Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

100% Method to be sure you are clean/infected? [Solved]

Started by Daisy_ , Jul 27 2014 11:00 AM

  • This topic is locked This topic is locked

#1
Daisy_
Posted 27 July 2014 - 11:00 AM

Daisy_

    Member

  • Member
  • PipPip
  • 10 posts
Hello dear fellow members,
 
I have a small question/problem.
 
I actually never used any antivirus programm ( why should I? ) and since years never had any problems ( also I formatted my computer in this time alot)
 
But now i thought, I check myself ,and got Comodo Firewall and Avira Antivirus.
 
Comodo found a maybe harmfull .dll and avira found also something.
 
Now i want to know if I am really infected, if there is a method to check? or if I am clean etc, maybe some stuff I have to check to be sure withouth formatting my computer.
 
I never got hacked or something and I am very carefull ( thats why I dont use a antivir software)
 
I hope for help,
 
Sincerly,
 
Daisy.
 
Here are the logs.

OTL logfile created on: 27.07.2014 18:39:14 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\<myname>\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17207)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

7,94 Gb Total Physical Memory | 4,85 Gb Available Physical Memory | 61,12% Memory free
15,88 Gb Paging File | 12,12 Gb Available in Paging File | 76,32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 36,81 Gb Free Space | 3,95% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 147,00 Gb Free Space | 15,78% Space Free | Partition Type: NTFS

Computer Name: <myname>-PC | User Name: <myname> | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014.07.27 18:39:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\<myname>\Downloads\OTL.exe
PRC - [2014.07.22 21:02:03 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Windows.old\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014.07.16 04:28:16 | 001,753,280 | ---- | M] (Valve Corporation) -- D:\SteamLibrary\Steam.exe
PRC - [2014.07.08 19:34:26 | 001,869,488 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
PRC - [2014.07.02 13:06:46 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2014.07.02 13:06:42 | 000,750,160 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2014.07.02 13:06:42 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2014.05.30 01:28:21 | 002,350,880 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
PRC - [2014.05.30 01:23:57 | 001,631,008 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
PRC - [2014.05.21 12:22:08 | 002,135,232 | ---- | M] () -- C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
PRC - [2014.05.12 22:07:49 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2014.05.02 18:00:09 | 000,211,968 | ---- | M] (My Digital Life Forums) -- C:\Windows\KMSServerService\KMS Server Service.exe
PRC - [2014.04.01 08:07:39 | 000,581,000 | ---- | M] (Autodesk Inc.) -- C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
PRC - [2014.02.27 12:30:46 | 000,070,352 | ---- | M] (Comodo Security Solutions, Inc.) -- C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
PRC - [2014.02.27 10:28:36 | 002,327,248 | ---- | M] (Comodo Security Solutions, Inc.) -- C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
PRC - [2013.10.24 00:39:14 | 001,017,224 | ---- | M] (Flux Software LLC) -- C:\Users\<myname>\AppData\Local\FluxSoftware\Flux\flux.exe
PRC - [2013.09.11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PRC - [2013.03.08 09:54:00 | 000,017,760 | ---- | M] () -- C:\Program Files (x86)\HDD Health\HDDHealthService.exe
PRC - [2013.01.23 08:12:40 | 000,425,016 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe


========== Modules (No Company Name) ==========

MOD - [2014.07.22 21:02:03 | 003,800,688 | ---- | M] () -- C:\Windows.old\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2014.07.16 04:28:28 | 002,139,328 | ---- | M] () -- D:\SteamLibrary\video.dll
MOD - [2014.07.16 04:28:18 | 001,116,864 | ---- | M] () -- D:\SteamLibrary\bin\chromehtml.dll
MOD - [2014.07.12 02:53:26 | 001,116,672 | ---- | M] () -- D:\SteamLibrary\libavcodec-55.dll
MOD - [2014.07.12 02:53:26 | 000,438,784 | ---- | M] () -- D:\SteamLibrary\libavutil-53.dll
MOD - [2014.07.12 02:53:26 | 000,399,360 | ---- | M] () -- D:\SteamLibrary\libavformat-55.dll
MOD - [2014.07.12 02:53:26 | 000,331,264 | ---- | M] () -- D:\SteamLibrary\libavresample-1.dll
MOD - [2014.07.08 19:34:26 | 017,029,808 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll
MOD - [2014.06.27 00:40:28 | 000,764,416 | ---- | M] () -- D:\SteamLibrary\SDL2.dll
MOD - [2014.05.02 01:35:22 | 020,628,160 | ---- | M] () -- D:\SteamLibrary\bin\libcef.dll
MOD - [2014.04.29 02:37:22 | 000,519,168 | ---- | M] () -- D:\SteamLibrary\libswscale-2.dll
MOD - [2013.04.04 01:09:40 | 004,300,456 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
MOD - [2013.01.23 08:12:40 | 000,425,016 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
MOD - [2013.01.16 18:01:08 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTMUI.dll
MOD - [2013.01.16 18:01:06 | 000,348,160 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTHAL.dll
MOD - [2013.01.16 18:01:00 | 000,229,376 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTCore.dll
MOD - [2013.01.16 18:00:58 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTUI.dll
MOD - [2013.01.16 18:00:56 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTFC.dll
MOD - [2011.04.30 21:04:54 | 000,013,312 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTTSH.dll


========== Services (SafeList) ==========

SRV:64bit: - [2014.06.19 02:24:12 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014.07.22 21:02:03 | 000,119,408 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014.07.14 01:10:20 | 000,049,152 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\BattlEye\BEService.exe -- (BEService)
SRV - [2014.07.08 19:34:29 | 000,262,320 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014.07.02 13:06:46 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2014.07.02 13:06:42 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2014.05.30 01:23:57 | 001,631,008 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2014.05.30 01:20:09 | 021,055,432 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV - [2014.05.21 12:22:08 | 002,135,232 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe -- (DragonUpdater)
SRV - [2014.05.12 22:07:49 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2014.05.07 23:23:00 | 000,088,648 | ---- | M] (COMPANYVERS_NAME) [Disabled | Stopped] -- C:\PROGRA~2\RADIOR~1\bar\1.bin\4jbarsvc.exe -- (RadioRage_4jService)
SRV - [2014.05.06 00:50:48 | 001,357,104 | ---- | M] (Flexera Software LLC) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe -- (FlexNet Licensing Service 64)
SRV - [2014.05.02 18:00:09 | 000,211,968 | ---- | M] (My Digital Life Forums) [Auto | Running] -- C:\Windows\KMSServerService\KMS Server Service.exe -- (KMSServerService)
SRV - [2014.04.25 11:56:12 | 005,024,576 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe -- (TeamViewer9)
SRV - [2014.04.01 08:07:39 | 000,581,000 | ---- | M] (Autodesk Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe -- (AdAppMgrSvc)
SRV - [2014.03.25 20:22:40 | 006,812,400 | ---- | M] (COMODO) [Auto | Running] -- C:\Programme\COMODO\COMODO Internet Security\cmdagent.exe -- (CmdAgent)
SRV - [2014.03.25 20:22:20 | 002,264,280 | ---- | M] (COMODO) [On_Demand | Stopped] -- C:\Programme\COMODO\COMODO Internet Security\cmdvirth.exe -- (cmdvirth)
SRV - [2014.02.27 12:30:46 | 000,070,352 | ---- | M] (Comodo Security Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe -- (CLPSLauncher)
SRV - [2014.02.27 10:28:36 | 002,327,248 | ---- | M] (Comodo Security Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe -- (GeekBuddyRSP)
SRV - [2013.11.06 00:11:42 | 004,797,064 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2013.10.23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.09.11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013.03.08 09:54:00 | 000,017,760 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HDD Health\HDDHealthService.exe -- (HDDHealth)
SRV - [2013.03.01 03:48:58 | 000,118,520 | ---- | M] (Riverbed Technology, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2012.09.18 14:20:26 | 000,171,072 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)
SRV - [2012.07.25 18:58:26 | 000,126,976 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe -- (Te.Service)
SRV - [2012.07.25 18:13:16 | 000,139,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe -- (fussvc)
SRV - [2012.02.11 08:55:04 | 000,129,624 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2011.09.15 06:19:54 | 000,086,016 | ---- | M] () [Disabled | Stopped] -- C:\Programme\Autodesk\3ds Max 2015\NVIDIA\Satellite\raysat_3dsmax2015_64server.exe -- (mi-raysat_3dsmax2015_64)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2014.07.20 14:23:30 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2014.07.15 16:15:22 | 000,142,528 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2014.07.02 13:06:42 | 000,130,584 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2014.07.02 13:06:42 | 000,117,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2014.07.02 13:06:42 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2014.06.11 10:57:41 | 000,197,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2014.05.02 17:46:13 | 000,283,064 | ---- | M] (Disc Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2014.04.11 10:39:22 | 000,206,080 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2014.04.11 10:39:22 | 000,110,336 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2014.03.31 18:42:44 | 000,040,392 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:64bit: - [2014.03.25 20:22:50 | 000,023,168 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\cmderd.sys -- (cmderd)
DRV:64bit: - [2014.01.15 00:50:02 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
DRV:64bit: - [2013.10.07 07:17:38 | 000,014,888 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\hmd.sys -- (HMD)
DRV:64bit: - [2013.08.13 16:02:10 | 000,046,568 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ISCTD64.sys -- (ISCT)
DRV:64bit: - [2013.08.13 16:02:10 | 000,029,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\INETMON.sys -- (INETMON)
DRV:64bit: - [2013.08.07 14:23:46 | 000,644,968 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2013.08.07 14:23:46 | 000,028,008 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorF.sys -- (iaStorF)
DRV:64bit: - [2013.05.07 09:00:18 | 000,037,976 | ---- | M] (Windows ® Win 7 DDK provider) [File_System | System | Running] -- C:\Windows\SysNative\drivers\CFRMD.sys -- (CFRMD)
DRV:64bit: - [2013.04.04 11:33:50 | 000,051,496 | ---- | M] (Yamaha Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ymidusbx64.sys -- (YMIDUSBW)
DRV:64bit: - [2013.03.18 16:51:08 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2013.03.12 13:19:38 | 000,064,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2013.03.01 03:49:12 | 000,036,600 | ---- | M] (Riverbed Technology, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2013.02.01 16:46:44 | 000,819,784 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2012.11.08 12:41:34 | 000,418,632 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2012.11.08 12:41:34 | 000,139,592 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2012.05.12 12:31:00 | 000,121,416 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.12.07 19:42:28 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2009.12.30 11:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.18 18:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2014.07.09 14:03:10 | 000,019,952 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys -- (RivaTuner64)
DRV - [2014.05.30 01:20:09 | 000,020,256 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Programme\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys -- (NvStreamKms)
DRV - [2014.05.01 00:11:15 | 000,022,280 | ---- | M] (ASRock Incorporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\AsrDrv101.sys -- (AsrDrv101)
DRV - [2013.01.23 08:12:38 | 000,013,368 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\MSI Afterburner\RTCore64.sys -- (RTCore64)
DRV - [2012.07.26 14:38:00 | 000,070,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys -- (VSPerfDrv110)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-pag...q={searchTerms}
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-pag...q={searchTerms}
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-pag...q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-pag...q={searchTerms}
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 98 1E 9F AF CD 64 CF 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;localhost;10.*;192.168.*;127.0.0.1:895;127.0.0.1:896;<local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 50.21.181.12:3128

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7Bd40f5e7b-d2cf-4856-b441-cc613eeffbe3%7D:1.68
FF - prefs.js..extensions.enabledAddons: 2.0%40disconnect.me:3.14.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:31.0
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.5.2: C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.5.2: C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.3.0: C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.4.0: C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.60.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.60.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameEU.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@RadioRage_4j.com/Plugin: C:\Program Files (x86)\RadioRage_4j\bar\1.bin\NP4jStub.dll (Mindspark)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Components: C:\Windows.old\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Plugins: C:\Windows.old\Program Files (x86)\Mozilla Firefox\plugins [2014.07.22 21:02:01 | 000,000,000 | ---D | M]

[2014.05.01 01:43:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\<myname>\AppData\Roaming\mozilla\Extensions
[2014.07.24 17:14:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\<myname>\AppData\Roaming\mozilla\Firefox\Profiles\cwt0n2ts.default-1402129156548\extensions
[2014.07.20 19:14:24 | 000,000,000 | ---D | M] (Wörterbuch Deutsch (de-DE), Hunspell-unterstützt) -- C:\Users\<myname>\AppData\Roaming\mozilla\Firefox\Profiles\cwt0n2ts.default-1402129156548\extensions\[email protected]
[2014.07.20 19:16:12 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\<myname>\AppData\Roaming\mozilla\Firefox\Profiles\cwt0n2ts.default-1402129156548\extensions\[email protected]
[2014.07.24 17:14:44 | 000,947,620 | ---- | M] () (No name found) -- C:\Users\<myname>\AppData\Roaming\mozilla\firefox\profiles\cwt0n2ts.default-1402129156548\extensions\[email protected]
[2014.07.22 16:16:18 | 003,621,870 | ---- | M] () (No name found) -- C:\Users\<myname>\AppData\Roaming\mozilla\firefox\profiles\cwt0n2ts.default-1402129156548\extensions\[email protected]
[2014.07.23 22:50:46 | 000,967,685 | ---- | M] () (No name found) -- C:\Users\<myname>\AppData\Roaming\mozilla\firefox\profiles\cwt0n2ts.default-1402129156548\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014.07.24 17:14:44 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\<myname>\AppData\Roaming\mozilla\firefox\profiles\cwt0n2ts.default-1402129156548\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
[2014.05.07 23:23:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2014.05.03 14:05:42 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014.05.07 23:23:19 | 000,000,000 | ---D | M] (Hotspot Shield Extension) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\[email protected]

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Users\<myname>\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: Google Drive = C:\Users\<myname>\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\<myname>\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google-Suche = C:\Users\<myname>\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Users\<myname>\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Google Mail = C:\Users\<myname>\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre8\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Microsoft Web Test Recorder 10.0 Helper) - {876d9f09-c6d6-4324-a2cc-04dd9a4de12f} - C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Programme\COMODO\COMODO Internet Security\CisTray.exe (COMODO)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [tvncontrol] C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe (Comodo Security Solutions, Inc.)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [f.lux] C:\Users\<myname>\AppData\Local\FluxSoftware\Flux\flux.exe (Flux Software LLC)
O4 - HKCU..\RunOnce: [AsrOMG_Day0] Reg Error: Invalid data type. File not found
O4 - HKCU..\RunOnce: [AsrOMG_Day1] Reg Error: Invalid data type. File not found
O4 - HKCU..\RunOnce: [AsrOMG_Day2] Reg Error: Invalid data type. File not found
O4 - HKCU..\RunOnce: [AsrOMG_Day3] Reg Error: Invalid data type. File not found
O4 - HKCU..\RunOnce: [AsrOMG_Day4] Reg Error: Invalid data type. File not found
O4 - HKCU..\RunOnce: [AsrOMG_Day5] Reg Error: Invalid data type. File not found
O4 - HKCU..\RunOnce: [AsrOMG_Day6] Reg Error: Invalid data type. File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.m...ash/swflash.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 192.168.0.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{86AC067A-5800-42EB-87C4-E50869808AA4}: DhcpNameServer = 192.168.0.1 192.168.0.2
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\System32\Userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (bj.dll) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2014.04.23 20:18:45 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O33 - MountPoints2\{a23c35c6-d1fe-11e3-bee4-d050991146ac}\Shell - "" = AutoRun
O33 - MountPoints2\{a23c35c6-d1fe-11e3-bee4-d050991146ac}\Shell\AutoRun\command - "" = E:\vs_ultimate.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014.07.26 18:40:02 | 000,000,000 | ---D | C] -- C:\Users\<myname>\AppData\Local\assembly
[2014.07.26 01:56:41 | 000,000,000 | ---D | C] -- C:\Users\<myname>\Desktop\License
[2014.07.26 01:51:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DiskCheckup
[2014.07.26 01:51:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DiskCheckup
[2014.07.26 01:45:29 | 000,000,000 | ---D | C] -- C:\Users\<myname>\AppData\Roaming\HDDHealth
[2014.07.26 01:45:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HDD Health
[2014.07.26 01:45:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HDD Health
[2014.07.25 22:44:15 | 000,000,000 | ---D | C] -- C:\Users\<myname>\AppData\Roaming\Avira
[2014.07.25 22:43:50 | 000,042,040 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avnetflt.sys
[2014.07.25 22:42:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2014.07.25 22:42:18 | 000,130,584 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2014.07.25 22:42:18 | 000,117,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2014.07.25 22:42:18 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2014.07.25 22:42:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2014.07.25 22:42:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2014.07.25 21:57:00 | 000,000,000 | --SD | C] -- C:\ProgramData\Shared Space
[2014.07.25 21:56:40 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2014.07.25 21:56:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\COMODO
[2014.07.25 21:56:28 | 000,057,096 | ---- | C] (COMODO CA Limited) -- C:\Windows\SysNative\certsentry.dll
[2014.07.25 21:56:28 | 000,048,392 | ---- | C] (COMODO CA Limited) -- C:\Windows\SysWow64\certsentry.dll
[2014.07.25 21:54:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
[2014.07.25 21:54:16 | 000,000,000 | ---D | C] -- C:\Users\<myname>\AppData\Local\Comodo
[2014.07.25 21:54:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Comodo
[2014.07.25 21:54:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo Downloader
[2014.07.25 21:49:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
[2014.07.25 09:02:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Visual Studio
[2014.07.24 23:54:57 | 000,000,000 | ---D | C] -- C:\Users\<myname>\AppData\Local\Red 5 Studios
[2014.07.24 23:54:52 | 000,000,000 | ---D | C] -- C:\Users\<myname>\Documents\Firefall
[2014.07.24 23:54:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xiph.Org
[2014.07.24 23:54:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xiph.Org
[2014.07.24 23:29:21 | 000,000,000 | ---D | C] -- C:\Users\<myname>\Documents\Visual Studio 2012
[2014.07.24 23:28:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2014.07.24 23:27:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2014.07.24 23:27:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 5 SDK - Deutsch
[2014.07.24 23:27:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 4 SDK - Deutsch
[2014.07.24 23:26:48 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2014.07.24 23:26:18 | 000,000,000 | ---D | C] -- C:\Program Files\Application Verifier
[2014.07.24 23:26:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Verifier
[2014.07.24 23:26:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows App Certification Kit
[2014.07.24 23:25:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
[2014.07.24 23:25:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Microsoft
[2014.07.24 23:25:31 | 000,000,000 | ---D | C] -- C:\ProgramData\PreEmptive Solutions
[2014.07.24 23:23:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft ASP.NET
[2014.07.24 23:23:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Web Tools
[2014.07.24 23:23:14 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2014.07.24 23:23:03 | 000,000,000 | ---D | C] -- C:\Program Files\IIS Express
[2014.07.24 23:23:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IIS Express
[2014.07.24 23:22:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NuGet
[2014.07.24 23:22:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft WCF Data Services
[2014.07.24 23:20:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Kits
[2014.07.24 23:17:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HTML Help Workshop
[2014.07.24 23:17:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Help Viewer
[2014.07.24 23:17:01 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\1033
[2014.07.24 23:17:01 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\1033
[2014.07.24 23:17:01 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\1031
[2014.07.24 23:16:51 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
[2014.07.24 23:16:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server
[2014.07.24 23:14:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Merge Modules
[2014.07.24 23:13:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2012
[2014.07.24 23:13:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 11.0
[2014.07.24 23:13:45 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\1031
[2014.07.24 23:13:41 | 000,000,000 | ---D | C] -- C:\Windows\symbols
[2014.07.24 23:13:40 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 11.0
[2014.07.24 23:13:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SDKs
[2014.07.24 23:11:23 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1991-06.com.microsoft
[2014.07.24 22:23:33 | 000,000,000 | ---D | C] -- C:\Users\<myname>\Desktop\MEGAPACK
[2014.07.20 21:49:37 | 000,000,000 | ---D | C] -- C:\Users\<myname>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2014.07.20 21:49:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2014.07.20 21:49:10 | 000,000,000 | ---D | C] -- C:\Users\<myname>\AppData\Local\http___www.julien-manici
[2014.07.20 15:49:27 | 000,000,000 | ---D | C] -- C:\Users\<myname>\AppData\Roaming\TrueCrypt
[2014.07.20 14:31:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
[2014.07.20 14:31:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinPcap
[2014.07.20 14:31:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cain
[2014.07.20 14:23:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrueCrypt
[2014.07.20 14:23:30 | 000,231,376 | ---- | C] (TrueCrypt Foundation) -- C:\Windows\SysNative\drivers\truecrypt.sys
[2014.07.20 14:23:14 | 000,000,000 | ---D | C] -- C:\Program Files\TrueCrypt
[2014.07.20 12:16:50 | 000,000,000 | ---D | C] -- C:\Users\<myname>\VirtualBox VMs
[2014.07.20 12:16:16 | 000,000,000 | ---D | C] -- C:\Users\<myname>\.VirtualBox
[2014.07.20 12:15:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
[2014.07.20 12:15:32 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2014.07.20 12:13:08 | 000,000,000 | ---D | C] -- C:\Users\<myname>\AppData\Roaming\VMware
[2014.07.20 12:09:48 | 000,000,000 | ---D | C] -- C:\ProgramData\VMware
[2014.07.20 08:44:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2014.07.19 22:30:26 | 000,000,000 | ---D | C] -- C:\Users\<myname>\AppData\Local\NVIDIA
[2014.07.19 22:30:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2014.07.19 12:38:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2014.07.18 00:20:51 | 000,000,000 | ---D | C] -- C:\Users\<myname>\Desktop\Website Safe Scanner
[2014.07.17 19:15:02 | 000,033,856 | -H-- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\hamachi.sys
[2014.07.17 00:05:37 | 000,000,000 | ---D | C] -- C:\Users\<myname>\Documents\Banished
[2014.07.16 00:58:54 | 000,000,000 | ---D | C] -- C:\Users\<myname>\AppData\Roaming\RotMG.Production
[2014.07.15 16:28:58 | 000,000,000 | ---D | C] -- C:\ProgramData\SwiftKit
[2014.07.15 15:58:10 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2014.07.15 15:53:21 | 000,000,000 | ---D | C] -- C:\Windows\.jagex_cache_32
[2014.07.15 15:52:58 | 000,000,000 | ---D | C] -- C:\Users\<myname>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneScape
[2014.07.14 00:26:24 | 000,000,000 | ---D | C] -- C:\Users\<myname>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flux
[2014.07.14 00:26:22 | 000,000,000 | ---D | C] -- C:\Users\<myname>\AppData\Local\FluxSoftware
[2014.07.13 15:24:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
[2014.07.13 15:23:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Diablo III
[2014.07.13 02:43:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TERA
[2014.07.13 02:43:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TERA
[2014.07.12 15:08:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Nexon
[2014.07.12 15:06:45 | 000,000,000 | ---D | C] -- C:\Users\<myname>\Documents\Vindictus EU
[2014.07.12 14:59:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexon
[2014.07.12 14:59:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BandiMPEG1
[2014.07.12 14:54:56 | 000,000,000 | ---D | C] -- C:\Nexon
[2014.07.12 14:28:01 | 000,000,000 | ---D | C] -- C:\ProgramData\NexonEU
[2014.07.11 23:34:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Arma III
[2014.07.11 21:10:56 | 000,000,000 | ---D | C] -- C:\Users\<myname>\Documents\Bullet
[2014.07.11 21:09:56 | 000,000,000 | ---D | C] -- C:\Users\<myname>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft AppLocale
[2014.07.09 21:16:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\WuShu_0.0.1.116
[2014.07.09 21:16:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AgeofWushu_download
[2014.07.09 14:06:53 | 000,000,000 | ---D | C] -- C:\Users\<myname>\Documents\Mount&Blade Warband Savegames
[2014.07.09 14:05:37 | 000,000,000 | ---D | C] -- C:\Users\<myname>\Documents\Mount&Blade Warband
[2014.07.09 14:05:37 | 000,000,000 | ---D | C] -- C:\Users\<myname>\AppData\Roaming\Mount&Blade Warband
[2014.07.09 14:02:38 | 000,000,000 | ---D | C] -- C:\Users\<myname>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
[2014.07.09 14:02:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
[2014.07.09 11:31:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2014.07.09 11:31:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2014.07.09 11:09:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webzen
[2014.07.09 11:09:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Webzen
[2014.07.09 10:56:32 | 000,000,000 | ---D | C] -- C:\download
[2014.07.09 10:56:27 | 000,000,000 | ---D | C] -- C:\ProgramData\WEBZEN
[2014.07.06 00:56:17 | 000,000,000 | ---D | C] -- C:\Users\<myname>\AppData\Local\LogMeIn Hamachi
[2014.07.06 00:56:17 | 000,000,000 | ---D | C] -- C:\Users\<myname>\AppData\Local\LogMeIn
[2014.07.06 00:56:17 | 000,000,000 | ---D | C] -- C:\ProgramData\LogMeIn
[2014.07.04 21:42:00 | 000,000,000 | ---D | C] -- C:\Users\<myname>\AppData\Local\VS Revo Group
[2014.07.04 21:41:57 | 000,031,800 | ---- | C] (VS Revo Group) -- C:\Windows\SysNative\drivers\revoflt.sys
[2014.07.04 21:41:57 | 000,000,000 | ---D | C] -- C:\ProgramData\VS Revo Group
[2014.07.04 21:41:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
[2014.07.04 21:41:56 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2014.07.03 21:04:23 | 000,000,000 | ---D | C] -- C:\ProgramData\pwd
[2014.07.03 20:26:23 | 000,000,000 | -H-D | C] -- C:\ArcTemp
[2014.07.03 19:18:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guild Wars 2
[2014.07.03 19:18:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Guild Wars 2
[2014.07.03 19:18:10 | 000,000,000 | ---D | C] -- C:\Users\<myname>\AppData\Roaming\Guild Wars 2
[2014.07.02 21:18:16 | 000,000,000 | ---D | C] -- C:\Users\<myname>\Documents\AnyTrans Export
[2014.07.02 21:14:36 | 000,000,000 | ---D | C] -- C:\Users\<myname>\AppData\Local\Apple Computer
[2014.07.02 21:14:35 | 000,000,000 | ---D | C] -- C:\Users\<myname>\AppData\Roaming\Apple Computer
[2014.07.02 21:14:25 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2014.07.02 21:14:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2014.07.02 21:14:02 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2014.07.02 21:12:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2014.07.02 21:11:18 | 000,000,000 | ---D | C] -- C:\Users\<myname>\AppData\Local\iMobie_Inc
[2014.07.02 21:11:18 | 000,000,000 | ---D | C] -- C:\Users\<myname>\AppData\Roaming\iMobie
[2014.06.30 18:49:55 | 000,000,000 | ---D | C] -- C:\Users\<myname>\Documents\Larian Studios
[2014.06.28 12:01:25 | 000,000,000 | ---D | C] -- C:\Users\<myname>\AppData\Roaming\NVIDIA
[2014.06.28 11:23:17 | 000,000,000 | ---D | C] -- C:\Users\<myname>\AppData\Local\NVIDIA Corporation
[2014.06.28 11:22:50 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2014.06.28 11:21:57 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2014.06.28 11:20:23 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2014.06.28 11:20:07 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2014.06.27 22:59:17 | 000,000,000 | ---D | C] -- C:\Users\<myname>\AppData\Local\Sniper3
[2014.06.15 21:05:36 | 002,869,264 | ---- | C] (Microsoft Corporation) -- C:\Users\<myname>\AppData\Roaming\dotNetFx35setup.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014.07.27 18:34:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014.07.27 18:14:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014.07.27 10:40:43 | 000,020,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014.07.27 10:40:43 | 000,020,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014.07.27 10:31:27 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014.07.27 10:30:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014.07.27 10:30:33 | 2099,032,063 | -HS- | M] () -- C:\hiberfil.sys
[2014.07.27 01:09:53 | 001,593,558 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014.07.27 01:09:53 | 000,697,970 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2014.07.27 01:09:53 | 000,654,968 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014.07.27 01:09:53 | 000,149,436 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2014.07.27 01:09:53 | 000,122,338 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014.07.27 01:09:47 | 001,593,558 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014.07.26 17:08:02 | 000,000,919 | ---- | M] () -- C:\Users\Public\Desktop\TrueCrypt.lnk
[2014.07.26 17:07:56 | 003,410,768 | ---- | M] () -- C:\Users\<myname>\Desktop\GameClient 2014-07-26 17-07-55-25.png
[2014.07.26 17:07:38 | 003,387,948 | ---- | M] () -- C:\Users\<myname>\Desktop\GameClient 2014-07-26 17-07-37-48.png
[2014.07.26 10:02:33 | 005,035,776 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014.07.26 01:45:22 | 000,001,044 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HDDHealth.lnk
[2014.07.25 22:43:13 | 000,042,040 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avnetflt.sys
[2014.07.25 22:42:44 | 000,002,066 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2014.07.25 22:19:02 | 000,002,165 | ---- | M] () -- C:\Users\<myname>\AppData\Roaming\EasyToolz.ini
[2014.07.25 21:59:31 | 000,001,870 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Firewall.lnk
[2014.07.25 21:56:42 | 000,002,013 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk
[2014.07.25 21:56:42 | 000,002,013 | ---- | M] () -- C:\Users\Public\Desktop\GeekBuddy.lnk
[2014.07.25 21:56:30 | 000,001,116 | ---- | M] () -- C:\Users\Public\Desktop\Comodo Dragon.lnk
[2014.07.25 21:56:28 | 000,057,096 | ---- | M] (COMODO CA Limited) -- C:\Windows\SysNative\certsentry.dll
[2014.07.25 21:56:28 | 000,048,392 | ---- | M] (COMODO CA Limited) -- C:\Windows\SysWow64\certsentry.dll
[2014.07.20 14:23:30 | 000,231,376 | ---- | M] (TrueCrypt Foundation) -- C:\Windows\SysNative\drivers\truecrypt.sys
[2014.07.20 12:15:48 | 000,001,100 | ---- | M] () -- C:\Users\<myname>\Application Data\Microsoft\Internet Explorer\Quick Launch\Oracle VM VirtualBox.lnk
[2014.07.20 12:15:48 | 000,001,076 | ---- | M] () -- C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
[2014.07.20 12:10:19 | 000,001,024 | ---- | M] () -- C:\Windows\SysWow64\%TMP%
[2014.07.19 23:30:43 | 000,001,121 | ---- | M] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2014.07.19 23:30:43 | 000,000,934 | ---- | M] () -- C:\Users\Public\Desktop\Nexus Mod Manager.lnk
[2014.07.19 22:31:04 | 000,001,347 | ---- | M] () -- C:\Users\Public\Desktop\GeForce Experience.lnk
[2014.07.18 08:54:02 | 035,524,570 | ---- | M] () -- C:\Users\<myname>\Desktop\Desktop.zip
[2014.07.15 16:31:14 | 000,000,024 | ---- | M] () -- C:\Users\<myname>\random.dat
[2014.07.15 16:30:25 | 000,000,043 | ---- | M] () -- C:\Users\<myname>\jagex_cl_oldschool_LIVE.dat
[2014.07.15 16:19:12 | 000,002,271 | ---- | M] () -- C:\Users\<myname>\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014.07.15 16:14:20 | 000,000,043 | ---- | M] () -- C:\Users\<myname>\jagex_cl_runescape_LIVE.dat
[2014.07.15 15:58:15 | 000,000,044 | ---- | M] () -- C:\Users\<myname>\jagex_cl_runescape_LIVE1.dat
[2014.07.15 15:54:18 | 000,000,023 | ---- | M] () -- C:\Users\<myname>\jagexappletviewer.preferences
[2014.07.13 15:24:27 | 000,001,156 | ---- | M] () -- C:\Users\Public\Desktop\Diablo III.lnk
[2014.07.13 02:43:30 | 000,001,044 | ---- | M] () -- C:\Users\<myname>\Desktop\TERA.lnk
[2014.07.12 18:02:40 | 000,000,331 | ---- | M] () -- C:\Users\<myname>\Documents\Preset 1.mbcfg
[2014.07.12 18:02:40 | 000,000,331 | ---- | M] () -- C:\Users\<myname>\Documents\Preset 0.mbcfg
[2014.07.12 14:59:32 | 000,000,183 | ---- | M] () -- C:\Users\Public\Desktop\Vindictus EU.url
[2014.07.04 21:41:58 | 000,001,101 | ---- | M] () -- C:\Users\<myname>\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2014.07.04 21:06:19 | 477,616,821 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2014.07.03 19:18:54 | 000,000,932 | ---- | M] () -- C:\Users\Public\Desktop\Guild Wars 2.lnk
[2014.07.02 22:05:25 | 000,214,392 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2014.07.02 22:00:56 | 000,000,653 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 4(64 bit).lnk
[2014.07.02 13:06:42 | 000,130,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2014.07.02 13:06:42 | 000,117,712 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2014.07.02 13:06:42 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2014.06.28 14:07:47 | 000,000,231 | ---- | M] () -- C:\Users\<myname>\Desktop\Watch_Dogs.url
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014.07.26 17:07:55 | 003,410,768 | ---- | C] () -- C:\Users\<myname>\Desktop\GameClient 2014-07-26 17-07-55-25.png
[2014.07.26 17:07:37 | 003,387,948 | ---- | C] () -- C:\Users\<myname>\Desktop\GameClient 2014-07-26 17-07-37-48.png
[2014.07.26 02:14:18 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2014.07.26 01:45:22 | 000,001,044 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HDDHealth.lnk
[2014.07.25 22:42:44 | 000,002,066 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2014.07.25 21:59:31 | 000,001,870 | ---- | C] () -- C:\Users\Public\Desktop\COMODO Firewall.lnk
[2014.07.25 21:56:42 | 000,002,013 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk
[2014.07.25 21:56:42 | 000,002,013 | ---- | C] () -- C:\Users\Public\Desktop\GeekBuddy.lnk
[2014.07.25 21:56:30 | 000,001,116 | ---- | C] () -- C:\Users\Public\Desktop\Comodo Dragon.lnk
[2014.07.24 23:23:14 | 000,002,059 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Web Platform Installer.lnk
[2014.07.20 14:23:34 | 000,000,919 | ---- | C] () -- C:\Users\Public\Desktop\TrueCrypt.lnk
[2014.07.20 12:15:48 | 000,001,100 | ---- | C] () -- C:\Users\<myname>\Application Data\Microsoft\Internet Explorer\Quick Launch\Oracle VM VirtualBox.lnk
[2014.07.20 12:15:48 | 000,001,076 | ---- | C] () -- C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
[2014.07.20 12:10:19 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\%TMP%
[2014.07.19 22:31:04 | 000,001,347 | ---- | C] () -- C:\Users\Public\Desktop\GeForce Experience.lnk
[2014.07.18 08:53:57 | 035,524,570 | ---- | C] () -- C:\Users\<myname>\Desktop\Desktop.zip
[2014.07.15 16:30:25 | 000,000,043 | ---- | C] () -- C:\Users\<myname>\jagex_cl_oldschool_LIVE.dat
[2014.07.15 15:58:15 | 000,000,044 | ---- | C] () -- C:\Users\<myname>\jagex_cl_runescape_LIVE1.dat
[2014.07.15 15:53:23 | 000,000,043 | ---- | C] () -- C:\Users\<myname>\jagex_cl_runescape_LIVE.dat
[2014.07.15 15:53:23 | 000,000,024 | ---- | C] () -- C:\Users\<myname>\random.dat
[2014.07.15 15:53:14 | 000,000,023 | ---- | C] () -- C:\Users\<myname>\jagexappletviewer.preferences
[2014.07.15 15:52:58 | 000,002,076 | ---- | C] () -- C:\Users\<myname>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneScape.lnk
[2014.07.13 15:24:26 | 000,001,156 | ---- | C] () -- C:\Users\Public\Desktop\Diablo III.lnk
[2014.07.13 02:43:31 | 000,001,044 | ---- | C] () -- C:\Users\<myname>\Desktop\TERA.lnk
[2014.07.12 14:59:32 | 000,000,183 | ---- | C] () -- C:\Users\Public\Desktop\Vindictus EU.url
[2014.07.04 21:41:58 | 000,001,121 | ---- | C] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2014.07.04 21:41:58 | 000,001,101 | ---- | C] () -- C:\Users\<myname>\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2014.07.03 19:18:54 | 000,000,932 | ---- | C] () -- C:\Users\Public\Desktop\Guild Wars 2.lnk
[2014.07.02 22:00:56 | 000,000,653 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 4(64 bit).lnk
[2014.07.02 21:13:21 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2014.06.28 14:07:47 | 000,000,231 | ---- | C] () -- C:\Users\<myname>\Desktop\Watch_Dogs.url
[2014.06.28 11:22:13 | 003,774,821 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin
[2014.06.28 11:21:17 | 000,026,069 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2014.05.25 13:07:14 | 000,354,304 | ---- | C] () -- C:\Windows\SysWow64\pythoncom27.dll
[2014.05.25 13:07:14 | 000,110,080 | ---- | C] () -- C:\Windows\SysWow64\pywintypes27.dll
[2014.05.25 13:07:14 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\pythoncomloader27.dll
[2014.05.12 21:11:32 | 000,214,392 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2014.05.12 21:11:31 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2014.05.10 20:54:24 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2014.05.06 09:49:18 | 005,117,607 | ---- | C] () -- C:\Users\<myname>\1.7.2-Forge10.12.1.1065.jar
[2014.05.01 01:57:36 | 001,593,558 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014.05.01 01:52:48 | 006,664,704 | ---- | C] () -- C:\Windows\REMOVEWAT.EXE
[2014.04.30 22:38:32 | 000,002,165 | ---- | C] () -- C:\Users\<myname>\AppData\Roaming\EasyToolz.ini
[2014.04.30 21:36:56 | 000,007,605 | ---- | C] () -- C:\Users\<myname>\AppData\Local\Resmon.ResmonCfg
[2013.07.18 14:32:38 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2013.07.18 14:32:34 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2013.07.18 14:32:34 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2013.07.18 14:32:34 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2013.07.18 14:32:34 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2013.03.01 03:47:36 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2013.02.13 12:27:54 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
[2012.09.28 21:45:06 | 000,247,296 | ---- | C] () -- C:\Windows\SysWow64\rtvcvfw32.dll

