Ergebnis 1 bis 5 von 5
  1. #1
    Einsteiger
    Registriert seit
    15.10.2013
    Beiträge
    3

    Bundespolizei - Ihr Browser hat gesperrt

    Moin,

    hab mich ja nun schon etwas belesen, kann mit den Logfiles allerdings herzlich wenig anfangen -> noob.
    Wär nett wenn mir jemand bei den nächsten Schritten helfen könnte, hier die beiden files:

    Code:
    OTL logfile created on: 15.10.2013 13:27:17 - Run 1
    OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Rape\Downloads
    64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.10.9200.16721)
    Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
     
    8,00 Gb Total Physical Memory | 6,15 Gb Available Physical Memory | 76,93% Memory free
    12,93 Gb Paging File | 10,54 Gb Available in Paging File | 81,51% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 465,66 Gb Total Space | 7,25 Gb Free Space | 1,56% Space Free | Partition Type: NTFS
    Unable to calculate disk information.
    Drive E: | 7,07 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
    Drive H: | 100,00 Mb Total Space | 61,72 Mb Free Space | 61,72% Space Free | Partition Type: NTFS
     
    Computer Name: RAPE-PC | User Name: Rape | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
     
    ========== Processes (SafeList) ==========
     
    PRC - C:\Users\Rape\Downloads\OTL.exe (OldTimer Tools)
    PRC - C:\Perfect World Entertainment\Arc\Arc.exe (Perfect World Entertainment Inc)
    PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    PRC - C:\Perfect World Entertainment\Arc\ArcBrowser.exe (Perfect World Entertainment Inc)
    PRC - C:\Program Files (x86)\Tor\tor.exe ()
    PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe (Adobe Systems, Inc.)
    PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
    PRC - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
    PRC - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
    PRC - C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
    PRC - C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics)
    PRC - C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
    PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
    PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
    PRC - C:\Windows\SysWOW64\XSrvSetup.exe ()
    PRC - C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
    PRC - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe (DeviceVM, Inc.)
    PRC - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
    PRC - C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
    PRC - C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe (Adobe Systems Incorporated)
     
     
    ========== Modules (No Company Name) ==========
     
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\ef63e29e24bf73b2a8659e13aa18fbbb\System.Runtime.Remoting.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\e9147e4c70d4e387dc4aea59ce0a219a\PresentationFramework.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\99bbd3424207d205e9e680fa712dba04\PresentationCore.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\55c245966c0b23a47587c18681457e48\System.Core.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\b1ff5e4a64c0bb0a9b039aaefcde5ea7\WindowsBase.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\85a501f8b0cb271f1bfab6532523ac3c\System.Configuration.ni.dll ()
    MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
    MOD - C:\Perfect World Entertainment\Arc\ZUnZip.dll ()
    MOD - C:\Perfect World Entertainment\Arc\CoreUI.dll ()
    MOD - C:\Perfect World Entertainment\Arc\ArcOverlayStub.dll ()
    MOD - C:\Perfect World Entertainment\Arc\libcef.dll ()
    MOD - C:\Perfect World Entertainment\Arc\CoreLib_PWP.dll ()
    MOD - C:\Perfect World Entertainment\Arc\sqlite3.dll ()
    MOD - C:\Perfect World Entertainment\Arc\libGLESv2.dll ()
    MOD - C:\Perfect World Entertainment\Arc\libEGL.dll ()
    MOD - C:\Perfect World Entertainment\Arc\avutil-51.dll ()
    MOD - C:\Perfect World Entertainment\Arc\avformat-53.dll ()
    MOD - C:\Perfect World Entertainment\Arc\avcodec-53.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\d8f4106eee38420ac5eda7d630dc53fc\System.ServiceProcess.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\c8648331484537c338fe2b606a9db8b7\System.Xaml.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\b7285e9f3d19a05d5cc2c049e451685d\System.Xml.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\08c630893416f3379c9455870908ad6c\System.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a01e07e47ecdd94ae099e8c4bf650516\mscorlib.ni.dll ()
    MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
    MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
    MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxslt.dll ()
    MOD - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll ()
     
     
    ========== Services (SafeList) ==========
     
    SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
    SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
    SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
    SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
    SRV - (tor) -- C:\Program Files (x86)\Tor\tor.exe ()
    SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
    SRV - (TunngleService) -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe (Tunngle.net GmbH)
    SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
    SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
    SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
    SRV - (JMB36X) -- C:\Windows\SysWOW64\XSrvSetup.exe ()
    SRV - (BCUService) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe (DeviceVM, Inc.)
    SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
    SRV - (AdobeActiveFileMonitor6.0) -- C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
     
     
    ========== Driver Services (SafeList) ==========
     
    DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
    DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
    DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
    DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
    DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
    DRV:64bit: - (MotioninJoyXFilter) -- C:\Windows\SysNative\drivers\MijXfilt.sys (MotioninJoy)
    DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
    DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
    DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
    DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
    DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
    DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
    DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
    DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
    DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
    DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.)
    DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
    DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (NEC Electronics Corporation)
    DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (NEC Electronics Corporation)
    DRV:64bit: - (tap0901t) -- C:\Windows\SysNative\drivers\tap0901t.sys (Tunngle.net)
    DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
    DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
    DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
    DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
    DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
    DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
    DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
    DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) Server 2003 DDK provider)
    DRV - (FsUsbExDisk) -- C:\Windows\SysWOW64\FsUsbExDisk.Sys ()
    DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
     
     
    ========== Standard Registry (SafeList) ==========
     
     
    ========== Internet Explorer ==========
     
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.a-searchpage.info/?l=1&q={searchTerms}&pid=625&r=2013/06/08&hid=134453212&lg=EN&cc=DE&unqvl=18
     
     
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
     
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
     
     
     
    IE - HKU\S-1-5-21-916265873-225623776-2837566140-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://websearch.a-searchpage.info/?pid=625&r=2013/06/08&hid=134453212&lg=EN&cc=DE&unqvl=18
    IE - HKU\S-1-5-21-916265873-225623776-2837566140-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
    IE - HKU\S-1-5-21-916265873-225623776-2837566140-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
    IE - HKU\S-1-5-21-916265873-225623776-2837566140-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E7 86 C9 F0 2D 9F CD 01  [binary data]
    IE - HKU\S-1-5-21-916265873-225623776-2837566140-1001\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
    IE - HKU\S-1-5-21-916265873-225623776-2837566140-1001\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
    IE - HKU\S-1-5-21-916265873-225623776-2837566140-1001\..\SearchScopes,DefaultScope = {612A6069-31A7-4bb8-9161-54433A1605E1}
    IE - HKU\S-1-5-21-916265873-225623776-2837566140-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-916265873-225623776-2837566140-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.claro-search.com/?q={searchTerms}&affID=117423&tt=060113_9104dnl_0213_6&babsrc=SP_ss&mntrId=8afdcbee0000000000001c6f653e2513
    IE - HKU\S-1-5-21-916265873-225623776-2837566140-1001\..\SearchScopes\{1A8C8754-B8E9-4754-B681-6087A0FB5D98}: "URL" = http://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=1975384696&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=de&q={searchTerms}
    IE - HKU\S-1-5-21-916265873-225623776-2837566140-1001\..\SearchScopes\{612A6069-31A7-4bb8-9161-54433A1605E1}: "URL" = http://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBD
    IE - HKU\S-1-5-21-916265873-225623776-2837566140-1001\..\SearchScopes\{82DF5FA7-57FA-4816-8AAF-E5A6FD76C261}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2504091
    IE - HKU\S-1-5-21-916265873-225623776-2837566140-1001\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.a-searchpage.info/?l=1&q={searchTerms}&pid=625&r=2013/06/08&hid=134453212&lg=EN&cc=DE&unqvl=18
    IE - HKU\S-1-5-21-916265873-225623776-2837566140-1001\..\SearchScopes\{F6F69D17-F890-46EC-9CC7-82FE5374328F}: "URL" = http://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
    IE - HKU\S-1-5-21-916265873-225623776-2837566140-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-916265873-225623776-2837566140-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
     
    ========== FireFox ==========
     
    FF - prefs.js..browser.search.defaultenginename: ""
    FF - prefs.js..browser.search.order.1: "Claro Search"
    FF - prefs.js..browser.search.selectedEngine: "Claro Search"
    FF - prefs.js..browser.startup.homepage: "http://www.google.de"
    FF - prefs.js..extensions.enabledAddons: %7BDDC359D1-844A-42a7-9AA1-88A850A938A8%7D:2.0.16
    FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.5.2
    FF - prefs.js..extensions.enabledAddons: youtubeunblocker%40unblocker.yt:0.4.4
    FF - prefs.js..extensions.enabledAddons: %7B19503e42-ca3c-4c27-b1e2-9cdb2170ee34%7D:1.5.5.92
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
    FF - prefs.js..keyword.URL: "http://websearch.a-searchpage.info/?pid=625&r=2013/06/08&hid=134453212&lg=EN&cc=DE&unqvl=18&l=1&q="
    FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "WebSearch"
    FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "WebSearch"
    FF - prefs.js..browser.startup.homepage: "http://websearch.a-searchpage.info/?pid=625&r=2013/06/08&hid=134453212&lg=EN&cc=DE&unqvl=18"
    FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "http://websearch.a-searchpage.info/?pid=625&r=2013/06/08&hid=134453212&lg=EN&cc=DE&unqvl=18&l=1&q="
     
     
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Rape\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Rape\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
     
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.10.01 02:05:34 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}: C:\Program Files (x86)\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.10.01 02:05:34 | 000,000,000 | ---D | M]
     
    [2012.07.04 12:20:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rape\AppData\Roaming\mozilla\Extensions
    [2013.10.01 01:20:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rape\AppData\Roaming\mozilla\Firefox\Profiles\6t8fcncr.default\extensions
    [2013.09.23 20:38:41 | 000,000,000 | ---D | M] (Vuze Remote) -- C:\Users\Rape\AppData\Roaming\mozilla\Firefox\Profiles\6t8fcncr.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
    [2013.01.07 16:38:05 | 000,000,000 | ---D | M] (Claro Toolbar) -- C:\Users\Rape\AppData\Roaming\mozilla\Firefox\Profiles\6t8fcncr.default\extensions\ffxtlbr@claro.com
    [2013.07.27 12:25:22 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Rape\AppData\Roaming\mozilla\Firefox\Profiles\6t8fcncr.default\extensions\ich@maltegoetz.de
    [2013.06.08 10:21:02 | 000,000,000 | ---D | M] (SearchNewTab) -- C:\Users\Rape\AppData\Roaming\mozilla\Firefox\Profiles\6t8fcncr.default\extensions\mptyye0k@jkbcpxi.co.uk
    [2013.06.08 10:21:02 | 000,000,000 | ---D | M] (ccooNttinuetosave) -- C:\Users\Rape\AppData\Roaming\mozilla\Firefox\Profiles\6t8fcncr.default\extensions\uvfque@ktqkahb.co.uk
    [2013.09.05 13:01:10 | 000,004,525 | ---- | M] () (No name found) -- C:\Users\Rape\AppData\Roaming\mozilla\firefox\profiles\6t8fcncr.default\extensions\youtubeunblocker@unblocker.yt.xpi
    [2013.10.01 01:20:53 | 000,379,902 | ---- | M] () (No name found) -- C:\Users\Rape\AppData\Roaming\mozilla\firefox\profiles\6t8fcncr.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
    [2013.04.04 17:01:29 | 000,714,654 | ---- | M] () (No name found) -- C:\Users\Rape\AppData\Roaming\mozilla\firefox\profiles\6t8fcncr.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
    [2013.01.07 16:38:05 | 000,001,300 | ---- | M] () -- C:\Users\Rape\AppData\Roaming\mozilla\firefox\profiles\6t8fcncr.default\searchplugins\claro.xml
    [2013.06.08 10:21:04 | 000,007,846 | ---- | M] () -- C:\Users\Rape\AppData\Roaming\mozilla\firefox\profiles\6t8fcncr.default\searchplugins\WebSearch.xml
    [2013.10.01 02:05:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\Extensions
    [2013.10.01 02:05:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
    [2013.10.01 02:05:36 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    [2012.06.17 18:40:11 | 000,002,352 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
    [2011.06.18 18:50:35 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
     
