FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-05-2015 02
Ran by waldemar (administrator) on MILLER on 15-05-2015 14:37:05
Running from C:\Users\waldemar\Desktop\Repair
Loaded Profiles: waldemar (Available profiles: waldemar & UpdatusUser & Administrator)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Microsoft Online Services\MSOIDSVC.EXE
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Microsoft Online Services\MSOIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\System32\PnkBstrA.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(TB) C:\Program Files (x86)\TermBlazer_1.10.0.16\Service\tbsvc.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Service.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-Network.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Opera Software) C:\Program Files (x86)\Opera\29.0.1795.47\opera.exe
() C:\Program Files (x86)\Opera\29.0.1795.47\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\29.0.1795.47\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\29.0.1795.47\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\29.0.1795.47\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\29.0.1795.47\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\29.0.1795.47\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\29.0.1795.47\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\29.0.1795.47\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\29.0.1795.47\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\29.0.1795.47\opera.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Microsoft Corporation) C:\Windows\System32\LocationNotifications.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Frontend.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2012-10-25] (Hewlett-Packard )
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-10-25] (IDT, Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585744 2015-01-16] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227648 2015-03-30] (AVAST Software)
HKLM-x32\...\RunOnce: [network_adsafiliadosllhs_1] => C:\Users\waldemar\AppData\Local\Temp\\BI_RunOnce.exe [198144 2015-05-09] () <===== ATTENTION
HKLM\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-19\...\Winlogon: [Shell] C:\WINDOWS\Explorer.exe [2501368 2015-01-28] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-20\...\Winlogon: [Shell] C:\WINDOWS\Explorer.exe [2501368 2015-01-28] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-21-930745963-3632866088-1184878944-1001\...\Run: [RGSC] => C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe [305064 2008-11-14] (Take-Two Interactive Software, Inc.)
HKU\S-1-5-21-930745963-3632866088-1184878944-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-930745963-3632866088-1184878944-1001\...\Run: [iFunBox Fast App Install Handler] => C:\Program Files (x86)\i-Funbox DevTeam\iFunBox_x64.exe [2508288 2015-02-10] (i-Funbox.com)
HKU\S-1-5-21-930745963-3632866088-1184878944-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-930745963-3632866088-1184878944-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-930745963-3632866088-1184878944-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-930745963-3632866088-1184878944-1001\...\Run: [uTorrent] => C:\Users\waldemar\AppData\Roaming\uTorrent\uTorrent.exe [1744976 2015-04-28] (BitTorrent Inc.)
HKU\S-1-5-21-930745963-3632866088-1184878944-1001\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-21-930745963-3632866088-1184878944-1001\...\Winlogon: [Shell] C:\WINDOWS\Explorer.exe [2501368 2015-01-28] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-21-930745963-3632866088-1184878944-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Ribbons.scr [132608 2014-10-29] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\1.bat [2014-08-21] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\2.bat [2014-08-21] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\3.bat [2014-08-21] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\4.bat [2014-08-21] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\5.bat [2014-08-21] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\6.bat [2014-08-21] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\7.bat [2014-08-21] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\8.bat [2014-08-21] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\9.bat [2014-08-21] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\zombiddos.vbs [2014-08-21] ()
Startup: C:\Users\waldemar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk [2015-02-22]
ShortcutTarget: GamersFirst LIVE!.lnk -> C:\Users\waldemar\AppData\Local\GamersFirst\LIVE!\Live.exe (GamersFirst)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2014-11-29] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-21] (Microsoft Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-930745963-3632866088-1184878944-1001\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = ?type=hppp
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = ?type=hppp
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = web/?type=dspp&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = web/?type=dspp&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = ?type=hppp
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = ?type=hppp
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = web/?type=dspp&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = web/?type=dspp&q={searchTerms}
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-930745963-3632866088-1184878944-1001\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-930745963-3632866088-1184878944-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
SearchScopes: HKLM -> {D09195F2-1B7B-4DBF-A744-45187504E0A8} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {D09195F2-1B7B-4DBF-A744-45187504E0A8} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-930745963-3632866088-1184878944-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = web/?type=dspp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-930745963-3632866088-1184878944-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
BHO: No Name -> {11111111-1111-1111-1111-110611321185} -> No File
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-04-21] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Users\waldemar\Documents\java\bin\ssv.dll [2015-04-17] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-11-29] (AVAST Software)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-04-21] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Users\waldemar\Documents\java\bin\jp2ssv.dll [2015-04-17] (Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: AcroIEHlprObj Class -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03] (Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-04-21] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-17] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-11-29] (AVAST Software)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-21] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-17] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-04-21] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 82.212.62.62 78.42.43.62
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF ProfilePath: C:\Users\waldemar\AppData\Roaming\Mozilla\Firefox\Profiles\32m2wwn4.default-1414455783469
FF DefaultSearchUrl: https://www.google.com/search/?trackid=sp-006
FF SearchEngineOrder.1: Google (avast)
FF SelectedSearchEngine: Google (avast)
FF Homepage: about:home
FF Keyword.URL: https://www.google.com/search/?trackid=sp-006
FF Plugin: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelogx64.dll No File
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2014-12-03] (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Users\waldemar\Documents\java\bin\dtplugin\npDeployJava1.dll [2015-04-17] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Users\waldemar\Documents\java\bin\plugin2\npjp2.dll [2015-04-17] (Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1215155.dll [2014-12-02] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2014-12-03] (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-07-18] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-07-18] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-17] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-17] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-04-21] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-04-21] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-28] (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2012-10-24] (Nero AG)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-03-13] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-03-13] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-930745963-3632866088-1184878944-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\waldemar\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-12-05] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-930745963-3632866088-1184878944-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2014-12-13] ()
FF SearchPlugin: C:\Users\waldemar\AppData\Roaming\Mozilla\Firefox\Profiles\32m2wwn4.default-1414455783469\searchplugins\google-avast.xml [2015-03-20]
FF Extension: iCloud Bookmarks - C:\Users\waldemar\AppData\Roaming\Mozilla\Firefox\Profiles\32m2wwn4.default-1414455783469\Extensions\firefoxdav@icloud.com [2015-04-17]
FF Extension: Adblock Plus - C:\Users\waldemar\AppData\Roaming\Mozilla\Firefox\Profiles\32m2wwn4.default-1414455783469\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-10-30]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-11-29]
FF HKU\S-1-5-21-930745963-3632866088-1184878944-1001\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR RestoreOnStartup: Default -> "hxxp://start.iminent.com/?appId=9BEC116D-D7AE-4914-8F57-C0D412DF5744"
CHR Profile: C:\Users\waldemar\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (HD for YouTube™) - C:\Users\waldemar\AppData\Local\Google\Chrome\User Data\Default\Extensions\akjbfncbadcmnkopckegnmjgihagponf [2014-09-29]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\waldemar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-27]
CHR Extension: (Chromoji - Emoji for Google Chrome™) - C:\Users\waldemar\AppData\Local\Google\Chrome\User Data\Default\Extensions\cahedbegdkagmcjfolhdlechbkeaieki [2014-09-29]
CHR Extension: (Skill Games) - C:\Users\waldemar\AppData\Local\Google\Chrome\User Data\Default\Extensions\caibojmomcndolfkdcehpbbflooebmeg [2014-09-29]
CHR Extension: (Photo Zoom for Facebook) - C:\Users\waldemar\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi [2014-09-29]
CHR Extension: (Color Change for Google™) - C:\Users\waldemar\AppData\Local\Google\Chrome\User Data\Default\Extensions\hngnmbchfbnklgpmahdjjkfpklacgmcc [2014-09-29]
CHR Extension: (Red Ball) - C:\Users\waldemar\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibjalmjfkbijjjomllohadmkfkhgonop [2014-09-29]
CHR Extension: (No Name) - C:\Users\waldemar\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia [2014-09-28]
CHR Extension: (Adblock Super) - C:\Users\waldemar\AppData\Local\Google\Chrome\User Data\Default\Extensions\knebimhcckndhiglamoabbnifdkijidd [2014-09-29]
CHR Extension: (Google Wallet) - C:\Users\waldemar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-10]
CHR Extension: (Facebook Themes (Facebook Style Gallery) App) - C:\Users\waldemar\AppData\Local\Google\Chrome\User Data\Default\Extensions\oklfegjlnijpeedheifelomiocbagekj [2014-09-29]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-29]
Opera:
=======
OPR Extension: (eBay-Erweiterung für Opera™ (von eBay)) - C:\Users\waldemar\AppData\Roaming\Opera Software\Opera Stable\Extensions\nonelnbmpmjifbnoclpchjakhkeolcbh [2014-12-19]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-29] (AVAST Software)
R2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [429784 2015-03-10] (BlueStack Systems, Inc.)