========== ZeroAccess Check ==========

[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014.03.25 04:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014.03.25 04:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2014.07.25 15:26:21 | 000,000,000 | ---D | M] -- C:\Users\<myname>\AppData\Roaming\.minecraft
[2014.05.04 13:41:59 | 000,000,000 | ---D | M] -- C:\Users\<myname>\AppData\Roaming\.technic
[2014.06.25 17:35:28 | 000,000,000 | ---D | M] -- C:\Users\<myname>\AppData\Roaming\Aeria Games & Entertainment
[2014.05.06 01:00:34 | 000,000,000 | ---D | M] -- C:\Users\<myname>\AppData\Roaming\Autodesk
[2014.06.07 12:42:51 | 000,000,000 | ---D | M] -- C:\Users\<myname>\AppData\Roaming\Battle.net
[2014.06.25 12:21:22 | 000,000,000 | ---D | M] -- C:\Users\<myname>\AppData\Roaming\Bullet Candy
[2014.04.30 23:43:37 | 000,000,000 | ---D | M] -- C:\Users\<myname>\AppData\Roaming\CPUControl
[2014.04.30 21:14:50 | 000,000,000 | ---D | M] -- C:\Users\<myname>\AppData\Roaming\Craften Terminal
[2014.05.31 21:10:16 | 000,000,000 | ---D | M] -- C:\Users\<myname>\AppData\Roaming\Crytek
[2014.05.02 17:47:39 | 000,000,000 | ---D | M] -- C:\Users\<myname>\AppData\Roaming\DAEMON Tools Lite
[2014.05.25 10:42:06 | 000,000,000 | ---D | M] -- C:\Users\<myname>\AppData\Roaming\DarkSoulsII
[2014.04.30 21:40:59 | 000,000,000 | ---D | M] -- C:\Users\<myname>\AppData\Roaming\Easeware
[2014.05.01 14:52:08 | 000,000,000 | ---D | M] -- C:\Users\<myname>\AppData\Roaming\ftblauncher
[2014.07.03 23:09:23 | 000,000,000 | ---D | M] -- C:\Users\<myname>\AppData\Roaming\Guild Wars 2
[2014.07.26 01:45:29 | 000,000,000 | ---D | M] -- C:\Users\<myname>\AppData\Roaming\HDDHealth
[2014.07.02 21:16:18 | 000,000,000 | ---D | M] -- C:\Users\<myname>\AppData\Roaming\iMobie
[2014.05.01 01:53:47 | 000,000,000 | ---D | M] -- C:\Users\<myname>\AppData\Roaming\java
[2014.05.01 02:14:46 | 000,000,000 | ---D | M] -- C:\Users\<myname>\AppData\Roaming\library_dir
[2014.04.30 22:47:12 | 000,000,000 | ---D | M] -- C:\Users\<myname>\AppData\Roaming\MotioninJoy
[2014.07.09 14:06:19 | 000,000,000 | ---D | M] -- C:\Users\<myname>\AppData\Roaming\Mount&Blade Warband
[2014.06.19 23:10:49 | 000,000,000 | ---D | M] -- C:\Users\<myname>\AppData\Roaming\MultiBit
[2014.05.01 13:38:18 | 000,000,000 | ---D | M] -- C:\Users\<myname>\AppData\Roaming\Notepad++
[2014.05.12 21:05:27 | 000,000,000 | ---D | M] -- C:\Users\<myname>\AppData\Roaming\Origin
[2014.05.07 20:21:29 | 000,000,000 | ---D | M] -- C:\Users\<myname>\AppData\Roaming\RadeonPro
[2014.05.02 21:51:58 | 000,000,000 | ---D | M] -- C:\Users\<myname>\AppData\Roaming\RIFT
[2014.07.16 00:58:54 | 000,000,000 | ---D | M] -- C:\Users\<myname>\AppData\Roaming\RotMG.Production
[2014.06.14 14:13:37 | 000,000,000 | ---D | M] -- C:\Users\<myname>\AppData\Roaming\Samsung
[2014.05.01 00:08:59 | 000,000,000 | ---D | M] -- C:\Users\<myname>\AppData\Roaming\sweet-page
[2014.07.15 12:19:24 | 000,000,000 | ---D | M] -- C:\Users\<myname>\AppData\Roaming\Synthesia
[2014.05.10 12:53:27 | 000,000,000 | ---D | M] -- C:\Users\<myname>\AppData\Roaming\TeamViewer
[2014.05.11 15:26:19 | 000,000,000 | ---D | M] -- C:\Users\<myname>\AppData\Roaming\TERA
[2014.06.25 19:36:58 | 000,000,000 | ---D | M] -- C:\Users\<myname>\AppData\Roaming\The Creative Assembly
[2014.05.28 12:31:43 | 000,000,000 | ---D | M] -- C:\Users\<myname>\AppData\Roaming\To the Moon - Freebird Games
[2014.07.20 15:52:23 | 000,000,000 | ---D | M] -- C:\Users\<myname>\AppData\Roaming\TrueCrypt
[2014.07.22 23:22:43 | 000,000,000 | ---D | M] -- C:\Users\<myname>\AppData\Roaming\TS3Client
[2014.07.20 21:54:10 | 000,000,000 | ---D | M] -- C:\Users\<myname>\AppData\Roaming\uTorrent
[2014.05.29 13:23:50 | 000,000,000 | ---D | M] -- C:\Users\<myname>\AppData\Roaming\XRay Engine
[2014.05.17 13:10:04 | 000,000,000 | ---D | M] -- C:\Users\<myname>\AppData\Roaming\Zeal Game Studio

========== Purity Check ==========



< End of report >

If needed, i can provide the extras.txt
  • 0

Advertisements

#2
Machiavelli
Posted 27 July 2014 - 12:18 PM

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts

Hello and Welcome on board Daisy_,

my Name is Machiavelli and I will assist you with your problem.
If you booted into safe mode on your computer then print my instructions!
I'm in the 'Malware Staff Team' and will provide you with advice:

To remove Malware on a computer can be very complicated. Malware (malicious software) is able to hide and so I may not be able to find it so easily. In order to remove Malware from you Computer, you need to follow my instructions carefully. Don't be worried if you don't know what to do. just ask me! Please stay in contact with me until the problem is fixed.

Below are a few tips:

  • Removing Malware is usually very difficult.
    We need to search and analyse a lot of files. As this is done in our free time, please be patient especially if I don't answer every day!
  • Please follow these instructions
    If you don't follow the instructions your computer may crash. If you fix your PC by yourself, this can be very risky!
  • Please stay in contact with me until your problem is resolved
    As Malware may not be totally removed in one session or in one day, please stay in contact with me until the problem is resolved.
  • Please don't run any other tools without consulting with me as this can complicate finding and removing all Malware
    Don't run any tools while I'm fixing your PC. That is counter productive and again, will only complicate finding and removing all Malware!
  • Read my post completely
    If you don't do so, you may make mistakes that could result in your System crashing by your own actions!

 
 

( why should I? )

To protect you from nasty software like Trojans, Adware etc.
 

Comodo found a maybe harmfull .dll and avira found also something.

I need the reports, please.

 
 

Folder = C:\Users\<myname>\Downloads

OTL must be saved under your Desktop - please move OTL.exe to your Desktop.
 

Drive C: | 931,41 Gb Total Space | 36,81 Gb Free Space | 3,95% Space Free | Partition Type: NTFS

I see you have only less than 15% free space on your PC. That is another reason for the slowness of your computer. Because of that I recommend uninstalling software which you don't use at all.
 

[2014.07.20 21:54:10 | 000,000,000 | ---D | M] -- C:\Users\<myname>\AppData\Roaming\uTorrent

 

IMPORTANT I see, you have one or more P2P (Person to Person) programs installed.
 
1.) You have following P2P program installed: uTorrent
2.) If you download files from non-documented sources per a P2P File sharing Program, you can expect a infection of malware. That isn't good for your PC. A long time ago File-sharing with P2P programs like UTorrent was fairly safe. But at this time it isn't true any more. Of course you can use P2P programs at your own risk, but that is maybe your source of your infection. It would be nice if you read this here. So after reading the text you will recognize why you shouldn't have them.
3.) Please read this reports about the danger of P2P Programs:

4.) I would recommend that you uninstall the above. That would be nice. If you like to uninstall the P2P Program, you can do it via Start >> Control Panel >> Add or Remove Programs
5.) If you want to keep the program on your computer , don't use it while we are fixing your computer!

 

 

 

I need to take a look at the Extras.txt which should be located here: C:\Users\<myname>\Downloads


  • 0

#3
Daisy_
Posted 27 July 2014 - 03:59 PM

Daisy_

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Here is the extra

OTL Extras logfile created on: 27.07.2014 18:39:14 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\<myname>\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17207)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

7,94 Gb Total Physical Memory | 4,85 Gb Available Physical Memory | 61,12% Memory free
15,88 Gb Paging File | 12,12 Gb Available in Paging File | 76,32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 36,81 Gb Free Space | 3,95% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 147,00 Gb Free Space | 15,78% Space Free | Partition Type: NTFS

