Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Gotut.ru automatisch als Startseite (https://www.trojaner-board.de/165845-gotut-ru-automatisch-startseite.html)

Malwarepro 06.04.2015 16:02
Gotut.ru automatisch als Startseite
 
Hallo,

ich habe ein Problem... Eben hab ich bemerkt, dass im FIrefox die Startseite auf "gotut.ru" geändert wurde. Ich habe die Startseite auf Google geändert, was nichts gebracht hat. Dann habe ich Firefox per Revo Uninstaller deinstalliert. Und dann wuieder Firefox installiert und siehe das, das Problem ist weg.

Jetzt habe ich das Problem, dass die Startseite im Internetexplorer immernoch Gotut.ru ist. Ich habe den Internet Explorer schon zurück gesetzt.

Ich habe schon durchlaufen lassen:

-ADW-Cleaner
-MBAM und MBAR
-ESET-Online Scanner
-JRT

ohne Erfolg


FRST:


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by *** (administrator) on ***-PC on 06-04-2015 17:00:23
Running from C:\Users\***\Desktop
Loaded Profiles: *** (Available profiles: *** & Admin & DefaultAppPool)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avast Software s.r.o.) C:\Program Files (x86)\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avast Software s.r.o.) C:\Program Files (x86)\Avast\avastui.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Avast Software s.r.o.) C:\Program Files (x86)\Avast\avastui.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files (x86)\Avast\AvastUI.exe [5511352 2015-03-23] (Avast Software s.r.o.)
HKU\S-1-5-21-3735647818-3390927355-959790164-1000\...\Run: [BitComet] => "E:\Program Files (x86)\BitComet\BitComet.exe" /tray
HKU\S-1-5-21-3735647818-3390927355-959790164-1000\...\Policies\Explorer: [NoDrives] 0x00000000
HKU\S-1-5-21-3735647818-3390927355-959790164-1000\...\MountPoints2: F - F:\autorun.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\Avast\ashShA64.dll (Avast Software s.r.o.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3735647818-3390927355-959790164-1000\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-3735647818-3390927355-959790164-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
SearchScopes: HKLM -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL =
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> E:\Program Files (x86)\bin\ssv.dll [2015-03-26] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files (x86)\Avast\aswWebRepIE64.dll [2015-03-06] (Avast Software s.r.o.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> E:\Program Files (x86)\bin\jp2ssv.dll [2015-03-26] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files (x86)\Avast\aswWebRepIE.dll [2015-03-06] (Avast Software s.r.o.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{7C735086-CC68-4892-8F0D-0D238A8F11E4}: [NameServer] 95.169.183.219,89.41.60.38

FireFox:
========
FF ProfilePath: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\37ya1iec.default
FF Homepage: google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-17] ()
FF Plugin: @java.com/DTPlugin,version=11.40.2 -> E:\Program Files (x86)\bin\dtplugin\npDeployJava1.dll [2015-03-26] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> E:\Program Files (x86)\bin\plugin2\npjp2.dll [2015-03-26] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-17] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-03-13] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-03-13] (NVIDIA Corporation)
FF Extension: Adblock Plus - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\37ya1iec.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-04-06]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files (x86)\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-03-06]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files (x86)\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-06]
CHR HKLM-x32\...\Chrome\Extension: [iomphmdalfmaifjccmagmllnicjoghhk] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files (x86)\Avast\AvastSvc.exe [343336 2015-03-06] (Avast Software s.r.o.)
S3 AvastVBoxSvc; C:\Program Files (x86)\Avast\ng\vbox\AvastVBoxSVC.exe [4030800 2015-03-06] (Avast Software)
S4 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152328 2015-03-08] (NVIDIA Corporation)
U2 iprip; C:\Windows\System32\iprip.dll [35328 2009-07-14] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
S4 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1878856 2015-03-08] (NVIDIA Corporation)
S4 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [22916936 2015-03-08] (NVIDIA Corporation)
S4 Origin Client Service; E:\Programme\Origin\OriginClientService.exe [1910640 2015-03-09] (Electronic Arts)
S4 Realtek8185; C:\Program Files (x86)\Realtek\RTL8185 Wireless LAN Utility\RtlService.exe [40960 2009-12-07] (Realtek) [File not signed]
S4 SkypeUpdate; E:\Program Files (x86)\Updater\Updater.exe [315488 2015-02-18] (Skype Technologies)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2145080 2014-07-16] (TuneUp Software)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-21] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-03-06] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [88408 2015-03-06] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-03-06] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-03-06] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-03-06] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [441728 2015-03-06] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [136752 2015-03-06] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [268640 2015-03-06] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-04-06] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2015-03-08] (NVIDIA Corporation)
S3 NVSWCFilter; C:\Windows\System32\DRIVERS\nvswcfilter.sys [19616 2014-12-01] (Windows (R) Win 7 DDK provider)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S3 RTL85n64; C:\Windows\System32\DRIVERS\RTL85n64.sys [2061856 2010-03-23] (Realtek Semiconductor Corporation                          )
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-12-16] (TuneUp Software)
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation)
R2 VBoxAswDrv; C:\Program Files (x86)\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-03-06] (Avast Software)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S1 QMUdisk; \??\C:\Program Files (x86)\Tencent\QQPCMgr\10.7.16066.216\QMUdisk64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-06 17:00 - 2015-04-06 17:00 - 00012480 _____ () C:\Users\***\Desktop\FRST.txt
2015-04-06 17:00 - 2015-04-06 12:24 - 02095616 _____ (Farbar) C:\Users\***\Desktop\FRST64.exe
2015-04-06 15:57 - 2015-04-06 15:57 - 02691312 _____ (Thisisu) C:\Users\***\Downloads\JRT.exe
2015-04-06 15:12 - 2015-04-06 15:12 - 02347384 _____ (ESET) C:\Users\***\Downloads\esetsmartinstaller_deu.exe
2015-04-06 14:53 - 2015-04-06 16:57 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-06 14:52 - 2015-04-06 14:52 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\***\Downloads\mbam-setup-2.1.4.1018.exe
2015-04-06 14:52 - 2015-04-06 14:52 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-06 14:52 - 2015-04-06 14:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-06 14:52 - 2015-04-06 14:52 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-06 14:52 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-06 14:52 - 2015-03-17 06:15 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-06 14:52 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-06 14:45 - 2015-04-06 14:45 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-04-06 14:45 - 2015-04-06 14:45 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-04-06 14:45 - 2015-04-06 14:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-06 14:45 - 2015-04-06 14:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-06 14:39 - 2015-04-06 14:39 - 00000076 _____ () C:\Users\***\Documents\hosts.txt
2015-04-06 14:31 - 2015-04-06 14:33 - 00000000 ____D () C:\AdwCleaner
2015-04-06 14:31 - 2015-04-06 14:31 - 02208768 _____ () C:\Users\***\Downloads\AdwCleaner_4.200.exe
2015-04-06 14:29 - 2015-04-06 14:29 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\***\Downloads\revosetup.exe
2015-04-06 14:29 - 2015-04-06 14:29 - 00001264 _____ () C:\Users\***\Desktop\Revo Uninstaller.lnk
2015-04-06 14:18 - 2015-04-06 14:19 - 00031828 _____ () C:\Users\Admin.***-PC\Downloads\Addition.txt
2015-04-06 14:17 - 2015-04-06 14:19 - 00062399 _____ () C:\Users\Admin.***-PC\Downloads\FRST.txt
2015-04-06 14:15 - 2015-04-06 14:15 - 00448512 _____ (OldTimer Tools) C:\Users\Admin.***-PC\Downloads\TFC.exe
2015-04-06 14:03 - 2015-04-06 14:03 - 00000000 __SHD () C:\Users\Admin.***-PC\AppData\Local\EmieUserList
2015-04-06 14:03 - 2015-04-06 14:03 - 00000000 __SHD () C:\Users\Admin.***-PC\AppData\Local\EmieSiteList
2015-04-06 14:03 - 2015-04-06 14:03 - 00000000 __SHD () C:\Users\Admin.***-PC\AppData\Local\EmieBrowserModeList
2015-04-06 13:56 - 2015-04-06 13:56 - 00031401 _____ () C:\ComboFix.txt
2015-04-06 13:35 - 2015-04-06 14:14 - 00000000 ____D () C:\Windows\erdnt
2015-04-06 13:10 - 2015-04-06 13:10 - 00000000 ____D () C:\Users\Admin.***-PC\Documents\Tunngle
2015-04-06 13:10 - 2015-04-06 13:10 - 00000000 ____D () C:\Users\Admin.***-PC\AppData\Roaming\Tunngle
2015-04-06 13:00 - 2015-04-06 13:24 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-04-06 12:51 - 2015-04-06 12:51 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-***-PC-Windows-7-Home-Premium-(64-bit).dat
2015-04-06 12:51 - 2015-04-06 12:51 - 00000000 ____D () C:\RegBackup
2015-04-06 12:41 - 2015-04-06 12:41 - 00000000 ____D () C:\Users\Admin.***-PC\Documents\Dolphin Emulator
2015-04-06 12:28 - 2015-04-06 14:29 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-04-06 12:28 - 2015-04-06 12:28 - 00001264 _____ () C:\Users\Admin.***-PC\Desktop\Revo Uninstaller.lnk
2015-04-06 12:24 - 2015-04-06 17:00 - 00000000 ____D () C:\FRST
2015-04-06 12:24 - 2015-04-06 12:24 - 02095616 _____ (Farbar) C:\Users\Admin.***-PC\Downloads\FRST64.exe
2015-04-06 12:19 - 2015-04-06 12:19 - 00000306 __RSH () C:\Users\Admin.***-PC\ntuser.pol
2015-04-04 05:18 - 2014-05-22 13:22 - 00739328 _____ (LinGon) C:\Users\***\Desktop\WolfensteinTheNewOrder+5Tr-LNG_v1.0.exe
2015-04-03 21:11 - 2015-04-03 21:11 - 00000000 ____D () C:\Windows\SysWOW64\Flash
2015-04-03 21:05 - 2015-04-03 21:05 - 00000000 ____D () C:\ProgramData\KingSoft
2015-04-03 21:03 - 2015-04-03 21:03 - 00000000 ____D () C:\Program Files\Common Files\Tencent
2015-04-03 21:02 - 2015-04-03 21:14 - 00000000 ____D () C:\Program Files (x86)\Application Assistance
2015-04-03 21:02 - 2015-04-03 21:02 - 00087864 _____ (电脑管家) C:\Windows\system32\Drivers\TFsFltX64.sys
2015-04-03 20:50 - 2015-04-03 20:50 - 00026289 _____ () C:\Users\***\Desktop\Dying Light Ultimate Edition (Repack).torrent
2015-04-03 19:10 - 2015-04-03 19:10 - 00000000 _____ () C:\Windows\SysWOW64\Access.dat
2015-04-03 18:57 - 2015-04-03 20:23 - 00000000 ____D () C:\Users\***\AppData\Roaming\Tunngle
2015-04-03 18:57 - 2009-09-16 07:02 - 00031232 _____ (Tunngle.net) C:\Windows\system32\Drivers\tap0901t.sys
2015-04-03 16:45 - 2015-04-03 16:45 - 00000306 __RSH () C:\Users\***\ntuser.pol
2015-04-03 15:52 - 2015-04-03 15:52 - 00000000 ____D () C:\ProgramData\Steam
2015-04-03 15:45 - 2015-04-03 15:45 - 00001231 _____ () C:\Users\Public\Desktop\Wolfenstein The New Order.lnk
2015-04-03 07:26 - 2015-04-06 13:14 - 00002944 _____ () C:\Windows\System32\Tasks\{F6125EE0-652C-4BA0-95E3-8413F1CF0562}
2015-04-03 07:15 - 2015-04-03 07:15 - 00001503 ___RS () C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехplоrеr.lnk
2015-04-03 07:15 - 2015-04-03 07:15 - 00001309 ___RS () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Мozillа Firefoх.lnk
2015-04-03 07:15 - 2015-04-03 07:15 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2015-04-03 07:15 - 2015-04-03 07:15 - 00000000 ____D () C:\Users\***\AppData\Roaming\SPI
2015-04-03 07:15 - 2015-04-03 07:15 - 00000000 ____D () C:\Users\***\AppData\Roaming\Browsers
2015-04-03 05:06 - 2015-04-03 15:46 - 00018895 _____ () C:\Windows\DirectX.log
2015-04-02 16:00 - 2015-04-02 16:00 - 00000000 ____D () C:\Users\***\Tracing
2015-04-02 15:56 - 2015-04-06 12:55 - 00000000 ____D () C:\Program Files (x86)\Skype
2015-04-02 15:56 - 2015-04-02 15:56 - 00002687 _____ () C:\Users\Public\Desktop\Skype.lnk
2015-04-02 15:56 - 2015-04-02 15:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-04-02 15:47 - 2015-04-06 16:14 - 00058408 _____ () C:\Users\***\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-02 12:51 - 2015-04-06 16:55 - 00002053 _____ () C:\Windows\setupact.log
2015-04-02 12:51 - 2015-04-06 16:26 - 00043760 _____ () C:\Windows\PFRO.log
2015-04-02 12:51 - 2015-04-06 13:32 - 00268536 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-02 12:51 - 2015-04-02 12:51 - 00000000 _____ () C:\Windows\setuperr.log
2015-04-02 03:17 - 2015-04-02 03:17 - 00003704 _____ () C:\Windows\System32\Tasks\Java Update Scheduler
2015-03-29 04:38 - 2015-03-29 04:44 - 00000000 ____D () C:\Users\***\Documents\Dolphin Emulator
2015-03-28 23:56 - 2015-04-04 23:34 - 00000000 ____D () C:\Users\***\AppData\Roaming\Skype
2015-03-28 23:56 - 2015-03-28 23:56 - 00000000 ____D () C:\Users\***\AppData\Local\Skype
2015-03-28 23:55 - 2015-04-02 15:56 - 00000000 ____D () C:\ProgramData\Skype
2015-03-28 23:48 - 2015-03-28 23:48 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-03-28 23:48 - 2015-03-28 23:48 - 00000000 ___SD () C:\Windows\system32\GWX
2015-03-28 23:13 - 2015-03-28 23:31 - 00000000 ____D () C:\Users\***\AppData\Local\eMule
2015-03-28 23:13 - 2015-03-28 23:13 - 00000000 ____D () C:\ProgramData\eMule
2015-03-28 17:40 - 2015-03-28 17:40 - 00000000 __SHD () C:\Windows\ftpcache
2015-03-28 04:58 - 2015-03-28 04:58 - 00000222 _____ () C:\Users\***\Desktop\Killing Floor - Toy Master.url
2015-03-27 20:20 - 2015-03-27 20:20 - 00000222 _____ () C:\Users\***\Desktop\Nether.url
2015-03-27 02:03 - 2015-03-27 02:09 - 00001048 _____ () C:\Users\***\Downloads\Wolfenstein_The_New_Order_German_Edition_Full_Uncut_-_x.X.RIDDICK.X.x-4amh16nyg1ql.dlc
2015-03-26 21:37 - 2015-03-26 21:37 - 00000043 _____ () C:\Users\***\Desktop\DL.txt
2015-03-26 10:28 - 2015-03-26 10:31 - 00000000 ____D () C:\Users\***\AppData\Local\Zombie Army Trilogy
2015-03-26 10:26 - 2015-03-13 17:38 - 00622224 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-03-26 10:25 - 2015-03-13 21:41 - 32114888 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-03-26 10:25 - 2015-03-13 21:41 - 25460880 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-03-26 10:25 - 2015-03-13 21:41 - 24775368 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-03-26 10:25 - 2015-03-13 21:41 - 20466376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-03-26 10:25 - 2015-03-13 21:41 - 18580512 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-03-26 10:25 - 2015-03-13 21:41 - 17258024 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-03-26 10:25 - 2015-03-13 21:41 - 13297144 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-03-26 10:25 - 2015-03-13 21:41 - 13210080 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-03-26 10:25 - 2015-03-13 21:41 - 10775080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-03-26 10:25 - 2015-03-13 21:41 - 10715864 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-03-26 10:25 - 2015-03-13 21:41 - 10262160 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-03-26 10:25 - 2015-03-13 21:41 - 03611792 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-03-26 10:25 - 2015-03-13 21:41 - 03249352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-03-26 10:25 - 2015-03-13 21:41 - 01896136 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434788.dll
2015-03-26 10:25 - 2015-03-13 21:41 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434788.dll
2015-03-26 10:25 - 2015-03-13 21:41 - 01540240 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2015-03-26 10:25 - 2015-03-13 21:41 - 00997856 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-03-26 10:25 - 2015-03-13 21:41 - 00970384 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-03-26 10:25 - 2015-03-13 21:41 - 00944784 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-03-26 10:25 - 2015-03-13 21:41 - 00930448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-03-26 10:25 - 2015-03-13 21:41 - 00909512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-03-26 10:25 - 2015-03-13 21:41 - 00878328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-03-26 10:25 - 2015-03-13 21:41 - 00496272 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-03-26 10:25 - 2015-03-13 21:41 - 00400584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-03-26 10:25 - 2015-03-13 21:41 - 00390288 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-03-26 10:25 - 2015-03-13 21:41 - 00354112 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-03-26 10:25 - 2015-03-13 21:41 - 00346824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-03-26 10:25 - 2015-03-13 21:41 - 00306208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-03-26 10:25 - 2015-03-13 21:41 - 00178512 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-03-26 10:25 - 2015-03-13 21:41 - 00164568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-03-26 03:20 - 2015-03-26 03:20 - 00000000 ____D () C:\Users\***\AppData\Local\JDownloader 2.0
2015-03-26 02:15 - 2015-03-26 02:15 - 00000000 ____D () C:\ProgramData\Sun
2015-03-26 02:15 - 2015-03-26 02:14 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-03-26 02:14 - 2015-03-26 02:14 - 00000000 ____D () C:\ProgramData\Oracle
2015-03-26 02:14 - 2015-03-26 02:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-03-26 01:55 - 2015-03-30 18:08 - 00000000 ____D () C:\Users\***\AppData\Roaming\BitComet
2015-03-26 01:40 - 2015-03-26 01:40 - 00002747 _____ () C:\Users\***\Downloads\Wolfenstein.The.New.Order..German.Language.Pack..torrent
2015-03-25 23:31 - 2015-03-25 23:31 - 00000222 _____ () C:\Users\***\Desktop\Zombie Army Trilogy.url
2015-03-25 00:01 - 2015-03-11 06:06 - 00943616 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-03-25 00:01 - 2015-03-11 06:06 - 00760832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-03-25 00:01 - 2015-03-11 06:06 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-03-25 00:01 - 2015-03-11 06:06 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-03-25 00:01 - 2015-03-11 06:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-03-25 00:01 - 2015-03-11 06:05 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-03-25 00:01 - 2015-03-11 06:05 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-03-25 00:01 - 2015-03-11 06:02 - 01107456 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-03-15 12:18 - 2015-03-15 12:18 - 00000000 ____D () C:\Users\***\Documents\Ubisoft
2015-03-15 12:00 - 2015-03-15 12:18 - 00000000 ____D () C:\Users\***\AppData\Local\Ubisoft Game Launcher
2015-03-15 12:00 - 2015-03-15 12:00 - 00001201 _____ () C:\Users\***\Desktop\Uplay.lnk
2015-03-15 12:00 - 2015-03-15 12:00 - 00000000 ____D () C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2015-03-15 12:00 - 2015-03-15 12:00 - 00000000 ____D () C:\Program Files (x86)\Ubisoft
2015-03-15 11:59 - 2015-03-15 12:02 - 00000073 _____ () C:\Users\***\Documents\Blacklist.txt
2015-03-15 08:31 - 2015-03-15 08:31 - 00322827 _____ () C:\Users\***\Documents\ts3_clientui-win64-1407159763-2015-03-15 07_31_08.859375.dmp
2015-03-15 06:11 - 2015-03-18 04:51 - 00000000 ____D () C:\Users\***\AppData\Local\Two Worlds II
2015-03-14 22:06 - 2015-03-14 22:06 - 00001131 _____ () C:\Users\Public\Desktop\Two Worlds II.lnk
2015-03-14 22:06 - 2015-03-14 22:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reality Pump
2015-03-14 16:12 - 2015-03-12 12:59 - 00373864 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService64.dll
2015-03-14 16:12 - 2015-03-12 12:58 - 00326288 _____ (Lavasoft Limited) C:\Windows\SysWOW64\LavasoftTcpService.dll
2015-03-13 19:01 - 2015-03-13 19:01 - 00323219 _____ () C:\Users\***\Documents\ts3_clientui-win64-1407159763-2015-03-13 18_01_25.050781.dmp
2015-03-12 19:41 - 2015-02-03 05:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-12 19:41 - 2015-02-03 05:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-03-12 19:41 - 2015-02-03 05:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-12 19:41 - 2015-02-03 05:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-03-12 19:41 - 2015-02-03 05:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-12 19:41 - 2015-02-03 05:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-12 19:41 - 2015-02-03 05:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-12 19:41 - 2015-02-03 05:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-12 19:41 - 2015-02-03 05:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-12 19:41 - 2015-02-03 05:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-12 19:41 - 2015-02-03 05:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-12 19:41 - 2015-02-03 05:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-12 19:41 - 2015-02-03 05:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-12 19:41 - 2015-02-03 05:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-12 19:41 - 2015-02-03 05:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-12 19:41 - 2015-02-03 05:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-12 19:41 - 2015-02-03 05:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-12 19:41 - 2015-02-03 05:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-12 19:41 - 2015-02-03 05:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-12 19:41 - 2015-02-03 05:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-12 19:41 - 2015-02-03 05:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-12 19:41 - 2015-02-03 05:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-12 19:41 - 2015-02-03 05:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-12 19:41 - 2015-02-03 05:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-12 19:41 - 2015-02-03 05:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-12 19:41 - 2015-02-03 05:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-12 19:41 - 2015-02-03 05:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-12 19:41 - 2015-02-03 05:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-12 19:41 - 2015-02-03 05:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-12 19:41 - 2015-02-03 05:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-12 19:41 - 2015-02-03 05:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-12 19:41 - 2015-02-03 05:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-12 19:41 - 2015-02-03 05:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-12 19:41 - 2015-02-03 05:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-12 19:41 - 2015-02-03 05:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-12 19:41 - 2015-02-03 05:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-12 19:41 - 2015-02-03 05:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-12 19:41 - 2015-02-03 05:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-12 19:41 - 2015-02-03 05:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-12 19:41 - 2015-02-03 05:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-12 19:41 - 2015-02-03 05:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-12 19:41 - 2015-02-03 05:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-12 19:41 - 2015-02-03 05:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-12 19:41 - 2015-02-03 05:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-12 19:41 - 2015-02-03 05:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-12 19:41 - 2015-02-03 05:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-12 19:41 - 2015-02-03 05:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-12 19:41 - 2015-02-03 05:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-12 19:41 - 2015-02-03 05:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-12 19:41 - 2015-02-03 05:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-12 19:41 - 2015-02-03 05:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-12 19:41 - 2015-02-03 05:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-12 19:41 - 2015-02-03 05:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-12 19:41 - 2015-02-03 05:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-12 19:41 - 2015-02-03 05:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-12 19:41 - 2015-02-03 05:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-12 19:41 - 2015-02-03 05:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-03-12 19:41 - 2015-02-03 05:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-03-12 19:41 - 2015-02-03 05:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-03-12 19:41 - 2015-02-03 05:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-03-12 19:41 - 2015-02-03 05:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-03-12 19:41 - 2015-02-03 05:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-03-12 19:41 - 2015-02-03 05:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-03-12 19:41 - 2015-02-03 05:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-03-12 19:41 - 2015-02-03 05:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-03-12 19:41 - 2015-02-03 05:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-03-12 19:41 - 2015-02-03 05:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-03-12 19:41 - 2015-02-03 05:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-03-12 19:41 - 2015-02-03 05:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-03-12 19:41 - 2015-02-03 05:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-03-12 19:41 - 2015-02-03 05:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-03-12 19:41 - 2015-02-03 05:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-03-12 19:41 - 2015-02-03 05:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-03-12 19:41 - 2015-02-03 05:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-03-12 19:41 - 2015-02-03 05:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-03-12 19:41 - 2015-02-03 05:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-03-12 19:41 - 2015-02-03 05:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-03-12 19:41 - 2015-02-03 05:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-03-12 19:41 - 2015-02-03 05:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-03-12 19:41 - 2015-02-03 05:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-03-12 19:41 - 2015-02-03 05:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-03-12 19:41 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-03-12 19:41 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-03-12 19:41 - 2015-02-03 05:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-03-12 19:41 - 2015-02-03 05:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-03-12 19:41 - 2015-02-03 05:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-03-12 19:41 - 2015-02-03 05:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-03-12 19:41 - 2015-02-03 05:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-03-12 19:41 - 2015-02-03 04:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-12 19:41 - 2014-11-01 00:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-12 19:41 - 2014-06-28 02:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-03-12 19:41 - 2014-06-28 02:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-03-12 19:40 - 2015-02-24 05:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-12 19:40 - 2015-02-24 04:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-03-12 19:40 - 2015-02-21 03:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-12 19:40 - 2015-02-21 02:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-12 19:40 - 2015-02-21 02:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-12 19:40 - 2015-02-21 02:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-12 19:40 - 2015-02-21 02:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-12 19:40 - 2015-02-21 01:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-12 19:40 - 2015-02-21 01:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-12 19:40 - 2015-02-20 05:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-12 19:40 - 2015-02-20 05:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-12 19:40 - 2015-02-20 04:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-12 19:40 - 2015-02-20 04:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-12 19:40 - 2015-02-20 04:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-12 19:40 - 2015-02-20 04:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-12 19:40 - 2015-02-20 04:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-12 19:40 - 2015-02-20 04:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-12 19:40 - 2015-02-20 04:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-12 19:40 - 2015-02-20 04:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-12 19:40 - 2015-02-20 04:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-12 19:40 - 2015-02-20 04:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-12 19:40 - 2015-02-20 04:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-12 19:40 - 2015-02-20 04:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-12 19:40 - 2015-02-20 04:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-12 19:40 - 2015-02-20 04:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-12 19:40 - 2015-02-20 04:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-12 19:40 - 2015-02-20 04:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-12 19:40 - 2015-02-20 04:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-12 19:40 - 2015-02-20 04:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-12 19:40 - 2015-02-20 04:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-03-12 19:40 - 2015-02-20 04:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-03-12 19:40 - 2015-02-20 04:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-12 19:40 - 2015-02-20 04:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-12 19:40 - 2015-02-20 04:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-12 19:40 - 2015-02-20 04:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-12 19:40 - 2015-02-20 04:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-03-12 19:40 - 2015-02-20 03:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-03-12 19:40 - 2015-02-20 03:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-03-12 19:40 - 2015-02-20 03:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-03-12 19:40 - 2015-02-20 03:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-12 19:40 - 2015-02-20 03:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-12 19:40 - 2015-02-20 03:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-12 19:40 - 2015-02-20 03:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-12 19:40 - 2015-02-20 03:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-12 19:40 - 2015-02-20 03:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-12 19:40 - 2015-02-20 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-03-12 19:40 - 2015-02-20 03:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-12 19:40 - 2015-02-20 03:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-12 19:40 - 2015-02-20 03:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-12 19:40 - 2015-02-20 03:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-12 19:40 - 2015-02-20 03:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-03-12 19:40 - 2015-02-20 03:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-12 19:40 - 2015-02-20 03:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-12 19:40 - 2015-02-20 03:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-12 19:40 - 2015-02-20 02:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-12 19:40 - 2015-02-20 02:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-12 19:20 - 2015-03-12 19:20 - 00000000 ____D () C:\Users\***\Documents\EA Games
2015-03-12 19:20 - 2015-03-12 19:20 - 00000000 ____D () C:\Users\***\AppData\Local\EA Games
2015-03-12 17:18 - 2015-02-13 07:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-12 17:18 - 2015-02-13 07:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-12 17:06 - 2015-02-20 06:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-12 17:06 - 2015-02-20 06:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-12 17:06 - 2015-02-20 06:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-12 17:06 - 2015-02-20 06:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-12 17:06 - 2015-02-20 06:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-12 17:06 - 2015-02-20 06:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-12 17:06 - 2015-02-20 06:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-12 17:06 - 2015-02-20 06:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-12 17:06 - 2015-02-20 05:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-12 17:06 - 2015-02-20 05:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-12 16:59 - 2015-01-31 05:48 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-03-12 16:59 - 2015-01-31 05:48 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-03-12 16:59 - 2015-01-31 01:56 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-03-12 16:53 - 2015-02-03 05:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-12 16:53 - 2015-02-03 05:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-12 16:48 - 2015-03-06 07:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-12 16:48 - 2015-03-06 07:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-12 16:48 - 2015-03-06 07:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-12 16:48 - 2015-03-06 07:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-12 16:48 - 2015-03-06 07:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-12 16:48 - 2015-03-06 07:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-03-12 16:48 - 2015-03-06 07:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-03-12 16:48 - 2015-03-06 07:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-12 16:48 - 2015-01-31 01:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-12 16:47 - 2015-03-06 07:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-12 16:47 - 2015-03-06 07:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-12 16:47 - 2015-03-06 07:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-12 16:47 - 2015-03-06 07:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-12 16:47 - 2015-03-06 07:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-12 16:47 - 2015-03-06 07:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-12 16:47 - 2015-03-06 07:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-12 16:47 - 2015-03-06 07:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-12 16:47 - 2015-03-06 07:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-12 16:47 - 2015-03-06 07:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-12 16:47 - 2015-03-06 07:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-12 16:47 - 2015-03-06 07:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-12 16:47 - 2015-03-06 07:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-12 16:47 - 2015-03-06 07:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-03-12 16:47 - 2015-03-06 07:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-03-12 16:47 - 2015-03-06 07:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-03-12 16:47 - 2015-03-06 07:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-12 16:47 - 2015-03-06 07:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-03-12 16:47 - 2015-03-06 07:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-12 16:47 - 2015-03-06 07:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-03-12 16:47 - 2015-03-06 07:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-03-12 16:47 - 2015-03-06 07:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-03-12 16:47 - 2015-03-06 07:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-12 16:39 - 2015-02-03 05:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-12 16:39 - 2015-02-03 05:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-12 16:39 - 2015-01-17 04:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-12 16:39 - 2015-01-17 04:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-12 16:36 - 2015-02-26 05:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-12 16:31 - 2015-02-04 05:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-12 16:31 - 2015-02-04 04:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-10 02:46 - 2015-03-10 02:46 - 00000871 _____ () C:\Users\Public\Desktop\Dead Space 3.lnk
2015-03-09 20:39 - 2015-03-09 20:39 - 00000019 _____ () C:\Users\***\Documents\PaysafeCard2.txt
2015-03-09 20:29 - 2015-03-09 20:29 - 00000027 _____ () C:\Users\***\Documents\Dead Space 3.txt
2015-03-09 18:45 - 2015-03-09 23:42 - 00000000 ____D () C:\Users\***\AppData\Roaming\Origin
2015-03-09 18:45 - 2015-03-09 18:57 - 00000000 ____D () C:\Users\***\AppData\Local\Origin
2015-03-09 18:41 - 2015-03-19 00:25 - 00000000 ____D () C:\ProgramData\Origin
2015-03-09 18:41 - 2015-03-12 19:20 - 00000000 ____D () C:\ProgramData\Electronic Arts
2015-03-09 18:41 - 2015-03-09 18:41 - 00000642 _____ () C:\Users\Public\Desktop\Origin.lnk
2015-03-09 16:26 - 2015-03-09 16:26 - 00000222 _____ () C:\Users\***\Desktop\Tom Clancy's Splinter Cell Blacklist.url
2015-03-07 09:06 - 2015-03-07 09:06 - 00000000 ____D () C:\Users\***\AppData\Roaming\dvdcss
2015-03-07 08:38 - 2015-03-07 08:38 - 00000000 ____D () C:\Program Files\VideoLAN
2015-03-07 07:29 - 2015-03-07 07:32 - 00000000 ____D () C:\Users\***\AppData\Roaming\Apple Computer
2015-03-07 07:29 - 2015-03-07 07:29 - 00000000 ____D () C:\Users\***\AppData\Local\Apple Computer
2015-03-07 07:28 - 2015-03-14 21:40 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-03-07 07:28 - 2015-03-07 07:28 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
2015-03-07 07:28 - 2015-03-07 07:28 - 00000000 ____D () C:\ProgramData\Apple Computer
2015-03-07 07:27 - 2015-03-07 07:27 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-03-07 07:27 - 2015-03-07 07:27 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2015-03-07 06:47 - 2015-03-07 12:23 - 00000000 ____D () C:\Users\***\AppData\Roaming\BitTorrent