    ========== Chrome  ==========
     
    CHR - default_search_provider: WebSearch (Enabled)
    CHR - default_search_provider: search_url = http://websearch.a-searchpage.info/?l=1&q={searchTerms}&pid=625&r=2013/06/08&hid=134453212&lg=EN&cc=DE&unqvl=18
    CHR - default_search_provider: suggest_url = http://localhost
    CHR - homepage: http://www.claro-search.com/?affID=117423&tt=060113_9104dnl_0213_6&babsrc=HP_ss&mntrId=8afdcbee0000000000001c6f653e2513
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Rape\AppData\Local\Google\Chrome\Application\21.0.1180.79\PepperFlash\pepflashplayer.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Rape\AppData\Local\Google\Chrome\Application\30.0.1599.69\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\Rape\AppData\Local\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Rape\AppData\Local\Google\Chrome\Application\30.0.1599.69\pdf.dll
    CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\Rape\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\10.11.21.5_0\plugins/ConduitChromeApiPlugin.dll
    CHR - plugin: Conduit Radio Plugin (Enabled) = C:\Users\Rape\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\10.11.21.5_0\plugins/np-cwmp.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
    CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
    CHR - plugin: Google Update (Enabled) = C:\Users\Rape\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
    CHR - Extension: YouTube = C:\Users\Rape\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
    CHR - Extension: Google-Suche = C:\Users\Rape\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
    CHR - Extension: Domain Error Assistant = C:\Users\Rape\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj\1.1_0\
    CHR - Extension: Slick Savings = C:\Users\Rape\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.4_0\
    CHR - Extension: Chrome In-App Payments service = C:\Users\Rape\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
    CHR - Extension: Vuze Remote = C:\Users\Rape\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\10.19.2.505_0\
    CHR - Extension: Google Mail = C:\Users\Rape\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
     
    O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    O2 - BHO: (Claro LTD Helper Object) - {000F18F2-09EB-4A59-82B2-5AE4184C39C3} - C:\Program Files (x86)\Claro LTD\claro\1.8.8.5\bh\claro.dll (Montera Technologeis LTD)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3 - HKLM\..\Toolbar: (Claro LTD Toolbar) - {9E131A93-EED7-4BEB-B015-A0ADB30B5646} - C:\Program Files (x86)\Claro LTD\claro\1.8.8.5\claroTlbr.dll (Montera Technologeis LTD)
    O3 - HKU\S-1-5-21-916265873-225623776-2837566140-1001\..\Toolbar\WebBrowser: (no name) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
    O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
    O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
    O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
    O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-916265873-225623776-2837566140-1001..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
    O4 - HKU\S-1-5-21-916265873-225623776-2837566140-1001..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
    O4 - HKU\S-1-5-21-916265873-225623776-2837566140-1001..\Run: [icq] C:\Users\Rape\AppData\Roaming\ICQM\icq.exe (ICQ)
    O4 - HKU\S-1-5-21-916265873-225623776-2837566140-1001..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics)
    O4 - HKU\S-1-5-21-916265873-225623776-2837566140-1001..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
    O4 - HKU\S-1-5-21-916265873-225623776-2837566140-1001..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
    O4 - HKU\.DEFAULT..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found
    O4 - HKU\S-1-5-18..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found
    O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - Startup: C:\Users\Rape\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
    O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
    O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
    O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
    O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
    O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
    O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
    O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
    O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
    O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
    O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
    O15 - HKU\S-1-5-21-916265873-225623776-2837566140-1001\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-21-916265873-225623776-2837566140-1001\..Trusted Domains: freerealms.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-21-916265873-225623776-2837566140-1001\..Trusted Domains: soe.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-21-916265873-225623776-2837566140-1001\..Trusted Domains: sony.com ([]* in Trusted sites)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1FB914C7-F8EA-4AEC-BAB6-E99AE0DDB8D4}: DhcpNameServer = 192.168.178.1
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O33 - MountPoints2\{4141391b-0a36-11e3-a339-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{4141391b-0a36-11e3-a339-806e6f6e6963}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\autorun.bat
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
     
    NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
     
     
    SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
    SafeBootMin:64bit: Base - Driver Group
    SafeBootMin:64bit: Boot Bus Extender - Driver Group
    SafeBootMin:64bit: Boot file system - Driver Group
    SafeBootMin:64bit: File system - Driver Group
    SafeBootMin:64bit: Filter - Driver Group
    SafeBootMin:64bit: HelpSvc - Service
    SafeBootMin:64bit: PCI Configuration - Driver Group
    SafeBootMin:64bit: PNP Filter - Driver Group
    SafeBootMin:64bit: Primary disk - Driver Group
    SafeBootMin:64bit: sacsvr - Service
    SafeBootMin:64bit: SCSI Class - Driver Group
    SafeBootMin:64bit: System Bus Extender - Driver Group
    SafeBootMin:64bit: vmms - Service
    SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
    SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
    SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
    SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
    SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
    SafeBootMin: Base - Driver Group
    SafeBootMin: Boot Bus Extender - Driver Group
    SafeBootMin: Boot file system - Driver Group
    SafeBootMin: File system - Driver Group
    SafeBootMin: Filter - Driver Group
    SafeBootMin: HelpSvc - Service
    SafeBootMin: PCI Configuration - Driver Group
    SafeBootMin: PNP Filter - Driver Group
    SafeBootMin: Primary disk - Driver Group
    SafeBootMin: sacsvr - Service
    SafeBootMin: SCSI Class - Driver Group
    SafeBootMin: System Bus Extender - Driver Group
    SafeBootMin: vmms - Service
    SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
    SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
    SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
    SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
    SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
     
    SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
    SafeBootNet:64bit: Base - Driver Group
    SafeBootNet:64bit: Boot Bus Extender - Driver Group
    SafeBootNet:64bit: Boot file system - Driver Group
    SafeBootNet:64bit: File system - Driver Group
    SafeBootNet:64bit: Filter - Driver Group
    SafeBootNet:64bit: HelpSvc - Service
    SafeBootNet:64bit: Messenger - Service
    SafeBootNet:64bit: NDIS Wrapper - Driver Group
    SafeBootNet:64bit: NetBIOSGroup - Driver Group
    SafeBootNet:64bit: NetDDEGroup - Driver Group
    SafeBootNet:64bit: Network - Driver Group
    SafeBootNet:64bit: NetworkProvider - Driver Group
    SafeBootNet:64bit: PCI Configuration - Driver Group
    SafeBootNet:64bit: PNP Filter - Driver Group
    SafeBootNet:64bit: PNP_TDI - Driver Group
    SafeBootNet:64bit: Primary disk - Driver Group
    SafeBootNet:64bit: rdsessmgr - Service
    SafeBootNet:64bit: sacsvr - Service
    SafeBootNet:64bit: SCSI Class - Driver Group
    SafeBootNet:64bit: Streams Drivers - Driver Group
    SafeBootNet:64bit: System Bus Extender - Driver Group
    SafeBootNet:64bit: TDI - Driver Group
    SafeBootNet:64bit: vmms - Service
    SafeBootNet:64bit: WudfUsbccidDriver - Driver
    SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
    SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
    SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
    SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
    SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
    SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
    SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
    SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
    SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
    SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
    SafeBootNet: Base - Driver Group
    SafeBootNet: Boot Bus Extender - Driver Group
    SafeBootNet: Boot file system - Driver Group
    SafeBootNet: File system - Driver Group
    SafeBootNet: Filter - Driver Group
    SafeBootNet: HelpSvc - Service
    SafeBootNet: Messenger - Service
    SafeBootNet: NDIS Wrapper - Driver Group
    SafeBootNet: NetBIOSGroup - Driver Group
    SafeBootNet: NetDDEGroup - Driver Group
    SafeBootNet: Network - Driver Group
    SafeBootNet: NetworkProvider - Driver Group
    SafeBootNet: PCI Configuration - Driver Group
    SafeBootNet: PNP Filter - Driver Group
    SafeBootNet: PNP_TDI - Driver Group
    SafeBootNet: Primary disk - Driver Group
    SafeBootNet: rdsessmgr - Service
    SafeBootNet: sacsvr - Service
    SafeBootNet: SCSI Class - Driver Group
    SafeBootNet: Streams Drivers - Driver Group
    SafeBootNet: System Bus Extender - Driver Group
    SafeBootNet: TDI - Driver Group
    SafeBootNet: vmms - Service
    SafeBootNet: WudfUsbccidDriver - Driver
    SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
    SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
    SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
    SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
    SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
    SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
    SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
    SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
    SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
    SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
     
    ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
    ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
    ActiveX:64bit: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
    ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
    ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
    ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
    ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
    ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
    ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
    ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
    ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
    ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
    ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
    ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
    ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
    ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
    ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
    ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
    ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
    ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
    ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
    ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
    ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
    ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
    ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
    ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
    ActiveX: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
    ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
    ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
    ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
    ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
    ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
    ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
    ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
    ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
    ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
    ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
    ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - 
    ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
    ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
    ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
    ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
    ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
    ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
    ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
    ActiveX: {F8911D38-35EA-DD40-5D0D-21BE272FC50A} - Microsoft Windows Media Player 12.0
    ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
     
    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
    Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)
    Drivers32: vidc.i420 - C:\Windows\SysWow64\i420vfw.dll (www.helixcommunity.org)
    Drivers32: vidc.VP60 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
    Drivers32: vidc.VP61 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
    Drivers32: vidc.yv12 - C:\Windows\SysWow64\yv12vfw.dll (www.helixcommunity.org)
     
    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point
     
    ========== Files/Folders - Created Within 30 Days ==========
     
    [2013.10.14 12:15:01 | 000,000,000 | ---D | C] -- C:\Users\Rape\AppData\Local\{C28DD378-9034-445D-93A8-28CA4F275372}
    [2013.10.11 11:04:39 | 000,000,000 | ---D | C] -- C:\Users\Rape\AppData\Local\{63961E45-A112-44EC-960C-EDB400C7D4D8}
    [2013.10.10 13:52:00 | 000,000,000 | ---D | C] -- C:\Users\Rape\AppData\Local\{F8A9A428-6C9A-432F-A184-BD5E00F0795A}
    [2013.10.10 03:12:15 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
    [2013.10.10 03:12:14 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
    [2013.10.10 03:12:14 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
    [2013.10.10 03:12:14 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
    [2013.10.10 03:12:14 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
    [2013.10.10 03:12:14 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
    [2013.10.10 03:12:14 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
    [2013.10.10 03:12:14 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
    [2013.10.10 03:12:14 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
    [2013.10.10 03:12:14 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
    [2013.10.10 03:12:14 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
    [2013.10.10 03:12:12 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
    [2013.10.10 03:12:12 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
    [2013.10.10 03:12:12 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
    [2013.10.10 03:12:11 | 003,959,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
    [2013.10.10 02:51:27 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
    [2013.10.10 02:51:27 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidclass.sys
    [2013.10.10 02:51:27 | 000,032,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidparse.sys
    [2013.10.10 02:51:26 | 000,368,128 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
    [2013.10.10 02:51:26 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
    [2013.10.10 02:51:26 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
    [2013.10.10 02:51:26 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
    [2013.10.10 02:51:26 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
    [2013.10.10 02:51:26 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lpk.dll
    [2013.10.10 02:51:26 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
    [2013.10.10 02:51:26 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dciman32.dll
    [2013.10.10 02:51:19 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\davclnt.dll
    [2013.10.10 02:51:12 | 005,549,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
    [2013.10.10 02:51:12 | 003,969,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
    [2013.10.10 02:51:12 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
    [2013.10.10 02:51:12 | 000,878,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\advapi32.dll
    [2013.10.10 02:51:12 | 000,859,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdh.dll
    [2013.10.10 02:51:11 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
    [2013.10.10 02:51:11 | 000,619,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdh.dll
    [2013.10.10 02:51:11 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
    [2013.10.10 02:51:11 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
    [2013.10.10 02:51:11 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
    [2013.10.10 02:51:11 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
    [2013.10.10 02:51:11 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
    [2013.10.10 02:51:11 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
    [2013.10.10 02:51:01 | 000,124,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationCFFRasterizerNative_v0300.dll
    [2013.10.10 02:51:01 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
    [2013.10.10 02:50:39 | 000,461,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scavengeui.dll
    [2013.10.09 12:55:31 | 000,000,000 | ---D | C] -- C:\Users\Rape\AppData\Local\{51115CA6-4A08-4B1E-BA9F-6949D1E48B07}
    [2013.10.08 04:27:12 | 000,000,000 | ---D | C] -- C:\Users\Rape\AppData\Local\{95FA176A-214A-47BB-8F16-D5F8DA1094F7}
    [2013.10.01 12:20:32 | 000,000,000 | ---D | C] -- C:\Users\Rape\AppData\Local\{7BE3989F-BF58-482F-BA46-CAEF1C2862D7}
    [2013.10.01 02:05:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
    [2013.09.29 16:42:01 | 000,000,000 | ---D | C] -- C:\Users\Rape\AppData\Local\{D60C9D6E-5745-4B63-B3DA-9D3D41500356}
    [2013.09.26 13:10:51 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump
    [2013.09.24 19:07:41 | 000,000,000 | ---D | C] -- C:\Users\Rape\AppData\Local\{A26043D0-3F17-4455-BC18-D9011EB6B1C6}
    [2013.09.23 16:38:58 | 000,000,000 | ---D | C] -- C:\Users\Rape\AppData\Roaming\Arc
    [2013.09.23 16:38:03 | 000,000,000 | ---D | C] -- C:\Users\Rape\Application Data
    [2013.09.23 16:29:43 | 000,000,000 | ---D | C] -- C:\Users\Rape\AppData\Local\{A27F3093-0147-403D-9246-CC8EF1010554}
    [2013.09.23 15:50:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Neverwinter
    [2013.09.23 15:48:19 | 000,000,000 | ---D | C] -- C:\Perfect World Entertainment
    [2013.09.22 14:57:23 | 000,000,000 | ---D | C] -- C:\Users\Rape\AppData\Local\{6C927ACD-76E6-41E9-8EBD-CFF37720DA44}
    [2013.09.21 10:20:05 | 000,000,000 | ---D | C] -- C:\Users\Rape\AppData\Local\{1F81B5EF-34F3-4397-B844-B9D758352751}
    [2013.09.18 21:20:52 | 000,000,000 | ---D | C] -- C:\Users\Rape\AppData\Local\{C079CE44-BFE1-41B7-AAB2-E4F337F13730}
    [2013.09.16 08:45:42 | 000,000,000 | ---D | C] -- C:\Users\Rape\AppData\Local\{4369F9FD-D031-4C9D-8984-308449A40F4B}
     