Computer Name: <myname>-PC | User Name: <myname> | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Windows.old\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01C45B8A-4111-4451-A5AB-48EC88EBA28B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0E23C7D7-A51B-4077-86D8-3DBA3F01E544}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2D3F3BD5-EB37-4653-AF99-0EC43B636EA8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{34FFC232-2BC7-41D9-9055-56779F075917}" = lport=10243 | protocol=6 | dir=in | app=system |
"{4C2BDB31-A977-47CC-ADEA-9235E81CA75B}" = lport=139 | protocol=6 | dir=in | app=system |
"{55D438CE-FE42-4C33-B8A1-AB2B4C5A18C8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5A2D6D5D-D76B-4681-A548-F017AF847D8D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{5CAEBA67-B176-4558-A26D-49945007AACE}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{62DF2F89-2E69-457E-BE79-F8A3E9D4F637}" = lport=445 | protocol=6 | dir=in | app=system |
"{673A8D15-D309-433E-AB2C-5DEA4270F0BE}" = lport=3702 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft visual studio 11.0\common7\ide\devenv.exe |
"{68EBF520-8FCA-4C09-9989-32E998899B80}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"{7A44B31A-80F4-4AF0-A888-E3E98E45CDFA}" = lport=6915 | protocol=6 | dir=in | app=c:\program files (x86)\microsoft visual studio 11.0\common7\ide\devenv.exe |
"{81A18D79-24F6-47FF-915B-FF468A328CD3}" = lport=6917 | protocol=6 | dir=in | app=c:\program files (x86)\microsoft visual studio 11.0\common7\ide\devenv.exe |
"{85F12B09-8363-4389-874E-3FBA8FD2EC81}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8D505EF7-E453-4DA1-8936-B6A939D4A30B}" = rport=10243 | protocol=6 | dir=out | app=system |
"{98505BF5-E421-45AE-A478-DA9DC89EC54B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9ADE6207-A87B-464F-B7F9-838B3D114FB3}" = lport=137 | protocol=17 | dir=in | app=system |
"{ACDE0C6F-FFA9-44B3-AC82-0FD92972D163}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{B606E03A-4013-4C44-9CF4-CF1320F677B2}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{B8D725AD-FB65-4861-AAEC-692F61EE2795}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{BDCF636F-1A25-42F0-97CB-8BB95CEAED39}" = rport=139 | protocol=6 | dir=out | app=system |
"{BF72DF73-3277-4645-90CD-FB3DEECA714F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C62CBE0E-B4C9-43E0-9376-85332FEED59E}" = rport=138 | protocol=17 | dir=out | app=system |
"{CD370D6D-D657-4198-A3BF-039E62A204E5}" = lport=138 | protocol=17 | dir=in | app=system |
"{D271A9A2-E2AF-4452-B647-DCBB12CD1A56}" = lport=6916 | protocol=6 | dir=in | app=c:\program files (x86)\microsoft visual studio 11.0\common7\ide\devenv.exe |
"{D54867E2-A944-4822-BEEF-4A3C15D14B3E}" = lport=6920 | protocol=6 | dir=in | app=c:\program files (x86)\microsoft visual studio 11.0\common7\ide\devenv.exe |
"{D68CA914-0DA8-44FD-954C-F4A44E9A9BAD}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D936A58A-2A41-4C01-987B-9DACE5D2BA9D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{E26EA13D-B754-4238-A52E-52DB1EA52455}" = rport=137 | protocol=17 | dir=out | app=system |
"{EBA476E2-9481-499C-945E-E0B456CDCFC0}" = rport=445 | protocol=6 | dir=out | app=system |
"{F5E5C2AF-F2AF-4606-8235-52BDEC897FF4}" = lport=47984 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{F5EEBD6D-70BB-41BD-9D96-4604CA95149D}" = lport=6919 | protocol=6 | dir=in | app=c:\program files (x86)\microsoft visual studio 11.0\common7\ide\devenv.exe |
"{F6B85B6A-D80C-4F21-937C-6D4746D1CA40}" = lport=6918 | protocol=6 | dir=in | app=c:\program files (x86)\microsoft visual studio 11.0\common7\ide\devenv.exe |
"{FD84D79F-11A4-4320-BBFA-C898A5676731}" = lport=80 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
"{FE08DC16-5462-4A40-A54A-AB3C57EAFC69}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FF3670F2-C240-4AB9-A0B6-380FB1A70A52}" = lport=443 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{001159B3-A58E-4AAA-928B-E607FCC6467E}" = protocol=6 | dir=in | app=d:\games\battlefield 4\bf4_x86.exe |
"{0297E307-9593-4DDC-BD0E-BFB7732B8773}" = protocol=17 | dir=in | app=c:\steamgames\steamapps\common\hacker evolution\hackerevolution.exe |
"{04D63670-128D-4826-84D2-733E8FB4531A}" = protocol=6 | dir=in | app=c:\steamgames\steamapps\common\tabletop simulator\tabletop simulator.exe |
"{0557E68F-8760-4B0A-9D70-052714D7AA9F}" = protocol=6 | dir=in | app=c:\steamgames\steamapps\common\blade symphony\berimbau.exe |
"{05CBAC0A-D772-4B82-8EB6-F01A13EAABE3}" = protocol=6 | dir=in | app=d:\steamlibrary\steamapps\common\outlast\outlastlauncher.exe |
"{086974E8-E57E-4A86-B1E5-A2665D8332EC}" = protocol=17 | dir=in | app=c:\steamgames\steamapps\common\firefall\system\bin\firefallclient.exe |
"{0930F798-E691-4F24-9D66-75BAE5A866ED}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0972EDA4-7E2A-4E53-8EC5-1C8A897FC536}" = protocol=6 | dir=in | app=d:\steamlibrary\steamapps\common\teleglitchdme\teleglitch.exe |
"{0B14B01B-B0B1-4066-B927-26DD98F7B691}" = protocol=17 | dir=in | app=c:\steamgames\steamapps\common\hacker evolution untold\hacker evolution untold.exe |
"{0C43FB59-DB23-4F62-A9D4-7B842C87200C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{0C8F94BF-E1F2-4B79-AE3D-AB5598904D81}" = protocol=17 | dir=in | app=d:\steamlibrary\steamapps\common\outlast\outlastlauncher.exe |
"{0CF60EE4-B3F3-4090-A515-437E0E209596}" = protocol=17 | dir=in | app=d:\steamlibrary\steamapps\common\stronghold crusader extreme\stronghold_crusader_extreme.exe |
"{0D1CAD0F-077D-4602-A6FB-838934D16DC7}" = protocol=6 | dir=in | app=d:\steamlibrary\steam.exe |
"{0E894F3A-1438-4EE6-ADC5-6BBAAB805D4A}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3109\agent.exe |
"{0F288819-CE7E-4870-AFB6-B8974EBCBFD3}" = protocol=6 | dir=in | app=d:\steamlibrary\steamapps\common\plagueinc\plagueincevolved.exe |
"{0F6225B7-81F8-4089-9060-62765364890D}" = protocol=17 | dir=in | app=c:\steamgames\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe |
"{0F80D179-F2A3-4A51-B4E5-D02006C56FD1}" = protocol=6 | dir=in | app=c:\steamgames\steamapps\common\unepic\unepic.exe |
"{10786120-F5F5-48A5-B2F0-20FFDA61B208}" = protocol=17 | dir=in | app=c:\steamgames\steamapps\common\metal gear rising revengeance\metal gear rising revengeance.exe |
"{118DFED3-526F-47B2-81BE-AB7162DF6103}" = protocol=17 | dir=in | app=c:\steamgames\steamapps\common\hacker evolution\hackerevolutionmodeditor.exe |
"{131FC56D-CBE1-4CF8-A4A0-64C6B937EAA4}" = protocol=17 | dir=in | app=d:\steamlibrary\steamapps\common\plagueinc\plagueincevolved.exe |
"{13412F97-6549-4FB6-8594-64C0BF11981A}" = protocol=17 | dir=in | app=c:\steamgames\steamapps\common\state of decay\stateofdecay.exe |
"{149A271D-CF99-4725-B640-754484F312AC}" = protocol=17 | dir=in | app=d:\steamlibrary\steamapps\common\contagionbeta\contagion.exe |
"{152B72E2-6857-41B6-8738-234ADF8964F5}" = protocol=17 | dir=in | app=c:\steamgames\steamapps\common\rpgvxace\rpgvxace.exe |
"{175B8E67-75F2-43F7-8E05-49B0983CC121}" = protocol=6 | dir=in | app=d:\steamlibrary\steamapps\common\hammerwatch\hammerwatch.exe |
"{17BF19A5-1B2C-44A0-863C-87295D8812FD}" = protocol=6 | dir=in | app=d:\steamlibrary\steamapps\common\dark souls ii\game\darksoulsii.exe |
"{18EC1CEA-FE45-4621-A94A-C2020F83492C}" = protocol=6 | dir=in | app=c:\steamgames\steamapps\common\port royale 3\portroyale3.exe |
"{1A318C3A-C8F0-40BC-800C-7B77FC211CA8}" = protocol=6 | dir=in | app=c:\steamgames\steamapps\common\mountblade warband\mb_warband.exe |
"{1B26BF3B-98FA-4425-9763-678E6CCCFC39}" = protocol=6 | dir=in | app=c:\steamgames\steamapps\common\natural selection 2\ns2.exe |
"{1C06B4C7-AAD1-4030-853E-70A1901952FD}" = protocol=17 | dir=in | app=c:\steamgames\steamapps\common\the divinity engine\thedivinityengine.exe |
"{1DE0EBC1-4E7E-4B33-8C25-2572589A16C9}" = protocol=6 | dir=in | app=c:\steamgames\steamapps\common\half minute hero\hmh.exe |
"{1F334CAD-0773-400D-91C7-D9465CE16F8D}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max 2015\nvidia\satellite\raysat_3dsmax2015_64.exe |
"{20009D64-C4A5-4FCB-A260-2A4F8AB53731}" = dir=in | app=%programfiles% (x86)\cain\cain.exe |
"{204C5EB0-6629-46A5-8F2D-BD8305968959}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{213E3116-7CED-43BB-B9AF-24182AB0BCA4}" = protocol=6 | dir=in | app=c:\steamgames\steamapps\common\the witcher 2\launcher.exe |
"{21943B94-A213-4875-ACF0-040062CED502}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2516D57D-F10A-4D63-9978-858F8024DF93}" = protocol=6 | dir=in | app=c:\steamgames\steamapps\common\hacker evolution untold\hacker evolution untold.exe |
"{2680D517-815D-4356-8EA7-ECD641903F14}" = protocol=17 | dir=in | app=d:\steamlibrary\steamapps\common\hammerwatch\hammerwatch.exe |
"{269D2EC1-AB8D-40CA-AD83-C70D70161112}" = protocol=6 | dir=in | app=d:\steamlibrary\steamapps\common\divinity - original sin\shipping\eocapp.exe |
"{28B98BF3-3348-4864-9555-164BA9602057}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2C6B64A1-14DB-4744-81AC-794DAAC7FCD4}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe |
"{2DA856B9-3022-4DB2-AC1D-B6876ECA4695}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3147\agent.exe |
"{2F1B9AC8-3796-4183-ABB4-C551CF60C1AB}" = protocol=17 | dir=in | app=c:\steamgames\steamapps\common\skyrim\skyrimlauncher.exe |
"{2F34E01B-38ED-4E79-BC30-698C6E052642}" = protocol=17 | dir=in | app=c:\program files (x86)\cain\cain.exe |
"{2FA9F208-2485-4143-A164-9E81DE0070C6}" = protocol=17 | dir=in | app=c:\steamgames\steamapps\common\saints row the third\game_launcher.exe |
"{3296B28D-93A1-4A43-8C96-835DC4CA2AB8}" = protocol=17 | dir=in | app=c:\steamgames\steamapps\common\port royale 3\portroyale3.exe |
"{32CD2980-F38F-4D52-AFA5-56B0EA8F8F43}" = protocol=17 | dir=in | app=c:\nexon\vindictus eu\en-eu\nmservice.exe |
"{35A2DD00-7FEA-442F-8868-57D96FE23114}" = protocol=17 | dir=in | app=c:\steamgames\steamapps\common\tabletop simulator\tabletop simulator.exe |
"{3730F6AC-FF2C-412F-99B0-864BBFDB9640}" = protocol=6 | dir=in | app=d:\steamlibrary\steamapps\common\terraria\terraria.exe |
"{3846CC38-5A69-4BFB-91BA-47410D9C7D12}" = protocol=17 | dir=in | app=d:\steamlibrary\steamapps\common\the binding of isaac\isaac.exe |
"{392A3B78-7BE1-4203-B111-989B6D996BE5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{39475493-445B-4052-857D-ED674E3FE727}" = protocol=6 | dir=in | app=c:\steamgames\steamapps\common\hitman absolution\hma.exe |
"{3AACD153-BA30-4D0A-A6E0-D7B95C116E75}" = protocol=6 | dir=in | app=d:\games\battlefield 4\bf4.exe |
"{3AFFDB05-60D6-43FF-B3D7-D5427C770A4C}" = protocol=6 | dir=in | app=c:\steamgames\steamapps\common\hacker evolution\hackerevolution.exe |
"{3B4DB22B-B80B-468F-9B7B-86B4519E0484}" = protocol=6 | dir=in | app=c:\steamgames\steamapps\common\a game of dwarves\a game of dwarves.exe |
"{3BC8003A-F07F-4663-9420-9EEE1EA630DE}" = protocol=6 | dir=in | app=c:\steamgames\steamapps\common\defiance\patcher.exe |
"{3D26D2FB-4994-46F2-A8A7-6AEEF962717E}" = protocol=6 | dir=in | app=c:\program files (x86)\hearthstone\hearthstone.exe |
"{3D44694B-23B7-4C92-9B10-DA15E32B94D2}" = protocol=6 | dir=in | app=d:\steamlibrary\steamapps\common\stronghold crusader extreme\stronghold_crusader_extreme.exe |
"{3D5F26F9-31FD-4CAC-9316-3A6A93307561}" = protocol=6 | dir=in | app=c:\steamgames\steamapps\common\cryptic studios\neverwinter.exe |
"{3E8325A5-1845-4015-9780-FD9E2828754D}" = protocol=6 | dir=in | app=d:\steamlibrary\steamapps\common\the binding of isaac\isaac.exe |
"{3E834685-172B-4278-BFBC-F9F9BD06DC88}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3182\agent.exe |
"{3EDC95C6-E582-44AB-9DC9-FBE092B3D79E}" = protocol=17 | dir=in | app=c:\steamgames\steamapps\common\cryptic studios\neverwinter.exe |
"{40222773-5B70-44BB-B537-96827CEFFD10}" = protocol=17 | dir=in | app=c:\steamgames\steamapps\common\chivalrymedievalwarfare\chivlauncher.exe |
"{40818F6C-0392-4B89-A98B-C97AED8D7E50}" = protocol=6 | dir=in | app=c:\steamgames\steamapps\common\skyrim\skyrimlauncher.exe |
"{409D2EEF-69E9-4CF8-A1E9-FFE7CC679664}" = protocol=17 | dir=in | app=c:\steamgames\steamapps\common\half minute hero\hmh.exe |
"{40DB2B98-288C-45A2-86C7-D432789F9B88}" = protocol=6 | dir=in | app=c:\steamgames\steamapps\common\projectzomboid\projectzomboid64.exe |
"{413ADB0D-7B32-4AC5-A00A-E9C95D76A685}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe |
"{41457E8D-AE09-40FB-9D8A-3901E3EC4DB8}" = protocol=6 | dir=in | app=c:\steamgames\steamapps\common\pixel piracy\pixelpiracy.exe |
"{41675639-11E5-44DB-961A-19B348C602A5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{429AC3C3-E56A-4E64-86D1-964497B20766}" = protocol=17 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe |
"{44CF9FD0-639B-409E-8E61-D76211E06479}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\games\watch_dogs\bin\watch_dogs.exe |
"{4523F007-61C3-4898-AF73-918709569352}" = protocol=17 | dir=in | app=c:\steamgames\steamapps\common\a game of dwarves\a game of dwarves.exe |
"{45781853-5387-448E-A3F2-6C44D23801D1}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max 2015\nvidia\satellite\raysat_3dsmax2015_64server.exe |
"{4694DB9A-5353-4C43-A71C-3352C1088B46}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{47B0295F-4C9C-4243-8F06-9FC24BB2B1A8}" = protocol=17 | dir=in | app=c:\steamgames\steamapps\common\left 4 dead 2\left4dead2.exe |
"{47C5857C-EC25-4122-A30C-DF4533BFBC6E}" = protocol=6 | dir=in | app=c:\steamgames\steamapps\common\the divinity engine\thedivinityengine.exe |
"{47DF6FA2-061D-419A-9B63-76A5694F2E15}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{47E5A4F7-2AB0-4911-86EE-0EE3AF713633}" = protocol=17 | dir=in | app=d:\steamlibrary\steamapps\common\just cause 2 - multiplayer mod\jcmplauncher.exe |
"{4821C6B4-D464-488A-928A-92A8EFF38F15}" = protocol=6 | dir=in | app=c:\steamgames\steamapps\common\fallout 3 goty\falloutlauncher.exe |
"{497D59F2-F704-4FF3-B4D9-83582E14D439}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{49CC0368-C89E-4A39-822C-1529BAF54A74}" = protocol=17 | dir=in | app=d:\games\battlefield 4\bf4_x86.exe |
"{4AB6CC03-575D-4536-B227-49FBC9C9193B}" = protocol=6 | dir=in | app=c:\steamgames\steamapps\common\chivalrymedievalwarfare\chivlauncher.exe |
"{4CF021A4-120D-4333-A455-F4DB757382C8}" = protocol=6 | dir=in | app=d:\steamlibrary\steamapps\common\trine 2\trine2_launcher.exe |
"{4E99C57B-C256-4AE9-A249-CEA94047CC92}" = protocol=6 | dir=in | app=d:\steamlibrary\steamapps\common\dont_starve\bin\dontstarve_steam.exe |
"{4EC1AB1B-F6D2-4F8E-832A-6F35B861179C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4FC7B5AA-57FD-40C8-BAE0-D6B5AA0CDE4F}" = protocol=6 | dir=in | app=c:\steamgames\steamapps\common\firefall\system\bin\firefallclient.exe |
"{521D4E7C-CA29-4330-9742-6E4EE52DC369}" = protocol=6 | dir=in | app=c:\steamgames\steamapps\common\metal gear rising revengeance\metal gear rising revengeance.exe |
"{52345C8A-E3EF-415E-8979-1C8B9CD65E2C}" = protocol=6 | dir=in | app=c:\steamgames\steamapps\common\infested planet\infestedplanet.exe |
"{53D65395-D8C6-4F17-94BC-EABA3B369225}" = protocol=17 | dir=in | app=c:\steamgames\steamapps\common\unepic\unepic.exe |
"{56AE4D2B-6920-4276-84A8-5B316FEA1EB5}" = protocol=6 | dir=in | app=c:\nexon\vindictus eu\en-eu\nmservice.exe |
"{59F59B33-1C18-44A5-BFA9-8004CC79C0F6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5AE3EB52-8F0F-4F90-A413-7DA090F331ED}" = protocol=17 | dir=in | app=c:\steamgames\steamapps\common\saints row the third\saintsrowthethird_dx11.exe |
"{5C89C13D-9310-430A-BC45-9BB452111493}" = protocol=17 | dir=in | app=c:\steamgames\steamapps\common\alan wake\alanwake.exe |
"{5C9A5D15-C604-4A8C-92F3-DF6D76A06641}" = protocol=17 | dir=in | app=c:\steamgames\steamapps\common\saints row the third\saintsrowthethird.exe |
"{60B898A2-484A-4D78-931A-9127AEFEA22F}" = protocol=17 | dir=in | app=c:\steamgames\steamapps\common\counter-strike source\hl2.exe |
"{619976A4-988D-4C21-9F99-71BD44519F1D}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{6545DC6A-60A4-4777-AD79-CE54A3CC2A3B}" = protocol=6 | dir=in | app=c:\steamgames\steamapps\common\hotline_miami\hotlinemiami.exe |
"{66F9A767-371F-42CE-A7F2-A89492401C85}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{69CCC253-C203-4167-8D4F-64DD057315BD}" = protocol=17 | dir=in | app=d:\steamlibrary\steamapps\common\teleglitchdme\teleglitch.exe |
"{6D5C8D33-1CCC-4BAD-9010-E41BC6654AC4}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{6DC663BA-7F90-4E38-89FE-7CA81FEC3E19}" = protocol=6 | dir=in | app=d:\steamlibrary\steamapps\common\half-life 2\hl2.exe |
"{70DE3C5E-878E-437C-B3B4-537C7E94096C}" = protocol=6 | dir=in | app=d:\steamlibrary\steamapps\common\just cause 2 - multiplayer mod\jcmplauncher.exe |
"{710C669B-16F4-4602-8CE1-6CD9D808E8B3}" = protocol=6 | dir=in | app=c:\steamgames\steamapps\common\saints row the third\game_launcher.exe |
"{712FBC02-3BFA-4692-B16B-3F4226E8A979}" = protocol=6 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe |
"{7184C76D-333E-41DB-B4BA-1869E69F46A2}" = protocol=17 | dir=in | app=c:\steamgames\steamapps\common\natural selection 2\ns2.exe |
"{76558D6E-896B-4426-9CBF-A9C37D7CFCD1}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{7798C6C1-EE44-4BA2-BB27-893879F10B89}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3147\agent.exe |
"{77B99605-2AC6-4853-B4D9-D0863BE5DB64}" = protocol=6 | dir=in | app=c:\steamgames\steamapps\common\divinity - original sin\shipping\eocapp.exe |
"{7861B053-2F07-4D90-930F-3864953722F1}" = protocol=17 | dir=in | app=c:\users\<myname>\appdata\roaming\utorrent\utorrent.exe |
"{7984C089-0EE9-4CC1-B1CE-F0F646122B44}" = protocol=6 | dir=in | app=d:\steamlibrary\steamapps\common\metro last light\metroll.exe |
"{798A0803-88CA-4547-95BB-8D29D536189E}" = protocol=17 | dir=in | app=d:\steamlibrary\steamapps\common\prison architect\prison architect.exe |
"{79BA72B2-F572-4199-ACEA-DC71625433E8}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{79C45433-3D38-4760-93C4-1EEF1073A5EB}" = protocol=6 | dir=in | app=c:\users\<myname>\appdata\roaming\utorrent\utorrent.exe |
"{7A7B3AE4-4BCF-4FDB-B845-5A5AC750209A}" = protocol=6 | dir=in | app=c:\steamgames\steamapps\common\hacker evolution\hackerevolutionmodeditor.exe |
"{7A818BFA-22C5-4B0F-94D4-9A2B152E3A9E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{7ACCD00D-B3C8-42CC-BDF0-D8984ECBED8E}" = protocol=6 | dir=in | app=d:\steamlibrary\steamapps\common\prison architect\prison architect.exe |
"{7BB2B10C-2FA7-403D-ACBF-5DBF39C000F9}" = protocol=17 | dir=in | app=c:\steamgames\steamapps\common\sonic generations\sonicgenerations.exe |
"{7C35F94D-C9EB-4713-B2D6-350703D4F05D}" = protocol=17 | dir=in | app=d:\steamlibrary\steamapps\common\terraria\terraria.exe |
"{7C5552F1-B44E-49E3-8AC7-1D11E966E56D}" = protocol=17 | dir=in | app=d:\steamlibrary\steamapps\common\hammerwatch\editor\hammereditor.exe |
"{7E12549C-7CD5-4B0D-98C9-A03F21D69845}" = protocol=6 | dir=in | app=c:\steamgames\steamapps\common\saints row the third\saintsrowthethird.exe |
"{7E93C3FC-66C0-405C-BA77-614B3B5D8990}" = protocol=17 | dir=in | app=c:\steamgames\steamapps\common\projectzomboid\projectzomboid64.exe |
"{7F925F33-C1EE-492B-8D07-CD214915B235}" = protocol=1 | dir=out | [email protected],-28544 |
"{8139DCF9-03FE-48FF-88E2-400C19A58BC7}" = protocol=17 | dir=in | app=c:\steamgames\steamapps\common\banished\application-steam-x64.exe |
"{82A51432-271B-4BC5-92D2-45A5739A2DF6}" = protocol=17 | dir=in | app=c:\steamgames\steamapps\common\legendofdungeon\legendofdungeon.exe |
"{83137501-C810-40E2-9F79-71E03BF23433}" = protocol=17 | dir=in | app=d:\steamlibrary\steamapps\common\fear2\fear2.exe |
"{83B3E3AC-60CD-483E-96D3-4C1E8E69C0BA}" = protocol=6 | dir=in | app=d:\steamlibrary\steamapps\common\contagionbeta\contagion.exe |
"{8447FACB-847F-44F3-9E69-064FE7B6C7AA}" = protocol=17 | dir=in | name=divinity1 |
"{84717518-6BE3-42E8-81F4-8A6F25D15648}" = protocol=58 | dir=out | [email protected],-28546 |
"{8503A81D-30D1-4ADE-BF73-E5274721CC8A}" = protocol=17 | dir=in | app=c:\steamgames\steamapps\common\mountblade warband\mb_warband.exe |
"{858694B9-9724-4B3F-8C07-034FB64F9B53}" = protocol=17 | dir=in | app=c:\steamgames\steamapps\common\borderlands 2\binaries\win32\launcher.exe |
"{87C29F07-06A6-4A8D-A345-C43BBF58878F}" = protocol=17 | dir=in | app=c:\steamgames\steamapps\common\to the moon\to the moon\to the moon.exe |
"{8902FAB9-8B6B-4087-966F-0889231111F2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{89C3662B-2931-4A10-8C9C-C9FFAC9EA789}" = protocol=17 | dir=in | app=d:\steamlibrary\steamapps\common\half-life 2\hl2.exe |
"{8A3B64DD-D2AC-4D54-A8E3-0CCF238823D5}" = protocol=17 | dir=in | app=c:\steamgames\steamapps\common\hitman absolution\hma.exe |
"{8AA34709-D56A-4B26-84D4-3B6B927C8E73}" = protocol=6 | dir=in | app=c:\steamgames\steamapps\common\realm of the mad god\realm of the mad god.exe |
"{8BBF5E77-224A-4A1B-BFBA-98A25E9CFCF1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8BD8FBFB-2E4D-4B4B-BFEB-C9B2D73E2FC3}" = protocol=17 | dir=in | app=d:\steamlibrary\steamapps\common\kerbal space program\ksp.exe |
"{8EC91FA0-ACCB-4FE0-A03B-2169A06DECF2}" = protocol=17 | dir=in | app=c:\steamgames\steamapps\common\divinity - original sin\shipping\eocapp.exe |
"{8F9F4682-2892-4FFC-BD57-2CDEA5517732}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2880\agent.exe |
"{8FEDFDF7-4E96-41E5-8000-E94EB15BA777}" = protocol=6 | dir=in | app=c:\steamgames\steamapps\common\legendofdungeon\legendofdungeon.exe |
"{8FF90EBA-8FF6-4959-8C63-53364CC0F0D1}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{909C5715-E373-44E9-B2AD-13E7A6C38F2D}" = protocol=6 | dir=in | app=d:\steamlibrary\steamapps\common\garrysmod\hl2.exe |
"{949463D7-49DA-4FA9-B890-7B124FEC0441}" = protocol=6 | dir=in | app=c:\steamgames\steamapps\common\to the moon\to the moon\to the moon.exe |
"{9972B615-F111-4700-A3CB-77759027E446}" = protocol=6 | dir=in | app=d:\steamlibrary\steamapps\common\kerbal space program\ksp.exe |
"{9AE57073-D4E4-466E-BB15-A0B0402BD9C0}" = protocol=17 | dir=in | app=c:\program files (x86)\hearthstone\hearthstone.exe |
"{9C78E69A-3943-4AE6-BEB1-C023ED753684}" = protocol=6 | dir=in | app=c:\steamgames\steamapps\common\counter-strike global offensive\csgo.exe |
"{9C9AC8D6-D8F2-489A-A201-E4733EBA91E6}" = protocol=17 | dir=in | app=c:\steamgames\steamapps\common\saints row iv\saintsrowiv.exe |
"{9CF0195D-0037-480C-A8E8-B388FFDCB96B}" = protocol=17 | dir=in | app=c:\program files (x86)\battle.net\battle.net.exe |
"{9D2AAA9B-BC56-4BB1-8C6D-FFCF739501DE}" = protocol=17 | dir=in | app=c:\steamgames\steamapps\common\realm of the mad god\realm of the mad god.exe |
"{9EA12266-F397-45B8-B0D9-844BE3BDC762}" = protocol=17 | dir=in | app=c:\steamgames\steamapps\common\defiance\patcher.exe |
"{A44B4778-DD51-4C7F-8648-4EA0186E2A4B}" = protocol=58 | dir=in | [email protected],-28545 |
"{A8DD0AD3-938E-4E32-8758-6BE861977A22}" = protocol=6 | dir=in | app=d:\steamlibrary\steamapps\common\metro last light\metroll.exe |
"{AA19AC20-7256-459B-B985-60DA2F181D99}" = protocol=17 | dir=in | app=d:\steamlibrary\steamapps\common\metro last light\metroll.exe |
"{AA3A720F-C8D2-454C-8AF3-3E224CBCD9E8}" = protocol=17 | dir=in | app=c:\steamgames\steamapps\common\the witcher 2\launcher.exe |
"{ABFD7BDE-C15D-4973-A164-0301DF6EB965}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3147\agent.exe |
"{ABFF6956-F588-4117-B4E3-14CC6C2B6FC1}" = protocol=6 | dir=in | app=c:\steamgames\steamapps\common\hacker evolution duality\hacker evolution duality.exe |
"{ACBBFF12-48AF-4EB3-B25C-A19C69DB150C}" = protocol=17 | dir=in | app=c:\steamgames\steamapps\common\hacker evolution duality\hacker evolution duality.exe |
"{AE44616E-76D2-4E4D-8B23-031FE97E1B8F}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3109\agent.exe |
"{AE4747DF-F492-42A2-975C-445AB3F028F8}" = protocol=6 | dir=in | app=c:\steamgames\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe |
"{AFBC795D-0EE2-43BB-8232-51CA2F78E47E}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3147\agent.exe |
"{B02DD154-CEDB-4660-85F2-92AC60148C26}" = protocol=6 | dir=in | app=c:\program files (x86)\cain\cain.exe |
"{B116169B-3F66-4BFF-A9FE-20D20DDE5868}" = protocol=6 | dir=in | app=c:\steamgames\steamapps\common\7 days to die\7daystodie.exe |
"{B27738BD-6FCA-4066-B5F9-5B660D23DD55}" = protocol=6 | dir=in | app=c:\steamgames\steamapps\common\alan wake\alanwake.exe |
"{B35CDED5-6544-4C08-8F41-DFAE697539B8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B3FDF346-2142-4CF5-BA6D-25EC57CC44E8}" = protocol=6 | dir=in | app=c:\steamgames\steamapps\common\state of decay\stateofdecay.exe |
"{B4113C8E-D167-43A8-AB72-0B9C0B7187B0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B616B675-1E4F-4A46-9E1E-C848B4C13BC7}" = protocol=17 | dir=in | app=c:\steamgames\steamapps\common\battleblock theater\battleblocktheater.exe |
"{BA03E4B6-1B2F-477B-A0BE-DDBB33C9214A}" = protocol=6 | dir=in | app=d:\steamlibrary\steamapps\common\fear2\fear2.exe |
"{BA62C973-7F48-4546-8D83-46B8552B8F3F}" = protocol=6 | dir=in | app=c:\steamgames\steamapps\common\planet explorers\pe_launcher.exe |
"{BA675D71-399C-4633-B6CB-7857BDA70789}" = protocol=17 | dir=in | app=c:\steamgames\steamapps\common\planetside 2\launchpad.exe |
"{BC34A65D-97FB-4D87-B1B1-FB8831261FA3}" = protocol=6 | dir=in | app=c:\steamgames\steamapps\common\sonic generations\sonicgenerations.exe |
"{BD3E1B7E-6DE5-41E4-98E6-3033722626AE}" = protocol=17 | dir=in | app=d:\steamlibrary\steamapps\common\divinity - original sin\shipping\eocapp.exe |
"{BE433809-FD91-4842-82FC-14D72263B143}" = protocol=6 | dir=in | app=c:\steamgames\steamapps\common\hacker evolution untold\hacker evolution mod editor.exe |
"{C0B08B04-6930-427D-A5BC-6F3DC1CF7EE6}" = protocol=6 | dir=out | app=system |
"{C14D1ADA-7178-4F49-9545-A284A0F84207}" = protocol=17 | dir=in | app=c:\steamgames\steamapps\common\hacker evolution untold\hacker evolution mod editor.exe |
"{C40EE0CB-5997-4AD9-ADBF-BD25C5E4479C}" = protocol=6 | dir=in | app=d:\steamlibrary\steamapps\common\hammerwatch\editor\hammereditor.exe |
"{C4A52039-F279-4BD7-BE01-5E264D401B2B}" = protocol=6 | dir=in | app=c:\steamgames\steamapps\common\saints row iv\saintsrowiv.exe |
"{C52FD960-0165-4692-B6AA-46DE8DAFC129}" = protocol=17 | dir=in | app=c:\steamgames\steamapps\common\knights of pen and paper\knightspp.exe |
"{C5E3B5DA-0B93-467C-9C01-7F30E90589E8}" = protocol=6 | dir=in | app=c:\steamgames\steamapps\common\planetside 2\launchpad.exe |
"{C5FC2114-1556-40F2-B0A8-E16614FAC823}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2880\agent.exe |
"{C6D8BE1E-E41C-4526-BFD1-EBB98309D02F}" = protocol=6 | dir=in | app=c:\steamgames\steamapps\common\saints row the third\saintsrowthethird_dx11.exe |
"{C763EBDA-0F4F-4D6D-8B95-BDDD37D34811}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe |
"{C8442E92-AB55-4FB0-BF80-D64C218DF89A}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3182\agent.exe |
"{CA96393B-1547-445A-8840-F743D193C0E6}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe |
"{CDC82A22-CDFD-4F25-ABFF-27B9B0E9E538}" = dir=out | app=%programfiles% (x86)\cain\cain.exe |
"{CEC99141-77B2-4FF7-B1D6-A8D8E0A0804C}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{D11D9B14-B308-4600-9CCF-5C73C0CF129A}" = protocol=17 | dir=in | app=d:\steamlibrary\steam.exe |
"{D1970EE1-DEA5-494D-8659-4C147BC6B35E}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max 2015\nvidia\satellite\raysat_3dsmax2015_64server.exe |
"{D4F04933-E06B-4FE1-ABDD-8D16991B10BC}" = protocol=6 | dir=in | app=c:\steamgames\steamapps\common\knights of pen and paper\knightspp.exe |
"{D6A69BB1-C0D2-4A9F-8BA4-F7783A2B2D04}" = protocol=17 | dir=in | app=c:\steamgames\steamapps\common\hotline_miami\hotlinemiami.exe |
"{D6C999DC-FCEC-4515-9FA7-FC9DE97D1EA3}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\games\watch_dogs\bin\watch_dogs.exe |
"{DB78701F-6739-43D7-8317-03CE5C46E709}" = protocol=6 | dir=in | app=c:\steamgames\steamapps\common\counter-strike source\hl2.exe |
"{DCA4BC96-BA2F-4332-ADA5-A41F74CC9084}" = protocol=6 | dir=in | app=c:\steamgames\steamapps\common\borderlands 2\binaries\win32\launcher.exe |
"{DF12EE1D-BA7C-4FA1-AE3B-33943E9C3080}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max 2015\nvidia\satellite\raysat_3dsmax2015_64.exe |
"{DFA256CF-BFB3-44C6-A40B-2EE89463715D}" = protocol=17 | dir=in | app=d:\steamlibrary\steamapps\common\dark souls ii\game\darksoulsii.exe |
"{E2ECD60A-8D5E-4F21-AB4B-836FBB599169}" = protocol=17 | dir=in | app=d:\games\battlefield 4\bf4.exe |
"{E418A7AF-C4CF-438F-B642-C5C20E5F4AA5}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{E47D1422-BB89-4C53-A48A-B2008C674CDA}" = protocol=17 | dir=in | app=d:\steamlibrary\steamapps\common\dark souls ii\game\darksoulsii.exe |
"{E5000B51-A131-470C-A6ED-92596CF5708B}" = protocol=17 | dir=in | app=d:\steamlibrary\steamapps\common\garrysmod\hl2.exe |
"{E5452A1D-2EF5-4CD7-A9F2-C7D6E13A9BBF}" = protocol=17 | dir=in | app=c:\steamgames\steamapps\common\fallout 3 goty\falloutlauncher.exe |
"{E722DCF9-91B1-4060-ADD6-98912DA937F4}" = protocol=6 | dir=in | app=c:\steamgames\steamapps\common\battleblock theater\battleblocktheater.exe |
"{EAF6D153-8F8C-443A-B0B2-44A2F3CF1C73}" = protocol=6 | dir=in | app=c:\steamgames\steamapps\common\rpgvxace\rpgvxace.exe |
"{ECF22D7C-72D8-4CF8-9768-F4C268B19A8B}" = protocol=6 | dir=in | app=c:\program files (x86)\battle.net\battle.net.exe |
"{ED98EA1A-3CD9-40E4-8605-4B5F3C0F8A4B}" = protocol=17 | dir=in | app=c:\steamgames\steamapps\common\sonic generations\configurationtool.exe |
"{EDF37B58-EE31-4F96-AAC5-BCAC225573AF}" = protocol=17 | dir=in | app=c:\steamgames\steamapps\common\7 days to die\7daystodie.exe |
"{EF530557-7301-4730-B27E-B22A0D3000C7}" = protocol=17 | dir=in | app=c:\steamgames\steamapps\common\pixel piracy\pixelpiracy.exe |
"{F0F253C1-04FB-4A3C-B372-36FFD7E491F5}" = protocol=6 | dir=in | app=c:\steamgames\steamapps\common\sonic generations\configurationtool.exe |
"{F1BB6390-91E2-48BD-A077-3781FC6BED11}" = protocol=17 | dir=in | app=d:\steamlibrary\steamapps\common\dont_starve\bin\dontstarve_steam.exe |
"{F3C4586A-E87D-431C-BD0D-C83E2F63F4DF}" = protocol=17 | dir=in | app=c:\steamgames\steamapps\common\planet explorers\pe_launcher.exe |
