Addition tool:FRST Additions Logfile: Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-10-2014 01
Ran by waldemar at 2014-10-31 12:29:04
Running from C:\Users\waldemar\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adanak (HKLM\...\Adanak) (Version: 2014.10.27.102721 - Adanak) <==== ATTENTION
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader 6.0.1 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A00000000001}) (Version: 006.000.001 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.5.1 - EA Digital Illusions CE AB)
BlockAndSurf (HKLM-x32\...\B4CDA78A-F867-A0F4-217F-BFC0EB40850C) (Version: - BlockAndSurf-software) <==== ATTENTION
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bus-Simulator 2012 (HKLM-x32\...\Bus-Simulator 2012_is1) (Version: - astragon)
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version: - Cheat Engine)
City Car Driving 1.2.2 (HKLM-x32\...\{CC457F3D-5CDE-4CE8-9685-90A4EDE81374}_is1) (Version: - Forward Development)
Connected Music powered by Universal Music Group version 1.0 (HKLM-x32\...\{46037DC7-F927-46DF-935F-D6F122BDD34B}_is1) (Version: 1.0 - Snowite)
CouponARific (HKLM\...\CouponARific) (Version: - CouponARific) <==== ATTENTION
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2.5630 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.2.2114 - CyberLink Corp.)
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.2.3317 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.2.2126 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.2.2126 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.7.4605 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Driver San Francisco (HKLM-x32\...\Driver San Francisco) (Version: 1.2.0.0 - Ubisoft)
Euro Truck Simulator 2 (HKLM-x32\...\{1B705E8F-9893-4486-B5D7-4F7FEB9C871E}_is1) (Version: 1.2.5 - SCS Software)
Fotogalerie (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Free YouTube Download version 3.2.44.908 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.44.908 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.46.923 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.46.923 - DVDVideoSoft Ltd.)
Garrys Mod version 14.04.19 (HKLM\...\{C8F834F5-46EA-4933-8AA9-F6CD7D29EED0}_is1) (Version: 14.04.19 - Strogino CS Portal)
Genesis (HKCU\...\genesis_10262239) (Version: - ) <==== ATTENTION
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Grand Theft Auto: Episodes From Liberty City (HKLM-x32\...\{61B8B2F9-D8DA-4B24-89A9-DB09F38A4899}) (Version: 1.1.0.0 - Rockstar Games)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
HP Connected Remote (HKLM-x32\...\{F243A34B-AB7F-4065-B770-B85B767C247C}) (Version: 1.0.1218 - Hewlett-Packard)
HP Registration Service (HKLM\...\{C2E428EB-116E-41C0-9E84-B22DE9CCA42F}) (Version: 1.1.6232.4245 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6429.0 - IDT)
iFunbox (v2.9.2421.748), iFunbox DevTeam (HKLM-x32\...\iFunbox_is1) (Version: v2.9.2421.748 - )
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Microsoft Games for Windows - LIVE (HKLM-x32\...\{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}) (Version: 3.1.186.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}) (Version: 3.1.99.0 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Minecraft1.6.2 (HKLM-x32\...\Minecraft1.6.2) (Version: - )
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Mozilla Firefox 33.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 33.0.2 (x86 de)) (Version: 33.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0.3 - Mozilla)
MSVCRT110_amd64 (Version: 16.4.1108.0727 - Microsoft) Hidden
Need for Speed™ Most Wanted (HKLM-x32\...\{FB0127F3-985B-44CE-AE29-378CAF60B361}) (Version: 1.0.0.0 - Electronic Arts)
Nero 12 (HKLM\...\{560FC78C-A4B2-461D-9B47-820C1EEF87B8}) (Version: 12.0.02000 - )
Nero 12 (HKLM-x32\...\{560FC78C-A4B2-461D-9B47-820C1EEF87B8}) (Version: 12.0.02000 - )
Nero 12 (HKLM-x32\...\{D529E699-7753-46E7-8B73-C5556EF5B486}) (Version: 12.0.03500 - Nero AG)
NextCoup (HKLM-x32\...\{3D0F43D9-C1D7-733C-01F8-4A3001BF8CC3}) (Version: 2.1.0.1693 - )
NVIDIA Grafiktreiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
Opera Stable 25.0.1614.68 (HKLM-x32\...\Opera 25.0.1614.68) (Version: 25.0.1614.68 - Opera Software ASA)
Origin (HKLM-x32\...\Origin) (Version: 9.0.13.2141 - Electronic Arts, Inc.)
paint.net (HKLM\...\{F509C1F4-0029-49F9-B145-A4C4E8DF481A}) (Version: 4.0.3 - dotPDN LLC)
Peggle (HKLM-x32\...\{715AD72D-887A-459E-988B-D4F3E87FA24B}) (Version: 1.04.0.0 - PopCap Games)
Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
Ralink RT5390R 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.5.0 - Ralink)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Recovery Manager (x32 Version: 5.5.0.5826 - CyberLink Corp.) Hidden
Rockstar Games Social Club (HKLM-x32\...\{08B3869E-D282-424C-9AFC-870E04A4BA14}) (Version: 1.00.0000 - Rockstar Games)
RollerCoaster Tycoon 3 Platinum (HKLM-x32\...\{907B4640-266B-4A21-92FB-CD1A86CD0F63}) (Version: 1.00.000 - Atari)
SkypEmoticons (HKLM-x32\...\SkypEmoticons_is1) (Version: - ) <==== ATTENTION
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
Strike Vector (HKLM-x32\...\Steam App 246700) (Version: - Ragequit Corporation)
TmNationsForever (HKLM-x32\...\TmNationsForever_is1) (Version: - Nadeo)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Welcome App (Start-up experience) (x32 Version: 12.0.15000 - Nero AG) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
WindowsMangerProtect20.0.0.1013 (HKLM-x32\...\WindowsMangerProtect) (Version: 20.0.0.1013 - WindowsProtect LIMITED) <==== ATTENTION
WinRAR 5.10 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
WinSCP 5.6.2 beta (HKLM-x32\...\winscp3_is1) (Version: 5.6.2 beta - Martin Prikryl)
YoutubeAdBlocke (HKLM-x32\...\{4820778D-AB0D-6D18-C316-52A6A0E1D507}) (Version: 2.3.0.1512 - ) <==== ATTENTION
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
07-10-2014 19:48:19 Geplanter Prüfpunkt
15-10-2014 05:32:02 Windows Update
17-10-2014 15:49:10 DirectX wurde installiert
23-10-2014 17:56:47 Installed iTunes
26-10-2014 23:16:46 Camtasia Studio 8 wird entfernt
30-10-2014 19:13:19 paint.net v4.0.3
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {1AA262D6-F1B9-4682-AD1E-71947440113F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {1DE0CA86-2FC0-42EE-B3E5-675AE49C6571} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {249BD0B8-E049-491E-AF39-C894DCA1A0FC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {2559CBD2-D54B-411A-84C9-E2A689E2115A} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-03-18] (Microsoft Corporation)
Task: {26348C20-1E4F-4E0C-9D8C-EC68071662F5} - System32\Tasks\Opera scheduled Autoupdate 1412793520 => C:\Program Files (x86)\Opera\launcher.exe [2014-10-29] (Opera Software)
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {2D30715C-8733-4677-951E-B3DF91081D60} - System32\Tasks\ASP => C:\Program Files (x86)\System Speedup\SystweakASP.exe
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3AFACFC6-3CFD-4A9B-817A-FC48ABE9FF48} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {3F627D27-AE01-401D-8968-75998CBAFBD2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-09-05] (Hewlett-Packard Company)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {553C4F61-C277-469C-947A-9D7FE38AD83F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {5BACBFDB-8716-4F0B-82B3-2BF6DDFC8FCD} - System32\Tasks\CLVDLauncher => c:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-07-24] (CyberLink Corp.)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {7BB1EC61-3140-48A7-9245-3DD56ECC42BA} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {8E46FC74-3BCC-4853-BECC-059D1B85EF23} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {94D23C85-5208-4674-BF10-DE018666DC06} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-10-16] (Microsoft Corporation)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {B165B9D3-5ED9-4EB9-8C7F-A299AE9FDABE} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D41AF43A-3D21-4AB8-831B-D1E022CDEFA0} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {D4F1838F-B2D1-4B45-AEF2-FB800DF0E0ED} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {D7B3370D-B10F-4275-95F1-B03BC38A20C6} - System32\Tasks\CLMLSvc_P2G8 => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-08] (CyberLink)