    ========== Files - Modified Within 30 Days ==========
     
    [2013.10.15 12:40:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-916265873-225623776-2837566140-1001UA.job
    [2013.10.15 12:08:56 | 000,014,640 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2013.10.15 12:08:56 | 000,014,640 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2013.10.15 12:03:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013.10.14 19:40:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-916265873-225623776-2837566140-1001Core.job
    [2013.10.14 12:13:34 | 2145,558,527 | -HS- | M] () -- C:\hiberfil.sys
    [2013.10.10 13:55:48 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2013.10.10 13:55:48 | 000,696,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
    [2013.10.10 13:55:48 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2013.10.10 13:55:48 | 000,147,916 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
    [2013.10.10 13:55:48 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2013.10.10 13:50:19 | 002,226,400 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2013.10.10 03:10:37 | 001,589,442 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2013.10.09 13:23:16 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\Access.dat
    [2013.10.04 23:38:21 | 000,002,358 | ---- | M] () -- C:\Users\Rape\Desktop\Google Chrome.lnk
    [2013.09.23 01:27:49 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
    [2013.09.23 01:27:48 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
    [2013.09.23 01:27:48 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
    [2013.09.23 01:27:48 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
    [2013.09.23 01:27:48 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
    [2013.09.23 00:55:16 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
    [2013.09.23 00:54:55 | 000,603,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
    [2013.09.23 00:54:51 | 003,959,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
    [2013.09.23 00:54:51 | 000,855,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
    [2013.09.23 00:54:50 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
    [2013.09.23 00:54:50 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
    [2013.09.23 00:54:50 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
    [2013.09.23 00:54:50 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
    [2013.09.21 11:57:18 | 000,017,171 | ---- | M] () -- C:\Users\Rape\Desktop\playaaaa.jpg
    [2013.09.21 04:48:36 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
    [2013.09.21 04:39:47 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
     
    ========== Files Created - No Company Name ==========
     
    [2013.09.21 11:57:18 | 000,017,171 | ---- | C] () -- C:\Users\Rape\Desktop\playaaaa.jpg
    [2013.05.04 23:42:17 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
    [2013.03.17 21:10:37 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\FsUsbExDevice.Dll
    [2013.03.17 21:10:37 | 000,037,344 | ---- | C] () -- C:\Windows\SysWow64\FsUsbExDisk.Sys
    [2012.11.28 15:17:24 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
    [2012.11.28 15:17:18 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
    [2012.11.28 15:17:18 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
    [2012.11.28 15:17:18 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
    [2012.11.28 15:17:18 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
    [2012.09.16 21:43:38 | 000,007,605 | ---- | C] () -- C:\Users\Rape\AppData\Local\Resmon.ResmonCfg
    [2012.09.03 20:09:23 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
    [2012.08.26 03:27:49 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
    [2012.08.22 15:26:46 | 001,589,442 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2012.07.04 10:25:19 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2012.07.04 10:15:48 | 000,072,304 | R--- | C] () -- C:\Windows\SysWow64\XSrvSetup.exe
    [2012.07.04 10:07:14 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
     
    ========== ZeroAccess Check ==========
     
    [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
     
    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
     
    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
     
    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
     
    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2013.07.26 04:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment
     
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2013.07.26 03:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free
     
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both
     
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
     
    ========== LOP Check ==========
     
    [2012.12.31 22:25:36 | 000,000,000 | ---D | M] -- C:\Users\Rape\AppData\Roaming\7road
    [2013.09.29 20:21:13 | 000,000,000 | ---D | M] -- C:\Users\Rape\AppData\Roaming\Arc
    [2012.07.29 01:08:28 | 000,000,000 | ---D | M] -- C:\Users\Rape\AppData\Roaming\Audacity
    [2013.02.11 23:15:52 | 000,000,000 | ---D | M] -- C:\Users\Rape\AppData\Roaming\Azureus
    [2013.01.07 16:37:55 | 000,000,000 | ---D | M] -- C:\Users\Rape\AppData\Roaming\Babylon
    [2012.08.16 19:29:56 | 000,000,000 | ---D | M] -- C:\Users\Rape\AppData\Roaming\Canneverbe Limited
    [2013.01.07 16:38:04 | 000,000,000 | ---D | M] -- C:\Users\Rape\AppData\Roaming\Claro LTD
    [2012.07.04 23:55:44 | 000,000,000 | ---D | M] -- C:\Users\Rape\AppData\Roaming\DAEMON Tools Lite
    [2013.06.16 19:13:09 | 000,000,000 | ---D | M] -- C:\Users\Rape\AppData\Roaming\File Scout
    [2013.06.16 22:56:05 | 000,000,000 | ---D | M] -- C:\Users\Rape\AppData\Roaming\ICQ-Profile
    [2013.08.03 09:21:39 | 000,000,000 | ---D | M] -- C:\Users\Rape\AppData\Roaming\ICQM
    [2012.08.10 15:45:43 | 000,000,000 | ---D | M] -- C:\Users\Rape\AppData\Roaming\Lionhead Studios
    [2013.03.02 11:57:34 | 000,000,000 | ---D | M] -- C:\Users\Rape\AppData\Roaming\LolClient
    [2012.09.05 16:44:38 | 000,000,000 | ---D | M] -- C:\Users\Rape\AppData\Roaming\MahJong Suite
    [2012.09.05 17:35:51 | 000,000,000 | ---D | M] -- C:\Users\Rape\AppData\Roaming\Mahjongg Extended
    [2013.09.09 13:48:53 | 000,000,000 | ---D | M] -- C:\Users\Rape\AppData\Roaming\MotioninJoy
    [2013.06.08 17:38:38 | 000,000,000 | ---D | M] -- C:\Users\Rape\AppData\Roaming\NCdownloader
    [2012.07.13 14:58:27 | 000,000,000 | ---D | M] -- C:\Users\Rape\AppData\Roaming\OpenOffice.org
    [2012.12.26 19:05:10 | 000,000,000 | ---D | M] -- C:\Users\Rape\AppData\Roaming\Samsung
    [2013.10.13 01:30:11 | 000,000,000 | ---D | M] -- C:\Users\Rape\AppData\Roaming\TS3Client
    [2013.07.24 09:24:25 | 000,000,000 | ---D | M] -- C:\Users\Rape\AppData\Roaming\ts3overlay
    [2013.05.04 23:42:17 | 000,000,000 | ---D | M] -- C:\Users\Rape\AppData\Roaming\Tunngle
    [2012.09.28 21:28:00 | 000,000,000 | ---D | M] -- C:\Users\Rape\AppData\Roaming\Unity
     
    ========== Purity Check ==========
     
     
     
    ========== Custom Scans ==========
     
    < MD5 for: EXPLORER.EXE  >
    [2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
    [2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
    [2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
    [2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
    [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
    [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
    [2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
    [2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
    [2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
    [2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
    [2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
    [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
    [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
    [2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
    [2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
    [2010.11.20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
    [2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
    [2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
    [2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
    [2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
    [2011.02.26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
    [2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
     
    < MD5 for: LSASS.EXE  >
    [2009.07.14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16385_none_023f7c69767c3edd\lsass.exe
    [2009.07.14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16484_none_023e7e05767d22ad\lsass.exe
    [2009.07.14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.20594_none_02bd4ae48fa2de68\lsass.exe
    [2009.07.14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17514_none_04709031736ac277\lsass.exe
    [2011.11.17 08:20:34 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0A10B74FBB437FF9A23F1D5DE4446A83 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.21861_none_04c1204e8cb39c3f\lsass.exe
    [2011.11.17 09:05:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=156F6159457D0AA7E59B62681B56EB90 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16915_none_028b374176436a30\lsass.exe
    [2011.11.17 09:05:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=156F6159457D0AA7E59B62681B56EB90 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.17035_none_02756f8b7653d554\lsass.exe
    [2012.06.04 09:51:10 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=79C908CAA6F43021EB05F4C733A927D1 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22010_none_04f609a88c8c279c\lsass.exe
    [2012.06.02 07:30:31 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=BF63CE11A25F3509129888710D5111FC -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.21225_none_0309de288f695654\lsass.exe
    [2011.11.17 08:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=C118A82CD78818C29AB228366EBF81C3 -- C:\Windows\SysNative\lsass.exe
    [2011.11.17 08:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=C118A82CD78818C29AB228366EBF81C3 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17725_none_0466c45b7371f20d\lsass.exe
    [2011.11.17 08:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=C118A82CD78818C29AB228366EBF81C3 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17856_none_044756c773895c5e\lsass.exe
    [2011.11.17 08:42:52 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=D21BD47E528CD62E79311FB5DF0150E6 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.21092_none_02bb2a0a8fa4d398\lsass.exe
     
    < MD5 for: SVCHOST.EXE  >
    [2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
    [2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
    [2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
    [2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
     
    < MD5 for: USERINIT.EXE  >
    [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
    [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
    [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
    [2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
    [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
    [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
     
    < MD5 for: WININIT.EXE  >
    [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
    [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
    [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
    [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
     
    < MD5 for: WINLOGON.EXE  >
    [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
    [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
    [2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
    [2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
    [2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
     