"{F4CFCCA6-78CF-45EF-9DA9-03BC793567D1}" = protocol=6 | dir=in | app=c:\steamgames\steamapps\common\left 4 dead 2\left4dead2.exe |
"{F4FA8244-87BE-46FE-AE69-9CC98259070A}" = protocol=17 | dir=in | app=d:\steamlibrary\steamapps\common\trine 2\trine2_launcher.exe |
"{F56EAFD0-10AF-4373-A340-7137A232FA78}" = protocol=6 | dir=in | app=c:\steamgames\steamapps\common\banished\application-steam-x64.exe |
"{F5C12F46-B668-416B-B6E5-73BF64D21812}" = protocol=17 | dir=in | app=c:\steamgames\steamapps\common\infested planet\infestedplanet.exe |
"{F6E7DF2E-A52E-4E33-9303-8831C624A0EC}" = protocol=17 | dir=in | app=c:\steamgames\steamapps\common\blade symphony\berimbau.exe |
"{F8816491-C17D-4870-894E-01C8ECC0C2CF}" = protocol=17 | dir=in | app=d:\steamlibrary\steamapps\common\metro last light\metroll.exe |
"{FA6135AE-6B13-47DA-81C2-443058ED63FB}" = protocol=6 | dir=in | app=d:\steamlibrary\steamapps\common\dark souls ii\game\darksoulsii.exe |
"{FDFE9707-16A9-480A-A1D3-E013123B7579}" = protocol=17 | dir=in | app=c:\steamgames\steamapps\common\counter-strike global offensive\csgo.exe |
"{FEB62C07-3664-4590-874D-D896260E4E1C}" = protocol=1 | dir=in | [email protected],-28543 |
"TCP Query User{003E8ACE-BF01-4DE1-8310-990776CD7397}C:\steamgames\steamapps\common\chivalrymedievalwarfare\binaries\win64\cmw.exe" = protocol=6 | dir=in | app=c:\steamgames\steamapps\common\chivalrymedievalwarfare\binaries\win64\cmw.exe |
"TCP Query User{06FE8429-DB08-469C-9ADD-1CB6199CA853}C:\steamgames\steamapps\common\the witcher 2\bin\witcher2.exe" = protocol=6 | dir=in | app=c:\steamgames\steamapps\common\the witcher 2\bin\witcher2.exe |
"TCP Query User{0B109632-2B5F-4917-ABEF-423A968ADF27}C:\nexon\vindictus eu\en-eu\vindictus.exe" = protocol=6 | dir=in | app=c:\nexon\vindictus eu\en-eu\vindictus.exe |
"TCP Query User{1A3DA7A9-AEDB-47BE-90EE-E8C9CA818A74}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe |
"TCP Query User{3AB6C66D-6B54-451A-A986-DCA93C45CF07}C:\users\<myname>\appdata\local\temp\gw2.exe" = protocol=6 | dir=in | app=c:\users\<myname>\appdata\local\temp\gw2.exe |
"TCP Query User{43C4C0DE-25DF-4485-B6D9-C60923055665}C:\users\<myname>\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\<myname>\appdata\local\akamai\netsession_win.exe |
"TCP Query User{4F0ACCA6-6C32-4FFF-89D0-8A65ED9C06E0}C:\steamgames\steamapps\common\planet explorers\pe_client.exe" = protocol=6 | dir=in | app=c:\steamgames\steamapps\common\planet explorers\pe_client.exe |
"TCP Query User{5E176DA4-5FA9-4243-ABE0-3676491C82FB}D:\steamlibrary\steamapps\common\metro last light\metrollbenchmark.exe" = protocol=6 | dir=in | app=d:\steamlibrary\steamapps\common\metro last light\metrollbenchmark.exe |
"TCP Query User{67404D6D-8E94-4B1F-BE5C-9F516EB9AC7A}C:\program files (x86)\wolfenstein the new order\wolfneworder_x64.exe" = protocol=6 | dir=in | app=c:\program files (x86)\wolfenstein the new order\wolfneworder_x64.exe |
"TCP Query User{6C09DB33-DA62-47DA-AB91-143DBB58156F}C:\steamgames\steamapps\common\cryptic studios\neverwinter\live\gameclient.exe" = protocol=6 | dir=in | app=c:\steamgames\steamapps\common\cryptic studios\neverwinter\live\gameclient.exe |
"TCP Query User{6F77A675-2822-4DF0-BCC2-33F955445CF3}C:\users\<myname>\desktop\cryengine sdk\bin64\editor.exe" = protocol=6 | dir=in | app=c:\users\<myname>\desktop\cryengine sdk\bin64\editor.exe |
"TCP Query User{766A5ABD-3BA1-4DBA-A753-B5735838DC65}C:\program files (x86)\tera\tera-launcher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tera\tera-launcher.exe |
"TCP Query User{84007840-57AD-48D8-B845-578322B1D13A}C:\program files\java\jre8\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre8\bin\javaw.exe |
"TCP Query User{ADFBDF08-DF6D-4030-91D9-18E45D9BCCFE}C:\steamgames\steamapps\common\dayz\dayz.exe" = protocol=6 | dir=in | app=c:\steamgames\steamapps\common\dayz\dayz.exe |
"TCP Query User{BD3B68F0-C8DB-4E5E-A9D8-1CFE49A2FC1F}C:\steamgames\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe" = protocol=6 | dir=in | app=c:\steamgames\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
"TCP Query User{D301212C-217B-4E39-B71D-C91D9F0D3ECB}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe |
"TCP Query User{DF14CB20-38F5-47CC-B815-0C38FA7D04F6}C:\users\<myname>\appdata\local\id software\quakelive\quakelive.exe" = protocol=6 | dir=in | app=c:\users\<myname>\appdata\local\id software\quakelive\quakelive.exe |
"TCP Query User{F403E9BA-7A9B-4E98-967B-E7FF3912170D}C:\program files (x86)\cain\cain.exe" = protocol=6 | dir=in | app=c:\program files (x86)\cain\cain.exe |
"TCP Query User{FF799C51-30BF-48C4-9293-06D5464F86E6}C:\users\<myname>\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\<myname>\appdata\local\akamai\netsession_win.exe |
"UDP Query User{00E33D2C-2203-49CF-BF7D-2A6A808D96CB}C:\users\<myname>\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\<myname>\appdata\local\akamai\netsession_win.exe |
"UDP Query User{09132053-3DF3-4CFB-B37C-DAF76CEFB97A}C:\steamgames\steamapps\common\chivalrymedievalwarfare\binaries\win64\cmw.exe" = protocol=17 | dir=in | app=c:\steamgames\steamapps\common\chivalrymedievalwarfare\binaries\win64\cmw.exe |
"UDP Query User{1F7E5F48-A416-4DB4-AC99-4E09787B5EC4}C:\program files (x86)\tera\tera-launcher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tera\tera-launcher.exe |
"UDP Query User{22A6D2BF-3E4F-44B8-A74C-726A0EAA71A6}C:\program files (x86)\wolfenstein the new order\wolfneworder_x64.exe" = protocol=17 | dir=in | app=c:\program files (x86)\wolfenstein the new order\wolfneworder_x64.exe |
"UDP Query User{26718CAC-7201-4A62-BF59-1181316C0009}C:\steamgames\steamapps\common\the witcher 2\bin\witcher2.exe" = protocol=17 | dir=in | app=c:\steamgames\steamapps\common\the witcher 2\bin\witcher2.exe |
"UDP Query User{2C0460B1-D87E-4D0A-9DA1-2BA7F5A4D18C}C:\steamgames\steamapps\common\dayz\dayz.exe" = protocol=17 | dir=in | app=c:\steamgames\steamapps\common\dayz\dayz.exe |
"UDP Query User{42EFCE90-73C4-4DDB-8ADD-7A62FBB8A235}C:\users\<myname>\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\<myname>\appdata\local\akamai\netsession_win.exe |
"UDP Query User{66D790AE-BA10-41AF-B9DF-367E868A8C06}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe |
"UDP Query User{68325F38-CA99-48B5-9016-49DC7E25BCAC}C:\steamgames\steamapps\common\cryptic studios\neverwinter\live\gameclient.exe" = protocol=17 | dir=in | app=c:\steamgames\steamapps\common\cryptic studios\neverwinter\live\gameclient.exe |
"UDP Query User{77D0AEAA-3E78-4C74-BDDC-6E25397A1B57}C:\program files\java\jre8\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre8\bin\javaw.exe |
"UDP Query User{87101C14-A48F-4C4E-B72F-490AD54BA29E}C:\users\<myname>\appdata\local\temp\gw2.exe" = protocol=17 | dir=in | app=c:\users\<myname>\appdata\local\temp\gw2.exe |
"UDP Query User{9F1D8B59-9675-412D-8A72-9FB3674BC6C9}C:\nexon\vindictus eu\en-eu\vindictus.exe" = protocol=17 | dir=in | app=c:\nexon\vindictus eu\en-eu\vindictus.exe |
"UDP Query User{C28F878A-33E5-4CD2-811D-02F4870D801E}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe |
"UDP Query User{C31C9B91-6F2D-477D-9DA2-14EEC3DF1B66}D:\steamlibrary\steamapps\common\metro last light\metrollbenchmark.exe" = protocol=17 | dir=in | app=d:\steamlibrary\steamapps\common\metro last light\metrollbenchmark.exe |
"UDP Query User{D4047A8B-9638-4704-B08E-A69C2B3058AD}C:\users\<myname>\desktop\cryengine sdk\bin64\editor.exe" = protocol=17 | dir=in | app=c:\users\<myname>\desktop\cryengine sdk\bin64\editor.exe |
"UDP Query User{DD8E2DB4-2DF2-48B3-9979-236B7B11D0F7}C:\steamgames\steamapps\common\planet explorers\pe_client.exe" = protocol=17 | dir=in | app=c:\steamgames\steamapps\common\planet explorers\pe_client.exe |
"UDP Query User{E75273BD-875A-4BAD-8DFF-2B14DFD2DAD8}C:\users\<myname>\appdata\local\id software\quakelive\quakelive.exe" = protocol=17 | dir=in | app=c:\users\<myname>\appdata\local\id software\quakelive\quakelive.exe |
"UDP Query User{EA23C0BE-DCFA-443C-8B8E-6637FD6D96BD}C:\steamgames\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe" = protocol=17 | dir=in | app=c:\steamgames\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
"UDP Query User{FEE0BB0C-1DDF-4057-A901-F6C9E6BF1573}C:\program files (x86)\cain\cain.exe" = protocol=17 | dir=in | app=c:\program files (x86)\cain\cain.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp 1.0 RC6
"{0BB716E0-1500-0610-0000-097DC2F354DF}" = Autodesk Revit Interoperability for 3ds Max 2015
"{13C9CD03-A5FE-4F50-AC8A-17B77C38CC52}" = Microsoft SQL Server 2012 Transact-SQL ScriptDom
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{23C9ED7C-CB64-45FE-A7EA-1BA666F5589D}" = Autodesk DirectConnect 2015 64-bit
"{24C3AEE0-4BCE-3190-8EE0-BBA0BF72CAC1}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{26A24AE4-039D-4CA4-87B4-2F86418005FF}" = Java 8 Update 5 (64-bit)
"{27EF252D-800C-ED42-9904-459FE0046225}" = Windows Software Development Kit for Windows Store Apps DirectX x64 Remote
"{28D85F24-B685-3364-BB7C-284C88C2FFE5}" = Microsoft Visual Studio Team Foundation Server 2012 Storyboarding
"{2B997E80-3BEC-3222-9114-98DBE1182B2E}" = Microsoft Visual C++ 2012 x64 Debug Runtime - 11.0.50727
"{30C8A133-BD06-35FF-9DCC-DD05E9F7C0B0}" = Visual Studio 2012 Prerequisites - DEU Language Pack
"{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy Gamepad tool 0.7.1001
"{36E619BC-A234-4EC3-849B-779A7C865A45}" = Microsoft SQL Server 2012 Data-Tier App Framework
"{37B8F9C7-03FB-3253-8781-2517C99D7C00}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030
"{3FA063D7-EDC1-AFA8-54AF-0563C7DEE070}" = Windows App Certification Kit Native Components
"{485F4AC6-F79E-4482-A0D2-EDF0CCE1E124}" = Microsoft SQL Server System CLR Types (x64)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{52B37EC7-D836-0410-0264-3C24BCED2010}" = Autodesk 3ds Max 2015
"{55FABD1D-8BE6-4A1A-958D-52B15F1DFEF0}" = Microsoft SQL Server 2012 Transact-SQL Compiler Service
"{572E796D-C52B-3797-A685-2FB6F895D4BE}" = Microsoft Visual Studio 2010 Office Developer Tools (x64)
"{57E92DED-DC6C-41E5-B9E1-76D83BD2EABE}" = Autodesk 3ds Max 2015 Populate Data
"{5FB4C443-6BD6-1514-2717-3827D65AE6FB}" = Windows Software Development Kit DirectX x64 Remote
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{61862D7C-CDBC-48D5-8AE1-3B8BD1E23BC5}" = Visual Studio 2012 Prerequisites
"{6472F9D8-9116-3889-A4F7-61544A752CE3}" = Microsoft Visual Studio Team Foundation Server 2012 Storyboarding Language Pack - DEU
"{64A5D39C-95CD-4B8B-B2FA-6C713133B57F}" = Microsoft-System-CLR-Typen für SQL Server 2012 (x64)
"{64B4B85C-B500-3FF6-A954-ED4ACCFCB519}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 3.0.7
"{6AAF4427-3039-4C8A-BE53-D6F01C21AD46}" = Microsoft Visual Studio 2012 IntelliTrace Core amd64
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6F07A6C2-9068-3673-A120-DC10012468C6}" = Microsoft Visual Studio Team Foundation Server 2012 Object Model
"{71E75F05-930E-41BA-BDBC-15E3134DD45B}" = Yamaha USB-MIDI Driver
"{72EF03F5-0507-4861-9A44-D99FD4C41418}" = Paint.NET v3.5.11
"{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}" = IIS 8.0 Express
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8DD94059-60C6-42E3-AB59-8F37445ACC79}" = Oracle VM VirtualBox 4.3.14
"{8E4BA1E5-54E8-41F0-919B-CD875B83CFCE}" = Microsoft SQL Server 2012 Native Client
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{9167CA34-4E48-49E3-8892-3C439739D2D3}" = Autodesk Inventor Server Engine for 3ds Max 2015
"{929FBD26-9020-399B-9A7A-751D61F0B942}" = Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031" = Microsoft .NET Framework 4.5.1 (Deutsch)
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{98225B15-ECF5-4645-B5AC-F8C5E869A5D5}" = Microsoft SQL Server Compact 4.0 SP1 x64 DEU
"{9910B791-30D3-419C-B39E-4974206931A9}" = Microsoft Visual Studio 2012-Leistungserfassungstools - DEU
"{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb" = IIS Express Application Compatibility Database for x64
"{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
"{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}" = Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
"{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
"{AD49BD4B-6CEE-4EA2-B53E-8EB0606F1B11}" = Microsoft SQL Server 2012 Command Line Utilities
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 337.88
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 337.88
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 2.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 14.6.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.LEDVisualizer" = NVIDIA LED Visualizer 1.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.30.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Network.Service" = NVIDIA Network Service
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay" = NVIDIA ShadowPlay 14.6.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core" = NVIDIA Update Core
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.23
"{C36B3AE4-FCFE-4A0A-AA3D-71E1A51C1F16}" = GeekBuddy
"{C513739C-5F16-37B5-9ACF-99925FF1C1F3}" = Microsoft .NET Framework 4.5.1 (DEU)
"{C77B266C-A228-3952-981A-3C23D7D614A5}" = Microsoft Visual Studio 2010 Office Developer Tools (x64) Language Pack - DEU
"{C8400C5F-04A8-3B74-B247-B0F2CEA8A907}" = Microsoft Visual C++ 2012 x64 Designtime - 11.0.50727
"{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D2D31A07-C2A1-4672-8EF7-469BEDAFD80C}" = Microsoft Visual Studio 2012 IntelliTraceLoc
"{D32EF4F9-1506-434E-A813-3D4C0AA50300}" = COMODO Firewall
"{D4DA7C91-A59F-4C72-BAC4-DF7C76AB1CB8}" = Microsoft SQL Server 2012 Management Objects (x64)
"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database
"{E2B8249D-895C-4685-8C83-00F3B1A13028}" = Microsoft Web Platform Installer 4.0
"{E890076A-6721-4145-B9C4-B4AACFDE6830}" = Microsoft Visual Studio 2012-Leistungserfassungstools
"{ED1EBD88-D341-321A-BB22-52D7E703E316}" = Microsoft Visual Studio Team Foundation Server 2012 Object Model Language Pack - DEU
"{EF18EF0F-96D3-4A6B-9600-2197F1720A15}" = Microsoft SQL Server 2012 Express LocalDB
"{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb" = IIS Express Application Compatibility Database for x86
"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
"Autodesk 3ds Max 2015" = Autodesk 3ds Max 2015
"Autodesk DirectConnect 2015 64-bit" = Autodesk DirectConnect 2015 64-bit
"Autodesk Revit Interoperability for 3ds Max 2015" = Autodesk Revit Interoperability for 3ds Max 2015
"CCleaner" = CCleaner
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.69.2
"jdownloader2" = JDownloader 2
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"VLC media player" = VLC media player 2.1.3
"WinRAR archiver" = WinRAR 4.00 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00EC8ABC-3C5A-40F8-A8CB-E7DCD5ABFA05}" = Microsoft NuGet - Visual Studio 2012
"{014A2868-BE56-4888-A16C-693989B8F153}" = SlimDX Runtime .NET 2.0 (January 2012)
"{02213A81-CB13-7262-5ABE-1FFA2C75559F}" = Windows App Certification Kit x64
"{046806D1-0A38-3FCA-AF84-F71C50A0C363}" = Microsoft Visual Studio Premium 2012
"{07AC2D83-E795-4AD5-970D-B9BD14A1E411}" = Microsoft ASP.NET MVC 3 - DEU
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{093C9565-E907-4ED8-8201-4C1DD25D34DF}" = Devenv-Ressourcen für Microsoft Visual Studio 2012
"{094D6E27-97CC-447E-8660-56F75CFC1E00}" = Entity Framework Designer für Visual Studio 2012 - DEU
"{0bc17680-a2d9-42c0-9c26-0b8ecac2b473}" = Microsoft Visual Studio Ultimate 2012
"{0BCC836F-0B28-4090-B58A-64883BAA3B2F}" = WCF Data Services 5.0 (for OData v3) Primary Components
"{0EEB6DAC-32D5-4D1A-B795-7023D6AB9F13}" = Blend for Visual Studio 2012 DEU resources
"{134D97F4-0ECC-4630-9D2C-3D98BFA5848F}" = Microsoft Visual Studio 2012 IntelliTraceFrontEndLoc
"{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}" = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
"{13BD574A-7F41-420A-B486-7A2D4CEB7F3B}" = Tools for .Net 3.5 - DEU Lang Pack
"{148878BD-A2A5-4CF1-A103-2BA632F41953}" = WCF Data Services Tools for Microsoft Visual Studio 2012
"{15134cb0-b767-4960-a911-f2d16ae54797}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
"{1690CE56-2231-4E59-9006-A0876D949EA8}" = Tools for .Net 3.5
"{176CAA79-B214-415A-8BA5-AF5443084F29}" = 3D少女カスタムエボリューション
"{1948E039-EC79-4591-951D-9867A8C14C90}" = Microsoft .NET Framework 4.5 SDK
"{1A380874-CB58-480D-9806-06C092C12921}" = Microsoft Visual Studio 2012 IntelliTraceLoc
"{1C163D33-33B3-33EB-A617-0D4D852BE8E1}" = Microsoft Visual C++ 2012 x86 Debug Runtime - 11.0.50727
"{1DB43E5A-2F24-4F51-92B0-A2C0EBF5C742}" = Microsoft Report Viewer Add-On for Visual Studio 2012
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F8E06E2-BA93-40DC-B183-E024CBD853A8}" = Microsoft Visual C++ 2012 Compilers
"{22154f09-719a-4619-bb71-5b3356999fbf}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
"{23176E97-26CB-C72A-19EB-BFB21AC1D15A}" = Windows Software Development Kit DirectX x86 Remote
"{26A24AE4-039D-4CA4-87B4-2F03217060FF}" = Java 7 Update 60
"{28C7A4BB-3966-4373-8376-C11F38290630}" = Microsoft SQL Server 2012 T-SQL Language Service
"{29675C9D-025B-43F2-BFEB-D5FADE06770F}" = Microsoft Visual Studio 2012-Vorbereitung
"{2B231D3B-39B5-301A-9891-0847433885BC}" = Microsoft Visual Studio 2012 SharePoint Developer Tools DEU Language Pack
"{2C76E3DA-BA76-4FAD-B1B1-72B46D639028}" = PreEmptive Analytics Visual Studio Components
"{2CB523DF-A3C2-4A7C-8848-53898F6D6F87}" = PreEmptive Analytics Client German Language Pack
"{2E295B5B-1AD4-4d36-97C2-A316084722CF}" = Python 2.7.2
"{2ED1FE3E-B0C5-3990-A966-3B3999F63B38}" = Microsoft Visual C++ 2012 Microsoft Foundation Class Libraries
"{2F6CE32A-018D-4656-895B-9E5E20D7740A}" = Microsoft ASP.NET MVC 3 - Visual Studio 2012 Tools Update
"{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
"{3226C9CF-31C7-4FF4-8F41-D5A65795EE80}" = Microsoft ASP.NET MVC 4 Runtime - DEU
"{32AA0D69-0E45-4331-A435-74716E4EA0AC}" = Microsoft ASP.NET Web Pages - Visual Studio 2012 Tools - DEU
"{330E5D98-20D2-4CA4-AE51-FCB8AA80F634}" = Microsoft Visual Studio 2012 Devenv
"{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
"{372D17F6-A54E-4A01-B264-1314890FFE61}" = Dotfuscator and Analytics Community Edition
"{394BE3D9-7F57-4638-A8D1-1D88671913B7}" = piaip AppLocale
"{3A523AF9-D32F-4C85-8388-0335731F3405}" = WCF RIA Services V1.0 SP2
"{3E24A4D9-7CA0-378E-A9EB-74A20A496F6E}" = Microsoft LightSwitch für Visual Studio 2012 CoreRes - DEU
"{3FB583E8-0964-4421-847C-5FA285611C69}" = Microsoft ASP.NET MVC 4 - Visual Studio 2012 Tools - DEU
"{427F733F-4D6C-45BC-9324-EB743104C321}" = Autodesk Material Library 2015
"{42F61556-29ED-8122-F39E-6F04EA5FF279}" = Windows Software Development Kit for Windows Store Apps DirectX x86 Remote
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C0B27C3-3E8F-4BD2-80FF-6E9E48EBD6D8}" = Microsoft-System-CLR-Typen für SQL Server 2012
"{57D782D7-49FD-48DE-AB47-A690A1519A2D}" = Microsoft ASP.NET Web Pages 2 - Visual Studio 2012 Tools
"{57F20F04-014D-453F-B6A3-AE9485C4DFAB}" = Blend for Visual Studio 2012
"{59D87F40-6C4B-4F80-A42B-FAA0E6EAFAB6}" = Microsoft ASP.NET MVC 4 - Visual Studio 2012 Tools
"{59E4543A-D49D-4489-B445-473D763C79AF}" = Microsoft Games for Windows - LIVE Redistributable
"{5CBFF3F3-2D40-34EE-BCA5-A95BC19E400D}" = Microsoft .NET Framework 4.5 Multi-Targeting Pack
"{60D5EF2A-4E0C-2C30-38F6-59C26E134F4A}" = Windows Software Development Kit
"{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}" = Microsoft ASP.NET Web Pages
"{6B5FEDC9-AC82-4F3F-AA55-F21881802F56}" = WCF Data Services 5.0 (for OData v3) DEU Language Pack
"{6B7B7E62-9F56-4C87-8664-0E20F2CAB03B}" = Microsoft SQL Server 2012 Management Objects
"{6DAB46E3-D017-3E2B-85D8-F57A230384C0}" = Microsoft Visual Studio Team Foundation Server 2012 Team Explorer
"{6F066545-40A2-4C38-A8F7-78581CC5C442}" = Microsoft ASP.NET Web Pages - Visual Studio 2012 Tools
"{70D065C3-77E5-45E9-A75C-EEB2E84EA869}" = Erforderliche Komponenten für SSDT
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{731C183B-86A0-3442-BE55-68A7C92581E9}" = Microsoft Visual C++ 2012 Extended Libraries
"{7437A4B9-314F-3B8F-827B-22909146E471}" = Microsoft LightSwitch for Visual Studio 2012 Core
"{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.16
"{7B5AA67E-FEA0-40BB-BAB5-CA56645A589C}" = NVIDIA PhysX
"{7f51bdb9-ee21-49ee-94d6-90afc321780e}" = Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005
"{80054F6B-11DA-40F6-8306-F9AB2F9074EB}" = Microsoft Visual Studio 2012 Tools für SQL Server Compact 4.0 SP1 DEU
"{800F484E-9D69-492D-B656-7BAA32586142}" = Microsoft Visual Studio 2012 Shell (Minimum)
"{820C677A-41B2-48C3-8136-FEE35A052E73}" = Microsoft Visual Studio 2012 Shell (Minimum) Interop Assemblies
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84AEB93A-ECBB-4568-8F59-D4516EF59079}" = Skyrim Performance Monitor
"{86756584-C41A-4CA3-B42D-4768C7720F56}" = Microsoft Web Deploy dbSqlPackage Provider - DEU
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89B4532E-19CE-4FA9-9692-10BFD5A38532}" = Visual Studio Extensions for Windows Library for JavaScript
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A79E320-5BCA-4A0F-A83B-D2D9783C7D53}" = Microsoft Visual C++ 2012 Compilers - DEU Resources
"{8BAB88C4-5024-3236-84B5-115054CD32B3}" = Microsoft Visual Studio Team Foundation Server 2012 Team Explorer Language Pack - DEU
"{8BF20A72-0286-4E87-B071-E33D4B43DA97}" = Microsoft Report Viewer Add-On für Visual Studio 2012
"{8C5F38D2-8EFE-49A4-B3F5-BF3210FED168}" = Autodesk Backburner 2015
"{8EA792A5-38AA-4F0E-8DFE-D1BAF1145431}" = Microsoft Silverlight 4 SDK - Deutsch
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90849941-4C23-3054-B575-3833700DF788}" = Microsoft Help Viewer 2.0 Language Pack - DEU
"{9143B17E-BBDE-4EA7-A4E3-20D384D9C8A5}_is1" = HF pAppLoc version 1.1.1
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{93489CA8-6656-33A0-A5AC-E0EDEDB17C3E}" = Microsoft Visual Studio Professional 2012
"{938526B1-772C-45E3-813A-2E15048DE74E}" = Dotfuscator and Analytics Community Edition Language Pack
"{93EEC4E9-EEFE-4027-ACD3-6E8C1D085975}" = Microsoft ASP.NET Web Pages - DEU
"{942CC691-5B98-42A3-8BC5-A246BA69D983}" = Microsoft ASP.NET MVC 4 Runtime
"{95716cce-fc71-413f-8ad5-56c2892d4b3a}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
"{965EC534-B751-46E2-BB44-4653A33DD5CC}" = Microsoft Web Developer Tools - Visual Studio 2012 - DEU
"{98B45D1C-6EB1-460D-A87D-2B60678DC105}" = Microsoft .NET Framework 4.5 SDK - DEU Lang Pack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CE13D8B-6288-4A2C-99D2-414D77B9A830}" = WCF Data Services Tools for Visual Studio 11 DEU Language Pack
"{9F6466D9-6EFC-4A10-B931-C72D1A3F1763}" = Autodesk Material Library Medium Resolution Image Library 2015
"{a1909659-0a08-4554-8af1-2175904903a1}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
"{A2F166A0-F031-4E27-A057-C69733219434}_is1" = TERA
"{A3A6D5EA-B6B5-3C05-BDA8-EAB99C09CDDC}" = Microsoft Visual Studio 2012 SharePoint Developer Tools
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAC80D3B-9F42-4E52-8357-7CB4A3EC7B80}" = Microsoft ASP.NET Web Pages 2 Runtime - DEU
"{AB639FD7-CC4E-E5BB-8951-D852ABB56D8E}" = LocalESPCui for de-de
"{ABADE36E-EC37-413B-8179-B432AD3FACE7}" = Battlefield 4™
"{ABE2F70B-8D94-44E9-AA04-F0DB35063D62}" = Autodesk Material Library Base Resolution Image Library 2015
"{AD1AEE2A-D9C0-3FAC-8D6B-B5E07B47257B}" = Microsoft Visual C++ 2012 Core Libraries
"{B175520C-86A2-35A7-8619-86DC379688B9}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
"{B1AC00A6-43D2-4F06-92F3-9B01529E5AD5}" = Microsoft ASP.NET Web Pages 2 - Visual Studio 2012 Tools - DEU
"{B33EA6ED-6F46-3BE1-98D2-F43D2A82EE39}" = Microsoft Visual Studio Ultimate 2012 XAML UI Designer deu Resources
"{B3533B84-A8DF-4A7A-8E95-B15F08B26E96}" = Microsoft Visual Studio 2012 IntelliTrace Core x86
"{B96FCD4F-6EDD-4258-8A6D-0FCEA8445E3E}" = Microsoft Web Developer Tools - Visual Studio 2012
"{BD87E147-2948-4E49-9FD9-890A4AE4300A}" = Microsoft Visual Studio 2012 Shell-(Mindest)-Ressourcen
"{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
"{BDBE5D2A-AAB7-77BD-7A0E-5006665CE7C6}" = LocalESPC
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C1BE4600-7D15-3D1E-8AA2-B3241DB1D063}" = Microsoft Visual Studio Ultimate 2012 XAML UI Designer Core
"{C4CAD994-6EA2-3121-8352-DA593150B322}" = Microsoft Portable Library Multi-Targeting Pack
"{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
"{ce085a78-074e-4823-8dc1-8a721b94b76d}" = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
"{CEEDB2C4-46BE-4340-BAB9-F30110D9BBB8}" = Microsoft SQL Server Data Tools Build Utilities - DEU (11.1.20627.00)
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D11F66FF-82B3-DDB8-1146-525370552BE1}" = Windows Software Development Kit for Windows Store Apps
"{D3F1C46B-4DAD-439D-B940-E8144DD9B69A}" = Microsoft ASP.NET MVC 3 - Visual Studio 2012 Tools Update - DEU
"{D434E072-F482-4F52-AB97-7B19DD5DAEB5}" = Microsoft SQL Server System CLR Types
"{D971780F-A609-4F78-92AA-B56FBC3955B9}" = Microsoft Visual Studio 2012 IntelliTrace Front End x86
"{DCDEC776-BADD-48B9-8F9A-DFF513C3D7FA}" = Microsoft ASP.NET MVC 3
"{DDC1078D-00E9-CB9D-EA5B-EE695A38D346}" = Windows Runtime Intellisense Content - de-de
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{EA33215B-1391-314B-8752-C4C448304AC5}" = Microsoft Portable Library Multi-Targeting Pack Language Pack - deu
"{ECB0B61B-5F85-3343-AF48-958B74376A94}" = Microsoft Visual Studio Ultimate 2012 - DEU
"{EFA87714-E75A-3BFC-A698-A3AABA5A8A0C}" = Microsoft Visual Studio Ultimate 2012
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F351AA2C-723C-4CFE-A7CB-8E43AB164F7F}" = Microsoft Silverlight 5 SDK - DEU
"{F4FD5690-F64D-34C9-B728-B641DFDFEAE3}" = Microsoft Visual Studio Premium 2012 - DEU
"{F56A0341-F545-3EFB-A7B4-25CD67D04022}" = Microsoft Visual Studio Professional 2012 - DEU
"{F6F1EE45-97E9-48A3-94B2-044B0A3C08D3}" = Microsoft SQL Server Data Tools - DEU (11.1.20627.00)
"{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}" = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
"{FAE99C85-0732-4C58-9C6B-10B5B12FA2E9}" = RuneScape Launcher 1.2.3
"{FBA6F90E-36EC-4FC9-9B25-3834E3BD46A8}" = Microsoft SQL Server 2012 Data-Tier App Framework
"{FBBC8076-BB21-4E06-9FA0-309AEF6E35EE}" = Microsoft ASP.NET Web Pages 2 Runtime
"{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
"{FEB375AB-6EEC-3929-8FAF-188ED81DD8B5}" = Microsoft Help Viewer 2.0
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player Plugin" = Adobe Flash Player 14 Plugin
"Afterburner" = MSI Afterburner 2.3.1
"Autodesk Application Manager" = Autodesk Application Manager
"Avira AntiVir Desktop" = Avira Free Antivirus
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"Battle.net" = Battle.net
"Comodo Dragon" = Comodo Dragon
"comtypes-py2.7" = Python 2.7 comtypes-0.6.2
"Crysis 3_is1" = Crysis 3 Version 1.3
"DAEMON Tools Lite" = DAEMON Tools Lite
"Diablo III" = Diablo III
"DiskCheckup_is1" = DiskCheckup v3.1
"Fraps" = Fraps (remove only)
"Generic Mod Manager_is1" = Fallout Mod Manager 0.13.21
"Google Chrome" = Google Chrome
"Guild Wars 2" = Guild Wars 2
"HDD Health_is1" = HDD Health v4.2
"Hearthstone" = Hearthstone
"InstallShield_{71E75F05-930E-41BA-BDBC-15E3134DD45B}" = Yamaha USB-MIDI Driver
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"LOOT" = LOOT
"Microsoft Help Viewer 2.0" = Microsoft Help Viewer 2.0
"Microsoft Help Viewer 2.0 Language Pack - DEU" = Microsoft Help Viewer 2.0 Language Pack - DEU
"Mozilla Firefox 29.0 (x86 en-US)" = Mozilla Firefox 29.0 (x86 en-US)
"Mozilla Firefox 31.0 (x86 de)" = Mozilla Firefox 31.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MultiBit 0.5.18" = MultiBit 0.5.18
"Notepad++" = Notepad++
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Open Codecs" = Xiph.Org Open Codecs 0.85.17777
"OpenAL" = OpenAL
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"pywin32-py2.7" = Python 2.7 pywin32-216
"RivaTuner" = RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
"Steam App 108600" = Project Zomboid
"Steam App 108710" = Alan Wake
"Steam App 109600" = Neverwinter
"Steam App 200210" = Realm of the Mad God
"Steam App 200370" = A Game of Dwarves
"Steam App 203140" = Hitman: Absolution
"Steam App 204530" = Infested Planet
"Steam App 205610" = Port Royale 3
"Steam App 206420" = Saints Row IV
"Steam App 206440" = To the Moon
"Steam App 20920" = The Witcher 2: Assassins of Kings Enhanced Edition
"Steam App 211820" = Starbound
"Steam App 214830" = Half Minute Hero: Super Mega Neo Climax Ultimate Boy
"Steam App 218230" = PlanetSide 2
"Steam App 219150" = Hotline Miami
"Steam App 219640" = Chivalry: Medieval Warfare
"Steam App 220700" = RPG Maker VX Ace
"Steam App 22370" = Fallout 3 - Game of the Year Edition
"Steam App 224600" = Defiance
"Steam App 225600" = Blade Symphony
"Steam App 230230" = Divinity: Original Sin
"Steam App 231740" = Knights of Pen and Paper +1
"Steam App 233980" = Unepic
"Steam App 235460" = METAL GEAR RISING: REVENGEANCE
"Steam App 237870" = Planet Explorers
"Steam App 238280" = Legend of Dungeon
"Steam App 238460" = BattleBlock Theater
"Steam App 240" = Counter-Strike: Source
"Steam App 241540" = State of Decay
"Steam App 242920" = Banished
"Steam App 251570" = 7 Days to Die
"Steam App 264140" = Pixel Piracy
"Steam App 286160" = Tabletop Simulator
"Steam App 307400" = The Divinity Engine
"Steam App 48700" = Mount & Blade: Warband
"Steam App 4920" = Natural Selection 2
"Steam App 49520" = Borderlands 2
"Steam App 550" = Left 4 Dead 2
"Steam App 55230" = Saints Row: The Third
"Steam App 70100" = Hacker Evolution
"Steam App 70110" = Hacker Evolution - Untold
"Steam App 70120" = Hacker Evolution Duality
"Steam App 71340" = Sonic Generations
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Steam App 730" = Counter-Strike: Global Offensive
"Synthesia" = Synthesia
"TeamViewer 9" = TeamViewer 9
"TechPowerUp GPU-Z" = TechPowerUp GPU-Z
"TrueCrypt" = TrueCrypt
"Uplay" = Uplay
"Uplay Install 274" = Watch_Dogs
"Vindictus EU" = Vindictus EU
"WinPcapInst" = WinPcap 4.1.3
"Wrye Bash" = Wrye Bash
"wxPython2.8-ansi-py27_is1" = wxPython 2.8.12.0 (ansi) for Python 2.7