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-06 17:00 - 2015-01-15 19:20 - 01943969 _____ () C:\Windows\WindowsUpdate.log
2015-04-06 16:57 - 2015-01-21 00:57 - 00000437 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2015-04-06 16:56 - 2015-01-21 01:56 - 00004164 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-04-06 16:55 - 2015-01-21 23:02 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2015-04-06 16:55 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-06 16:35 - 2009-07-14 06:45 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-06 16:35 - 2009-07-14 06:45 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-06 16:31 - 2011-04-12 09:43 - 00769348 _____ () C:\Windows\system32\perfh007.dat
2015-04-06 16:31 - 2011-04-12 09:43 - 00173666 _____ () C:\Windows\system32\perfc007.dat
2015-04-06 16:31 - 2009-07-14 07:13 - 01794928 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-06 16:07 - 2015-02-18 00:15 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-06 15:58 - 2015-01-16 23:01 - 00000000 ____D () C:\Users\***\Desktop\Eigene Dateien
2015-04-06 14:52 - 2015-03-01 17:07 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-06 14:30 - 2012-07-30 17:31 - 00000000 ____D () C:\Users\***\Desktop\GameZ
2015-04-06 13:56 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2015-04-06 13:51 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2015-04-06 13:21 - 2015-01-20 23:12 - 00000000 ____D () C:\Users\Admin.***-PC\AppData\Local\VirtualStore
2015-04-06 12:35 - 2015-01-15 22:58 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-06 12:25 - 2015-02-05 16:22 - 00058792 _____ () C:\Users\Admin.***-PC\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-06 12:19 - 2015-01-20 23:12 - 00000000 ____D () C:\Users\Admin.***-PC
2015-04-05 04:02 - 2015-01-17 00:50 - 00000000 ____D () C:\Users\***\AppData\Roaming\TS3Client
2015-04-05 01:35 - 2015-01-15 19:32 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-04-03 21:22 - 2015-01-15 19:21 - 00001421 ____H () C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-04-03 21:03 - 2015-01-15 19:21 - 00000000 ____D () C:\Users\***\AppData\Local\VirtualStore
2015-04-03 16:45 - 2015-01-15 19:21 - 00000000 ____D () C:\Users\***
2015-04-03 07:15 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\GroupPolicy
2015-04-02 03:14 - 2015-01-17 04:34 - 00000000 ____D () C:\Windows\Minidump
2015-04-02 03:14 - 2015-01-15 19:11 - 00000000 ____D () C:\Windows\Panther
2015-03-28 23:42 - 2011-03-07 13:10 - 00000000 ____D () C:\Users\***\Desktop\JDownloader
2015-03-28 22:14 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-28 18:50 - 2015-01-16 23:50 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-03-28 18:49 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-03-27 22:56 - 2012-07-27 01:09 - 00000000 ____D () C:\Users\***\Documents\My Games
2015-03-26 10:27 - 2015-01-21 01:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-03-26 10:26 - 2015-01-15 20:18 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-03-25 15:06 - 2015-01-23 02:08 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-03-25 15:06 - 2015-01-23 02:08 - 00000000 ____D () C:\Windows\system32\appraiser
2015-03-24 23:53 - 2015-01-21 01:52 - 00000000 ____D () C:\Program Files (x86)\Avast
2015-03-17 12:09 - 2015-02-18 00:15 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-03-17 12:09 - 2015-02-18 00:15 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-17 12:09 - 2015-02-18 00:15 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-03-17 12:09 - 2015-02-18 00:14 - 00000000 ____D () C:\Users\***\AppData\Local\Adobe
2015-03-14 21:39 - 2015-01-22 20:25 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-03-14 18:56 - 2015-02-09 22:47 - 00008036 _____ () C:\Users\***\Documents\TombRaider.log
2015-03-14 11:52 - 2015-01-21 01:28 - 00001377 _____ () C:\Users\Public\Desktop\GeForce Experience.lnk
2015-03-13 21:41 - 2015-02-11 09:25 - 16022016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-03-13 21:41 - 2015-01-21 19:16 - 02906928 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-03-13 21:41 - 2015-01-21 01:26 - 00073872 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-03-13 21:41 - 2015-01-21 01:26 - 00060560 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-03-13 21:41 - 2015-01-21 01:25 - 03303448 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-03-13 21:41 - 2015-01-21 01:25 - 00027441 _____ () C:\Windows\system32\nvinfo.pb
2015-03-13 21:41 - 2015-01-21 01:24 - 14121624 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-03-13 18:34 - 2009-07-14 07:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-03-13 18:16 - 2015-01-21 01:26 - 06861968 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-03-13 18:16 - 2015-01-21 01:26 - 03526856 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-03-13 18:16 - 2015-01-21 01:26 - 02559808 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-03-13 18:16 - 2015-01-21 01:26 - 00935056 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-03-13 18:16 - 2015-01-21 01:26 - 00386248 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-03-13 18:16 - 2015-01-21 01:26 - 00062608 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-03-13 12:06 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-03-13 11:24 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-13 11:24 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-13 11:04 - 2015-01-16 01:03 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-13 11:01 - 2015-01-21 04:03 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-11 15:10 - 2015-01-21 01:26 - 04246327 _____ () C:\Windows\system32\nvcoproc.bin
2015-03-09 20:00 - 2015-01-17 11:07 - 00000000 ____D () C:\Users\***\Documents\Lords of the Fallen
2015-03-08 14:39 - 2015-01-21 19:11 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-03-08 14:39 - 2015-01-15 22:59 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-03-08 14:38 - 2015-01-21 19:11 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-03-08 14:38 - 2015-01-21 19:11 - 01568488 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-03-07 04:50 - 2015-02-20 03:10 - 00000000 ____D () C:\ProgramData\{95CF7D0C-C54D-AC8A-74CB-DC08A4490F86}
2015-03-07 04:50 - 2015-02-20 02:57 - 00000000 ____D () C:\ProgramData\{8ef7a0d6-038f-3454-8ef7-7a0d60388358}

==================== Files in the root of some directories =======

2015-02-21 17:05 - 2015-03-01 16:31 - 0000106 _____ () C:\Users\***\AppData\Roaming\WB.CFG
2015-02-23 15:26 - 2015-02-23 15:26 - 0274045 _____ () C:\Users\***\AppData\Local\dsi1.dat
2015-02-23 15:26 - 2015-02-23 15:26 - 0161916 _____ () C:\Users\***\AppData\Local\dsi2.dat

Some content of TEMP:
====================
C:\Users\***\AppData\Local\temp\Quarantine.exe
C:\Users\***\AppData\Local\temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-04 10:07

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---


Addition:

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by *** at 2015-04-06 17:01:06
Running from C:\Users\***\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Apple Application Support (32-Bit) (HKLM-x32\...\{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}) (Version: 3.1.1 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{28791292-D18D-42FA-AE66-3D3D20AA8618}) (Version: 3.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5ED7462B-EF58-4757-B609-53755021EC34}) (Version: 8.1.0.18 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2214 - AVAST Software)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version:  - Gearbox Software)
Dark Souls: Prepare to Die Edition (HKLM-x32\...\Steam App 211420) (Version:  - FromSoftware)
DARK SOULS™ II (HKLM-x32\...\Steam App 236430) (Version:  - FromSoftware, Inc)
Dead Space™ 3 (HKLM-x32\...\{D4329609-4102-4F8C-B83F-7FE024EEA314}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Defiance (HKLM-x32\...\Steam App 224600) (Version:  - Trion Worlds, Inc.)
Dying Light (HKLM-x32\...\Steam App 239140) (Version:  - Techland)
Evolve (HKLM-x32\...\Steam App 273350) (Version:  - Turtle Rock Studios)
Java 8 Update 40 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418040F0}) (Version: 8.0.400 - Oracle Corporation)
Killing Floor - Toy Master (HKLM-x32\...\Steam App 326960) (Version:  - David Hensley)
Killing Floor (HKLM-x32\...\Steam App 1250) (Version:  - Tripwire Interactive)
Lords Of The Fallen (HKLM-x32\...\Steam App 265300) (Version:  - CI Games)
Malwarebytes Anti-Malware Version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Firefox 37.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 37.0.1 (x86 de)) (Version: 37.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 37.0.1 - Mozilla)
Nether (HKLM-x32\...\Steam App 247730) (Version:  - Phosphor Games)
NVIDIA 3D Vision Controller-Treiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 347.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.88 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.4.0.9 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.0.9 - NVIDIA Corporation)
NVIDIA Grafiktreiber 347.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.88 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.5.5.2850 - Electronic Arts, Inc.)
REALTEK RTL8185 Wireless LAN Software (HKLM-x32\...\{EF72E0A5-57E8-471F-837E-82BB19771363}) (Version: 1.00.0145 - )
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
SHIELD Streaming (Version: 4.0.200 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.4.0.9 - NVIDIA Corporation) Hidden
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
Sniper Elite V2 (HKLM-x32\...\Steam App 63380) (Version:  - Rebellion)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Tom Clancy's Splinter Cell Blacklist (HKLM-x32\...\Steam App 235600) (Version:  - Ubisoft Toronto)
TuneUp Utilities 2014 (de-DE) (x32 Version: 14.0.1000.340 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM-x32\...\TuneUp Utilities) (Version: 14.0.1000.340 - TuneUp Software)
TuneUp Utilities 2014 (x32 Version: 14.0.1000.340 - TuneUp Software) Hidden
Two Worlds II (HKLM-x32\...\Two Worlds II) (Version: 1.3.0.0 - )
Uplay (HKLM-x32\...\Uplay) (Version: 3.0 - Ubisoft)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
WinRAR 5.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
Wolfenstein: The New Order (HKLM-x32\...\V29sZmVuc3RlaW5UaGVOZXdPcmRlcg==_is1) (Version: 1 - )
Zombie Army Trilogy (HKLM-x32\...\Steam App 301640) (Version:  - Rebellion)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

ATTENTION: System Restore is disabled.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2015-04-06 16:44 - 00001038 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost
127.0.0.1      www.gamecopyworld.com
127.0.0.1      gamecopyworld.com
127.0.0.1      www.adf.ly
127.0.0.1      adf.ly
127.0.0.1      www.megagames.com
127.0.0.1      megagames.com
127.0.0.1      www.gameburnworld.com
127.0.0.1      gameburnworld.com
127.0.0.1      www.keygen.us
127.0.0.1      keygen.us
127.0.0.1      www.cheatengine.com
127.0.0.1      cheatengine.com
127.0.0.1      www.chip.de/downloads/Cheat-Engine_36914860.html
127.0.0.1      chip.de/downloads/Cheat-Engine_36914860.html
127.0.0.1      www.easycracks.net
127.0.0.1      easycracks.net
127.0.0.1      www.icracks.net
127.0.0.1      icracks.net
127.0.0.1      www.hackingstore.de
127.0.0.1      hackingstore.de
127.0.0.1      www.uploaded.net
127.0.0.1      uploaded.net
127.0.0.1      www.google.de/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&sqi=2&ved=0CCEQFjAA&url=http%3A%2F%2Fwww.cheatengine.org%2F&ei=YZsiVdK1KcXvarLCgdgM&usg=AFQjCNHQnjZYAWqwgB9Q9NKo4ZDjT7EiZg&bvm=bv.89947451,d.d2s&cad=rja


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {2254FFCC-E9CE-40E0-B170-E69FAD4202BB} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {3C74F8CF-B333-4009-8298-2BA740C21308} - System32\Tasks\{F6125EE0-652C-4BA0-95E3-8413F1CF0562} => C:\Program Files\Dolphin\Dolphin.exe
Task: {64177F5F-2A25-435B-904A-1811342F74CB} - System32\Tasks\{781F2E30-750B-447F-A84F-A1A472513AE8} => C:\Users\***\Downloads\GeForce_Experience_v2.1.5.0.exe
Task: {66DBD1DD-85AE-49F8-882B-6E5C797E9DB5} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-03-07] (Oracle Corporation)
Task: {985C41C0-E7CB-4844-AAD0-926FA76B8F0E} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {B2E29B1B-2015-418E-B5D5-9CEC9E3BF4F8} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {B575C299-B9AF-4D0D-A9E4-F18191E17283} - System32\Tasks\{FFF4FC1B-DF2F-49C3-903A-8E99C449AB3E} => C:\Users\***\Downloads\OCTuner(v2.4.86)\OCTuner(v2.4.86)\OCTuner(v2.4.86).exe
Task: {CFAA315F-F2BC-441A-BC39-C496B7AB8F1B} - System32\Tasks\avast! Emergency Update => C:\Program Files (x86)\Avast\AvastEmUpdate.exe [2015-03-06] (Avast Software s.r.o.)
Task: {D24F1247-45AF-4B00-A749-75FFE7017223} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2014\OneClick.exe [2014-07-16] (TuneUp Software)
Task: {D785FF1D-F473-4E7F-A776-AD9B59BA85CD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {DD6E3118-5179-4537-8383-1C07E9F52CBD} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {E169142C-72D7-436A-9656-162216867DF1} - System32\Tasks\{88EDF6DA-73B5-45F5-A33B-E2C04F98D406} => C:\Users\***\Downloads\GeForce_Experience_v2.1.5.0.exe
Task: {E7882289-A07C-4E6D-8FAA-C5AFAA1E3568} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-17] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) ==============

2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-07-16 10:24 - 2014-07-16 10:24 - 00699704 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\avgrepliba.dll
2015-03-06 16:31 - 2015-03-06 16:31 - 00104400 _____ () C:\Program Files (x86)\Avast\log.dll
2015-03-06 16:31 - 2015-03-06 16:31 - 00081728 _____ () C:\Program Files (x86)\Avast\JsonRpcServer.dll
2015-04-06 12:20 - 2015-04-06 12:20 - 02923520 _____ () C:\Program Files (x86)\Avast\defs\15040600\algo.dll
2015-03-06 16:31 - 2015-03-06 16:31 - 40540672 _____ () C:\Program Files (x86)\Avast\libcef.dll
2015-03-06 16:31 - 2015-03-06 16:31 - 01359872 _____ () C:\Program Files (x86)\Avast\libglesv2.dll
2015-03-06 16:31 - 2015-03-06 16:31 - 00212992 _____ () C:\Program Files (x86)\Avast\libegl.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3735647818-3390927355-959790164-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 95.169.183.219 - 89.41.60.38

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: ehRecvr => 3
MSCONFIG\Services: ehSched => 3
MSCONFIG\Services: EventSystem => 2
MSCONFIG\Services: Fax => 3
MSCONFIG\Services: GfExperienceService => 2
MSCONFIG\Services: IEEtwCollectorService => 3
MSCONFIG\Services: NvNetworkService => 2
MSCONFIG\Services: NvStreamSvc => 2
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: Origin Client Service => 3
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: Stereo Service => 2
MSCONFIG\Services: WPCSvc => 3
MSCONFIG\Services: xyhigysy => 2
MSCONFIG\startupreg: FAHConsole => C:\Program Files\File Association Helper\FAHConsole.exe                                                                                                                                                                                                                 
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: ShadowPlay => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart

==================== Accounts: =============================

Admin (S-1-5-21-3735647818-3390927355-959790164-1003 - Administrator - Enabled) => C:\Users\Admin.***-PC
Administrator (S-1-5-21-3735647818-3390927355-959790164-500 - Administrator - Disabled)
*** (S-1-5-21-3735647818-3390927355-959790164-1000 - Administrator - Enabled) => C:\Users\***
Gast (S-1-5-21-3735647818-3390927355-959790164-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3735647818-3390927355-959790164-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: Realtek 8185 Extensible 802.11b/g Wireless Device
Description: Realtek 8185 Extensible 802.11b/g Wireless Device
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek Semiconductor Corp
Service: RTL85n64
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: High Definition Audio-Gerät
Description: High Definition Audio-Gerät
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: HdAudAddService
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: tencent QMUdisk
Description: tencent QMUdisk
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: QMUdisk
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/06/2015 05:01:08 PM) (Source: VSS) (EventID: 12292) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Erstellen der Schattenkopieanbieter-COM-Klasse mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
] ist ein Fehler aufgetreten.


Vorgang:
  Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
  Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
  Schattenkopien abfragen

Kontext:
  Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
  Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
  Snapshotkontext: 13
  Snapshotkontext: 13
  Ausführungskontext: Coordinator

Error: (04/06/2015 05:01:07 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} und dem Namen "SW_PROV" kann nicht gestartet werden. [0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
]


Vorgang:
  Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
  Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
  Schattenkopien abfragen

Kontext:
  Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
  Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
  Snapshotkontext: 13
  Snapshotkontext: 13
  Ausführungskontext: Coordinator

Error: (04/06/2015 05:01:08 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
.


Vorgang:
  Generator wird abonniert

Kontext:
  Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
  Generatorname: Shadow Copy Optimization Writer
  Generatorinstanz-ID: {d352e65b-125a-4eeb-8de5-3d294f70a4d3}

Error: (04/06/2015 05:01:08 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} und dem Namen "CEventSystem" kann nicht gestartet werden. [0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
]


Vorgang:
  Generator wird abonniert

Kontext:
  Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
  Generatorname: Shadow Copy Optimization Writer
  Generatorinstanz-ID: {d352e65b-125a-4eeb-8de5-3d294f70a4d3}

Error: (04/06/2015 05:01:08 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
.


Vorgang:
  Generator wird abonniert

Kontext:
  Generatorklassen-ID: {be000cbe-11fe-4426-9c58-531aa6355fc4}
  Generatorname: ASR Writer
  Generatorinstanz-ID: {5973a397-d3e9-40e3-8696-1f3616d9b9d4}

Error: (04/06/2015 05:01:08 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} und dem Namen "CEventSystem" kann nicht gestartet werden. [0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
]


Vorgang:
  Generator wird abonniert

Kontext:
  Generatorklassen-ID: {be000cbe-11fe-4426-9c58-531aa6355fc4}
  Generatorname: ASR Writer
  Generatorinstanz-ID: {5973a397-d3e9-40e3-8696-1f3616d9b9d4}

Error: (04/06/2015 05:01:08 PM) (Source: VSS) (EventID: 12346) (User: )
Description: Volumeschattenkopie-Fehler: Beim Initialisieren des Registrierungs-Generators ist ein Fehler "0x80042302, Unerwarteter Fehler bei einer Komponente des Volumeschattenkopie-Diensts.
Weitere Informationen finden Sie im Anwendungsereignisprotokoll.
"
aufgetreten. Dies kann dazu führen, dass keine Schattenkopien mehr erstellt werden können.

Error: (04/06/2015 05:01:08 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
.


Vorgang:
  Generator wird abonniert

Kontext:
  Generatorklassen-ID: {542da469-d3e1-473c-9f4f-7847f01fc64f}
  Generatorname: COM+ REGDB Writer
  Generatorinstanz-ID: {6752c8c4-70cd-4a84-a982-cc9c11a48019}

Error: (04/06/2015 05:01:08 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} und dem Namen "CEventSystem" kann nicht gestartet werden. [0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
]


Vorgang:
  Generator wird abonniert

Kontext:
  Generatorklassen-ID: {542da469-d3e1-473c-9f4f-7847f01fc64f}
  Generatorname: COM+ REGDB Writer
  Generatorinstanz-ID: {6752c8c4-70cd-4a84-a982-cc9c11a48019}

Error: (04/06/2015 05:01:07 PM) (Source: VSS) (EventID: 12342) (User: )
Description: Volumeschattenkopie-Fehler: Beim Initialisieren des Registrierungs-Generators ist ein Fehler "0x80042302, Unerwarteter Fehler bei einer Komponente des Volumeschattenkopie-Diensts.
Weitere Informationen finden Sie im Anwendungsereignisprotokoll.
"
aufgetreten. Dies kann dazu führen, dass keine Schattenkopien mehr erstellt werden können.


System errors:
=============
Error: (04/06/2015 04:57:42 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "UPnP-Gerätehost" ist vom Dienst "SSDP-Suche" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058

Error: (04/06/2015 04:57:42 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "UPnP-Gerätehost" ist vom Dienst "SSDP-Suche" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058

Error: (04/06/2015 04:57:42 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422

Error: (04/06/2015 04:57:39 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Intelligenter Hintergrundübertragungsdienst" ist vom Dienst "COM+-Ereignissystem" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058

Error: (04/06/2015 04:57:39 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Intelligenter Hintergrundübertragungsdienst" ist vom Dienst "COM+-Ereignissystem" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058

Error: (04/06/2015 04:57:39 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Intelligenter Hintergrundübertragungsdienst" ist vom Dienst "COM+-Ereignissystem" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058

Error: (04/06/2015 04:57:39 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Intelligenter Hintergrundübertragungsdienst" ist vom Dienst "COM+-Ereignissystem" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058

Error: (04/06/2015 04:57:39 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Intelligenter Hintergrundübertragungsdienst" ist vom Dienst "COM+-Ereignissystem" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058

Error: (04/06/2015 04:57:39 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Intelligenter Hintergrundübertragungsdienst" ist vom Dienst "COM+-Ereignissystem" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058

Error: (04/06/2015 04:57:39 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Intelligenter Hintergrundübertragungsdienst" ist vom Dienst "COM+-Ereignissystem" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058


Microsoft Office Sessions:
=========================
Error: (04/06/2015 05:01:08 PM) (Source: VSS) (EventID: 12292) (User: )
Description: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.


Vorgang:
  Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
  Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
  Schattenkopien abfragen

Kontext:
  Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
  Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
  Snapshotkontext: 13
  Snapshotkontext: 13
  Ausführungskontext: Coordinator

Error: (04/06/2015 05:01:07 PM) (Source: VSS) (EventID: 13) (User: )
Description: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}SW_PROV0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.


Vorgang:
  Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
  Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
  Schattenkopien abfragen

Kontext:
  Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
  Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
  Snapshotkontext: 13
  Snapshotkontext: 13
  Ausführungskontext: Coordinator

Error: (04/06/2015 05:01:08 PM) (Source: VSS) (EventID: 8193) (User: )
Description: CoCreateInstance0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.


Vorgang:
  Generator wird abonniert

Kontext:
  Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
  Generatorname: Shadow Copy Optimization Writer
  Generatorinstanz-ID: {d352e65b-125a-4eeb-8de5-3d294f70a4d3}

Error: (04/06/2015 05:01:08 PM) (Source: VSS) (EventID: 13) (User: )
Description: {4e14fba2-2e22-11d1-9964-00c04fbbb345}CEventSystem0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.


Vorgang:
  Generator wird abonniert

Kontext:
  Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
  Generatorname: Shadow Copy Optimization Writer
  Generatorinstanz-ID: {d352e65b-125a-4eeb-8de5-3d294f70a4d3}

Error: (04/06/2015 05:01:08 PM) (Source: VSS) (EventID: 8193) (User: )
Description: CoCreateInstance0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.


Vorgang:
  Generator wird abonniert

Kontext:
  Generatorklassen-ID: {be000cbe-11fe-4426-9c58-531aa6355fc4}
  Generatorname: ASR Writer
  Generatorinstanz-ID: {5973a397-d3e9-40e3-8696-1f3616d9b9d4}

Error: (04/06/2015 05:01:08 PM) (Source: VSS) (EventID: 13) (User: )
Description: {4e14fba2-2e22-11d1-9964-00c04fbbb345}CEventSystem0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.


Vorgang:
  Generator wird abonniert

Kontext:
  Generatorklassen-ID: {be000cbe-11fe-4426-9c58-531aa6355fc4}
  Generatorname: ASR Writer
  Generatorinstanz-ID: {5973a397-d3e9-40e3-8696-1f3616d9b9d4}

Error: (04/06/2015 05:01:08 PM) (Source: VSS) (EventID: 12346) (User: )
Description: 0x80042302, Unerwarteter Fehler bei einer Komponente des Volumeschattenkopie-Diensts.
Weitere Informationen finden Sie im Anwendungsereignisprotokoll.

Error: (04/06/2015 05:01:08 PM) (Source: VSS) (EventID: 8193) (User: )
Description: CoCreateInstance0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.


Vorgang:
  Generator wird abonniert

Kontext:
  Generatorklassen-ID: {542da469-d3e1-473c-9f4f-7847f01fc64f}
  Generatorname: COM+ REGDB Writer
  Generatorinstanz-ID: {6752c8c4-70cd-4a84-a982-cc9c11a48019}

Error: (04/06/2015 05:01:08 PM) (Source: VSS) (EventID: 13) (User: )
Description: {4e14fba2-2e22-11d1-9964-00c04fbbb345}CEventSystem0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.


Vorgang:
  Generator wird abonniert

Kontext:
  Generatorklassen-ID: {542da469-d3e1-473c-9f4f-7847f01fc64f}
  Generatorname: COM+ REGDB Writer
  Generatorinstanz-ID: {6752c8c4-70cd-4a84-a982-cc9c11a48019}

Error: (04/06/2015 05:01:07 PM) (Source: VSS) (EventID: 12342) (User: )
Description: 0x80042302, Unerwarteter Fehler bei einer Komponente des Volumeschattenkopie-Diensts.
Weitere Informationen finden Sie im Anwendungsereignisprotokoll.


==================== Memory info ===========================

Processor: AMD Phenom(tm) II X3 720 Processor
Percentage of memory in use: 40%
Total physical RAM: 4095.3 MB
Available physical RAM: 2440.32 MB
Total Pagefile: 8188.8 MB
Available Pagefile: 6164.56 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:247.82 GB) (Free:19.68 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: () (Fixed) (Total:683.59 GB) (Free:392.78 GB) NTFS
Drive f: (TwoWorldsII) (CDROM) (Total:3.61 GB) (Free:0 GB) CDFS
Drive g: () (Fixed) (Total:931.51 GB) (Free:13.94 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 47526048)
Partition 1: (Not Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=247.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=683.6 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 01FC3AF7)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================
ADW-Cleaner:

Code:
# AdwCleaner v4.200 - Bericht erstellt 06/04/2015 um 14:33:15
# Aktualisiert 29/03/2015 von Xplode
# Datenbank : 2015-03-29.1 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : *** - ***-PC
# Gestarted von : C:\Users\***\Desktop\AdwCleaner_4.200.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\***\AppData\LocalLow\SmartWeb
Ordner Gelöscht : C:\Users\***\AppData\Roaming\InetStat
Ordner Gelöscht : C:\Users\***\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\***\Documents\Optimizer Pro
Datei Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\837msqml.default\user.js

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\Mozilla\Extends
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0b4d26f6-61a8-4463-99dd-5f2fe0400fa6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}
Schlüssel Gelöscht : HKCU\Software\AnyProtect
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\InetStat
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Optimizer Pro
Schlüssel Gelöscht : HKCU\Software\simplytech
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartWeb
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17689


-\\ Mozilla Firefox v37.0.1 (x86 de)

[9oa10267.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.selectedEngine", "Binkiland");
[837msqml.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.searchengine.alias", "istartsurf");
[837msqml.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.searchengine.name", "istartsurf");
[837msqml.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.quick_start.enable_search1", false);
[837msqml.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);
[i0q5f0lm.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.selectedEngine", "Binkiland");

*************************

AdwCleaner[R2].txt - [4145 Bytes] - [06/04/2015 14:31:52]
AdwCleaner[S2].txt - [3029 Bytes] - [06/04/2015 14:33:15]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [3088  Bytes] ##########
JRT

Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.5.2 (04.06.2015:1)
OS: Windows 7 Home Premium x64
Ran by *** on 06.04.2015 at 15:57:59,67
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\***\AppData\Roaming\tencent"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 06.04.2015 at 16:03:25,18
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Danke für eine schnelle Antwort !

schrauber 06.04.2015 16:23
hi,

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-3735647818-3390927355-959790164-1000\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-3735647818-3390927355-959790164-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
SearchScopes: HKLM -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL =
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Tcpip\..\Interfaces\{7C735086-CC68-4892-8F0D-0D238A8F11E4}: [NameServer] 95.169.183.219,89.41.60.38
CHR HKLM-x32\...\Chrome\Extension: [iomphmdalfmaifjccmagmllnicjoghhk] - https://clients2.google.com/service/update2/crx
Hosts:
Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


Malwarepro 06.04.2015 16:30
Hi,

schnelle Antwort :)


Problem besteht noch...


FIXLOG:

Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by *** at 2015-04-06 17:24:41 Run:2
Running from C:\Users\***\Desktop
Loaded Profiles: *** (Available profiles: *** & Admin & DefaultAppPool)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-3735647818-3390927355-959790164-1000\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-3735647818-3390927355-959790164-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
SearchScopes: HKLM -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL =
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Tcpip\..\Interfaces\{7C735086-CC68-4892-8F0D-0D238A8F11E4}: [NameServer] 95.169.183.219,89.41.60.38
CHR HKLM-x32\...\Chrome\Extension: [iomphmdalfmaifjccmagmllnicjoghhk] - https://clients2.google.com/service/update2/crx
Hosts:
Emptytemp:
     
*****************

C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKU\S-1-5-21-3735647818-3390927355-959790164-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKU\S-1-5-21-3735647818-3390927355-959790164-1000\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0b4d26f6-61a8-4463-99dd-5f2fe0400fa6}" => Key deleted successfully.
HKCR\CLSID\{0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} => Key not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7C735086-CC68-4892-8F0D-0D238A8F11E4}\\NameServer => value deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\iomphmdalfmaifjccmagmllnicjoghhk" => Key deleted successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 88.1 MB temporary data.


The system needed a reboot.

==== End of Fixlog 17:24:51 ====

schrauber 07.04.2015 11:11
Nur im IE? Du hast ihn komplett zurückgesetzt? Frisches FRST log bitte.

Malwarepro 07.04.2015 15:30
Hi,

ja nur im IE habe komplett zurückgesezt.

FRST:


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by *** (administrator) on ***-PC on 07-04-2015 16:29:41
Running from C:\Users\***\Desktop
Loaded Profiles: *** (Available profiles: *** & Admin & DefaultAppPool)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avast Software s.r.o.) C:\Program Files (x86)\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Avast Software s.r.o.) C:\Program Files (x86)\Avast\avastui.exe
(Avast Software s.r.o.) C:\Program Files (x86)\Avast\avastui.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files (x86)\Avast\AvastUI.exe [5511352 2015-03-23] (Avast Software s.r.o.)
HKU\S-1-5-21-3735647818-3390927355-959790164-1000\...\Run: [BitComet] => "E:\Program Files (x86)\BitComet\BitComet.exe" /tray
HKU\S-1-5-21-3735647818-3390927355-959790164-1000\...\Policies\Explorer: [NoDrives] 0x00000000
HKU\S-1-5-21-3735647818-3390927355-959790164-1000\...\MountPoints2: F - F:\autorun.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\Avast\ashShA64.dll (Avast Software s.r.o.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> E:\Program Files (x86)\bin\ssv.dll [2015-03-26] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files (x86)\Avast\aswWebRepIE64.dll [2015-03-06] (Avast Software s.r.o.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> E:\Program Files (x86)\bin\jp2ssv.dll [2015-03-26] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files (x86)\Avast\aswWebRepIE.dll [2015-03-06] (Avast Software s.r.o.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\37ya1iec.default
FF Homepage: google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-17] ()
FF Plugin: @java.com/DTPlugin,version=11.40.2 -> E:\Program Files (x86)\bin\dtplugin\npDeployJava1.dll [2015-03-26] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> E:\Program Files (x86)\bin\plugin2\npjp2.dll [2015-03-26] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-17] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-03-13] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-03-13] (NVIDIA Corporation)
FF Extension: Adblock Plus - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\37ya1iec.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-04-06]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files (x86)\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-03-06]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files (x86)\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-06]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files (x86)\Avast\AvastSvc.exe [343336 2015-03-06] (Avast Software s.r.o.)
S3 AvastVBoxSvc; C:\Program Files (x86)\Avast\ng\vbox\AvastVBoxSVC.exe [4030800 2015-03-06] (Avast Software)
S4 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152328 2015-03-08] (NVIDIA Corporation)
U2 iprip; C:\Windows\System32\iprip.dll [35328 2009-07-14] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
S4 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1878856 2015-03-08] (NVIDIA Corporation)
S4 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [22916936 2015-03-08] (NVIDIA Corporation)
S4 Origin Client Service; E:\Programme\Origin\OriginClientService.exe [1910640 2015-03-09] (Electronic Arts)
S4 Realtek8185; C:\Program Files (x86)\Realtek\RTL8185 Wireless LAN Utility\RtlService.exe [40960 2009-12-07] (Realtek) [File not signed]
S4 SkypeUpdate; E:\Program Files (x86)\Updater\Updater.exe [315488 2015-02-18] (Skype Technologies)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2145080 2014-07-16] (TuneUp Software)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-21] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-03-06] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [88408 2015-03-06] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-03-06] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-03-06] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-03-06] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [441728 2015-03-06] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [136752 2015-03-06] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [268640 2015-03-06] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-04-07] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2015-03-08] (NVIDIA Corporation)
S3 NVSWCFilter; C:\Windows\System32\DRIVERS\nvswcfilter.sys [19616 2014-12-01] (Windows (R) Win 7 DDK provider)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S3 RTL85n64; C:\Windows\System32\DRIVERS\RTL85n64.sys [2061856 2010-03-23] (Realtek Semiconductor Corporation                          )
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-12-16] (TuneUp Software)
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation)
R2 VBoxAswDrv; C:\Program Files (x86)\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-03-06] (Avast Software)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S1 QMUdisk; \??\C:\Program Files (x86)\Tencent\QQPCMgr\10.7.16066.216\QMUdisk64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-07 16:29 - 2015-04-07 16:29 - 00010850 _____ () C:\Users\***\Desktop\FRST.txt
2015-04-06 18:12 - 2015-04-06 18:13 - 00000000 ____D () C:\Users\***\Downloads\gapp
2015-04-06 18:09 - 2015-04-06 18:12 - 96606422 _____ () C:\Users\***\Downloads\pa_gapps-modular-pico-5.1-20150315-signed.zip
2015-04-06 18:09 - 2015-04-06 18:11 - 42001044 _____ () C:\Users\***\Downloads\com.google.android.gms-7.0.99_(1809214-836)-7099836-minAPI19.apk
2015-04-06 17:01 - 2015-04-06 17:01 - 00031697 _____ () C:\Users\***\Desktop\Addition.txt
2015-04-06 17:00 - 2015-04-06 12:24 - 02095616 _____ (Farbar) C:\Users\***\Desktop\FRST64.exe
2015-04-06 16:03 - 2015-04-06 16:03 - 00000836 _____ () C:\Users\***\Desktop\JRT.txt
2015-04-06 15:12 - 2015-04-06 15:12 - 02347384 _____ (ESET) C:\Users\***\Downloads\esetsmartinstaller_deu.exe
2015-04-06 14:53 - 2015-04-07 12:40 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-06 14:52 - 2015-04-06 14:52 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-06 14:52 - 2015-04-06 14:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-06 14:52 - 2015-04-06 14:52 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-06 14:52 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-06 14:52 - 2015-03-17 06:15 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-06 14:52 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-06 14:45 - 2015-04-06 14:45 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-04-06 14:45 - 2015-04-06 14:45 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-04-06 14:45 - 2015-04-06 14:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-06 14:45 - 2015-04-06 14:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-06 14:39 - 2015-04-06 14:39 - 00000076 _____ () C:\Users\***\Documents\hosts.txt
2015-04-06 14:31 - 2015-04-06 14:33 - 00000000 ____D () C:\AdwCleaner
2015-04-06 14:29 - 2015-04-06 14:29 - 00001264 _____ () C:\Users\***\Desktop\Revo Uninstaller.lnk
2015-04-06 14:18 - 2015-04-06 14:19 - 00031828 _____ () C:\Users\Admin.***-PC\Downloads\Addition.txt
2015-04-06 14:17 - 2015-04-06 14:19 - 00062399 _____ () C:\Users\Admin.***-PC\Downloads\FRST.txt
2015-04-06 14:15 - 2015-04-06 14:15 - 00448512 _____ (OldTimer Tools) C:\Users\Admin.***-PC\Downloads\TFC.exe
2015-04-06 14:03 - 2015-04-06 14:03 - 00000000 __SHD () C:\Users\Admin.***-PC\AppData\Local\EmieUserList
2015-04-06 14:03 - 2015-04-06 14:03 - 00000000 __SHD () C:\Users\Admin.***-PC\AppData\Local\EmieSiteList
2015-04-06 14:03 - 2015-04-06 14:03 - 00000000 __SHD () C:\Users\Admin.***-PC\AppData\Local\EmieBrowserModeList
2015-04-06 13:56 - 2015-04-06 13:56 - 00031401 _____ () C:\ComboFix.txt
2015-04-06 13:35 - 2015-04-06 14:14 - 00000000 ____D () C:\Windows\erdnt
2015-04-06 13:10 - 2015-04-06 13:10 - 00000000 ____D () C:\Users\Admin.***-PC\Documents\Tunngle
2015-04-06 13:10 - 2015-04-06 13:10 - 00000000 ____D () C:\Users\Admin.***-PC\AppData\Roaming\Tunngle
2015-04-06 13:00 - 2015-04-06 13:24 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-04-06 12:51 - 2015-04-06 12:51 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-***-PC-Windows-7-Home-Premium-(64-bit).dat
2015-04-06 12:51 - 2015-04-06 12:51 - 00000000 ____D () C:\RegBackup
2015-04-06 12:41 - 2015-04-06 12:41 - 00000000 ____D () C:\Users\Admin.***-PC\Documents\Dolphin Emulator
2015-04-06 12:28 - 2015-04-06 14:29 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-04-06 12:28 - 2015-04-06 12:28 - 00001264 _____ () C:\Users\Admin.***-PC\Desktop\Revo Uninstaller.lnk
2015-04-06 12:24 - 2015-04-07 16:29 - 00000000 ____D () C:\FRST
2015-04-06 12:24 - 2015-04-06 12:24 - 02095616 _____ (Farbar) C:\Users\Admin.***-PC\Downloads\FRST64.exe
2015-04-06 12:19 - 2015-04-06 12:19 - 00000306 __RSH () C:\Users\Admin.***-PC\ntuser.pol
2015-04-04 05:18 - 2014-05-22 13:22 - 00739328 _____ (LinGon) C:\Users\***\Desktop\WolfensteinTheNewOrder+5Tr-LNG_v1.0.exe
2015-04-03 21:11 - 2015-04-03 21:11 - 00000000 ____D () C:\Windows\SysWOW64\Flash
2015-04-03 21:05 - 2015-04-03 21:05 - 00000000 ____D () C:\ProgramData\KingSoft
2015-04-03 21:03 - 2015-04-03 21:03 - 00000000 ____D () C:\Program Files\Common Files\Tencent
2015-04-03 21:02 - 2015-04-03 21:14 - 00000000 ____D () C:\Program Files (x86)\Application Assistance
2015-04-03 21:02 - 2015-04-03 21:02 - 00087864 _____ (电脑管家) C:\Windows\system32\Drivers\TFsFltX64.sys
2015-04-03 20:50 - 2015-04-03 20:50 - 00026289 _____ () C:\Users\***\Desktop\Dying Light Ultimate Edition (Repack).torrent
2015-04-03 19:10 - 2015-04-03 19:10 - 00000000 _____ () C:\Windows\SysWOW64\Access.dat
2015-04-03 18:57 - 2015-04-03 20:23 - 00000000 ____D () C:\Users\***\AppData\Roaming\Tunngle
2015-04-03 18:57 - 2009-09-16 07:02 - 00031232 _____ (Tunngle.net) C:\Windows\system32\Drivers\tap0901t.sys
2015-04-03 16:45 - 2015-04-06 17:26 - 00000008 __RSH () C:\Users\***\ntuser.pol
2015-04-03 15:52 - 2015-04-03 15:52 - 00000000 ____D () C:\ProgramData\Steam
2015-04-03 15:45 - 2015-04-03 15:45 - 00001231 _____ () C:\Users\Public\Desktop\Wolfenstein The New Order.lnk
2015-04-03 07:26 - 2015-04-06 13:14 - 00002944 _____ () C:\Windows\System32\Tasks\{F6125EE0-652C-4BA0-95E3-8413F1CF0562}
2015-04-03 07:15 - 2015-04-06 17:26 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2015-04-03 07:15 - 2015-04-03 07:15 - 00001503 ___RS () C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехplоrеr.lnk
2015-04-03 07:15 - 2015-04-03 07:15 - 00001309 ___RS () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Мozillа Firefoх.lnk
2015-04-03 07:15 - 2015-04-03 07:15 - 00000000 ____D () C:\Users\***\AppData\Roaming\SPI
2015-04-03 07:15 - 2015-04-03 07:15 - 00000000 ____D () C:\Users\***\AppData\Roaming\Browsers
2015-04-03 05:06 - 2015-04-03 15:46 - 00018895 _____ () C:\Windows\DirectX.log
2015-04-02 16:00 - 2015-04-02 16:00 - 00000000 ____D () C:\Users\***\Tracing
2015-04-02 15:56 - 2015-04-06 12:55 - 00000000 ____D () C:\Program Files (x86)\Skype
2015-04-02 15:56 - 2015-04-02 15:56 - 00002687 _____ () C:\Users\Public\Desktop\Skype.lnk
2015-04-02 15:56 - 2015-04-02 15:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-04-02 15:47 - 2015-04-06 16:14 - 00058408 _____ () C:\Users\***\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-02 12:51 - 2015-04-06 17:26 - 00002109 _____ () C:\Windows\setupact.log
2015-04-02 12:51 - 2015-04-06 16:26 - 00043760 _____ () C:\Windows\PFRO.log
2015-04-02 12:51 - 2015-04-06 13:32 - 00268536 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-02 12:51 - 2015-04-02 12:51 - 00000000 _____ () C:\Windows\setuperr.log
2015-04-02 03:17 - 2015-04-02 03:17 - 00003704 _____ () C:\Windows\System32\Tasks\Java Update Scheduler
2015-03-29 04:38 - 2015-03-29 04:44 - 00000000 ____D () C:\Users\***\Documents\Dolphin Emulator
2015-03-28 23:56 - 2015-04-04 23:34 - 00000000 ____D () C:\Users\***\AppData\Roaming\Skype
2015-03-28 23:56 - 2015-03-28 23:56 - 00000000 ____D () C:\Users\***\AppData\Local\Skype
2015-03-28 23:55 - 2015-04-02 15:56 - 00000000 ____D () C:\ProgramData\Skype
2015-03-28 23:48 - 2015-03-28 23:48 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-03-28 23:48 - 2015-03-28 23:48 - 00000000 ___SD () C:\Windows\system32\GWX
2015-03-28 23:13 - 2015-03-28 23:31 - 00000000 ____D () C:\Users\***\AppData\Local\eMule
2015-03-28 23:13 - 2015-03-28 23:13 - 00000000 ____D () C:\ProgramData\eMule
2015-03-28 17:40 - 2015-03-28 17:40 - 00000000 __SHD () C:\Windows\ftpcache
2015-03-28 04:58 - 2015-03-28 04:58 - 00000222 _____ () C:\Users\***\Desktop\Killing Floor - Toy Master.url
2015-03-27 20:20 - 2015-03-27 20:20 - 00000222 _____ () C:\Users\***\Desktop\Nether.url
2015-03-27 02:03 - 2015-03-27 02:09 - 00001048 _____ () C:\Users\***\Downloads\Wolfenstein_The_New_Order_German_Edition_Full_Uncut_-_x.X.RIDDICK.X.x-4amh16nyg1ql.dlc
2015-03-26 21:37 - 2015-03-26 21:37 - 00000043 _____ () C:\Users\***\Desktop\DL.txt
2015-03-26 10:28 - 2015-03-26 10:31 - 00000000 ____D () C:\Users\***\AppData\Local\Zombie Army Trilogy
2015-03-26 10:26 - 2015-03-13 17:38 - 00622224 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-03-26 10:25 - 2015-03-13 21:41 - 32114888 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-03-26 10:25 - 2015-03-13 21:41 - 25460880 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-03-26 10:25 - 2015-03-13 21:41 - 24775368 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-03-26 10:25 - 2015-03-13 21:41 - 20466376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-03-26 10:25 - 2015-03-13 21:41 - 18580512 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-03-26 10:25 - 2015-03-13 21:41 - 17258024 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-03-26 10:25 - 2015-03-13 21:41 - 13297144 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-03-26 10:25 - 2015-03-13 21:41 - 13210080 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-03-26 10:25 - 2015-03-13 21:41 - 10775080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-03-26 10:25 - 2015-03-13 21:41 - 10715864 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-03-26 10:25 - 2015-03-13 21:41 - 10262160 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-03-26 10:25 - 2015-03-13 21:41 - 03611792 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-03-26 10:25 - 2015-03-13 21:41 - 03249352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-03-26 10:25 - 2015-03-13 21:41 - 01896136 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434788.dll
2015-03-26 10:25 - 2015-03-13 21:41 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434788.dll
2015-03-26 10:25 - 2015-03-13 21:41 - 01540240 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2015-03-26 10:25 - 2015-03-13 21:41 - 00997856 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-03-26 10:25 - 2015-03-13 21:41 - 00970384 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-03-26 10:25 - 2015-03-13 21:41 - 00944784 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-03-26 10:25 - 2015-03-13 21:41 - 00930448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-03-26 10:25 - 2015-03-13 21:41 - 00909512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-03-26 10:25 - 2015-03-13 21:41 - 00878328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-03-26 10:25 - 2015-03-13 21:41 - 00496272 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-03-26 10:25 - 2015-03-13 21:41 - 00400584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-03-26 10:25 - 2015-03-13 21:41 - 00390288 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-03-26 10:25 - 2015-03-13 21:41 - 00354112 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-03-26 10:25 - 2015-03-13 21:41 - 00346824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-03-26 10:25 - 2015-03-13 21:41 - 00306208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-03-26 10:25 - 2015-03-13 21:41 - 00178512 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-03-26 10:25 - 2015-03-13 21:41 - 00164568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-03-26 03:20 - 2015-03-26 03:20 - 00000000 ____D () C:\Users\***\AppData\Local\JDownloader 2.0
2015-03-26 02:15 - 2015-03-26 02:15 - 00000000 ____D () C:\ProgramData\Sun
2015-03-26 02:15 - 2015-03-26 02:14 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-03-26 02:14 - 2015-03-26 02:14 - 00000000 ____D () C:\ProgramData\Oracle
2015-03-26 02:14 - 2015-03-26 02:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-03-26 01:55 - 2015-03-30 18:08 - 00000000 ____D () C:\Users\***\AppData\Roaming\BitComet
2015-03-26 01:40 - 2015-03-26 01:40 - 00002747 _____ () C:\Users\***\Downloads\Wolfenstein.The.New.Order..German.Language.Pack..torrent
2015-03-25 23:31 - 2015-03-25 23:31 - 00000222 _____ () C:\Users\***\Desktop\Zombie Army Trilogy.url
2015-03-25 00:01 - 2015-03-11 06:06 - 00943616 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-03-25 00:01 - 2015-03-11 06:06 - 00760832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-03-25 00:01 - 2015-03-11 06:06 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-03-25 00:01 - 2015-03-11 06:06 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-03-25 00:01 - 2015-03-11 06:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-03-25 00:01 - 2015-03-11 06:05 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-03-25 00:01 - 2015-03-11 06:05 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-03-25 00:01 - 2015-03-11 06:02 - 01107456 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-03-15 12:18 - 2015-03-15 12:18 - 00000000 ____D () C:\Users\***\Documents\Ubisoft
2015-03-15 12:00 - 2015-03-15 12:18 - 00000000 ____D () C:\Users\***\AppData\Local\Ubisoft Game Launcher
2015-03-15 12:00 - 2015-03-15 12:00 - 00001201 _____ () C:\Users\***\Desktop\Uplay.lnk
2015-03-15 12:00 - 2015-03-15 12:00 - 00000000 ____D () C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2015-03-15 12:00 - 2015-03-15 12:00 - 00000000 ____D () C:\Program Files (x86)\Ubisoft
2015-03-15 11:59 - 2015-03-15 12:02 - 00000073 _____ () C:\Users\***\Documents\Blacklist.txt
2015-03-15 08:31 - 2015-03-15 08:31 - 00322827 _____ () C:\Users\***\Documents\ts3_clientui-win64-1407159763-2015-03-15 07_31_08.859375.dmp
2015-03-15 06:11 - 2015-03-18 04:51 - 00000000 ____D () C:\Users\***\AppData\Local\Two Worlds II
2015-03-14 22:06 - 2015-03-14 22:06 - 00001131 _____ () C:\Users\Public\Desktop\Two Worlds II.lnk
2015-03-14 22:06 - 2015-03-14 22:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reality Pump
2015-03-14 16:12 - 2015-03-12 12:59 - 00373864 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService64.dll
2015-03-14 16:12 - 2015-03-12 12:58 - 00326288 _____ (Lavasoft Limited) C:\Windows\SysWOW64\LavasoftTcpService.dll
2015-03-13 19:01 - 2015-03-13 19:01 - 00323219 _____ () C:\Users\***\Documents\ts3_clientui-win64-1407159763-2015-03-13 18_01_25.050781.dmp
2015-03-12 19:41 - 2015-02-03 05:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-12 19:41 - 2015-02-03 05:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-03-12 19:41 - 2015-02-03 05:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-12 19:41 - 2015-02-03 05:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-03-12 19:41 - 2015-02-03 05:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-12 19:41 - 2015-02-03 05:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-12 19:41 - 2015-02-03 05:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-12 19:41 - 2015-02-03 05:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-12 19:41 - 2015-02-03 05:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-12 19:41 - 2015-02-03 05:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-12 19:41 - 2015-02-03 05:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-12 19:41 - 2015-02-03 05:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-12 19:41 - 2015-02-03 05:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-12 19:41 - 2015-02-03 05:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-12 19:41 - 2015-02-03 05:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-12 19:41 - 2015-02-03 05:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-12 19:41 - 2015-02-03 05:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-12 19:41 - 2015-02-03 05:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-12 19:41 - 2015-02-03 05:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-12 19:41 - 2015-02-03 05:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-12 19:41 - 2015-02-03 05:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-12 19:41 - 2015-02-03 05:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-12 19:41 - 2015-02-03 05:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-12 19:41 - 2015-02-03 05:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-12 19:41 - 2015-02-03 05:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-12 19:41 - 2015-02-03 05:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-12 19:41 - 2015-02-03 05:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-12 19:41 - 2015-02-03 05:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-12 19:41 - 2015-02-03 05:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-12 19:41 - 2015-02-03 05:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-12 19:41 - 2015-02-03 05:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-12 19:41 - 2015-02-03 05:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-12 19:41 - 2015-02-03 05:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-12 19:41 - 2015-02-03 05:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-12 19:41 - 2015-02-03 05:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-12 19:41 - 2015-02-03 05:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-12 19:41 - 2015-02-03 05:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-12 19:41 - 2015-02-03 05:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-12 19:41 - 2015-02-03 05:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-12 19:41 - 2015-02-03 05:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-12 19:41 - 2015-02-03 05:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-12 19:41 - 2015-02-03 05:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-12 19:41 - 2015-02-03 05:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-12 19:41 - 2015-02-03 05:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-12 19:41 - 2015-02-03 05:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-12 19:41 - 2015-02-03 05:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-12 19:41 - 2015-02-03 05:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-12 19:41 - 2015-02-03 05:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-12 19:41 - 2015-02-03 05:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-12 19:41 - 2015-02-03 05:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-12 19:41 - 2015-02-03 05:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-12 19:41 - 2015-02-03 05:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-12 19:41 - 2015-02-03 05:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-12 19:41 - 2015-02-03 05:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-12 19:41 - 2015-02-03 05:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-12 19:41 - 2015-02-03 05:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-12 19:41 - 2015-02-03 05:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-03-12 19:41 - 2015-02-03 05:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-03-12 19:41 - 2015-02-03 05:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-03-12 19:41 - 2015-02-03 05:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-03-12 19:41 - 2015-02-03 05:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-03-12 19:41 - 2015-02-03 05:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-03-12 19:41 - 2015-02-03 05:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-03-12 19:41 - 2015-02-03 05:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-03-12 19:41 - 2015-02-03 05:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-03-12 19:41 - 2015-02-03 05:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-03-12 19:41 - 2015-02-03 05:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-03-12 19:41 - 2015-02-03 05:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-03-12 19:41 - 2015-02-03 05:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-03-12 19:41 - 2015-02-03 05:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-03-12 19:41 - 2015-02-03 05:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-03-12 19:41 - 2015-02-03 05:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-03-12 19:41 - 2015-02-03 05:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-03-12 19:41 - 2015-02-03 05:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-03-12 19:41 - 2015-02-03 05:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-03-12 19:41 - 2015-02-03 05:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-03-12 19:41 - 2015-02-03 05:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-03-12 19:41 - 2015-02-03 05:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-03-12 19:41 - 2015-02-03 05:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-03-12 19:41 - 2015-02-03 05:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-03-12 19:41 - 2015-02-03 05:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-03-12 19:41 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-03-12 19:41 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-03-12 19:41 - 2015-02-03 05:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-03-12 19:41 - 2015-02-03 05:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-03-12 19:41 - 2015-02-03 05:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-03-12 19:41 - 2015-02-03 05:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-03-12 19:41 - 2015-02-03 05:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-03-12 19:41 - 2015-02-03 04:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-12 19:41 - 2014-11-01 00:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-12 19:41 - 2014-06-28 02:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-03-12 19:41 - 2014-06-28 02:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-03-12 19:40 - 2015-02-24 05:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-12 19:40 - 2015-02-24 04:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-03-12 19:40 - 2015-02-21 03:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-12 19:40 - 2015-02-21 02:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-12 19:40 - 2015-02-21 02:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-12 19:40 - 2015-02-21 02:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-12 19:40 - 2015-02-21 02:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-12 19:40 - 2015-02-21 01:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-12 19:40 - 2015-02-21 01:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-12 19:40 - 2015-02-20 05:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-12 19:40 - 2015-02-20 05:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-12 19:40 - 2015-02-20 04:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-12 19:40 - 2015-02-20 04:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-12 19:40 - 2015-02-20 04:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-12 19:40 - 2015-02-20 04:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-12 19:40 - 2015-02-20 04:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-12 19:40 - 2015-02-20 04:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-12 19:40 - 2015-02-20 04:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-12 19:40 - 2015-02-20 04:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-12 19:40 - 2015-02-20 04:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-12 19:40 - 2015-02-20 04:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-12 19:40 - 2015-02-20 04:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-12 19:40 - 2015-02-20 04:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-12 19:40 - 2015-02-20 04:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-12 19:40 - 2015-02-20 04:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-12 19:40 - 2015-02-20 04:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-12 19:40 - 2015-02-20 04:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-12 19:40 - 2015-02-20 04:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-12 19:40 - 2015-02-20 04:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-12 19:40 - 2015-02-20 04:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-03-12 19:40 - 2015-02-20 04:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-03-12 19:40 - 2015-02-20 04:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-12 19:40 - 2015-02-20 04:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-12 19:40 - 2015-02-20 04:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-12 19:40 - 2015-02-20 04:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-12 19:40 - 2015-02-20 04:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-03-12 19:40 - 2015-02-20 03:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-03-12 19:40 - 2015-02-20 03:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-03-12 19:40 - 2015-02-20 03:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-03-12 19:40 - 2015-02-20 03:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-12 19:40 - 2015-02-20 03:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-12 19:40 - 2015-02-20 03:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-12 19:40 - 2015-02-20 03:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-12 19:40 - 2015-02-20 03:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-12 19:40 - 2015-02-20 03:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-12 19:40 - 2015-02-20 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-03-12 19:40 - 2015-02-20 03:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-12 19:40 - 2015-02-20 03:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-12 19:40 - 2015-02-20 03:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-12 19:40 - 2015-02-20 03:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-12 19:40 - 2015-02-20 03:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-03-12 19:40 - 2015-02-20 03:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-12 19:40 - 2015-02-20 03:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-12 19:40 - 2015-02-20 03:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-12 19:40 - 2015-02-20 02:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-12 19:40 - 2015-02-20 02:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-12 19:20 - 2015-03-12 19:20 - 00000000 ____D () C:\Users\***\Documents\EA Games
2015-03-12 19:20 - 2015-03-12 19:20 - 00000000 ____D () C:\Users\***\AppData\Local\EA Games
2015-03-12 17:18 - 2015-02-13 07:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-12 17:18 - 2015-02-13 07:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-12 17:06 - 2015-02-20 06:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-12 17:06 - 2015-02-20 06:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-12 17:06 - 2015-02-20 06:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-12 17:06 - 2015-02-20 06:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-12 17:06 - 2015-02-20 06:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-12 17:06 - 2015-02-20 06:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-12 17:06 - 2015-02-20 06:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-12 17:06 - 2015-02-20 06:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-12 17:06 - 2015-02-20 05:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-12 17:06 - 2015-02-20 05:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-12 16:59 - 2015-01-31 05:48 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-03-12 16:59 - 2015-01-31 05:48 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-03-12 16:59 - 2015-01-31 01:56 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-03-12 16:53 - 2015-02-03 05:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-12 16:53 - 2015-02-03 05:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-12 16:48 - 2015-03-06 07:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-12 16:48 - 2015-03-06 07:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-12 16:48 - 2015-03-06 07:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-12 16:48 - 2015-03-06 07:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-12 16:48 - 2015-03-06 07:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-12 16:48 - 2015-03-06 07:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-03-12 16:48 - 2015-03-06 07:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-03-12 16:48 - 2015-03-06 07:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-12 16:48 - 2015-01-31 01:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-12 16:47 - 2015-03-06 07:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-12 16:47 - 2015-03-06 07:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-12 16:47 - 2015-03-06 07:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-12 16:47 - 2015-03-06 07:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-12 16:47 - 2015-03-06 07:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-12 16:47 - 2015-03-06 07:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-12 16:47 - 2015-03-06 07:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-12 16:47 - 2015-03-06 07:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-12 16:47 - 2015-03-06 07:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-12 16:47 - 2015-03-06 07:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-12 16:47 - 2015-03-06 07:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-12 16:47 - 2015-03-06 07:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-12 16:47 - 2015-03-06 07:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-12 16:47 - 2015-03-06 07:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-03-12 16:47 - 2015-03-06 07:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-03-12 16:47 - 2015-03-06 07:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-03-12 16:47 - 2015-03-06 07:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-12 16:47 - 2015-03-06 07:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-03-12 16:47 - 2015-03-06 07:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-12 16:47 - 2015-03-06 07:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-03-12 16:47 - 2015-03-06 07:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-03-12 16:47 - 2015-03-06 07:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-03-12 16:47 - 2015-03-06 07:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-12 16:39 - 2015-02-03 05:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-12 16:39 - 2015-02-03 05:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-12 16:39 - 2015-01-17 04:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-12 16:39 - 2015-01-17 04:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-12 16:36 - 2015-02-26 05:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-12 16:31 - 2015-02-04 05:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-12 16:31 - 2015-02-04 04:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-10 02:46 - 2015-03-10 02:46 - 00000871 _____ () C:\Users\Public\Desktop\Dead Space 3.lnk
2015-03-09 20:39 - 2015-03-09 20:39 - 00000019 _____ () C:\Users\***\Documents\PaysafeCard2.txt
2015-03-09 20:29 - 2015-03-09 20:29 - 00000027 _____ () C:\Users\***\Documents\Dead Space 3.txt
2015-03-09 18:45 - 2015-03-09 23:42 - 00000000 ____D () C:\Users\***\AppData\Roaming\Origin
2015-03-09 18:45 - 2015-03-09 18:57 - 00000000 ____D () C:\Users\***\AppData\Local\Origin
2015-03-09 18:41 - 2015-03-19 00:25 - 00000000 ____D () C:\ProgramData\Origin
2015-03-09 18:41 - 2015-03-12 19:20 - 00000000 ____D () C:\ProgramData\Electronic Arts
2015-03-09 18:41 - 2015-03-09 18:41 - 00000642 _____ () C:\Users\Public\Desktop\Origin.lnk
2015-03-09 16:26 - 2015-03-09 16:26 - 00000222 _____ () C:\Users\***\Desktop\Tom Clancy's Splinter Cell Blacklist.url

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-07 16:07 - 2015-02-18 00:15 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-07 05:08 - 2015-01-15 19:20 - 01982306 _____ () C:\Windows\WindowsUpdate.log
2015-04-07 00:04 - 2009-07-14 06:45 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-07 00:04 - 2009-07-14 06:45 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-06 17:31 - 2011-04-12 09:43 - 00769348 _____ () C:\Windows\system32\perfh007.dat
2015-04-06 17:31 - 2011-04-12 09:43 - 00173666 _____ () C:\Windows\system32\perfc007.dat
2015-04-06 17:31 - 2009-07-14 07:13 - 01794928 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-06 17:28 - 2015-01-21 00:57 - 00000437 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2015-04-06 17:26 - 2015-01-21 23:02 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2015-04-06 17:26 - 2015-01-15 19:21 - 00000000 ____D () C:\Users\***
2015-04-06 17:26 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-06 17:24 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\GroupPolicy
2015-04-06 16:56 - 2015-01-21 01:56 - 00004164 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-04-06 15:58 - 2015-01-16 23:01 - 00000000 ____D () C:\Users\***\Desktop\Eigene Dateien
2015-04-06 14:52 - 2015-03-01 17:07 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-06 14:30 - 2012-07-30 17:31 - 00000000 ____D () C:\Users\***\Desktop\GameZ
2015-04-06 13:56 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2015-04-06 13:51 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2015-04-06 13:21 - 2015-01-20 23:12 - 00000000 ____D () C:\Users\Admin.***-PC\AppData\Local\VirtualStore
2015-04-06 12:35 - 2015-01-15 22:58 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-06 12:25 - 2015-02-05 16:22 - 00058792 _____ () C:\Users\Admin.***-PC\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-06 12:19 - 2015-01-20 23:12 - 00000000 ____D () C:\Users\Admin.***-PC
2015-04-05 04:02 - 2015-01-17 00:50 - 00000000 ____D () C:\Users\***\AppData\Roaming\TS3Client
2015-04-05 01:35 - 2015-01-15 19:32 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-04-03 21:22 - 2015-01-15 19:21 - 00001421 ____H () C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-04-03 21:03 - 2015-01-15 19:21 - 00000000 ____D () C:\Users\***\AppData\Local\VirtualStore
2015-04-02 03:14 - 2015-01-17 04:34 - 00000000 ____D () C:\Windows\Minidump
2015-04-02 03:14 - 2015-01-15 19:11 - 00000000 ____D () C:\Windows\Panther
2015-03-28 23:42 - 2011-03-07 13:10 - 00000000 ____D () C:\Users\***\Desktop\JDownloader
2015-03-28 22:14 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-28 18:50 - 2015-01-16 23:50 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-03-28 18:49 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-03-27 22:56 - 2012-07-27 01:09 - 00000000 ____D () C:\Users\***\Documents\My Games
2015-03-26 10:27 - 2015-01-21 01:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-03-26 10:26 - 2015-01-15 20:18 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-03-25 15:06 - 2015-01-23 02:08 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-03-25 15:06 - 2015-01-23 02:08 - 00000000 ____D () C:\Windows\system32\appraiser
2015-03-24 23:53 - 2015-01-21 01:52 - 00000000 ____D () C:\Program Files (x86)\Avast
2015-03-17 12:09 - 2015-02-18 00:15 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-03-17 12:09 - 2015-02-18 00:15 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-17 12:09 - 2015-02-18 00:15 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-03-17 12:09 - 2015-02-18 00:14 - 00000000 ____D () C:\Users\***\AppData\Local\Adobe
2015-03-14 21:40 - 2015-03-07 07:28 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-03-14 21:39 - 2015-01-22 20:25 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-03-14 18:56 - 2015-02-09 22:47 - 00008036 _____ () C:\Users\***\Documents\TombRaider.log
2015-03-14 11:52 - 2015-01-21 01:28 - 00001377 _____ () C:\Users\Public\Desktop\GeForce Experience.lnk
2015-03-13 21:41 - 2015-02-11 09:25 - 16022016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-03-13 21:41 - 2015-01-21 19:16 - 02906928 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-03-13 21:41 - 2015-01-21 01:26 - 00073872 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-03-13 21:41 - 2015-01-21 01:26 - 00060560 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-03-13 21:41 - 2015-01-21 01:25 - 03303448 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-03-13 21:41 - 2015-01-21 01:25 - 00027441 _____ () C:\Windows\system32\nvinfo.pb
2015-03-13 21:41 - 2015-01-21 01:24 - 14121624 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-03-13 18:34 - 2009-07-14 07:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-03-13 18:16 - 2015-01-21 01:26 - 06861968 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-03-13 18:16 - 2015-01-21 01:26 - 03526856 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-03-13 18:16 - 2015-01-21 01:26 - 02559808 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-03-13 18:16 - 2015-01-21 01:26 - 00935056 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-03-13 18:16 - 2015-01-21 01:26 - 00386248 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-03-13 18:16 - 2015-01-21 01:26 - 00062608 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-03-13 12:06 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-03-13 11:24 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-13 11:24 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-13 11:04 - 2015-01-16 01:03 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-13 11:01 - 2015-01-21 04:03 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-11 15:10 - 2015-01-21 01:26 - 04246327 _____ () C:\Windows\system32\nvcoproc.bin
2015-03-09 20:00 - 2015-01-17 11:07 - 00000000 ____D () C:\Users\***\Documents\Lords of the Fallen
2015-03-08 14:39 - 2015-01-21 19:11 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-03-08 14:39 - 2015-01-15 22:59 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-03-08 14:38 - 2015-01-21 19:11 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-03-08 14:38 - 2015-01-21 19:11 - 01568488 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll

==================== Files in the root of some directories =======

2015-02-21 17:05 - 2015-03-01 16:31 - 0000106 _____ () C:\Users\***\AppData\Roaming\WB.CFG
2015-02-23 15:26 - 2015-02-23 15:26 - 0274045 _____ () C:\Users\***\AppData\Local\dsi1.dat
2015-02-23 15:26 - 2015-02-23 15:26 - 0161916 _____ () C:\Users\***\AppData\Local\dsi2.dat

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-04 10:07

==================== End Of Log ============================
--- --- ---

--- --- ---


Vielleicht hast du ja gesehen, dass ich ein Paar seiten in der Host Datei gesperrt habe!?

Ich hoffe nicht, dass die durch die Fixlist entfernt wurden. Sind keine Viren drauf oder ?

schrauber 08.04.2015 06:15
Da war schon noch einiges drauf. Die Hosts musste dann neu sperren.

Lade SystemLook von jpshortstuff von einem der folgenden Spiegel herunter und speichere das Tool auf dem Desktop.
SystemLook (64 bit)
  • Doppelklicke auf die SystemLook_x64.exe, um das Tool zu starten.
  • Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:
    Code:
    :regfind
    Gotut.ru
  • Klicke nun auf den Button Look, um den Scan zu starten.
  • Der Suchlauf kann einige Zeit dauern.
  • Wenn der Suchlauf beendet ist, wird sich Dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
  • Die Ergebnisse werden auf dem Desktop als SystemLook.txt gespeichert.

Malwarepro 09.04.2015 07:55
Hi,

findet nix.

LOG:

Code:
SystemLook 30.07.11 by jpshortstuff
Log created at 08:55 on 09/04/2015 by ***
Administrator - Elevation successful

========== regfind ==========

Searching for "Gotut.ru"
No data found.

-= EOF =-


Noch ein Problem:

In meiner FritzBox habe ich "Bit-Torrent" und "E-Mule" gesperrt. Zudem habe ich den Filter für Jugendgefährdende Seiten aktiviert. Seitdem bekomme ich immer Meldungen, dass zugriffe IP-Adressen gesperrt wurden.

Ich habe ein paar von den IP-Adressen per "tracert" nachverfolgt und es kommt (fast immer) der Mailshell Server in England raus. Weißt du was Mailshell ist ?

IP-Tracker:

Code:
- hxxp://www.ip-tracker.org/locator/ip-lookup.php?ip=151.236.219.57
- hxxp://www.ip-tracker.org/locator/ip-lookup.php?ip=176.58.112.126
Name der Servers von Mailshell:

Code:
a.ns.mailshell.net >> 192.81.129.218

b.ns.mailshell.net >> 23.92.19.91

c.ns.mailshell.net >> 212.71.233.60

j.ns.mailshell.net >> 50.116.19.218

i.ns.mailshell.net >> 164.40.149.130

Dazu habe ich noch eine Blacklist in der FritzBox, von Seiten, die nicht aufgerufen werden dürfen erstellt:

Code:
kino.to
kino.to
kinox.to
movie4k.to
Mygully.com
Boerse.to
Boerse.bz
alluc.to
g.stream.in
Bitreactor.to
Goldesel.to
Tehparadox.com
Argentinawarez.com
Mov-world.net
Heroturko.me
Drop-games.org
Keygens.nl
Leecher.to
Ua.canna.to
Mp3boo.com
Filestube.to
Ebook3000.com
Ebookee.org
Ebook-hell.to
Gamecopyworld.com
Megagames.com
gameburnworld.com
keygen.us
cracks.am
cracksearchengine.com
andr.net
http://up.picr.de/21537789gz.png

Ich habe dazu noch den Port 47 im UDP Protokoll gesperrt, damit keine VPN verwendet werden darf, um verbotene Seiten aufrufen zu können, oder einfach BitTorrent und E-Mule wieder benutzen zu können.

schrauber 09.04.2015 17:42
Wenn Du Torrents sperren willst solltest Du erstmal aufhören sie auch zu benutzen, sonst hören die Meldungen nie auf ;)

Zitat:
HKU\S-1-5-21-3735647818-3390927355-959790164-1000\...\Run: [BitComet] => "E:\Program Files (x86)\BitComet\BitComet.exe" /tray

Malwarepro 10.04.2015 08:05
Zitat:
Zitat von schrauber (Beitrag 1453316)
Wenn Du Torrents sperren willst solltest Du erstmal aufhören sie auch zu benutzen, sonst hören die Meldungen nie auf ;)
Dieser Computer gehört meinem Onkel. Er will es nicht einsehen, dass man sind auf Bit Torrent Viren holt. Das heißt, dass ich von dir keine Hilfe mehr bekomme ?

schrauber 10.04.2015 18:30
Klar bekommst Du die. Aber das laufende Bittorrent könnte ja die Meldungen betgl IP Sperre erklären ne? ;)


Zeig mal bitte nen Screen vom IE wenn Du Gotut siehst.

Malwarepro 11.04.2015 12:00
Okay. Ich weiß jetzt woher die Meldungen kommen. Sie kommen von dem Avast Anti Spam Plugin



Hier die Bilder:

http://up.picr.de/21557122ro.jpg


http://up.picr.de/21557119lf.jpg

Ich hab irgendwie letztens gesehen, dass du noch jemandem mit dem gleichem Problem hilfst. Er hat auch Gotut.ru als Startseite:

hxxp://www.trojaner-board.de/165842-window-7-http-gotut-ru-laesst-startseite-entfernen-continue-live-installation-adwcleaner-erkannt-entfernt.html

schrauber 11.04.2015 18:25
Downloade dir bitte Shortcut Cleaner (by Grinler) auf deinen Desktop.
  • Starte die sc-cleaner.exe mit einem Doppelclick.
  • Bestätige die Meldung Shortcut Cleaner Finished am Ende des Suchlaufs mit Ok.
  • Eine Logdatei wird sich öffnen (sc-cleaner.txt).
  • Poste den Inhalt mit deiner nächsten Antwort.

Malwarepro 11.04.2015 20:36
Hi,

leider nix gefunden


LOG:
Code:
Shortcut Cleaner 1.3.5 by Lawrence Abrams (Grinler)
hxxp://www.bleepingcomputer.com/
Copyright 2008-2015 BleepingComputer.com
More Information about Shortcut Cleaner can be found at this link:
 hxxp://www.bleepingcomputer.com/download/shortcut-cleaner/

Windows Version: Windows 7 Home Premium Service Pack 1
Program started at: 04/11/2015 09:36:13 PM.

Scanning for registry hijacks:

 * No issues found in the Registry.

Searching for Hijacked Shortcuts:

Searching C:\Users\Admin.***-PC\AppData\Roaming\Microsoft\Windows\Start Menu\

Searching C:\ProgramData\Microsoft\Windows\Start Menu\

Searching C:\Users\Admin.***-PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\

Searching C:\Users\Public\Desktop\

Searching C:\Users\Admin.***-PC\Desktop


0 bad shortcuts found.

Program finished at: 04/11/2015 09:36:17 PM
Execution time: 0 hours(s), 0 minute(s), and 4 seconds(s)

schrauber 12.04.2015 08:02
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden ).
  • Doppelklick auf die OTL.exe
  • Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Minimal Ausgabe
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

Malwarepro 12.04.2015 16:14
Hi Schrauber,

OTL:

Code:
OTL logfile created on: 12.04.2015 17:08:18 - Run 2
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Admin.***-PC\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17691)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 2,43 Gb Available Physical Memory | 60,71% Memory free
8,00 Gb Paging File | 6,11 Gb Available in Paging File | 76,41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 247,82 Gb Total Space | 17,09 Gb Free Space | 6,90% Space Free | Partition Type: NTFS
Drive D: | 100,00 Mb Total Space | 69,99 Mb Free Space | 69,99% Space Free | Partition Type: NTFS
Drive E: | 683,59 Gb Total Space | 381,73 Gb Free Space | 55,84% Space Free | Partition Type: NTFS
Drive F: | 3,61 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive G: | 931,51 Gb Total Space | 13,94 Gb Free Space | 1,50% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Admin.***-PC\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Avast\avastui.exe (Avast Software s.r.o.)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Avast\AvastSvc.exe (Avast Software s.r.o.)
PRC - C:\Program Files\CyberGhost 5\Service.exe (CyberGhost S.R.L)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll ()
MOD - C:\Program Files (x86)\Avast\libcef.dll ()
MOD - C:\Program Files (x86)\Avast\libglesv2.dll ()
MOD - C:\Program Files (x86)\Avast\libegl.dll ()
MOD - C:\Program Files (x86)\Avast\log.dll ()
MOD - C:\Program Files (x86)\Avast\JsonRpcServer.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (GfExperienceService) -- C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (NVIDIA Corporation)
SRV:64bit: - (NvStreamSvc) -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation)
SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (CGVPNCliService) -- C:\Program Files\CyberGhost 5\Service.exe (CyberGhost S.R.L)
SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (iprip) -- C:\Windows\SysNative\iprip.dll (Microsoft Corporation)
SRV - (Origin Client Service) -- E:\Programme\Origin\OriginClientService.exe (Electronic Arts)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (NvNetworkService) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation)
SRV - (avast! Antivirus) -- C:\Program Files (x86)\Avast\AvastSvc.exe (Avast Software s.r.o.)
SRV - (AvastVBoxSvc) -- C:\Program Files (x86)\Avast\ng\vbox\AvastVBoxSVC.exe (Avast Software)
SRV - (SkypeUpdate) -- E:\Program Files (x86)\Updater\Updater.exe (Skype Technologies)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (BITCOMET_HELPER_SERVICE) -- C:\Program Files (x86)\BitComet\tools\BitCometService.exe (www.BitComet.com)
SRV - (WAS) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (W3SVC) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (AppHostSvc) -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (Realtek8185) -- C:\Program Files (x86)\Realtek\RTL8185 Wireless LAN Utility\RtlService.exe (Realtek)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMSwissArmy) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys (Malwarebytes Corporation)
DRV:64bit: - (MBAMWebAccessControl) -- C:\Windows\SysNative\drivers\mwac.sys (Malwarebytes Corporation)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (NvStreamKms) -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys (NVIDIA Corporation)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (Avast Software s.r.o.)
DRV:64bit: - (aswVmm) -- C:\Windows\SysNative\drivers\aswVmm.sys ()
DRV:64bit: - (aswStm) -- C:\Windows\SysNative\drivers\aswStm.sys (Avast Software s.r.o.)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (Avast Software s.r.o.)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (Avast Software s.r.o.)
DRV:64bit: - (aswRvrt) -- C:\Windows\SysNative\drivers\aswRvrt.sys ()
DRV:64bit: - (aswHwid) -- C:\Windows\SysNative\drivers\aswHwid.sys ()
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (Avast Software s.r.o.)
DRV:64bit: - (NVSWCFilter) -- C:\Windows\SysNative\drivers\nvswcfilter.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (nvvad_WaveExtensible) -- C:\Windows\SysNative\drivers\nvvad64v.sys (NVIDIA Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (usbrndis6) -- C:\Windows\SysNative\drivers\usb80236.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (RTL85n64) -- C:\Windows\SysNative\drivers\RTL85n64.sys (Realtek Semiconductor Corporation                          )
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation                                            )
DRV - (VBoxAswDrv) -- C:\Program Files (x86)\Avast\ng\vbox\VBoxAswDrv.sys (Avast Software)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys (TuneUp Software)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-21-3735647818-3390927355-959790164-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://gotut.ru/
IE - HKU\S-1-5-21-3735647818-3390927355-959790164-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3735647818-3390927355-959790164-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3735647818-3390927355-959790164-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.countryCode: "DE"
FF - prefs.js..browser.search.isUS: false
FF - prefs.js..browser.search.region: "DE"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.com"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:37.0.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.40.2: E:\Program Files (x86)\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.40.2: E:\Program Files (x86)\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 37.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 37.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 37.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 37.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2015.01.21 21:55:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin.***-PC\AppData\Roaming\mozilla\Extensions
[2015.04.06 12:45:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin.***-PC\AppData\Roaming\mozilla\Firefox\Profiles\9oa10267.default\extensions
[2015.04.06 14:45:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2015.04.06 14:45:30 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2015.04.10 15:53:38 | 000,000,630 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      www.isohunt.to
O1 - Hosts: 127.0.0.1      isohunt.to
O1 - Hosts: 127.0.0.1      www.torrentdownloads.me
O1 - Hosts: 127.0.0.1      torrentsdownload.com
O1 - Hosts: 127.0.0.1      37.1.201.116
O1 - Hosts: 127.0.0.1      www.megagames.com
O1 - Hosts: 127.0.0.1      megagames.com
O1 - Hosts: 127.0.0.1      www.gameburnworld.com
O1 - Hosts: 127.0.0.1      gameburnworld.com
O1 - Hosts: 127.0.0.1      www.keygen.us
O1 - Hosts: 127.0.0.1      keygen.us
O1 - Hosts: 127.0.0.1      easycracks.net
O1 - Hosts: 127.0.0.1      www.icracks.net
O1 - Hosts: 127.0.0.1      icracks.net
O1 - Hosts: 127.0.0.1      www.hackingstore.de
O1 - Hosts: 127.0.0.1      hackingstore.de
O1 - Hosts: 127.0.0.1      www.uploaded.net
O1 - Hosts: 127.0.0.1      uploaded.net
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files (x86)\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files (x86)\Avast\aswWebRepIE64.dll (Avast Software s.r.o.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files (x86)\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files (x86)\Avast\aswWebRepIE.dll (Avast Software s.r.o.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files (x86)\Avast\AvastUI.exe (Avast Software s.r.o.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 4
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3735647818-3390927355-959790164-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3735647818-3390927355-959790164-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3735647818-3390927355-959790164-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: &Alles mit BitComet herunterladen - C:\Program Files (x86)\BitComet\BitComet.exe (www.BitComet.com)
O8:64bit: - Extra context menu item: Mit BitComet herunter&laden - C:\Program Files (x86)\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &Alles mit BitComet herunterladen - C:\Program Files (x86)\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: Mit BitComet herunter&laden - C:\Program Files (x86)\BitComet\BitComet.exe (www.BitComet.com)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7C735086-CC68-4892-8F0D-0D238A8F11E4}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AEF7C8B7-689C-4D9C-A5C0-D76EE4CFA0C3}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CF320001-F1C9-4BCE-A57F-01CD1229EBF8}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D1F9153E-54DA-4743-B290-6E3A339B8F56}: DhcpNameServer = 192.168.178.1
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.10.16 20:02:40 | 000,000,000 | ---D | M] - F:\Autorun -- [ CDFS ]
O32 - AutoRun File - [2010.10.16 18:57:00 | 000,103,608 | R--- | M] () - F:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2010.10.16 20:01:01 | 000,001,041 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2015.04.12 16:54:04 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Admin.***-PC\Desktop\OTL.exe
[2015.04.11 21:35:25 | 000,443,208 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Admin.***-PC\Desktop\sc-cleaner.exe
[2015.04.11 14:14:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Brother
[2015.04.11 14:10:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Brother
[2015.04.10 15:15:18 | 000,000,000 | ---D | C] -- C:\Users\Admin.***-PC\AppData\Roaming\BitComet
[2015.04.09 19:24:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberGhost 5
[2015.04.09 19:24:11 | 000,000,000 | ---D | C] -- C:\Program Files\CyberGhost 5
[2015.04.09 18:15:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BitComet
[2015.04.09 11:20:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler
[2015.04.09 11:20:36 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler
[2015.04.09 10:27:26 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2015.04.09 10:27:20 | 000,000,000 | ---D | C] -- C:\Users\Admin.***-PC\AppData\Local\temp
[2015.04.09 10:14:39 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2015.04.09 10:14:39 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2015.04.09 10:14:39 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2015.04.09 10:13:31 | 000,000,000 | ---D | C] -- C:\Qoobox
[2015.04.07 23:18:07 | 000,000,000 | ---D | C] -- C:\Program Files\TAP-Windows
[2015.04.06 14:53:13 | 000,136,408 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2015.04.06 14:52:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2015.04.06 14:52:50 | 000,107,736 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2015.04.06 14:52:50 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2015.04.06 14:52:50 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2015.04.06 14:52:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2015.04.06 14:45:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2015.04.06 14:45:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2015.04.06 14:03:46 | 000,000,000 | -HSD | C] -- C:\Users\Admin.***-PC\AppData\Local\EmieUserList
[2015.04.06 14:03:46 | 000,000,000 | -HSD | C] -- C:\Users\Admin.***-PC\AppData\Local\EmieSiteList
[2015.04.06 14:03:46 | 000,000,000 | -HSD | C] -- C:\Users\Admin.***-PC\AppData\Local\EmieBrowserModeList
[2015.04.06 13:35:28 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2015.04.06 13:10:10 | 000,000,000 | ---D | C] -- C:\Users\Admin.***-PC\AppData\Roaming\Tunngle
[2015.04.06 13:00:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2015.04.06 12:56:02 | 000,000,000 | ---D | C] -- C:\Users\Admin.***-PC\AppData\Local\Programs
[2015.04.06 12:51:40 | 000,000,000 | ---D | C] -- C:\RegBackup
[2015.04.06 12:28:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2015.04.06 12:28:16 | 000,000,000 | ---D | C] -- C:\Users\Admin.***-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2015.04.03 21:11:55 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Flash
[2015.04.03 21:05:44 | 000,000,000 | ---D | C] -- C:\ProgramData\KingSoft
[2015.04.03 21:03:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Tencent
[2015.04.03 21:02:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Tencent
[2015.04.03 21:02:56 | 000,087,864 | ---- | C] (电脑管家) -- C:\Windows\SysNative\drivers\TFsFltX64.sys
[2015.04.03 21:02:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Assistance
[2015.04.03 18:57:40 | 000,031,232 | ---- | C] (Tunngle.net) -- C:\Windows\SysNative\drivers\tap0901t.sys
[2015.04.03 15:52:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Steam
[2015.04.02 15:56:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2015.04.02 15:56:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Skype
[2015.04.02 15:56:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2015.03.29 03:06:11 | 000,000,000 | ---D | C] -- C:\Users\Admin.***-PC\AppData\Local\Diagnostics
[2015.03.28 23:55:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2015.03.28 23:48:07 | 000,000,000 | --SD | C] -- C:\Windows\SysWow64\GWX
[2015.03.28 23:48:07 | 000,000,000 | --SD | C] -- C:\Windows\SysNative\GWX
[2015.03.28 23:13:21 | 000,000,000 | ---D | C] -- C:\ProgramData\eMule
[2015.03.28 17:40:53 | 000,000,000 | -HSD | C] -- C:\Windows\ftpcache
[2015.03.26 10:26:57 | 000,622,224 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvStreaming.exe
[2015.03.26 10:25:15 | 018,580,512 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2015.03.26 10:25:15 | 001,540,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdagenco6420103.dll
[2015.03.26 10:25:15 | 000,997,856 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvumdshimx.dll
[2015.03.26 10:25:14 | 032,114,888 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2015.03.26 10:25:14 | 024,775,368 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2015.03.26 10:25:14 | 017,258,024 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2015.03.26 10:25:14 | 013,297,144 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2015.03.26 10:25:14 | 010,775,080 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2015.03.26 10:25:14 | 001,896,136 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6434788.dll
[2015.03.26 10:25:14 | 001,557,648 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6434788.dll
[2015.03.26 10:25:14 | 000,970,384 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvIFR64.dll
[2015.03.26 10:25:14 | 000,944,784 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvFBC64.dll
[2015.03.26 10:25:14 | 000,930,448 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvIFR.dll
[2015.03.26 10:25:14 | 000,909,512 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvFBC.dll
[2015.03.26 10:25:14 | 000,878,328 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2015.03.26 10:25:14 | 000,496,272 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvEncodeAPI64.dll
[2015.03.26 10:25:14 | 000,400,584 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvEncodeAPI.dll
[2015.03.26 10:25:14 | 000,390,288 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvIFROpenGL.dll
[2015.03.26 10:25:14 | 000,354,112 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglshim64.dll
[2015.03.26 10:25:14 | 000,346,824 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvIFROpenGL.dll
[2015.03.26 10:25:14 | 000,306,208 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglshim32.dll
[2015.03.26 10:25:14 | 000,178,512 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2015.03.26 10:25:14 | 000,164,568 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2015.03.26 10:25:13 | 025,460,880 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2015.03.26 10:25:13 | 020,466,376 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2015.03.26 10:25:13 | 013,210,080 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2015.03.26 10:25:13 | 010,715,864 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2015.03.26 10:25:13 | 003,611,792 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2015.03.26 10:25:13 | 003,249,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2015.03.26 02:15:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2015.03.26 02:15:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2015.03.26 02:15:01 | 000,111,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2015.03.26 02:14:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2015.03.26 02:14:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2015.03.25 00:01:55 | 001,107,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2015.03.25 00:01:55 | 000,943,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appraiser.dll
[2015.03.25 00:01:55 | 000,760,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\invagent.dll
[2015.03.25 00:01:55 | 000,677,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\generaltel.dll
[2015.03.25 00:01:55 | 000,414,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\devinv.dll
[2015.03.25 00:01:55 | 000,227,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2015.03.25 00:01:55 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepic.dll
[2015.03.25 00:01:55 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\acmigration.dll
[2015.03.15 12:00:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft
[2015.03.14 22:06:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reality Pump
[2015.03.14 16:12:20 | 000,373,864 | ---- | C] (Lavasoft Limited) -- C:\Windows\SysNative\LavasoftTcpService64.dll
[2015.03.14 16:12:15 | 000,326,288 | ---- | C] (Lavasoft Limited) -- C:\Windows\SysWow64\LavasoftTcpService.dll
 
========== Files - Modified Within 30 Days ==========
 
[2015.04.12 17:07:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2015.04.12 17:01:42 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015.04.12 17:01:42 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015.04.12 16:59:27 | 001,794,928 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2015.04.12 16:59:27 | 000,769,348 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2015.04.12 16:59:27 | 000,711,950 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2015.04.12 16:59:27 | 000,173,666 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2015.04.12 16:59:27 | 000,141,386 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2015.04.12 16:54:06 | 000,136,408 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2015.04.12 16:54:02 | 000,000,436 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2015.04.12 16:53:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Admin.***-PC\Desktop\OTL.exe
[2015.04.12 16:52:30 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2015.04.12 16:52:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015.04.11 21:35:26 | 000,443,208 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Admin.***-PC\Desktop\sc-cleaner.exe
[2015.04.10 15:53:38 | 000,000,630 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2015.04.10 08:58:36 | 000,000,008 | RHS- | M] () -- C:\Users\Admin.***-PC\ntuser.pol
[2015.04.09 18:15:51 | 000,001,007 | ---- | M] () -- C:\Users\Public\Desktop\BitComet.lnk
[2015.04.09 11:20:37 | 000,001,684 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2015.04.06 17:26:49 | 000,000,008 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2015.04.06 14:52:52 | 000,001,102 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2015.04.06 14:45:32 | 000,001,147 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2015.04.06 13:32:25 | 000,268,536 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2015.04.06 12:51:43 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-***-PC-Windows-7-Home-Premium-(64-bit).dat
[2015.04.03 21:02:29 | 000,087,864 | ---- | M] (电脑管家) -- C:\Windows\SysNative\drivers\TFsFltX64.sys
[2015.04.03 19:10:28 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\Access.dat
[2015.04.03 15:45:24 | 000,001,231 | ---- | M] () -- C:\Users\Public\Desktop\Wolfenstein The New Order.lnk
[2015.04.02 15:56:32 | 000,002,687 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2015.03.26 02:14:34 | 000,111,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2015.03.17 12:09:21 | 000,778,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2015.03.17 12:09:21 | 000,142,512 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2015.03.17 06:15:38 | 000,063,704 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2015.03.17 06:15:28 | 000,107,736 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2015.03.17 06:15:24 | 000,025,816 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2015.03.14 22:06:36 | 000,001,131 | ---- | M] () -- C:\Users\Public\Desktop\Two Worlds II.lnk
[2015.03.14 11:52:06 | 000,001,377 | ---- | M] () -- C:\Users\Public\Desktop\GeForce Experience.lnk
[2015.03.13 21:41:47 | 032,114,888 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2015.03.13 21:41:47 | 025,460,880 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2015.03.13 21:41:47 | 024,775,368 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2015.03.13 21:41:47 | 020,466,376 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2015.03.13 21:41:47 | 018,580,512 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2015.03.13 21:41:47 | 017,258,024 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2015.03.13 21:41:47 | 016,022,016 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2015.03.13 21:41:47 | 014,121,624 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2015.03.13 21:41:47 | 013,297,144 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2015.03.13 21:41:47 | 013,210,080 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2015.03.13 21:41:47 | 010,775,080 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2015.03.13 21:41:47 | 010,715,864 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2015.03.13 21:41:47 | 003,611,792 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2015.03.13 21:41:47 | 003,303,448 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2015.03.13 21:41:47 | 003,249,352 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2015.03.13 21:41:47 | 002,906,928 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2015.03.13 21:41:47 | 001,896,136 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6434788.dll
[2015.03.13 21:41:47 | 001,557,648 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6434788.dll
[2015.03.13 21:41:47 | 001,540,240 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdagenco6420103.dll
[2015.03.13 21:41:47 | 000,997,856 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvumdshimx.dll
[2015.03.13 21:41:47 | 000,970,384 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\NvIFR64.dll
[2015.03.13 21:41:47 | 000,944,784 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\NvFBC64.dll
[2015.03.13 21:41:47 | 000,930,448 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvIFR.dll
[2015.03.13 21:41:47 | 000,909,512 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvFBC.dll
[2015.03.13 21:41:47 | 000,878,328 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2015.03.13 21:41:47 | 000,496,272 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvEncodeAPI64.dll
[2015.03.13 21:41:47 | 000,400,584 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvEncodeAPI.dll
[2015.03.13 21:41:47 | 000,390,288 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\NvIFROpenGL.dll
[2015.03.13 21:41:47 | 000,354,112 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglshim64.dll
[2015.03.13 21:41:47 | 000,346,824 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvIFROpenGL.dll
[2015.03.13 21:41:47 | 000,306,208 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglshim32.dll
[2015.03.13 21:41:47 | 000,178,512 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2015.03.13 21:41:47 | 000,164,568 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2015.03.13 21:41:47 | 000,073,872 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2015.03.13 21:41:47 | 000,060,560 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2015.03.13 21:41:47 | 000,027,441 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2015.03.13 18:16:47 | 006,861,968 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2015.03.13 18:16:47 | 003,526,856 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2015.03.13 18:16:45 | 002,559,808 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll
[2015.03.13 18:16:45 | 000,386,248 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2015.03.13 18:16:45 | 000,062,608 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2015.03.13 17:38:39 | 000,622,224 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvStreaming.exe
 
========== Files Created - No Company Name ==========
 
[2015.04.09 18:15:51 | 000,001,007 | ---- | C] () -- C:\Users\Public\Desktop\BitComet.lnk
[2015.04.09 11:20:37 | 000,001,684 | ---- | C] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2015.04.09 10:14:39 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2015.04.09 10:14:39 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2015.04.09 10:14:39 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2015.04.09 10:14:39 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2015.04.09 10:14:39 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2015.04.06 14:52:52 | 000,001,102 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2015.04.06 14:45:32 | 000,001,159 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2015.04.06 14:45:32 | 000,001,147 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2015.04.06 12:51:43 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-***-PC-Windows-7-Home-Premium-(64-bit).dat
[2015.04.06 12:19:50 | 000,000,008 | RHS- | C] () -- C:\Users\Admin.***-PC\ntuser.pol
[2015.04.03 19:10:28 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2015.04.03 15:45:24 | 000,001,231 | ---- | C] () -- C:\Users\Public\Desktop\Wolfenstein The New Order.lnk
[2015.04.03 07:15:35 | 000,000,008 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2015.04.02 15:56:32 | 000,002,687 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2015.04.02 12:51:42 | 000,268,536 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2015.03.14 22:06:36 | 000,001,131 | ---- | C] () -- C:\Users\Public\Desktop\Two Worlds II.lnk
[2015.02.20 14:39:56 | 000,000,043 | ---- | C] () -- C:\Users\Admin.***-PC\AppData\Roaming\WB.CFG
[2015.01.20 21:16:45 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2015.01.15 20:23:32 | 001,768,272 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2015.02.13 07:22:33 | 014,177,280 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2015.02.13 07:26:18 | 012,875,264 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2015.01.15 23:09:21 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\AVAST Software
[2015.01.19 15:50:56 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TuneUp Software
[2015.01.21 21:53:25 | 000,000,000 | ---D | M] -- C:\Users\Admin.***-PC\AppData\Roaming\AVAST Software
[2015.04.11 16:24:27 | 000,000,000 | ---D | M] -- C:\Users\Admin.***-PC\AppData\Roaming\BitComet
[2015.02.02 17:11:55 | 000,000,000 | ---D | M] -- C:\Users\Admin.***-PC\AppData\Roaming\TuneUp Software
[2015.04.06 13:10:10 | 000,000,000 | ---D | M] -- C:\Users\Admin.***-PC\AppData\Roaming\Tunngle
[2015.01.15 19:38:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AVAST Software
[2015.04.12 04:59:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BitComet
[2015.03.07 12:23:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BitTorrent
[2015.04.03 07:15:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Browsers
[2015.01.26 01:19:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DarkSoulsII
[2015.02.20 02:50:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\dlg
[2015.01.17 16:11:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dwarfs
[2015.02.20 03:34:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera Software
[2015.03.09 23:42:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Origin
[2015.02.20 02:43:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\QuickScan
[2015.02.20 03:09:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\sparta123
[2015.04.03 07:15:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SPI
[2015.01.20 22:08:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Steganos
[2015.01.20 22:08:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Steganos VPN
[2015.04.10 00:44:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TS3Client
[2015.01.20 23:28:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software
[2015.04.03 20:23:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Tunngle
[2015.04.12 06:50:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\uTorrent
[2015.01.20 21:52:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2015.01.18 23:02:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Origin
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2015.04.03 07:15:17 | 000,001,309 | R-S- | C] ()(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\?ozill? Firefo?.lnk) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Мozillа Firefoх.lnk

< End of report >
Extras:

Code:
OTL Extras logfile created on: 12.04.2015 17:08:18 - Run 2
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Admin.***-PC\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17691)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,43 Gb Available Physical Memory | 60,71% Memory free
8,00 Gb Paging File | 6,11 Gb Available in Paging File | 76,41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 247,82 Gb Total Space | 17,09 Gb Free Space | 6,90% Space Free | Partition Type: NTFS
Drive D: | 100,00 Mb Total Space | 69,99 Mb Free Space | 69,99% Space Free | Partition Type: NTFS
Drive E: | 683,59 Gb Total Space | 381,73 Gb Free Space | 55,84% Space Free | Partition Type: NTFS
Drive F: | 3,61 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive G: | 931,51 Gb Total Space | 13,94 Gb Free Space | 1,50% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3735647818-3390927355-959790164-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UpdatesDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03B4FA71-1874-4D3F-ABED-A1D0F09BF73C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0FCA15FE-8089-4553-8531-F12D90BC2583}" = lport=10243 | protocol=6 | dir=in | app=system |
"{10AAA2DD-F131-4E14-A651-F2C0F1B13CBC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{116BB5A2-E7B1-49B3-84CB-7276EF484A8E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{175A0A68-A410-4F0E-B232-18435D404633}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{22D87343-5144-4C94-87F2-40AAD96AA1A7}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamnetworkservice.exe |
"{2ADDF2E5-C497-4F0C-822B-FF6A98888F2C}" = lport=47995 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{32C7CB5B-4C32-4C6F-B3BD-AB71F2BC7DDE}" = lport=1542 | protocol=6 | dir=in | name=realtek wps tcp prot |
"{34CDF4F1-165D-4A49-8309-178588EFA6B9}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{43A37F75-902C-44B1-93B4-587EE3182B5E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{44E53FE5-241A-4D49-A36F-66B1EEB84B8A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{46B2A9FF-BE34-4CC6-BEC7-FB68C206CC1B}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{50CBC0CB-5CF9-41BB-9F78-4910B7C09FA6}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{52FE1C03-5399-4927-808B-2B78FE4CE6CF}" = lport=80 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
"{534DF886-E704-441B-A006-FBCCD913D9D3}" = lport=80 | protocol=6 | dir=in | app=system |
"{587D2DCC-93F3-44BD-8D2B-D096DA51C007}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{5A453361-15D5-48EB-99A9-76F091BD3F29}" = lport=443 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
"{5AFC7BF6-0528-4B33-8362-D85142605289}" = rport=2869 | protocol=6 | dir=out | app=system |
"{5BC05455-20E9-456D-A0AB-3B9C0EFC1D18}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5CF57D97-913D-43D1-B981-9EF098AB4E3F}" = lport=137 | protocol=17 | dir=in | app=system |
"{617FBAF7-C390-41FD-9C59-FAA52C5AB7B6}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{64F3FF99-1444-4CF3-9C6E-9D48828F231B}" = rport=445 | protocol=6 | dir=out | app=system |
"{661F5120-CE1D-4AF7-96E8-882F318DC1A6}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7022FDDC-2A61-4B4A-8CCC-0E5CC95BFD36}" = rport=10243 | protocol=6 | dir=out | app=system |
"{72A41EEE-B3FF-42F7-87DA-427C34DF5F9B}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{730433A4-DAF7-4D62-92EB-DBD866809734}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{7FA5074A-A921-4A5F-8541-420A6BEC6D41}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{827B8093-273D-487F-9C3E-983DBFF808A4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{84D80788-5EEB-43A8-996C-39D227629BEF}" = rport=139 | protocol=6 | dir=out | app=system |
"{8C5C2DCC-F469-4B35-9273-93D2A941AEF4}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{915E7223-E7F3-43E4-B56A-821CAD288BBE}" = rport=138 | protocol=17 | dir=out | app=system |
"{95348BBE-E7AD-49B0-9D66-321BF7195625}" = lport=139 | protocol=6 | dir=in | app=system |
"{9605E32F-B389-4B43-8D01-624CA0D82DE6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{96232A6F-2419-471E-A56B-7468A6620088}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{96653687-79FB-4948-A0A4-BFA213906DD8}" = rport=137 | protocol=17 | dir=out | app=system |
"{A18CD003-A388-420B-93C8-1968768E4E3B}" = lport=138 | protocol=17 | dir=in | app=system |
"{A2ACB5B3-D1A9-4D98-935A-DCF4F10FDFEA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A50BE899-293D-492F-A9DB-A816C71BEF38}" = lport=18315 | protocol=17 | dir=in | name=bitcomet 18315 udp |
"{A9187B57-7CF5-4C06-B9A3-EEBEFB41DC35}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A9726B68-0F31-406F-86FE-4CC5A22CC994}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B94C6561-E750-4A02-B9D3-78BFC2B78A76}" = lport=1542 | protocol=17 | dir=in | name=realtek wps udp prot |
"{BAE58AD2-07CB-45EA-8D4A-952862903CD1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C0EBE295-A3DA-42F4-A326-0F821955B5D1}" = lport=47984 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamnetworkservice.exe |
"{D13004DA-5777-4CBF-AEE4-8B049BE869D4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DFF73723-E885-42B8-8791-4D19DF987C23}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{E0F27857-F72A-466E-816E-AAB3F6A77FB2}" = lport=18315 | protocol=6 | dir=in | name=bitcomet 18315 tcp |
"{F0E60599-07C7-4988-BCDE-C0783DC2F8E4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F20F44A8-830C-47CB-9E1D-138C5A8386E2}" = lport=445 | protocol=6 | dir=in | app=system |
"{F98D3258-C23B-4CA2-9720-535C32B917D5}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{FD516282-7DD2-4D1E-971F-DFB0104587CC}" = lport=53 | protocol=17 | dir=in | name=realtek ap udp prot |
"{FEA908E4-DAE3-4F5D-9ADD-B816C5B05805}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B7AF388-A45C-486C-9CAC-86EC79ECDCA8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{0CBEE6C1-CD6A-431F-B931-EACA0FC8D562}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\utorrent\utorrent.exe |
"{0CD01CBB-46D9-4317-ACA5-20FED8C1DFF3}" = protocol=17 | dir=in | app=e:\programme\steamapps\common\steamapps\common\tom clancy's splinter cell blacklist\blacklist_launcher.exe |
"{0D014367-38BF-486E-B625-900F9F5848FD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dark souls ii\game\darksoulsii.exe |
"{10824D26-95DB-40A8-BA2B-90F3F94AA047}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{158DEFD6-6C57-451B-B149-C393CAD7E381}" = dir=in | app=e:\programme\steamapps\common\steamapps\common\wolfenstein the new order-reloaded\rld-wothneor\crack\wolfneworder_x64.exe |
"{18516896-3AA5-43CF-9469-14990308E3FE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1CA34E89-3DBC-4640-851F-D37490F1785E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dark souls ii\game\darksoulsii.exe |
"{22E83034-8534-40CD-BA1B-738AF5AA592A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe |
"{2946E225-D7E6-49BF-9EBE-DCA9E598C402}" = protocol=6 | dir=in | app=e:\programme\steamapps\common\steamapps\common\tom clancy's splinter cell blacklist\src\system\blacklist_game.exe |
"{2B26837E-0BD2-43E4-83DE-863240A26E9B}" = dir=in | app=c:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe |
"{2C6A4479-5B37-40EA-81BE-7CF77C763AE9}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{2E52F7AF-3D1C-40D3-BAEC-85B28206D63B}" = protocol=6 | dir=in | app=e:\programme\steamapps\common\steamapps\common\nether\launcher\launcher.exe |
"{2FC2AD02-3C9E-4E71-9B26-725891CE2949}" = protocol=17 | dir=in | app=e:\programme\steamapps\common\steamapps\common\tom clancy's splinter cell blacklist\src\system\blacklist_game.exe |
"{31502B3E-FE7C-463C-BF23-0195F4E6C2DE}" = dir=in | app=e:\programme\steamapps\common\steamapps\common\wolfenstein the new order-reloaded\rld-wothneor\setup.exe |
"{336868BB-31D3-4411-877C-560EECF8C5E0}" = protocol=17 | dir=in | app=e:\programme\steamapps\common\steamapps\common\tom clancy's splinter cell blacklist\src\system\blacklist_dx11_game.exe |
"{3375CCF9-974C-4ACC-B57B-FF3D0833296E}" = protocol=17 | dir=in | app=e:\programme\steamapps\common\steamapps\common\tom clancy's splinter cell blacklist\src\system\gu.exe |
"{374C7F29-BE78-4816-8ADF-28078E688CAA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{37CB131C-CDD0-4B7E-BE5D-F6B36861CAB7}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{38FAA670-9C7A-4A34-A4EA-32A83749D649}" = dir=in | app=e:\programme\steamapps\common\steamapps\common\wolfenstein the new order-reloaded\wolfenstein the new order\wolfneworder_x64.exe |
"{3DAFDCAB-71D0-474E-9A65-53D28163BFB9}" = protocol=6 | dir=in | app=e:\programme\steamapps\common\steamapps\common\sniper elite v2\launcher\sniperv2launcher.exe |
"{3DFBEF1D-A475-4DE5-997B-EFFAF2C963E7}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{42A10FB6-7CBC-4C0A-BDE4-21998304A476}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dark souls ii\game\darksoulsii.exe |
"{439BA7E8-D004-4CE6-B33A-0B410B3464AA}" = protocol=6 | dir=in | app=e:\programme\steamapps\common\steamapps\common\sniper elite v2\bin\sniperelitev2.exe |
"{4575097B-FD27-453B-9C2F-8C4E4B203240}" = protocol=6 | dir=in | app=e:\program files (x86)\origin games\dead space 3\deadspace3.exe |
"{47892E58-5AD0-48AC-B691-A9E70A313C43}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{4B31C15D-6188-4714-BB7D-EF0B6A91A919}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{50D4AADD-802E-4EDE-8361-9E87E2C06B50}" = protocol=17 | dir=in | app=e:\programme\steamapps\common\steamapps\common\evolvegame\bin64_steamretail\evolve.exe |
"{52C43A86-E274-4056-A553-38AEB8104C47}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\bin\steamwebhelper.exe |
"{546A4ACF-C0FA-48E9-8855-B74B31BEFCF2}" = protocol=6 | dir=in | app=e:\programme\steamapps\common\steamapps\common\evolvegame\bin64_steamretail\evolve.exe |
"{58DA7A35-E7F0-4FF7-9769-A594E8E2C923}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dark souls ii\game\darksoulsii.exe |
"{5950763A-974A-4EC7-B29E-85D8CEFEC4F3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5A9D4D87-CA61-4BD7-A539-8D3999AF1A72}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe |
"{5AF1E737-20DB-4075-AB73-5D3CDFD2356A}" = protocol=6 | dir=in | app=e:\programme\steamapps\common\steamapps\common\tom clancy's splinter cell blacklist\src\system\gu.exe |
"{5BE86AD7-9E76-45AE-9AC0-AEF822088362}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{6718FDA6-BBA5-41E9-91B1-3E6743AA9B41}" = protocol=17 | dir=in | app=e:\programme\steamapps\common\steamapps\common\evolvegame\bin64_steamretail\evolve.exe |
"{68299EFB-561F-46A8-A06B-670F0685DAEE}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{6941F323-A4FC-4111-8362-BC9023BFBF54}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6B58FCB1-9140-47CF-B0D8-05970C66603B}" = protocol=6 | dir=in | app=e:\programme\steamapps\common\steamapps\common\dying light\dyinglightgame.exe |
"{6D34121C-68CB-4F6F-BFCB-5C98DF3B3610}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dark souls ii\game\darksoulsii.exe |
"{74C47503-0D15-4079-8FE6-EF49DF9BCD47}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\defiance\patcher.exe |
"{75B7449A-016F-480F-AA01-5095B363E22D}" = protocol=17 | dir=in | app=e:\programme\steamapps\common\steamapps\common\sniper elite v2\bin\sniperelitev2.exe |
"{75E923B7-8858-4ACA-9846-5A79EBB0D33E}" = protocol=6 | dir=in | app=e:\programme\steamapps\common\steamapps\common\lords of the fallen\bin\lordsofthefallen.exe |
"{76F6CB9F-4611-4EAA-AF8D-5F183050B7B6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{77CE1DC7-AB34-41F9-97A4-F8EE0ABCBB96}" = protocol=6 | dir=in | app=c:\program files (x86)\bitcomet\bitcomet.exe |
"{7FF731EC-BBB1-42EE-B9C2-57E5AC3D9D31}" = protocol=6 | dir=in | app=e:\programme\steamapps\common\steamapps\common\zombie army trilogy\launcher\zatlauncher.exe |
"{84649C4C-C0AA-42F8-96D4-61A699E0B003}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\defiance\patcher.exe |
"{8B37A63E-692C-43F4-BD2E-15C5096B1A3C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dark souls ii\game\darksoulsii.exe |
"{8BE3297D-ACC4-4D1D-AFE6-6C919F8351FA}" = protocol=17 | dir=in | app=e:\programme\steamapps\common\steamapps\common\lords of the fallen\bin\lordsofthefallen.exe |
"{8E77BDB3-9B2E-425E-994D-2DC76EE395C5}" = dir=in | app=e:\program files (x86)\phone\skype.exe |
"{8E9E1577-BD98-4886-BD80-F8A7933D0495}" = protocol=17 | dir=in | app=e:\programme\steamapps\common\steamapps\common\nether\launcher\launcher.exe |
"{92D016C1-E954-4C30-B9B1-A2F181F2830B}" = protocol=17 | dir=in | app=c:\program files (x86)\bitcomet\bitcomet.exe |
"{946AE773-F49C-4753-835E-106452DBBB18}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{94F2F8F2-B1DA-47CC-B67C-E0787FECCFF2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dark souls ii\game\darksoulsii.exe |
"{96F6CDCF-7E9E-4C90-AA4B-47A226C91987}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{986EFD69-3B55-4102-ACE4-A3C14B589682}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{98F21E5F-2B1A-41D2-B73D-FC7A9850809D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9AC2E833-1FC1-4F82-B34E-2B58A743DAA5}" = protocol=17 | dir=in | app=c:\program files (x86)\realtek\rtl8185 wireless lan utility\rtwlan.exe |
"{9E4177A1-4345-4E93-9DAB-98D3EFE2E8ED}" = protocol=6 | dir=in | app=c:\program files (x86)\realtek\rtl8185 wireless lan utility\rtwlan.exe |
"{A140EACD-C7A6-49B2-A77F-DEB3C38D000A}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{A1790976-1B41-42B8-8B86-DF7D3EBAFB34}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A2F18F7C-2D9D-4FA5-BBE0-0598B1982BAA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A3A20088-3523-4B4B-BA6D-00B4A212BAEA}" = dir=in | app=c:\program files (x86)\common files\tencent\qqdownload\130\bugreport_xf.exe |
"{A920EFDA-5534-4DB0-8334-5744703786FC}" = protocol=17 | dir=in | app=e:\programme\steamapps\common\steamapps\common\zombie army trilogy\launcher\zatlauncher.exe |
"{AEA46CA8-347A-4C70-A208-33A0204C8B92}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C218AC3E-9DF4-4479-A56C-C4E33B383FEF}" = protocol=17 | dir=in | app=e:\programme\steamapps\common\steamapps\common\dying light\dyinglightgame.exe |
"{C22457E2-3F57-4D28-9F9C-9878C626C7FF}" = protocol=6 | dir=out | app=system |
"{C3806E9D-3584-4EC1-A019-7042D285AD4E}" = protocol=6 | dir=in | app=e:\programme\steamapps\common\steamapps\common\two worlds ii\twoworlds2.exe |
"{C52459DF-138D-4686-B62C-6D4AD38A4567}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dark souls ii\game\darksoulsii.exe |
"{C7921FF1-2605-4850-897D-3167112EFEEF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{C7AD4D48-7B74-445B-A033-E83A7EFC1875}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{CCA12CC1-A036-49C6-A2C6-4347CC7A1469}" = protocol=17 | dir=in | app=e:\program files (x86)\origin games\dead space 3\deadspace3.exe |
"{CD415D51-B3BA-4EA5-BAFE-2140830E63B6}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{D328E85E-4F13-4704-8A94-CE9BC899BD1D}" = dir=in | app=e:\programme\steamapps\common\steamapps\common\wolfenstein the new order-reloaded\rld-wothneor\crack\wolfneworder_x64.exe |
"{D6924441-7243-4772-BEAD-14421AF61223}" = protocol=6 | dir=in | app=e:\programme\steamapps\common\steamapps\common\evolvegame\bin64_steamretail\evolve.exe |
"{D89263AB-7AF6-4CB4-B632-6E340891B8A2}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{DAB8CF28-CBE6-4BA3-A724-4689D76B371B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DAFAA7B5-4B64-4190-B8A7-2CE23489F593}" = protocol=17 | dir=in | app=e:\programme\steamapps\common\steamapps\common\two worlds ii\twoworlds2.exe |
"{DD66FB2D-FBA0-47D1-AC8B-B2DF66E23F5F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E5DBE090-F71A-48BB-BB31-2BC1DB05681A}" = dir=in | app=e:\programme\steamapps\common\steamapps\common\wolfenstein the new order-reloaded\wolfenstein the new order\wolfneworder_x64.exe |
"{E90C0288-09C0-46F5-BACD-023BC5407D4E}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{EB636D29-E6A9-4B52-90E8-F7209AD94F9B}" = protocol=6 | dir=in | app=e:\programme\steamapps\common\steamapps\common\tom clancy's splinter cell blacklist\src\system\blacklist_dx11_game.exe |
"{EE1500CD-8225-485E-806C-3364A9E98222}" = protocol=17 | dir=in | app=e:\programme\steamapps\common\steamapps\common\sniper elite v2\launcher\sniperv2launcher.exe |
"{EEF97DE2-C5B3-489B-AE51-43EC30543B1F}" = dir=in | app=e:\programme\steamapps\common\steamapps\common\wolfenstein the new order-reloaded\rld-wothneor\setup.exe |
"{EF83E4C5-0512-4465-9D19-D28B5F34804B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe |
"{F0891D46-15E3-423C-9BFC-5A5BB807A80D}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\utorrent\utorrent.exe |
"{F2240A34-8E80-497F-937F-5CA7503CD02E}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{F33A65A4-2282-44A6-A6FA-12CDECD13380}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{FB466C0B-8859-4D97-A85D-DC2D4D6FA636}" = protocol=6 | dir=in | app=e:\programme\steamapps\common\steamapps\common\tom clancy's splinter cell blacklist\blacklist_launcher.exe |
"{FE823368-8FF6-44C2-BB49-F0E4F416AE34}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\bin\steamwebhelper.exe |
"{FEF873B8-2CE3-418F-BD96-109ECBFAD9B7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{FF12C71C-925B-4E40-8941-B5D37AD461ED}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe |
"TCP Query User{40B1920A-8039-4C29-A231-50B4C2CC6215}E:\program files (x86)\bin\javaw.exe" = protocol=6 | dir=in | app=e:\program files (x86)\bin\javaw.exe |
"TCP Query User{58E46785-2583-4123-ABB1-DCF66CFCCDC2}E:\programme\steamapps\common\steamapps\common\wolfenstein the new order-reloaded\wolfenstein the new order\wolfneworder_x64.exe" = protocol=6 | dir=in | app=e:\programme\steamapps\common\steamapps\common\wolfenstein the new order-reloaded\wolfenstein the new order\wolfneworder_x64.exe |
"TCP Query User{AE23AD19-D314-4878-B22E-A5DF459647DE}E:\programme\steamapps\common\steamapps\common\nether\game\binaries\win64\nether.exe" = protocol=6 | dir=in | app=e:\programme\steamapps\common\steamapps\common\nether\game\binaries\win64\nether.exe |
"UDP Query User{11D0AE15-A726-4686-9C52-8C7B36959FE0}E:\programme\steamapps\common\steamapps\common\wolfenstein the new order-reloaded\wolfenstein the new order\wolfneworder_x64.exe" = protocol=17 | dir=in | app=e:\programme\steamapps\common\steamapps\common\wolfenstein the new order-reloaded\wolfenstein the new order\wolfneworder_x64.exe |
"UDP Query User{9ED35944-90EE-4035-8885-A94B464D04C0}E:\program files (x86)\bin\javaw.exe" = protocol=17 | dir=in | app=e:\program files (x86)\bin\javaw.exe |
"UDP Query User{AF84502B-75A5-4277-8D9C-55A5FF3015DB}E:\programme\steamapps\common\steamapps\common\nether\game\binaries\win64\nether.exe" = protocol=17 | dir=in | app=e:\programme\steamapps\common\steamapps\common\nether\game\binaries\win64\nether.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{1DB0C90B-2A9F-3A1E-B1DF-616C5A2A1417}" = Microsoft .NET Framework 4.5.2 (DEU)
"{26784146-6E05-3FF9-9335-786C7C0FB5BE}" = Microsoft .NET Framework 4.5.2
"{26A24AE4-039D-4CA4-87B4-2F86418040F0}" = Java 8 Update 40 (64-bit)
"{28791292-D18D-42FA-AE66-3D3D20AA8618}" = Apple Application Support (64-Bit)
"{37B8F9C7-03FB-3253-8781-2517C99D7C00}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030
"{5ED7462B-EF58-4757-B609-53755021EC34}" = Apple Mobile Device Support
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031" = Microsoft .NET Framework 4.5.2 (Deutsch)
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.2
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 347.88
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 347.88
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 347.88
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 2.4.0.9
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 347.09
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.14.0702
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 2.4.0.9
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.LEDVisualizer" = NVIDIA LED Visualizer 1.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GfExperienceService" = NVIDIA GeForce Experience Service
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.33.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Network.Service" = NVIDIA Network Service
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay" = NVIDIA ShadowPlay 2.4.0.9
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController" = SHIELD Wireless Controller Driver
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core" = NVIDIA Update Core
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.27
"{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}" = Apple Mobile Device Support
"{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030
"CyberGhost 5_is1" = CyberGhost 5
"Defraggler" = Defraggler
"TAP-Windows" = TAP-Windows 9.9.2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 5.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}" = Skype™ 7.3
"{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}" = Apple Application Support (32-Bit)
"{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
"{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}" = Microsoft ASP.NET MVC 4 Runtime
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{B175520C-86A2-35A7-8619-86DC379688B9}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
"{B455E95A-B804-439F-B533-336B1635AE97}" = NVIDIA PhysX
"{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
"{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
"{D4329609-4102-4F8C-B83F-7FE024EEA314}" = Dead Space™ 3
"{EA594E28-547D-4FB5-AED8-3628EFB1474D}" = TuneUp Utilities 2014 (de-DE)
"{EF72E0A5-57E8-471F-837E-82BB19771363}" = REALTEK RTL8185 Wireless LAN Software
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}" = TuneUp Utilities 2014
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player NPAPI" = Adobe Flash Player 17 NPAPI
"Avast" = Avast Free Antivirus
"BitComet" = BitComet 1.38
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware Version 2.1.4.1018
"Mozilla Firefox 37.0.1 (x86 de)" = Mozilla Firefox 37.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Origin" = Origin
"Revo Uninstaller" = Revo Uninstaller 1.95
"Steam" = Steam
"Steam App 1250" = Killing Floor
"Steam App 211420" = Dark Souls: Prepare to Die Edition
"Steam App 224600" = Defiance
"Steam App 235600" = Tom Clancy's Splinter Cell Blacklist
"Steam App 236430" = DARK SOULS™ II
"Steam App 239140" = Dying Light
"Steam App 247730" = Nether
"Steam App 265300" = Lords Of The Fallen
"Steam App 273350" = Evolve
"Steam App 301640" = Zombie Army Trilogy
"Steam App 326960" = Killing Floor - Toy Master
"Steam App 49520" = Borderlands 2
"Steam App 63380" = Sniper Elite V2
"TuneUp Utilities" = TuneUp Utilities 2014
"Two Worlds II" = Two Worlds II
"Uplay" = Uplay
"V29sZmVuc3RlaW5UaGVOZXdPcmRlcg==_is1" = Wolfenstein: The New Order
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 11.04.2015 17:56:21 | Computer Name = ***-PC | Source = VSS | ID = 8193
Description =
 
Error - 11.04.2015 17:56:23 | Computer Name = ***-PC | Source = VSS | ID = 13
Description =
 
Error - 11.04.2015 17:56:23 | Computer Name = ***-PC | Source = VSS | ID = 8193
Description =
 
Error - 11.04.2015 17:57:04 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 12.04.2015 02:48:09 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 512
Description = Vom Kryptografiedienst konnte das VSS-Sicherungsobjekt "System Writer"
 nicht initialisiert werden.  Details: Could not query the status of the EventSystem
 service.  System Error: Der Computer wird heruntergefahren.  .
 
Error - 12.04.2015 10:52:30 | Computer Name = ***-PC | Source = VSS | ID = 13
Description =
 
Error - 12.04.2015 10:52:30 | Computer Name = ***-PC | Source = VSS | ID = 8193
Description =
 
Error - 12.04.2015 10:52:31 | Computer Name = ***-PC | Source = VSS | ID = 13
Description =
 
Error - 12.04.2015 10:52:31 | Computer Name = ***-PC | Source = VSS | ID = 8193
Description =
 
Error - 12.04.2015 10:52:49 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
 
[ System Events ]
Error - 12.04.2015 11:04:40 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Intelligenter Hintergrundübertragungsdienst" ist vom Dienst
 "COM+-Ereignissystem" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde:  %%1058
 
Error - 12.04.2015 11:04:40 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Intelligenter Hintergrundübertragungsdienst" ist vom Dienst
 "COM+-Ereignissystem" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde:  %%1058
 
Error - 12.04.2015 11:04:40 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Intelligenter Hintergrundübertragungsdienst" ist vom Dienst
 "COM+-Ereignissystem" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde:  %%1058
 
Error - 12.04.2015 11:04:40 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Intelligenter Hintergrundübertragungsdienst" ist vom Dienst
 "COM+-Ereignissystem" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde:  %%1058
 
Error - 12.04.2015 11:04:40 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Intelligenter Hintergrundübertragungsdienst" ist vom Dienst
 "COM+-Ereignissystem" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde:  %%1058
 
Error - 12.04.2015 11:04:40 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Intelligenter Hintergrundübertragungsdienst" ist vom Dienst
 "COM+-Ereignissystem" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde:  %%1058
 
Error - 12.04.2015 11:04:40 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Intelligenter Hintergrundübertragungsdienst" ist vom Dienst
 "COM+-Ereignissystem" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde:  %%1058
 
Error - 12.04.2015 11:04:40 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Intelligenter Hintergrundübertragungsdienst" ist vom Dienst
 "COM+-Ereignissystem" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde:  %%1058
 
Error - 12.04.2015 11:04:40 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Intelligenter Hintergrundübertragungsdienst" ist vom Dienst
 "COM+-Ereignissystem" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde:  %%1058
 
Error - 12.04.2015 11:09:27 | Computer Name = ***-PC | Source = ipnathlp | ID = 31004
Description =
 
 
< End of report >
Ich persöhnlich sehe nur:
Code:
IE - HKU\S-1-5-21-3735647818-3390927355-959790164-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://gotut.ru/

Warum Bing eingerichtet ist, verstehe ich auch nicht:

Code:
IE - HKU\S-1-5-21-3735647818-3390927355-959790164-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC


Alle Zeitangaben in WEZ +1. Es ist jetzt 23:45 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131