    < %ALLUSERSPROFILE%\Application Data\*.exe /s >
     
    < %APPDATA%\*.exe /s >
    [2012.08.10 18:33:58 | 000,310,208 | ---- | M] (Georgia Institute of Technology) -- C:\Users\Rape\AppData\Roaming\Azureus\plugins\mlab\ShaperProbeC.exe
    [2013.02.05 19:32:45 | 007,365,072 | ---- | M] (Azureus Software, Inc.) -- C:\Users\Rape\AppData\Roaming\Azureus\tmp\AZU3133965709003147006.tmp\Vuze_4.8.1.2_win32.exe
    [2013.02.10 16:01:28 | 007,435,296 | ---- | M] (Azureus Software, Inc.) -- C:\Users\Rape\AppData\Roaming\Azureus\tmp\AZU365828956024430588.tmp\Vuze_4.8.1.2a_win32.exe
    [2013.02.11 15:01:07 | 007,435,296 | ---- | M] (Azureus Software, Inc.) -- C:\Users\Rape\AppData\Roaming\Azureus\tmp\AZU5433724606207371367.tmp\Vuze_4.8.1.2a_win32.exe
    [2013.05.28 15:20:14 | 000,259,584 | ---- | M] () -- C:\Users\Rape\AppData\Roaming\File Scout\filescout.exe
    [2013.06.16 19:13:09 | 000,062,902 | ---- | M] () -- C:\Users\Rape\AppData\Roaming\File Scout\uninst.exe
    [2013.06.16 22:55:31 | 028,682,088 | ---- | M] (ICQ) -- C:\Users\Rape\AppData\Roaming\ICQM\icq.exe
    [2013.06.16 22:55:31 | 035,430,224 | ---- | M] (ICQ) -- C:\Users\Rape\AppData\Roaming\ICQM\icqsetup.exe
    [2013.06.16 22:55:31 | 004,739,616 | ---- | M] () -- C:\Users\Rape\AppData\Roaming\ICQM\ICQ\dll\mailrusputnik.exe
    [2012.07.08 13:58:09 | 000,010,134 | R--- | M] () -- C:\Users\Rape\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
    [2012.09.03 17:58:04 | 000,158,000 | ---- | M] () -- C:\Users\Rape\AppData\Roaming\Mozilla\Firefox\Profiles\6t8fcncr.default\FlashGot.exe
    [2012.12.04 00:35:10 | 000,967,608 | ---- | M] (Samsung) -- C:\Users\Rape\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\Kies.exe
    [2012.12.04 00:35:10 | 000,298,424 | ---- | M] () -- C:\Users\Rape\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\KiesAgent.exe
    [2012.11.28 15:24:24 | 000,577,536 | ---- | M] (Samsung Electronics) -- C:\Users\Rape\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\KiesAirMessage.exe
    [2012.12.04 00:35:14 | 000,277,432 | ---- | M] () -- C:\Users\Rape\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\KiesDriverInstaller.exe
    [2012.12.04 00:35:12 | 000,309,688 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\Rape\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\KiesTrayAgent.exe
    [2012.12.04 00:24:52 | 000,171,008 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Rape\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\DeviceModules\ConnectionManager.exe
    [2012.12.04 00:27:54 | 000,332,800 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Rape\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\DeviceModules\DeviceDataService.exe
    [2012.12.04 00:25:48 | 000,689,152 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Rape\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\DeviceModules\DeviceManager.exe
    [2012.11.28 15:21:38 | 000,341,960 | ---- | M] (Teruten Inc) -- C:\Users\Rape\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\DeviceModules\FsAdmin64.exe
    [2012.11.28 15:21:36 | 000,020,480 | ---- | M] (Teruten Inc) -- C:\Users\Rape\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\DeviceModules\FsExService64.exe
    [2012.11.28 15:21:38 | 000,214,544 | ---- | M] (Teruten) -- C:\Users\Rape\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\DeviceModules\FsUsbExAdmin.exe
    [2012.11.28 15:21:36 | 000,217,088 | ---- | M] (Teruten) -- C:\Users\Rape\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\DeviceModules\FsUsbExService.exe
    [2012.12.04 00:35:14 | 000,067,512 | ---- | M] (Samsung) -- C:\Users\Rape\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\DeviceModules\Kies_Tutorial.exe
    [2012.12.04 00:35:22 | 000,063,416 | ---- | M] () -- C:\Users\Rape\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\DeviceModules\RegisterCOM.exe
    [2012.11.28 19:46:40 | 000,060,888 | ---- | M] (Samsung) -- C:\Users\Rape\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\FirmwareUpdate\AdminDelegator.exe
    [2012.11.28 19:46:40 | 000,088,024 | ---- | M] (Samsung) -- C:\Users\Rape\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\FirmwareUpdate\AgentInstaller.exe
    [2012.11.28 19:46:40 | 000,077,264 | ---- | M] (Samsung) -- C:\Users\Rape\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\FirmwareUpdate\AgentUpdate.exe
    [2012.12.04 00:35:18 | 000,843,704 | ---- | M] (Samsung) -- C:\Users\Rape\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\FirmwareUpdate\KiesPDLR.exe
    [2012.12.04 00:35:20 | 003,767,464 | ---- | M] (Freeware) -- C:\Users\Rape\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\MediaModules\MyFreeCodecPack.exe
    [2012.12.04 00:35:20 | 000,601,528 | ---- | M] (ml) -- C:\Users\Rape\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\Updater\Kies.Update.exe
    [2012.11.28 15:17:02 | 014,754,704 | ---- | M] (SAMSUNG Electronics Co., Ltd.) -- C:\Users\Rape\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\USB Driver\SAMSUNG_USB_Driver_for_Mobile_Phones.exe
    [2013.02.13 12:38:14 | 001,509,232 | ---- | M] (Samsung) -- C:\Users\Rape\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\Kies.exe
    [2013.02.13 12:38:16 | 000,540,528 | ---- | M] () -- C:\Users\Rape\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\KiesAgent.exe
    [2013.02.06 07:17:56 | 000,578,560 | ---- | M] (Samsung Electronics) -- C:\Users\Rape\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\KiesAirMessage.exe
    [2013.02.13 12:38:20 | 000,277,872 | ---- | M] () -- C:\Users\Rape\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\KiesDriverInstaller.exe
    [2013.02.13 12:38:18 | 000,310,128 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\Rape\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\KiesTrayAgent.exe
    [2013.02.13 12:25:52 | 000,173,568 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Rape\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\DeviceModules\ConnectionManager.exe
    [2013.02.13 12:28:30 | 000,338,432 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Rape\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\DeviceModules\DeviceDataService.exe
    [2013.02.13 12:26:42 | 000,689,664 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Rape\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\DeviceModules\DeviceManager.exe
    [2013.02.05 10:54:42 | 000,431,832 | ---- | M] (Teruten Inc) -- C:\Users\Rape\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\DeviceModules\FsAdmin64.exe
    [2013.02.05 10:54:40 | 000,021,504 | ---- | M] (Teruten Inc) -- C:\Users\Rape\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\DeviceModules\FsExService64.exe
    [2013.02.05 10:54:42 | 000,233,176 | ---- | M] (Teruten) -- C:\Users\Rape\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\DeviceModules\FsUsbExAdmin.exe
    [2013.02.05 10:54:40 | 000,233,472 | ---- | M] (Teruten) -- C:\Users\Rape\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\DeviceModules\FsUsbExService.exe
    [2013.02.13 12:38:22 | 000,067,952 | ---- | M] (Samsung) -- C:\Users\Rape\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\DeviceModules\Kies_Tutorial.exe
    [2013.02.13 12:38:30 | 000,065,904 | ---- | M] () -- C:\Users\Rape\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\DeviceModules\RegisterCOM.exe
    [2013.02.13 04:00:28 | 000,061,328 | ---- | M] (Samsung) -- C:\Users\Rape\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\FirmwareUpdate\AdminDelegator.exe
    [2013.02.13 04:00:28 | 000,088,464 | ---- | M] (Samsung) -- C:\Users\Rape\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\FirmwareUpdate\AgentInstaller.exe
    [2013.02.13 04:00:28 | 000,077,704 | ---- | M] (Samsung) -- C:\Users\Rape\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\FirmwareUpdate\AgentUpdate.exe
    [2013.02.13 12:38:24 | 000,844,144 | ---- | M] (Samsung) -- C:\Users\Rape\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\FirmwareUpdate\KiesPDLR.exe
    [2013.02.13 12:38:26 | 003,768,216 | ---- | M] (Freeware) -- C:\Users\Rape\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\MediaModules\MyFreeCodecPack.exe
    [2013.02.05 10:52:52 | 000,061,440 | ---- | M] ((주)마크애니) -- C:\Users\Rape\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\Program Files\MarkAny\ContentSafer\MaAgent.exe
    [2013.02.05 10:52:52 | 000,032,768 | ---- | M] (MarkAny Co, Ltd) -- C:\Users\Rape\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\Program Files\MarkAny\ContentSafer\MaCSMgr.exe
    [2013.02.05 10:52:54 | 000,065,536 | ---- | M] () -- C:\Users\Rape\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\Program Files\MarkAny\ContentSafer\MAWebControl.exe
    [2013.02.05 10:52:52 | 000,401,056 | ---- | M] (Marktek Inc.) -- C:\Users\Rape\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\Program Files\MarkAny\ContentSafer\MPXBox.exe
    [2013.02.05 10:52:52 | 000,020,480 | ---- | M] ( ) -- C:\Users\Rape\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\Program Files\MarkAny\ContentSafer\UpdateClient\MAUpdate.exe
    [2013.02.05 10:52:52 | 000,057,344 | ---- | M] ((주)마크애니) -- C:\Users\Rape\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\Program Files\MarkAny\ContentSafer\UpdateClient\MAUpdateBoot.exe
    [2013.02.05 10:52:52 | 000,126,976 | ---- | M] ((주)마크애니) -- C:\Users\Rape\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\Program Files\MarkAny\ContentSafer\UpdateClient\MaUpdateClient.exe
    [2013.02.13 12:38:28 | 000,602,480 | ---- | M] (ml) -- C:\Users\Rape\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\Updater\Kies.Update.exe
    [2013.02.04 09:25:56 | 014,759,040 | ---- | M] (SAMSUNG Electronics Co., Ltd.) -- C:\Users\Rape\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\USB Driver\SAMSUNG_USB_Driver_for_Mobile_Phones.exe
    [2012.12.04 00:35:20 | 000,601,528 | ---- | M] (ml) -- C:\Users\Rape\AppData\Roaming\Samsung\Kies\UpdateTemp\Temp\Kies.Update.exe
    [2013.02.13 12:38:28 | 000,602,480 | ---- | M] (ml) -- C:\Users\Rape\AppData\Roaming\Samsung\Kies\UpdateTemp\Updater\Kies.Update.exe
     
    < %APPDATA%\Adobe\Update\*.* >
     
    < %APPDATA%\Update\*.* >
     
    < %APPDATA%\Microsoft\*.* >
     
    < %ALLUSERSPROFILE%\Favorites\*.* >
     
    < %ALLUSERSPROFILE%\*.* >
     
    < %SYSTEMDRIVE%\*.* >
    [2011.01.18 16:58:06 | 000,000,000 | RH-- | M] () -- C:\2337chkmkrl
    [2012.07.04 10:20:24 | 000,000,181 | ---- | M] () -- C:\csb.log
    [2012.08.10 18:33:42 | 000,000,009 | ---- | M] () -- C:\END
    [2008.04.11 10:07:18 | 000,003,820 | ---- | M] () -- C:\eula.1028.txt
    [2008.04.11 10:07:18 | 000,015,428 | ---- | M] () -- C:\eula.1031.txt
    [2008.04.11 10:07:18 | 000,010,058 | ---- | M] () -- C:\eula.1033.txt
    [2008.04.11 10:07:18 | 000,012,246 | ---- | M] () -- C:\eula.1036.txt
    [2008.04.11 10:07:18 | 000,013,912 | ---- | M] () -- C:\eula.1040.txt
    [2008.04.11 10:07:18 | 000,005,868 | ---- | M] () -- C:\eula.1041.txt
    [2008.04.11 10:07:18 | 000,005,970 | ---- | M] () -- C:\eula.1042.txt
    [2008.04.11 10:07:18 | 000,010,134 | ---- | M] () -- C:\eula.1049.txt
    [2008.04.11 10:07:18 | 000,003,814 | ---- | M] () -- C:\eula.2052.txt
    [2008.04.11 10:07:18 | 000,012,936 | ---- | M] () -- C:\eula.3082.txt
    [2007.11.07 09:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
    [2013.10.14 12:13:34 | 2145,558,527 | -HS- | M] () -- C:\hiberfil.sys
    [2008.04.11 08:03:48 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
    [2007.11.07 09:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
    [2012.07.04 10:14:56 | 000,000,217 | ---- | M] () -- C:\Install.log
    [2008.04.11 08:03:48 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
    [2008.04.11 08:03:48 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
    [2008.04.11 08:03:48 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
    [2008.04.11 08:03:48 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
    [2008.04.11 08:03:48 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
    [2008.04.11 08:03:48 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
    [2008.04.11 08:03:48 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
    [2008.04.11 10:09:24 | 000,093,200 | ---- | M] (Microsoft Corporation) -- C:\install.res.1049.dll
    [2008.04.11 08:03:48 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
    [2008.04.11 08:03:48 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
    [2013.10.14 12:13:38 | 1003,495,423 | -HS- | M] () -- C:\pagefile.sys
    [2012.07.04 10:10:57 | 000,003,292 | ---- | M] () -- C:\RHDSetup.log
    [2013.07.13 01:46:43 | 000,874,956 | ---- | M] () -- C:\service.log
    [2012.02.15 11:19:03 | 000,067,032 | ---- | M] () -- C:\shared.log
    [2011.01.04 18:33:46 | 000,921,632 | ---- | M] () -- C:\SPC230NC.DAT
    [2012.06.17 18:40:16 | 000,000,250 | ---- | M] () -- C:\user.js
    [2007.11.07 09:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
    [2008.04.11 10:09:38 | 003,797,292 | ---- | M] () -- C:\VC_RED.cab
    [2008.04.11 10:11:40 | 000,233,472 | ---- | M] () -- C:\VC_RED.MSI
    [2011.09.07 21:22:45 | 000,001,697 | ---- | M] () -- C:\WarRock.ini
     