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"59872f3219e53143" = FB2 to PDF Converter
"Akamai" = Akamai NetSession Interface
"Flux" = f.lux
"JoinMe" = join.me
"uTorrent" = µTorrent

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 23.07.2014 13:40:14 | Computer Name = <myname>-PC | Source = Microsoft-Windows-Defrag | ID = 257
Description =

Error - 24.07.2014 17:28:17 | Computer Name = <myname>-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description =

Error - 25.07.2014 03:39:08 | Computer Name = <myname>-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description =

Error - 25.07.2014 11:23:59 | Computer Name = <myname>-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: EoCApp.exe, Version: 1.0.81.0, Zeitstempel:
0x53c7a40f Name des fehlerhaften Moduls: EoCApp.exe, Version: 1.0.81.0, Zeitstempel:
0x53c7a40f Ausnahmecode: 0xc0000005 Fehleroffset: 0x00007796 ID des fehlerhaften Prozesses:
0x33c Startzeit der fehlerhaften Anwendung: 0x01cfa81c5f77236b Pfad der fehlerhaften
Anwendung: C:\SteamGames\steamapps\common\Divinity - Original Sin\Shipping\EoCApp.exe
Pfad
des fehlerhaften Moduls: C:\SteamGames\steamapps\common\Divinity - Original Sin\Shipping\EoCApp.exe
Berichtskennung:
b2c4b5d7-140f-11e4-8093-d050991146ac

Error - 26.07.2014 04:00:49 | Computer Name = <myname>-PC | Source = Microsoft-Windows-CAPI2 | ID = 257
Description = Vom Kryptografiedienst konnte die Katalogdatenbank nicht initialisiert
werden. "ESENT"-Fehler: -107.

Error - 26.07.2014 04:00:49 | Computer Name = <myname>-PC | Source = Microsoft-Windows-CAPI2 | ID = 257
Description = Vom Kryptografiedienst konnte die Katalogdatenbank nicht initialisiert
werden. "ESENT"-Fehler: -107.

Error - 26.07.2014 04:00:49 | Computer Name = <myname>-PC | Source = Microsoft-Windows-CAPI2 | ID = 257
Description = Vom Kryptografiedienst konnte die Katalogdatenbank nicht initialisiert
werden. "ESENT"-Fehler: -107.

Error - 26.07.2014 04:00:49 | Computer Name = <myname>-PC | Source = Microsoft-Windows-CAPI2 | ID = 257
Description = Vom Kryptografiedienst konnte die Katalogdatenbank nicht initialisiert
werden. "ESENT"-Fehler: -107.

Error - 26.07.2014 04:00:49 | Computer Name = <myname>-PC | Source = Microsoft-Windows-CAPI2 | ID = 257
Description = Vom Kryptografiedienst konnte die Katalogdatenbank nicht initialisiert
werden. "ESENT"-Fehler: -107.

Error - 26.07.2014 04:00:49 | Computer Name = <myname>-PC | Source = Microsoft-Windows-CAPI2 | ID = 257
Description = Vom Kryptografiedienst konnte die Katalogdatenbank nicht initialisiert
werden. "ESENT"-Fehler: -107.

[ Key Management Service Events ]
Error - 21.07.2014 02:10:11 | Computer Name = <myname>-PC | Source = KmsRequests | ID = 902
Description = Der Softwareschutzdienst wurde gestartet. Invalid KMS Hardware ID!
?364F463A8863D35F is not a valid argument.

Error - 21.07.2014 11:24:04 | Computer Name = <myname>-PC | Source = KmsRequests | ID = 902
Description = Der Softwareschutzdienst wurde gestartet. Invalid KMS Hardware ID!
?364F463A8863D35F is not a valid argument.

Error - 22.07.2014 01:56:52 | Computer Name = <myname>-PC | Source = KmsRequests | ID = 902
Description = Der Softwareschutzdienst wurde gestartet. Invalid KMS Hardware ID!
?364F463A8863D35F is not a valid argument.

Error - 22.07.2014 09:13:16 | Computer Name = <myname>-PC | Source = KmsRequests | ID = 902
Description = Der Softwareschutzdienst wurde gestartet. Invalid KMS Hardware ID!
?364F463A8863D35F is not a valid argument.

Error - 23.07.2014 11:12:09 | Computer Name = <myname>-PC | Source = KmsRequests | ID = 902
Description = Der Softwareschutzdienst wurde gestartet. Invalid KMS Hardware ID!
?364F463A8863D35F is not a valid argument.

Error - 24.07.2014 11:13:21 | Computer Name = <myname>-PC | Source = KmsRequests | ID = 902
Description = Der Softwareschutzdienst wurde gestartet. Invalid KMS Hardware ID!
?364F463A8863D35F is not a valid argument.

Error - 25.07.2014 02:52:33 | Computer Name = <myname>-PC | Source = KmsRequests | ID = 902
Description = Der Softwareschutzdienst wurde gestartet. Invalid KMS Hardware ID!
?364F463A8863D35F is not a valid argument.

Error - 26.07.2014 04:00:06 | Computer Name = <myname>-PC | Source = KmsRequests | ID = 902
Description = Der Softwareschutzdienst wurde gestartet. Invalid KMS Hardware ID!
?364F463A8863D35F is not a valid argument.

Error - 26.07.2014 04:02:54 | Computer Name = <myname>-PC | Source = KmsRequests | ID = 902
Description = Der Softwareschutzdienst wurde gestartet. Invalid KMS Hardware ID!
?364F463A8863D35F is not a valid argument.

Error - 27.07.2014 04:31:07 | Computer Name = <myname>-PC | Source = KmsRequests | ID = 902
Description = Der Softwareschutzdienst wurde gestartet. Invalid KMS Hardware ID!
?364F463A8863D35F is not a valid argument.

[ System Events ]
Error - 25.07.2014 06:29:32 | Computer Name = <myname>-PC | Source = volsnap | ID = 393251
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht vergrößert werden kann.

Error - 26.07.2014 04:00:14 | Computer Name = <myname>-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
{2c976a7f-dbdc-4756-870f-f6d183fe7a7e}Gw64

Error - 26.07.2014 04:03:05 | Computer Name = <myname>-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
{2c976a7f-dbdc-4756-870f-f6d183fe7a7e}Gw64

Error - 26.07.2014 04:17:17 | Computer Name = <myname>-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error - 27.07.2014 04:31:13 | Computer Name = <myname>-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
{2c976a7f-dbdc-4756-870f-f6d183fe7a7e}Gw64

Error - 27.07.2014 07:37:49 | Computer Name = <myname>-PC | Source = volsnap | ID = 393251
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht vergrößert werden kann.


< End of report >


Edited by azarl, 28 July 2014 - 07:54 AM.

  • 0

#4
Machiavelli
Posted 27 July 2014 - 10:58 PM

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts
Hi,

Step 1: OTL Fix
  • Run OTL (If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on the OTL icon and select Run as Administrator).
  • Copy (Ctrl+C) and Paste (Ctrl+V) all of the following text into the Custom Scans/Fixes box:


    :Commands
    [CREATERESTOREPOINT]

    :OTL
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-pag...q={searchTerms}
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-pag...q={searchTerms}
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-pag...q={searchTerms}
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;localhost;10.*;192.168.*;127.0.0.1:895;127.0.0.1:896;<local>
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 50.21.181.12:3128
    FF - prefs.js..network.proxy.type: 0
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.3.0: C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@RadioRage_4j.com/Plugin: C:\Program Files (x86)\RadioRage_4j\bar\1.bin\NP4jStub.dll (Mindspark)
    O4 - HKCU..\Run: [AdobeBridge] File not found
    O4 - HKCU..\RunOnce: [AsrOMG_Day0] Reg Error: Invalid data type. File not found
    O4 - HKCU..\RunOnce: [AsrOMG_Day1] Reg Error: Invalid data type. File not found
    O4 - HKCU..\RunOnce: [AsrOMG_Day2] Reg Error: Invalid data type. File not found
    O4 - HKCU..\RunOnce: [AsrOMG_Day3] Reg Error: Invalid data type. File not found
    O4 - HKCU..\RunOnce: [AsrOMG_Day4] Reg Error: Invalid data type. File not found
    O4 - HKCU..\RunOnce: [AsrOMG_Day5] Reg Error: Invalid data type. File not found
    O4 - HKCU..\RunOnce: [AsrOMG_Day6] Reg Error: Invalid data type. File not found
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
    O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
    O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
    O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.m...ash/swflash.cab (Reg Error: Key error.)
    O20:64bit: - HKLM Winlogon: UserInit - (bj.dll) - File not found
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O33 - MountPoints2\{a23c35c6-d1fe-11e3-bee4-d050991146ac}\Shell - "" = AutoRun
    O33 - MountPoints2\{a23c35c6-d1fe-11e3-bee4-d050991146ac}\Shell\AutoRun\command - "" = E:\vs_ultimate.exe
    O33 - MountPoints2\E\Shell - "" = AutoRun
    O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\setup.exe
    [2014.05.01 00:08:59 | 000,000,000 | ---D | M] -- C:\Users\<myname>\AppData\Roaming\sweet-page

    :Commands
    [EMPTYTEMP]

  • Click the Run Fix button.
  • After your computer has rebooted, post the Fixlog into your next reply.
Step 2: Adwarecleaner

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1
  • Right-click on AdwCleaner.exe and select Run as administrator. (If you have Windows XP the just run it)
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.
Note: The log can also be found in here: C:\AdwCleaner\

Step 3: Junkware Removal Tool (JRT)

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 4: OTL QuickScan
  • Run OTL by double-clicking on it. (If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on OTL.exe and select Run as Administrator)
  • Click Quick Scan to start OTL.
  • When OTL finishes scanning, a logs, OTL.txt will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

  • 0

#5
Daisy_
Posted 28 July 2014 - 05:33 AM

Daisy_

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Adwarecleaner

# AdwCleaner v3.300 - Report created 28/07/2014 at 13:24:59
# Updated 27/07/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : <myname> - <myname>-PC
# Running from : C:\Users\<myname>\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : RadioRage_4jService
[#] Service Deleted : {2c976a7f-dbdc-4756-870f-f6d183fe7a7e}Gw64

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\RadioRage_4j
Folder Deleted : C:\Windows\SysWOW64\hotspot shield
Folder Deleted : C:\Users\<myname>\AppData\Local\Temp\hotspot shield
Folder Deleted : C:\Users\<myname>\AppData\Local\Temp\WiseEnhance
Folder Deleted : C:\Users\<myname>\AppData\LocalLow\RadioRage_4j
Folder Deleted : C:\Users\<myname>\AppData\Roaming\sweet-page

***** [ Tâches planifiées ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.FeedManager
Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.FeedManager.1
Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.HTMLMenu
Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.HTMLMenu.1
Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.HTMLPanel
Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.HTMLPanel.1
Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.MultipleButton
Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.MultipleButton.1
Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.PseudoTransparentPlugin
Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.PseudoTransparentPlugin.1
Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.Radio
Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.Radio.1
Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.RadioSettings
Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.RadioSettings.1
Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.ScriptButton
Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.ScriptButton.1
Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.SettingsPlugin
Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.SettingsPlugin.1
Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.ThirdPartyInstaller
Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.ThirdPartyInstaller.1
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\speedupmypc_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\speedupmypc_RASMANCS
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@RadioRage_4j.com/Plugin
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00A2B7C6-7487-4B99-9F6C-1FDF57FE130B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11D4B723-18CA-48C6-BA13-965488F19A70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{53855564-CF81-410C-9C1C-321C7E067816}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{581C7D7D-F809-4E03-A631-74C069D5F04A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{60B34F47-3FDD-46F8-AB6C-AAABEA55C3D6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{68122F44-3A4A-4EDB-B28F-0C0E07F89BD0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{78BA36C9-6036-482B-B48D-ECCA6F964B84}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9638B7D6-11F5-4406-B387-327642A11FFB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D740AD89-BAF4-47D5-9B5E-343D30F07A7A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DFEB941C-8B58-4899-97C3-88FE394E1285}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E23760BE-23A3-4CEF-9304-66AF079F53DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E6AD866F-EA06-476A-8432-ED943683FAB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ECEF0D95-32FA-48D3-8A2D-D6453B5B7361}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F69FE1BE-09C3-460C-AC89-8CCD9D3DF1CC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F706E19B-6C14-4272-BA98-2F16636A898D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A25AA6E2-1CDE-4D0F-A5D4-4898D7FB3C86}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A5C9CB1C-1C0A-45A2-81CC-1DD342D0A478}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{0978C5FA-83C0-4118-A54F-99DACCEECB8C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1ED65BE2-AE84-46CB-8EA6-1C2B86ADF768}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1FDAD7F1-B87C-4E79-9150-DE235FF80B3A}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A50E810-71EB-43A8-A665-19ED8CCD1630}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4DD9EB5D-8657-4856-A804-535841B09D73}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{569A9014-22E3-4F11-A243-CA4E3D95ADED}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{597494DA-C59F-4EDF-B2D1-CE137E2DB9E4}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{5E5E0B49-1A81-4ACC-BD6B-FF5F4EFEF01A}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B872D222-3F52-4CD9-A4BE-9D69EE4F293D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{581C7D7D-F809-4E03-A631-74C069D5F04A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{60B34F47-3FDD-46F8-AB6C-AAABEA55C3D6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{68122F44-3A4A-4EDB-B28F-0C0E07F89BD0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9638B7D6-11F5-4406-B387-327642A11FFB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F706E19B-6C14-4272-BA98-2F16636A898D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{53855564-CF81-410C-9C1C-321C7E067816}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A25AA6E2-1CDE-4D0F-A5D4-4898D7FB3C86}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A5C9CB1C-1C0A-45A2-81CC-1DD342D0A478}
Key Deleted : HKCU\Software\anchorfree
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\RadioRage_4j
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\RadioRage_4j
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : HKLM\Software\RadioRage_4j
Key Deleted : HKLM\Software\sweet-pageSoftware
Key Deleted : HKLM\Software\Uniblue
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RadioRage_4jbar Uninstall Firefox

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17207

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Mozilla Firefox v31.0 (x86 de)

[ File : C:\Users\<myname>\AppData\Roaming\Mozilla\Firefox\Profiles\cwt0n2ts.default-1402129156548\prefs.js ]


-\\ Google Chrome v36.0.1985.125

[ File : C:\Users\<myname>\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [8768 octets] - [28/07/2014 13:23:52]
AdwCleaner[S0].txt - [8234 octets] - [28/07/2014 13:24:59]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8294 octets] ##########

will edit the jrt after reboot
  • 0

#6
Machiavelli
Posted 28 July 2014 - 05:35 AM

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts

will edit the jrt after reboot

Don't edit. Simply post the log in another reply.