S2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [388824 2015-03-10] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [794328 2015-03-10] (BlueStack Systems, Inc.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2719928 2015-04-22] (Microsoft Corporation)
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1429504 2015-03-05] (Microsoft Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2015-01-16] (NVIDIA Corporation)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
S4 HPConnectedRemote; c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35744 2012-10-12] (Hewlett-Packard)
S4 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
S4 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 msoidsvc; C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2079520 2012-05-17] (Microsoft Corp.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706128 2015-01-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833360 2015-01-16] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1931632 2015-04-28] (Electronic Arts)
R2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [76152 2015-03-22] ()
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2015-03-22] ()
S4 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [327680 2012-10-25] (IDT, Inc.) [File not signed]
R2 tbsvc_1.10.0.16; C:\Program Files (x86)\TermBlazer_1.10.0.16\Service\tbsvc.exe [278600 2015-05-13] (TB)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-09-10] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-29] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-29] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-29] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-29] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-29] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-29] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-29] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-29] ()
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [145624 2015-03-10] (BlueStack Systems)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 CpqDfw; C:\Windows\System32\drivers\CpqDfw.sys [27456 2012-05-29] (Windows (R) Codename Longhorn DDK provider)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R3 LcUvcUpper; C:\Windows\system32\DRIVERS\LcUvcUpper.sys [34424 2015-02-09] (Microsoft Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-03-17] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-01-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R1 tbfd_1_10_0_16; C:\Windows\System32\drivers\tbfd_1_10_0_16.sys [58224 2015-05-13] (TB)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-15 14:28 - 2015-05-15 14:28 - 02106368 _____ (Farbar) C:\Users\waldemar\Desktop\FRST64 (1).exe
2015-05-14 18:48 - 2015-05-15 05:55 - 00000372 _____ () C:\WINDOWS\Tasks\AmiUpdXp.job
2015-05-14 18:48 - 2015-05-14 18:48 - 00003388 _____ () C:\WINDOWS\System32\Tasks\AmiUpdXp
2015-05-14 18:48 - 2015-05-14 18:48 - 00000000 ____D () C:\Users\waldemar\AppData\Local\32047
2015-05-14 18:26 - 2015-05-14 18:26 - 00003988 _____ () C:\WINDOWS\System32\Tasks\amiupdaterExi
2015-05-14 18:26 - 2015-05-14 18:26 - 00003748 _____ () C:\WINDOWS\System32\Tasks\amiupdaterExd
2015-05-14 18:26 - 2015-05-14 18:26 - 00003160 _____ () C:\WINDOWS\System32\Tasks\Run_Bobby_Browser
2015-05-14 18:25 - 2015-05-14 18:29 - 00000000 ____D () C:\Users\waldemar\AppData\Local\BoBrowser
2015-05-14 18:25 - 2015-05-14 18:26 - 00006747 _____ () C:\claraInstaller.txt
2015-05-14 18:19 - 2015-05-14 18:28 - 00000000 ____D () C:\Program Files (x86)\iPadian
2015-05-14 18:19 - 2015-05-14 18:27 - 00000993 _____ () C:\Users\waldemar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iPadian.lnk
2015-05-14 18:19 - 2015-05-14 18:20 - 00000000 ____D () C:\Program Files (x86)\TermBlazer_1.10.0.16
2015-05-14 17:58 - 2015-05-14 18:14 - 00000000 ____D () C:\Program Files (x86)\BlueStacks
2015-05-14 17:58 - 2015-05-14 17:58 - 00001876 _____ () C:\Users\Public\Desktop\Apps.lnk
2015-05-14 17:58 - 2015-05-14 17:58 - 00001781 _____ () C:\Users\Public\Desktop\Start BlueStacks.lnk
2015-05-14 17:58 - 2015-05-14 17:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
2015-05-14 17:58 - 2015-05-14 17:58 - 00000000 ____D () C:\ProgramData\BlueStacks
2015-05-14 17:57 - 2015-05-14 17:57 - 00000000 ____D () C:\Users\waldemar\AppData\Local\Bluestacks
2015-05-14 06:36 - 2015-04-30 22:35 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 06:36 - 2015-04-30 22:35 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 21:11 - 2015-05-13 21:11 - 00058224 _____ (TB) C:\WINDOWS\system32\Drivers\tbfd_1_10_0_16.sys
2015-05-13 20:12 - 2015-04-24 23:32 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-05-13 20:12 - 2015-04-10 02:34 - 02256896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-05-13 20:12 - 2015-04-10 02:11 - 01943040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-05-13 20:12 - 2015-03-30 07:47 - 00561928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-05-13 20:12 - 2015-03-27 05:27 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-05-13 20:12 - 2015-03-27 04:50 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-05-13 20:12 - 2015-03-27 04:48 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-05-13 20:12 - 2015-03-17 19:26 - 00467776 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-05-13 20:12 - 2015-03-13 02:29 - 00410017 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-05-13 20:12 - 2015-03-09 04:02 - 00057856 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2015-05-13 20:12 - 2015-03-05 01:09 - 01429504 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-05-13 20:12 - 2015-01-30 02:53 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-05-13 20:12 - 2014-11-14 08:58 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsDatabase.dll
2015-05-13 20:11 - 2015-05-01 01:05 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-05-13 20:11 - 2015-05-01 00:48 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-05-13 20:11 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-05-13 20:11 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-05-13 20:11 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-05-13 20:11 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-05-13 20:11 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-05-13 20:11 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-05-13 20:11 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-05-13 20:11 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-05-13 20:11 - 2015-04-21 18:13 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
2015-05-13 20:11 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-05-13 20:11 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-05-13 20:11 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-05-13 20:11 - 2015-04-21 18:07 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-05-13 20:11 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-05-13 20:11 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-05-13 20:11 - 2015-04-21 17:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-05-13 20:11 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-05-13 20:11 - 2015-04-21 17:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-05-13 20:11 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-05-13 20:11 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-05-13 20:11 - 2015-04-21 17:49 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-05-13 20:11 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-05-13 20:11 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-05-13 20:11 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-05-13 20:11 - 2015-04-21 17:37 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-05-13 20:11 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-05-13 20:11 - 2015-04-21 17:32 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-05-13 20:11 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-05-13 20:11 - 2015-04-21 17:28 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-05-13 20:11 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-05-13 20:11 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-05-13 20:11 - 2015-04-21 17:26 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-05-13 20:11 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-05-13 20:11 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-05-13 20:11 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-05-13 20:11 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-05-13 20:11 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-05-13 20:11 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-05-13 20:11 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-05-13 20:11 - 2015-04-14 00:48 - 04180480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-05-13 20:11 - 2015-04-10 03:00 - 01996800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-05-13 20:11 - 2015-04-10 02:50 - 01387008 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-05-13 20:11 - 2015-04-10 02:26 - 01560576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-05-13 20:11 - 2015-04-09 00:55 - 00410128 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2015-05-13 20:11 - 2015-04-03 02:35 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoMetadataHandler.dll
2015-05-13 20:11 - 2015-04-03 02:14 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll
2015-05-13 20:11 - 2015-04-02 00:22 - 02985984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2015-05-13 20:11 - 2015-04-02 00:20 - 04417536 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2015-05-13 20:11 - 2015-04-01 05:45 - 01491456 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2015-05-13 20:11 - 2015-04-01 04:31 - 01207296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2015-05-13 20:11 - 2015-03-20 03:56 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-05-13 20:11 - 2015-03-13 06:03 - 00239424 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2015-05-13 20:11 - 2015-03-13 06:03 - 00154432 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2015-05-13 20:11 - 2015-03-13 04:02 - 00316416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2015-05-13 20:11 - 2015-03-13 03:11 - 02162176 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2015-05-13 20:11 - 2015-03-13 02:39 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2015-05-13 20:11 - 2015-03-11 03:49 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdbinst.exe