    < %PROGRAMFILES%\*.* >
    [2009.07.14 06:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
     
    < %PROGRAMFILES%\Internet Explorer\*.* >
    [2013.07.03 22:40:24 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\ExtExport.exe
    [2013.07.03 22:40:24 | 000,002,843 | ---- | M] () -- C:\Program Files (x86)\Internet Explorer\ie9props.propdesc
    [2013.07.03 22:40:25 | 000,697,344 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\iedvtool.dll
    [2013.07.03 22:40:24 | 000,467,456 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\ieinstal.exe
    [2013.07.03 22:40:24 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\ielowutil.exe
    [2013.09.23 01:27:48 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\ieproxy.dll
    [2013.09.23 01:27:48 | 000,236,032 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\IEShims.dll
    [2013.09.23 01:54:30 | 000,770,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
    [2013.07.03 22:40:24 | 000,440,320 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\jsdbgui.dll
    [2013.09.23 01:27:49 | 000,108,032 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\jsdebuggeride.dll
    [2013.07.03 22:40:24 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\JSProfilerCore.dll
    [2013.07.03 22:40:24 | 000,147,456 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\jsprofilerui.dll
    [2013.07.03 22:40:24 | 000,285,080 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\msdbg2.dll
    [2013.07.03 22:40:24 | 000,294,400 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\networkinspection.dll
    [2013.07.03 22:40:24 | 000,392,080 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\pdm.dll
    [2013.07.03 22:40:24 | 000,070,568 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\pdmproxy100.dll
    [2013.09.23 01:28:02 | 000,217,600 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\sqmapi.dll
     
    < %USERPROFILE%\*.* >
    [2013.10.15 13:39:08 | 002,621,440 | -HS- | M] () -- C:\Users\Rape\ntuser.dat
    [2013.10.15 13:39:08 | 000,262,144 | -HS- | M] () -- C:\Users\Rape\ntuser.dat.LOG1
    [2012.07.04 09:56:16 | 000,000,000 | -HS- | M] () -- C:\Users\Rape\ntuser.dat.LOG2
    [2012.07.04 10:03:56 | 000,065,536 | -HS- | M] () -- C:\Users\Rape\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
    [2012.07.04 10:03:56 | 000,524,288 | -HS- | M] () -- C:\Users\Rape\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
    [2012.07.04 10:03:56 | 000,524,288 | -HS- | M] () -- C:\Users\Rape\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
    [2013.08.08 22:00:18 | 000,065,536 | -HS- | M] () -- C:\Users\Rape\ntuser.dat{429b9c7e-ffe5-11e2-a00a-1c6f653e2513}.TM.blf
    [2013.08.08 22:00:18 | 000,524,288 | -HS- | M] () -- C:\Users\Rape\ntuser.dat{429b9c7e-ffe5-11e2-a00a-1c6f653e2513}.TMContainer00000000000000000001.regtrans-ms
    [2013.08.08 22:00:18 | 000,524,288 | -HS- | M] () -- C:\Users\Rape\ntuser.dat{429b9c7e-ffe5-11e2-a00a-1c6f653e2513}.TMContainer00000000000000000002.regtrans-ms
    [2012.09.25 00:58:41 | 000,065,536 | -HS- | M] () -- C:\Users\Rape\ntuser.dat{8f4978cf-051c-11e2-ae85-1c6f653e2513}.TM.blf
    [2012.09.25 00:58:41 | 000,524,288 | -HS- | M] () -- C:\Users\Rape\ntuser.dat{8f4978cf-051c-11e2-ae85-1c6f653e2513}.TMContainer00000000000000000001.regtrans-ms
    [2012.09.25 00:58:41 | 000,524,288 | -HS- | M] () -- C:\Users\Rape\ntuser.dat{8f4978cf-051c-11e2-ae85-1c6f653e2513}.TMContainer00000000000000000002.regtrans-ms
    [2012.07.04 09:56:17 | 000,000,020 | -HS- | M] () -- C:\Users\Rape\ntuser.ini
     
    < %USERPROFILE%\Local Settings\Temp\*.exe >
     
    < %USERPROFILE%\Local Settings\Temp\*.dll >
     
    < %USERPROFILE%\Application Data\*.exe >
     
    < %systemroot%\*. /mp /s >
     
    < %systemroot%\*.exe /90 >
     
    < %systemroot%\system32\*.dll /lockedfiles >
    [2010.11.20 14:21:37 | 011,410,432 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\wmp.dll
     
    < %systemroot%\system32\*.dll /90 >
    [2013.08.29 03:48:17 | 000,640,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\advapi32.dll
    [2013.08.02 03:48:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
    [2013.08.02 03:48:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    [2013.08.02 03:48:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
    [2013.08.02 03:48:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    [2013.08.02 03:48:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    [2013.08.02 03:48:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    [2013.08.02 03:48:15 | 000,005,120 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
    [2013.08.02 03:48:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
    [2013.08.02 03:48:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
    [2013.08.02 03:48:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    [2013.08.02 03:48:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
    [2013.08.02 03:48:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    [2013.08.02 03:48:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
    [2013.08.02 03:48:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    [2013.08.02 03:48:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
    [2013.08.02 03:48:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
    [2013.08.02 03:48:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    [2013.08.02 03:48:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    [2013.08.02 03:48:15 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    [2013.08.02 03:48:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
    [2013.08.02 03:48:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    [2013.08.02 03:48:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
    [2013.08.02 03:48:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
    [2013.08.02 03:48:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    [2013.08.02 02:43:05 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    [2013.08.02 02:43:05 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
    [2013.08.02 02:43:05 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    [2013.08.02 02:43:05 | 000,006,144 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
    [2013.08.02 03:48:15 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\apisetschema.dll
    [2013.09.23 01:27:48 | 013,761,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieframe.dll
    [2013.09.23 01:27:48 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iernonce.dll
    [2013.09.23 01:27:48 | 002,048,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iertutil.dll
    [2013.09.23 01:27:48 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iesetup.dll
    [2013.09.23 01:27:48 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iesysprep.dll
    [2013.09.23 01:27:48 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieui.dll
    [2013.09.23 01:27:49 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\jscript.dll
    [2013.09.23 01:27:49 | 002,876,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\jscript9.dll
    [2013.09.23 01:27:49 | 000,039,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\jsproxy.dll
    [2013.08.02 03:50:41 | 001,114,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kernel32.dll
    [2013.08.02 03:50:42 | 000,274,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\KernelBase.dll
    [2013.09.23 01:27:53 | 000,493,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msfeeds.dll
    [2013.09.23 01:27:53 | 014,335,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mshtml.dll
    [2013.09.08 04:03:58 | 000,231,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mswsock.dll
    [2013.08.29 03:50:30 | 001,292,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ntdll.dll
    [2013.08.29 02:49:52 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ntvdm64.dll
    [2013.07.20 12:33:12 | 000,102,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
    [2013.07.26 03:55:59 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\shdocvw.dll
    [2013.07.26 03:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\shell32.dll
    [2013.08.29 03:50:16 | 000,619,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\tdh.dll
    [2013.07.19 03:41:01 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\tzres.dll
    [2013.09.23 01:28:04 | 001,141,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\urlmon.dll
    [2013.09.23 01:28:06 | 001,767,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wininet.dll
    [2013.07.25 10:57:27 | 001,620,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\WMVDECOD.DLL
    [2013.08.29 03:50:31 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wow32.dll
     
    < %systemroot%\system32\drivers\*.sys /lockedfiles >
     
    < %systemroot%\system32\drivers\*.sys /90 >
     
    < %systemroot%\system32\*.exe /90 >
    [2013.08.29 02:49:52 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\instnm.exe
    [2013.08.29 03:51:45 | 003,969,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ntkrnlpa.exe
    [2013.08.29 03:51:45 | 003,914,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ntoskrnl.exe
    [2013.09.21 04:39:47 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\RegisterIEPKEYs.exe
    [2013.08.29 02:49:53 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\setup16.exe
    [2013.08.29 02:49:49 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\user.exe
     