  • 0

#7
Daisy_
Posted 28 July 2014 - 05:47 AM

Daisy_

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

JRT

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 7 Ultimate x64
Ran by Wowa on 28.07.2014 at 13:36:11,38
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\apn"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"



~~~ FireFox

Emptied folder: C:\Users\Wowa\AppData\Roaming\mozilla\firefox\profiles\cwt0n2ts.default-1402129156548\minidumps [50 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 28.07.2014 at 13:47:35,55
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 


  • 0

#8
Machiavelli
Posted 28 July 2014 - 07:32 AM

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts

I'm waiting for the OTL FixLog and the OTL QuickScan Log.


  • 0

#9
Daisy_
Posted 28 July 2014 - 08:32 AM

Daisy_

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
im sorry, i totaly forgot, here it is!
 
OTL logfile created on: 28.07.2014 16:24:12 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\<myname>\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17207)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

7,94 Gb Total Physical Memory | 5,08 Gb Available Physical Memory | 64,00% Memory free
15,88 Gb Paging File | 12,55 Gb Available in Paging File | 79,06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 64,52 Gb Free Space | 6,93% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 151,03 Gb Free Space | 16,21% Space Free | Partition Type: NTFS

Computer Name: <myname>-PC | User Name: <myname> | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014.07.27 18:39:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\<myname>\Downloads\OTL.exe
PRC - [2014.07.22 21:02:03 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Windows.old\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014.07.16 04:28:16 | 001,753,280 | ---- | M] (Valve Corporation) -- D:\SteamLibrary\Steam.exe
PRC - [2014.07.08 19:34:26 | 001,869,488 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
PRC - [2014.05.30 01:28:21 | 002,350,880 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
PRC - [2014.05.30 01:23:57 | 001,631,008 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
PRC - [2014.05.12 22:07:49 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2014.05.02 18:00:09 | 000,211,968 | ---- | M] (My Digital Life Forums) -- C:\Windows\KMSServerService\KMS Server Service.exe
PRC - [2014.04.01 08:07:39 | 000,581,000 | ---- | M] (Autodesk Inc.) -- C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
PRC - [2013.10.24 00:39:14 | 001,017,224 | ---- | M] (Flux Software LLC) -- C:\Users\<myname>\AppData\Local\FluxSoftware\Flux\flux.exe
PRC - [2013.09.11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PRC - [2013.03.08 09:54:00 | 003,246,944 | ---- | M] (PANTERASoft) -- C:\Program Files (x86)\HDD Health\hddhealth.exe


========== Modules (No Company Name) ==========

MOD - [2014.07.22 21:02:03 | 003,800,688 | ---- | M] () -- C:\Windows.old\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2014.07.16 04:28:28 | 002,139,328 | ---- | M] () -- D:\SteamLibrary\video.dll
MOD - [2014.07.16 04:28:18 | 001,116,864 | ---- | M] () -- D:\SteamLibrary\bin\chromehtml.dll
MOD - [2014.07.12 02:53:26 | 001,116,672 | ---- | M] () -- D:\SteamLibrary\libavcodec-55.dll
MOD - [2014.07.12 02:53:26 | 000,438,784 | ---- | M] () -- D:\SteamLibrary\libavutil-53.dll
MOD - [2014.07.12 02:53:26 | 000,399,360 | ---- | M] () -- D:\SteamLibrary\libavformat-55.dll
MOD - [2014.07.12 02:53:26 | 000,331,264 | ---- | M] () -- D:\SteamLibrary\libavresample-1.dll
MOD - [2014.07.08 19:34:26 | 017,029,808 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll
MOD - [2014.06.27 00:40:28 | 000,764,416 | ---- | M] () -- D:\SteamLibrary\SDL2.dll
MOD - [2014.05.02 01:35:22 | 020,628,160 | ---- | M] () -- D:\SteamLibrary\bin\libcef.dll
MOD - [2014.04.29 02:37:22 | 000,519,168 | ---- | M] () -- D:\SteamLibrary\libswscale-2.dll
MOD - [2013.04.04 01:09:40 | 004,300,456 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf


========== Services (SafeList) ==========

SRV:64bit: - [2014.06.19 02:24:12 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014.07.22 21:02:03 | 000,119,408 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014.07.14 01:10:20 | 000,049,152 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\BattlEye\BEService.exe -- (BEService)
SRV - [2014.07.08 19:34:29 | 000,262,320 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014.05.30 01:23:57 | 001,631,008 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2014.05.30 01:20:09 | 021,055,432 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV - [2014.05.12 22:07:49 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2014.05.06 00:50:48 | 001,357,104 | ---- | M] (Flexera Software LLC) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe -- (FlexNet Licensing Service 64)
SRV - [2014.05.02 18:00:09 | 000,211,968 | ---- | M] (My Digital Life Forums) [Auto | Running] -- C:\Windows\KMSServerService\KMS Server Service.exe -- (KMSServerService)
SRV - [2014.04.25 11:56:12 | 005,024,576 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe -- (TeamViewer9)
SRV - [2014.04.01 08:07:39 | 000,581,000 | ---- | M] (Autodesk Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe -- (AdAppMgrSvc)
SRV - [2014.03.25 20:22:40 | 006,812,400 | ---- | M] (COMODO) [Auto | Running] -- C:\Programme\COMODO\COMODO Internet Security\cmdagent.exe -- (CmdAgent)
SRV - [2014.03.25 20:22:20 | 002,264,280 | ---- | M] (COMODO) [On_Demand | Stopped] -- C:\Programme\COMODO\COMODO Internet Security\cmdvirth.exe -- (cmdvirth)
SRV - [2013.11.06 00:11:42 | 004,797,064 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2013.10.23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.09.11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013.03.01 03:48:58 | 000,118,520 | ---- | M] (Riverbed Technology, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2012.09.18 14:20:26 | 000,171,072 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)
SRV - [2012.07.25 18:58:26 | 000,126,976 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe -- (Te.Service)
SRV - [2012.07.25 18:13:16 | 000,139,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe -- (fussvc)
SRV - [2012.02.11 08:55:04 | 000,129,624 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2011.09.15 06:19:54 | 000,086,016 | ---- | M] () [Disabled | Stopped] -- C:\Programme\Autodesk\3ds Max 2015\NVIDIA\Satellite\raysat_3dsmax2015_64server.exe -- (mi-raysat_3dsmax2015_64)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2014.07.15 16:15:22 | 000,142,528 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2014.06.11 10:57:41 | 000,197,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2014.05.02 17:46:13 | 000,283,064 | ---- | M] (Disc Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2014.04.11 10:39:22 | 000,206,080 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2014.04.11 10:39:22 | 000,110,336 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2014.03.31 18:42:44 | 000,040,392 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:64bit: - [2014.03.25 20:22:50 | 000,023,168 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\cmderd.sys -- (cmderd)
DRV:64bit: - [2014.01.15 00:50:02 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
DRV:64bit: - [2013.08.13 16:02:10 | 000,046,568 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ISCTD64.sys -- (ISCT)
DRV:64bit: - [2013.08.13 16:02:10 | 000,029,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\INETMON.sys -- (INETMON)
DRV:64bit: - [2013.08.07 14:23:46 | 000,644,968 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2013.08.07 14:23:46 | 000,028,008 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorF.sys -- (iaStorF)
DRV:64bit: - [2013.04.04 11:33:50 | 000,051,496 | ---- | M] (Yamaha Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ymidusbx64.sys -- (YMIDUSBW)
DRV:64bit: - [2013.03.18 16:51:08 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2013.03.12 13:19:38 | 000,064,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2013.03.01 03:49:12 | 000,036,600 | ---- | M] (Riverbed Technology, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2013.02.01 16:46:44 | 000,819,784 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2012.11.08 12:41:34 | 000,418,632 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2012.11.08 12:41:34 | 000,139,592 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2012.05.12 12:31:00 | 000,121,416 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.12.07 19:42:28 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2009.12.30 11:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.18 18:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2014.07.09 14:03:10 | 000,019,952 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys -- (RivaTuner64)
DRV - [2014.05.30 01:20:09 | 000,020,256 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Programme\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys -- (NvStreamKms)
DRV - [2014.05.01 00:11:15 | 000,022,280 | ---- | M] (ASRock Incorporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\AsrDrv101.sys -- (AsrDrv101)
DRV - [2013.01.23 08:12:38 | 000,013,368 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\MSI Afterburner\RTCore64.sys -- (RTCore64)
DRV - [2012.07.26 14:38:00 | 000,070,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys -- (VSPerfDrv110)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 98 1E 9F AF CD 64 CF 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;localhost;10.*;192.168.*;127.0.0.1:895;127.0.0.1:896;<local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 50.21.181.12:3128

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7Bd40f5e7b-d2cf-4856-b441-cc613eeffbe3%7D:1.68
FF - prefs.js..extensions.enabledAddons: 2.0%40disconnect.me:3.14.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:31.0
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.5.2: C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.5.2: C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.3.0: C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.4.0: C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.60.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.60.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameEU.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Components: C:\Windows.old\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Plugins: C:\Windows.old\Program Files (x86)\Mozilla Firefox\plugins [2014.07.22 21:02:01 | 000,000,000 | ---D | M]

[2014.05.01 01:43:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\<myname>\AppData\Roaming\mozilla\Extensions
[2014.07.28 14:48:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\<myname>\AppData\Roaming\mozilla\Firefox\Profiles\cwt0n2ts.default-1402129156548\extensions
[2014.07.20 19:14:24 | 000,000,000 | ---D | M] (Wörterbuch Deutsch (de-DE), Hunspell-unterstützt) -- C:\Users\<myname>\AppData\Roaming\mozilla\Firefox\Profiles\cwt0n2ts.default-1402129156548\extensions\[email protected]
[2014.07.20 19:16:12 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\<myname>\AppData\Roaming\mozilla\Firefox\Profiles\cwt0n2ts.default-1402129156548\extensions\[email protected]
[2014.07.24 17:14:44 | 000,947,620 | ---- | M] () (No name found) -- C:\Users\<myname>\AppData\Roaming\mozilla\firefox\profiles\cwt0n2ts.default-1402129156548\extensions\[email protected]
[2014.07.28 14:48:09 | 003,622,074 | ---- | M] () (No name found) -- C:\Users\<myname>\AppData\Roaming\mozilla\firefox\profiles\cwt0n2ts.default-1402129156548\extensions\[email protected]
[2014.07.23 22:50:46 | 000,967,685 | ---- | M] () (No name found) -- C:\Users\<myname>\AppData\Roaming\mozilla\firefox\profiles\cwt0n2ts.default-1402129156548\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014.07.24 17:14:44 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\<myname>\AppData\Roaming\mozilla\firefox\profiles\cwt0n2ts.default-1402129156548\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
[2014.05.07 23:23:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2014.05.03 14:05:42 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014.05.07 23:23:19 | 000,000,000 | ---D | M] (Hotspot Shield Extension) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\[email protected]

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Users\<myname>\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: Google Drive = C:\Users\<myname>\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\<myname>\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google-Suche = C:\Users\<myname>\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Users\<myname>\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Google Mail = C:\Users\<myname>\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre8\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Microsoft Web Test Recorder 10.0 Helper) - {876d9f09-c6d6-4324-a2cc-04dd9a4de12f} - C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Programme\COMODO\COMODO Internet Security\CisTray.exe (COMODO)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [f.lux] C:\Users\<myname>\AppData\Local\FluxSoftware\Flux\flux.exe (Flux Software LLC)
O4 - HKCU..\RunOnce: [AsrOMG_Day0] Reg Error: Invalid data type. File not found
O4 - HKCU..\RunOnce: [AsrOMG_Day1] Reg Error: Invalid data type. File not found
O4 - HKCU..\RunOnce: [AsrOMG_Day2] Reg Error: Invalid data type. File not found
O4 - HKCU..\RunOnce: [AsrOMG_Day3] Reg Error: Invalid data type. File not found
O4 - HKCU..\RunOnce: [AsrOMG_Day4] Reg Error: Invalid data type. File not found
O4 - HKCU..\RunOnce: [AsrOMG_Day5] Reg Error: Invalid data type. File not found
O4 - HKCU..\RunOnce: [AsrOMG_Day6] Reg Error: Invalid data type. File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.m...ash/swflash.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 192.168.0.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{86AC067A-5800-42EB-87C4-E50869808AA4}: DhcpNameServer = 192.168.0.1 192.168.0.2
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\System32\Userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (bj.dll) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2014.04.23 20:18:45 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O33 - MountPoints2\{a23c35c6-d1fe-11e3-bee4-d050991146ac}\Shell - "" = AutoRun
O33 - MountPoints2\{a23c35c6-d1fe-11e3-bee4-d050991146ac}\Shell\AutoRun\command - "" = E:\vs_ultimate.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014.07.28 15:19:00 | 000,000,000 | ---D | C] -- C:\Users\<myname>\jagexcache
[2014.07.28 13:29:56 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014.07.28 13:24:25 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\SysWow64\sqlite3.dll
[2014.07.26 18:40:02 | 000,000,000 | ---D | C] -- C:\Users\<myname>\AppData\Local\assembly
[2014.07.26 01:56:41 | 000,000,000 | ---D | C] -- C:\Users\<myname>\Desktop\License
[2014.07.26 01:51:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DiskCheckup
[2014.07.26 01:45:29 | 000,000,000 | ---D | C] -- C:\Users\<myname>\AppData\Roaming\HDDHealth
[2014.07.26 01:45:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HDD Health
[2014.07.25 22:42:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2014.07.25 21:57:00 | 000,000,000 | --SD | C] -- C:\ProgramData\Shared Space
[2014.07.25 21:56:40 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2014.07.25 21:56:28 | 000,057,096 | ---- | C] (COMODO CA Limited) -- C:\Windows\SysNative\certsentry.dll
[2014.07.25 21:56:28 | 000,048,392 | ---- | C] (COMODO CA Limited) -- C:\Windows\SysWow64\certsentry.dll
[2014.07.25 21:54:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
[2014.07.25 21:54:16 | 000,000,000 | ---D | C] -- C:\Users\<myname>\AppData\Local\Comodo
[2014.07.25 21:54:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo Downloader
[2014.07.25 21:49:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
[2014.07.25 09:02:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Visual Studio
[2014.07.24 23:54:57 | 000,000,000 | ---D | C] -- C:\Users\<myname>\AppData\Local\Red 5 Studios
[2014.07.24 23:54:52 | 000,000,000 | ---D | C] -- C:\Users\<myname>\Documents\Firefall
[2014.07.24 23:54:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xiph.Org
[2014.07.24 23:54:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xiph.Org
[2014.07.24 23:29:21 | 000,000,000 | ---D | C] -- C:\Users\<myname>\Documents\Visual Studio 2012
[2014.07.24 23:28:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2014.07.24 23:27:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2014.07.24 23:27:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 5 SDK - Deutsch
[2014.07.24 23:27:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 4 SDK - Deutsch
[2014.07.24 23:26:48 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2014.07.24 23:26:18 | 000,000,000 | ---D | C] -- C:\Program Files\Application Verifier
[2014.07.24 23:26:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Verifier
[2014.07.24 23:26:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows App Certification Kit
[2014.07.24 23:25:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
[2014.07.24 23:25:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Microsoft
[2014.07.24 23:25:31 | 000,000,000 | ---D | C] -- C:\ProgramData\PreEmptive Solutions
[2014.07.24 23:23:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft ASP.NET
[2014.07.24 23:23:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Web Tools
[2014.07.24 23:23:14 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2014.07.24 23:23:03 | 000,000,000 | ---D | C] -- C:\Program Files\IIS Express
[2014.07.24 23:23:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IIS Express
[2014.07.24 23:22:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NuGet
[2014.07.24 23:22:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft WCF Data Services
[2014.07.24 23:20:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Kits
[2014.07.24 23:17:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HTML Help Workshop
[2014.07.24 23:17:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Help Viewer
[2014.07.24 23:17:01 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\1033
[2014.07.24 23:17:01 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\1033
[2014.07.24 23:17:01 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\1031
[2014.07.24 23:16:51 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
[2014.07.24 23:16:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server
[2014.07.24 23:14:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Merge Modules
[2014.07.24 23:13:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2012
[2014.07.24 23:13:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 11.0
[2014.07.24 23:13:45 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\1031
[2014.07.24 23:13:41 | 000,000,000 | ---D | C] -- C:\Windows\symbols
[2014.07.24 23:13:40 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 11.0
[2014.07.24 23:13:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SDKs
[2014.07.24 23:11:23 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1991-06.com.microsoft
[2014.07.24 22:23:33 | 000,000,000 | ---D | C] -- C:\Users\<myname>\Desktop\MEGAPACK
[2014.07.20 21:49:37 | 000,000,000 | ---D | C] -- C:\Users\<myname>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2014.07.20 21:49:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2014.07.20 21:49:10 | 000,000,000 | ---D | C] -- C:\Users\<myname>\AppData\Local\http___www.julien-manici
[2014.07.20 14:31:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
[2014.07.20 14:31:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinPcap
[2014.07.20 14:31:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cain
[2014.07.20 14:23:30 | 000,231,376 | ---- | C] (TrueCrypt Foundation) -- C:\Windows\SysNative\drivers\truecrypt.sys
[2014.07.20 12:16:50 | 000,000,000 | ---D | C] -- C:\Users\<myname>\VirtualBox VMs
[2014.07.20 12:16:16 | 000,000,000 | ---D | C] -- C:\Users\<myname>\.VirtualBox
[2014.07.20 12:15:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
[2014.07.20 12:15:32 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2014.07.20 12:13:08 | 000,000,000 | ---D | C] -- C:\Users\<myname>\AppData\Roaming\VMware
[2014.07.20 12:09:48 | 000,000,000 | ---D | C] -- C:\ProgramData\VMware
[2014.07.20 08:44:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2014.07.19 22:30:26 | 000,000,000 | ---D | C] -- C:\Users\<myname>\AppData\Local\NVIDIA
[2014.07.19 22:30:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2014.07.19 12:38:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2014.07.18 00:20:51 | 000,000,000 | ---D | C] -- C:\Users\<myname>\Desktop\Website Safe Scanner
[2014.07.17 19:15:02 | 000,033,856 | -H-- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\hamachi.sys
[2014.07.17 00:05:37 | 000,000,000 | ---D | C] -- C:\Users\<myname>\Documents\Banished
[2014.07.16 00:58:54 | 000,000,000 | ---D | C] -- C:\Users\<myname>\AppData\Roaming\RotMG.Production
[2014.07.15 16:28:58 | 000,000,000 | ---D | C] -- C:\ProgramData\SwiftKit
[2014.07.15 15:58:10 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2014.07.15 15:53:21 | 000,000,000 | ---D | C] -- C:\Windows\.jagex_cache_32
[2014.07.14 00:26:24 | 000,000,000 | ---D | C] -- C:\Users\<myname>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flux
[2014.07.14 00:26:22 | 000,000,000 | ---D | C] -- C:\Users\<myname>\AppData\Local\FluxSoftware
[2014.07.13 15:24:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
[2014.07.13 15:23:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Diablo III
[2014.07.13 02:43:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TERA
[2014.07.13 02:43:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TERA
[2014.07.12 15:08:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Nexon
[2014.07.12 15:06:45 | 000,000,000 | ---D | C] -- C:\Users\<myname>\Documents\Vindictus EU
[2014.07.12 14:59:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexon
[2014.07.12 14:59:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BandiMPEG1
[2014.07.12 14:54:56 | 000,000,000 | ---D | C] -- C:\Nexon
[2014.07.12 14:28:01 | 000,000,000 | ---D | C] -- C:\ProgramData\NexonEU
[2014.07.11 23:34:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Arma III
[2014.07.11 21:10:56 | 000,000,000 | ---D | C] -- C:\Users\<myname>\Documents\Bullet
[2014.07.11 21:09:56 | 000,000,000 | ---D | C] -- C:\Users\<myname>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft AppLocale
[2014.07.09 21:16:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\WuShu_0.0.1.116
[2014.07.09 21:16:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AgeofWushu_download
[2014.07.09 14:06:53 | 000,000,000 | ---D | C] -- C:\Users\<myname>\Documents\Mount&Blade Warband Savegames
[2014.07.09 14:05:37 | 000,000,000 | ---D | C] -- C:\Users\<myname>\Documents\Mount&Blade Warband
[2014.07.09 14:05:37 | 000,000,000 | ---D | C] -- C:\Users\<myname>\AppData\Roaming\Mount&Blade Warband
[2014.07.09 14:02:38 | 000,000,000 | ---D | C] -- C:\Users\<myname>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
[2014.07.09 14:02:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
[2014.07.09 11:31:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2014.07.09 11:31:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2014.07.09 11:09:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webzen
[2014.07.09 11:09:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Webzen
[2014.07.09 10:56:32 | 000,000,000 | ---D | C] -- C:\download
[2014.07.09 10:56:27 | 000,000,000 | ---D | C] -- C:\ProgramData\WEBZEN
[2014.07.06 00:56:17 | 000,000,000 | ---D | C] -- C:\Users\<myname>\AppData\Local\LogMeIn Hamachi
[2014.07.06 00:56:17 | 000,000,000 | ---D | C] -- C:\Users\<myname>\AppData\Local\LogMeIn
[2014.07.06 00:56:17 | 000,000,000 | ---D | C] -- C:\ProgramData\LogMeIn
[2014.07.04 21:42:00 | 000,000,000 | ---D | C] -- C:\Users\<myname>\AppData\Local\VS Revo Group
[2014.07.04 21:41:57 | 000,031,800 | ---- | C] (VS Revo Group) -- C:\Windows\SysNative\drivers\revoflt.sys
[2014.07.04 21:41:57 | 000,000,000 | ---D | C] -- C:\ProgramData\VS Revo Group
[2014.07.04 21:41:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
[2014.07.04 21:41:56 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2014.07.03 21:04:23 | 000,000,000 | ---D | C] -- C:\ProgramData\pwd
[2014.07.03 20:26:23 | 000,000,000 | -H-D | C] -- C:\ArcTemp
[2014.07.03 19:18:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guild Wars 2
[2014.07.03 19:18:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Guild Wars 2
[2014.07.03 19:18:10 | 000,000,000 | ---D | C] -- C:\Users\<myname>\AppData\Roaming\Guild Wars 2
[2014.07.02 21:18:16 | 000,000,000 | ---D | C] -- C:\Users\<myname>\Documents\AnyTrans Export
[2014.07.02 21:14:36 | 000,000,000 | ---D | C] -- C:\Users\<myname>\AppData\Local\Apple Computer
[2014.07.02 21:14:35 | 000,000,000 | ---D | C] -- C:\Users\<myname>\AppData\Roaming\Apple Computer
[2014.07.02 21:14:25 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2014.07.02 21:14:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2014.07.02 21:14:02 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2014.07.02 21:12:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2014.07.02 21:11:18 | 000,000,000 | ---D | C] -- C:\Users\<myname>\AppData\Local\iMobie_Inc
[2014.07.02 21:11:18 | 000,000,000 | ---D | C] -- C:\Users\<myname>\AppData\Roaming\iMobie
[2014.06.30 18:49:55 | 000,000,000 | ---D | C] -- C:\Users\<myname>\Documents\Larian Studios
[2014.06.15 21:05:36 | 002,869,264 | ---- | C] (Microsoft Corporation) -- C:\Users\<myname>\AppData\Roaming\dotNetFx35setup.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014.07.28 16:14:01 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014.07.28 15:34:40 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014.07.28 13:40:27 | 000,020,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014.07.28 13:40:27 | 000,020,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014.07.28 13:35:24 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014.07.28 13:35:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014.07.28 13:34:46 | 2099,032,063 | -HS- | M] () -- C:\hiberfil.sys
[2014.07.27 01:09:53 | 001,593,558 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014.07.27 01:09:53 | 000,697,970 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2014.07.27 01:09:53 | 000,654,968 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014.07.27 01:09:53 | 000,149,436 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2014.07.27 01:09:53 | 000,122,338 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014.07.27 01:09:47 | 001,593,558 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014.07.26 17:07:56 | 003,410,768 | ---- | M] () -- C:\Users\<myname>\Desktop\GameClient 2014-07-26 17-07-55-25.png
[2014.07.26 17:07:38 | 003,387,948 | ---- | M] () -- C:\Users\<myname>\Desktop\GameClient 2014-07-26 17-07-37-48.png
[2014.07.26 10:02:33 | 005,035,776 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014.07.25 22:19:02 | 000,002,165 | ---- | M] () -- C:\Users\<myname>\AppData\Roaming\EasyToolz.ini
[2014.07.25 21:59:31 | 000,001,870 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Firewall.lnk
[2014.07.25 21:56:28 | 000,057,096 | ---- | M] (COMODO CA Limited) -- C:\Windows\SysNative\certsentry.dll
[2014.07.25 21:56:28 | 000,048,392 | ---- | M] (COMODO CA Limited) -- C:\Windows\SysWow64\certsentry.dll
[2014.07.20 14:23:30 | 000,231,376 | ---- | M] (TrueCrypt Foundation) -- C:\Windows\SysNative\drivers\truecrypt.sys