2015-05-13 20:11 - 2015-03-11 03:09 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sdbinst.exe
2015-05-13 20:11 - 2015-03-06 05:08 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll
2015-05-13 20:11 - 2015-03-06 04:47 - 01696256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2015-05-13 20:11 - 2015-03-06 04:43 - 01969664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll
2015-05-13 20:11 - 2015-03-04 03:32 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2015-05-13 20:11 - 2015-03-04 03:12 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2015-05-13 20:11 - 2015-02-18 01:19 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2015-05-10 20:15 - 2015-05-10 20:16 - 06847822 _____ () C:\Users\waldemar\Desktop\Default Scenery Park By PiecesofPrestige.dat
2015-05-10 00:37 - 2015-05-10 00:37 - 00000058 _____ () C:\Users\waldemar\Desktop\Neues Textdokument (2).txt
2015-05-09 02:23 - 2015-05-09 02:23 - 00002188 _____ () C:\Users\Public\Desktop\RollerCoaster Tycoon 3 Platinum.lnk
2015-05-09 02:15 - 2015-05-09 02:23 - 00000000 ____D () C:\Users\waldemar\Documents\RCT3
2015-05-09 02:11 - 2015-05-09 02:11 - 691531800 _____ () C:\Users\waldemar\Downloads\RCT3 Platinum.rar
2015-05-09 01:58 - 2015-05-09 01:58 - 00000000 ____D () C:\ProgramData\dllescort
2015-05-09 01:57 - 2015-05-09 01:58 - 00000000 ____D () C:\Program Files (x86)\DLLEscort
2015-05-09 01:57 - 2015-05-09 01:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DLL Escort 2014
2015-05-09 01:56 - 2015-05-09 01:56 - 08882669 _____ ( ) C:\Users\waldemar\Downloads\DLLEscort_Setup.exe
2015-05-09 01:47 - 2015-05-09 01:47 - 00413312 _____ () C:\Users\waldemar\Downloads\DAEMON_Tools_Pro_Advanced_5_3_Crack_Download_Completo_PH_Downs_downloader-Qd8r4aRVV.exe
2015-05-09 01:44 - 2015-05-09 01:44 - 13223208 _____ (Disc Soft Ltd) C:\Users\waldemar\Downloads\DTLite501-0406.exe
2015-05-09 01:44 - 2015-05-09 01:44 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite
2015-05-09 01:31 - 2015-05-09 01:31 - 06942700 _____ () C:\Users\waldemar\Downloads\RCT3 NCD Crack.zip
2015-05-09 01:27 - 2015-05-09 01:27 - 06934779 _____ () C:\Users\waldemar\Downloads\RCT3plus.zip
2015-05-03 00:24 - 2015-05-03 00:24 - 00001116 _____ () C:\Users\waldemar\Downloads\Host-file.zip
2015-05-02 23:26 - 2015-05-02 23:35 - 1645862494 _____ () C:\Users\waldemar\Downloads\iPhone5,2_8.3_12F70_Restore.ipsw
2015-05-02 22:11 - 2015-05-03 04:21 - 00018290 _____ () C:\Users\waldemar\Downloads\umbrella.log
2015-05-02 22:11 - 2015-05-02 22:11 - 03618816 _____ () C:\Users\waldemar\Downloads\tinyumbrella-7.12.00.exe
2015-05-02 22:08 - 2015-05-02 22:08 - 01055396 _____ () C:\Users\waldemar\Downloads\Exit Rocovery mode for window.zip
2015-05-02 22:01 - 2015-05-02 22:01 - 31504520 _____ () C:\Users\waldemar\Downloads\tinyumbrella_windows-x64_8_2_0_60.zip
2015-05-02 21:59 - 2015-05-02 21:59 - 33167872 _____ () C:\Users\waldemar\Downloads\tinyumbrella_windows-x64_8_2_0_60.exe
2015-05-02 19:06 - 2015-05-02 19:06 - 00408541 _____ () C:\Users\waldemar\Downloads\ireb-r7.zip
2015-05-02 16:12 - 2015-05-02 16:28 - 1654996500 _____ () C:\Users\waldemar\Downloads\iOS_8.4_beta_2__iPhone_5_Model_A1429__12H4086d.zip
2015-05-02 00:58 - 2015-05-02 00:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-30 12:14 - 2015-04-30 12:14 - 00000000 ____D () C:\ProgramData\Movavi Video Suite 12
2015-04-30 12:13 - 2015-04-30 12:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movavi Video Suite 12
2015-04-30 12:13 - 2015-04-30 12:13 - 00000000 ____D () C:\Program Files (x86)\Movavi Core 5.1.0
2015-04-30 12:12 - 2015-04-30 12:13 - 00000000 ____D () C:\Program Files (x86)\Movavi Video Suite 12
2015-04-30 12:05 - 2015-04-30 12:09 - 00000000 ____D () C:\Users\waldemar\Downloads\Movavi Video Suite v12.0.0 + Crack
2015-04-30 12:04 - 2015-04-30 12:04 - 00013195 _____ () C:\Users\waldemar\Downloads\[limetorrents.cc]Movavi.Video.Suite.v12.0.0...Crack.torrent
2015-04-30 12:02 - 2015-04-30 12:02 - 00000000 ____D () C:\ProgramData\Movavi Video Converter 14
2015-04-30 11:13 - 2015-05-06 15:56 - 00000000 ____D () C:\Users\waldemar\Desktop\Neuer Ordner (6)
2015-04-30 11:13 - 2015-04-30 12:14 - 00000000 ____D () C:\Users\waldemar\AppData\Roaming\Movavi
2015-04-30 11:13 - 2015-04-30 12:02 - 00000000 ____D () C:\Users\waldemar\AppData\Local\Movavi
2015-04-30 11:13 - 2015-04-30 11:13 - 00000000 ____D () C:\Users\waldemar\AppData\Local\Deshaker
2015-04-30 11:11 - 2015-04-30 12:11 - 00000000 ____D () C:\ProgramData\Movavi
2015-04-30 11:11 - 2015-04-30 11:11 - 00004966 _____ () C:\ProgramData\wmzddnmb.cix
2015-04-30 11:10 - 2015-04-30 11:11 - 112043240 _____ (Movavi) C:\Users\waldemar\Downloads\MovaviVideoEditorSetupO.exe
2015-04-28 11:51 - 2015-04-28 11:57 - 00000000 ____D () C:\Users\waldemar\Downloads\Battlefield 3 [ZloGames]
2015-04-28 11:50 - 2015-04-28 11:50 - 01744976 _____ (BitTorrent Inc.) C:\Users\waldemar\Downloads\uTorrent40.exe
2015-04-28 11:50 - 2015-04-28 11:50 - 00000882 _____ () C:\Users\waldemar\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2015-04-28 11:49 - 2015-04-28 11:49 - 00075398 _____ () C:\Users\waldemar\Downloads\bf3.torrent
2015-04-27 22:01 - 2015-04-27 22:02 - 00000000 ____D () C:\Users\waldemar\Desktop\Neuer Ordner (5)
2015-04-27 21:43 - 2015-04-27 22:40 - 00000000 ____D () C:\Users\waldemar\Desktop\Neuer Ordner (4)
2015-04-27 14:00 - 2015-04-27 14:00 - 00001582 _____ () C:\Users\waldemar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CopyTrans Manager (Gratis).lnk
2015-04-27 14:00 - 2015-04-27 14:00 - 00001323 _____ () C:\Users\waldemar\Desktop\CopyTrans Manager (Gratis).lnk
2015-04-24 21:10 - 2015-04-24 21:11 - 00000000 ____D () C:\Users\waldemar\Documents\iPhone
2015-04-24 21:04 - 2015-04-24 21:06 - 00000000 ____D () C:\Users\waldemar\Desktop\Wii Backup
2015-04-22 13:47 - 2015-04-22 13:47 - 01079992 _____ (Microsoft Corporation) C:\Users\waldemar\Downloads\Setup.X86.de-de_O365ProPlusRetail_49d04ef8-1e1e-4d6c-ac91-e6a8a27a7565_TX_PR_ (1).exe
2015-04-22 13:45 - 2015-04-22 13:45 - 01079992 _____ (Microsoft Corporation) C:\Users\waldemar\Downloads\microsoft office 365.exe
2015-04-21 20:52 - 2015-04-21 20:52 - 00000000 ____D () C:\Users\waldemar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Office 365
2015-04-21 20:51 - 2015-04-21 21:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-04-21 20:50 - 2015-04-21 20:51 - 00000000 ____D () C:\Users\waldemar\AppData\Local\Deployment
2015-04-21 20:50 - 2015-04-21 20:50 - 00489760 _____ () C:\Users\waldemar\Downloads\setup_de.exe
2015-04-21 20:47 - 2015-04-21 20:52 - 713609160 _____ (Microsoft Corporation) C:\Users\waldemar\Downloads\MicrosoftOffice.exe
2015-04-21 20:45 - 2015-05-05 22:09 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-04-21 20:45 - 2015-04-21 20:45 - 01079992 _____ (Microsoft Corporation) C:\Users\waldemar\Downloads\Setup.X86.de-de_O365ProPlusRetail_49d04ef8-1e1e-4d6c-ac91-e6a8a27a7565_TX_PR_.exe
2015-04-20 15:41 - 2015-04-20 15:41 - 06550588 _____ () C:\Users\waldemar\Downloads\CarX (1).zip
2015-04-18 16:37 - 2015-04-18 16:37 - 00009260 _____ () C:\Users\waldemar\Downloads\MW_iOS_Hack_iApp_Promo.rar
2015-04-18 16:34 - 2015-04-18 16:34 - 00121870 _____ () C:\Users\waldemar\Downloads\GTA SA full.zip
2015-04-18 16:33 - 2015-04-18 16:33 - 00000151 _____ () C:\Users\waldemar\Downloads\freddy3iOS
2015-04-18 16:26 - 2015-04-18 16:28 - 98194658 _____ () C:\Users\waldemar\Downloads\APP HACKS CarX.rar
2015-04-18 16:25 - 2015-04-18 16:26 - 06550588 _____ () C:\Users\waldemar\Downloads\CarX.zip
2015-04-18 16:23 - 2015-04-18 16:23 - 00005605 _____ () C:\Users\waldemar\Downloads\BTDB Documents (2).zip
2015-04-18 16:21 - 2015-04-18 16:21 - 00005605 _____ () C:\Users\waldemar\Downloads\BTDB Documents (1).zip
2015-04-18 16:19 - 2015-04-18 16:19 - 00005605 _____ () C:\Users\waldemar\Downloads\BTDB Documents.zip
2015-04-18 16:18 - 2015-04-18 16:18 - 14103687 _____ () C:\Users\waldemar\Downloads\BTD Battles Hack (iOS) Mr. App Hacker.rar
2015-04-18 16:17 - 2015-04-18 16:21 - 25012550 _____ () C:\Users\waldemar\Downloads\v5.4 brp Library (goi) (1).zip
2015-04-18 15:50 - 2015-04-18 15:50 - 00001767 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-04-18 15:50 - 2015-04-18 15:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-04-18 15:50 - 2012-10-03 16:14 - 00033240 _____ (GEAR Software Inc.) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2015-04-18 15:49 - 2015-04-18 15:50 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-04-18 15:49 - 2015-04-18 15:50 - 00000000 ____D () C:\Program Files\iTunes
2015-04-18 15:49 - 2015-04-18 15:49 - 00002535 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-04-18 15:49 - 2015-04-18 15:49 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Apple
2015-04-18 15:49 - 2015-04-18 15:49 - 00000000 ____D () C:\Program Files\iPod
2015-04-18 15:49 - 2015-04-18 15:49 - 00000000 ____D () C:\Program Files\Bonjour
2015-04-18 15:49 - 2015-04-18 15:49 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2015-04-18 15:49 - 2015-04-18 15:49 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2015-04-18 15:47 - 2015-04-18 15:48 - 152362800 _____ (Apple Inc.) C:\Users\waldemar\Desktop\iTunes6464Setup.exe
2015-04-17 07:06 - 2015-04-17 07:07 - 00000000 ____D () C:\Users\waldemar\Desktop\Neuer Ordner (3)
2015-04-17 07:00 - 2015-04-17 07:00 - 00013713 _____ () C:\Users\waldemar\Desktop\MK iandel.zip
2015-04-17 06:48 - 2015-05-15 05:54 - 00000000 ___RD () C:\Users\waldemar\iCloudDrive
2015-04-17 06:48 - 2015-04-17 06:48 - 00000000 ____D () C:\Users\waldemar\AppData\Local\Apple Inc
2015-04-17 06:43 - 2015-04-17 06:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2015-04-17 06:41 - 2015-04-17 06:43 - 71647536 _____ (Apple Inc.) C:\Users\waldemar\Desktop\icloudsetup.exe
2015-04-17 06:19 - 2015-05-02 22:00 - 00000000 ____D () C:\Program Files (x86)\tinyumbrella
2015-04-17 06:17 - 2015-04-17 06:18 - 00000000 ____D () C:\Program Files\tinyumbrella