    < %systemroot%\system32\config\*.sav >
     
    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
     
    < %systemroot%\Tasks\*.job /lockedfiles >
     
    < %systemroot%\assembly\tmp\*.* /S /MD5 >
     
    < %systemroot%\assembly\GAC_32\*.* /S /MD5 >
    [2009.07.14 03:19:59 | 000,004,608 | ---- | M] () MD5=2CBEAFED3233C20DF11B88DF909CD74F -- C:\Windows\assembly\GAC_32\AuditPolicyGPManagedStubs.Interop\6.1.0.0__31bf3856ad364e35\AuditPolicyGPManagedStubs.Interop.dll
    [2010.11.20 14:32:20 | 000,238,080 | ---- | M] () MD5=D6D26A698BCCD17AB0761E6221C5F3C4 -- C:\Windows\assembly\GAC_32\BDATunePIA\6.1.0.0__31bf3856ad364e35\BDATunePIA.dll
    [2012.08.15 19:41:30 | 000,063,488 | ---- | M] () MD5=FE26A387EEC50587C64148F7BED6CA08 -- C:\Windows\assembly\GAC_32\cli_cppuhelper\1.0.22.0__ce2cb7e279207b9e\cli_cppuhelper.dll
    [2010.11.05 03:57:39 | 000,069,120 | ---- | M] () MD5=C80DA476BFBAD97D874A0EFE037D7113 -- C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
    [2009.07.14 03:22:13 | 000,139,264 | ---- | M] () MD5=3723B29BBFE648380ED9B70B164E33A2 -- C:\Windows\assembly\GAC_32\ehexthost32\6.1.0.0__31bf3856ad364e35\ehexthost32.exe
    [2009.07.13 23:04:37 | 000,002,274 | ---- | M] () MD5=C343B566A3B8DA7743C30796BE0A54D7 -- C:\Windows\assembly\GAC_32\ehexthost32\6.1.0.0__31bf3856ad364e35\ehexthost32.exe.config
    [2010.11.05 03:57:43 | 000,072,192 | ---- | M] () MD5=D58D4E4AA8D6146D838BE02500F50B27 -- C:\Windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
    [2010.11.20 14:32:22 | 000,134,656 | ---- | M] () MD5=7D8676EC6A6ABCF57E1F6CA5372E56EE -- C:\Windows\assembly\GAC_32\mcstoredb\6.1.0.0__31bf3856ad364e35\mcstoredb.dll
    [2009.07.14 19:58:26 | 000,090,112 | ---- | M] () MD5=3994CBC9EC487E167992FC1D169A32AC -- C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\6.1.0.0_de_31bf3856ad364e35\Microsoft.GroupPolicy.AdmTmplEditor.Resources.dll
    [2010.11.20 14:35:58 | 000,189,952 | ---- | M] () MD5=38D88B9F15909C5EB12543B9ADD60665 -- C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\6.1.0.0__31bf3856ad364e35\Microsoft.GroupPolicy.AdmTmplEditor.dll
    [2010.11.20 14:35:58 | 000,145,920 | ---- | M] () MD5=7473DCFFD01F73BA2B2621555B02E09A -- C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.Interop\2.0.0.0__31bf3856ad364e35\Microsoft.GroupPolicy.Interop.dll
    [2009.07.14 03:24:14 | 000,507,904 | ---- | M] () MD5=269691AFEE6C44C52CDCA23C24BDBB0C -- C:\Windows\assembly\GAC_32\Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Microsoft.Ink.dll
    [2009.07.14 03:24:28 | 000,077,824 | ---- | M] () MD5=BB2BB7BFE455562249E922A7AA4493A5 -- C:\Windows\assembly\GAC_32\Microsoft.Interop.Security.AzRoles\2.0.0.0__31bf3856ad364e35\Microsoft.Interop.Security.AzRoles.dll
    [2009.07.14 03:23:55 | 000,008,192 | ---- | M] () MD5=79D7E7A3CB56C91FE9030C5EFE2DC13C -- C:\Windows\assembly\GAC_32\Microsoft.Security.ApplicationId.PolicyManagement.PolicyEngineApi.Interop\6.1.0.0__31bf3856ad364e35\Microsoft.Security.ApplicationId.PolicyManagement.PolicyEngineApi.Interop.dll
    [2010.11.05 03:52:36 | 000,163,840 | ---- | M] () MD5=059B857CCA35C20F06B5DEBD51C4FB38 -- C:\Windows\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
    [2009.07.14 03:26:31 | 000,008,192 | ---- | M] () MD5=FA44A672F1C12791984D9ECAB7DC3177 -- C:\Windows\assembly\GAC_32\Microsoft.Windows.Diagnosis.SDEngine\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.SDEngine.dll
    [2009.06.10 23:14:52 | 000,087,888 | ---- | M] () MD5=2E5F1CF69F92392F8829FC9C9263AE9B -- C:\Windows\assembly\GAC_32\MSBuild\3.5.0.0__b03f5f7f11d50a3a\MSBuild.exe
    [2009.06.10 23:14:53 | 000,001,581 | ---- | M] () MD5=1EA3E30080C0E256C2EF0C621E91C345 -- C:\Windows\assembly\GAC_32\MSBuild\3.5.0.0__b03f5f7f11d50a3a\msbuild.exe.config
    [2009.06.10 23:22:47 | 000,066,728 | ---- | M] () MD5=C01B81BB10AD14DBC5C4ECD350638096 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\big5.nlp
    [2009.06.10 23:22:47 | 000,082,172 | ---- | M] () MD5=EE1F60F8774D74BED8B13498F3FE737A -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\bopomofo.nlp
    [2009.06.10 23:22:58 | 000,116,756 | ---- | M] () MD5=F6DFDA5A31162D848634504565F6D321 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\ksc.nlp
    [2013.04.24 00:57:26 | 004,554,752 | ---- | M] () MD5=F90B255442B7DF136ABE99D15036ACAB -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
    [2009.06.10 23:23:13 | 000,059,342 | ---- | M] () MD5=DA5748A89E22A3932387E65694B25BBB -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normidna.nlp
    [2009.06.10 23:23:13 | 000,045,794 | ---- | M] () MD5=3831A5E217D6FA828CCE1011DA26E677 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfc.nlp
    [2009.06.10 23:23:13 | 000,039,284 | ---- | M] () MD5=DBDE664E0BA4BACD0A6A04AE2232B205 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfd.nlp
    [2009.06.10 23:23:13 | 000,066,384 | ---- | M] () MD5=C9B88B759FE81D59CE8EBF5A0A8EB75A -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfkc.nlp
    [2009.06.10 23:23:13 | 000,060,294 | ---- | M] () MD5=3CAB6AB66759FCDF73B61EE262C9ACF4 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfkd.nlp
    [2009.06.10 23:23:14 | 000,083,748 | ---- | M] () MD5=54144F43EDF5AA8F504A30E7C1D1A7B5 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\prc.nlp
    [2009.06.10 23:23:14 | 000,083,748 | ---- | M] () MD5=901863C68E6523336CAC602FE9320ABC -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\prcp.nlp
    [2009.06.10 23:23:17 | 000,262,148 | ---- | M] () MD5=FB59D247F7143C3B9683A547E808A88B -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
    [2009.06.10 23:23:17 | 000,020,320 | ---- | M] () MD5=FF13BA175F0013D2311827E0D438C60B -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
    [2009.06.10 23:23:23 | 000,028,288 | ---- | M] () MD5=09E420F90A329BDA68477FA4AF43CB28 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\xjis.nlp
    [2010.11.20 14:36:00 | 000,046,080 | ---- | M] () MD5=93C4029DABC19166076BE347283AB969 -- C:\Windows\assembly\GAC_32\napcrypt\6.1.0.0__31bf3856ad364e35\NAPCRYPT.DLL
    [2010.11.20 14:36:00 | 000,107,008 | ---- | M] () MD5=E9CFC1884D1E579E82073103827FA62B -- C:\Windows\assembly\GAC_32\naphlpr\6.1.0.0__31bf3856ad364e35\NAPHLPR.DLL
    [2012.08.15 19:41:51 | 000,000,382 | ---- | M] () MD5=5B5249684E45C53333ACB2703BC03AB3 -- C:\Windows\assembly\GAC_32\policy.1.0.cli_cppuhelper\22.0.0.0__ce2cb7e279207b9e\cli_cppuhelper.config
    [2012.08.15 19:41:50 | 000,003,072 | ---- | M] () MD5=85BA2360F678A7FFAABC1ED8C195E451 -- C:\Windows\assembly\GAC_32\policy.1.0.cli_cppuhelper\22.0.0.0__ce2cb7e279207b9e\policy.1.0.cli_cppuhelper.dll
    [2009.07.14 00:04:07 | 000,000,442 | ---- | M] () MD5=13E4BF7A255D57592EEDBD04A500C09B -- C:\Windows\assembly\GAC_32\Policy.1.0.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Policy.1.0.Microsoft.Ink.config
    [2009.07.14 03:25:25 | 000,005,632 | ---- | M] () MD5=608232474C33C71F863B0866E5165C1C -- C:\Windows\assembly\GAC_32\Policy.1.0.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Policy.1.0.Microsoft.Ink.dll
    [2009.06.10 23:32:22 | 000,000,494 | ---- | M] () MD5=453626B1A59F62F9A141AC62F4E44E75 -- C:\Windows\assembly\GAC_32\Policy.1.0.Microsoft.Interop.Security.AzRoles\6.1.7600.16385__31bf3856ad364e35\Microsoft.Interop.Security.AzRoles.config
    [2009.07.14 03:26:15 | 000,005,632 | ---- | M] () MD5=2641880E8C12BEE37DDC2813908A2A0F -- C:\Windows\assembly\GAC_32\Policy.1.0.Microsoft.Interop.Security.AzRoles\6.1.7600.16385__31bf3856ad364e35\Policy.1.0.Microsoft.Interop.Security.AzRoles.dll
    [2009.06.10 23:32:22 | 000,000,494 | ---- | M] () MD5=453626B1A59F62F9A141AC62F4E44E75 -- C:\Windows\assembly\GAC_32\Policy.1.2.Microsoft.Interop.Security.AzRoles\6.1.7600.16385__31bf3856ad364e35\Policy.1.2.Microsoft.Interop.Security.AzRoles.config
    [2009.07.14 03:23:30 | 000,005,632 | ---- | M] () MD5=D6C077082EAA747911C212A9EB64A813 -- C:\Windows\assembly\GAC_32\Policy.1.2.Microsoft.Interop.Security.AzRoles\6.1.7600.16385__31bf3856ad364e35\Policy.1.2.Microsoft.Interop.Security.AzRoles.dll
    [2009.07.14 00:04:07 | 000,000,442 | ---- | M] () MD5=13E4BF7A255D57592EEDBD04A500C09B -- C:\Windows\assembly\GAC_32\Policy.1.7.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Policy.1.7.Microsoft.Ink.config
    [2009.07.14 03:22:54 | 000,005,632 | ---- | M] () MD5=331021DA8B00A9ADCDD54B5782943204 -- C:\Windows\assembly\GAC_32\Policy.1.7.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Policy.1.7.Microsoft.Ink.dll
    [2009.07.14 00:04:08 | 000,000,442 | ---- | M] () MD5=13E4BF7A255D57592EEDBD04A500C09B -- C:\Windows\assembly\GAC_32\Policy.6.0.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Policy.6.0.Microsoft.Ink.config
    [2009.07.14 03:23:04 | 000,005,632 | ---- | M] () MD5=B3DB67C90DBBB75BFE110A86E951C2EC -- C:\Windows\assembly\GAC_32\Policy.6.0.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Policy.6.0.Microsoft.Ink.dll
    [2013.04.16 00:56:15 | 004,218,880 | ---- | M] () MD5=8DFB5078508924FA725C203CE179B10C -- C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
    [2009.06.10 23:14:51 | 000,000,161 | ---- | M] () MD5=C0856EC51C8C75B8FDF02C1BBCFE7B93 -- C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationFontCache.exe.config
    [2013.04.20 00:55:09 | 001,737,376 | ---- | M] () MD5=E0E5BB58A4C43F7DBB83352785F32DEF -- C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\wpfgfx_v0300.dll
    [2010.11.05 03:58:05 | 000,486,400 | ---- | M] () MD5=ED40D020A6A82748394F1653CE324CE4 -- C:\Windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
    [2010.11.05 03:58:05 | 002,927,616 | ---- | M] () MD5=35CAB7CF3754C41AEB69DCE1D5ACA5A4 -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    [2010.11.05 03:58:08 | 000,258,048 | ---- | M] () MD5=6DB969DF540BC71722848940D180AC08 -- C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
    [2010.11.20 06:12:59 | 000,113,664 | ---- | M] () MD5=C865DC05ADE0B41A9E14DD585E0CDF94 -- C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
    [2013.04.16 00:56:16 | 000,372,736 | ---- | M] () MD5=962108F1B42E442AF55588CC14F4794F -- C:\Windows\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll
    [2009.06.10 23:23:19 | 000,261,632 | ---- | M] () MD5=5F3F1BF5F5B43293953FC915845910C4 -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
    [2013.07.03 01:09:05 | 005,283,840 | ---- | M] () MD5=4CB76BD09983C37FE13CE9E525BEADC8 -- C:\Windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
     
    < %systemroot%\assembly\GAC_64\*.* /S /MD5 >
    [2009.07.14 03:46:07 | 000,004,608 | ---- | M] () MD5=72A9C3F3B78CA92C93E78A46B3D73A7B -- C:\Windows\assembly\GAC_64\AuditPolicyGPManagedStubs.Interop\6.1.0.0__31bf3856ad364e35\AuditPolicyGPManagedStubs.Interop.dll
    [2010.11.20 15:39:41 | 000,249,344 | ---- | M] () MD5=0EB9F2F8649FC0DE0DB55AFF18093E1C -- C:\Windows\assembly\GAC_64\BDATunePIA\6.1.0.0__31bf3856ad364e35\BDATunePIA.dll
    [2010.11.05 03:56:37 | 000,080,896 | ---- | M] () MD5=28D0AAEB2F5D05629B287E3534FCAFB3 -- C:\Windows\assembly\GAC_64\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
    [2010.11.05 03:56:43 | 000,089,600 | ---- | M] () MD5=8658D501224F8EAA18BCF8104F07AA29 -- C:\Windows\assembly\GAC_64\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
    [2010.11.20 15:44:11 | 000,139,264 | ---- | M] () MD5=D32088C67317F5B64C13352E6EB5FFB1 -- C:\Windows\assembly\GAC_64\mcstoredb\6.1.0.0__31bf3856ad364e35\mcstoredb.dll
    [2010.11.20 15:44:11 | 000,198,656 | ---- | M] () MD5=073C37CEFEB4D5CD86646171C5D999F2 -- C:\Windows\assembly\GAC_64\mcupdate\6.1.0.0__31bf3856ad364e35\mcupdate.exe
    [2010.11.20 15:44:11 | 000,133,120 | ---- | M] () MD5=948ECE6043513473FF26B6A43DCD67C8 -- C:\Windows\assembly\GAC_64\Mcx2Dvcs\6.1.0.0__31bf3856ad364e35\Mcx2Dvcs.dll
    [2009.07.14 19:58:26 | 000,090,112 | ---- | M] () MD5=4BB5C3949D6BFBD257B78AD5F35AB91A -- C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\6.1.0.0_de_31bf3856ad364e35\Microsoft.GroupPolicy.AdmTmplEditor.Resources.dll
    [2010.11.20 15:44:11 | 000,196,096 | ---- | M] () MD5=6E1F814CEEFC54E14DDBA66415823CFE -- C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\6.1.0.0__31bf3856ad364e35\Microsoft.GroupPolicy.AdmTmplEditor.dll
    [2010.11.20 15:44:11 | 000,151,040 | ---- | M] () MD5=63A87E4AEF8F906BABEF2612C2A00586 -- C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.Interop\2.0.0.0__31bf3856ad364e35\Microsoft.GroupPolicy.Interop.dll
    [2009.07.14 03:51:37 | 000,507,904 | ---- | M] () MD5=80BC35C4CA953CCACFECEE0EDBA14F5A -- C:\Windows\assembly\GAC_64\Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Microsoft.Ink.dll
    [2009.07.14 03:51:13 | 000,077,824 | ---- | M] () MD5=ADE7BDD9DFFFB5A965DF204114F36951 -- C:\Windows\assembly\GAC_64\Microsoft.Interop.Security.AzRoles\2.0.0.0__31bf3856ad364e35\Microsoft.Interop.Security.AzRoles.dll
    [2011.08.17 07:28:23 | 000,315,392 | ---- | M] () MD5=063FDD306A93B988CBEC9C6987EB2960 -- C:\Windows\assembly\GAC_64\Microsoft.MediaCenter.Interop\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.Interop.dll
    [2010.11.20 15:44:11 | 000,147,968 | ---- | M] () MD5=9453A71711D51C31DD607EC19CA604B0 -- C:\Windows\assembly\GAC_64\Microsoft.MediaCenter.iTV.Media\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.iTV.Media.dll
    [2010.11.20 15:44:11 | 000,056,320 | ---- | M] () MD5=6B365422C9E1417C9C99FD1234C42F48 -- C:\Windows\assembly\GAC_64\Microsoft.MediaCenter.Mheg\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.Mheg.dll
    [2010.11.20 15:44:11 | 000,114,688 | ---- | M] () MD5=2920CBCE0700F34AC9E27423CBD87798 -- C:\Windows\assembly\GAC_64\Microsoft.MediaCenter.Playback\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.Playback.dll
    [2010.11.20 15:44:12 | 000,327,168 | ---- | M] () MD5=2288CBDEBF5D78E0CB9158D251DE4016 -- C:\Windows\assembly\GAC_64\Microsoft.MediaCenter.TV.Tuners.Interop\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.TV.Tuners.Interop.dll
    [2009.07.14 03:48:19 | 000,008,192 | ---- | M] () MD5=0B61293239545BDB5CF2EF7208F225DA -- C:\Windows\assembly\GAC_64\Microsoft.Security.ApplicationId.PolicyManagement.PolicyEngineApi.Interop\6.1.0.0__31bf3856ad364e35\Microsoft.Security.ApplicationId.PolicyManagement.PolicyEngineApi.Interop.dll
    [2010.11.05 03:52:15 | 000,163,840 | ---- | M] () MD5=DAC8353CA6D1919C7FF87C00672FBF2E -- C:\Windows\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
    [2009.07.14 03:49:27 | 000,008,192 | ---- | M] () MD5=6790FBD2C832CBB26A694E1046F7F2BA -- C:\Windows\assembly\GAC_64\Microsoft.Windows.Diagnosis.SDEngine\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.SDEngine.dll
    [2010.11.20 15:39:46 | 000,019,968 | ---- | M] () MD5=DBE659C5CE6689D009D9414CB27FD110 -- C:\Windows\assembly\GAC_64\Microsoft-Windows-HomeGroupDiagnostic.NetListMgr.Interop\6.1.0.0__31bf3856ad364e35\Microsoft-Windows-HomeGroupDiagnostic.NetListMgr.Interop.dll
    [2010.11.05 03:53:34 | 000,083,792 | ---- | M] () MD5=15885A86E87CC4291EF628E4F8A9BD6D -- C:\Windows\assembly\GAC_64\MSBuild\3.5.0.0__b03f5f7f11d50a3a\MSBuild.exe
    [2009.06.10 22:31:02 | 000,001,581 | ---- | M] () MD5=1EA3E30080C0E256C2EF0C621E91C345 -- C:\Windows\assembly\GAC_64\MSBuild\3.5.0.0__b03f5f7f11d50a3a\msbuild.exe.config
    [2009.06.10 22:39:44 | 000,066,728 | ---- | M] () MD5=C01B81BB10AD14DBC5C4ECD350638096 -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\big5.nlp
    [2009.06.10 22:39:44 | 000,082,172 | ---- | M] () MD5=EE1F60F8774D74BED8B13498F3FE737A -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\bopomofo.nlp
    [2009.06.10 22:39:54 | 000,116,756 | ---- | M] () MD5=F6DFDA5A31162D848634504565F6D321 -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\ksc.nlp
    [2013.04.24 00:56:10 | 004,567,040 | ---- | M] () MD5=32B844F1DAA7912FBBB119047303E73F -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
    [2009.06.10 22:40:01 | 000,059,342 | ---- | M] () MD5=DA5748A89E22A3932387E65694B25BBB -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\normidna.nlp
    [2009.06.10 22:40:01 | 000,045,794 | ---- | M] () MD5=3831A5E217D6FA828CCE1011DA26E677 -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\normnfc.nlp
    [2009.06.10 22:40:01 | 000,039,284 | ---- | M] () MD5=DBDE664E0BA4BACD0A6A04AE2232B205 -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\normnfd.nlp
    [2009.06.10 22:40:01 | 000,066,384 | ---- | M] () MD5=C9B88B759FE81D59CE8EBF5A0A8EB75A -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\normnfkc.nlp
    [2009.06.10 22:40:01 | 000,060,294 | ---- | M] () MD5=3CAB6AB66759FCDF73B61EE262C9ACF4 -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\normnfkd.nlp
    [2009.06.10 22:40:01 | 000,083,748 | ---- | M] () MD5=54144F43EDF5AA8F504A30E7C1D1A7B5 -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\prc.nlp
    [2009.06.10 22:40:01 | 000,083,748 | ---- | M] () MD5=901863C68E6523336CAC602FE9320ABC -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\prcp.nlp
    [2009.06.10 22:40:02 | 000,262,148 | ---- | M] () Unable to obtain MD5 -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
    [2009.06.10 22:40:02 | 000,020,320 | ---- | M] () Unable to obtain MD5 -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
    [2009.06.10 22:40:10 | 000,028,288 | ---- | M] () MD5=09E420F90A329BDA68477FA4AF43CB28 -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\xjis.nlp
    [2010.11.20 15:44:12 | 000,050,176 | ---- | M] () MD5=E0773633E4193B183FB396192581BD86 -- C:\Windows\assembly\GAC_64\napcrypt\6.1.0.0__31bf3856ad364e35\NAPCRYPT.DLL
    [2010.11.20 15:44:13 | 000,133,632 | ---- | M] () MD5=A302DA1404664CEF1D416ED4DE49EA2B -- C:\Windows\assembly\GAC_64\naphlpr\6.1.0.0__31bf3856ad364e35\NAPHLPR.DLL
    [2009.06.10 22:51:13 | 000,000,494 | ---- | M] () MD5=453626B1A59F62F9A141AC62F4E44E75 -- C:\Windows\assembly\GAC_64\Policy.1.0.Microsoft.Interop.Security.AzRoles\6.1.7600.16385__31bf3856ad364e35\Microsoft.Interop.Security.AzRoles.config
    [2009.07.14 03:52:10 | 000,005,120 | ---- | M] () MD5=C3554C9F9650380CD6A292CD5E7F02C6 -- C:\Windows\assembly\GAC_64\Policy.1.0.Microsoft.Interop.Security.AzRoles\6.1.7600.16385__31bf3856ad364e35\Policy.1.0.Microsoft.Interop.Security.AzRoles.dll
    [2009.06.10 22:51:13 | 000,000,494 | ---- | M] () MD5=453626B1A59F62F9A141AC62F4E44E75 -- C:\Windows\assembly\GAC_64\Policy.1.2.Microsoft.Interop.Security.AzRoles\6.1.7600.16385__31bf3856ad364e35\Policy.1.2.Microsoft.Interop.Security.AzRoles.config
    [2009.07.14 03:50:32 | 000,005,120 | ---- | M] () MD5=265830B968EC5512E923C5482A5F5EEB -- C:\Windows\assembly\GAC_64\Policy.1.2.Microsoft.Interop.Security.AzRoles\6.1.7600.16385__31bf3856ad364e35\Policy.1.2.Microsoft.Interop.Security.AzRoles.dll
    [2009.07.13 23:54:48 | 000,000,442 | ---- | M] () MD5=13E4BF7A255D57592EEDBD04A500C09B -- C:\Windows\assembly\GAC_64\Policy.6.0.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Policy.6.0.Microsoft.Ink.config
    [2009.07.14 03:50:49 | 000,005,120 | ---- | M] () MD5=6162FCE93CE4C29318C179E457CFE656 -- C:\Windows\assembly\GAC_64\Policy.6.0.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Policy.6.0.Microsoft.Ink.dll
    [2013.04.16 00:55:18 | 003,998,208 | ---- | M] () MD5=AE098D9D3BD83440C59A0C3386F4F5DD -- C:\Windows\assembly\GAC_64\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
    [2009.06.10 22:30:59 | 000,000,161 | ---- | M] () MD5=C0856EC51C8C75B8FDF02C1BBCFE7B93 -- C:\Windows\assembly\GAC_64\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationFontCache.exe.config
    [2013.04.20 00:54:21 | 002,256,032 | ---- | M] () MD5=6E656C325A5519A3A9D951709958CF6F -- C:\Windows\assembly\GAC_64\PresentationCore\3.0.0.0__31bf3856ad364e35\wpfgfx_v0300.dll
    [2010.11.05 03:56:58 | 000,502,272 | ---- | M] () MD5=2D8090F04B14059E23FE68F9FF3E318C -- C:\Windows\assembly\GAC_64\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
    [2010.11.05 03:56:58 | 003,095,552 | ---- | M] () MD5=98D53BB2DB8E11762D30C3CF41FA140B -- C:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    [2010.11.05 03:57:00 | 000,245,760 | ---- | M] () MD5=B395F8BE6E578FAB80A1D568911857D7 -- C:\Windows\assembly\GAC_64\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
    [2010.11.05 03:57:02 | 000,133,120 | ---- | M] () MD5=D9C192B9CD25DC5C9C05DF98C945E3F1 -- C:\Windows\assembly\GAC_64\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
    [2013.04.16 00:55:19 | 000,358,912 | ---- | M] () MD5=D5B9510CA085D4E04BEBD2C47CD50925 -- C:\Windows\assembly\GAC_64\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll
    [2009.06.10 22:40:06 | 000,283,136 | ---- | M] () MD5=E4806AC8BE2D890193252D4BEE7EA95C -- C:\Windows\assembly\GAC_64\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
    [2013.07.02 00:53:34 | 005,292,032 | ---- | M] () MD5=DFBF21C7DD33BF6374417E54C433AF8D -- C:\Windows\assembly\GAC_64\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
     
    < HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections >
    "DefaultConnectionSettings" = 46 00 00 00 ED 90 00 00 09 00 00 00 00 00 00 00 07 00 00 00 2A 2E 6C 6F 63 61 6C 00 00 00 00 04 00 00 00 00 00 00 00 6A B3 CF C5 02 78 CE 01 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 00 00 00 C0 A8 B2 19 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  [Binary data over 200 bytes]
    "SavedLegacySettings" = 46 00 00 00 97 0A 00 00 09 00 00 00 00 00 00 00 07 00 00 00 2A 2E 6C 6F 63 61 6C 00 00 00 00 04 00 00 00 00 00 00 00 6A B3 CF C5 02 78 CE 01 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 00 00 00 C0 A8 B2 19 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  [Binary data over 200 bytes]
     
    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
     
    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
    
    < End of report >
    
    
    
    OTL Extras logfile created on: 15.10.2013 13:27:17 - Run 1
    OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Rape\Downloads
    64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.10.9200.16721)
    Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
     
    8,00 Gb Total Physical Memory | 6,15 Gb Available Physical Memory | 76,93% Memory free
    12,93 Gb Paging File | 10,54 Gb Available in Paging File | 81,51% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 465,66 Gb Total Space | 7,25 Gb Free Space | 1,56% Space Free | Partition Type: NTFS
    Unable to calculate disk information.
    Drive E: | 7,07 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
    Drive H: | 100,00 Mb Total Space | 61,72 Mb Free Space | 61,72% Space Free | Partition Type: NTFS
     
    Computer Name: RAPE-PC | User Name: Rape | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
     
    ========== Extra Registry (SafeList) ==========
     
     
    ========== File Associations ==========
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
     
    [HKEY_USERS\S-1-5-21-916265873-225623776-2837566140-1001\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
     
    ========== Shell Spawning ==========
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- "C:\Users\Rape\AppData\Roaming\File Scout\filescout.exe" /open "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- "C:\Users\Rape\AppData\Roaming\File Scout\filescout.exe" /open "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
     
    ========== Security Center Settings ==========
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
     