[2014.07.20 12:15:48 | 000,001,100 | ---- | M] () -- C:\Users\<myname>\Application Data\Microsoft\Internet Explorer\Quick Launch\Oracle VM VirtualBox.lnk
[2014.07.20 12:15:48 | 000,001,076 | ---- | M] () -- C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
[2014.07.20 12:10:19 | 000,001,024 | ---- | M] () -- C:\Windows\SysWow64\%TMP%
[2014.07.19 23:30:43 | 000,001,121 | ---- | M] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2014.07.19 23:30:43 | 000,000,934 | ---- | M] () -- C:\Users\Public\Desktop\Nexus Mod Manager.lnk
[2014.07.19 22:31:04 | 000,001,347 | ---- | M] () -- C:\Users\Public\Desktop\GeForce Experience.lnk
[2014.07.18 08:54:02 | 035,524,570 | ---- | M] () -- C:\Users\<myname>\Desktop\Desktop.zip
[2014.07.15 16:31:14 | 000,000,024 | ---- | M] () -- C:\Users\<myname>\random.dat
[2014.07.15 16:30:25 | 000,000,043 | ---- | M] () -- C:\Users\<myname>\jagex_cl_oldschool_LIVE.dat
[2014.07.15 16:19:12 | 000,002,271 | ---- | M] () -- C:\Users\<myname>\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014.07.15 16:14:20 | 000,000,043 | ---- | M] () -- C:\Users\<myname>\jagex_cl_runescape_LIVE.dat
[2014.07.15 15:58:15 | 000,000,044 | ---- | M] () -- C:\Users\<myname>\jagex_cl_runescape_LIVE1.dat
[2014.07.15 15:54:18 | 000,000,023 | ---- | M] () -- C:\Users\<myname>\jagexappletviewer.preferences
[2014.07.13 15:24:27 | 000,001,156 | ---- | M] () -- C:\Users\Public\Desktop\Diablo III.lnk
[2014.07.13 02:43:30 | 000,001,044 | ---- | M] () -- C:\Users\<myname>\Desktop\TERA.lnk
[2014.07.12 18:02:40 | 000,000,331 | ---- | M] () -- C:\Users\<myname>\Documents\Preset 1.mbcfg
[2014.07.12 18:02:40 | 000,000,331 | ---- | M] () -- C:\Users\<myname>\Documents\Preset 0.mbcfg
[2014.07.12 14:59:32 | 000,000,183 | ---- | M] () -- C:\Users\Public\Desktop\Vindictus EU.url
[2014.07.04 21:41:58 | 000,001,101 | ---- | M] () -- C:\Users\<myname>\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2014.07.04 21:06:19 | 477,616,821 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2014.07.03 19:18:54 | 000,000,932 | ---- | M] () -- C:\Users\Public\Desktop\Guild Wars 2.lnk
[2014.07.02 22:05:25 | 000,214,392 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2014.07.02 22:00:56 | 000,000,653 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 4(64 bit).lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014.07.26 17:07:55 | 003,410,768 | ---- | C] () -- C:\Users\<myname>\Desktop\GameClient 2014-07-26 17-07-55-25.png
[2014.07.26 17:07:37 | 003,387,948 | ---- | C] () -- C:\Users\<myname>\Desktop\GameClient 2014-07-26 17-07-37-48.png
[2014.07.26 02:14:18 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2014.07.25 21:59:31 | 000,001,870 | ---- | C] () -- C:\Users\Public\Desktop\COMODO Firewall.lnk
[2014.07.24 23:23:14 | 000,002,059 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Web Platform Installer.lnk
[2014.07.20 12:15:48 | 000,001,100 | ---- | C] () -- C:\Users\<myname>\Application Data\Microsoft\Internet Explorer\Quick Launch\Oracle VM VirtualBox.lnk
[2014.07.20 12:15:48 | 000,001,076 | ---- | C] () -- C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
[2014.07.20 12:10:19 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\%TMP%
[2014.07.19 22:31:04 | 000,001,347 | ---- | C] () -- C:\Users\Public\Desktop\GeForce Experience.lnk
[2014.07.18 08:53:57 | 035,524,570 | ---- | C] () -- C:\Users\<myname>\Desktop\Desktop.zip
[2014.07.15 16:30:25 | 000,000,043 | ---- | C] () -- C:\Users\<myname>\jagex_cl_oldschool_LIVE.dat
[2014.07.15 15:58:15 | 000,000,044 | ---- | C] () -- C:\Users\<myname>\jagex_cl_runescape_LIVE1.dat
[2014.07.15 15:53:23 | 000,000,043 | ---- | C] () -- C:\Users\<myname>\jagex_cl_runescape_LIVE.dat
[2014.07.15 15:53:23 | 000,000,024 | ---- | C] () -- C:\Users\<myname>\random.dat
[2014.07.15 15:53:14 | 000,000,023 | ---- | C] () -- C:\Users\<myname>\jagexappletviewer.preferences
[2014.07.13 15:24:26 | 000,001,156 | ---- | C] () -- C:\Users\Public\Desktop\Diablo III.lnk
[2014.07.13 02:43:31 | 000,001,044 | ---- | C] () -- C:\Users\<myname>\Desktop\TERA.lnk
[2014.07.12 14:59:32 | 000,000,183 | ---- | C] () -- C:\Users\Public\Desktop\Vindictus EU.url
[2014.07.04 21:41:58 | 000,001,121 | ---- | C] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2014.07.04 21:41:58 | 000,001,101 | ---- | C] () -- C:\Users\<myname>\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2014.07.03 19:18:54 | 000,000,932 | ---- | C] () -- C:\Users\Public\Desktop\Guild Wars 2.lnk
[2014.07.02 22:00:56 | 000,000,653 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 4(64 bit).lnk
[2014.07.02 21:13:21 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2014.05.25 13:07:14 | 000,354,304 | ---- | C] () -- C:\Windows\SysWow64\pythoncom27.dll
[2014.05.25 13:07:14 | 000,110,080 | ---- | C] () -- C:\Windows\SysWow64\pywintypes27.dll
[2014.05.25 13:07:14 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\pythoncomloader27.dll
[2014.05.12 21:11:32 | 000,214,392 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2014.05.12 21:11:31 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2014.05.10 20:54:24 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2014.05.06 09:49:18 | 005,117,607 | ---- | C] () -- C:\Users\<myname>\1.7.2-Forge10.12.1.1065.jar
[2014.05.01 01:57:36 | 001,593,558 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014.04.30 22:38:32 | 000,002,165 | ---- | C] () -- C:\Users\<myname>\AppData\Roaming\EasyToolz.ini
[2014.04.30 21:36:56 | 000,007,605 | ---- | C] () -- C:\Users\<myname>\AppData\Local\Resmon.ResmonCfg
[2013.07.18 14:32:38 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2013.07.18 14:32:34 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2013.07.18 14:32:34 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2013.07.18 14:32:34 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2013.07.18 14:32:34 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2013.03.01 03:47:36 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2013.02.13 12:27:54 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
[2012.09.28 21:45:06 | 000,247,296 | ---- | C] () -- C:\Windows\SysWow64\rtvcvfw32.dll

========== ZeroAccess Check ==========

[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014.03.25 04:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014.03.25 04:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2014.07.25 15:26:21 | 000,000,000 | ---D | M] -- C:\Users\<myname>\AppData\Roaming\.minecraft
[2014.05.04 13:41:59 | 000,000,000 | ---D | M] -- C:\Users\<myname>\AppData\Roaming\.technic
[2014.06.25 17:35:28 | 000,000,000 | ---D | M] -- C:\Users\<myname>\AppData\Roaming\Aeria Games & Entertainment
[2014.05.06 01:00:34 | 000,000,000 | ---D | M] -- C:\Users\<myname>\AppData\Roaming\Autodesk
[2014.06.07 12:42:51 | 000,000,000 | ---D | M] -- C:\Users\<myname>\AppData\Roaming\Battle.net
[2014.06.25 12:21:22 | 000,000,000 | ---D | M] -- C:\Users\<myname>\AppData\Roaming\Bullet Candy
[2014.04.30 23:43:37 | 000,000,000 | ---D | M] -- C:\Users\<myname>\AppData\Roaming\CPUControl
[2014.04.30 21:14:50 | 000,000,000 | ---D | M] -- C:\Users\<myname>\AppData\Roaming\Craften Terminal
[2014.05.31 21:10:16 | 000,000,000 | ---D | M] -- C:\Users\<myname>\AppData\Roaming\Crytek
[2014.05.02 17:47:39 | 000,000,000 | ---D | M] -- C:\Users\<myname>\AppData\Roaming\DAEMON Tools Lite
[2014.05.25 10:42:06 | 000,000,000 | ---D | M] -- C:\Users\<myname>\AppData\Roaming\DarkSoulsII
[2014.04.30 21:40:59 | 000,000,000 | ---D | M] -- C:\Users\<myname>\AppData\Roaming\Easeware
[2014.05.01 14:52:08 | 000,000,000 | ---D | M] -- C:\Users\<myname>\AppData\Roaming\ftblauncher
[2014.07.03 23:09:23 | 000,000,000 | ---D | M] -- C:\Users\<myname>\AppData\Roaming\Guild Wars 2
[2014.07.26 01:45:29 | 000,000,000 | ---D | M] -- C:\Users\<myname>\AppData\Roaming\HDDHealth
[2014.07.02 21:16:18 | 000,000,000 | ---D | M] -- C:\Users\<myname>\AppData\Roaming\iMobie
[2014.05.01 01:53:47 | 000,000,000 | ---D | M] -- C:\Users\<myname>\AppData\Roaming\java
[2014.05.01 02:14:46 | 000,000,000 | ---D | M] -- C:\Users\<myname>\AppData\Roaming\library_dir
[2014.04.30 22:47:12 | 000,000,000 | ---D | M] -- C:\Users\<myname>\AppData\Roaming\MotioninJoy
[2014.07.09 14:06:19 | 000,000,000 | ---D | M] -- C:\Users\<myname>\AppData\Roaming\Mount&Blade Warband
[2014.06.19 23:10:49 | 000,000,000 | ---D | M] -- C:\Users\<myname>\AppData\Roaming\MultiBit
[2014.05.01 13:38:18 | 000,000,000 | ---D | M] -- C:\Users\<myname>\AppData\Roaming\Notepad++
[2014.05.12 21:05:27 | 000,000,000 | ---D | M] -- C:\Users\<myname>\AppData\Roaming\Origin
[2014.05.07 20:21:29 | 000,000,000 | ---D | M] -- C:\Users\<myname>\AppData\Roaming\RadeonPro
[2014.05.02 21:51:58 | 000,000,000 | ---D | M] -- C:\Users\<myname>\AppData\Roaming\RIFT
[2014.07.16 00:58:54 | 000,000,000 | ---D | M] -- C:\Users\<myname>\AppData\Roaming\RotMG.Production
[2014.06.14 14:13:37 | 000,000,000 | ---D | M] -- C:\Users\<myname>\AppData\Roaming\Samsung
[2014.07.15 12:19:24 | 000,000,000 | ---D | M] -- C:\Users\<myname>\AppData\Roaming\Synthesia
[2014.05.10 12:53:27 | 000,000,000 | ---D | M] -- C:\Users\<myname>\AppData\Roaming\TeamViewer
[2014.05.11 15:26:19 | 000,000,000 | ---D | M] -- C:\Users\<myname>\AppData\Roaming\TERA
[2014.06.25 19:36:58 | 000,000,000 | ---D | M] -- C:\Users\<myname>\AppData\Roaming\The Creative Assembly
[2014.05.28 12:31:43 | 000,000,000 | ---D | M] -- C:\Users\<myname>\AppData\Roaming\To the Moon - Freebird Games
[2014.07.22 23:22:43 | 000,000,000 | ---D | M] -- C:\Users\<myname>\AppData\Roaming\TS3Client
[2014.07.27 22:55:30 | 000,000,000 | ---D | M] -- C:\Users\<myname>\AppData\Roaming\uTorrent
[2014.05.29 13:23:50 | 000,000,000 | ---D | M] -- C:\Users\<myname>\AppData\Roaming\XRay Engine
[2014.05.17 13:10:04 | 000,000,000 | ---D | M] -- C:\Users\<myname>\AppData\Roaming\Zeal Game Studio

========== Purity Check ==========



< End of report >
  • 0

#10
Machiavelli
Posted 28 July 2014 - 09:12 AM

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts

I can not help you when you don't follow my instructions carefully. 

 

What did I said about this: Folder = C:\Users\<myname>\Downloads ?

 

And, I also like to see the reports to this: Comodo found a maybe harmfull .dll and avira found also something.

 

Also, I want to see the fixlog of the last OTL Fix.


  • 0

Advertisements

#11
Daisy_
Posted 28 July 2014 - 11:45 AM

Daisy_

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

OTL Fix

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: 0 removed from network.proxy.type
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@esn/esnlaunch,version=2.3.0\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@RadioRage_4j.com/Plugin\ not found.
File C:\Program Files (x86)\RadioRage_4j\bar\1.bin\NP4jStub.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\AsrOMG_Day0 deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\AsrOMG_Day1 deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\AsrOMG_Day2 deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\AsrOMG_Day3 deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\AsrOMG_Day4 deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\AsrOMG_Day5 deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\AsrOMG_Day6 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\An OneNote s&enden\ deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft E&xcel exportieren\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\An OneNote s&enden\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft E&xcel exportieren\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
Starting removal of ActiveX control {D27CDB6E-AE6D-11CF-96B8-444553540000}
C:\Windows\Downloaded Program Files\swflash64.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:bj.dll deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a23c35c6-d1fe-11e3-bee4-d050991146ac}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a23c35c6-d1fe-11e3-bee4-d050991146ac}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a23c35c6-d1fe-11e3-bee4-d050991146ac}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a23c35c6-d1fe-11e3-bee4-d050991146ac}\ not found.
File E:\vs_ultimate.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found.
File E:\setup.exe not found.
Folder C:\Users\<myname>\AppData\Roaming\sweet-page\ not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: Wowa
->Temp folder emptied: 1396507081 bytes
->Temporary Internet Files folder emptied: 195038053 bytes
->Java cache emptied: 4706960 bytes
->FireFox cache emptied: 164763232 bytes
->Google Chrome cache emptied: 37033085 bytes
->Flash cache emptied: 8318 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 47882616 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 55409714 bytes
RecycleBin emptied: 43611312208 bytes
 
Total Files Cleaned = 43.404,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 07282014_194012

Files\Folders moved on Reboot...
File move failed. C:\Users\Wowa\AppData\Local\Temp\NVIDIA Corporation\NV_Cache\6d1026b4fa6d4c49d77d65f8805a9c0_fce8395f8fd8a84b_6229ccd76215aea1_0_0.bin scheduled to be moved on reboot.
File move failed. C:\Users\Wowa\AppData\Local\Temp\NVIDIA Corporation\NV_Cache\6d1026b4fa6d4c49d77d65f8805a9c0_fce8395f8fd8a84b_6229ccd76215aea1_0_0.toc scheduled to be moved on reboot.
C:\Users\Wowa\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Wowa\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

i cant deliver the logs from comodo because 1. i would not know how, 2. i uninstalled it because i dont like it so much

 

also I think it is pretty wayne if I run the programm from downloads or from my desktop, there is no big difference


Edited by Daisy_, 28 July 2014 - 11:52 AM.

  • 0

#12
Machiavelli
Posted 28 July 2014 - 12:53 PM

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts

also I think it is pretty wayne if I run the programm from downloads or from my desktop, there is no big difference

Sorry, but there is a difference.

 

Move OTL.exe to your dekstop and make a new OTL QuickScan, give me the logs. 

 

Also, what's with the Avira Log?

 

 

 

Regards,

Machiavelli


  • 0

#13
Daisy_
Posted 28 July 2014 - 02:11 PM

Daisy_

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts 
OTL logfile created on: 28.07.2014 21:59:22 - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\<myname>\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17207)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,94 Gb Total Physical Memory | 2,12 Gb Available Physical Memory | 26,70% Memory free
15,88 Gb Paging File | 10,71 Gb Available in Paging File | 67,45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 105,86 Gb Free Space | 11,37% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 151,03 Gb Free Space | 16,21% Space Free | Partition Type: NTFS
 
Computer Name: <myname>-PC | User Name: <myname> | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2014.07.27 18:39:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\<myname>\Desktop\OTL.exe
PRC - [2014.07.22 21:02:03 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Windows.old\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014.07.17 19:36:14 | 010,781,696 | ---- | M] () -- C:\SteamGames\SteamApps\common\Divinity - Original Sin\Shipping\EoCApp.exe
PRC - [2014.07.16 04:28:16 | 001,753,280 | ---- | M] (Valve Corporation) -- D:\SteamLibrary\Steam.exe
PRC - [2014.07.16 04:28:16 | 000,095,936 | ---- | M] (Valve Corporation) -- D:\SteamLibrary\GameOverlayUI.exe
PRC - [2014.07.08 19:34:26 | 001,869,488 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
PRC - [2014.05.30 01:28:21 | 002,350,880 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
PRC - [2014.05.30 01:23:57 | 001,631,008 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
PRC - [2014.05.12 22:07:49 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2014.05.02 18:00:09 | 000,211,968 | ---- | M] (My Digital Life Forums) -- C:\Windows\KMSServerService\KMS Server Service.exe
PRC - [2014.04.01 08:07:39 | 000,581,000 | ---- | M] (Autodesk Inc.) -- C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
PRC - [2013.10.24 00:39:14 | 001,017,224 | ---- | M] (Flux Software LLC) -- C:\Users\<myname>\AppData\Local\FluxSoftware\Flux\flux.exe
PRC - [2013.09.11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - [2014.07.22 21:02:03 | 003,800,688 | ---- | M] () -- C:\Windows.old\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2014.07.17 19:36:14 | 010,781,696 | ---- | M] () -- C:\SteamGames\SteamApps\common\Divinity - Original Sin\Shipping\EoCApp.exe
MOD - [2014.07.17 19:36:09 | 000,458,240 | ---- | M] () -- C:\SteamGames\SteamApps\common\Divinity - Original Sin\Shipping\osiris.dll
MOD - [2014.07.16 04:28:28 | 002,139,328 | ---- | M] () -- D:\SteamLibrary\video.dll
MOD - [2014.07.16 04:28:18 | 001,116,864 | ---- | M] () -- D:\SteamLibrary\bin\chromehtml.dll
MOD - [2014.07.16 04:28:16 | 000,359,104 | ---- | M] () -- D:\SteamLibrary\Steam.dll
MOD - [2014.07.12 02:53:26 | 001,116,672 | ---- | M] () -- D:\SteamLibrary\libavcodec-55.dll
MOD - [2014.07.12 02:53:26 | 000,438,784 | ---- | M] () -- D:\SteamLibrary\libavutil-53.dll
MOD - [2014.07.12 02:53:26 | 000,399,360 | ---- | M] () -- D:\SteamLibrary\libavformat-55.dll
MOD - [2014.07.12 02:53:26 | 000,331,264 | ---- | M] () -- D:\SteamLibrary\libavresample-1.dll
MOD - [2014.07.08 19:34:26 | 017,029,808 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll
MOD - [2014.07.05 21:55:30 | 000,850,432 | ---- | M] () -- C:\SteamGames\SteamApps\common\Divinity - Original Sin\Shipping\iggy_w32.dll
MOD - [2014.07.05 21:55:10 | 000,199,168 | ---- | M] () -- C:\SteamGames\SteamApps\common\Divinity - Original Sin\Shipping\FxStudioRT.dll
MOD - [2014.06.27 00:40:28 | 000,764,416 | ---- | M] () -- D:\SteamLibrary\SDL2.dll
MOD - [2014.05.02 01:35:22 | 020,628,160 | ---- | M] () -- D:\SteamLibrary\bin\libcef.dll
MOD - [2014.04.29 02:37:22 | 000,519,168 | ---- | M] () -- D:\SteamLibrary\libswscale-2.dll
MOD - [2013.04.04 01:09:40 | 004,300,456 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
 
 
[color=#E56717]========== Services (SafeList) ==========[/color]
 
SRV:[b]64bit:[/b] - [2014.06.19 02:24:12 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:[b]64bit:[/b] - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014.07.22 21:02:03 | 000,119,408 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014.07.14 01:10:20 | 000,049,152 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\BattlEye\BEService.exe -- (BEService)
SRV - [2014.07.08 19:34:29 | 000,262,320 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014.05.30 01:23:57 | 001,631,008 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2014.05.30 01:20:09 | 021,055,432 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV - [2014.05.12 22:07:49 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2014.05.06 00:50:48 | 001,357,104 | ---- | M] (Flexera Software LLC) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe -- (FlexNet Licensing Service 64)
SRV - [2014.05.02 18:00:09 | 000,211,968 | ---- | M] (My Digital Life Forums) [Auto | Running] -- C:\Windows\KMSServerService\KMS Server Service.exe -- (KMSServerService)
SRV - [2014.04.25 11:56:12 | 005,024,576 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe -- (TeamViewer9)
SRV - [2014.04.01 08:07:39 | 000,581,000 | ---- | M] (Autodesk Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe -- (AdAppMgrSvc)
SRV - [2014.03.25 20:22:40 | 006,812,400 | ---- | M] (COMODO) [Auto | Running] -- C:\Programme\COMODO\COMODO Internet Security\cmdagent.exe -- (CmdAgent)
SRV - [2014.03.25 20:22:20 | 002,264,280 | ---- | M] (COMODO) [On_Demand | Stopped] -- C:\Programme\COMODO\COMODO Internet Security\cmdvirth.exe -- (cmdvirth)
SRV - [2013.11.06 00:11:42 | 004,797,064 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2013.10.23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.09.11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013.03.01 03:48:58 | 000,118,520 | ---- | M] (Riverbed Technology, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2012.09.18 14:20:26 | 000,171,072 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)
SRV - [2012.07.25 18:58:26 | 000,126,976 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe -- (Te.Service)
SRV - [2012.07.25 18:13:16 | 000,139,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe -- (fussvc)
SRV - [2012.02.11 08:55:04 | 000,129,624 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2011.09.15 06:19:54 | 000,086,016 | ---- | M] () [Disabled | Stopped] -- C:\Programme\Autodesk\3ds Max 2015\NVIDIA\Satellite\raysat_3dsmax2015_64server.exe -- (mi-raysat_3dsmax2015_64)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV:[b]64bit:[/b] - [2014.07.15 16:15:22 | 000,142,528 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:[b]64bit:[/b] - [2014.06.11 10:57:41 | 000,197,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:[b]64bit:[/b] - [2014.05.02 17:46:13 | 000,283,064 | ---- | M] (Disc Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:[b]64bit:[/b] - [2014.04.11 10:39:22 | 000,206,080 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:[b]64bit:[/b] - [2014.04.11 10:39:22 | 000,110,336 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:[b]64bit:[/b] - [2014.03.31 18:42:44 | 000,040,392 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:[b]64bit:[/b] - [2014.03.25 20:22:50 | 000,023,168 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\cmderd.sys -- (cmderd)
DRV:[b]64bit:[/b] - [2014.01.15 00:50:02 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
DRV:[b]64bit:[/b] - [2013.08.13 16:02:10 | 000,046,568 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ISCTD64.sys -- (ISCT)
DRV:[b]64bit:[/b] - [2013.08.13 16:02:10 | 000,029,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\INETMON.sys -- (INETMON)
DRV:[b]64bit:[/b] - [2013.08.07 14:23:46 | 000,644,968 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)
DRV:[b]64bit:[/b] - [2013.08.07 14:23:46 | 000,028,008 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorF.sys -- (iaStorF)
DRV:[b]64bit:[/b] - [2013.04.04 11:33:50 | 000,051,496 | ---- | M] (Yamaha Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ymidusbx64.sys -- (YMIDUSBW)
DRV:[b]64bit:[/b] - [2013.03.18 16:51:08 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:[b]64bit:[/b] - [2013.03.12 13:19:38 | 000,064,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:[b]64bit:[/b] - [2013.03.01 03:49:12 | 000,036,600 | ---- | M] (Riverbed Technology, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:[b]64bit:[/b] - [2013.02.01 16:46:44 | 000,819,784 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:[b]64bit:[/b] - [2012.11.08 12:41:34 | 000,418,632 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:[b]64bit:[/b] - [2012.11.08 12:41:34 | 000,139,592 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:[b]64bit:[/b] - [2012.05.12 12:31:00 | 000,121,416 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV:[b]64bit:[/b] - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2011.12.07 19:42:28 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:[b]64bit:[/b] - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:[b]64bit:[/b] - [2010.11.20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:[b]64bit:[/b] - [2009.12.30 11:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
DRV:[b]64bit:[/b] - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:[b]64bit:[/b] - [2009.03.18 18:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2014.07.09 14:03:10 | 000,019,952 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys -- (RivaTuner64)
DRV - [2014.05.30 01:20:09 | 000,020,256 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Programme\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys -- (NvStreamKms)
DRV - [2014.05.01 00:11:15 | 000,022,280 | ---- | M] (ASRock Incorporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\AsrDrv101.sys -- (AsrDrv101)
DRV - [2013.01.23 08:12:38 | 000,013,368 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\MSI Afterburner\RTCore64.sys -- (RTCore64)
DRV - [2012.07.26 14:38:00 | 000,070,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys -- (VSPerfDrv110)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = 
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 98 1E 9F AF CD 64 CF 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..extensions.enabledAddons: %7Bd40f5e7b-d2cf-4856-b441-cc613eeffbe3%7D:1.68
FF - prefs.js..extensions.enabledAddons: 2.0%40disconnect.me:3.14.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:31.0
FF - user.js - File not found
 
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.5.2: C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.5.2: C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.4.0: C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.60.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.60.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameEU.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Components: C:\Windows.old\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Plugins: C:\Windows.old\Program Files (x86)\Mozilla Firefox\plugins [2014.07.22 21:02:01 | 000,000,000 | ---D | M]
 
[2014.05.01 01:43:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\<myname>\AppData\Roaming\mozilla\Extensions
[2014.07.28 14:48:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\<myname>\AppData\Roaming\mozilla\Firefox\Profiles\cwt0n2ts.default-1402129156548\extensions
[2014.07.20 19:14:24 | 000,000,000 | ---D | M] (Wörterbuch Deutsch (de-DE), Hunspell-unterstützt) -- C:\Users\<myname>\AppData\Roaming\mozilla\Firefox\Profiles\cwt0n2ts.default-1402129156548\extensions\[email protected]
[2014.07.20 19:16:12 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\<myname>\AppData\Roaming\mozilla\Firefox\Profiles\cwt0n2ts.default-1402129156548\extensions\[email protected]
[2014.07.24 17:14:44 | 000,947,620 | ---- | M] () (No name found) -- C:\Users\<myname>\AppData\Roaming\mozilla\firefox\profiles\cwt0n2ts.default-1402129156548\extensions\[email protected]
[2014.07.28 14:48:09 | 003,622,074 | ---- | M] () (No name found) -- C:\Users\<myname>\AppData\Roaming\mozilla\firefox\profiles\cwt0n2ts.default-1402129156548\extensions\[email protected]
[2014.07.23 22:50:46 | 000,967,685 | ---- | M] () (No name found) -- C:\Users\<myname>\AppData\Roaming\mozilla\firefox\profiles\cwt0n2ts.default-1402129156548\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014.07.24 17:14:44 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\<myname>\AppData\Roaming\mozilla\firefox\profiles\cwt0n2ts.default-1402129156548\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
[2014.05.07 23:23:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2014.05.03 14:05:42 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014.05.07 23:23:19 | 000,000,000 | ---D | M] (Hotspot Shield Extension) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\[email protected]
 
[color=#E56717]========== Chrome  ==========[/color]
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Users\<myname>\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: Google Drive = C:\Users\<myname>\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\<myname>\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google-Suche = C:\Users\<myname>\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Users\<myname>\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Google Mail = C:\Users\<myname>\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:[b]64bit:[/b] - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre8\bin\ssv.dll (Oracle Corporation)