2015-04-17 06:16 - 2015-04-17 06:16 - 00111016 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2015-04-17 06:16 - 2015-04-17 06:16 - 00000000 ____D () C:\Users\waldemar\Documents\java
2015-04-17 06:15 - 2015-04-17 06:15 - 00000000 _____ () C:\WINDOWS\system32\REND9.tmp
2015-04-17 06:11 - 2015-04-17 06:12 - 00000000 ____D () C:\Users\waldemar\.tu
2015-04-17 06:10 - 2015-05-02 22:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TinyUmbrella
2015-04-17 06:09 - 2015-04-17 06:09 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-04-17 06:05 - 2015-04-17 06:08 - 37321640 _____ (Oracle Corporation) C:\Users\waldemar\Desktop\jre-8u45-windows-i586.exe
2015-04-17 06:00 - 2015-04-17 06:02 - 43159464 _____ (Oracle Corporation) C:\Users\waldemar\Desktop\jre-8u45-windows-x64.exe
2015-04-17 05:59 - 2015-04-17 06:18 - 02535424 _____ () C:\Users\waldemar\Desktop\tinyumbrella_windows-x64_8_2_0_60_InstalledJRE.exe
2015-04-17 05:42 - 2015-04-17 06:09 - 1931441740 _____ () C:\Users\waldemar\Desktop\iPhone6,2_8.2_12D508_Restore.ipsw
2015-04-16 16:51 - 2015-04-16 17:11 - 00000000 ____D () C:\Users\waldemar\Desktop\Neuer Ordner (2)
2015-04-16 00:04 - 2015-04-16 00:04 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-04-15 09:25 - 2015-04-15 09:25 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-04-15 09:25 - 2015-04-15 09:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-04-15 08:56 - 2015-03-23 23:59 - 07476032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-04-15 08:56 - 2015-03-23 23:59 - 01733952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-04-15 08:56 - 2015-03-23 23:59 - 00360480 _____ (Microsoft Corporation) C:\WINDOWS\system32\sechost.dll
2015-04-15 08:56 - 2015-03-23 23:58 - 01498872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-04-15 08:56 - 2015-03-23 23:45 - 00257216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sechost.dll
2015-04-15 08:56 - 2015-03-20 06:12 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2015-04-15 08:56 - 2015-03-20 06:10 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-04-15 08:56 - 2015-03-20 06:10 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-04-15 08:56 - 2015-03-20 05:17 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\tracerpt.exe
2015-04-15 08:56 - 2015-03-20 04:41 - 00369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tracerpt.exe
2015-04-15 08:56 - 2015-03-20 04:40 - 00950784 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2015-04-15 08:56 - 2015-03-20 04:16 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2015-04-15 08:56 - 2015-03-14 10:20 - 01385256 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-04-15 08:56 - 2015-03-14 10:13 - 01124352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2015-04-15 08:56 - 2015-03-14 02:22 - 03678720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-04-15 08:56 - 2015-03-13 04:58 - 00259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2015-04-15 08:56 - 2015-03-13 04:37 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
2015-04-15 08:56 - 2015-02-21 01:49 - 00780800 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2015-04-15 08:55 - 2015-03-23 00:45 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-04-15 08:55 - 2015-03-23 00:09 - 01111552 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-04-15 08:55 - 2015-03-23 00:09 - 00957440 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-04-15 08:55 - 2015-03-23 00:09 - 00769024 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-04-15 08:55 - 2015-03-23 00:09 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-04-15 08:55 - 2015-03-23 00:09 - 00419328 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-04-15 08:55 - 2015-03-23 00:09 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-04-15 08:55 - 2015-03-14 10:54 - 00133256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-04-15 08:55 - 2015-03-14 03:56 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-04-15 08:55 - 2015-03-14 03:56 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-04-15 08:55 - 2015-03-14 03:51 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wu.upgrade.ps.dll
2015-04-15 08:55 - 2015-03-14 03:37 - 00267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2015-04-15 08:55 - 2015-03-14 03:14 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2015-04-15 08:55 - 2015-03-14 02:12 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-04-15 08:55 - 2015-03-14 02:12 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-04-15 08:55 - 2015-03-14 02:09 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2015-04-15 08:55 - 2015-03-14 02:08 - 00408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-04-15 08:55 - 2015-03-14 02:08 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-04-15 08:55 - 2015-03-14 02:06 - 02373632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-04-15 08:55 - 2015-03-14 02:06 - 00891392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-04-15 08:55 - 2015-03-14 02:02 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-04-15 08:55 - 2015-03-14 02:02 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-04-15 08:55 - 2015-03-14 01:59 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-04-15 08:55 - 2015-03-14 01:59 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-04-15 08:55 - 2015-03-04 12:25 - 00377152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2015-04-15 08:55 - 2015-03-04 05:04 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\clfsw32.dll
2015-04-15 08:55 - 2015-03-04 04:19 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clfsw32.dll
2015-04-15 08:55 - 2015-02-24 10:32 - 00991552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2015-04-15 08:55 - 2014-12-03 01:09 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-15 14:37 - 2015-01-10 15:54 - 00000000 ____D () C:\Users\waldemar\Desktop\Repair
2015-05-15 14:37 - 2014-10-31 13:26 - 00000000 ____D () C:\FRST
2015-05-15 14:36 - 2015-03-31 13:37 - 00066192 _____ () C:\Users\waldemar\Desktop\FRST.txt
2015-05-15 14:22 - 2014-11-29 14:08 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-05-15 14:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-05-15 13:41 - 2014-09-10 17:42 - 01277117 _____ () C:\WINDOWS\WindowsUpdate.log
2015-05-15 13:34 - 2014-09-12 19:51 - 00003934 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{A350FA8C-F1AE-4D16-B3BE-40AF58306519}
2015-05-15 08:16 - 2014-07-10 16:20 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-930745963-3632866088-1184878944-1001
2015-05-15 05:55 - 2014-09-10 18:10 - 00000000 ___DO () C:\Users\waldemar\OneDrive
2015-05-14 21:26 - 2015-03-20 07:07 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
2015-05-14 21:22 - 2014-11-29 14:08 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-05-14 17:58 - 2013-08-22 17:36 - 00000000 __RHD () C:\Users\Public\Libraries
2015-05-14 14:28 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-05-14 14:17 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-05-14 07:45 - 2014-03-18 12:03 - 01980934 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-05-14 07:45 - 2014-03-18 11:25 - 00841326 _____ () C:\WINDOWS\system32\perfh007.dat
2015-05-14 07:45 - 2014-03-18 11:25 - 00191558 _____ () C:\WINDOWS\system32\perfc007.dat
2015-05-14 07:39 - 2014-12-05 20:43 - 00000358 _____ () C:\WINDOWS\Tasks\HPCeeScheduleForwaldemar.job
2015-05-14 07:39 - 2014-09-10 17:42 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-05-14 07:39 - 2013-08-22 16:46 - 00397997 _____ () C:\WINDOWS\setupact.log
2015-05-14 07:39 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-05-14 07:39 - 2013-08-22 16:44 - 00500496 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-05-14 07:38 - 2014-09-30 16:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-14 07:33 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-05-14 07:32 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2015-05-14 07:32 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\AdvancedInstallers
2015-05-14 06:38 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-05-14 06:34 - 2014-07-11 21:05 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-05-14 06:30 - 2014-07-11 21:05 - 140425016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-05-14 06:24 - 2014-03-18 11:40 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-13 06:45 - 2014-12-05 20:43 - 00003178 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleForwaldemar
2015-05-11 06:48 - 2014-10-17 23:59 - 00000000 ____D () C:\Users\waldemar\Desktop\Musik
2015-05-09 02:27 - 2014-07-10 16:06 - 00000000 ____D () C:\Users\waldemar\AppData\Local\VirtualStore
2015-05-09 02:23 - 2014-08-03 19:41 - 00000000 ____D () C:\Users\waldemar\AppData\Roaming\Atari
2015-05-09 02:15 - 2014-08-03 19:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atari
2015-05-09 02:12 - 2014-08-03 19:28 - 00000000 ____D () C:\Program Files (x86)\Atari
2015-05-09 02:12 - 2013-01-22 11:11 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-05-09 00:22 - 2014-07-15 16:08 - 00000000 ____D () C:\ProgramData\Origin
2015-05-08 19:53 - 2014-11-28 21:55 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log
2015-05-07 18:48 - 2014-03-18 03:50 - 03897610 _____ () C:\WINDOWS\PFRO.log
2015-05-05 19:59 - 2013-08-22 17:38 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-05-05 19:59 - 2013-08-22 17:38 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-04 18:54 - 2014-10-23 20:23 - 00000000 ____D () C:\Users\waldemar\AppData\Roaming\iFunbox_UserCache
2015-05-03 16:45 - 2014-07-12 13:27 - 00000000 ____D () C:\Users\waldemar\AppData\Local\CrashDumps
2015-05-03 12:09 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-05-03 04:21 - 2015-03-08 19:27 - 00000000 ____D () C:\Users\waldemar\AppData\Roaming\uTorrent
2015-05-02 17:12 - 2013-01-22 11:16 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2015-04-30 12:03 - 2014-09-10 17:50 - 00000000 ____D () C:\Users\waldemar
2015-04-28 15:33 - 2014-10-08 20:38 - 00003848 _____ () C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1412793520
2015-04-28 15:33 - 2014-10-08 20:38 - 00001025 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-04-28 15:33 - 2014-10-08 20:38 - 00000000 ____D () C:\Program Files (x86)\Opera
2015-04-28 10:17 - 2014-07-15 16:08 - 00000000 ____D () C:\Program Files (x86)\Origin
2015-04-27 11:39 - 2015-03-14 23:51 - 00000000 ____D () C:\Users\waldemar\Desktop\v5.4 brp Library (goi)_
2015-04-25 07:47 - 2014-10-23 19:57 - 00000000 ____D () C:\Users\waldemar\AppData\Roaming\Apple Computer
2015-04-22 13:41 - 2014-10-23 19:56 - 00000000 ____D () C:\Users\waldemar\AppData\Local\Apple
2015-04-20 15:43 - 2015-03-30 09:29 - 00001431 _____ () C:\Users\waldemar\Desktop\CopyTrans Control Center.lnk
2015-04-20 15:43 - 2015-03-30 09:29 - 00000000 ____D () C:\Users\waldemar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CopyTrans Control Center
2015-04-18 15:49 - 2015-02-26 15:27 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-04-18 15:49 - 2014-10-23 19:56 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-04-18 15:49 - 2013-01-22 11:17 - 00000000 ____D () C:\ProgramData\Apple
2015-04-17 06:47 - 2014-10-23 19:57 - 00000000 ____D () C:\Users\waldemar\AppData\Local\Apple Computer
2015-04-17 06:09 - 2014-10-27 22:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-04-17 06:09 - 2014-08-17 07:59 - 00000000 ____D () C:\Program Files (x86)\Java
2015-04-17 06:09 - 2014-07-28 22:19 - 00000000 ____D () C:\ProgramData\Oracle
2015-04-16 16:33 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppCompat
2015-04-16 00:04 - 2014-07-15 13:55 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-04-15 09:25 - 2014-09-22 21:04 - 00002715 _____ () C:\Users\Public\Desktop\Skype.lnk
2015-04-15 09:25 - 2014-09-22 21:03 - 00000000 ____D () C:\ProgramData\Skype
2015-04-15 08:55 - 2014-11-12 14:42 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaext.dll
==================== Files in the root of some directories =======
2014-07-30 14:31 - 2014-07-30 14:31 - 0000000 _____ () C:\Users\waldemar\AppData\Roaming\bitlord_log.txt
2014-08-21 11:05 - 2014-09-09 13:02 - 0131072 _____ () C:\Users\waldemar\AppData\Roaming\chrtmp
2014-10-29 00:06 - 2014-10-29 00:06 - 0000600 _____ () C:\Users\waldemar\AppData\Roaming\winscp.rnd
2015-03-27 17:05 - 2015-03-27 17:05 - 0000000 _____ () C:\Users\waldemar\AppData\Local\Input.xml
2015-03-27 17:04 - 2015-03-27 17:04 - 0000000 _____ () C:\Users\waldemar\AppData\Local\Settings.xml
2015-04-30 11:11 - 2015-04-30 11:11 - 0004966 _____ () C:\ProgramData\wmzddnmb.cix
Files to move or delete:
====================
C:\Users\waldemar\AppData\Local\Temp\\BI_RunOnce.exe
Some content of TEMP:
====================
C:\Users\waldemar\AppData\Local\Temp\3570.exe
C:\Users\waldemar\AppData\Local\Temp\98A8.exe
C:\Users\waldemar\AppData\Local\Temp\BI_RunOnce.exe
C:\Users\waldemar\AppData\Local\Temp\CEA0.exe
C:\Users\waldemar\AppData\Local\Temp\MovaviVideoSuite.exe
C:\Users\waldemar\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\waldemar\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\waldemar\AppData\Local\Temp\nvSCPAPISvr.exe
C:\Users\waldemar\AppData\Local\Temp\nvStInst.exe
C:\Users\waldemar\AppData\Local\Temp\Pokki Start MenuSetup.exe__10924_i1515506168_il851363.exe
C:\Users\waldemar\AppData\Local\Temp\Quarantine.exe
C:\Users\waldemar\AppData\Local\Temp\Setup.exe
C:\Users\waldemar\AppData\Local\Temp\sonarinst.exe
C:\Users\waldemar\AppData\Local\Temp\sqlite3.dll
C:\Users\waldemar\AppData\Local\Temp\utt298B.tmp.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-05-14 08:26
==================== End Of Log ============================ --- --- ---
--- --- --- Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-05-2015 02
Ran by waldemar at 2015-05-15 14:37:41
Running from C:\Users\waldemar\Desktop\Repair
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-930745963-3632866088-1184878944-500 - Administrator - Disabled) => C:\Users\Administrator
Gast (S-1-5-21-930745963-3632866088-1184878944-501 - Limited - Disabled)
UpdatusUser (S-1-5-21-930745963-3632866088-1184878944-1004 - Limited - Enabled) => C:\Users\UpdatusUser
waldemar (S-1-5-21-930745963-3632866088-1184878944-1001 - Administrator - Enabled) => C:\Users\waldemar
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-930745963-3632866088-1184878944-1001\...\uTorrent) (Version: 3.4.3.40097 - BitTorrent Inc.)
Adobe Flash Player 18 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 18.0.0.129 - Adobe Systems Incorporated)
Adobe Reader 6.0.1 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A00000000001}) (Version: 006.000.001 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.5.155 - Adobe Systems, Inc.)
Apple Application Support (32-Bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
Battlefield 2(TM) (HKU\S-1-5-21-930745963-3632866088-1184878944-1001\...\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}) (Version: 1.00.0000 - DICE)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.4.2.25648 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.0 - EA Digital Illusions CE AB)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.9.17.9138 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{4FCF716C-CEB4-499D-AFB8-A5375105EC2A}) (Version: 0.9.17.9138 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bus-Simulator 2012 (HKLM-x32\...\Bus-Simulator 2012_is1) (Version: - astragon)
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version: - Cheat Engine)
City Car Driving 1.2.2 (HKLM-x32\...\{CC457F3D-5CDE-4CE8-9685-90A4EDE81374}_is1) (Version: - Forward Development)
Connected Music powered by Universal Music Group version 1.0 (HKLM-x32\...\{46037DC7-F927-46DF-935F-D6F122BDD34B}_is1) (Version: 1.0 - Snowite)
CopyTrans Control Center deinstallieren (HKU\S-1-5-21-930745963-3632866088-1184878944-1001\...\CopyTrans Suite) (Version: 3.01 - WindSolutions)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2.5630 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.2.2114 - CyberLink Corp.)
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.2.3317 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.2.2126 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.2.2126 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.7.4605 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DLLEscort version 2014 (HKLM-x32\...\{2F13CA65-0FFB-4760-824B-D459836AACFE}_is1) (Version: 2014 - )
Driver San Francisco (HKLM-x32\...\Driver San Francisco) (Version: 1.2.0.0 - Ubisoft)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
Euro Truck Simulator 2 (HKLM-x32\...\{1B705E8F-9893-4486-B5D7-4F7FEB9C871E}_is1) (Version: 1.2.5 - SCS Software)
Fotogalerie (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Free Studio version 6.4.3.128 (HKLM-x32\...\Free Studio_is1) (Version: 6.4.3.128 - DVDVideoSoft Ltd.)
Free Video to iPhone Converter version 5.0.52.1122 (HKLM-x32\...\Free Video to iPhone Converter_is1) (Version: 5.0.52.1122 - DVDVideoSoft Ltd.)
Free YouTube Download version 3.2.44.908 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.44.908 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.46.923 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.46.923 - DVDVideoSoft Ltd.)
GamersFirst LIVE! (HKU\S-1-5-21-930745963-3632866088-1184878944-1001\...\GamersFirst LIVE!) (Version: - GamersFirst)
Garrys Mod version 14.04.19 (HKLM\...\{C8F834F5-46EA-4933-8AA9-F6CD7D29EED0}_is1) (Version: 14.04.19 - Strogino CS Portal)
Grand Theft Auto: Episodes From Liberty City (HKLM-x32\...\{61B8B2F9-D8DA-4B24-89A9-DB09F38A4899}) (Version: 1.1.0.0 - Rockstar Games)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
HP Connected Remote (HKLM-x32\...\{F243A34B-AB7F-4065-B770-B85B767C247C}) (Version: 1.0.1218 - Hewlett-Packard)
HP Registration Service (HKLM\...\{C2E428EB-116E-41C0-9E84-B22DE9CCA42F}) (Version: 1.1.6232.4245 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6429.0 - IDT)
iFunbox (v2.94.2520.758), iFunbox DevTeam (HKLM-x32\...\iFunbox_is1) (Version: v2.94.2520.758 - )
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Java 8 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418045F0}) (Version: 8.0.450 - Oracle Corporation)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Malwarebytes Anti-Malware Version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE (HKLM-x32\...\{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}) (Version: 3.1.186.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}) (Version: 3.1.99.0 - Microsoft Corporation)
Microsoft Office 365 ProPlus - de-de (HKLM\...\O365ProPlusRetail - de-de) (Version: 15.0.4711.1003 - Microsoft Corporation)
Microsoft Online Services-Anmeldeassistent (HKLM\...\{46E637E2-AC34-4B45-B5DF-D20903A3DB61}) (Version: 7.250.4303.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Movavi Video Suite 12 (HKLM-x32\...\Movavi Video Suite 12) (Version: 12.0.0 - Movavi)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Mozilla Firefox 36.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 36.0.1 (x86 de)) (Version: 36.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0.3 - Mozilla)
Need for Speed™ Most Wanted (HKLM-x32\...\{FB0127F3-985B-44CE-AE29-378CAF60B361}) (Version: 1.0.0.0 - Electronic Arts)
Need for Speed™ Rivals (HKLM-x32\...\{E0A32336-AA27-4053-99B2-C3380B7B95AC}) (Version: 1.4.0.0 - Electronic Arts)
Nero 12 (HKLM\...\{560FC78C-A4B2-461D-9B47-820C1EEF87B8}) (Version: 12.0.02000 - )
Nero 12 (HKLM-x32\...\{560FC78C-A4B2-461D-9B47-820C1EEF87B8}) (Version: 12.0.02000 - )
Nero 12 (HKLM-x32\...\{D529E699-7753-46E7-8B73-C5556EF5B486}) (Version: 12.0.03500 - Nero AG)
Next Car Game Free Technology Demo (HKLM-x32\...\Next Car Game Free Technology Demo) (Version: - Bugbear Entertainment)
NVIDIA 3D Vision Controller-Treiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 347.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.88 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation)
NVIDIA Grafiktreiber 347.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.88 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4711.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4711.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4711.1003 - Microsoft Corporation) Hidden
Opera Stable 29.0.1795.47 (HKLM-x32\...\Opera 29.0.1795.47) (Version: 29.0.1795.47 - Opera Software ASA)
Origin (HKLM-x32\...\Origin) (Version: 9.0.13.2141 - Electronic Arts, Inc.)
paint.net (HKLM\...\{F509C1F4-0029-49F9-B145-A4C4E8DF481A}) (Version: 4.0.3 - dotPDN LLC)
Peggle (HKLM-x32\...\{715AD72D-887A-459E-988B-D4F3E87FA24B}) (Version: 1.04.0.0 - PopCap Games)
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Ralink RT5390R 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.5.0 - Ralink)
RCT acCeSS (HKLM-x32\...\RCTACCESS) (Version: - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Recovery Manager (x32 Version: 5.5.0.5826 - CyberLink Corp.) Hidden
Rockstar Games Social Club (HKLM-x32\...\{08B3869E-D282-424C-9AFC-870E04A4BA14}) (Version: 1.00.0000 - Rockstar Games)
RollerCoaster Tycoon 3 Platinum (HKLM-x32\...\{907B4640-266B-4A21-92FB-CD1A86CD0F63}) (Version: 1.00.000 - Atari)
SDFormatter (HKLM-x32\...\{179324FF-7B16-4BA8-9836-055CAAEE4F08}) (Version: 4.0.0 - SD Association)
SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Software Version Updater (HKLM-x32\...\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}) (Version: 1.1.4.2 - ) <==== ATTENTION
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
Strike Vector (HKLM-x32\...\Steam App 246700) (Version: - Ragequit Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TermBlazer 1.10.0.16 (HKLM-x32\...\TermBlazer_1.10.0.16) (Version: 1.10.0.16 - TermBlazer)
Test Drive Unlimited 2 (HKLM-x32\...\Test Drive Unlimited 2_is1) (Version: - Atari)
TinyUmbrella 8.2.0.60 (HKLM\...\4851-8548-9863-1993) (Version: 8.2.0.60 - )
TinyUmbrella 8.2.0.60 (HKLM\...\4851-8548-9863-1993-1) (Version: 8.2.0.60 - )
TinyUmbrella 8.2.0.60 (HKLM-x32\...\4851-8548-9863-1993) (Version: 8.2.0.60 - )
TmNationsForever (HKLM-x32\...\TmNationsForever_is1) (Version: - Nadeo)
TmUnitedForever (HKLM-x32\...\TmUnitedForever_is1) (Version: - Nadeo)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Unity Web Player (HKU\S-1-5-21-930745963-3632866088-1184878944-1001\...\UnityWebPlayer) (Version: 4.6.1f1 - Unity Technologies ApS)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.0 - VideoLAN)
Welcome App (Start-up experience) (x32 Version: 12.0.15000 - Nero AG) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
WinRAR 5.11 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
WinSCP 5.6.2 beta (HKLM-x32\...\winscp3_is1) (Version: 5.6.2 beta - Martin Prikryl)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
27-04-2015 21:28:37 Geplanter Prüfpunkt
03-05-2015 12:08:00 Windows Update
09-05-2015 01:28:15 Removed RollerCoaster Tycoon 3 Platinum
14-05-2015 06:22:53 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2015-05-03 00:24 - 2015-05-03 00:26 - 00000779 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0928187F-A102-40AE-94AA-E19C07C5DD2B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-04-21] (Microsoft Corporation)
Task: {0BBF3559-20B9-455C-AB33-2913D8A3B6A9} - System32\Tasks\amiupdaterExd => cmd.exe /c start /min bitsadmin /transfer amijob /download /priority high hxxp://d9nrp6bmgq86i.cloudfront.net/run/Updater.exe "C:\Users\waldemar\AppData\Local\Temp\amiupdater1837.exe"
Task: {19235307-D324-4E70-9253-964A21E8AF26} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-22] (Microsoft Corporation)
Task: {1FCE69D7-0B7F-4AF0-A900-D88E97BBAE9B} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {2FF3733F-CA72-4388-BF95-E032BD35CFB9} - System32\Tasks\HPCeeScheduleForwaldemar => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {5BACBFDB-8716-4F0B-82B3-2BF6DDFC8FCD} - System32\Tasks\CLVDLauncher => c:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-07-24] (CyberLink Corp.)
Task: {5F2A7790-376E-4E5F-A3DE-6A321815EE39} - System32\Tasks\amiupdaterExi => C:\Users\waldemar\AppData\Local\Temp\amiupdater1837.exe <==== ATTENTION
Task: {664AB5D4-A97B-44A8-9BC9-41B1E10350B9} - System32\Tasks\Run_Bobby_Browser => C:\Users\waldemar\AppData\Local\BoBrowser\Application\bobrowser.exe [2014-11-19] (The BoBrowser Authors) <==== ATTENTION
Task: {6F039269-D09C-4978-890C-1F7BA396A6E8} - System32\Tasks\avastBCLRestartS-1-5-21-930745963-3632866088-1184878944-1001 => Firefox.exe
Task: {748A67D6-FFBD-46F8-888B-C5DE46F3D569} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-04-14] (Hewlett-Packard)
Task: {7F385422-54B3-4CD5-BC35-058BA4153507} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {89425194-A1B4-42CF-AFB4-A5ED7A37CA6B} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {8C6A2018-08CE-4F40-BE98-3EF03CEBA8B5} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-04-21] (Microsoft Corporation)
Task: {8DB4CCFC-86E9-49B2-9C09-F2386F09EAC9} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-22] (Microsoft Corporation)
Task: {A355FD58-1FA5-4276-9DB1-A8E9B21A4616} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {AB7EB932-A575-421E-AA3A-06F3118CEAF8} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-05-14] (Microsoft Corporation)
Task: {AF1BCA28-37F2-468D-BFFF-5630CF934C22} - System32\Tasks\{9E631260-DC19-4D51-A6E1-4D7D8D3B67F1} => pcalua.exe -a C:\Users\waldemar\AppData\Roaming\webssearches\UninstallManager.exe -c -ptid=exp <==== ATTENTION
Task: {B61DB6E9-482F-4B54-9ED8-B71CAB2D90F4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {BCB2CD10-5B99-44B7-B61D-4AE20E750147} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {CF6B6728-C3B8-4C0C-81A6-61235CF3FBB3} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-29] (AVAST Software)
Task: {D7B3370D-B10F-4275-95F1-B03BC38A20C6} - System32\Tasks\CLMLSvc_P2G8 => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-08] (CyberLink)
Task: {DE9AAA4E-E0AF-42F3-B535-D213C14B1C1D} - System32\Tasks\AmiUpdXp => C:\Users\waldemar\AppData\Local\32047\Updater.exe [2015-05-13] () <==== ATTENTION
Task: {E08F9DF2-08A1-47A7-9ED7-BBFF499D2742} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E32A35F3-5AA3-413F-A3ED-823344575E06} - System32\Tasks\Opera scheduled Autoupdate 1412793520 => C:\Program Files (x86)\Opera\launcher.exe [2015-04-17] (Opera Software)
Task: {EFF927CE-C586-420A-8D72-A35EB62CFDA7} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {FAC6699E-3E48-412A-A9E9-7A46D5FDF484} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2014-12-01] (Apple Inc.)
Task: {FD367BA4-635C-41AA-A575-F9F4E4860D63} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-14] (Adobe Systems Incorporated)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AmiUpdXp.job => C:\Users\waldemar\AppData\Local\32047\Updater.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\HPCeeScheduleForwaldemar.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Loaded Modules (Whitelisted) ==============
2015-03-20 18:12 - 2015-03-20 18:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-04-21 20:45 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-03-22 15:54 - 2015-03-22 15:54 - 00076152 _____ () C:\WINDOWS\system32\PnkBstrA.exe
2014-09-10 17:42 - 2015-03-13 18:16 - 00118472 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-04-28 15:33 - 2015-04-28 15:33 - 00479352 _____ () C:\Program Files (x86)\Opera\29.0.1795.47\opera_crashreporter.exe
2015-05-13 06:44 - 2015-05-13 06:44 - 02927616 _____ () C:\Program Files\AVAST Software\Avast\defs\15051202\algo.dll
2015-05-14 07:40 - 2015-05-14 07:40 - 02927616 _____ () C:\Program Files\AVAST Software\Avast\defs\15051302\algo.dll
2015-05-15 08:43 - 2015-05-15 08:43 - 02928128 _____ () C:\Program Files\AVAST Software\Avast\defs\15051401\algo.dll
2013-01-22 11:18 - 2012-06-08 05:34 - 00627216 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 13:34 - 2012-06-08 13:34 - 00016400 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-04-28 15:33 - 2015-04-28 15:33 - 00157304 _____ () C:\Program Files (x86)\Opera\29.0.1795.47\message_center_win8.dll
2015-04-28 15:33 - 2015-04-28 15:33 - 01576568 _____ () C:\Program Files (x86)\Opera\29.0.1795.47\libglesv2.dll
2015-04-28 15:33 - 2015-04-28 15:33 - 00081016 _____ () C:\Program Files (x86)\Opera\29.0.1795.47\libegl.dll
2015-03-10 15:56 - 2015-05-14 17:58 - 00195584 _____ () C:\Program Files (x86)\BlueStacks\libEGL.dll
2015-03-10 15:56 - 2015-05-14 17:58 - 01467392 _____ () C:\Program Files (x86)\BlueStacks\libGLESv2.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\waldemar\OneDrive:ms-properties
AlternateDataStreams: C:\Users\waldemar\SkyDrive:ms-properties
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-930745963-3632866088-1184878944-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\waldemar\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 82.212.62.62 - 78.42.43.62
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: globalUpdate => 2
MSCONFIG\Services: globalUpdatem => 3
MSCONFIG\Services: GlobalUpdater => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: HP Support Assistant Service => 2
MSCONFIG\Services: HPConnectedRemote => 2
MSCONFIG\Services: hpqwmiex => 3
MSCONFIG\Services: Intel(R) Capability Licensing Service Interface => 2
MSCONFIG\Services: Intel(R) ME Service => 2
MSCONFIG\Services: jhi_service => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: NAUpdate => 2
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: SProtection => 2
MSCONFIG\Services: STacSV => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: UNS => 2
MSCONFIG\Services: WindowsMangerProtect => 2
HKLM\...\StartupApproved\StartupFolder: => "1.bat"
HKLM\...\StartupApproved\StartupFolder: => "2.bat"
HKLM\...\StartupApproved\StartupFolder: => "3.bat"
HKLM\...\StartupApproved\StartupFolder: => "4.bat"
HKLM\...\StartupApproved\StartupFolder: => "5.bat"
HKLM\...\StartupApproved\StartupFolder: => "6.bat"
HKLM\...\StartupApproved\StartupFolder: => "7.bat"
HKLM\...\StartupApproved\StartupFolder: => "8.bat"
HKLM\...\StartupApproved\StartupFolder: => "9.bat"
HKLM\...\StartupApproved\StartupFolder: => "zombiddos.vbs"
HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKLM\...\StartupApproved\Run: => "NvBackend"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "AvastUI.exe"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKU\S-1-5-21-930745963-3632866088-1184878944-1001\...\StartupApproved\StartupFolder: => "GamersFirst LIVE!.lnk"
HKU\S-1-5-21-930745963-3632866088-1184878944-1001\...\StartupApproved\Run: => "RGSC"
HKU\S-1-5-21-930745963-3632866088-1184878944-1001\...\StartupApproved\Run: => "Cracked Steam Service"
HKU\S-1-5-21-930745963-3632866088-1184878944-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-930745963-3632866088-1184878944-1001\...\StartupApproved\Run: => "iFunBox Fast App Install Handler"
HKU\S-1-5-21-930745963-3632866088-1184878944-1001\...\StartupApproved\Run: => "uTorrent"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{614AEE15-2E46-42E5-ABF2-000196F3B7A2}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [{6147B310-AC56-4AD4-BF73-2E25B36D7A61}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [{208E2FAF-9D82-4FF4-81C7-62F906468A0D}] => (Allow) C:\Program Files (x86)\Ubisoft\Driver San Francisco\Driver.exe
FirewallRules: [{114A55FD-1011-4275-8AA1-F07482D69C1A}] => (Allow) C:\Program Files (x86)\Ubisoft\Driver San Francisco\Driver.exe
FirewallRules: [{D71C517D-06CA-4B95-85C5-E0F2CDFEA4BF}] => (Allow) C:\Program Files (x86)\Rockstar Games\EFLC\LaunchEFLC.exe
FirewallRules: [{ECC2F1E2-0DE6-416C-9C17-949EF49F232A}] => (Allow) C:\Program Files (x86)\Rockstar Games\EFLC\LaunchEFLC.exe
FirewallRules: [{E892C4E0-2C16-4522-99B5-6EC22B6271CA}] => (Allow) C:\Program Files (x86)\Cracked Steam\Steam.exe
FirewallRules: [{396E251F-A9D1-4AF5-B330-0AC538ED9A1B}] => (Allow) C:\Program Files (x86)\Cracked Steam\Steam.exe
FirewallRules: [{57458316-E999-4DA7-B444-A992693F25C9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\raceroom racing experience\Game\RRRE.exe
FirewallRules: [{18F353FB-67E5-4B1C-A035-F83510A91B93}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\raceroom racing experience\Game\RRRE.exe
FirewallRules: [{41F3DCED-C459-450D-B6F5-0BC37F7C1069}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\StrikeVector\Binaries\Win32\UDK.exe
FirewallRules: [{CE578785-517C-4979-9855-9CA8B8FAD29B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\StrikeVector\Binaries\Win32\UDK.exe
FirewallRules: [{202C18B4-1C99-4D91-8663-CE2498238320}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{C7F6D872-7AA2-4A72-A78F-BE17882A3E96}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{2BF4875B-1A77-44AA-9CB1-FF8DE5F304A5}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe
FirewallRules: [{2CBD75FF-30BF-42D7-AE32-521D5E6D5DF1}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe
FirewallRules: [{8FC84188-D1E8-4ECF-80A1-28AFE4412D98}] => (Allow) C:\Program Files (x86)\Origin Games\Peggle Deluxe\Peggle.exe
FirewallRules: [{8860DF67-F376-4D08-90C8-123987D64A2C}] => (Allow) C:\Program Files (x86)\Origin Games\Peggle Deluxe\Peggle.exe
FirewallRules: [{948B3C64-DD07-47E8-A503-317808393F64}] => (Allow) C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
FirewallRules: [{C8B53ABD-BAD5-4DC4-A034-88A083A24864}] => (Allow) C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
FirewallRules: [{4EAAA376-072C-46CF-8197-FE1532373EE8}] => (Allow) LPort=1900
FirewallRules: [{BA53C4D7-6B93-4DE1-85AA-73951E61B0B6}] => (Allow) LPort=2869
FirewallRules: [{D07DB2B6-D361-42C4-8509-6259626B65D1}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{AEC7F02C-024C-4B6E-9D7A-6A9BBA182A55}] => (Allow) C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{3C6FD3B1-BB96-4AD0-A864-A32FCB6F80FF}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{CAB5339F-6BC4-4F6E-9928-66A8ED5568FF}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{E6ECF602-3D7B-4D5C-B40C-2976B56E6E0D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C8234EB9-5530-474B-8BD7-6916F55226F3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{EE00D67E-A339-4066-8C49-5BFB686279FC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{1BA93315-7DE4-4D8E-A88A-AB70D5C24DD1}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{309EFB43-889D-4CE5-934C-BBECA44BA95E}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{9F92C83B-F53E-48B1-81FE-4A8F21EFA69A}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{BB07CEA3-E62D-4AA9-85A0-1B3FD7F48000}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{8885174A-FD3E-4B6D-9DBB-AE0139D34063}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{77170C8C-2689-4295-9C06-3C5F76CA6A83}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{C376690C-8FAF-40FD-B2A5-DEA88F985B0A}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{08124C15-6E80-4A94-B7A1-796119E01BBF}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{8A55DEE0-29D7-4E22-8E98-371394EB5F3A}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{2537C59E-174A-46B7-BD15-E8DE094C3CA6}] => (Allow) C:\Program Files (x86)\Nero\KM\KwikMedia.exe
FirewallRules: [{35FD09BA-747F-4A83-908B-990EAB1BBE00}] => (Allow) C:\Program Files (x86)\Nero\KM\KwikMedia.exe
FirewallRules: [{41E9B37E-CDF1-4ABA-B583-8C49990DB70C}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{2E48F66D-1CC4-4D5D-A7CC-7071D1F4EB1E}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{A1BEA267-6442-419C-AC02-F62F8AAA7C00}] => (Allow) C:\Program Files (x86)\Nero\KM\KwikMedia.exe
FirewallRules: [{359F7F00-88C8-4E6C-98B6-01BE83F11FF0}] => (Allow) C:\Program Files (x86)\Nero\KM\KwikMedia.exe
FirewallRules: [{31EFD54D-502A-4A85-A3A3-BB4BE8F4A584}] => (Allow) LPort=53000
FirewallRules: [TCP Query User{0EA52686-106B-4063-BB17-801D15AAD4E1}C:\program files\strogino cs portal\garrys mod\hl2.exe] => (Allow) C:\program files\strogino cs portal\garrys mod\hl2.exe
FirewallRules: [UDP Query User{6AD16B72-DBC3-4D9D-891A-C4ACDEA1B4E1}C:\program files\strogino cs portal\garrys mod\hl2.exe] => (Allow) C:\program files\strogino cs portal\garrys mod\hl2.exe
FirewallRules: [TCP Query User{A818EC64-6906-4DBB-A32E-FA8D7056AC55}C:\program files (x86)\tmnationsforever\tmforever.exe] => (Block) C:\program files (x86)\tmnationsforever\tmforever.exe
FirewallRules: [UDP Query User{569E342E-7ED4-4387-B9FE-419E825C9747}C:\program files (x86)\tmnationsforever\tmforever.exe] => (Block) C:\program files (x86)\tmnationsforever\tmforever.exe
FirewallRules: [TCP Query User{2F8AA96A-77B2-44E0-8377-EE4C6AAA0017}C:\program files (x86)\tmnationsforever\tmforever.exe] => (Block) C:\program files (x86)\tmnationsforever\tmforever.exe
FirewallRules: [UDP Query User{795E9C8C-08E5-4EC4-BEC5-0DF68C94AAC0}C:\program files (x86)\tmnationsforever\tmforever.exe] => (Block) C:\program files (x86)\tmnationsforever\tmforever.exe
FirewallRules: [TCP Query User{6ED39E5B-C143-4E7C-B65E-2F27612F7796}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{6A9244F4-3E68-4117-B256-21ECDE496E88}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{352709E8-5A32-4CF3-9F0A-A1B84D503088}C:\program files (x86)\goat simulator\binaries\win32\goatgame-win32-shipping.exe] => (Allow) C:\program files (x86)\goat simulator\binaries\win32\goatgame-win32-shipping.exe
FirewallRules: [UDP Query User{49C88272-2EC3-4E54-B8F0-BEAC035F10A1}C:\program files (x86)\goat simulator\binaries\win32\goatgame-win32-shipping.exe] => (Allow) C:\program files (x86)\goat simulator\binaries\win32\goatgame-win32-shipping.exe
FirewallRules: [{89769838-B5CA-4A49-841B-CC151F253043}] => (Allow) C:\Program Files (x86)\Origin Games\Need for Speed(TM) Most Wanted\NFS13.exe
FirewallRules: [{E8FC8B0A-2364-42AD-BCFB-0EE759BA723A}] => (Allow) C:\Program Files (x86)\Origin Games\Need for Speed(TM) Most Wanted\NFS13.exe
FirewallRules: [{BA9D90B3-E071-473F-8374-E4C2A70D60A3}] => (Allow) C:\Users\waldemar\Desktop\Trackmania_Nations_Forever_Hacks_downloader.exe
FirewallRules: [{B64E0BC5-E953-4FED-89FB-3DDD43C787D1}] => (Allow) C:\Users\waldemar\Desktop\Trackmania_Nations_Forever_Hacks_downloader.exe
FirewallRules: [{DA3B8853-3303-4103-9735-940F70D8A5A2}] => (Allow) C:\Program Files (x86)\YourFileDownloader\YourFileDownloader.exe
FirewallRules: [{3451A7CD-71D7-4CDC-BBFA-5C6A9C92A81D}] => (Allow) C:\Program Files (x86)\YourFileDownloader\YourFileDownloader.exe
FirewallRules: [{F396ECC4-7F22-463D-A208-4316991F07F4}] => (Allow) C:\Program Files (x86)\YourFileDownloader\Downloader.exe
FirewallRules: [{089390D7-E869-4D13-BF00-2F2F28FB5222}] => (Allow) C:\Program Files (x86)\YourFileDownloader\Downloader.exe
FirewallRules: [{A9451756-1109-40BE-BF09-EF2C78D37772}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{1D81DF84-2BA6-4255-BC50-5E005E98879C}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{9C6AC559-45B4-40EF-9DA5-B0780C980653}] => (Allow) C:\Program Files (x86)\Origin Games\Need for Speed(TM) Rivals\NFS14_x86.exe
FirewallRules: [{35FAFB2D-3827-4E19-AA0D-84AB9AD01EA4}] => (Allow) C:\Program Files (x86)\Origin Games\Need for Speed(TM) Rivals\NFS14_x86.exe
FirewallRules: [{4E7EA540-07DA-4373-8AD1-247B4DC19DE9}] => (Allow) C:\Program Files (x86)\Origin Games\Need for Speed(TM) Rivals\NFS14.exe
FirewallRules: [{56EBAEBE-6FE8-40B7-921B-C27FF1FA280B}] => (Allow) C:\Program Files (x86)\Origin Games\Need for Speed(TM) Rivals\NFS14.exe
FirewallRules: [{C9603EBE-B3FF-4B2F-A1CE-818731E465DE}] => (Allow) C:\Program Files (x86)\EA Games\Battlefield 2\BF2.exe
FirewallRules: [{EC7DFD73-BA57-4C5E-9F8D-2842E1DE5487}] => (Allow) C:\Program Files (x86)\EA Games\Battlefield 2\BF2.exe
FirewallRules: [{C6C68221-7047-4534-BA7D-0550F02B455D}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{9AE6032F-9C0E-420C-B682-E95C83AB2819}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{4D0ADE26-DE3C-4C25-946B-F72DCFB67CD6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{719499FE-B85C-47A2-8373-98E297D2B8F0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{A4141920-9784-44C8-999B-2169D32C8073}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{07F506FD-E47A-40B9-AF75-6C2C0E729D33}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{596DFC37-46FC-4496-A1F8-89010E510679}C:\program files (x86)\opera\26.0.1656.60\opera.exe] => (Block) C:\program files (x86)\opera\26.0.1656.60\opera.exe
FirewallRules: [UDP Query User{4ADAC028-C2E9-42DF-BEF4-FE1FD92DA5F6}C:\program files (x86)\opera\26.0.1656.60\opera.exe] => (Block) C:\program files (x86)\opera\26.0.1656.60\opera.exe
FirewallRules: [{0E11B36E-8719-412E-9267-602D26728163}] => (Allow) C:\Program Files (x86)\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe
FirewallRules: [{22827706-D3B3-4F78-8B9D-28A4BEFC663A}] => (Allow) C:\Program Files (x86)\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe
FirewallRules: [{41C5C7F5-AF7E-4028-9321-3EC3978EAE35}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7A25CD0E-FCE5-4AF0-884E-AC65992A5C34}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{AD09D47B-A6BF-4B83-A84B-B5F9113F0B73}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe
FirewallRules: [{3CE4B001-3E52-4CD7-8AE5-FE65F5DDB2FC}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe
FirewallRules: [{3F96B9F7-8588-49A6-89C0-DB352765B418}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{E4DC301A-AF3A-4EFC-88B0-EE68A6B5E36E}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{588EDC7D-1075-41AB-9A4A-3759960F2356}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{24DE20AE-DFC7-4725-9817-2A7C09B5910E}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{DB559113-EC0E-4F6D-85FE-2814C9E4D238}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{24DB66DC-5DAB-4A79-9EF9-2710F2E54768}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{1E7705ED-7613-414E-846C-8BE4E347D867}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4_x86.exe
FirewallRules: [{668786B1-9248-442D-995C-FF15FF862FF3}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4_x86.exe
FirewallRules: [{3A71CD3E-9798-4730-B445-624A508F2E76}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exe
FirewallRules: [{4D398DF7-8969-498A-8E29-7FC53A934DDE}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exe
FirewallRules: [{0E2BACDE-DE06-42C4-881D-207EC31073AE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FFD88BF0-8BDC-4647-B7BB-ACB989F0141D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B6B63AE9-B907-4EF7-BBF6-726038EE8363}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{2B2D3BD8-4BEF-4E13-A059-C474EB6FF6D9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{367F21B2-9068-40E3-AF38-E574EA4797FB}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{E791844C-0954-4EA7-AC90-DA756DBBA161}] => (Allow) C:\Users\waldemar\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C02CADF3-361E-4830-889E-F90560B3A96D}] => (Allow) C:\Users\waldemar\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{1A60DB82-48BC-4690-B020-F47A125A3D65}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{6D0F6294-41BE-4053-9AA4-D78BF1184085}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{DD8D1B76-F14B-481A-8DFD-93E69A9D1AEC}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{6C638353-5CEC-4957-9E6E-6382C05768F1}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{92224C36-2C49-4167-BF0F-8A7FB76A2794}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{B2971D89-D329-49D8-85BF-0E9F59C18AB7}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (05/15/2015 02:35:49 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_a9f497a901334c74.manifest.
Error: (05/15/2015 08:06:00 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname Miller.local already in use; will try Miller-2.local instead
Error: (05/15/2015 08:06:00 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister 4 Miller.local. Addr 192.168.0.106
Error: (05/15/2015 08:06:00 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.0.22:5353 4 Miller.local. Addr 192.168.0.22
Error: (05/15/2015 08:06:00 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Ignoring response received before we even began probing: 16 Miller.local. AAAA FE80:0000:0000:0000:806E:0448:DBEB:EA9F
Error: (05/15/2015 08:06:00 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Ignoring response received before we even began probing: 4 Miller.local. Addr 192.168.0.106
Error: (05/15/2015 08:06:00 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Ignoring response received before we even began probing: 16 Miller.local. AAAA FE80:0000:0000:0000:806E:0448:DBEB:EA9F
Error: (05/15/2015 08:06:00 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Ignoring response received before we even began probing: 4 Miller.local. Addr 192.168.0.106
Error: (05/14/2015 10:36:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 31172
Error: (05/14/2015 10:36:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 31172
System errors:
=============
Error: (05/15/2015 09:15:04 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4
Error: (05/15/2015 08:57:50 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4
Error: (05/15/2015 08:05:59 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "MILLER :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.0.106
registriert werden. Der Computer mit IP-Adresse 192.168.0.22 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.
Error: (05/15/2015 08:05:59 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "MILLER :20" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.0.106
registriert werden. Der Computer mit IP-Adresse 192.168.0.22 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.
Error: (05/15/2015 08:05:59 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "MILLER :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.0.106
registriert werden. Der Computer mit IP-Adresse 192.168.0.22 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.
Error: (05/15/2015 08:05:59 AM) (Source: Server) (EventID: 2505) (User: )
Description: Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{8B9592C0-5904-41A5-A6DF-34B10906B04F} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden.
Error: (05/15/2015 06:57:57 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4
Error: (05/15/2015 06:26:10 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4
Error: (05/14/2015 06:58:01 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4
Error: (05/14/2015 06:26:50 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "ClaraUpdater" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Microsoft Office Sessions:
=========================
Error: (05/15/2015 02:35:49 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_a9f497a901334c74.manifestC:\Users\waldemar\Desktop\Repair\esetsmartinstaller_deu.exe
Error: (05/15/2015 08:06:00 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname Miller.local already in use; will try Miller-2.local instead
Error: (05/15/2015 08:06:00 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister 4 Miller.local. Addr 192.168.0.106
Error: (05/15/2015 08:06:00 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.0.22:5353 4 Miller.local. Addr 192.168.0.22
Error: (05/15/2015 08:06:00 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Ignoring response received before we even began probing: 16 Miller.local. AAAA FE80:0000:0000:0000:806E:0448:DBEB:EA9F
Error: (05/15/2015 08:06:00 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Ignoring response received before we even began probing: 4 Miller.local. Addr 192.168.0.106
Error: (05/15/2015 08:06:00 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Ignoring response received before we even began probing: 16 Miller.local. AAAA FE80:0000:0000:0000:806E:0448:DBEB:EA9F
Error: (05/15/2015 08:06:00 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Ignoring response received before we even began probing: 4 Miller.local. Addr 192.168.0.106
Error: (05/14/2015 10:36:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 31172
Error: (05/14/2015 10:36:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 31172
CodeIntegrity Errors:
===================================
Date: 2014-11-07 23:24:35.606
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-11-07 23:24:35.537
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-10-18 00:22:53.972
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-10-18 00:22:53.904
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-10-11 09:44:07.658
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-10-11 09:44:07.597
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-07-14 14:46:18.317
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\WWAHost.exe) attempted to load \Device\HarddiskVolume4\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\Microsoft.WindowsLive.Launch.dll that did not meet the Store signing level requirements.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-3350P CPU @ 3.10GHz
Percentage of memory in use: 34%
Total physical RAM: 12243.37 MB
Available physical RAM: 8001.28 MB
Total Pagefile: 12947.37 MB
Available Pagefile: 7820.04 MB
Total Virtual: 131072 MB
Available Virtual: 131071.83 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:917.61 GB) (Free:529.43 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery Image) (Fixed) (Total:11.64 GB) (Free:1.38 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 8DAF223A)
Partition: GPT Partition Type.
==================== End Of Log ============================ |