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E2562A04-6A23-4BC3-88B5-2898FFA664B1} - System32\Tasks\LuckyTab => C:\Program Files (x86)\LuckyTab\LuckyTab.exe [2014-10-26] (LuckyTab)
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {F805A2F4-CD41-40C9-A61B-2FDDD2CFCC53} - System32\Tasks\BlockAndSurf Update => C:\Program Files (x86)\ver2BlockAndSurf\i9BlockAndSurfz18.exe [2014-10-26] () <==== ATTENTION
Task: C:\WINDOWS\Tasks\BlockAndSurf Update.job => C:\Program Files (x86)\ver2BlockAndSurf\i9BlockAndSurfz18.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2014-09-29 21:13 - 2014-09-29 21:13 - 00172544 _____ () C:\Program Files (x86)\35556262-902E-49AE-8622-66E14F1F041C\arrmeapsie64.exe
2014-09-29 21:13 - 2014-09-29 21:13 - 00110080 _____ () C:\Program Files (x86)\35556262-902E-49AE-8622-66E14F1F041C\nfapi.dll
2014-09-29 21:13 - 2014-09-29 21:13 - 00456192 _____ () C:\Program Files (x86)\35556262-902E-49AE-8622-66E14F1F041C\ProtocolFilters.dll
2014-09-29 16:45 - 2014-09-29 16:45 - 00076152 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2014-10-27 23:07 - 2014-10-31 00:11 - 00123672 _____ () C:\ProgramData\f8d67e26-5954-4e5e-906c-2b89b2e43e87\maintainer.exe
2014-10-20 17:26 - 2014-10-26 23:39 - 00104928 _____ () C:\Program Files (x86)\SupTab\WindowsSupportDll64.dll
2014-10-26 23:39 - 2014-10-26 23:39 - 00121856 _____ () C:\Program Files (x86)\ver2BlockAndSurf\BlockAndSurf.exe
2014-10-20 17:26 - 2014-10-26 23:39 - 00732128 _____ () C:\Program Files (x86)\SupTab\HpUI.exe
2014-07-16 10:55 - 2014-07-16 10:55 - 00073216 _____ () C:\Program Files (x86)\SupTab\Loader64.exe
2014-07-16 11:16 - 2014-07-16 11:16 - 00064000 _____ () C:\Program Files (x86)\SupTab\Loader32.exe
2014-10-26 23:39 - 2014-10-26 23:39 - 03112960 _____ () C:\Users\waldemar\AppData\Local\Genesis_10262239\Genesis_10262239.exe
2014-10-26 23:39 - 2014-10-26 23:39 - 00556544 _____ () C:\Program Files (x86)\ver2BlockAndSurf\i9BlockAndSurfz18.exe
2014-10-27 11:33 - 2014-10-31 09:55 - 00523032 _____ () C:\Program Files (x86)\Adanak\updateAdanak.exe
2014-10-28 14:56 - 2014-10-31 09:58 - 00523032 _____ () C:\Program Files (x86)\Adanak\bin\utilAdanak.exe
2014-10-28 14:57 - 2014-10-31 04:38 - 00098584 _____ () C:\Program Files (x86)\Adanak\bin\Adanak.BrowserAdapter.exe
2014-10-28 14:57 - 2014-10-31 04:38 - 00114968 _____ () C:\Program Files (x86)\Adanak\bin\Adanak.BrowserAdapter64.exe
2014-10-28 14:57 - 2014-10-30 20:38 - 00352536 _____ () C:\Program Files (x86)\Adanak\bin\Adanak.PurBrowse64.exe
2014-10-28 14:57 - 2014-10-30 08:40 - 01649944 _____ () C:\Program Files (x86)\Adanak\bin\Adanak.BOASHelper.exe
2014-10-11 12:06 - 2014-10-11 12:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-10-20 17:26 - 2014-10-26 23:39 - 00022496 _____ () C:\Program Files (x86)\SupTab\WindowsSupportDll32.dll
2014-10-30 20:42 - 2014-10-30 20:42 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-01-22 10:18 - 2012-06-08 04:34 - 00627216 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 12:34 - 2012-06-08 12:34 - 00016400 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-06-26 06:24 - 2014-06-26 06:24 - 00612664 _____ () C:\Program Files (x86)\ver2BlockAndSurf\sqlite3.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\waldemar\OneDrive:ms-properties
AlternateDataStreams: C:\Users\waldemar\SkyDrive:ms-properties
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: globalUpdate => 2
MSCONFIG\Services: globalUpdatem => 3
MSCONFIG\Services: GlobalUpdater => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: HP Support Assistant Service => 2
MSCONFIG\Services: HPConnectedRemote => 2
MSCONFIG\Services: hpqwmiex => 3
MSCONFIG\Services: Intel(R) Capability Licensing Service Interface => 2
MSCONFIG\Services: Intel(R) ME Service => 2
MSCONFIG\Services: jhi_service => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: NAUpdate => 2
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: SProtection => 2
MSCONFIG\Services: STacSV => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: UNS => 2
MSCONFIG\Services: WindowsMangerProtect => 2
HKLM\...\StartupApproved\StartupFolder: => "1.bat"
HKLM\...\StartupApproved\StartupFolder: => "2.bat"
HKLM\...\StartupApproved\StartupFolder: => "3.bat"
HKLM\...\StartupApproved\StartupFolder: => "4.bat"
HKLM\...\StartupApproved\StartupFolder: => "5.bat"
HKLM\...\StartupApproved\StartupFolder: => "6.bat"
HKLM\...\StartupApproved\StartupFolder: => "7.bat"
HKLM\...\StartupApproved\StartupFolder: => "8.bat"
HKLM\...\StartupApproved\StartupFolder: => "9.bat"
HKLM\...\StartupApproved\StartupFolder: => "zombiddos.vbs"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKCU\...\StartupApproved\Run: => "RGSC"
HKCU\...\StartupApproved\Run: => "Cracked Steam Service"
HKCU\...\StartupApproved\Run: => "Skype"
========================= Accounts: ==========================
Administrator (S-1-5-21-930745963-3632866088-1184878944-500 - Administrator - Disabled) => C:\Users\Administrator
Gast (S-1-5-21-930745963-3632866088-1184878944-501 - Limited - Disabled)
UpdatusUser (S-1-5-21-930745963-3632866088-1184878944-1004 - Limited - Enabled) => C:\Users\UpdatusUser
waldemar (S-1-5-21-930745963-3632866088-1184878944-1001 - Administrator - Enabled) => C:\Users\waldemar
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (10/31/2014 00:39:48 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "ACME,processorArchitecture="x86",type="win32",version="12.0.0.0"1".
Die abhängige Assemblierung "ACME,processorArchitecture="x86",type="win32",version="12.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (10/30/2014 08:13:19 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {0d5bd19b-1e81-4c12-88af-d20e28eaf736}
Error: (10/30/2014 09:41:53 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "ACME,processorArchitecture="x86",type="win32",version="12.0.0.0"1".
Die abhängige Assemblierung "ACME,processorArchitecture="x86",type="win32",version="12.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (10/30/2014 09:39:42 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "ACME,processorArchitecture="x86",type="win32",version="12.0.0.0"1".
Die abhängige Assemblierung "ACME,processorArchitecture="x86",type="win32",version="12.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (10/29/2014 08:35:38 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm opera.exe, Version 25.0.1614.63 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 790
Startzeit: 01cff3359c218cda
Endzeit: 116
Anwendungspfad: C:\Program Files (x86)\Opera\25.0.1614.63\opera.exe
Berichts-ID: 1483006e-5f3e-11e4-bea4-10604b7219c9
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (10/29/2014 06:07:22 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "ACME,processorArchitecture="x86",type="win32",version="12.0.0.0"1".
Die abhängige Assemblierung "ACME,processorArchitecture="x86",type="win32",version="12.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (10/28/2014 05:20:26 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "ACME,processorArchitecture="x86",type="win32",version="12.0.0.0"1".
Die abhängige Assemblierung "ACME,processorArchitecture="x86",type="win32",version="12.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (10/28/2014 05:17:53 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "ACME,processorArchitecture="x86",type="win32",version="12.0.0.0"1".
Die abhängige Assemblierung "ACME,processorArchitecture="x86",type="win32",version="12.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (10/28/2014 02:39:59 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "ACME,processorArchitecture="x86",type="win32",version="12.0.0.0"1".
Die abhängige Assemblierung "ACME,processorArchitecture="x86",type="win32",version="12.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (10/28/2014 10:47:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: opera.exe, Version: 25.0.1614.63, Zeitstempel: 0x544849d8
Name des fehlerhaften Moduls: combase.dll, Version: 6.3.9600.17031, Zeitstempel: 0x53086d7c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00016d61
ID des fehlerhaften Prozesses: 0x1508
Startzeit der fehlerhaften Anwendung: 0xopera.exe0
Pfad der fehlerhaften Anwendung: opera.exe1
Pfad des fehlerhaften Moduls: opera.exe2
Berichtskennung: opera.exe3
Vollständiger Name des fehlerhaften Pakets: opera.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: opera.exe5
System errors:
=============
Error: (10/31/2014 01:15:45 AM) (Source: DCOM) (EventID: 10016) (User: MILLER)
Description: ComputerstandardLokalAktivierung{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}MillerwaldemarS-1-5-21-930745963-3632866088-1184878944-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (10/30/2014 10:51:32 PM) (Source: DCOM) (EventID: 10016) (User: MILLER)
Description: ComputerstandardLokalAktivierung{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}MillerwaldemarS-1-5-21-930745963-3632866088-1184878944-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (10/30/2014 10:37:29 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4
Error: (10/30/2014 10:30:31 PM) (Source: DCOM) (EventID: 10016) (User: MILLER)
Description: ComputerstandardLokalAktivierung{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}MillerwaldemarS-1-5-21-930745963-3632866088-1184878944-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (10/30/2014 10:07:37 PM) (Source: DCOM) (EventID: 10016) (User: MILLER)
Description: ComputerstandardLokalAktivierung{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}MillerwaldemarS-1-5-21-930745963-3632866088-1184878944-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (10/30/2014 09:42:36 PM) (Source: DCOM) (EventID: 10016) (User: MILLER)
Description: ComputerstandardLokalAktivierung{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}MillerwaldemarS-1-5-21-930745963-3632866088-1184878944-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (10/30/2014 05:28:05 PM) (Source: DCOM) (EventID: 10010) (User: MILLER)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
Error: (10/30/2014 05:28:05 PM) (Source: DCOM) (EventID: 10010) (User: MILLER)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
Error: (10/30/2014 02:37:25 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4
Error: (10/30/2014 11:52:05 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4
Microsoft Office Sessions:
=========================
Error: (10/31/2014 00:39:48 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: ACME,processorArchitecture="x86",type="win32",version="12.0.0.0"c:\program files (x86)\Nero\Nero 12\nero recode\NeroBRServer.exe.Manifest
Error: (10/30/2014 08:13:19 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Zugriff verweigert
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {0d5bd19b-1e81-4c12-88af-d20e28eaf736}
Error: (10/30/2014 09:41:53 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: ACME,processorArchitecture="x86",type="win32",version="12.0.0.0"c:\program files (x86)\Nero\Nero 12\nero recode\NeroBRServer.exe.Manifest
Error: (10/30/2014 09:39:42 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: ACME,processorArchitecture="x86",type="win32",version="12.0.0.0"c:\program files (x86)\Nero\Nero 12\nero recode\NeroBRServer.exe.Manifest
Error: (10/29/2014 08:35:38 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: opera.exe25.0.1614.6379001cff3359c218cda116C:\Program Files (x86)\Opera\25.0.1614.63\opera.exe1483006e-5f3e-11e4-bea4-10604b7219c9
Error: (10/29/2014 06:07:22 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: ACME,processorArchitecture="x86",type="win32",version="12.0.0.0"c:\program files (x86)\Nero\Nero 12\nero recode\NeroBRServer.exe.Manifest
Error: (10/28/2014 05:20:26 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: ACME,processorArchitecture="x86",type="win32",version="12.0.0.0"c:\program files (x86)\Nero\Nero 12\nero recode\NeroBRServer.exe.Manifest
Error: (10/28/2014 05:17:53 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: ACME,processorArchitecture="x86",type="win32",version="12.0.0.0"c:\program files (x86)\Nero\Nero 12\nero recode\NeroBRServer.exe.Manifest
Error: (10/28/2014 02:39:59 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: ACME,processorArchitecture="x86",type="win32",version="12.0.0.0"c:\program files (x86)\Nero\Nero 12\nero recode\NeroBRServer.exe.Manifest
Error: (10/28/2014 10:47:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: opera.exe25.0.1614.63544849d8combase.dll6.3.9600.1703153086d7cc000000500016d61150801cff293d93ad9bfC:\Program Files (x86)\Opera\25.0.1614.63\opera.exeC:\WINDOWS\SYSTEM32\combase.dll7c8a036a-5e87-11e4-bea3-10604b7219c9
CodeIntegrity Errors:
===================================
Date: 2014-10-18 00:22:53.972
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-10-18 00:22:53.904
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-10-11 09:44:07.658
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-10-11 09:44:07.597
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-07-14 14:46:18.317
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\WWAHost.exe) attempted to load \Device\HarddiskVolume4\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\Microsoft.WindowsLive.Launch.dll that did not meet the Store signing level requirements.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-3350P CPU @ 3.10GHz
Percentage of memory in use: 19%
Total physical RAM: 12243.37 MB
Available physical RAM: 9893.21 MB
Total Pagefile: 13459.37 MB
Available Pagefile: 10512.71 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:917.61 GB) (Free:600.94 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery Image) (Fixed) (Total:11.64 GB) (Free:1.38 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (EFLC_DISC1) (CDROM) (Total:7.72 GB) (Free:0 GB) UDF
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 8DAF223A)
Partition: GPT Partition Type.
==================== End Of Log ============================ --- --- ---
FRST txt.
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-10-2014 01
Ran by waldemar (administrator) on MILLER on 31-10-2014 12:28:29
Running from C:\Users\waldemar\Downloads
Loaded Profile: waldemar (Available profiles: waldemar & UpdatusUser & Administrator)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginServices\PluginService.exe
(Fuyu LIMITED) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\35556262-902E-49AE-8622-66E14F1F041C\arrmeapsie64.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
() C:\ProgramData\f8d67e26-5954-4e5e-906c-2b89b2e43e87\maintainer.exe
(LuckyTab) C:\Program Files (x86)\LuckyTab\LuckyTab.exe
(Microsoft Corporation) C:\Windows\System32\AtBroker.exe
(Microsoft Corporation) C:\Windows\System32\Magnify.exe
() C:\Program Files (x86)\ver2BlockAndSurf\BlockAndSurf.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
() C:\Program Files (x86)\SupTab\HpUI.exe
() C:\Program Files (x86)\SupTab\Loader64.exe
() C:\Program Files (x86)\SupTab\Loader32.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
() C:\Users\waldemar\AppData\Local\Genesis_10262239\Genesis_10262239.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
() C:\Program Files (x86)\ver2BlockAndSurf\i9BlockAndSurfz18.exe
() C:\Program Files (x86)\Adanak\updateAdanak.exe
() C:\Program Files (x86)\Adanak\bin\utilAdanak.exe
() C:\Program Files (x86)\Adanak\bin\Adanak.BrowserAdapter.exe
() C:\Program Files (x86)\Adanak\bin\Adanak.BrowserAdapter64.exe
() C:\Program Files (x86)\Adanak\bin\Adanak.PurBrowse64.exe
() C:\Program Files (x86)\Adanak\bin\Adanak.BOASHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2012-10-25] (Hewlett-Packard )
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-10-25] (IDT, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-19\...\Winlogon: [Shell] C:\WINDOWS\Explorer.exe [2374784 2014-08-23] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-20\...\Winlogon: [Shell] C:\WINDOWS\Explorer.exe [2374784 2014-08-23] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-21-930745963-3632866088-1184878944-1001\...\Run: [RGSC] => C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe [305064 2008-11-14] (Take-Two Interactive Software, Inc.)
HKU\S-1-5-21-930745963-3632866088-1184878944-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21650016 2014-07-24] (Skype Technologies S.A.)
HKU\S-1-5-21-930745963-3632866088-1184878944-1001\...\Run: [se] => C:\Users\user\AppData\Roaming\SkypEmoticons\SE.exe /minimized
HKU\S-1-5-21-930745963-3632866088-1184878944-1001\...\Run: [LiveSupport] => "C:\Program Files (x86)\LiveSupport\LiveSupport.exe" /noshow /log
HKU\S-1-5-21-930745963-3632866088-1184878944-1001\...\Run: [genesis_10262239] => c:\users\waldemar\appdata\local\genesis_10262239\genesis_10262239.exe [3112960 2014-10-26] ()
HKU\S-1-5-21-930745963-3632866088-1184878944-1001\...\Run: [Price-Horse] => C:\Users\waldemar\AppData\Local\pricehorse\pricehorse\1.3.13.12\pricehorse.exe
HKU\S-1-5-21-930745963-3632866088-1184878944-1001\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-930745963-3632866088-1184878944-1001\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-21-930745963-3632866088-1184878944-1001\...\MountPoints2: {f487ac12-93c5-11e2-be6e-806e6f6e6963} - "E:\Autorun.exe"
HKU\S-1-5-21-930745963-3632866088-1184878944-1001\...\Winlogon: [Shell] C:\WINDOWS\Explorer.exe [2374784 2014-08-23] (Microsoft Corporation) <==== ATTENTION
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\1.bat ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\2.bat ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\3.bat ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\4.bat ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\5.bat ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\6.bat ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\7.bat ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\8.bat ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\9.bat ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\zombiddos.vbs ()
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyServer: http=127.0.0.1:56472;https=127.0.0.1:56472
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Suche
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://de.yahoo.com?fr=hp-avast&type=avastbcl
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = webssearches
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1414363158&from=exp&uid=ST1000DM003-9YN162_S1D7CZ8B&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = webssearches
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = webssearches
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1414363158&from=exp&uid=ST1000DM003-9YN162_S1D7CZ8B&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = webssearches
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1414363158&from=exp&uid=ST1000DM003-9YN162_S1D7CZ8B&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = https://de.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = webssearches
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1414363158&from=exp&uid=ST1000DM003-9YN162_S1D7CZ8B&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe webssearches
SearchScopes: HKLM - {D09195F2-1B7B-4DBF-A744-45187504E0A8} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = Elektronik, Autos, Mode, Sammlerstücke, Gutscheine und mehr Online-Shopping | eBay ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.allsearches.info/?l=1&q={searchTerms}&pid=20476&r=2014/10/17&hid=10824950958811862670&lg=EN&cc=DE&unqvl=64
SearchScopes: HKLM-x32 - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.allsearches.info/?l=1&q={searchTerms}&pid=20476&r=2014/10/17&hid=10824950958811862670&lg=EN&cc=DE&unqvl=64
SearchScopes: HKLM-x32 - {D09195F2-1B7B-4DBF-A744-45187504E0A8} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = Elektronik, Autos, Mode, Sammlerstücke, Gutscheine und mehr Online-Shopping | eBay ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3319709&octid=EB_ORIGINAL_CTID&ISID=M6501E07C-5D16-4F04-B9EB-7AAB54B94A7F&SearchSource=58&CUI=&UM=6&UP=SP577CB438-5C21-4F17-9DB6-606F921BBF3E&q={searchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3319709&octid=EB_ORIGINAL_CTID&ISID=M6501E07C-5D16-4F04-B9EB-7AAB54B94A7F&SearchSource=58&CUI=&UM=6&UP=SP577CB438-5C21-4F17-9DB6-606F921BBF3E&q={searchTerms}&SSPV=
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1414363158&from=exp&uid=ST1000DM003-9YN162_S1D7CZ8B&q={searchTerms}
SearchScopes: HKCU - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.allsearches.info/?l=1&q={searchTerms}&pid=20476&r=2014/10/17&hid=10824950958811862670&lg=EN&cc=DE&unqvl=64
SearchScopes: HKCU - {D09195F2-1B7B-4DBF-A744-45187504E0A8} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = Elektronik, Autos, Mode, Sammlerstücke, Gutscheine und mehr Online-Shopping | eBay ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: BlockAndSurf -> {06E9A9E4-47D3-60DC-6D4D-71BD0D09B51D} -> C:\Program Files (x86)\ver2BlockAndSurf\181_x64.dll ()
BHO: No Name -> {11111111-1111-1111-1111-110611321185} -> No File
BHO: YoutubeAdBloCke -> {586d46e7-74c3-4eea-aa6b-067c00593774} -> C:\Program Files (x86)\YoutubeAdBloCke\ZxKKaD0h2HToOd.x64.dll ()
BHO: YoutubeAdBlocke -> {a7e602b2-c596-4ded-94df-5f51dec7cc2e} -> C:\Program Files (x86)\YoutubeAdBlocke\tnE7TlVZruGeTo.x64.dll ()
BHO: NextCoup -> {d37f98db-a4ba-4a88-ad72-a4b8ff332aec} -> C:\Program Files (x86)\NextCoup\FlFP2RATMVU7W1.x64.dll ()
BHO-x32: AcroIEHlprObj Class -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: BlockAndSurf -> {06E9A9E4-47D3-60DC-6D4D-71BD0D09B51D} -> C:\Program Files (x86)\ver2BlockAndSurf\181.dll ()
BHO-x32: No Name -> {11111111-1111-1111-1111-110611321185} -> No File
BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: YoutubeAdBlocke -> {a7e602b2-c596-4ded-94df-5f51dec7cc2e} -> C:\Program Files (x86)\YoutubeAdBlocke\tnE7TlVZruGeTo.dll ()
BHO-x32: NextCoup -> {d37f98db-a4ba-4a88-ad72-a4b8ff332aec} -> C:\Program Files (x86)\NextCoup\FlFP2RATMVU7W1.dll ()
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: Adanak -> {ef05f09c-9b2a-43a0-8155-fab1d641215a} -> C:\Program Files (x86)\Adanak\Adanakbho.dll (Adanak)
Tcpip\Parameters: [DhcpNameServer] 82.212.62.62 78.42.43.62
FireFox:
========
FF ProfilePath: C:\Users\waldemar\AppData\Roaming\Mozilla\Firefox\Profiles\32m2wwn4.default-1414455783469
FF NewTab:
FF DefaultSearchEngine: Trovi search
FF SelectedSearchEngine: Trovi search
FF Keyword.URL:
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin HKCU: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF SearchPlugin: C:\Users\waldemar\AppData\Roaming\Mozilla\Firefox\Profiles\32m2wwn4.default-1414455783469\searchplugins\trovi-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\webssearches.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: NextCoup - C:\Users\waldemar\AppData\Roaming\Mozilla\Firefox\Profiles\32m2wwn4.default-1414455783469\Extensions\G@VuX1P.org [2014-10-28]
FF Extension: Adanak - C:\Users\waldemar\AppData\Roaming\Mozilla\Firefox\Profiles\32m2wwn4.default-1414455783469\Extensions\{21769883-19ae-4dd9-b522-3613333c3df7}.xpi [2014-10-28]
FF Extension: Adblock Plus - C:\Users\waldemar\AppData\Roaming\Mozilla\Firefox\Profiles\32m2wwn4.default-1414455783469\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-10-30]
FF HKLM-x32\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\waldemar\AppData\Roaming\Mozilla\Firefox\Profiles\d8tsnf1e.default\extensions\faststartff@gmail.com
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF HKCU\...\Firefox\Extensions: [{ED484659-965B-CCC8-527A-D9DE27A689A1}] - C:\Program Files (x86)\ver2BlockAndSurf\181.xpi
FF Extension: No Name - C:\Program Files (x86)\ver2BlockAndSurf\181.xpi [2014-10-26]
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR RestoreOnStartup: Default -> "hxxp://start.iminent.com/?appId=9BEC116D-D7AE-4914-8F57-C0D412DF5744"
CHR Profile: C:\Users\waldemar\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (NextCoup) - C:\Users\waldemar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aebgfleabhhccegljopkcbjhedngbgei [2014-10-28]
CHR Extension: (HD for YouTube™) - C:\Users\waldemar\AppData\Local\Google\Chrome\User Data\Default\Extensions\akjbfncbadcmnkopckegnmjgihagponf [2014-09-29]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\waldemar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-27]
CHR Extension: (Chromoji - Emoji for Google Chrome™) - C:\Users\waldemar\AppData\Local\Google\Chrome\User Data\Default\Extensions\cahedbegdkagmcjfolhdlechbkeaieki [2014-09-29]
CHR Extension: (Skill Games) - C:\Users\waldemar\AppData\Local\Google\Chrome\User Data\Default\Extensions\caibojmomcndolfkdcehpbbflooebmeg [2014-09-29]
CHR Extension: (Photo Zoom for Facebook) - C:\Users\waldemar\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi [2014-09-29]
CHR Extension: (Tumblr Collage) - C:\Users\waldemar\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmfgcipfpihnkblbbemdagfdhjjeilli [2014-10-27]
CHR Extension: (Farbwechsel für Google ™) - C:\Users\waldemar\AppData\Local\Google\Chrome\User Data\Default\Extensions\hngnmbchfbnklgpmahdjjkfpklacgmcc [2014-09-29]
CHR Extension: (Red Ball) - C:\Users\waldemar\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibjalmjfkbijjjomllohadmkfkhgonop [2014-09-29]
CHR Extension: (BlockAndSurf) - C:\Users\waldemar\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifijaoidhdgkojflgknkjhfiflkcfkpi [2014-10-26]
CHR Extension: (HQVP-3.5V21.09) - C:\Users\waldemar\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia [2014-09-28]
CHR Extension: (OptOn) - C:\Users\waldemar\AppData\Local\Google\Chrome\User Data\Default\Extensions\iocpknlaljmgfaafmhngmakmnilckkdc [2014-10-17]
CHR Extension: (Adblock Super) - C:\Users\waldemar\AppData\Local\Google\Chrome\User Data\Default\Extensions\knebimhcckndhiglamoabbnifdkijidd [2014-09-29]
CHR Extension: (GoSave) - C:\Users\waldemar\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcnpnehopncgafgcekcjhojfcammkdkl [2014-10-17]
CHR Extension: (SndLatr Beta for Gmail) - C:\Users\waldemar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfddgbpdnaeliohhkbdbcmenpnkepkgn [2014-10-24]
CHR Extension: (Google Wallet) - C:\Users\waldemar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-10]
CHR Extension: (Facebook Themes (Facebook Style Gallery) App) - C:\Users\waldemar\AppData\Local\Google\Chrome\User Data\Default\Extensions\oklfegjlnijpeedheifelomiocbagekj [2014-09-29]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 CouponArificService64; C:\Program Files (x86)\35556262-902E-49AE-8622-66E14F1F041C\arrmeapsie64.exe [172544 2014-09-29] () [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]
S4 HPConnectedRemote; c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35744 2012-10-12] (Hewlett-Packard)
R2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [714208 2014-10-26] (Cherished Technololgy LIMITED)
S4 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
S4 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-22] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-09-10] (Microsoft Corporation)
R2 MaintainerSvc3.19.691608; C:\ProgramData\f8d67e26-5954-4e5e-906c-2b89b2e43e87\maintainer.exe [123672 2014-10-31] ()
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-09-10] (Microsoft Corporation)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76152 2014-09-29] ()
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-22] (Microsoft Corporation)
S4 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [327680 2012-10-25] (IDT, Inc.) [File not signed]
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-22] (Microsoft Corporation)
R2 Update Adanak; C:\Program Files (x86)\Adanak\updateAdanak.exe [523032 2014-10-31] ()
R2 Util Adanak; C:\Program Files (x86)\Adanak\bin\utilAdanak.exe [523032 2014-10-31] ()
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-09-10] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-09-10] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-09-10] (Microsoft Corporation)
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [488960 2014-10-26] (Fuyu LIMITED) [File not signed]
S4 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S4 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R3 LcUvcUpper; C:\Windows\system32\DRIVERS\LcUvcUpper.sys [34408 2013-10-14] (Microsoft Corporation)
R1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [46376 2014-09-29] (NetFilterSDK.com)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-09-10] (Microsoft Corporation)
R2 webinstrNew; C:\WINDOWS\system32\Drivers\webinstrNew.sys [58040 2014-10-26] (Corsica)
R1 {21769883-19ae-4dd9-b522-3613333c3df7}Gw64; C:\Windows\System32\drivers\{21769883-19ae-4dd9-b522-3613333c3df7}Gw64.sys [48824 2014-10-28] (StdLib)
R1 {b20d1921-9bc2-4560-913a-b040b4111d1f}Gw64; C:\Windows\System32\drivers\{b20d1921-9bc2-4560-913a-b040b4111d1f}Gw64.sys [48824 2014-10-28] (StdLib)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-31 12:27 - 2014-10-31 12:28 - 00036756 _____ () C:\Users\waldemar\Downloads\Addition.txt
2014-10-31 12:26 - 2014-10-31 12:28 - 00025377 _____ () C:\Users\waldemar\Downloads\FRST.txt
2014-10-31 12:26 - 2014-10-31 12:28 - 00000000 ____D () C:\FRST
2014-10-31 12:26 - 2014-10-31 12:26 - 02113536 _____ (Farbar) C:\Users\waldemar\Downloads\FRST64.exe
2014-10-30 20:42 - 2014-10-30 20:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-10-30 20:13 - 2014-10-30 20:16 - 00000000 ____D () C:\Users\waldemar\AppData\Local\paint.net
2014-10-30 20:13 - 2014-10-30 20:13 - 00001314 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk
2014-10-30 20:13 - 2014-10-30 20:13 - 00001302 _____ () C:\Users\Public\Desktop\paint.net.lnk
2014-10-30 20:13 - 2014-10-30 20:13 - 00000000 ____D () C:\Program Files\paint.net
2014-10-30 20:12 - 2014-10-30 20:12 - 06272852 _____ () C:\Users\waldemar\Desktop\paint.net.4.0.3.install.zip
2014-10-30 20:12 - 2014-10-30 20:12 - 00000000 ____D () C:\Users\waldemar\Desktop\paint.net.4.0.3.install
2014-10-30 20:11 - 2014-10-30 20:11 - 01125200 _____ () C:\Users\waldemar\Downloads\Paint NET - CHIP-Installer.exe
2014-10-30 19:29 - 2014-10-30 19:29 - 00002175 _____ () C:\Users\waldemar\Desktop\TrackMania Nations Forever - CHIP Downloader.lnk
2014-10-30 19:28 - 2014-10-30 19:28 - 01125200 _____ () C:\Users\waldemar\Downloads\TrackMania Nations Forever - CHIP-Installer.exe
2014-10-29 06:01 - 2014-10-28 21:43 - 00048824 _____ (StdLib) C:\WINDOWS\system32\Drivers\{b20d1921-9bc2-4560-913a-b040b4111d1f}Gw64.sys
2014-10-28 23:06 - 2014-10-28 23:06 - 00000600 _____ () C:\Users\waldemar\AppData\Roaming\winscp.rnd
2014-10-28 22:51 - 2014-10-28 22:51 - 00001015 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinSCP.lnk
2014-10-28 22:51 - 2014-10-28 22:51 - 00000000 ____D () C:\Program Files (x86)\WinSCP
2014-10-28 22:45 - 2014-10-28 22:51 - 00000000 ____D () C:\Users\waldemar\Desktop\IOS 8 JB
2014-10-28 15:27 - 2014-10-31 00:11 - 00000000 ____D () C:\ProgramData\f8d67e26-5954-4e5e-906c-2b89b2e43e87
2014-10-28 14:57 - 2014-10-28 00:50 - 00048824 _____ (StdLib) C:\WINDOWS\system32\Drivers\{21769883-19ae-4dd9-b522-3613333c3df7}Gw64.sys
2014-10-28 14:52 - 2014-10-28 14:52 - 03940352 _____ () C:\WINDOWS\SysWOW64\setup.exe
2014-10-28 14:52 - 2014-10-28 14:52 - 00000000 ____D () C:\ProgramData\NextCoup
2014-10-28 14:52 - 2014-10-28 14:52 - 00000000 ____D () C:\Program Files (x86)\NextCoup
2014-10-28 14:48 - 2014-10-28 14:48 - 00000000 ____D () C:\Program Files (x86)\SaveNewaAppzo
2014-10-28 14:46 - 2014-10-28 14:46 - 00003158 _____ () C:\WINDOWS\System32\Tasks\{9E631260-DC19-4D51-A6E1-4D7D8D3B67F1}
2014-10-28 01:23 - 2014-10-28 01:23 - 00365920 _____ () C:\Users\waldemar\Downloads\Setup.exe
2014-10-27 21:31 - 2014-10-27 21:31 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-10-27 21:31 - 2014-10-27 21:31 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2014-10-27 21:31 - 2014-10-27 21:31 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2014-10-27 21:31 - 2014-10-27 21:31 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2014-10-27 21:31 - 2014-10-27 21:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-27 21:29 - 2014-10-27 21:29 - 00004028 _____ () C:\WINDOWS\System32\Tasks\LaunchSignup
2014-10-27 21:29 - 2014-10-27 21:29 - 00000000 ____D () C:\Users\waldemar\AppData\Local\pricehorse
2014-10-27 21:28 - 2014-10-27 21:33 - 00000000 ____D () C:\Users\waldemar\AppData\Roaming\systweak
2014-10-27 21:28 - 2014-10-27 21:33 - 00000000 ____D () C:\ProgramData\Systweak
2014-10-27 21:27 - 2014-10-27 21:27 - 00003332 _____ () C:\WINDOWS\System32\Tasks\ASP
2014-10-27 21:27 - 2014-07-17 18:49 - 00020328 _____ (System Speedup) C:\WINDOWS\system32\roboot64.exe
2014-10-27 21:26 - 2014-10-31 12:27 - 00000000 ____D () C:\Program Files\CouponArific
2014-10-27 21:26 - 2014-10-27 21:26 - 00000005 _____ () C:\end
2014-10-27 21:26 - 2014-10-27 21:26 - 00000000 ____D () C:\Program Files (x86)\35556262-902E-49AE-8622-66E14F1F041C
2014-10-27 13:36 - 2014-10-28 14:56 - 00000000 ____D () C:\Program Files (x86)\Adanak
2014-10-27 13:22 - 2014-10-27 13:22 - 00710107 _____ () C:\Users\waldemar\Desktop\Nieuwe_TM_hack2.exe
2014-10-27 00:54 - 2014-10-27 06:51 - 00001144 _____ () C:\Users\waldemar\Desktop\Continue Live Installation.lnk
2014-10-26 23:39 - 2014-10-31 12:26 - 00000000 ____D () C:\Users\waldemar\AppData\Local\Genesis_10262239
2014-10-26 23:39 - 2014-10-31 09:54 - 00000444 _____ () C:\WINDOWS\Tasks\BlockAndSurf Update.job
2014-10-26 23:39 - 2014-10-31 09:51 - 00009554 _____ () C:\WINDOWS\patsearch.bin
2014-10-26 23:39 - 2014-10-27 00:18 - 00000000 ____D () C:\Users\waldemar\AppData\Roaming\337Games
2014-10-26 23:39 - 2014-10-26 23:39 - 00058040 _____ (Corsica) C:\WINDOWS\system32\Drivers\webinstrNew.sys
2014-10-26 23:39 - 2014-10-26 23:39 - 00003402 _____ () C:\WINDOWS\System32\Tasks\LuckyTab
2014-10-26 23:39 - 2014-10-26 23:39 - 00003090 _____ () C:\WINDOWS\System32\Tasks\BlockAndSurf Update
2014-10-26 23:39 - 2014-10-26 23:39 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_webinstrNew_01009.Wdf
2014-10-26 23:39 - 2014-10-26 23:39 - 00000000 ____D () C:\Users\waldemar\AppData\Roaming\Microsoft\Windows\Start Menu\LuckyTab
2014-10-26 23:39 - 2014-10-26 23:39 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2014-10-26 23:39 - 2014-10-26 23:39 - 00000000 ____D () C:\ProgramData\IePluginServices
2014-10-26 23:39 - 2014-10-26 23:39 - 00000000 ____D () C:\Program Files (x86)\ver2BlockAndSurf
2014-10-26 23:39 - 2014-10-26 23:39 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-10-26 23:39 - 2014-10-26 23:39 - 00000000 ____D () C:\Program Files (x86)\LuckyTab
2014-10-26 23:32 - 2014-10-26 23:32 - 00000000 ____D () C:\Users\waldemar\Desktop\TrackMania---UltraTrainer-(cheat)-do-TMNF,TMUF,TM2C
2014-10-26 23:32 - 2012-10-01 19:16 - 00000058 _____ () C:\Users\waldemar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hesla !.txt
2014-10-26 23:32 - 2012-09-26 00:26 - 00002381 _____ () C:\Users\waldemar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ReadMe (Important).nfo
2014-10-26 23:32 - 2012-09-26 00:16 - 00329216 _____ (Copy-Mark Productions) C:\Users\waldemar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TM2C_Trainer.exe
2014-10-26 23:32 - 2012-09-26 00:16 - 00152576 _____ (Copy-Mark Productions) C:\Users\waldemar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TMNF_Trainer.exe
2014-10-26 23:32 - 2012-09-26 00:16 - 00148992 _____ (Copy-Mark Productions) C:\Users\waldemar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TMUF_Trainer.exe
2014-10-26 23:32 - 2012-09-25 01:38 - 00569344 _____ () C:\Users\waldemar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\tlTrainer.dll
2014-10-26 23:32 - 2012-09-24 22:17 - 00006656 _____ () C:\Users\waldemar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\pscan.dll
2014-10-26 23:32 - 2012-06-17 14:35 - 00000187 _____ () C:\Users\waldemar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\config.cfg
2014-10-26 23:32 - 2012-06-09 19:07 - 00048128 _____ () C:\Users\waldemar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\lgLcdConnect.dll
2014-10-26 23:32 - 2011-09-09 18:44 - 04003840 _____ () C:\Users\waldemar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\libmysql.dll
2014-10-26 23:31 - 2014-10-26 23:31 - 01307001 _____ () C:\Users\waldemar\Desktop\TrackMania---UltraTrainer-(cheat)-do-TMNF,TMUF,TM2C.rar
2014-10-25 13:16 - 2014-10-25 13:16 - 00000000 ____D () C:\Users\waldemar\Downloads\Underwater City
2014-10-25 13:16 - 2014-10-25 13:16 - 00000000 ____D () C:\Users\waldemar\Downloads\The dropper PE
2014-10-25 13:16 - 2014-10-25 13:16 - 00000000 ____D () C:\Users\waldemar\Downloads\the dropper
2014-10-25 13:16 - 2014-10-25 13:16 - 00000000 ____D () C:\Users\waldemar\Downloads\RollerCoaster
2014-10-25 13:16 - 2014-10-25 13:16 - 00000000 ____D () C:\Users\waldemar\Downloads\Rolercoaster
2014-10-25 13:16 - 2014-10-25 13:16 - 00000000 ____D () C:\Users\waldemar\Downloads\Escape the witch
2014-10-25 13:16 - 2014-07-19 14:54 - 00000000 ____D () C:\Users\waldemar\Downloads\AAR Coaster
2014-10-25 13:15 - 2014-09-01 16:23 - 00000000 ____D () C:\Users\waldemar\Downloads\(Newer version 4) Never Ending Coaster
2014-10-25 13:15 - 2014-09-01 16:10 - 00000000 ____D () C:\Users\waldemar\Downloads\roller coster 3.4
2014-10-25 13:15 - 2014-07-15 07:37 - 00000000 ____D () C:\Users\waldemar\Downloads\Syahir's Rollercoaster
2014-10-24 06:35 - 2014-10-28 14:53 - 00000000 ____D () C:\ProgramData\SaveNewaAppzo
2014-10-23 19:26 - 2014-10-23 19:37 - 00000000 ____D () C:\Users\waldemar\Downloads\Minecraft Pocket Edition
2014-10-23 19:23 - 2014-10-23 19:59 - 00000000 ____D () C:\Users\waldemar\AppData\Roaming\iFunbox_UserCache
2014-10-23 19:23 - 2014-10-23 19:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\i-Funbox DevTeam
2014-10-23 19:23 - 2014-10-23 19:23 - 00000000 ____D () C:\Program Files (x86)\i-Funbox DevTeam
2014-10-23 18:58 - 2014-10-29 12:36 - 00000000 ____D () C:\Users\waldemar\AppData\Local\pangu
2014-10-23 18:57 - 2014-10-23 19:00 - 00000000 ____D () C:\Users\waldemar\AppData\Roaming\Apple Computer
2014-10-23 18:57 - 2014-10-23 18:57 - 00000000 ____D () C:\Users\waldemar\AppData\Local\Apple Computer
2014-10-23 18:57 - 2014-10-23 18:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-10-23 18:57 - 2014-10-23 18:57 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-10-23 18:57 - 2014-10-23 18:57 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-10-23 18:57 - 2014-10-23 18:57 - 00000000 ____D () C:\Program Files\iTunes
2014-10-23 18:57 - 2014-10-23 18:57 - 00000000 ____D () C:\Program Files\iPod
2014-10-23 18:57 - 2014-10-23 18:57 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-10-23 18:57 - 2012-10-03 15:14 - 00033240 _____ (GEAR Software Inc.) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2014-10-23 18:56 - 2014-10-23 18:57 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-10-23 18:56 - 2014-10-23 18:56 - 00002535 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-10-23 18:56 - 2014-10-23 18:56 - 00000000 ____D () C:\Users\waldemar\AppData\Local\Apple
2014-10-23 18:56 - 2014-10-23 18:56 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-10-18 10:13 - 2014-10-18 10:13 - 00000000 ____D () C:\WINDOWS\Minidump
2014-10-17 23:54 - 2014-10-28 14:53 - 00000000 ____D () C:\ProgramData\OptOn
2014-10-17 23:54 - 2014-10-28 14:48 - 00000000 ____D () C:\Program Files (x86)\OptOn
2014-10-17 23:48 - 2014-10-17 23:48 - 00000000 ____D () C:\Users\waldemar\AppData\Roaming\EZDownloader
2014-10-17 23:39 - 2014-10-17 23:39 - 00000000 ____D () C:\Users\waldemar\Documents\Optimizer Pro
2014-10-17 23:24 - 2014-10-17 23:55 - 00000000 ____D () C:\Users\waldemar\AppData\Roaming\SkypEmoticons
2014-10-17 23:24 - 2014-10-17 23:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SkypEmoticons
2014-10-17 23:24 - 2014-10-17 23:24 - 00000000 ____D () C:\ProgramData\Trusted Publisher
2014-10-17 23:23 - 2014-10-28 14:53 - 00000000 ____D () C:\ProgramData\GoSave
2014-10-17 23:23 - 2014-10-28 14:52 - 00000000 ____D () C:\Program Files (x86)\GoSave
2014-10-17 23:23 - 2014-10-17 23:23 - 00000000 ____D () C:\Users\waldemar\AppData\Local\Torch
2014-10-17 23:23 - 2014-10-17 23:23 - 00000000 ____D () C:\Users\waldemar\AppData\Local\Chromatic Browser
2014-10-17 23:23 - 2014-10-17 23:23 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Torch
2014-10-17 23:23 - 2014-10-17 23:23 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Chromatic Browser
2014-10-17 23:23 - 2014-10-17 23:23 - 00000000 ____D () C:\Users\Gast\AppData\Local\Torch
2014-10-17 23:23 - 2014-10-17 23:23 - 00000000 ____D () C:\Users\Gast\AppData\Local\Chromatic Browser
2014-10-17 23:23 - 2014-10-17 23:23 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-10-17 23:23 - 2014-10-17 23:23 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser
2014-10-17 22:59 - 2014-10-17 23:01 - 00000000 ____D () C:\Users\waldemar\Desktop\Musik
2014-10-17 16:49 - 2014-10-17 16:49 - 00001319 _____ () C:\Users\Public\Desktop\Need for Speed™ Most Wanted.lnk
2014-10-17 16:49 - 2014-10-17 16:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Need for Speed™ Most Wanted
2014-10-15 06:27 - 2014-09-27 23:25 - 04183040 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-10-15 06:27 - 2014-09-13 07:29 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\packager.dll
2014-10-15 06:27 - 2014-09-13 06:49 - 00068608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\packager.dll
2014-10-15 06:27 - 2014-09-04 01:10 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2014-10-15 06:27 - 2014-09-04 00:57 - 00921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-10-15 06:27 - 2014-09-04 00:49 - 00626688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2014-10-15 06:26 - 2014-09-25 23:50 - 13619200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-10-15 06:26 - 2014-09-25 23:46 - 00243200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-10-15 06:26 - 2014-09-25 23:46 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-10-15 06:26 - 2014-09-25 23:43 - 11807232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-10-15 06:26 - 2014-09-25 23:32 - 02017280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-10-15 06:26 - 2014-09-25 23:31 - 02108416 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-10-15 06:26 - 2014-09-19 03:25 - 23631360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-10-15 06:26 - 2014-09-19 02:44 - 17484800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-10-15 06:26 - 2014-09-19 02:41 - 02796032 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-10-15 06:26 - 2014-09-19 02:40 - 00547328 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-10-15 06:26 - 2014-09-19 02:38 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-10-15 06:26 - 2014-09-19 02:36 - 05829632 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-10-15 06:26 - 2014-09-19 02:25 - 04201472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-10-15 06:26 - 2014-09-19 02:25 - 00758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-10-15 06:26 - 2014-09-19 02:02 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-10-15 06:26 - 2014-09-19 02:00 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-10-15 06:26 - 2014-09-19 01:59 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-10-15 06:26 - 2014-09-19 01:58 - 00289280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-10-15 06:26 - 2014-09-19 01:55 - 02187264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-10-15 06:26 - 2014-09-19 01:42 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-10-15 06:26 - 2014-09-19 01:42 - 00710656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-10-15 06:26 - 2014-09-19 01:42 - 00363008 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-10-15 06:26 - 2014-09-19 01:33 - 02309632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-10-15 06:26 - 2014-09-19 01:20 - 00607744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-10-15 06:26 - 2014-09-19 01:20 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-10-15 06:26 - 2014-09-19 01:14 - 01447936 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-10-15 06:26 - 2014-09-19 00:59 - 01810944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-10-15 06:26 - 2014-09-19 00:59 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-10-15 06:26 - 2014-09-19 00:53 - 01190400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-10-15 06:26 - 2014-09-19 00:52 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-10-15 06:25 - 2014-09-08 04:15 - 00054752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-10-15 06:25 - 2014-09-08 02:46 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2014-10-15 06:25 - 2014-09-08 02:46 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2014-10-15 06:25 - 2014-09-08 01:08 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2014-10-15 06:25 - 2014-09-08 01:07 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2014-10-15 06:25 - 2014-09-08 01:05 - 03448320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-10-15 06:25 - 2014-09-08 01:04 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2014-10-15 06:25 - 2014-09-08 01:04 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-10-15 06:25 - 2014-09-08 01:03 - 01702400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2014-10-15 06:25 - 2014-09-08 01:03 - 00839680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-10-15 06:25 - 2014-09-08 00:59 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2014-10-15 06:25 - 2014-09-08 00:59 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2014-10-15 06:25 - 2014-09-08 00:56 - 00672256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-10-15 06:25 - 2014-09-08 00:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-10-15 06:25 - 2014-09-04 01:12 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2014-10-15 06:25 - 2014-09-04 01:01 - 00514048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2014-10-15 06:25 - 2014-08-16 05:08 - 21195616 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-10-15 06:25 - 2014-08-16 05:08 - 01507648 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2014-10-15 06:25 - 2014-08-16 05:01 - 01710184 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2014-10-15 06:25 - 2014-08-16 04:58 - 01112512 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2014-10-15 06:25 - 2014-08-16 04:57 - 02498880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-10-15 06:25 - 2014-08-16 04:57 - 00428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2014-10-15 06:25 - 2014-08-16 04:16 - 18722600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-10-15 06:25 - 2014-08-16 04:16 - 01205976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
2014-10-15 06:25 - 2014-08-16 04:03 - 01467384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2014-10-15 06:25 - 2014-08-16 02:31 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2014-10-15 06:25 - 2014-08-16 02:04 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
2014-10-15 06:25 - 2014-08-16 01:58 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2014-10-15 06:25 - 2014-08-16 01:53 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2014-10-15 06:25 - 2014-08-16 01:46 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityService.dll
2014-10-15 06:25 - 2014-08-16 01:45 - 00267776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2014-10-15 06:25 - 2014-08-16 01:43 - 00321024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll
2014-10-15 06:25 - 2014-08-16 01:43 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhsvc.dll
2014-10-15 06:25 - 2014-08-16 01:31 - 00914432 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2014-10-15 06:25 - 2014-08-16 01:31 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcsvDevice.dll
2014-10-15 06:25 - 2014-08-16 01:29 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-10-15 06:25 - 2014-08-16 01:23 - 01106432 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2014-10-15 06:25 - 2014-08-16 01:22 - 00717824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2014-10-15 06:25 - 2014-08-16 01:22 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveShell.dll
2014-10-15 06:25 - 2014-08-16 01:19 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-10-15 06:25 - 2014-08-16 01:18 - 04758528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2014-10-15 06:25 - 2014-08-16 01:17 - 08757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2014-10-15 06:25 - 2014-08-16 01:14 - 00265216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SkyDriveShell.dll
2014-10-15 06:25 - 2014-08-16 01:13 - 06649344 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2014-10-15 06:25 - 2014-08-16 01:13 - 05902848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2014-10-15 06:25 - 2014-08-16 01:13 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2014-10-15 06:25 - 2014-08-16 01:11 - 00920064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-10-15 06:25 - 2014-08-16 01:10 - 01120768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2014-10-15 06:25 - 2014-08-16 01:08 - 05777408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2014-10-15 06:25 - 2014-08-16 01:07 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-10-15 06:25 - 2014-08-01 00:22 - 00388729 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-10-15 06:24 - 2014-09-13 07:02 - 02779648 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2014-10-15 06:24 - 2014-09-13 06:30 - 03117568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2014-10-15 06:24 - 2014-08-29 02:58 - 00109568 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2014-10-15 06:24 - 2014-08-29 00:56 - 02646016 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-10-15 06:24 - 2014-08-29 00:47 - 02321920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-10-11 10:38 - 2013-08-22 07:59 - 00206336 _____ () C:\Users\waldemar\Desktop\battlefield 3 NoRecoil+Nospread+Minimap+ESP.EXE
2014-10-11 08:53 - 2014-10-11 08:53 - 00002191 _____ () C:\Users\waldemar\Desktop\Minecraft.lnk
2014-10-11 08:53 - 2014-10-11 08:53 - 00000000 ____D () C:\Users\waldemar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecraft
2014-10-10 14:50 - 2014-10-28 14:48 - 00000000 ____D () C:\Program Files (x86)\OBS
2014-10-10 14:50 - 2014-10-11 08:38 - 00000000 ____D () C:\Users\waldemar\Desktop\Videoaufnahmen OBS
2014-10-08 19:38 - 2014-10-30 20:42 - 00003848 _____ () C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1412793520
2014-10-08 19:38 - 2014-10-30 20:42 - 00001019 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2014-10-08 19:38 - 2014-10-30 20:42 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-10-08 19:38 - 2014-10-08 19:38 - 00001149 _____ () C:\Users\Public\Desktop\Opera.lnk
2014-10-08 19:38 - 2014-10-08 19:38 - 00000000 ____D () C:\Users\waldemar\AppData\Roaming\Opera Software
2014-10-08 19:38 - 2014-10-08 19:38 - 00000000 ____D () C:\Users\waldemar\AppData\Local\Opera Software
2014-10-08 10:17 - 2010-08-30 07:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\SysWOW64\sqlite3.dll
2014-10-02 21:06 - 2012-10-20 14:28 - 00187392 _____ (master131) C:\Users\waldemar\Desktop\Extreme Injector v2 by master131.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-31 12:23 - 2014-08-10 22:38 - 00000000 ____D () C:\Users\waldemar\Documents\TmForever
2014-10-31 12:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-10-31 11:32 - 2014-07-10 15:27 - 00001128 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-31 11:16 - 2014-09-10 16:42 - 01349410 _____ () C:\WINDOWS\WindowsUpdate.log
2014-10-31 10:43 - 2014-09-12 18:51 - 00003934 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{A350FA8C-F1AE-4D16-B3BE-40AF58306519}
2014-10-31 09:58 - 2012-07-26 06:26 - 00000194 _____ () C:\WINDOWS\win.ini
2014-10-31 09:51 - 2014-09-10 17:10 - 00000000 __RDO () C:\Users\waldemar\OneDrive
2014-10-31 09:51 - 2014-07-10 15:27 - 00001124 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-30 22:28 - 2014-07-10 15:20 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-930745963-3632866088-1184878944-1001
2014-10-30 21:42 - 2014-09-30 15:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-30 19:24 - 2014-03-18 11:03 - 01980934 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-10-30 19:24 - 2014-03-18 10:25 - 00841326 _____ () C:\WINDOWS\system32\perfh007.dat
2014-10-30 19:24 - 2014-03-18 10:25 - 00191558 _____ () C:\WINDOWS\system32\perfc007.dat
2014-10-30 12:25 - 2014-09-12 10:47 - 00275080 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2014-10-30 09:33 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-10-28 14:53 - 2014-03-18 02:50 - 03003296 _____ () C:\WINDOWS\PFRO.log
2014-10-28 14:53 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-10-28 14:52 - 2014-09-27 22:19 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-10-28 14:52 - 2014-09-27 22:19 - 00000000 ____D () C:\ProgramData\10c5eb2f42657587
2014-10-28 14:52 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-10-28 14:48 - 2014-06-19 20:26 - 00000000 ____D () C:\Program Files\OBs
2014-10-28 14:46 - 2014-09-30 15:55 - 00001173 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-10-28 14:46 - 2014-09-30 15:55 - 00001161 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-10-28 14:46 - 2014-09-10 17:07 - 00001452 _____ () C:\Users\waldemar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-10-28 10:47 - 2014-07-12 12:27 - 00000000 ____D () C:\Users\waldemar\AppData\Local\CrashDumps
2014-10-27 00:18 - 2014-09-10 16:50 - 00000000 ____D () C:\Users\waldemar
2014-10-26 23:39 - 2013-08-22 15:46 - 00374463 _____ () C:\WINDOWS\setupact.log
2014-10-23 19:47 - 2014-08-27 08:59 - 00000000 ____D () C:\Users\waldemar\Desktop\Dinge für Spiele
2014-10-23 18:56 - 2013-01-22 10:17 - 00000000 ____D () C:\ProgramData\Apple
2014-10-22 16:42 - 2014-09-29 16:45 - 00348928 _____ () C:\WINDOWS\SysWOW64\PnkBstrB.exe
2014-10-22 16:42 - 2014-08-20 17:32 - 00348928 _____ () C:\WINDOWS\SysWOW64\PnkBstrB.xtr
2014-10-22 16:41 - 2014-09-29 16:45 - 00348928 _____ () C:\WINDOWS\SysWOW64\PnkBstrB.ex0
2014-10-22 16:38 - 2014-07-15 15:08 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-10-18 10:13 - 2013-03-23 15:28 - 00143889 ____N () C:\WINDOWS\Minidump\101814-14640-01.dmp
2014-10-17 23:49 - 2014-08-08 00:02 - 00000000 ____D () C:\Program Files (x86)\Cracked Steam
2014-10-17 23:23 - 2014-09-27 22:19 - 00000000 ____D () C:\ProgramData\YoutubeAdBloCke
2014-10-17 23:23 - 2014-09-27 22:19 - 00000000 ____D () C:\Program Files (x86)\YoutubeAdBloCke
2014-10-17 16:29 - 2014-07-15 15:08 - 00000000 ____D () C:\ProgramData\Origin
2014-10-17 16:24 - 2014-09-22 20:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-10-17 16:24 - 2014-09-22 20:03 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2014-10-17 16:24 - 2014-08-11 16:29 - 00000000 ____D () C:\Users\waldemar\AppData\Roaming\DVDVideoSoft
2014-10-16 19:22 - 2014-07-11 20:05 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-10-16 19:19 - 2014-07-11 20:05 - 103265616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-10-15 20:01 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-10-15 10:38 - 2013-08-22 15:44 - 00351464 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-10-15 10:08 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-10-15 10:08 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-10-15 10:08 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2014-10-15 10:08 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\FileManager
2014-10-15 10:08 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\Camera
2014-10-15 06:34 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-10-11 08:53 - 2014-08-17 07:02 - 00000000 ____D () C:\Users\waldemar\AppData\Roaming\.minecraft
2014-10-11 07:24 - 2014-08-03 16:52 - 00000000 ____D () C:\Users\waldemar\AppData\Roaming\NVIDIA
2014-10-10 19:54 - 2014-07-12 14:37 - 00000000 ____D () C:\Program Files\Spiele
Some content of TEMP:
====================
C:\Users\waldemar\AppData\Local\Temp\2YyPUaAQRF.exe
C:\Users\waldemar\AppData\Local\Temp\5tmhUfytxl.exe
C:\Users\waldemar\AppData\Local\Temp\6571C0D822CF.exe
C:\Users\waldemar\AppData\Local\Temp\6nuzW2Jks9.exe
C:\Users\waldemar\AppData\Local\Temp\86A88D1DE.exe
C:\Users\waldemar\AppData\Local\Temp\CloudBackup415.exe
C:\Users\waldemar\AppData\Local\Temp\dlLogic.exe
C:\Users\waldemar\AppData\Local\Temp\dltr.exe
C:\Users\waldemar\AppData\Local\Temp\drvprosetup.exe
C:\Users\waldemar\AppData\Local\Temp\GCVerifier.dll
C:\Users\waldemar\AppData\Local\Temp\GoForFiles4AWMFp2sGp.exe
C:\Users\waldemar\AppData\Local\Temp\GoForFilesdWHCmlWNFQ.exe
C:\Users\waldemar\AppData\Local\Temp\jwfHL7MAIN.exe
C:\Users\waldemar\AppData\Local\Temp\LiveSupport_setup.exe
C:\Users\waldemar\AppData\Local\Temp\lSik9.dll
C:\Users\waldemar\AppData\Local\Temp\lSik9.exe
C:\Users\waldemar\AppData\Local\Temp\networkme1.exe
C:\Users\waldemar\AppData\Local\Temp\optprosetup.exe
C:\Users\waldemar\AppData\Local\Temp\playsetup.exe
C:\Users\waldemar\AppData\Local\Temp\PP3scwPNIH.exe
C:\Users\waldemar\AppData\Local\Temp\prVA1.exe
C:\Users\waldemar\AppData\Local\Temp\res.dll
C:\Users\waldemar\AppData\Local\Temp\sSetup-se.exe
C:\Users\waldemar\AppData\Local\Temp\suRyop9H8x.exe
C:\Users\waldemar\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\waldemar\AppData\Local\Temp\System.Data.SQLite12171.dll
C:\Users\waldemar\AppData\Local\Temp\System.Data.SQLite12351.dll
C:\Users\waldemar\AppData\Local\Temp\System.Data.SQLite13697.dll
C:\Users\waldemar\AppData\Local\Temp\System.Data.SQLite28626.dll
C:\Users\waldemar\AppData\Local\Temp\System.Data.SQLite30572.dll
C:\Users\waldemar\AppData\Local\Temp\System.Data.SQLite36584.dll
C:\Users\waldemar\AppData\Local\Temp\System.Data.SQLite41022.dll
C:\Users\waldemar\AppData\Local\Temp\System.Data.SQLite42458.dll
C:\Users\waldemar\AppData\Local\Temp\System.Data.SQLite42666.dll
C:\Users\waldemar\AppData\Local\Temp\System.Data.SQLite48340.dll
C:\Users\waldemar\AppData\Local\Temp\System.Data.SQLite51368.dll
C:\Users\waldemar\AppData\Local\Temp\System.Data.SQLite58730.dll
C:\Users\waldemar\AppData\Local\Temp\System.Data.SQLite89466.dll
C:\Users\waldemar\AppData\Local\Temp\System.Data.SQLite89856.dll
C:\Users\waldemar\AppData\Local\Temp\System.Data.SQLite90835.dll
C:\Users\waldemar\AppData\Local\Temp\System.Data.SQLite97217.dll
C:\Users\waldemar\AppData\Local\Temp\Ut6ZMFaWA3.exe
C:\Users\waldemar\AppData\Local\Temp\vcredist_x64.exe
C:\Users\waldemar\AppData\Local\Temp\verifier.exe
C:\Users\waldemar\AppData\Local\Temp\VuuPC.exe
C:\Users\waldemar\AppData\Local\Temp\ZboHNdPjyc.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-10-28 17:15
==================== End Of Log ============================ --- --- --- |