O2:[b]64bit:[/b] - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Microsoft Web Test Recorder 10.0 Helper) - {876d9f09-c6d6-4324-a2cc-04dd9a4de12f} - C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [COMODO Internet Security] C:\Programme\COMODO\COMODO Internet Security\CisTray.exe (COMODO)
O4 - HKCU..\Run: [f.lux] C:\Users\<myname>\AppData\Local\FluxSoftware\Flux\flux.exe (Flux Software LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:[b]64bit:[/b] - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:[b]64bit:[/b] - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:[b]64bit:[/b] - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:[b]64bit:[/b] - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O13[b]64bit:[/b] - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 192.168.0.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{86AC067A-5800-42EB-87C4-E50869808AA4}: DhcpNameServer = 192.168.0.1 192.168.0.2
O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:[b]64bit:[/b] - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\System32\Userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (bj.dll) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O28:[b]64bit:[/b] - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2014.04.23 20:18:45 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2014.07.28 19:40:12 | 000,000,000 | ---D | C] -- C:\_OTL
[2014.07.28 15:19:00 | 000,000,000 | ---D | C] -- C:\Users\<myname>\jagexcache
[2014.07.28 13:29:56 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014.07.28 13:24:25 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\SysWow64\sqlite3.dll
[2014.07.27 18:39:00 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\<myname>\Desktop\OTL.exe
[2014.07.26 18:40:02 | 000,000,000 | ---D | C] -- C:\Users\<myname>\AppData\Local\assembly
[2014.07.26 01:56:41 | 000,000,000 | ---D | C] -- C:\Users\<myname>\Desktop\License
[2014.07.26 01:51:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DiskCheckup
[2014.07.26 01:45:29 | 000,000,000 | ---D | C] -- C:\Users\<myname>\AppData\Roaming\HDDHealth
[2014.07.26 01:45:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HDD Health
[2014.07.25 21:57:00 | 000,000,000 | --SD | C] -- C:\ProgramData\Shared Space
[2014.07.25 21:56:40 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2014.07.25 21:56:28 | 000,057,096 | ---- | C] (COMODO CA Limited) -- C:\Windows\SysNative\certsentry.dll
[2014.07.25 21:56:28 | 000,048,392 | ---- | C] (COMODO CA Limited) -- C:\Windows\SysWow64\certsentry.dll
[2014.07.25 21:54:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
[2014.07.25 21:54:16 | 000,000,000 | ---D | C] -- C:\Users\<myname>\AppData\Local\Comodo
[2014.07.25 21:54:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo Downloader
[2014.07.25 21:49:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
[2014.07.25 09:02:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Visual Studio
[2014.07.24 23:54:57 | 000,000,000 | ---D | C] -- C:\Users\<myname>\AppData\Local\Red 5 Studios
[2014.07.24 23:54:52 | 000,000,000 | ---D | C] -- C:\Users\<myname>\Documents\Firefall
[2014.07.24 23:54:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xiph.Org
[2014.07.24 23:54:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xiph.Org
[2014.07.24 23:29:21 | 000,000,000 | ---D | C] -- C:\Users\<myname>\Documents\Visual Studio 2012
[2014.07.24 23:28:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2014.07.24 23:27:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2014.07.24 23:27:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 5 SDK - Deutsch
[2014.07.24 23:27:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 4 SDK - Deutsch
[2014.07.24 23:26:48 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2014.07.24 23:26:18 | 000,000,000 | ---D | C] -- C:\Program Files\Application Verifier
[2014.07.24 23:26:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Verifier
[2014.07.24 23:26:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows App Certification Kit
[2014.07.24 23:25:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
[2014.07.24 23:25:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Microsoft
[2014.07.24 23:25:31 | 000,000,000 | ---D | C] -- C:\ProgramData\PreEmptive Solutions
[2014.07.24 23:23:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft ASP.NET
[2014.07.24 23:23:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Web Tools
[2014.07.24 23:23:14 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2014.07.24 23:23:03 | 000,000,000 | ---D | C] -- C:\Program Files\IIS Express
[2014.07.24 23:23:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IIS Express
[2014.07.24 23:22:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NuGet
[2014.07.24 23:22:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft WCF Data Services
[2014.07.24 23:20:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Kits
[2014.07.24 23:17:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HTML Help Workshop
[2014.07.24 23:17:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Help Viewer
[2014.07.24 23:17:01 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\1033
[2014.07.24 23:17:01 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\1033
[2014.07.24 23:17:01 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\1031
[2014.07.24 23:16:51 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
[2014.07.24 23:16:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server
[2014.07.24 23:14:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Merge Modules
[2014.07.24 23:13:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2012
[2014.07.24 23:13:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 11.0
[2014.07.24 23:13:45 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\1031
[2014.07.24 23:13:41 | 000,000,000 | ---D | C] -- C:\Windows\symbols
[2014.07.24 23:13:40 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 11.0
[2014.07.24 23:13:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SDKs
[2014.07.24 23:11:23 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1991-06.com.microsoft
[2014.07.24 22:23:33 | 000,000,000 | ---D | C] -- C:\Users\<myname>\Desktop\MEGAPACK
[2014.07.20 21:49:37 | 000,000,000 | ---D | C] -- C:\Users\<myname>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2014.07.20 21:49:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2014.07.20 21:49:10 | 000,000,000 | ---D | C] -- C:\Users\<myname>\AppData\Local\http___www.julien-manici
[2014.07.20 14:31:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
[2014.07.20 14:31:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinPcap
[2014.07.20 14:31:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cain
[2014.07.20 14:23:30 | 000,231,376 | ---- | C] (TrueCrypt Foundation) -- C:\Windows\SysNative\drivers\truecrypt.sys
[2014.07.20 12:16:50 | 000,000,000 | ---D | C] -- C:\Users\<myname>\VirtualBox VMs
[2014.07.20 12:16:16 | 000,000,000 | ---D | C] -- C:\Users\<myname>\.VirtualBox
[2014.07.20 12:15:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
[2014.07.20 12:15:32 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2014.07.20 12:13:08 | 000,000,000 | ---D | C] -- C:\Users\<myname>\AppData\Roaming\VMware
[2014.07.20 12:09:48 | 000,000,000 | ---D | C] -- C:\ProgramData\VMware
[2014.07.20 08:44:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2014.07.19 22:30:26 | 000,000,000 | ---D | C] -- C:\Users\<myname>\AppData\Local\NVIDIA
[2014.07.19 22:30:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2014.07.19 12:38:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2014.07.18 00:20:51 | 000,000,000 | ---D | C] -- C:\Users\<myname>\Desktop\Website Safe Scanner
[2014.07.17 19:15:02 | 000,033,856 | -H-- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\hamachi.sys
[2014.07.17 00:05:37 | 000,000,000 | ---D | C] -- C:\Users\<myname>\Documents\Banished
[2014.07.16 00:58:54 | 000,000,000 | ---D | C] -- C:\Users\<myname>\AppData\Roaming\RotMG.Production
[2014.07.15 16:28:58 | 000,000,000 | ---D | C] -- C:\ProgramData\SwiftKit
[2014.07.15 15:58:10 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2014.07.15 15:53:21 | 000,000,000 | ---D | C] -- C:\Windows\.jagex_cache_32
[2014.07.14 00:26:24 | 000,000,000 | ---D | C] -- C:\Users\<myname>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flux
[2014.07.14 00:26:22 | 000,000,000 | ---D | C] -- C:\Users\<myname>\AppData\Local\FluxSoftware
[2014.07.13 15:24:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
[2014.07.13 15:23:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Diablo III
[2014.07.13 02:43:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TERA
[2014.07.13 02:43:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TERA
[2014.07.12 15:08:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Nexon
[2014.07.12 15:06:45 | 000,000,000 | ---D | C] -- C:\Users\<myname>\Documents\Vindictus EU
[2014.07.12 14:59:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexon
[2014.07.12 14:59:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BandiMPEG1
[2014.07.12 14:54:56 | 000,000,000 | ---D | C] -- C:\Nexon
[2014.07.12 14:28:01 | 000,000,000 | ---D | C] -- C:\ProgramData\NexonEU
[2014.07.11 23:34:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Arma III
[2014.07.11 21:10:56 | 000,000,000 | ---D | C] -- C:\Users\<myname>\Documents\Bullet
[2014.07.11 21:09:56 | 000,000,000 | ---D | C] -- C:\Users\<myname>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft AppLocale
[2014.07.09 21:16:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\WuShu_0.0.1.116
[2014.07.09 21:16:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AgeofWushu_download
[2014.07.09 14:06:53 | 000,000,000 | ---D | C] -- C:\Users\<myname>\Documents\Mount&Blade Warband Savegames
[2014.07.09 14:05:37 | 000,000,000 | ---D | C] -- C:\Users\<myname>\Documents\Mount&Blade Warband
[2014.07.09 14:05:37 | 000,000,000 | ---D | C] -- C:\Users\<myname>\AppData\Roaming\Mount&Blade Warband
[2014.07.09 14:02:38 | 000,000,000 | ---D | C] -- C:\Users\<myname>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
[2014.07.09 14:02:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
[2014.07.09 11:31:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2014.07.09 11:31:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2014.07.09 11:09:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webzen
[2014.07.09 11:09:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Webzen
[2014.07.09 10:56:32 | 000,000,000 | ---D | C] -- C:\download
[2014.07.09 10:56:27 | 000,000,000 | ---D | C] -- C:\ProgramData\WEBZEN
[2014.07.06 00:56:17 | 000,000,000 | ---D | C] -- C:\Users\<myname>\AppData\Local\LogMeIn Hamachi
[2014.07.06 00:56:17 | 000,000,000 | ---D | C] -- C:\Users\<myname>\AppData\Local\LogMeIn
[2014.07.06 00:56:17 | 000,000,000 | ---D | C] -- C:\ProgramData\LogMeIn
[2014.07.04 21:42:00 | 000,000,000 | ---D | C] -- C:\Users\<myname>\AppData\Local\VS Revo Group
[2014.07.04 21:41:57 | 000,031,800 | ---- | C] (VS Revo Group) -- C:\Windows\SysNative\drivers\revoflt.sys
[2014.07.04 21:41:57 | 000,000,000 | ---D | C] -- C:\ProgramData\VS Revo Group
[2014.07.04 21:41:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
[2014.07.04 21:41:56 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2014.07.03 21:04:23 | 000,000,000 | ---D | C] -- C:\ProgramData\pwd
[2014.07.03 20:26:23 | 000,000,000 | -H-D | C] -- C:\ArcTemp
[2014.07.03 19:18:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guild Wars 2
[2014.07.03 19:18:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Guild Wars 2
[2014.07.03 19:18:10 | 000,000,000 | ---D | C] -- C:\Users\<myname>\AppData\Roaming\Guild Wars 2
[2014.07.02 21:18:16 | 000,000,000 | ---D | C] -- C:\Users\<myname>\Documents\AnyTrans Export
[2014.07.02 21:14:36 | 000,000,000 | ---D | C] -- C:\Users\<myname>\AppData\Local\Apple Computer
[2014.07.02 21:14:35 | 000,000,000 | ---D | C] -- C:\Users\<myname>\AppData\Roaming\Apple Computer
[2014.07.02 21:14:25 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2014.07.02 21:14:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2014.07.02 21:14:02 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2014.07.02 21:12:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2014.07.02 21:11:18 | 000,000,000 | ---D | C] -- C:\Users\<myname>\AppData\Local\iMobie_Inc
[2014.07.02 21:11:18 | 000,000,000 | ---D | C] -- C:\Users\<myname>\AppData\Roaming\iMobie
[2014.06.30 18:49:55 | 000,000,000 | ---D | C] -- C:\Users\<myname>\Documents\Larian Studios
[2014.06.15 21:05:36 | 002,869,264 | ---- | C] (Microsoft Corporation) -- C:\Users\<myname>\AppData\Roaming\dotNetFx35setup.exe
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2014.07.28 21:34:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014.07.28 21:14:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014.07.28 19:48:50 | 000,020,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014.07.28 19:48:50 | 000,020,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014.07.28 19:43:45 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014.07.28 19:43:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014.07.28 19:43:16 | 2099,032,063 | -HS- | M] () -- C:\hiberfil.sys
[2014.07.27 18:39:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\<myname>\Desktop\OTL.exe
[2014.07.27 01:09:53 | 001,593,558 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014.07.27 01:09:53 | 000,697,970 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2014.07.27 01:09:53 | 000,654,968 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014.07.27 01:09:53 | 000,149,436 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2014.07.27 01:09:53 | 000,122,338 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014.07.27 01:09:47 | 001,593,558 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014.07.26 10:02:33 | 005,035,776 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014.07.25 22:19:02 | 000,002,165 | ---- | M] () -- C:\Users\<myname>\AppData\Roaming\EasyToolz.ini
[2014.07.25 21:59:31 | 000,001,870 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Firewall.lnk
[2014.07.25 21:56:28 | 000,057,096 | ---- | M] (COMODO CA Limited) -- C:\Windows\SysNative\certsentry.dll
[2014.07.25 21:56:28 | 000,048,392 | ---- | M] (COMODO CA Limited) -- C:\Windows\SysWow64\certsentry.dll
[2014.07.20 14:23:30 | 000,231,376 | ---- | M] (TrueCrypt Foundation) -- C:\Windows\SysNative\drivers\truecrypt.sys
[2014.07.20 12:15:48 | 000,001,100 | ---- | M] () -- C:\Users\<myname>\Application Data\Microsoft\Internet Explorer\Quick Launch\Oracle VM VirtualBox.lnk
[2014.07.20 12:15:48 | 000,001,076 | ---- | M] () -- C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
[2014.07.20 12:10:19 | 000,001,024 | ---- | M] () -- C:\Windows\SysWow64\%TMP%
[2014.07.19 23:30:43 | 000,001,121 | ---- | M] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2014.07.19 23:30:43 | 000,000,934 | ---- | M] () -- C:\Users\Public\Desktop\Nexus Mod Manager.lnk
[2014.07.19 22:31:04 | 000,001,347 | ---- | M] () -- C:\Users\Public\Desktop\GeForce Experience.lnk
[2014.07.18 08:54:02 | 035,524,570 | ---- | M] () -- C:\Users\<myname>\Desktop\Desktop.zip
[2014.07.15 16:31:14 | 000,000,024 | ---- | M] () -- C:\Users\<myname>\random.dat
[2014.07.15 16:30:25 | 000,000,043 | ---- | M] () -- C:\Users\<myname>\jagex_cl_oldschool_LIVE.dat
[2014.07.15 16:19:12 | 000,002,271 | ---- | M] () -- C:\Users\<myname>\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014.07.15 16:14:20 | 000,000,043 | ---- | M] () -- C:\Users\<myname>\jagex_cl_runescape_LIVE.dat
[2014.07.15 15:58:15 | 000,000,044 | ---- | M] () -- C:\Users\<myname>\jagex_cl_runescape_LIVE1.dat
[2014.07.15 15:54:18 | 000,000,023 | ---- | M] () -- C:\Users\<myname>\jagexappletviewer.preferences
[2014.07.13 15:24:27 | 000,001,156 | ---- | M] () -- C:\Users\Public\Desktop\Diablo III.lnk
[2014.07.13 02:43:30 | 000,001,044 | ---- | M] () -- C:\Users\<myname>\Desktop\TERA.lnk
[2014.07.12 18:02:40 | 000,000,331 | ---- | M] () -- C:\Users\<myname>\Documents\Preset 1.mbcfg
[2014.07.12 18:02:40 | 000,000,331 | ---- | M] () -- C:\Users\<myname>\Documents\Preset 0.mbcfg
[2014.07.12 14:59:32 | 000,000,183 | ---- | M] () -- C:\Users\Public\Desktop\Vindictus EU.url
[2014.07.04 21:41:58 | 000,001,101 | ---- | M] () -- C:\Users\<myname>\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2014.07.04 21:06:19 | 477,616,821 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2014.07.03 19:18:54 | 000,000,932 | ---- | M] () -- C:\Users\Public\Desktop\Guild Wars 2.lnk
[2014.07.02 22:05:25 | 000,214,392 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2014.07.02 22:00:56 | 000,000,653 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 4(64 bit).lnk
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2014.07.26 02:14:18 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2014.07.25 21:59:31 | 000,001,870 | ---- | C] () -- C:\Users\Public\Desktop\COMODO Firewall.lnk
[2014.07.24 23:23:14 | 000,002,059 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Web Platform Installer.lnk
[2014.07.20 12:15:48 | 000,001,100 | ---- | C] () -- C:\Users\<myname>\Application Data\Microsoft\Internet Explorer\Quick Launch\Oracle VM VirtualBox.lnk
[2014.07.20 12:15:48 | 000,001,076 | ---- | C] () -- C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
[2014.07.20 12:10:19 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\%TMP%
[2014.07.19 22:31:04 | 000,001,347 | ---- | C] () -- C:\Users\Public\Desktop\GeForce Experience.lnk
[2014.07.18 08:53:57 | 035,524,570 | ---- | C] () -- C:\Users\<myname>\Desktop\Desktop.zip
[2014.07.15 16:30:25 | 000,000,043 | ---- | C] () -- C:\Users\<myname>\jagex_cl_oldschool_LIVE.dat
[2014.07.15 15:58:15 | 000,000,044 | ---- | C] () -- C:\Users\<myname>\jagex_cl_runescape_LIVE1.dat
[2014.07.15 15:53:23 | 000,000,043 | ---- | C] () -- C:\Users\<myname>\jagex_cl_runescape_LIVE.dat
[2014.07.15 15:53:23 | 000,000,024 | ---- | C] () -- C:\Users\<myname>\random.dat
[2014.07.15 15:53:14 | 000,000,023 | ---- | C] () -- C:\Users\<myname>\jagexappletviewer.preferences
[2014.07.13 15:24:26 | 000,001,156 | ---- | C] () -- C:\Users\Public\Desktop\Diablo III.lnk
[2014.07.13 02:43:31 | 000,001,044 | ---- | C] () -- C:\Users\<myname>\Desktop\TERA.lnk
[2014.07.12 14:59:32 | 000,000,183 | ---- | C] () -- C:\Users\Public\Desktop\Vindictus EU.url
[2014.07.04 21:41:58 | 000,001,121 | ---- | C] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2014.07.04 21:41:58 | 000,001,101 | ---- | C] () -- C:\Users\<myname>\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2014.07.03 19:18:54 | 000,000,932 | ---- | C] () -- C:\Users\Public\Desktop\Guild Wars 2.lnk
[2014.07.02 22:00:56 | 000,000,653 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 4(64 bit).lnk
[2014.07.02 21:13:21 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2014.05.25 13:07:14 | 000,354,304 | ---- | C] () -- C:\Windows\SysWow64\pythoncom27.dll
[2014.05.25 13:07:14 | 000,110,080 | ---- | C] () -- C:\Windows\SysWow64\pywintypes27.dll
[2014.05.25 13:07:14 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\pythoncomloader27.dll
[2014.05.12 21:11:32 | 000,214,392 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2014.05.12 21:11:31 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2014.05.10 20:54:24 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2014.05.06 09:49:18 | 005,117,607 | ---- | C] () -- C:\Users\<myname>\1.7.2-Forge10.12.1.1065.jar
[2014.05.01 01:57:36 | 001,593,558 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014.04.30 22:38:32 | 000,002,165 | ---- | C] () -- C:\Users\<myname>\AppData\Roaming\EasyToolz.ini
[2014.04.30 21:36:56 | 000,007,605 | ---- | C] () -- C:\Users\<myname>\AppData\Local\Resmon.ResmonCfg
[2013.07.18 14:32:38 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2013.07.18 14:32:34 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2013.07.18 14:32:34 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2013.07.18 14:32:34 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2013.07.18 14:32:34 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2013.03.01 03:47:36 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2013.02.13 12:27:54 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
[2012.09.28 21:45:06 | 000,247,296 | ---- | C] () -- C:\Windows\SysWow64\rtvcvfw32.dll
 
[color=#E56717]========== ZeroAccess Check ==========[/color]
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014.03.25 04:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014.03.25 04:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2014.07.25 15:26:21 | 000,000,000 | ---D | M] -- C:\Users\<myname>\AppData\Roaming\.minecraft
[2014.05.04 13:41:59 | 000,000,000 | ---D | M] -- C:\Users\<myname>\AppData\Roaming\.technic
[2014.06.25 17:35:28 | 000,000,000 | ---D | M] -- C:\Users\<myname>\AppData\Roaming\Aeria Games & Entertainment
[2014.05.06 01:00:34 | 000,000,000 | ---D | M] -- C:\Users\<myname>\AppData\Roaming\Autodesk
[2014.06.07 12:42:51 | 000,000,000 | ---D | M] -- C:\Users\<myname>\AppData\Roaming\Battle.net
[2014.06.25 12:21:22 | 000,000,000 | ---D | M] -- C:\Users\<myname>\AppData\Roaming\Bullet Candy
[2014.04.30 23:43:37 | 000,000,000 | ---D | M] -- C:\Users\<myname>\AppData\Roaming\CPUControl
[2014.04.30 21:14:50 | 000,000,000 | ---D | M] -- C:\Users\<myname>\AppData\Roaming\Craften Terminal
[2014.05.31 21:10:16 | 000,000,000 | ---D | M] -- C:\Users\<myname>\AppData\Roaming\Crytek
[2014.05.02 17:47:39 | 000,000,000 | ---D | M] -- C:\Users\<myname>\AppData\Roaming\DAEMON Tools Lite
[2014.05.25 10:42:06 | 000,000,000 | ---D | M] -- C:\Users\<myname>\AppData\Roaming\DarkSoulsII
[2014.04.30 21:40:59 | 000,000,000 | ---D | M] -- C:\Users\<myname>\AppData\Roaming\Easeware
[2014.05.01 14:52:08 | 000,000,000 | ---D | M] -- C:\Users\<myname>\AppData\Roaming\ftblauncher
[2014.07.03 23:09:23 | 000,000,000 | ---D | M] -- C:\Users\<myname>\AppData\Roaming\Guild Wars 2
[2014.07.26 01:45:29 | 000,000,000 | ---D | M] -- C:\Users\<myname>\AppData\Roaming\HDDHealth
[2014.07.02 21:16:18 | 000,000,000 | ---D | M] -- C:\Users\<myname>\AppData\Roaming\iMobie
[2014.05.01 01:53:47 | 000,000,000 | ---D | M] -- C:\Users\<myname>\AppData\Roaming\java
[2014.05.01 02:14:46 | 000,000,000 | ---D | M] -- C:\Users\<myname>\AppData\Roaming\library_dir
[2014.04.30 22:47:12 | 000,000,000 | ---D | M] -- C:\Users\<myname>\AppData\Roaming\MotioninJoy
[2014.07.09 14:06:19 | 000,000,000 | ---D | M] -- C:\Users\<myname>\AppData\Roaming\Mount&Blade Warband
[2014.06.19 23:10:49 | 000,000,000 | ---D | M] -- C:\Users\<myname>\AppData\Roaming\MultiBit
[2014.05.01 13:38:18 | 000,000,000 | ---D | M] -- C:\Users\<myname>\AppData\Roaming\Notepad++
[2014.05.12 21:05:27 | 000,000,000 | ---D | M] -- C:\Users\<myname>\AppData\Roaming\Origin
[2014.05.07 20:21:29 | 000,000,000 | ---D | M] -- C:\Users\<myname>\AppData\Roaming\RadeonPro
[2014.05.02 21:51:58 | 000,000,000 | ---D | M] -- C:\Users\<myname>\AppData\Roaming\RIFT
[2014.07.16 00:58:54 | 000,000,000 | ---D | M] -- C:\Users\<myname>\AppData\Roaming\RotMG.Production
[2014.06.14 14:13:37 | 000,000,000 | ---D | M] -- C:\Users\<myname>\AppData\Roaming\Samsung
[2014.07.15 12:19:24 | 000,000,000 | ---D | M] -- C:\Users\<myname>\AppData\Roaming\Synthesia
[2014.05.10 12:53:27 | 000,000,000 | ---D | M] -- C:\Users\<myname>\AppData\Roaming\TeamViewer
[2014.05.11 15:26:19 | 000,000,000 | ---D | M] -- C:\Users\<myname>\AppData\Roaming\TERA
[2014.06.25 19:36:58 | 000,000,000 | ---D | M] -- C:\Users\<myname>\AppData\Roaming\The Creative Assembly
[2014.05.28 12:31:43 | 000,000,000 | ---D | M] -- C:\Users\<myname>\AppData\Roaming\To the Moon - Freebird Games
[2014.07.22 23:22:43 | 000,000,000 | ---D | M] -- C:\Users\<myname>\AppData\Roaming\TS3Client
[2014.07.27 22:55:30 | 000,000,000 | ---D | M] -- C:\Users\<myname>\AppData\Roaming\uTorrent
[2014.05.29 13:23:50 | 000,000,000 | ---D | M] -- C:\Users\<myname>\AppData\Roaming\XRay Engine
[2014.05.17 13:10:04 | 000,000,000 | ---D | M] -- C:\Users\<myname>\AppData\Roaming\Zeal Game Studio
 
[color=#E56717]========== Purity Check ==========[/color]
 
 

< End of report >

also 1. i would not know how to get the log from avira 2. i uninstalled it too, i want to get another one.


  • 0

#14
Machiavelli
Posted 28 July 2014 - 02:22 PM

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts
First,
Please download Malwarebytes' Anti-Malware from Here or Here
  • Double Click the downloaded mbam-setup-x.x.x.xxxx.exe to install the application. (x.x.x.xxxx represents the current version number).
  • During installation, make sure uncheck Enable free trial of Malwarebytes Anti-Malware Premium, then click Finish. You can always upgrade later ;) :
    MBAM1_zps65d773c0.png
  • If an update is found, it will download and install the latest updates automatically:
    MBAM2_zps52e3211b.png
  • Now select the Settings tab, and check the box next to Scan for rootkits:
    MBAM3_zps83324155.png
  • Go back to the Dashboard tab, and click the Scan Now button:
    MBAM4_zpse3cd4a79.png
  • The scan may take some time to finish,so please be patient.
    MBAM5_zps36d7537b.png
  • When the scan is complete, it will show you the results. (This one is clean):
    MBAM65_zpsb0aa143c.png
  • Make sure that everything is checked, and click Quarantine All (or similar).
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note below) If the log doesn't open, select View detailed log in the Scan tab:
    MBAM7_zps782405f0.png
  • The log is automatically saved by MBAM and can be viewed by going to the History tab and clicking on Application Logs:
    MBAM9_zps1f87702b.png
  • Choose the latest Scan Log, and click on the View button:
    MBAM10_zps5a48f689.png
  • In the bottom of the Scanning History Log window that opens, you can click on Export > Save to Text file (*.txt). Save the report to your Desktop.
    MBAM8_zpsad402941.png
  • Copy & Paste the entire contents of the report log in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

*** In your next reply, I need you to Copy&Paste the contents of the MBAM log file.

Next,
IMPORTANT: You MUST use Internet Explorer for this step!
  • Visit the ESET Online Scanner Web Page
  • Select the blue Run ESET Online Scanner button:
    ESET1_zps23a5e840.png
  • Tick the box next to YES, I accept the Terms of Use and click Start
    ESET_EULA2_zps9451f1c3.png
  • When asked, allow the ActiveX control to install.
  • Select Enable detection of potentially unwanted applications and select Advanced Settings:
    ESET2_zpsc701c045.png
  • Make sure to check the options Remove found threats and Enable Anti-Stealth technology are checked:
    ESET4_zps0afafd0d.png
  • Click Start. (This scan can take several hours, so please be patient):
    ESET3_zpsccd1657d.png
  • Once the scan is completed, select List of found threats:
    ESET5_zpsd27be299.png
  • Select Export to text file... and save the file as ESETlog.txt on your Desktop:
    ESET6_zpsc17d154e.png
  • Click the Back button.
  • Click the Finish button:
    ESET9_zps51587217.png
  • Use Notepad to open the saved log file (on your Desktop- ESET.txt)[/b]
  • Copy and paste that log as a reply to this topic.
Next,
how is your computer running?
  • 0

#15
Daisy_
Posted 28 July 2014 - 03:36 PM

Daisy_

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts 
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 28.07.2014
Scan Time: 23:19:48
Logfile: 
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.07.28.06
Rootkit Database: v2014.07.17.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: <myname>

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 383809
Time Elapsed: 14 min, 45 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)


(end)

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP