-05 13:37 - 00002372 _____ () C:\Users\Ruslan\Documents\M0111.CTG
2015-04-15 19:46 - 2013-06-10 23:59 - 00000484 _____ () C:\Users\Ruslan\Documents\M0103.CTG
2015-04-15 19:46 - 2013-06-10 23:59 - 00000084 _____ () C:\Users\Ruslan\Documents\M0104.mov
2015-04-15 19:46 - 2013-06-08 12:52 - 00000116 _____ () C:\Users\Ruslan\Documents\M0102.CTG
2015-04-15 19:46 - 2013-06-07 11:57 - 00000356 _____ () C:\Users\Ruslan\Documents\M0101.CTG
2015-04-15 19:46 - 2013-06-07 11:57 - 00000116 _____ () C:\Users\Ruslan\Documents\M0100.CTG
2015-04-15 19:46 - 2013-05-17 13:37 - 00000100 _____ () C:\Users\Ruslan\Documents\M0105.vlc
2015-04-15 14:07 - 2015-03-23 23:59 - 07476032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-15 14:07 - 2015-03-23 23:59 - 01733952 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-15 14:07 - 2015-03-23 23:59 - 00360480 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-04-15 14:07 - 2015-03-23 23:58 - 01498872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-15 14:07 - 2015-03-23 23:45 - 00257216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-04-15 14:07 - 2015-03-20 06:12 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\microsoft-windows-system-events.dll
2015-04-15 14:07 - 2015-03-20 06:10 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-15 14:07 - 2015-03-20 06:10 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-15 14:07 - 2015-03-20 05:17 - 00411648 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-04-15 14:07 - 2015-03-20 04:41 - 00369152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-04-15 14:07 - 2015-03-20 04:40 - 00950784 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-04-15 14:07 - 2015-03-20 04:16 - 00749568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-04-15 14:07 - 2015-03-14 10:20 - 01385256 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-04-15 14:07 - 2015-03-14 10:13 - 01124352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-04-15 14:07 - 2015-03-13 06:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-15 14:07 - 2015-02-21 01:49 - 00780800 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll
2015-04-15 14:07 - 2014-10-29 04:48 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\workerdd.dll
2015-04-15 14:07 - 2014-10-29 04:43 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-04-15 14:07 - 2014-10-29 04:17 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-04-15 14:07 - 2014-10-29 03:58 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-04-15 14:07 - 2014-10-29 03:38 - 00087552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-04-15 14:07 - 2014-10-29 03:26 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-04-15 14:07 - 2014-10-29 03:26 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-04-15 14:07 - 2014-10-29 03:04 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-04-15 14:07 - 2014-10-29 03:04 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-04-15 14:06 - 2015-03-13 06:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-15 14:06 - 2015-03-13 06:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-15 14:06 - 2015-03-13 05:53 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-04-15 14:06 - 2015-03-13 05:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-15 14:06 - 2015-03-13 05:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-15 14:06 - 2015-03-13 05:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-15 14:06 - 2015-03-13 05:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-15 14:06 - 2015-03-13 05:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-15 14:06 - 2015-03-13 05:17 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-04-15 14:06 - 2015-03-13 05:16 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-04-15 14:06 - 2015-03-13 05:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-15 14:06 - 2015-03-13 05:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-15 14:06 - 2015-03-13 05:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-15 14:06 - 2015-03-13 04:50 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-04-15 14:06 - 2015-03-13 04:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-15 14:06 - 2015-03-13 04:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-15 14:06 - 2015-03-13 04:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-15 14:06 - 2015-03-13 04:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-15 14:06 - 2015-03-13 04:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-15 14:06 - 2015-03-13 04:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-15 14:06 - 2015-03-13 04:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-15 14:06 - 2015-03-13 04:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-15 14:06 - 2015-03-13 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-15 14:05 - 2015-03-23 00:45 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-15 14:05 - 2015-03-23 00:09 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-15 14:05 - 2015-03-23 00:09 - 00957440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-15 14:05 - 2015-03-23 00:09 - 00769024 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-15 14:05 - 2015-03-23 00:09 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-15 14:05 - 2015-03-23 00:09 - 00419328 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-15 14:05 - 2015-03-23 00:09 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-15 14:05 - 2015-03-14 10:54 - 00133256 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-15 14:05 - 2015-03-14 03:56 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-15 14:05 - 2015-03-14 03:56 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-15 14:05 - 2015-03-14 03:51 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-15 14:05 - 2015-03-14 03:37 - 00267264 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-15 14:05 - 2015-03-14 03:14 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-15 14:05 - 2015-03-14 02:22 - 03678720 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-15 14:05 - 2015-03-14 02:12 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-15 14:05 - 2015-03-14 02:12 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-15 14:05 - 2015-03-14 02:09 - 00200192 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2015-04-15 14:05 - 2015-03-14 02:08 - 00408064 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-04-15 14:05 - 2015-03-14 02:08 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-15 14:05 - 2015-03-14 02:06 - 02373632 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-15 14:05 - 2015-03-14 02:06 - 00891392 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-15 14:05 - 2015-03-14 02:02 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-15 14:05 - 2015-03-14 02:02 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-15 14:05 - 2015-03-14 01:59 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-15 14:05 - 2015-03-14 01:59 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-15 14:05 - 2015-03-13 04:58 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2015-04-15 14:05 - 2015-03-13 04:37 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2015-04-15 14:05 - 2015-03-04 12:25 - 00377152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys
2015-04-15 14:05 - 2015-03-04 05:04 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-15 14:05 - 2015-03-04 04:19 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-15 14:05 - 2015-02-24 10:32 - 00991552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-15 14:05 - 2014-12-03 01:09 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-15 14:05 - 2014-10-18 08:50 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll
2015-04-14 11:44 - 2015-04-14 11:58 - 1402628096 ____R () C:\Users\Ruslan\Downloads\The.Good.Lie.2014.avi
2015-04-14 11:43 - 2015-04-14 11:52 - 1468049408 _____ () C:\Users\Ruslan\Downloads\D1kaya.2014.P.HDRip.1400MB.avi
2015-04-14 11:41 - 2015-04-14 11:46 - 793810944 _____ () C:\Users\Ruslan\Downloads\Искатель воды.avi
2015-04-12 17:49 - 2015-04-12 17:54 - 810285056 _____ () C:\Users\Ruslan\Downloads\Outlander.s01e09.WEBDLRip.Rus.Eng.DV.AlexFilm.avi
2015-04-12 14:42 - 2015-04-12 14:46 - 347526876 _____ () C:\Users\Ruslan\Downloads\Kolodci vremeni.avi
2015-04-12 14:37 - 2015-04-12 14:46 - 823362160 _____ () C:\Users\Ruslan\Downloads\Celitel.Luka(2015)HDTVRip.by.runetzone.avi
2015-04-12 14:37 - 2015-04-12 14:45 - 966339452 ____R () C:\Users\Ruslan\Downloads\Sekretnye.territorii.Lozhnaya.istoriya.2015.SATRip.avi
2015-04-12 14:33 - 2015-04-12 14:38 - 438344104 _____ () C:\Users\Ruslan\Downloads\Raspad SSSR.avi
2015-04-12 13:00 - 2015-04-12 13:20 - 878508032 ____R () C:\Users\Ruslan\Downloads\Zhena.Ksenija.Alferova.2015.XviD.IPTVRip.avi
2015-04-06 19:00 - 2015-04-06 19:08 - 1566580736 ____R () C:\Users\Ruslan\Downloads\Tajnoe.vle4enie.2013.P.HDRip.avi
2015-04-06 15:18 - 2015-04-06 15:29 - 780779520 ____R () C:\Users\Ruslan\Downloads\Kolca.Almazora.1977.XviD.DVDRip.Kinozal.tv.avi
2015-04-06 11:33 - 2015-04-22 01:45 - 00002199 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-06 11:33 - 2015-04-06 11:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-04-06 11:32 - 2015-04-25 16:37 - 00000922 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-06 11:32 - 2015-04-25 14:01 - 00000918 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-06 11:32 - 2015-04-06 11:32 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-04-06 11:32 - 2015-04-06 11:32 - 00003658 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-04-06 07:26 - 2015-04-06 07:44 - 781910016 _____ () C:\Users\Ruslan\Downloads\Lyudi dobrye_Rus_by Diablo93.avi
2015-04-06 05:49 - 2015-04-06 05:49 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-06 05:49 - 2015-04-06 05:49 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-06 05:12 - 2015-04-07 22:24 - 00000000 ____D () C:\Users\Ruslan\Downloads\Savannah 2013
2015-04-06 05:09 - 2015-04-06 11:34 - 1565112320 _____ () C:\Users\Ruslan\Downloads\Doktor.Akagi_1998.DVDRip.avi
2015-04-06 05:09 - 2015-04-06 05:41 - 1574383616 ____R () C:\Users\Ruslan\Downloads\The.Cosmonaut.2013.web-dlrip_[1.46]_[teko].avi
2015-04-06 05:06 - 2015-04-09 01:25 - 00000000 ____D () C:\Users\Ruslan\Downloads\Brak.Korolya.Gustava.3.2001.XviD.TVRip
2015-04-06 05:06 - 2015-04-06 11:11 - 00000000 ____D () C:\Users\Ruslan\Downloads\Скандал в Белом Доме - Sally Hemings - An American Scandal [by alenavova]
2015-04-06 04:56 - 2015-04-06 09:12 - 1572677632 _____ () C:\Users\Ruslan\Downloads\Die.Schwarzen.Bruder.2013.HDRip.avi
2015-04-06 04:52 - 2015-04-06 11:10 - 00000000 ____D () C:\Users\Ruslan\Downloads\Middlemarch_[torrents.ru]
2015-04-06 04:51 - 2015-04-06 08:48 - 1576480768 _____ () C:\Users\Ruslan\Downloads\Mr.Turner.2014.HDRip.1500MB.Lord32x.avi
2015-04-06 04:41 - 2015-04-06 04:54 - 1564106752 ____R () C:\Users\Ruslan\Downloads\Solnechnyi.udar.2014.O.DVDRip.1.46GB_by_keeper.avi
2015-04-06 04:40 - 2015-04-07 22:24 - 00000000 ____D () C:\Users\Ruslan\Downloads\Siberiada.(4.filma.iz.4).1979.XviD.DVDRip.ExKinoRay
2015-04-05 05:13 - 2015-04-05 05:25 - 1564368896 _____ () C:\Users\Ruslan\Downloads\Osvoboditel.2013.HDRip.avi
2015-04-04 06:40 - 2015-04-04 06:57 - 1470802100 _____ () C:\Users\Ruslan\Downloads\Вау-вау (Wah-Wah)(2005).avi
2015-04-04 06:21 - 2015-04-04 10:08 - 00000000 ____D () C:\Users\Ruslan\Downloads\Farca.2015.WEB-DLRip.ExKinoRay
2015-04-03 22:31 - 2015-04-03 22:49 - 1560249732 _____ () C:\Users\Ruslan\Downloads\Stil'naja.Shtuchka.(2002).BDRip.avi
2015-04-03 22:04 - 2015-04-03 22:04 - 00481904 _____ () C:\Windows\Minidump\040315-17734-01.dmp
2015-04-03 11:33 - 2015-04-03 11:44 - 740016298 _____ () C:\Users\Ruslan\Downloads\Ratatuj.2007.RUS.BDRip700MB.avi
2015-04-03 11:32 - 2015-04-03 11:47 - 783001600 _____ () C:\Users\Ruslan\Downloads\WALL-E.2008_[scarabey.org].avi
2015-04-03 11:31 - 2015-04-03 12:30 - 1563512832 ____R () C:\Users\Ruslan\Downloads\Daju.god.2013.D.DVDRip.IRONCLUB.avi
2015-04-03 11:18 - 2015-04-03 12:09 - 1473380352 ____R () C:\Users\Ruslan\Downloads\Tvoi.moi.i.nashi.2005.DivX.DVDRip.Kinozal.TV.avi
2015-04-03 11:06 - 2015-04-03 12:03 - 1475614720 ____R () C:\Users\Ruslan\Downloads\Sovmestnaya.Poezdka.2014.D.HDRip.avi
2015-04-03 11:03 - 2015-04-03 12:47 - 1472952175 ____R () C:\Users\Ruslan\Downloads\Mugchinu.Genchinu.i.Deti.2014.HDRip.by_Денис.mkv
2015-04-03 09:53 - 2015-04-12 21:06 - 00000000 ____D () C:\Users\Ruslan\Downloads\Univer.Novaya.obschaga.s08.2015.WEB-DLRip.by.ivandubskoj
2015-04-02 18:48 - 2015-04-02 18:49 - 00473048 _____ () C:\Windows\Minidump\040215-18515-01.dmp
2015-04-01 16:39 - 2015-04-01 22:10 - 00000000 ____D () C:\Users\Ruslan\Downloads\Univer.Novaya.Obshchaga.s8.SATRip
2015-04-01 14:34 - 2015-04-01 14:34 - 00001175 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-04-01 14:34 - 2015-04-01 14:34 - 00001163 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-04-01 14:34 - 2015-04-01 14:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-01 14:34 - 2015-04-01 14:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-30 18:40 - 2015-03-30 18:40 - 00284816 _____ () C:\Windows\Minidump\033015-28234-01.dmp
2015-03-30 15:02 - 2015-03-30 16:06 - 00000000 ____D () C:\Users\Ruslan\Downloads\Priklucheniya.Sherloka.Xolmsa.i.Doktora.Vatsona.1979-1986.XviD.DVDRip-Kinozal.TV
2015-03-30 02:48 - 2015-03-30 02:48 - 00002074 _____ () C:\Users\Public\Desktop\Panorama Maker 6.lnk
2015-03-30 02:48 - 2015-03-30 02:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft Panorama Maker 6
2015-03-30 02:48 - 2015-03-30 02:48 - 00000000 ____D () C:\Program Files (x86)\ArcSoft
2015-03-30 02:46 - 2015-04-06 11:07 - 00000000 ____D () C:\Users\Ruslan\AppData\Roaming\ArcSoft
2015-03-30 02:46 - 2015-03-30 02:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Link to Nikon
2015-03-29 19:13 - 2015-03-29 19:14 - 00460792 _____ () C:\Windows\Minidump\032915-20500-01.dmp
2015-03-27 23:51 - 2015-04-21 23:40 - 00000000 ____D () C:\Users\Ruslan\Documents\foto
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-25 17:10 - 2014-12-29 17:29 - 01847331 _____ () C:\Windows\WindowsUpdate.log
2015-04-25 17:03 - 2014-12-29 17:45 - 00003594 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-599557344-2466952469-489558975-1001
2015-04-25 17:01 - 2014-12-29 17:37 - 00000000 ____D () C:\Users\Ruslan
2015-04-25 16:58 - 2014-12-29 19:57 - 00000000 ____D () C:\Users\Ruslan\AppData\Roaming\uTorrent
2015-04-25 15:01 - 2014-12-29 17:37 - 01314644 _____ () C:\Users\Ruslan\AppData\Local\BTServer.log
2015-04-25 15:00 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sru
2015-04-25 14:35 - 2014-12-29 20:07 - 00002715 _____ () C:\Users\Public\Desktop\Skype.lnk
2015-04-25 14:35 - 2014-12-29 20:07 - 00000000 ____D () C:\Users\Ruslan\AppData\Roaming\Skype
2015-04-25 14:35 - 2014-12-29 20:07 - 00000000 ____D () C:\ProgramData\Skype
2015-04-25 14:35 - 2014-12-29 20:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-04-25 14:07 - 2014-12-29 17:51 - 00003946 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{5341CFB2-8522-4353-B82C-1F9953A7BFAA}
2015-04-25 14:02 - 2014-12-29 17:41 - 00000000 ____D () C:\Users\Ruslan\Documents\Youcam
2015-04-25 14:00 - 2014-12-29 17:47 - 00000000 __RDO () C:\Users\Ruslan\OneDrive
2015-04-24 20:47 - 2014-03-18 10:16 - 00461432 _____ () C:\Windows\PFRO.log
2015-04-24 20:47 - 2013-08-22 16:46 - 00117853 _____ () C:\Windows\setupact.log
2015-04-24 20:47 - 2013-08-22 16:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-24 20:47 - 2013-08-22 16:45 - 00000000 ____D () C:\Windows\Setup
2015-04-24 20:47 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-04-24 20:45 - 2014-12-29 17:38 - 00000000 ____D () C:\Users\Ruslan\AppData\Local\VirtualStore
2015-04-24 19:13 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\NDF
2015-04-24 17:11 - 2015-01-06 13:13 - 00000000 ____D () C:\Users\Ruslan\AppData\Roaming\HpUpdate
2015-04-23 21:44 - 2015-02-26 17:04 - 01098752 ___SH () C:\Users\Ruslan\Downloads\Thumbs.db
2015-04-23 14:51 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-04-22 23:41 - 2013-08-22 17:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-04-22 21:32 - 2015-01-16 18:04 - 00000000 ____D () C:\Users\Ruslan\Documents\Neuer Ordner
2015-04-22 16:13 - 2015-01-09 01:51 - 02891776 ___SH () C:\Users\Ruslan\Documents\Thumbs.db
2015-04-22 16:10 - 2015-01-13 19:58 - 00000000 ____D () C:\Users\Ruslan\Documents\rechnungi
2015-04-22 01:25 - 2015-03-18 13:15 - 592985656 _____ () C:\Windows\MEMORY.DMP
2015-04-22 01:25 - 2015-03-18 13:15 - 00000000 ____D () C:\Windows\Minidump
2015-04-21 23:50 - 2015-01-13 17:50 - 01124292 _____ () C:\Users\Ruslan\Documents\8efd658c.jpeg
2015-04-21 23:50 - 2015-01-13 17:47 - 00264669 _____ () C:\Users\Ruslan\Documents\31f4fb0a.jpeg
2015-04-20 22:54 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\LiveKernelReports
2015-04-18 15:22 - 2014-12-29 20:07 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-04-18 15:19 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\rescache
2015-04-16 12:55 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\AppCompat
2015-04-15 19:47 - 2014-04-28 13:38 - 00765582 _____ () C:\Windows\system32\perfh007.dat
2015-04-15 19:47 - 2014-04-28 13:38 - 00159366 _____ () C:\Windows\system32\perfc007.dat
2015-04-15 19:47 - 2014-03-18 17:26 - 01776918 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-15 14:45 - 2015-01-01 07:01 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-15 14:35 - 2014-04-24 18:12 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-15 14:35 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2015-04-14 01:24 - 2015-01-01 11:32 - 00792056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-14 01:24 - 2015-01-01 11:32 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-11 16:42 - 2014-05-28 16:10 - 00000000 ____D () C:\ProgramData\Realtek
2015-04-06 11:33 - 2014-12-30 13:24 - 00000000 ____D () C:\Program Files (x86)\Google
2015-04-03 09:53 - 2015-03-17 15:05 - 00000000 ____D () C:\Users\Ruslan\Downloads\ОРЛОВА И АЛЕКСАНДРОВ
2015-04-01 10:09 - 2014-12-30 02:02 - 00000000 ____D () C:\Users\Ruslan\AppData\Roaming\Avira
2015-04-01 10:08 - 2014-12-29 20:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-04-01 10:07 - 2014-12-29 20:26 - 00000000 ____D () C:\ProgramData\Avira
2015-03-30 02:48 - 2014-04-25 09:22 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-03-29 07:39 - 2015-03-18 16:48 - 00000000 ____D () C:\Users\Ruslan\Downloads\L'extravagant voyage du jeune et prodigieux T.S. Spivet
==================== Files in the root of some directories =======
2014-12-29 17:37 - 2015-04-25 15:01 - 1314644 _____ () C:\Users\Ruslan\AppData\Local\BTServer.log
2015-02-07 10:38 - 2015-02-07 10:38 - 0000000 _____ () C:\Users\Ruslan\AppData\Local\{8E8BBC6B-1C2A-401C-BF12-7CFCB109E226}
2015-01-06 13:12 - 2015-01-06 13:12 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-05-28 15:55 - 2014-05-28 15:55 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-05-28 17:12 - 2014-05-28 17:16 - 0000104 _____ () C:\ProgramData\{01FB4998-33C4-4431-85ED-079E3EEFE75D}.log
2014-05-28 17:16 - 2014-05-28 17:18 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2014-05-28 16:53 - 2014-05-28 16:55 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2014-05-28 17:10 - 2014-05-28 17:12 - 0000111 _____ () C:\ProgramData\{44510C84-AE2A-4079-A75B-D44E68D73B9A}.log
2014-05-28 17:03 - 2014-05-28 17:03 - 0000032 _____ () C:\ProgramData\{551F492A-01B0-4DC4-866F-875EC4EDC0A8}.log
2014-05-28 16:45 - 2014-05-28 16:46 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2014-05-28 17:03 - 2014-05-28 17:09 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log
2014-05-28 16:46 - 2014-05-28 16:52 - 0000110 _____ () C:\ProgramData\{E3739848-5329-48E3-8D28-5BBD6E8BE384}.log
2014-05-28 16:56 - 2014-05-28 16:56 - 0000110 _____ () C:\ProgramData\{E3D04529-6EDB-11D8-A372-0050BAE317E1}.log
Some content of TEMP:
====================
C:\Users\Ruslan\AppData\Local\Temp\avgnt.exe
C:\Users\Ruslan\AppData\Local\Temp\COMAP.EXE
C:\Users\Ruslan\AppData\Local\Temp\E1246211-E4A1-C8D7-5281-66618C7846FB.dll
C:\Users\Ruslan\AppData\Local\Temp\i111C.tmp.exe
C:\Users\Ruslan\AppData\Local\Temp\i5994.tmp.exe
C:\Users\Ruslan\AppData\Local\Temp\iB94A.tmp.exe
C:\Users\Ruslan\AppData\Local\Temp\ICSW_0D1F2W1G1I1F1T1Q0A1B2Z1C1F1V0P0P0C.exe
C:\Users\Ruslan\AppData\Local\Temp\iF58B.tmp.exe
C:\Users\Ruslan\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Ruslan\AppData\Local\Temp\Uninstall.exe
C:\Users\Ruslan\AppData\Local\Temp\_is2625.exe
C:\Users\Ruslan\AppData\Local\Temp\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}_N360_26755.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-04-19 17:21
==================== End Of Log ============================
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-04-2015
Ran by Ruslan at 2015-04-25 17:31:22
Running from C:\Users\Ruslan\Documents\Downloads
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-599557344-2466952469-489558975-500 - Administrator - Disabled)
Gast (S-1-5-21-599557344-2466952469-489558975-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-599557344-2466952469-489558975-1003 - Limited - Enabled)
Ruslan (S-1-5-21-599557344-2466952469-489558975-1001 - Administrator - Enabled) => C:\Users\Ruslan
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-599557344-2466952469-489558975-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\uTorrent) (Version: 3.4.2.39710 - BitTorrent Inc.)
µTorrent (HKU\S-1-5-21-599557344-2466952469-489558975-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\uTorrent) (Version: 3.4.2.39710 - BitTorrent Inc.)
µTorrent (HKU\S-1-5-21-599557344-2466952469-489558975-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\uTorrent) (Version: 3.4.2.39710 - BitTorrent Inc.)
ArcSoft Panorama Maker 6 (HKLM-x32\...\{DABFD34E-BE68-4BC6-9254-5D7A7FF76B99}) (Version: 6.0.8.85 - ArcSoft)
Ashampoo AppLauncher (Medion) v.1.0.0 (HKLM-x32\...\Ashampoo AppLauncher (Medion)_is1) (Version: 1.0.0 - Ashampoo GmbH & Co. KG)
Avira (HKLM-x32\...\{e7c7c227-b742-4878-9425-f09bbf9951db}) (Version: 1.1.27.25527 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.27.25527 - Avira Operations & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.9.504 - Avira Operations GmbH & Co. KG)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
CyberLink Home Cinema 10 (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
CyberLink PowerDirector 11 (Version: 11.0.0.3714 - CyberLink Corp.) Hidden
CyberLink PowerRecover (HKLM-x32\...\InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.7.0.2527 - CyberLink Corp.)
CyberLink PowerRecover (Version: 5.7.0.2527 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.5.1.1 - Dolby Laboratories Inc)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Fotogalerija (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Fotogalleri (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Fotogalleriet (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Fotoğraf Galerisi (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Fotótár (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Galeria de Fotografias (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Galería de fotos (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Galeria fotografii (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2376.0 - Google Inc.)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
HP Officejet 6500 E710n-z - Grundlegende Software für das Gerät (HKLM\...\{56F91CE8-0168-4619-8FEC-13F5087E40F8}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 6500 E710n-z Hilfe (HKLM-x32\...\{130E5108-547F-4482-91EE-F45C784E08C7}) (Version: 140.0.2.2 - Hewlett Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3349 - Intel Corporation)
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1050 - Intel Corporation)
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 37.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 37.0 (x86 de)) (Version: 37.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 37.0 - Mozilla)
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Podstawowe programy Windows Live (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Raccolta foto (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 3.769.769.093013 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39052 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7045 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0227 - REALTEK Semiconductor Corp.)
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
Studie zur Verbesserung von HP Officejet 6500 E710n-z Produkten (HKLM\...\{6F4652BE-D68A-40DC-9075-4017EC6CF6A9}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.9.1 - Synaptics Incorporated)
Valokuvavalikoima (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.2.0 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Συλλογή φωτογραφιών (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
06-04-2015 05:47:24 Windows Update
14-04-2015 11:07:02 Geplanter Prüfpunkt
21-04-2015 16:41:39 Geplanter Prüfpunkt
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0C29EB5E-86F7-4B41-A53B-BF85F9D4D029} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {0FB92790-D4D4-4917-A0EF-0B2155DC9066} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-08-14] (Synaptics Incorporated)
Task: {371D6039-B1D8-40F7-B98A-690C7E926BD6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-06] (Google Inc.)
Task: {57058479-3302-4ADC-AD63-95E3883CAD17} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {57344175-594B-448E-A602-4B2449F27224} - System32\Tasks\HPCustParticipation HP Officejet 6500 E710n-z => C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {6931A675-E00D-4D91-A9A2-7882CE166016} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {99B416C3-3A23-4A1B-A6C3-F426F4F80C7F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-06] (Google Inc.)
Task: {A0DFD97A-11DF-4F86-8F8E-A819F20E03D4} - System32\Tasks\PC Speed Maximizer Schedule => C:\Program Files (x86)\PC Speed Maximizer\SPMSchedule.exe
Task: {BE7F51EE-1794-498A-962D-9958EE054D8B} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {C542D32C-977E-4602-A09C-B029D98F6F56} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {DE108ABD-30F1-4B75-B23F-4891B7989600} - \SmartWeb Upgrade Trigger Task No Task File <==== ATTENTION
Task: {E585AAB7-8BAD-4F1E-9CEF-11946F195D84} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-04-15] (Microsoft Corporation)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) ==============
2014-05-28 16:10 - 2013-09-26 21:08 - 00061440 _____ () C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
2014-05-28 17:03 - 2013-03-06 15:42 - 00389896 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2015-04-22 01:45 - 2015-04-21 06:19 - 01728328 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2376.0\libglesv2.dll
2015-04-22 01:45 - 2015-04-21 06:19 - 00093000 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2376.0\libegl.dll
2015-04-22 01:45 - 2015-04-21 06:19 - 26787656 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2376.0\PepperFlash\pepflashplayer.dll
2014-05-28 16:53 - 2013-08-05 09:49 - 00627672 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-08-05 16:48 - 2013-08-05 16:48 - 00016856 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\Ruslan\OneDrive:ms-properties
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-599557344-2466952469-489558975-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Ruslan\Documents\Downloads\union_island_lesser_antilles-1600x1200.jpg
HKU\S-1-5-21-599557344-2466952469-489558975-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Ruslan\Documents\Downloads\union_island_lesser_antilles-1600x1200.jpg
HKU\S-1-5-21-599557344-2466952469-489558975-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Control Panel\Desktop\\Wallpaper -> C:\Users\Ruslan\Documents\Downloads\union_island_lesser_antilles-1600x1200.jpg
HKU\S-1-5-21-599557344-2466952469-489558975-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Control Panel\Desktop\\Wallpaper -> C:\Users\Ruslan\Documents\Downloads\union_island_lesser_antilles-1600x1200.jpg
DNS Servers: 192.168.178.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (04/25/2015 05:32:00 PM) (Source: ESENT) (EventID: 537) (User: )
Description: svchost (1464) SRUJet: Ein Knoten wurde auf einer leeren Seite (Pgno: 395) (Fehler -351) für eine B-Struktur (ObjectId: 10, PgnoRoot: 45) der Datenbank 'C:\Windows\system32\SRU\SRUDB.dat' angefordert. Die Ursache hierfür ist normalerweise ein E/A-Verlust bei der
Speicherhardware. Fragen Sie Ihren Hardwarehersteller nach der neusten Firmwareversion, nehmen Sie Änderungen an den Cacheparametern Ihres Controllers vor, verwenden Sie absturzkonsistente Hardware mit Unterstützung von
erzwungenem Einheitenzugriff, und/oder ersetzen Sie fehlerhafte Hardware.
Error: (04/25/2015 05:31:00 PM) (Source: ESENT) (EventID: 537) (User: )
Description: svchost (1464) SRUJet: Ein Knoten wurde auf einer leeren Seite (Pgno: 395) (Fehler -351) für eine B-Struktur (ObjectId: 10, PgnoRoot: 45) der Datenbank 'C:\Windows\system32\SRU\SRUDB.dat' angefordert. Die Ursache hierfür ist normalerweise ein E/A-Verlust bei der
Speicherhardware. Fragen Sie Ihren Hardwarehersteller nach der neusten Firmwareversion, nehmen Sie Änderungen an den Cacheparametern Ihres Controllers vor, verwenden Sie absturzkonsistente Hardware mit Unterstützung von
erzwungenem Einheitenzugriff, und/oder ersetzen Sie fehlerhafte Hardware.
Error: (04/25/2015 05:30:00 PM) (Source: ESENT) (EventID: 537) (User: )
Description: svchost (1464) SRUJet: Ein Knoten wurde auf einer leeren Seite (Pgno: 395) (Fehler -351) für eine B-Struktur (ObjectId: 10, PgnoRoot: 45) der Datenbank 'C:\Windows\system32\SRU\SRUDB.dat' angefordert. Die Ursache hierfür ist normalerweise ein E/A-Verlust bei der
Speicherhardware. Fragen Sie Ihren Hardwarehersteller nach der neusten Firmwareversion, nehmen Sie Änderungen an den Cacheparametern Ihres Controllers vor, verwenden Sie absturzkonsistente Hardware mit Unterstützung von
erzwungenem Einheitenzugriff, und/oder ersetzen Sie fehlerhafte Hardware.
Error: (04/25/2015 05:29:00 PM) (Source: ESENT) (EventID: 537) (User: )
Description: svchost (1464) SRUJet: Ein Knoten wurde auf einer leeren Seite (Pgno: 395) (Fehler -351) für eine B-Struktur (ObjectId: 10, PgnoRoot: 45) der Datenbank 'C:\Windows\system32\SRU\SRUDB.dat' angefordert. Die Ursache hierfür ist normalerweise ein E/A-Verlust bei der
Speicherhardware. Fragen Sie Ihren Hardwarehersteller nach der neusten Firmwareversion, nehmen Sie Änderungen an den Cacheparametern Ihres Controllers vor, verwenden Sie absturzkonsistente Hardware mit Unterstützung von
erzwungenem Einheitenzugriff, und/oder ersetzen Sie fehlerhafte Hardware.
Error: (04/25/2015 05:28:00 PM) (Source: ESENT) (EventID: 537) (User: )
Description: svchost (1464) SRUJet: Ein Knoten wurde auf einer leeren Seite (Pgno: 395) (Fehler -351) für eine B-Struktur (ObjectId: 10, PgnoRoot: 45) der Datenbank 'C:\Windows\system32\SRU\SRUDB.dat' angefordert. Die Ursache hierfür ist normalerweise ein E/A-Verlust bei der
Speicherhardware. Fragen Sie Ihren Hardwarehersteller nach der neusten Firmwareversion, nehmen Sie Änderungen an den Cacheparametern Ihres Controllers vor, verwenden Sie absturzkonsistente Hardware mit Unterstützung von
erzwungenem Einheitenzugriff, und/oder ersetzen Sie fehlerhafte Hardware.
Error: (04/25/2015 05:27:00 PM) (Source: ESENT) (EventID: 537) (User: )
Description: svchost (1464) SRUJet: Ein Knoten wurde auf einer leeren Seite (Pgno: 395) (Fehler -351) für eine B-Struktur (ObjectId: 10, PgnoRoot: 45) der Datenbank 'C:\Windows\system32\SRU\SRUDB.dat' angefordert. Die Ursache hierfür ist normalerweise ein E/A-Verlust bei der
Speicherhardware. Fragen Sie Ihren Hardwarehersteller nach der neusten Firmwareversion, nehmen Sie Änderungen an den Cacheparametern Ihres Controllers vor, verwenden Sie absturzkonsistente Hardware mit Unterstützung von
erzwungenem Einheitenzugriff, und/oder ersetzen Sie fehlerhafte Hardware.
Error: (04/25/2015 05:26:00 PM) (Source: ESENT) (EventID: 537) (User: )
Description: svchost (1464) SRUJet: Ein Knoten wurde auf einer leeren Seite (Pgno: 395) (Fehler -351) für eine B-Struktur (ObjectId: 10, PgnoRoot: 45) der Datenbank 'C:\Windows\system32\SRU\SRUDB.dat' angefordert. Die Ursache hierfür ist normalerweise ein E/A-Verlust bei der
Speicherhardware. Fragen Sie Ihren Hardwarehersteller nach der neusten Firmwareversion, nehmen Sie Änderungen an den Cacheparametern Ihres Controllers vor, verwenden Sie absturzkonsistente Hardware mit Unterstützung von
erzwungenem Einheitenzugriff, und/oder ersetzen Sie fehlerhafte Hardware.
Error: (04/25/2015 05:25:00 PM) (Source: ESENT) (EventID: 537) (User: )
Description: svchost (1464) SRUJet: Ein Knoten wurde auf einer leeren Seite (Pgno: 395) (Fehler -351) für eine B-Struktur (ObjectId: 10, PgnoRoot: 45) der Datenbank 'C:\Windows\system32\SRU\SRUDB.dat' angefordert. Die Ursache hierfür ist normalerweise ein E/A-Verlust bei der
Speicherhardware. Fragen Sie Ihren Hardwarehersteller nach der neusten Firmwareversion, nehmen Sie Änderungen an den Cacheparametern Ihres Controllers vor, verwenden Sie absturzkonsistente Hardware mit Unterstützung von
erzwungenem Einheitenzugriff, und/oder ersetzen Sie fehlerhafte Hardware.
Error: (04/25/2015 05:24:00 PM) (Source: ESENT) (EventID: 537) (User: )
Description: svchost (1464) SRUJet: Ein Knoten wurde auf einer leeren Seite (Pgno: 395) (Fehler -351) für eine B-Struktur (ObjectId: 10, PgnoRoot: 45) der Datenbank 'C:\Windows\system32\SRU\SRUDB.dat' angefordert. Die Ursache hierfür ist normalerweise ein E/A-Verlust bei der
Speicherhardware. Fragen Sie Ihren Hardwarehersteller nach der neusten Firmwareversion, nehmen Sie Änderungen an den Cacheparametern Ihres Controllers vor, verwenden Sie absturzkonsistente Hardware mit Unterstützung von
erzwungenem Einheitenzugriff, und/oder ersetzen Sie fehlerhafte Hardware.
Error: (04/25/2015 05:23:00 PM) (Source: ESENT) (EventID: 537) (User: )
Description: svchost (1464) SRUJet: Ein Knoten wurde auf einer leeren Seite (Pgno: 395) (Fehler -351) für eine B-Struktur (ObjectId: 10, PgnoRoot: 45) der Datenbank 'C:\Windows\system32\SRU\SRUDB.dat' angefordert. Die Ursache hierfür ist normalerweise ein E/A-Verlust bei der
Speicherhardware. Fragen Sie Ihren Hardwarehersteller nach der neusten Firmwareversion, nehmen Sie Änderungen an den Cacheparametern Ihres Controllers vor, verwenden Sie absturzkonsistente Hardware mit Unterstützung von
erzwungenem Einheitenzugriff, und/oder ersetzen Sie fehlerhafte Hardware.
System errors:
=============
Error: (04/25/2015 04:58:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Kaspersky Security Scan Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (04/25/2015 02:44:20 AM) (Source: DCOM) (EventID: 10010) (User: RUSLANBOGUN)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
Error: (04/25/2015 02:44:20 AM) (Source: DCOM) (EventID: 10010) (User: RUSLANBOGUN)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
Error: (04/24/2015 08:47:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (04/24/2015 07:09:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (04/24/2015 07:08:50 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 24.04.2015 um 18:41:47 unerwartet heruntergefahren.
Error: (04/24/2015 07:00:18 PM) (Source: volsnap) (EventID: 67) (User: )
Description: Die Schattenkopie des erstellten Volumes "C:" konnte nicht installiert werden.
Error: (04/24/2015 06:39:54 PM) (Source: volsnap) (EventID: 67) (User: )
Description: Die Schattenkopie des erstellten Volumes "C:" konnte nicht installiert werden.
Error: (04/22/2015 10:00:58 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80240055 fehlgeschlagen: Update für Windows 8.1 für x64-Systeme (KB3000850)
Error: (04/22/2015 08:48:00 PM) (Source: DCOM) (EventID: 10010) (User: RUSLANBOGUN)
Description: {ED1D0FDF-4414-470A-A56D-CFB68623FC58}
Microsoft Office Sessions:
=========================
Error: (04/25/2015 05:32:00 PM) (Source: ESENT) (EventID: 537) (User: )
Description: svchost1464SRUJet: -3511045395C:\Windows\system32\SRU\SRUDB.dat
Error: (04/25/2015 05:31:00 PM) (Source: ESENT) (EventID: 537) (User: )
Description: svchost1464SRUJet: -3511045395C:\Windows\system32\SRU\SRUDB.dat
Error: (04/25/2015 05:30:00 PM) (Source: ESENT) (EventID: 537) (User: )
Description: svchost1464SRUJet: -3511045395C:\Windows\system32\SRU\SRUDB.dat
Error: (04/25/2015 05:29:00 PM) (Source: ESENT) (EventID: 537) (User: )
Description: svchost1464SRUJet: -3511045395C:\Windows\system32\SRU\SRUDB.dat
Error: (04/25/2015 05:28:00 PM) (Source: ESENT) (EventID: 537) (User: )
Description: svchost1464SRUJet: -3511045395C:\Windows\system32\SRU\SRUDB.dat
Error: (04/25/2015 05:27:00 PM) (Source: ESENT) (EventID: 537) (User: )
Description: svchost1464SRUJet: -3511045395C:\Windows\system32\SRU\SRUDB.dat
Error: (04/25/2015 05:26:00 PM) (Source: ESENT) (EventID: 537) (User: )
Description: svchost1464SRUJet: -3511045395C:\Windows\system32\SRU\SRUDB.dat
Error: (04/25/2015 05:25:00 PM) (Source: ESENT) (EventID: 537) (User: )
Description: svchost1464SRUJet: -3511045395C:\Windows\system32\SRU\SRUDB.dat
Error: (04/25/2015 05:24:00 PM) (Source: ESENT) (EventID: 537) (User: )
Description: svchost1464SRUJet: -3511045395C:\Windows\system32\SRU\SRUDB.dat
Error: (04/25/2015 05:23:00 PM) (Source: ESENT) (EventID: 537) (User: )
Description: svchost1464SRUJet: -3511045395C:\Windows\system32\SRU\SRUDB.dat
==================== Memory info ===========================
Processor: Intel(R) Celeron(R) CPU N2930 @ 1.83GHz
Percentage of memory in use: 64%
Total physical RAM: 3986.44 MB
Available physical RAM: 1426.52 MB
Total Pagefile: 8082.44 MB
Available Pagefile: 4844.09 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB
==================== Drives ================================
Drive c: (Boot) (Fixed) (Total:404.05 GB) (Free:269.14 GB) NTFS
Drive d: (Recover) (Fixed) (Total:60 GB) (Free:44.82 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
==================== End Of Log ============================
|
So funktioniert es:
AdwCleaner auf deinen Desktop.
Malwarebytes Anti-Malware 
SecurityCheck und:
