Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Eigene Dateien nicht mehr aufrufbar! Desktop, Dokumente etc.

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 01.04.2015, 19:04   #1
VavaOwns
 
Eigene Dateien nicht mehr aufrufbar! Desktop, Dokumente etc. - Unglücklich

Eigene Dateien nicht mehr aufrufbar! Desktop, Dokumente etc.



Schönen Guten Tag liebes Forum,

ich habe seit paar Minuten ein relativ großes Problem.
Normalerweise versuche ich meine Probleme immer selber zu Beheben, aber diesmal bin ich ratlos...

Zum Problem:
Als ich grade noch im League of Legends Match war, hörte ich eine Fehlermeldung und ignorierte die bis das Match zu ende war. Als ich auf den Desktop kam sah ich diese Fehlermeldung: hxxp://puu.sh/gXTat/f07b64ac52.png Anstelle \Documents stand da \Desktop.
Ich denk mir so nichts böses und gucke auf den Desktop. ALLES LEER.
Ich starte meinen PC von neu und voilla. Mein ganzer Desktop ist schwarz und nur der Papierkorb ist vorhanden. Meine ganze Taskleiste hat plötzlich kaputte Verknüpfungen, dh. ich konnte keine mehr anklicken. Nichtmal der Explorer war mehr da.
Malwarebytes hat nichts gefunden und ich weiß nicht was ich machen soll..
Alle Dateien die auf meinem Desktop waren sind weg. Wie als auch die in den Documents.. Pictures usw. Ich habe keinen Zugriff mehr darauf. Immer die selbe Fehlermeldung halt \Verzeichnis.

Ich hoffe ihr könnt mir irgendwie helfen, denn ich habe sehr viel privates Zeug verloren :/

MfG,
Valerij

Alt 01.04.2015, 19:13   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Eigene Dateien nicht mehr aufrufbar! Desktop, Dokumente etc. - Standard

Eigene Dateien nicht mehr aufrufbar! Desktop, Dokumente etc.



hi,

Bild bitte hier anhängen.

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 01.04.2015, 19:31   #3
VavaOwns
 
Eigene Dateien nicht mehr aufrufbar! Desktop, Dokumente etc. - Standard

Eigene Dateien nicht mehr aufrufbar! Desktop, Dokumente etc.



Ah Sorry,

Bild ist nun im Anhang.
FRST.txt und Addition.txt auch.
Und was sind das für Dateien in dem letzen Bild?
Die wurden erstellt, als ich den PC heruntergefahren habe glaub ich.
__________________
Angehängte Grafiken
Dateityp: png f07b64ac52.png (13,1 KB, 165x aufgerufen)
Dateityp: jpg c5ca21cecc.jpg (72,8 KB, 365x aufgerufen)

Alt 02.04.2015, 06:32   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Eigene Dateien nicht mehr aufrufbar! Desktop, Dokumente etc. - Standard

Eigene Dateien nicht mehr aufrufbar! Desktop, Dokumente etc.



Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 02.04.2015, 13:25   #5
VavaOwns
 
Eigene Dateien nicht mehr aufrufbar! Desktop, Dokumente etc. - Standard

Eigene Dateien nicht mehr aufrufbar! Desktop, Dokumente etc.



Hallo,

ich muss mich entschuldigen, aber es funktioniert leider nicht.
Immer wenn ich Vorschau bzw. Absenden drücke lädt es 1 min und das Forum wird weiß.
Ist glaube ich zu viel Code.

MfG.


Alt 02.04.2015, 20:43   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Eigene Dateien nicht mehr aufrufbar! Desktop, Dokumente etc. - Standard

Eigene Dateien nicht mehr aufrufbar! Desktop, Dokumente etc.



Dann teile es in Stücke und benutze mehrere Posts
__________________
--> Eigene Dateien nicht mehr aufrufbar! Desktop, Dokumente etc.

Alt 03.04.2015, 11:38   #7
VavaOwns
 
Eigene Dateien nicht mehr aufrufbar! Desktop, Dokumente etc. - Standard

Eigene Dateien nicht mehr aufrufbar! Desktop, Dokumente etc.



FRST: Die uuXX Dateien gehen bis 0! Also das sind ne menge(18837 stück), jetzt weiß ich warum das nicht ging... kannst du mir zufällig sagen was das für Dateien sind?


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Valerij (administrator) on VAVA on 01-04-2015 20:18:09
Running from C:\Users\Valerij\Desktop
Loaded Profiles: Valerij &  (Available profiles: Valerij & Vava)
Platform: Windows 8.1 Pro (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Locktime Software) C:\Program Files\Locktime Software\NetLimiter 4\NLSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Spotify Ltd) C:\Users\Valerij\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Locktime Software) C:\Program Files\Locktime Software\NetLimiter 4\NLClientApp.exe
() C:\Program Files (x86)\puush\puush.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(TeamSpeak Systems GmbH) C:\Users\Valerij\AppData\Local\TeamSpeak 3 Client\ts3client_win64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585744 2015-02-05] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [12697368 2014-10-14] (Logitech Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [590144 2015-03-12] (Razer Inc.)
HKU\S-1-5-21-764792866-2691984419-414306931-1001\...\Run: [Spotify Web Helper] => C:\Users\Valerij\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1964088 2015-03-20] (Spotify Ltd)
HKU\S-1-5-21-764792866-2691984419-414306931-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2888896 2015-03-24] (Valve Corporation)
HKU\S-1-5-21-764792866-2691984419-414306931-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3632472 2015-03-27] (Electronic Arts)
HKU\S-1-5-21-764792866-2691984419-414306931-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
HKU\S-1-5-21-764792866-2691984419-414306931-1001\...\Run: [NetLimiter] => C:\Program Files\Locktime Software\NetLimiter 4\nlclientapp.exe [51840 2015-03-04] (Locktime Software)
HKU\S-1-5-21-764792866-2691984419-414306931-1001\...\Run: [Battle.net] => C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe [2861104 2015-03-21] (Blizzard Entertainment)
HKU\S-1-5-21-764792866-2691984419-414306931-1001\...\Run: [puush] => C:\Program Files (x86)\puush\puush.exe [568904 2015-03-30] ()
HKU\S-1-5-21-764792866-2691984419-414306931-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31344744 2015-02-26] (Skype Technologies S.A.)
HKU\S-1-5-21-764792866-2691984419-414306931-1001\...\Run: [Spotify] => C:\Users\Valerij\AppData\Roaming\Spotify\Spotify.exe [6701624 2015-03-20] (Spotify Ltd)
HKU\S-1-5-21-764792866-2691984419-414306931-1001\...\MountPoints2: {a8c344c1-c334-11e4-824e-806e6f6e6963} - "D:\Install_RADStudio.exe" 
HKU\S-1-5-21-764792866-2691984419-414306931-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Spotify Web Helper] => C:\Users\Valerij\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1964088 2015-03-20] (Spotify Ltd)
HKU\S-1-5-21-764792866-2691984419-414306931-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2888896 2015-03-24] (Valve Corporation)
HKU\S-1-5-21-764792866-2691984419-414306931-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3632472 2015-03-27] (Electronic Arts)
HKU\S-1-5-21-764792866-2691984419-414306931-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
HKU\S-1-5-21-764792866-2691984419-414306931-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [NetLimiter] => C:\Program Files\Locktime Software\NetLimiter 4\nlclientapp.exe [51840 2015-03-04] (Locktime Software)
HKU\S-1-5-21-764792866-2691984419-414306931-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Battle.net] => C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe [2861104 2015-03-21] (Blizzard Entertainment)
HKU\S-1-5-21-764792866-2691984419-414306931-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [puush] => C:\Program Files (x86)\puush\puush.exe [568904 2015-03-30] ()
HKU\S-1-5-21-764792866-2691984419-414306931-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31344744 2015-02-26] (Skype Technologies S.A.)
HKU\S-1-5-21-764792866-2691984419-414306931-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Spotify] => C:\Users\Valerij\AppData\Roaming\Spotify\Spotify.exe [6701624 2015-03-20] (Spotify Ltd)
HKU\S-1-5-21-764792866-2691984419-414306931-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {a8c344c1-c334-11e4-824e-806e6f6e6963} - "D:\Install_RADStudio.exe" 

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-764792866-2691984419-414306931-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-764792866-2691984419-414306931-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.giga.de/androidnews/
HKU\S-1-5-21-764792866-2691984419-414306931-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-764792866-2691984419-414306931-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.giga.de/androidnews/
Hosts: 91.16.224.207 ghost 2
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1

FireFox:
========
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-03-13] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-03-13] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-05] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)

Chrome: 
=======
CHR HomePage: Default -> https://www.google.de/
CHR StartupUrls: Default -> "https://www.google.de/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Valerij\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (ProxFlow) - C:\Users\Valerij\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2015-04-01]
CHR Extension: (Google Slides) - C:\Users\Valerij\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-01]
CHR Extension: (Magic Actions for YouTube™) - C:\Users\Valerij\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2015-04-01]
CHR Extension: (Google Docs) - C:\Users\Valerij\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-01]
CHR Extension: (Google Drive) - C:\Users\Valerij\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-01]
CHR Extension: (YouTube) - C:\Users\Valerij\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-01]
CHR Extension: (Google Search) - C:\Users\Valerij\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-01]
CHR Extension: (Google Sheets) - C:\Users\Valerij\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-01]
CHR Extension: (FoxyProxy Standard) - C:\Users\Valerij\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcknhkkoolaabfmlnjonogaaifnjlfnp [2015-04-01]
CHR Extension: (AdBlock) - C:\Users\Valerij\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-04-01]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Valerij\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-01]
CHR Extension: (Turbo for YouTube) - C:\Users\Valerij\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhgnmngkgolhffjjdaipkkjbmbnpefef [2015-04-01]
CHR Extension: (Google Wallet) - C:\Users\Valerij\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-01]
CHR Extension: (Proxy List - Free Proxies for everyone) - C:\Users\Valerij\AppData\Local\Google\Chrome\User Data\Default\Extensions\omihnninlhneakfglooiofgdbpmnhjgn [2015-04-01]
CHR Extension: (Click&Clean App) - C:\Users\Valerij\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2015-04-01]
CHR Extension: (Gmail) - C:\Users\Valerij\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-01]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [173848 2015-03-09] (EasyAntiCheat Ltd)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2015-02-05] (NVIDIA Corporation)
S2 IBG_gds_db; C:\Program Files (x86)\Embarcadero\RAD Studio\10.0\InterBaseXE3\bin\ibguard.exe [630272 2012-08-08] (Embarcadero Technologies, Inc.) [File not signed]
S3 IBS_gds_db; C:\Program Files (x86)\Embarcadero\RAD Studio\10.0\InterBaseXE3\bin\ibserver.exe [4868608 2012-08-08] (Embarcadero Technologies, Inc.) [File not signed]
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 nlsvc; C:\Program Files\Locktime Software\NetLimiter 4\NLSvc.exe [329344 2015-03-04] (Locktime Software)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706128 2015-02-05] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833360 2015-02-05] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1930608 2015-03-27] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2015-03-07] ()
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187072 2015-02-05] ()
S3 VsEtwService120; E:\Visual Studio\Common7\Packages\Debugger\Services\VsEtwService.exe [89232 2014-07-22] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 athr; C:\Windows\system32\DRIVERS\athwnx.sys [3680256 2013-06-18] (Qualcomm Atheros Communications, Inc.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-04-01] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-03-17] (Malwarebytes Corporation)
R2 nldrv; C:\Program Files\Locktime Software\NetLimiter 4\nldrv.sys [125360 2015-03-04] (Locktime Software)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-02-05] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2015-02-05] (NVIDIA Corporation)
R3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13368 2013-03-11] ()
R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [39592 2014-12-30] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-02-05] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2015-02-04] (Razer, Inc.)
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [226304 2014-10-29] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-01 20:18 - 2015-04-01 20:18 - 00016887 _____ () C:\Users\Valerij\Desktop\FRST.txt
2015-04-01 20:17 - 2015-04-01 20:18 - 00000000 ____D () C:\FRST
2015-04-01 20:16 - 2015-04-01 20:17 - 02095616 _____ (Farbar) C:\Users\Valerij\Desktop\FRST64.exe
2015-04-01 20:12 - 2015-04-01 20:12 - 00000000 ____D () C:\Users\Valerij\AppData\Roaming\Macromedia
2015-04-01 20:12 - 2015-04-01 20:12 - 00000000 ____D () C:\Users\Valerij\AppData\Roaming\LolClient
2015-04-01 20:10 - 2015-04-01 20:10 - 00001255 _____ () C:\Users\Valerij\Desktop\TeamSpeak 3 Client.lnk
2015-04-01 20:10 - 2015-04-01 20:10 - 00000000 ____D () C:\Users\Valerij\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2015-04-01 20:09 - 2015-04-01 20:09 - 00000000 ____D () C:\Users\Valerij\AppData\Roaming\Adobe
2015-04-01 19:41 - 2015-04-01 19:41 - 00003594 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-764792866-2691984419-414306931-1004
2015-04-01 19:41 - 2015-04-01 19:41 - 00000000 ____D () C:\Users\Vava\AppData\Roaming\Macromedia
2015-04-01 19:41 - 2015-04-01 19:41 - 00000000 ____D () C:\Users\Vava\AppData\Roaming\LolClient
2015-04-01 19:36 - 2015-04-01 19:37 - 00002267 _____ () C:\Users\Vava\Desktop\Google Chrome.lnk
2015-04-01 19:36 - 2015-04-01 19:36 - 00001450 _____ () C:\Users\Vava\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-04-01 19:36 - 2015-04-01 19:36 - 00000020 ___SH () C:\Users\Vava\ntuser.ini
2015-04-01 19:36 - 2015-04-01 19:36 - 00000020 ___SH () C:\Users\Vava\ntuser.ini
2015-04-01 19:36 - 2015-04-01 19:36 - 00000000 _SHDL () C:\Users\Vava\Vorlagen
2015-04-01 19:36 - 2015-04-01 19:36 - 00000000 _SHDL () C:\Users\Vava\Vorlagen
2015-04-01 19:36 - 2015-04-01 19:36 - 00000000 _SHDL () C:\Users\Vava\Startmenü
2015-04-01 19:36 - 2015-04-01 19:36 - 00000000 _SHDL () C:\Users\Vava\Startmenü
2015-04-01 19:36 - 2015-04-01 19:36 - 00000000 _SHDL () C:\Users\Vava\Netzwerkumgebung
2015-04-01 19:36 - 2015-04-01 19:36 - 00000000 _SHDL () C:\Users\Vava\Netzwerkumgebung
2015-04-01 19:36 - 2015-04-01 19:36 - 00000000 _SHDL () C:\Users\Vava\Lokale Einstellungen
2015-04-01 19:36 - 2015-04-01 19:36 - 00000000 _SHDL () C:\Users\Vava\Lokale Einstellungen
2015-04-01 19:36 - 2015-04-01 19:36 - 00000000 _SHDL () C:\Users\Vava\Eigene Dateien
2015-04-01 19:36 - 2015-04-01 19:36 - 00000000 _SHDL () C:\Users\Vava\Eigene Dateien
2015-04-01 19:36 - 2015-04-01 19:36 - 00000000 _SHDL () C:\Users\Vava\Druckumgebung
2015-04-01 19:36 - 2015-04-01 19:36 - 00000000 _SHDL () C:\Users\Vava\Druckumgebung
2015-04-01 19:36 - 2015-04-01 19:36 - 00000000 _SHDL () C:\Users\Vava\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-04-01 19:36 - 2015-04-01 19:36 - 00000000 _SHDL () C:\Users\Vava\AppData\Local\Verlauf
2015-04-01 19:36 - 2015-04-01 19:36 - 00000000 _SHDL () C:\Users\Vava\AppData\Local\Anwendungsdaten
2015-04-01 19:36 - 2015-04-01 19:36 - 00000000 _SHDL () C:\Users\Vava\Anwendungsdaten
2015-04-01 19:36 - 2015-04-01 19:36 - 00000000 _SHDL () C:\Users\Vava\Anwendungsdaten
2015-04-01 19:36 - 2015-04-01 19:36 - 00000000 ____D () C:\Users\Vava\AppData\Roaming\Adobe
2015-04-01 19:36 - 2015-04-01 19:36 - 00000000 ____D () C:\Users\Vava\AppData\Local\VirtualStore
2015-04-01 19:36 - 2015-04-01 19:36 - 00000000 ____D () C:\Users\Vava\AppData\Local\Razer
2015-04-01 19:36 - 2015-04-01 19:36 - 00000000 ____D () C:\Users\Vava\AppData\Local\Packages
2015-04-01 19:36 - 2015-04-01 19:36 - 00000000 ____D () C:\Users\Vava\AppData\Local\NVIDIA Corporation
2015-04-01 19:36 - 2015-04-01 19:36 - 00000000 ____D () C:\Users\Vava\AppData\Local\NVIDIA
2015-04-01 19:36 - 2015-04-01 19:36 - 00000000 ____D () C:\Users\Vava\AppData\Local\Logitech
2015-04-01 19:36 - 2015-04-01 19:36 - 00000000 ____D () C:\Users\Vava\AppData\Local\Google
2015-04-01 19:36 - 2015-04-01 19:36 - 00000000 ____D () C:\Users\Vava
2015-04-01 19:36 - 2015-03-12 01:29 - 00000000 ___RD () C:\Users\Vava\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-04-01 19:36 - 2015-03-05 16:17 - 00000000 ___RD () C:\Users\Vava\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-04-01 19:36 - 2015-03-05 16:17 - 00000000 ___RD () C:\Users\Vava\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-04-01 19:36 - 2014-03-18 12:12 - 00000369 _____ () C:\Users\Vava\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-04-01 19:36 - 2014-03-18 12:12 - 00000369 _____ () C:\Users\Vava\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-04-01 19:36 - 2013-08-22 17:36 - 00000000 ____D () C:\Users\Vava\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-04-01 19:32 - 2015-04-01 19:32 - 00000000 ____D () C:\Users\Valerij\AppData\Roaming\Notepad++
2015-04-01 19:25 - 2015-04-01 19:24 - 05617096 _____ (Swearware) C:\Users\Valerij\Desktop\ComboFix.exe
2015-04-01 19:16 - 2015-04-01 20:02 - 00063907 _____ () C:\Windows\WindowsUpdate.log
2015-04-01 19:13 - 2015-04-01 20:06 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-01 19:13 - 2015-04-01 19:13 - 00002267 _____ () C:\Users\Valerij\Desktop\Google Chrome.lnk
2015-04-01 19:13 - 2015-04-01 19:13 - 00001114 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-04-01 19:13 - 2015-04-01 19:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-04-01 19:13 - 2015-04-01 19:13 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-01 19:13 - 2015-04-01 19:13 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-01 19:13 - 2015-04-01 19:13 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-04-01 19:13 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-01 19:13 - 2015-03-17 06:15 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-01 19:13 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-01 19:11 - 2015-04-01 19:11 - 00000000 ____D () C:\Users\Valerij\AppData\Local\Skype
2015-04-01 19:10 - 2015-04-01 19:10 - 00000348 _____ () C:\Windows\setupact.log
2015-04-01 19:10 - 2015-04-01 19:10 - 00000000 _____ () C:\Windows\setuperr.log
2015-04-01 19:06 - 2015-04-01 19:06 - 00000000 ____D () C:\Users\Valerij\AppData\Roaming\puush
2015-04-01 19:06 - 2015-04-01 19:06 - 00000000 ____D () C:\Users\Valerij\AppData\Roaming\Battle.net
2015-04-01 19:06 - 2015-04-01 19:06 - 00000000 ____D () C:\Users\Valerij\AppData\Local\Razer
2015-04-01 19:06 - 2015-04-01 19:06 - 00000000 ____D () C:\Users\Valerij\AppData\Local\Blizzard Entertainment
2015-04-01 19:05 - 2015-04-01 19:06 - 00000000 ____D () C:\Users\Valerij\AppData\Roaming\Origin
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18836
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18836
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18835
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18835
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18834
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18834
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18833
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18833
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18832
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18832
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18831
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18831
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18830
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18830
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18829
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18829
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18828
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18828
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18827
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18827
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18826
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18826
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18825
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18825
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18824
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18824
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18823
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18823
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18822
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18822
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18821
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18821
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18820
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18820
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18819
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18819
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18818
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18818
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18817
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18817
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18816
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18816
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18815
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18815
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18814
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18814
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18813
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18813
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18812
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18812
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18811
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18811
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18810
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18810
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18809
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18809
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18808
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18808
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18807
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18807
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18806
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18806
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18805
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18805
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18804
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18804
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18803
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18803
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18802
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18802
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18801
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18801
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18800
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18800
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18799
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18799
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18798
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18798
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18797
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18797
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18796
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18796
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18795
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18795
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18794
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18794
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18793
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18793
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18792
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18792
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18791
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18791
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18790
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18790
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18789
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18789
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18788
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18788
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18787
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18787
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18786
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18786
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18785
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18785
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18784
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18784
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18783
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18783
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18782
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18782
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18781
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18781
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18780
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18780
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18779
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18779
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18778
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18778
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18777
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18777
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18776
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18776
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18775
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18775
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18774
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18774
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18773
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18773
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18772
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18772
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18771
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18771
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18770
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18770
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18769
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18769
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18768
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18768
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18767
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18767
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18766
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18766
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18765
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18765
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18764
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18764
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18763
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18763
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18762
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18762
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18761
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18761
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18760
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18760
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18759
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18759
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18758
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18758
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18757
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18757
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18756
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18756
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18755
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18755
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18754
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18754
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18753
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18753
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18752
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18752
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18751
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18751
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18750
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18750
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18749
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18749
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18748
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18748
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18747
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18747
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18746
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18746
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18745
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18745
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18744
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18744
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18743
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18743
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18742
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18742
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18741
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18741
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18740
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18740
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18739
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18739
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18738
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18738
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18737
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18737
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18736
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18736
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18735
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18735
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18734
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18734
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18733
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18733
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18732
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18732
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18731
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18731
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18730
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18730
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18729
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18729
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18728
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18728
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18727
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18727
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18726
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18726
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18725
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18725
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18724
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18724
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18723
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18723
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18722
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18722
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18721
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18721
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18720
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18720
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18719
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18719
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18718
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18718
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18717
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18717
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18716
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18716
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18715
2015-04-01 19:05 - 2015-04-01 19:05 - 00100000 _____ () C:\Users\Valerij\uu18715
         
FRST Rest

Code:
ATTFilter
2015-04-01 19:00 - 2015-04-01 19:00 - 00100000 _____ () C:\Users\Valerij\uu1000
2015-04-01 19:00 - 2015-04-01 19:00 - 00100000 _____ () C:\Users\Valerij\uu1000
2015-04-01 19:00 - 2015-04-01 19:00 - 00100000 _____ () C:\Users\Valerij\uu100
2015-04-01 19:00 - 2015-04-01 19:00 - 00100000 _____ () C:\Users\Valerij\uu100
2015-04-01 19:00 - 2015-04-01 19:00 - 00100000 _____ () C:\Users\Valerij\uu10
2015-04-01 19:00 - 2015-04-01 19:00 - 00100000 _____ () C:\Users\Valerij\uu10
2015-04-01 19:00 - 2015-04-01 19:00 - 00100000 _____ () C:\Users\Valerij\uu1
2015-04-01 19:00 - 2015-04-01 19:00 - 00100000 _____ () C:\Users\Valerij\uu1
2015-04-01 19:00 - 2015-04-01 19:00 - 00100000 _____ () C:\Users\Valerij\uu0
2015-04-01 19:00 - 2015-04-01 19:00 - 00100000 _____ () C:\Users\Valerij\uu0
2015-03-29 18:12 - 2015-03-29 18:12 - 00000642 _____ () C:\Users\Public\Desktop\Asima2.lnk
2015-03-29 18:12 - 2015-03-29 18:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Asima2
2015-03-29 16:03 - 2015-03-29 16:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Scan2PDF
2015-03-29 16:03 - 2015-03-29 16:03 - 00000000 ____D () C:\Program Files (x86)\Scan2PDF
2015-03-28 19:43 - 2015-03-28 19:43 - 00000000 ____D () C:\Program Files (x86)\Ubisoft
2015-03-27 19:12 - 2015-03-27 19:12 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-03-27 19:09 - 2015-03-11 04:38 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-03-27 19:09 - 2015-03-11 00:08 - 01107456 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-03-27 19:09 - 2015-03-11 00:08 - 00943104 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-03-27 19:09 - 2015-03-11 00:08 - 00760320 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-03-27 19:09 - 2015-03-11 00:08 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-03-27 19:09 - 2015-03-11 00:08 - 00414208 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-03-27 19:09 - 2015-03-11 00:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-03-23 00:08 - 2015-04-01 19:09 - 00003680 _____ () C:\Windows\System32\Tasks\klcp_update
2015-03-23 00:08 - 2015-03-23 00:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2015-03-23 00:08 - 2015-03-23 00:08 - 00000000 ____D () C:\Program Files (x86)\K-Lite Codec Pack
2015-03-23 00:08 - 2015-02-18 20:00 - 00112640 _____ () C:\Windows\SysWOW64\ff_vfw.dll
2015-03-23 00:08 - 2014-12-21 15:58 - 03570688 _____ (x264vfw project) C:\Windows\system32\x264vfw64.dll
2015-03-23 00:08 - 2014-12-21 15:57 - 03588608 _____ (x264vfw project) C:\Windows\SysWOW64\x264vfw.dll
2015-03-23 00:08 - 2014-12-05 00:56 - 00729088 _____ () C:\Windows\system32\xvidcore.dll
2015-03-23 00:08 - 2014-12-05 00:55 - 00655872 _____ () C:\Windows\SysWOW64\xvidcore.dll
2015-03-23 00:08 - 2014-11-14 16:12 - 00254976 _____ () C:\Windows\system32\xvidvfw.dll
2015-03-23 00:08 - 2014-11-14 16:11 - 00240128 _____ () C:\Windows\SysWOW64\xvidvfw.dll
2015-03-23 00:08 - 2012-07-21 13:55 - 00180736 _____ (fccHandler) C:\Windows\system32\ac3acm.acm
2015-03-23 00:08 - 2012-07-21 13:54 - 00122880 _____ (fccHandler) C:\Windows\SysWOW64\ac3acm.acm
2015-03-23 00:08 - 2011-12-07 20:37 - 00148992 _____ ( ) C:\Windows\system32\lagarith.dll
2015-03-23 00:08 - 2011-12-07 20:32 - 00216064 _____ ( ) C:\Windows\SysWOW64\lagarith.dll
2015-03-22 20:23 - 2015-03-22 20:26 - 00000000 ____D () C:\ProgramData\Adobe
2015-03-22 20:23 - 2015-03-22 20:26 - 00000000 ____D () C:\ProgramData\Adobe
2015-03-22 20:23 - 2015-03-22 20:23 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-03-22 20:23 - 2015-03-22 20:23 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-03-22 19:47 - 2015-03-22 19:48 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2015-03-22 19:06 - 2015-03-22 19:06 - 00000000 ____D () C:\Users\Valerij\Tracing
2015-03-22 19:06 - 2015-03-22 19:06 - 00000000 ____D () C:\Users\Valerij\Tracing
2015-03-22 19:05 - 2015-04-01 20:10 - 00000000 ____D () C:\Users\Valerij\AppData\Roaming\Skype
2015-03-22 19:05 - 2015-03-22 19:05 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-03-22 19:05 - 2015-03-22 19:05 - 00000000 ____D () C:\ProgramData\Skype
2015-03-22 19:05 - 2015-03-22 19:05 - 00000000 ____D () C:\ProgramData\Skype
2015-03-22 19:05 - 2015-03-22 19:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-03-22 17:29 - 2015-03-22 17:29 - 00003008 _____ () C:\Windows\System32\Tasks\WindowsUpdateChecker
2015-03-21 16:44 - 2015-03-13 21:41 - 32114888 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-03-21 16:44 - 2015-03-13 21:41 - 25460880 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-03-21 16:44 - 2015-03-13 21:41 - 24775368 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-03-21 16:44 - 2015-03-13 21:41 - 20466376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-03-21 16:44 - 2015-03-13 21:41 - 13297144 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-03-21 16:44 - 2015-03-13 21:41 - 13210080 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-03-21 16:44 - 2015-03-13 21:41 - 10775080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-03-21 16:44 - 2015-03-13 21:41 - 10715864 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-03-21 16:44 - 2015-03-13 21:41 - 10262160 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-03-21 16:44 - 2015-03-13 21:41 - 03611792 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-03-21 16:44 - 2015-03-13 21:41 - 03249352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-03-21 16:44 - 2015-03-13 21:41 - 01896136 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434788.dll
2015-03-21 16:44 - 2015-03-13 21:41 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434788.dll
2015-03-21 16:44 - 2015-03-13 21:41 - 00997856 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-03-21 16:44 - 2015-03-13 21:41 - 00970384 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-03-21 16:44 - 2015-03-13 21:41 - 00944784 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-03-21 16:44 - 2015-03-13 21:41 - 00930448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-03-21 16:44 - 2015-03-13 21:41 - 00909512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-03-21 16:44 - 2015-03-13 21:41 - 00878328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-03-21 16:44 - 2015-03-13 21:41 - 00833680 _____ () C:\Windows\system32\nvmcumd.dll
2015-03-21 16:44 - 2015-03-13 21:41 - 00496272 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-03-21 16:44 - 2015-03-13 21:41 - 00400584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-03-21 16:44 - 2015-03-13 21:41 - 00390288 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-03-21 16:44 - 2015-03-13 21:41 - 00354112 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-03-21 16:44 - 2015-03-13 21:41 - 00346824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-03-21 16:44 - 2015-03-13 21:41 - 00306208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-03-21 16:44 - 2015-03-13 21:41 - 00178512 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-03-21 16:44 - 2015-03-13 21:41 - 00164568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-03-21 16:44 - 2015-03-13 17:38 - 00622224 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-03-20 03:23 - 2014-11-17 22:17 - 00672984 _____ (Microsoft Corporation) C:\Windows\system32\MDMAgent.exe
2015-03-20 03:23 - 2014-11-17 22:17 - 00273240 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsAdminFlows.exe
2015-03-20 03:23 - 2014-11-15 21:05 - 00801584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-03-20 03:23 - 2014-11-15 08:29 - 00962216 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-20 03:23 - 2014-11-14 16:36 - 00055776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-03-20 03:23 - 2014-11-14 09:10 - 03558400 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-03-20 03:23 - 2014-11-14 08:58 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsDatabase.dll
2015-03-20 03:23 - 2014-11-14 08:58 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-03-20 03:23 - 2014-11-14 08:57 - 01027584 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
2015-03-20 03:23 - 2014-11-14 08:57 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-03-20 03:23 - 2014-11-14 08:54 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettings.Handlers.dll
2015-03-20 03:23 - 2014-11-14 08:54 - 00407552 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-03-20 03:23 - 2014-11-14 08:54 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-03-20 03:23 - 2014-11-14 08:53 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-03-20 03:23 - 2014-11-14 08:52 - 01714176 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-03-20 03:23 - 2014-11-14 08:46 - 02171904 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsAdminFlowUI.dll
2015-03-20 03:23 - 2014-11-14 08:39 - 02819584 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll
2015-03-20 03:23 - 2014-11-14 07:04 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-03-20 03:23 - 2014-11-14 07:03 - 00885760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2015-03-20 03:23 - 2014-11-14 07:03 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-03-20 03:23 - 2014-11-14 07:01 - 00723968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-03-20 03:23 - 2014-11-14 07:01 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-03-20 03:23 - 2014-11-10 20:06 - 02485056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2015-03-20 03:23 - 2014-11-10 20:06 - 00473408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2015-03-20 03:23 - 2014-11-10 20:06 - 00428864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2015-03-20 03:23 - 2014-11-10 20:06 - 00136512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys
2015-03-20 03:23 - 2014-11-10 04:57 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\agilevpn.sys
2015-03-20 03:23 - 2014-11-10 03:37 - 00845312 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2015-03-20 03:23 - 2014-11-10 03:34 - 01084416 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2015-03-20 03:23 - 2014-11-10 03:26 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2015-03-20 03:23 - 2014-11-10 03:20 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vpnike.dll
2015-03-20 03:23 - 2014-11-10 03:09 - 00272384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2015-03-20 03:23 - 2014-11-10 03:08 - 00702464 _____ (Microsoft Corporation) C:\Windows\system32\rasapi32.dll
2015-03-20 03:23 - 2014-11-10 03:06 - 00713216 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2015-03-20 03:23 - 2014-11-10 02:57 - 00624640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasapi32.dll
2015-03-20 03:23 - 2014-11-10 02:57 - 00561664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2015-03-20 03:23 - 2014-11-08 06:00 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndproxy.sys
2015-03-20 03:23 - 2014-11-08 06:00 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndistapi.sys
2015-03-20 03:23 - 2014-11-08 05:58 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rasl2tp.sys
2015-03-20 03:23 - 2014-11-08 05:58 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wanarp.sys
2015-03-20 03:23 - 2014-11-08 05:56 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\kmddsp.tsp
2015-03-20 03:23 - 2014-11-08 05:56 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\rasmxs.dll
2015-03-20 03:23 - 2014-11-08 05:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\rasser.dll
2015-03-20 03:23 - 2014-11-08 05:24 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\rasdiag.dll
2015-03-20 03:23 - 2014-11-08 05:13 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kmddsp.tsp
2015-03-20 03:23 - 2014-11-08 05:13 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasmxs.dll
2015-03-20 03:23 - 2014-11-08 05:13 - 00022528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasser.dll
2015-03-20 03:23 - 2014-11-08 04:48 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasdiag.dll
2015-03-20 03:23 - 2014-11-08 04:38 - 00166912 _____ (Microsoft Corporation) C:\Windows\system32\AppxAllUserStore.dll
2015-03-20 03:23 - 2014-11-08 04:17 - 00143360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxAllUserStore.dll
2015-03-20 03:23 - 2014-11-08 04:09 - 00182784 _____ (Microsoft Corporation) C:\Windows\system32\rascfg.dll
2015-03-20 03:23 - 2014-11-08 04:03 - 00733696 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveTelemetry.dll
2015-03-20 03:23 - 2014-11-08 03:59 - 00162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rascfg.dll
2015-03-20 03:23 - 2014-11-08 03:58 - 04837376 _____ (Microsoft Corporation) C:\Windows\system32\SyncEngine.dll
2015-03-20 03:23 - 2014-11-08 03:49 - 01154048 _____ (Microsoft Corporation) C:\Windows\system32\SkyDrive.exe
2015-03-20 03:23 - 2014-11-07 05:58 - 00952896 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2015-03-20 03:23 - 2014-11-07 05:20 - 00786120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2015-03-20 03:23 - 2014-11-05 04:12 - 00211968 _____ (Microsoft Corporation) C:\Windows\system32\QSHVHOST.DLL
2015-03-20 03:23 - 2014-11-05 04:12 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\QSVRMGMT.DLL
2015-03-20 03:23 - 2014-11-05 04:06 - 00514048 _____ (Microsoft Corporation) C:\Windows\system32\DevicePairing.dll
2015-03-20 03:23 - 2014-11-05 03:44 - 00657920 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2015-03-20 03:23 - 2014-11-05 03:43 - 00252416 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2015-03-20 03:23 - 2014-11-05 03:41 - 00558080 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll
2015-03-20 03:23 - 2014-11-05 03:39 - 00155648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\QSHVHOST.DLL
2015-03-20 03:23 - 2014-11-05 03:39 - 00094208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\QSVRMGMT.DLL
2015-03-20 03:23 - 2014-11-05 03:33 - 00465408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DevicePairing.dll
2015-03-20 03:23 - 2014-11-05 03:21 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll
2015-03-20 03:23 - 2014-11-05 03:20 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2015-03-20 03:23 - 2014-11-05 03:18 - 00507392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll
2015-03-20 03:23 - 2014-11-05 03:14 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\WSDMon.dll
2015-03-20 03:23 - 2014-11-05 03:06 - 00555520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll
2015-03-20 03:23 - 2014-11-04 21:33 - 00058176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dam.sys
2015-03-20 03:23 - 2014-11-04 21:25 - 00059712 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\kbdclass.sys
2015-03-20 03:23 - 2014-11-04 21:25 - 00051008 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\mouclass.sys
2015-03-20 03:23 - 2014-11-04 08:55 - 00026112 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\sermouse.sys
2015-03-20 03:23 - 2014-11-04 08:54 - 00108544 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\i8042prt.sys
2015-03-20 03:23 - 2014-11-04 08:54 - 00032256 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\kbdhid.sys
2015-03-20 03:23 - 2014-11-04 08:54 - 00030208 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\mouhid.sys
2015-03-20 03:23 - 2014-11-04 08:27 - 00128512 _____ (Microsoft Corporation) C:\Windows\splwow64.exe
2015-03-20 03:23 - 2014-11-04 07:01 - 00827392 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2015-03-20 03:23 - 2014-10-31 02:51 - 18823168 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2015-03-20 03:23 - 2014-10-31 02:10 - 15158784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2015-03-20 03:23 - 2014-10-29 05:05 - 00551232 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
2015-03-20 03:23 - 2014-10-29 03:55 - 00242176 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
2015-03-20 03:23 - 2014-10-29 03:13 - 00169984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll
2015-03-20 03:23 - 2014-10-21 03:59 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\eventcls.dll
2015-03-20 03:23 - 2014-10-21 03:19 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eventcls.dll
2015-03-20 03:23 - 2014-10-21 02:50 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\vsstrace.dll
2015-03-20 03:23 - 2014-10-21 02:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\vssapi.dll
2015-03-20 03:23 - 2014-10-21 02:31 - 00055296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vsstrace.dll
2015-03-20 03:23 - 2014-10-21 02:30 - 01454080 _____ (Microsoft Corporation) C:\Windows\system32\VSSVC.exe
2015-03-20 03:23 - 2014-10-21 02:20 - 01142272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vssapi.dll
2015-03-20 03:23 - 2014-10-18 10:09 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-03-20 03:23 - 2014-10-18 10:09 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-03-20 03:23 - 2014-10-18 09:25 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-03-20 03:23 - 2014-10-18 08:50 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll
2015-03-20 03:23 - 2014-10-17 06:56 - 00238912 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2015-03-20 03:23 - 2014-10-17 06:56 - 00153920 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2015-03-20 03:23 - 2014-10-17 06:56 - 00039744 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\intelpep.sys
2015-03-20 03:23 - 2014-10-17 05:35 - 00086336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pdc.sys
2015-03-14 16:59 - 2015-03-14 16:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Embarcadero RAD Studio XE3
2015-03-14 16:58 - 2015-03-14 16:59 - 00000000 __HDC () C:\ProgramData\{E473A10A-1C41-44C1-B1B4-60C8044FEECE}
2015-03-14 16:58 - 2015-03-14 16:59 - 00000000 __HDC () C:\ProgramData\{E473A10A-1C41-44C1-B1B4-60C8044FEECE}
2015-03-14 16:58 - 2015-03-14 16:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CollabNet Subversion Client
2015-03-14 16:58 - 2015-03-14 16:58 - 00000000 ____D () C:\Program Files (x86)\CollabNet
2015-03-14 16:57 - 2015-03-14 16:58 - 00000000 __HDC () C:\ProgramData\{BC3F30D8-A3F0-4B5E-808B-7525641F215D}
2015-03-14 16:57 - 2015-03-14 16:58 - 00000000 __HDC () C:\ProgramData\{BC3F30D8-A3F0-4B5E-808B-7525641F215D}
2015-03-14 16:57 - 2015-03-14 16:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Embarcadero InterBase XE3 64 [instance = gds_db]
2015-03-14 16:57 - 2012-08-08 15:03 - 01294336 _____ (Embarcadero Technologies, Inc.) C:\Windows\SysWOW64\gds32.dll
2015-03-14 16:57 - 2012-08-08 15:02 - 01805312 _____ (Embarcadero Technologies, Inc.) C:\Windows\SysWOW64\ibclient64.dll
2015-03-14 16:57 - 2012-08-08 15:02 - 00028672 _____ (Embarcadero Technologies, Inc.) C:\Windows\SysWOW64\ibxml64.dll
2015-03-14 16:51 - 2015-03-14 16:53 - 00000000 ____D () C:\ProgramData\{4C1A27DF-1043-4893-9757-DE2CE28C3D82}
2015-03-14 16:51 - 2015-03-14 16:53 - 00000000 ____D () C:\ProgramData\{4C1A27DF-1043-4893-9757-DE2CE28C3D82}
2015-03-14 07:49 - 2015-03-14 07:49 - 00009728 _____ (Razer Inc.) C:\Windows\SysWOW64\RzStats.IPC.dll
2015-03-12 16:52 - 2015-03-14 16:59 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-12 16:52 - 2015-03-14 16:59 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-12 16:44 - 2015-03-14 15:05 - 00000000 __HDC () C:\ProgramData\{D58335DC-C8DE-44AB-87E6-A01F75AE0930}
2015-03-12 16:44 - 2015-03-14 15:05 - 00000000 __HDC () C:\ProgramData\{D58335DC-C8DE-44AB-87E6-A01F75AE0930}
2015-03-12 16:02 - 2015-04-01 19:10 - 00000000 ____D () C:\ProgramData\Embarcadero
2015-03-12 16:02 - 2015-04-01 19:10 - 00000000 ____D () C:\ProgramData\Embarcadero
2015-03-12 16:02 - 2015-03-12 16:02 - 00000000 ____D () C:\Program Files (x86)\Embarcadero
2015-03-12 15:57 - 2015-03-12 15:58 - 00000000 ____D () C:\ProgramData\{95E74D47-F7E3-45F0-98A6-C4EB87FC1E6A}
2015-03-12 15:57 - 2015-03-12 15:58 - 00000000 ____D () C:\ProgramData\{95E74D47-F7E3-45F0-98A6-C4EB87FC1E6A}
2015-03-11 15:56 - 2015-02-04 01:58 - 00264000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2015-03-11 15:56 - 2015-02-04 01:58 - 00114496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys
2015-03-11 15:56 - 2015-02-04 01:58 - 00044024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2015-03-11 15:56 - 2015-02-03 01:53 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\winshfhc.dll
2015-03-11 15:56 - 2015-02-03 01:53 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winshfhc.dll
2015-03-11 15:56 - 2015-01-27 05:44 - 00933888 _____ (Microsoft Corporation) C:\Windows\system32\calc.exe
2015-03-11 15:56 - 2015-01-24 03:51 - 00816128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\calc.exe
2015-03-11 15:56 - 2015-01-23 09:17 - 00723072 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2015-03-11 15:56 - 2015-01-23 07:02 - 00560392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2015-03-11 15:55 - 2015-03-06 04:53 - 00430080 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-11 15:55 - 2015-03-06 04:33 - 00358912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-11 15:55 - 2015-02-26 01:26 - 04178944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-11 15:55 - 2015-02-21 03:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-11 15:55 - 2015-02-21 02:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
         
:

Addition:

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Valerij at 2015-04-01 20:26:11
Running from C:\Users\Valerij\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Arma 3 (HKLM-x32\...\Steam App 107410) (Version:  - Bohemia Interactive)
Asima2 (HKLM-x32\...\Asima2) (Version:  - )
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.6.2 - EA Digital Illusions CE AB)
BDE_ENT (x32 Version: 5.1.1 - Borland Software Corp.) Hidden
Behaviors SDK (Windows Phone) for Visual Studio 2013 (x32 Version: 12.0.50716.0 - Microsoft Corporation) Hidden
Behaviors SDK (Windows) for Visual Studio 2013 (x32 Version: 12.0.50429.0 - Microsoft Corporation) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Boost Libraries for C++Builder XE3 (HKLM-x32\...\Boost Libraries for C++Builder XE3) (Version: 10.0 - Embarcadero)
Boost Libraries for C++Builder XE3 (x32 Version: 10.0 - Embarcadero) Hidden
Build Tools - amd64 (Version: 12.0.31101 - Microsoft Corporation) Hidden
Build Tools - x86 (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden
Build Tools Language Resources - amd64 (Version: 12.0.31101 - Microsoft Corporation) Hidden
Build Tools Language Resources - x86 (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
CollabNet Subversion Client 1.7.5 (HKLM-x32\...\CollabNet Subversion Client) (Version: 1.7.5 - CollabNet)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
CPUID CPU-Z 1.72 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Embarcadero Delphi and C++Builder XE3 Help System (HKLM-x32\...\Embarcadero Delphi and C++Builder XE3 Help System) (Version: 10.0 - Embarcadero)
Embarcadero Delphi and C++Builder XE3 Help System (x32 Version: 10.0 - Embarcadero) Hidden
Embarcadero InterBase XE3 64 [instance = gds_db] (HKLM-x32\...\Embarcadero InterBase XE3 64 [instance = gds_db]) (Version: Embarcadero InterBase XE3 - Embarcadero Technologies Inc)
Embarcadero RAD Studio XE3 (HKU\S-1-5-21-764792866-2691984419-414306931-1001\...\Embarcadero RAD Studio XE3) (Version: 10.0 - Embarcadero Technologies)
Embarcadero RAD Studio XE3 (HKU\S-1-5-21-764792866-2691984419-414306931-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Embarcadero RAD Studio XE3) (Version: 10.0 - Embarcadero Technologies)
Embarcadero RAD Studio XE3 (x32 Version: 10.0 - Embarcadero) Hidden
Entity Framework 6.1.1 Tools  for Visual Studio 2013 (HKLM-x32\...\{85253F13-EE42-4850-A3A5-79B90E92D7AC}) (Version: 12.0.30610.0 - Microsoft Corporation)
Erforderliche Komponenten für SSDT  (HKLM-x32\...\{2466E484-9D86-416B-9C88-AA533F15AF1C}) (Version: 12.0.2000.8 - Microsoft Corporation)
Erforderliche Komponenten für SSDT  (HKLM-x32\...\{3FF082A7-A5DE-4BDA-B56A-1D2BEFD617A3}) (Version: 11.1.3000.0 - Microsoft Corporation)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
Gemeinsam genutzte Microsoft Azure-Komponenten für Visual Studio 2013 Sprachpaket (DEU) - v1.3 (x32 Version: 1.3.21014.1603 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.101 - Google Inc.)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
HP Deskjet 2540 series - Grundlegende Software für das Gerät (HKLM\...\{333E22D7-9F56-4482-A13C-1B9D35B9D641}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
K-Lite Mega Codec Pack 11.0.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.0.0 - )
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Logitech Gaming Software 8.57 (HKLM\...\Logitech Gaming Software) (Version: 8.57.145 - Logitech Inc.)
Malwarebytes Anti-Malware Version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK - DEU Lang Pack (HKLM-x32\...\{21B0F482-5EF9-45DA-8840-340AFE705A6C}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (Deutsch) (HKLM-x32\...\{CBD7095F-7211-43FD-9FE7-FB08D753AF79}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft Document Explorer 2008 (HKLM-x32\...\Microsoft Document Explorer 2008) (Version:  - Microsoft Corporation)
Microsoft Document Explorer 2008 Language Pack - DEU (HKLM-x32\...\Microsoft Document Explorer 2008 Language Pack - DEU) (Version:  - Microsoft Corporation)
Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Help Viewer 2.1 Sprachpaket - DEU (HKLM-x32\...\Microsoft Help Viewer 2.1 Sprachpaket - DEU) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{F09DEB00-9F41-4BC9-BA81-9F131B12B3D5}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{D4E30517-FE6F-491E-942F-AE10E1B18F38}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (x64) (HKLM\...\{B4EDAE03-DB34-4DD0-BA7E-2ED80DEA50B1}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{269A8DF6-BBDA-441F-932B-233F9B746D72}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (HKLM-x32\...\{EC75BD20-F9CA-4E77-825F-ABD77E95BE91}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (x64) (HKLM\...\{0BF65908-D137-4A9E-B7C9-78F32F74F6FD}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{93945D16-4C3D-433E-B7E4-3D0D86B284C8}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{6F173435-3F19-4043-BA3D-A46AA8472859}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL-Sprachdienst  (HKLM-x32\...\{1D812D86-D8EF-41AC-A518-BA12E1913747}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 DEU  (HKLM\...\{98225B15-ECF5-4645-B5AC-F8C5E869A5D5}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - DEU (12.0.41012.0) (HKLM-x32\...\{79AB8378-D661-4021-9941-FE5F4AEB57BB}) (Version: 12.0.41012.0 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - DEU (12.0.30919.1) (HKLM-x32\...\{BCB8A870-2B3D-4CC0-87D6-F931E065AC0C}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server*2014 Express LocalDB  (HKLM\...\{CA191120-4CB1-4E3D-89B8-79FDB9017A2E}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server*2014 Management Objects  (HKLM-x32\...\{4F4CB3E2-9D2F-465A-854B-8276B02F4E7D}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server*2014 Management Objects (x64) (HKLM\...\{03CB711D-679E-46ED-851B-C568418CF914}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server*2014 Transact-SQL ScriptDom  (HKLM\...\{F2A2DB39-2C5A-4764-AA0F-5AB112663FFA}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server*2014 T-SQL Language Service  (HKLM-x32\...\{06BE8B71-46C6-434B-869E-85C58EF3120A}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package (HKLM-x32\...\Microsoft Visual J# 2.0 Redistributable Package) (Version:  - Microsoft Corporation)
Microsoft Visual Studio Express 2013 für Windows Desktop - DEU mit Update 4 (HKLM-x32\...\{74d92646-2565-4a60-8008-448470da91db}) (Version: 12.0.31101.0 - Microsoft Corporation)
Microsoft-System-CLR-Typen für SQL Server 2012 (HKLM-x32\...\{43341417-7882-4F34-8390-53DFD00F6C0F}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft-System-CLR-Typen für SQL Server 2012 (x64) (HKLM\...\{24440413-490E-41CA-BD33-0B30FD3EBE3A}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft-System-CLR-Typen für SQL Server 2014 (HKLM\...\{9408684F-E1CC-4D2E-AE15-886023557682}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft-System-CLR-Typen für SQL Server 2014 (HKLM-x32\...\{B9A7B46F-0120-406B-9A12-3AD1DCC94D97}) (Version: 12.0.2000.8 - Microsoft Corporation)
MSI Afterburner 4.1.0 (HKLM-x32\...\Afterburner) (Version: 4.1.0 - MSI Co., LTD)
NetLimiter 4 (HKLM-x32\...\NetLimiter 4 4.0.10.0) (Version: 4.0.10.0 - Locktime Software)
NetLimiter 4 (Version: 4.0.10.0 - Locktime Software) Hidden
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.4 - Notepad++ Team)
NVIDIA 3D Vision Controller-Treiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 347.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.88 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation)
NVIDIA Grafiktreiber 347.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.88 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA Miracast Virtueller Ton 347.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 347.88 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.5.5.2850 - Electronic Arts, Inc.)
Paket zur Festlegung von Zielversionen für Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM-x32\...\{D5409B11-EF28-37A1-AE7A-6051A5BAD923}) (Version: 4.5.50932 - Microsoft Corporation)
PowreShellIntegration.Notifications (x32 Version: 2.5.21003.1603 - Microsoft Corporation) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
puush (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284B}) (Version: 1.0.0.0 - Dean Herbert)
Python Tools - Umleitungsvorlage (x32 Version: 1.1 - Microsoft Corporation) Hidden
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.19.24735 - Razer Inc.)
Rust (HKLM-x32\...\Steam App 252490) (Version:  - Facepunch Studios)
Scan2PDF 1.6 (HKLM-x32\...\Scan2PDF_is1) (Version:  - Koma-Code)
SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden
Skype™ 7.2 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.2.103 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-764792866-2691984419-414306931-1001\...\Spotify) (Version: 1.0.2.6.g9977a14b - Spotify AB)
Spotify (HKU\S-1-5-21-764792866-2691984419-414306931-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Spotify) (Version: 1.0.2.6.g9977a14b - Spotify AB)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Team Explorer for Microsoft Visual Studio 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
TeamSpeak 3 Client (HKU\S-1-5-21-764792866-2691984419-414306931-1001\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamSpeak 3 Client (HKU\S-1-5-21-764792866-2691984419-414306931-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
The Crew (Worldwide) (HKLM-x32\...\Uplay Install 413) (Version:  - Ubisoft)
TypeScript Power Tool (x32 Version: 1.0.5.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2013 (x32 Version: 1.0.5.0 - Microsoft Corporation) Hidden
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Uplay (HKLM-x32\...\Uplay) (Version: 5.1 - Ubisoft)
Visual Studio 2013 Update 4 (KB2829760) (HKLM-x32\...\{53d408db-eb91-43fb-9d8f-167681c19763}) (Version: 12.0.31101 - Microsoft Corporation)
VS Update core components (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden
WinRAR 5.21 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-764792866-2691984419-414306931-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-764792866-2691984419-414306931-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-764792866-2691984419-414306931-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-764792866-2691984419-414306931-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\ooofilt_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-764792866-2691984419-414306931-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\propertyhdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-764792866-2691984419-414306931-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-764792866-2691984419-414306931-1001_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-764792866-2691984419-414306931-1001_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-764792866-2691984419-414306931-1001_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-764792866-2691984419-414306931-1001_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\ooofilt_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-764792866-2691984419-414306931-1001_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\propertyhdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-764792866-2691984419-414306931-1001_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)

==================== Restore Points  =========================

19-03-2015 16:03:18 Windows Update
22-03-2015 19:47:23 Installed Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
27-03-2015 19:35:44 Windows Update
28-03-2015 20:27:45 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2015-03-12 16:57 - 00000879 ____A C:\Windows\system32\Drivers\etc\hosts
lempel.ignorelist.com ghost2
91.16.224.207 ghost 2

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0717A750-EB79-44AE-AF06-69C71ECEE76F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-05] (Google Inc.)
Task: {21701C61-D086-47E2-9967-0E625E1F94E4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {2FD541D2-91CC-424D-8865-478A3FF6D013} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-05] (Google Inc.)
Task: {352772FB-9270-4616-A271-CA25F85217D0} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-03-11] (Microsoft Corporation)
Task: {53EE0FB3-E38D-42FE-ABB0-54DCAF74457A} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2015-03-05] ()
Task: {5C139C79-37A9-4949-97A9-FAE8FCD69D56} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2015-02-18] ()
Task: {76A20DAF-32B3-41E9-BAAE-DBFBEB66E25C} - System32\Tasks\WindowsUpdateChecker => %appdata%/Microsoft/Windows/st.vbs
Task: {C11706F3-2E4D-4BF2-898C-48F1EDC22DDA} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-01-20] (Piriform Ltd)
Task: {CF34929E-71F5-4DA2-896C-458D1D26913D} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [2014-12-06] ()
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2015-03-06 19:08 - 2015-03-07 00:30 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2015-02-05 02:24 - 2015-02-05 02:25 - 00187072 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2015-03-05 14:56 - 2015-03-13 18:16 - 00118472 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-12-06 09:03 - 2014-12-06 09:03 - 00565760 _____ () C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
2014-05-12 11:49 - 2014-05-12 11:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2014-09-18 09:23 - 2014-09-18 09:23 - 00866584 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2014-10-14 20:51 - 2014-10-14 20:51 - 01050904 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2014-09-18 09:23 - 2014-09-18 09:23 - 00059160 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2014-10-14 20:51 - 2014-10-14 20:51 - 00242456 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2015-03-05 15:11 - 2015-02-05 23:01 - 00714896 _____ () C:\Program Files\NVIDIA Corporation\ShadowPlay\gamecaster64.dll
2015-03-05 15:11 - 2015-02-05 23:01 - 00854160 _____ () C:\Program Files\NVIDIA Corporation\ShadowPlay\twitchsdk64.dll
2015-01-21 04:06 - 2015-01-21 04:06 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2015-01-06 15:18 - 2012-03-07 03:37 - 00020288 _____ () C:\Program Files\CCleaner\branding.dll
2015-03-04 11:34 - 2015-03-04 11:34 - 00180224 _____ () C:\Program Files\Locktime Software\NetLimiter 4\NLClientApp.Core.dll
2015-03-04 11:34 - 2015-03-04 11:34 - 00358912 _____ () C:\Program Files\Locktime Software\NetLimiter 4\NLClientApp.Modules.dll
2015-03-04 11:34 - 2015-03-04 11:34 - 00030720 _____ () C:\Program Files\Locktime Software\NetLimiter 4\LightTheme.dll
2012-01-10 15:41 - 2015-03-30 12:30 - 00568904 _____ () C:\Program Files (x86)\puush\puush.exe
2014-02-28 11:14 - 2014-02-28 11:14 - 00173568 _____ () C:\Users\Valerij\AppData\Local\TeamSpeak 3 Client\quazip.dll
2014-02-27 16:51 - 2014-02-27 16:51 - 01080832 _____ () C:\Users\Valerij\AppData\Local\TeamSpeak 3 Client\platforms\qwindows.dll
2014-02-27 16:51 - 2014-02-27 16:51 - 00833024 _____ () C:\Users\Valerij\AppData\Local\TeamSpeak 3 Client\sqldrivers\qsqlite.dll
2014-08-04 15:43 - 2014-08-04 15:43 - 00102344 _____ () C:\Users\Valerij\AppData\Local\TeamSpeak 3 Client\soundbackends\directsound_win64.dll
2014-08-04 15:43 - 2014-08-04 15:43 - 00108488 _____ () C:\Users\Valerij\AppData\Local\TeamSpeak 3 Client\soundbackends\windowsaudiosession_win64.dll
2014-02-27 16:51 - 2014-02-27 16:51 - 00030208 _____ () C:\Users\Valerij\AppData\Local\TeamSpeak 3 Client\imageformats\qgif.dll
2014-02-27 16:51 - 2014-02-27 16:51 - 00233984 _____ () C:\Users\Valerij\AppData\Local\TeamSpeak 3 Client\imageformats\qjpeg.dll
2014-08-04 15:46 - 2014-08-04 15:46 - 00563656 _____ () C:\Users\Valerij\AppData\Local\TeamSpeak 3 Client\plugins\clientquery_plugin.dll
2014-08-04 15:46 - 2014-08-04 15:46 - 00579016 _____ () C:\Users\Valerij\AppData\Local\TeamSpeak 3 Client\plugins\teamspeak_control_plugin.dll
2014-02-27 16:51 - 2014-02-27 16:51 - 00159232 _____ () C:\Users\Valerij\AppData\Local\TeamSpeak 3 Client\accessible\qtaccessiblewidgets.dll
2014-12-06 09:01 - 2014-12-06 09:01 - 00071680 _____ () C:\Program Files (x86)\MSI Afterburner\RTMUI.dll
2014-12-06 09:01 - 2014-12-06 09:01 - 00056832 _____ () C:\Program Files (x86)\MSI Afterburner\RTFC.dll
2014-12-06 09:02 - 2014-12-06 09:02 - 00217600 _____ () C:\Program Files (x86)\MSI Afterburner\RTCore.dll
2014-12-06 09:01 - 2014-12-06 09:01 - 00353792 _____ () C:\Program Files (x86)\MSI Afterburner\RTUI.dll
2014-12-06 09:02 - 2014-12-06 09:02 - 00649216 _____ () C:\Program Files (x86)\MSI Afterburner\RTHAL.dll
2015-03-05 15:32 - 2015-03-10 08:37 - 00775680 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-03-05 15:32 - 2014-12-02 02:29 - 05002752 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-03-05 15:32 - 2015-03-24 06:22 - 02371776 _____ () C:\Program Files (x86)\Steam\video.dll
2015-03-05 15:32 - 2014-12-02 02:29 - 01612800 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-03-05 15:32 - 2014-12-02 02:29 - 01210368 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2015-03-05 15:32 - 2014-12-01 23:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2015-03-05 15:32 - 2014-12-01 23:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2015-03-05 15:32 - 2014-12-01 23:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2015-03-05 15:32 - 2014-12-01 23:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2015-03-05 15:32 - 2014-12-01 23:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2015-03-05 15:32 - 2015-03-24 06:22 - 00702656 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2015-03-05 15:32 - 2015-02-25 03:58 - 34641288 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2015-03-05 15:33 - 2015-03-27 19:08 - 01007104 _____ () C:\Program Files (x86)\Origin\platforms\qwindows.dll
2015-03-05 15:33 - 2015-03-27 19:08 - 00023552 _____ () C:\Program Files (x86)\Origin\imageformats\qgif.dll
2015-03-05 15:33 - 2015-03-27 19:08 - 00024576 _____ () C:\Program Files (x86)\Origin\imageformats\qico.dll
2015-03-05 15:33 - 2015-03-27 19:08 - 00216576 _____ () C:\Program Files (x86)\Origin\imageformats\qjpeg.dll
2015-03-05 15:33 - 2015-03-27 19:08 - 00261120 _____ () C:\Program Files (x86)\Origin\imageformats\qmng.dll
2015-03-05 15:33 - 2015-03-27 19:08 - 00019456 _____ () C:\Program Files (x86)\Origin\imageformats\qtga.dll
2015-03-05 15:33 - 2015-03-27 19:08 - 00337408 _____ () C:\Program Files (x86)\Origin\imageformats\qtiff.dll
2015-03-05 15:33 - 2015-03-27 19:08 - 00018944 _____ () C:\Program Files (x86)\Origin\imageformats\qwbmp.dll
2015-03-21 14:05 - 2015-03-14 12:12 - 01174856 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\libglesv2.dll
2015-03-21 14:05 - 2015-03-14 12:12 - 00080200 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\libegl.dll
2015-03-21 14:05 - 2015-03-14 12:12 - 09278792 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\pdf.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-764792866-2691984419-414306931-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Valerij\Documents\gt-r_1080p.jpg
HKU\S-1-5-21-764792866-2691984419-414306931-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Valerij\Documents\gt-r_1080p.jpg
HKU\S-1-5-21-764792866-2691984419-414306931-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-764792866-2691984419-414306931-500 - Administrator - Disabled)
Gast (S-1-5-21-764792866-2691984419-414306931-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-764792866-2691984419-414306931-1003 - Limited - Enabled)
Valerij (S-1-5-21-764792866-2691984419-414306931-1001 - Administrator - Enabled) => C:\Users\Valerij
Vava (S-1-5-21-764792866-2691984419-414306931-1004 - Limited - Enabled) => C:\Users\Vava

==================== Faulty Device Manager Devices =============

Name: Qualcomm Atheros AR9287-Funknetzwerkadapter
Description: Qualcomm Atheros AR9287-Funknetzwerkadapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Qualcomm Atheros Communications Inc.
Service: athr
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/01/2015 07:17:02 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 13) (User: Vava)
Description: C:\Users\Valerij\AppData\Local\Packages\winstore_cw5n1h2txyewy\LocalState<null>-2147024894

Error: (04/01/2015 07:17:01 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 13) (User: Vava)
Description: C:\Users\Valerij\AppData\Local\Packages\winstore_cw5n1h2txyewy\LocalState<null>-2147024894

Error: (04/01/2015 07:11:41 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT-AUTORITÄT)
Description: There was an error with the Windows Location Provider database

Error: (04/01/2015 07:10:57 PM) (Source: IBG_gds_db) (EventID: 212) (User: )
Description: The registry information is missing.
Please run the InterBase Configuration Utilit

Error: (04/01/2015 07:05:47 PM) (Source: IBG_gds_db) (EventID: 212) (User: )
Description: The registry information is missing.
Please run the InterBase Configuration Utilit

Error: (04/01/2015 03:46:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: League of Legends.exe, Version: 5.6.0.190, Zeitstempel: 0x55121ca4
Name des fehlerhaften Moduls: League of Legends.exe, Version: 5.6.0.190, Zeitstempel: 0x55121ca4
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00da4123
ID des fehlerhaften Prozesses: 0x5104
Startzeit der fehlerhaften Anwendung: 0xLeague of Legends.exe0
Pfad der fehlerhaften Anwendung: League of Legends.exe1
Pfad des fehlerhaften Moduls: League of Legends.exe2
Berichtskennung: League of Legends.exe3
Vollständiger Name des fehlerhaften Pakets: League of Legends.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: League of Legends.exe5

Error: (04/01/2015 03:40:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: League of Legends.exe, Version: 5.6.0.190, Zeitstempel: 0x55121ca4
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x7745971d
ID des fehlerhaften Prozesses: 0x5394
Startzeit der fehlerhaften Anwendung: 0xLeague of Legends.exe0
Pfad der fehlerhaften Anwendung: League of Legends.exe1
Pfad des fehlerhaften Moduls: League of Legends.exe2
Berichtskennung: League of Legends.exe3
Vollständiger Name des fehlerhaften Pakets: League of Legends.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: League of Legends.exe5

Error: (04/01/2015 03:32:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: League of Legends.exe, Version: 5.6.0.190, Zeitstempel: 0x55121ca4
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17668, Zeitstempel: 0x54c846bb
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00049cae
ID des fehlerhaften Prozesses: 0x5744
Startzeit der fehlerhaften Anwendung: 0xLeague of Legends.exe0
Pfad der fehlerhaften Anwendung: League of Legends.exe1
Pfad des fehlerhaften Moduls: League of Legends.exe2
Berichtskennung: League of Legends.exe3
Vollständiger Name des fehlerhaften Pakets: League of Legends.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: League of Legends.exe5

Error: (04/01/2015 03:21:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: League of Legends.exe, Version: 5.6.0.190, Zeitstempel: 0x55121ca4
Name des fehlerhaften Moduls: League of Legends.exe, Version: 5.6.0.190, Zeitstempel: 0x55121ca4
Ausnahmecode: 0xc0000409
Fehleroffset: 0x00d9f8ba
ID des fehlerhaften Prozesses: 0x46bc
Startzeit der fehlerhaften Anwendung: 0xLeague of Legends.exe0
Pfad der fehlerhaften Anwendung: League of Legends.exe1
Pfad des fehlerhaften Moduls: League of Legends.exe2
Berichtskennung: League of Legends.exe3
Vollständiger Name des fehlerhaften Pakets: League of Legends.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: League of Legends.exe5

Error: (04/01/2015 03:16:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: League of Legends.exe, Version: 5.6.0.190, Zeitstempel: 0x55121ca4
Name des fehlerhaften Moduls: League of Legends.exe, Version: 5.6.0.190, Zeitstempel: 0x55121ca4
Ausnahmecode: 0xc0000409
Fehleroffset: 0x00d9f8ba
ID des fehlerhaften Prozesses: 0x4f6c
Startzeit der fehlerhaften Anwendung: 0xLeague of Legends.exe0
Pfad der fehlerhaften Anwendung: League of Legends.exe1
Pfad des fehlerhaften Moduls: League of Legends.exe2
Berichtskennung: League of Legends.exe3
Vollständiger Name des fehlerhaften Pakets: League of Legends.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: League of Legends.exe5


System errors:
=============
Error: (04/01/2015 07:10:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "InterBase XE3 64 Guardian gds_db" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/01/2015 07:10:57 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst InterBase XE3 64 Server gds_db erreicht.

Error: (04/01/2015 07:05:47 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "InterBase XE3 64 Guardian gds_db" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/01/2015 07:05:47 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst InterBase XE3 64 Server gds_db erreicht.

Error: (04/01/2015 07:05:43 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Die Initialisierung des Speicherabbildes ist fehlgeschlagen.

Error: (04/01/2015 07:05:43 PM) (Source: volmgr) (EventID: 45) (User: )
Description: Das System konnte den Treiber für das Speicherabbild nicht laden.

Error: (04/01/2015 09:42:46 AM) (Source: DCOM) (EventID: 10010) (User: Vava)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (04/01/2015 09:42:16 AM) (Source: DCOM) (EventID: 10010) (User: Vava)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (03/31/2015 06:10:44 PM) (Source: nvlddmkm) (EventID: 13) (User: )
Description: \Device\Video3Graphics Exception: ESR 0x408030=0x80000003

Error: (03/31/2015 06:10:44 PM) (Source: nvlddmkm) (EventID: 13) (User: )
Description: \Device\Video3Graphics Exception: Const out of Bound


Microsoft Office Sessions:
=========================
Error: (04/01/2015 07:17:02 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 13) (User: Vava)
Description: C:\Users\Valerij\AppData\Local\Packages\winstore_cw5n1h2txyewy\LocalState<null>-2147024894

Error: (04/01/2015 07:17:01 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 13) (User: Vava)
Description: C:\Users\Valerij\AppData\Local\Packages\winstore_cw5n1h2txyewy\LocalState<null>-2147024894

Error: (04/01/2015 07:11:41 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT-AUTORITÄT)
Description: -2147024883

Error: (04/01/2015 07:10:57 PM) (Source: IBG_gds_db) (EventID: 212) (User: )
Description: The registry information is missing.
Please run the InterBase Configuration Utilit

Error: (04/01/2015 07:05:47 PM) (Source: IBG_gds_db) (EventID: 212) (User: )
Description: The registry information is missing.
Please run the InterBase Configuration Utilit

Error: (04/01/2015 03:46:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: League of Legends.exe5.6.0.19055121ca4League of Legends.exe5.6.0.19055121ca4c000000500da4123510401d06c815b7ce6deE:\Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.1.84\deploy\League of Legends.exeE:\Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.1.84\deploy\League of Legends.exe7c57be9b-d875-11e4-825f-60a44c52355c

Error: (04/01/2015 03:40:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: League of Legends.exe5.6.0.19055121ca4unknown0.0.0.000000000c00000057745971d539401d06c80508a8457E:\Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.1.84\deploy\League of Legends.exeunknown9776d8af-d874-11e4-825f-60a44c52355c

Error: (04/01/2015 03:32:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: League of Legends.exe5.6.0.19055121ca4ntdll.dll6.3.9600.1766854c846bbc000000500049cae574401d06c7ec894e00cE:\Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.1.84\deploy\League of Legends.exeC:\Windows\SYSTEM32\ntdll.dll8c9762d8-d873-11e4-825f-60a44c52355c

Error: (04/01/2015 03:21:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: League of Legends.exe5.6.0.19055121ca4League of Legends.exe5.6.0.19055121ca4c000040900d9f8ba46bc01d06c7e9cf3cd08E:\Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.1.84\deploy\League of Legends.exeE:\Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.1.84\deploy\League of Legends.exe01580cab-d872-11e4-825f-60a44c52355c

Error: (04/01/2015 03:16:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: League of Legends.exe5.6.0.19055121ca4League of Legends.exe5.6.0.19055121ca4c000040900d9f8ba4f6c01d06c7b97b10040E:\Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.1.84\deploy\League of Legends.exeE:\Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.1.84\deploy\League of Legends.exe42d76d5e-d871-11e4-825f-60a44c52355c


CodeIntegrity Errors:
===================================
  Date: 2015-03-06 00:31:40.114
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-03-06 00:31:40.052
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-03-05 22:36:27.773
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-03-05 22:36:27.711
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-3770K CPU @ 3.50GHz
Percentage of memory in use: 25%
Total physical RAM: 15574.04 MB
Available physical RAM: 11636.87 MB
Total Pagefile: 31446.04 MB
Available Pagefile: 27102.73 MB
Total Virtual: 131072 MB
Available Virtual: 131071.75 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.45 GB) (Free:47.55 GB) NTFS
Drive e: (Games etc.) (Fixed) (Total:931.41 GB) (Free:776.95 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 14A03524)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 14A0353C)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=42)

==================== End Of Log ============================
         
--- --- ---

Alt 03.04.2015, 19:29   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Eigene Dateien nicht mehr aufrufbar! Desktop, Dokumente etc. - Standard

Eigene Dateien nicht mehr aufrufbar! Desktop, Dokumente etc.



Keinen Schimmer. Lass ein paar der Dateien mal online prüfen:

Dateien online auf Viren prüfen - so geht&#039;s - Anleitungen




Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 03.04.2015, 23:46   #9
VavaOwns
 
Eigene Dateien nicht mehr aufrufbar! Desktop, Dokumente etc. - Standard

Eigene Dateien nicht mehr aufrufbar! Desktop, Dokumente etc.



Hab paar uuXX Dateien gescannt. Leider alle unschädlich.. mich wundert trotzdem warum die plötzlich alle, als das Problem aufgetaucht ist, erstellt wurden.

Hier der Scan:
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
  main:    v2015.04.03.08
  rootkit: v2015.03.31.01

Windows 8.1 x64 NTFS
Internet Explorer 11.0.9600.17690
Valerij :: VAVA [administrator]

04.04.2015 00:37:46
mbar-log-2015-04-04 (00-37-46).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 421522
Time elapsed: 4 minute(s), 25 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         

Alt 04.04.2015, 11:34   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Eigene Dateien nicht mehr aufrufbar! Desktop, Dokumente etc. - Standard

Eigene Dateien nicht mehr aufrufbar! Desktop, Dokumente etc.



Leg bitte mal einen neuen Benutzer an mit Adminrechten, und boote in diesen. Wie ist es dort, geht alles?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 05.04.2015, 00:32   #11
VavaOwns
 
Eigene Dateien nicht mehr aufrufbar! Desktop, Dokumente etc. - Standard

Eigene Dateien nicht mehr aufrufbar! Desktop, Dokumente etc.



Jo, da geht alles. Kann auf Documents, Bilder, Videos. Und auf Diesem Account sagt er, dass der Pfad nicht verfügbar sei...

Alt 05.04.2015, 13:13   #12
schrauber
/// the machine
/// TB-Ausbilder
 

Eigene Dateien nicht mehr aufrufbar! Desktop, Dokumente etc. - Standard

Eigene Dateien nicht mehr aufrufbar! Desktop, Dokumente etc.



Also wenn Du mit dem neuen Account den Ordner des alten Accounts ansteuern willst geht das nicht? Da hats das Benutzerkonto mal so richtig zerbügelt.


Schritt 1
  • Lade Dir bitte Windows Repair - All in one hier herunter und installiere es.
  • Deaktiviere bitte (wenn möglich) Dein Antivirusprogramm.
  • Bedenke, dass die einzelnen Reparaturen einige Zeit benötigen. Starte keine anderen Anwendungen in dieser Zeit.
  • Starte das Programm und führe die Punkte 1-8 durch. (Siehe Bildanleitung)




__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 06.04.2015, 01:07   #13
VavaOwns
 
Eigene Dateien nicht mehr aufrufbar! Desktop, Dokumente etc. - Standard

Eigene Dateien nicht mehr aufrufbar! Desktop, Dokumente etc.



Jup, geht nichts..
Das Repairtool hat leider auch nicht geholfen...

Alt 06.04.2015, 14:03   #14
schrauber
/// the machine
/// TB-Ausbilder
 

Eigene Dateien nicht mehr aufrufbar! Desktop, Dokumente etc. - Standard

Eigene Dateien nicht mehr aufrufbar! Desktop, Dokumente etc.



Das alte Konto ist hin. Da wird dann wohl auch nichts mehr zu retten sein.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 09.04.2015, 11:01   #15
VavaOwns
 
Eigene Dateien nicht mehr aufrufbar! Desktop, Dokumente etc. - Standard

Eigene Dateien nicht mehr aufrufbar! Desktop, Dokumente etc.



Ich hab etwas hinbekommen. Das tool heißt ShadowExplorer. Mit diesem Programm kannst du Dateien wiederherstellen, die vor paar Tagen auf deinem Rechner waren.
Sogesagt habe ich jetzt meinen ganzen Desktop wiederhergestellt und formatiere jetzt, damit ich wieder Zugriff auf Documents habe.
Trotzdem danke für die Hilfe

Antwort

Themen zu Eigene Dateien nicht mehr aufrufbar! Desktop, Dokumente etc.
dateien, desktop, dokumente, explorer, fehlermeldung, forum, großes, guten, kein zugriff auf eigene dateien, klicke, league, league of legends, minute, minuten, neu, nicht mehr, nichts, papierkorb, plötzlich, privates, probleme, relativ, schwarz, taskleiste, verloren, versuche, zugriff



Ähnliche Themen: Eigene Dateien nicht mehr aufrufbar! Desktop, Dokumente etc.


  1. Eigene Dateien verschlüsselt bzw umbennat und nicht mehr nutzbar
    Diskussionsforum - 02.10.2012 (4)
  2. Windows 7 - "Eigene Dateien"/Desktop auf andere Partition auslagern
    Alles rund um Windows - 21.09.2012 (5)
  3. Windows 7 wegen Verschlüsselungs-Trojaner neu Installiert, Eigene Dateien nicht mehr lesbar?
    Log-Analyse und Auswertung - 23.05.2012 (5)
  4. Schwarze Symbolleisten (Kein Zugriff auf Eigene Dateien oder Eigene Bilder)
    Plagegeister aller Art und deren Bekämpfung - 15.04.2012 (1)
  5. SMART HDD -> Desktop schwarz, Dateien/ Startmenüeinträge usw. nicht mehr sichtbar
    Log-Analyse und Auswertung - 07.04.2012 (34)
  6. Smart HDD: Startleiste bleibt leer, kein Zugriff auf Eigene Dateien, Desktop-Verknüpfungen weg
    Log-Analyse und Auswertung - 30.03.2012 (1)
  7. Desktop Icons und Dateien werden nach Infizierung nicht mehr angezeigt :(
    Plagegeister aller Art und deren Bekämpfung - 25.03.2012 (36)
  8. Desktop Icons und Dateien werden nach Infizierung nicht mehr angezeigt - mein Rechner auch!
    Plagegeister aller Art und deren Bekämpfung - 20.03.2012 (2)
  9. Fake alert: Desktop, Startmenü, Eigene Dateien unsichtbar
    Plagegeister aller Art und deren Bekämpfung - 14.03.2012 (3)
  10. [doppelt] TR/ArchSMS.pxmkm in C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien...
    Mülltonne - 15.12.2011 (3)
  11. Befall von Trojan.FakeMS -> Desktop schwarz, Eigene Dateien versteckt
    Log-Analyse und Auswertung - 19.06.2011 (10)
  12. Desktop gelöscht/ Dateien nicht mehr sichtbar
    Log-Analyse und Auswertung - 30.04.2011 (2)
  13. Windows Fix Disk - Dateien nicht mehr sichtbar! Desktop mit schwarzem Hintergrund!
    Log-Analyse und Auswertung - 30.04.2011 (18)
  14. TR/Kazy.mekml.1 , Eigene Dateien weg, Desktop futsch,....
    Log-Analyse und Auswertung - 28.04.2011 (1)
  15. # C:\Dokumente und Einstellungen\***\Eigene Dateien\Downloads\hijackthis\HijackThis.e
    Mülltonne - 01.12.2009 (2)
  16. Nach einem Virus habe ich keinen Zugriff mehr auf meine Eigene Dateien
    Plagegeister aller Art und deren Bekämpfung - 11.03.2009 (5)
  17. Eigene Dateien weg/Desktop verändert --> Trojaner?
    Mülltonne - 22.12.2008 (0)

Zum Thema Eigene Dateien nicht mehr aufrufbar! Desktop, Dokumente etc. - Schönen Guten Tag liebes Forum, ich habe seit paar Minuten ein relativ großes Problem. Normalerweise versuche ich meine Probleme immer selber zu Beheben, aber diesmal bin ich ratlos... Zum Problem: - Eigene Dateien nicht mehr aufrufbar! Desktop, Dokumente etc....
Archiv
Du betrachtest: Eigene Dateien nicht mehr aufrufbar! Desktop, Dokumente etc. auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.