    ========== Firewall Settings ==========
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1
     
    ========== Authorized Applications List ==========
     
     
    ========== Vista Active Open Ports Exception List ==========
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{12D68ED2-77F9-431E-8C5D-E515007F6149}" = rport=10243 | protocol=6 | dir=out | app=system | 
    "{1E0AE8C9-6166-4D3E-B0F4-0E6990A99704}" = lport=2869 | protocol=6 | dir=in | app=system | 
    "{22FB5DE0-ACA9-476C-BD85-FBB1BC54F534}" = lport=445 | protocol=6 | dir=in | app=system | 
    "{385C2990-C4AE-4682-874F-124ABA114C76}" = lport=10243 | protocol=6 | dir=in | app=system | 
    "{3FEB73B3-3568-4960-AE56-4DCF043F2A5A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
    "{60B9D465-18AB-4F25-BEAA-E19CDD79AE39}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
    "{62BB981F-2213-402C-A19E-0FB53C2C0CF4}" = rport=139 | protocol=6 | dir=out | app=system | 
    "{65EFD66C-275D-448E-A2D5-C5E534BAF3AF}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
    "{75D5E21E-064E-474C-8B32-482CF1BE7D52}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
    "{82AA9577-B5AD-4E5C-BA30-AC02F68F46F2}" = rport=137 | protocol=17 | dir=out | app=system | 
    "{8741468A-9C71-47D6-8751-3D6671271E25}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
    "{8B20F34D-514E-4A60-9791-20505E2B2C94}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
    "{A6C797DD-B5F2-4114-A510-B5967FFA07CA}" = rport=138 | protocol=17 | dir=out | app=system | 
    "{AE4C9ACA-7155-418E-A984-23B7CE2514A4}" = lport=137 | protocol=17 | dir=in | app=system | 
    "{B3349DB1-DED0-438F-9AC5-84048A4CFCA7}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
    "{BEE3F850-3682-4D93-9722-A70E687B4C3F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
    "{D00BB9CD-3F87-4A4F-A44B-E9ED91A3E299}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
    "{D5F75A39-124A-473E-8077-16D637884452}" = rport=445 | protocol=6 | dir=out | app=system | 
    "{E0761483-040D-46D2-9E6B-AA376AA7B4E8}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
    "{E0767ACE-393C-401D-A4EB-9AD5AB66E8BB}" = lport=138 | protocol=17 | dir=in | app=system | 
    "{EC70B575-9779-4877-A1C0-BBDD34F2CC2A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
    "{F4C34715-272E-4042-9540-869C40B989BF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
    "{FEB06F71-4377-49B8-BA36-FE41C17832C8}" = lport=139 | protocol=6 | dir=in | app=system | 
     
    ========== Vista Active Application Exception List ==========
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{009C733B-9ED3-4D3E-9B59-72E04FAF0D55}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's splinter cell® blacklist™\src\system\blacklist_game.exe | 
    "{02CFCBE7-A0F9-4C81-A0F9-20AAD64476CB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
    "{054CFD01-75A2-4CA8-B02A-1AF0468EED72}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
    "{0CE494CF-0565-4218-9F0A-D950D08F4882}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6mp.exe | 
    "{0FFC756F-F8DF-4BD6-9B67-53BAE1BEB815}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's splinter cell® blacklist™\blacklist_launcher.exe | 
    "{13293F39-9E4A-4D99-A8C3-EFE04DA52EE7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6zm.exe | 
    "{22045FF6-DD83-4AD9-8988-5B7F7D147D82}" = protocol=6 | dir=in | app=c:\program files (x86)\deadspace3\dead space 3\deadspace3.exe | 
    "{277A7C17-59FB-4CE1-8A09-EA9BB6125065}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6mp.exe | 
    "{2A9A2E4E-1496-487A-A33E-0441B0490F95}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
    "{302CC9DD-A03D-4DD5-9402-08DE30A906A6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6zm.exe | 
    "{302CD3F4-2273-4D6B-8FC0-0E977EE68FBC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
    "{313C9A01-98CC-4C82-96B3-58AC9385322E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6mp.exe | 
    "{33FF7817-6AE4-4ADD-841D-9776FE2D5ECA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
    "{374162B5-A667-497C-A4F3-26B0AE4CEE67}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's splinter cell® blacklist™\src\system\blacklist_dx11_game.exe | 
    "{3AF2DADC-F3A9-4B29-ACD5-31DC854E3546}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
    "{3BA451D3-1C5E-40DC-9043-1641D72E8077}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe | 
    "{3D10600B-33C3-4E34-9B70-1B85B2B6ED4A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
    "{3E7A1662-453A-4030-985B-19401596C9E9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
    "{3FC90477-0F18-4F4E-9E2E-F43FE56C6B42}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's splinter cell® blacklist™\src\system\gu.exe | 
    "{40B49DB6-0654-482A-8DDA-DD997CD77038}" = protocol=17 | dir=in | app=c:\program files (x86)\fifa13\fifa 13\game\fifa13.exe | 
    "{41596CBB-C9EA-454C-96A7-960D3175041B}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's splinter cell® blacklist™\src\system\gu.exe | 
    "{453A79D4-835B-4D83-A5B0-243D6882EE9F}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe | 
    "{4549D814-7A12-483B-BB3C-3D172B051D1D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
    "{460B7421-5DC0-451A-B848-9B9303C9C8CA}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's splinter cell® blacklist™\src\system\blacklist_game.exe | 
    "{48A25B81-69EC-4405-9E5D-42FCA7C83C64}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's splinter cell® blacklist™\blacklist_launcher.exe | 
    "{4BB4806F-91AF-4DB0-9DB4-2575E396F196}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
    "{4BF3E550-C3C8-4D3B-886A-A64A2A912560}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
    "{4E1844A8-ECD0-4B7F-9D78-6A71FC8969A1}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
    "{5493390C-6F92-4820-BC6D-45BEDCCAEF99}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
    "{595D5787-931D-4EB6-84F6-DC1DE077C93B}" = protocol=6 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | 
    "{5F7FE752-3ADA-49BC-99E6-4F361B7270AC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
    "{65B59EC3-F3D2-4796-A534-C34E75C02724}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
    "{6608497D-DFD6-4C4A-AFC4-B7FB992868D1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
    "{67615881-1A44-407C-81D4-2798283AF9DB}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
    "{681E4EC3-6F05-469D-8827-6CE3982D8746}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's splinter cell® blacklist™\src\system\blacklist_dx11_game.exe | 
    "{72C186CE-2267-44F3-B781-5815A8D053F7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6mp.exe | 
    "{73CD41DB-8A85-45C8-9A3A-F4468ADA5A8E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6sp.exe | 
    "{754B0548-5D0D-4F26-BC21-D0948E3388DB}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe | 
    "{77099576-0906-49BA-A0B6-6BC3DABEB4C2}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
    "{780DCE9D-B151-4927-918C-8B056FBF5EF2}" = protocol=6 | dir=out | app=system | 
    "{7875B2C5-4589-4273-9080-F28C98A41E2A}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe | 
    "{88D7C8BE-EEE5-47AE-BC21-316AF47902B0}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
    "{8A75C642-EB43-47B8-B2CF-FBAB717061FE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
    "{958DED6F-684B-4022-B384-A52370C71F79}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe | 
    "{AAA15E68-F836-4AF8-9293-005B92A4FEEC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
    "{ABC4AAC1-B4BD-442F-99F5-085C97A87227}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
    "{B65107C5-3FB0-40C9-BA37-86859B320B38}" = protocol=17 | dir=in | app=c:\program files (x86)\crysis 3\crysis 3\bin32\crysis3.exe | 
    "{B6AC281B-3951-4797-9E99-F5454F745E75}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
    "{B6EA1E3B-407A-4506-BA75-992F942E7F68}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe | 
    "{B792C2ED-9DA7-48F3-BF6C-90714FE3E481}" = protocol=17 | dir=in | app=c:\program files (x86)\deadspace3\dead space 3\deadspace3.exe | 
    "{BC0F0B07-D5BB-4C62-A500-23620D37A3C4}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe | 
    "{BCB73E22-57B8-4AB9-B3F5-7D23DCBE33A2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6zm.exe | 
    "{BED09FE0-00A3-4EA2-8122-370DB36E1CDA}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
    "{BF138C87-9DE1-4CF7-BDFB-70E9ECAC0239}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6sp.exe | 
    "{C1813E5D-1F85-471A-B99C-80C2349192B7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
    "{C44F34B2-31CB-4D18-A792-CBB557080F65}" = protocol=6 | dir=in | app=c:\users\rape\appdata\roaming\icqm\icq.exe | 
    "{DD23C163-4D3E-468E-8907-9160BFE3AE37}" = protocol=17 | dir=in | app=c:\users\rape\appdata\roaming\icqm\icq.exe | 
    "{DEE7E388-F9B3-430A-B771-2A6C4CF3340B}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe | 
    "{E0417643-CDFA-4215-AE6F-064A763E6B78}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6zm.exe | 
    "{E301EB30-EADF-4272-8F9B-E2E6E54F46D9}" = protocol=6 | dir=in | app=c:\program files (x86)\crysis 3\crysis 3\bin32\crysis3.exe | 
    "{EFC8F29D-43A4-446E-8C98-0A61E7365DF3}" = protocol=6 | dir=in | app=c:\program files (x86)\fifa13\fifa 13\game\fifa13.exe | 
    "{F1327420-79E5-4E08-9D51-16721505D193}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe | 
    "{F6B83D89-83F8-483B-99E1-53DB29229199}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
    "{FDBE4F41-395D-430D-8CCB-23F212D407B6}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe | 
    "{FE68A801-8517-49A5-8C06-2B0014E5FB47}" = protocol=17 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | 
    "TCP Query User{10CD8372-C2D7-4EC0-98D8-5C5DC132D401}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
    "TCP Query User{1A3FE56C-B33D-43A7-AED3-021ADBD937DA}C:\users\rape\desktop\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\users\rape\desktop\warcraft iii\war3.exe | 
    "TCP Query User{3FBEF872-14A5-48A9-9797-B99BB12FB2C3}C:\program files (x86)\2k games\borderlands 2\binaries\win32\borderlands2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\2k games\borderlands 2\binaries\win32\borderlands2.exe | 
    "TCP Query User{3FCF6276-7904-4F25-977A-3116AEF7A1CC}C:\program files (x86)\jdownloader 2\jdownloader 2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\jdownloader 2\jdownloader 2.exe | 
    "TCP Query User{4AFD3BD3-09B4-43EE-8A67-EA00788EDCD1}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
    "TCP Query User{8BBCB68A-C8F5-4F5F-A4D6-559691C063DA}C:\program files (x86)\bethesda softworks\dishonored\binaries\win32\dishonored.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bethesda softworks\dishonored\binaries\win32\dishonored.exe | 
    "TCP Query User{C30AD50D-1B43-4837-B746-AA4AAA152EC6}C:\program files (x86)\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe | 
    "TCP Query User{CC012DE4-6CAE-4BCD-806B-11892BFECA48}C:\program files (x86)\fifa 12\game\fifa.exe" = protocol=6 | dir=in | app=c:\program files (x86)\fifa 12\game\fifa.exe | 
    "TCP Query User{E9778C42-08F9-4429-B065-F9B41EFD1C1A}C:\program files (x86)\ea games\need for speed most wanted\nfs13.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\need for speed most wanted\nfs13.exe | 
    "TCP Query User{F136B742-4B43-47A0-8E78-36654A193CFB}C:\program files (x86)\jdownloader\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\jdownloader\jre\bin\javaw.exe | 
    "UDP Query User{245F413A-C0FD-4B39-B76A-9B900B635B64}C:\program files (x86)\jdownloader 2\jdownloader 2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\jdownloader 2\jdownloader 2.exe | 
    "UDP Query User{2B5BF723-2387-4893-B8CD-740CA1446339}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
    "UDP Query User{485F2CC3-70C5-4AE8-8C21-E63C05D1B84B}C:\program files (x86)\jdownloader\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\jdownloader\jre\bin\javaw.exe | 
    "UDP Query User{49B6027C-A814-44F6-AEED-72ABD5D7D639}C:\program files (x86)\fifa 12\game\fifa.exe" = protocol=17 | dir=in | app=c:\program files (x86)\fifa 12\game\fifa.exe | 
    "UDP Query User{4B3074B3-8B1E-4249-B5B4-E12F290BCC5E}C:\program files (x86)\bethesda softworks\dishonored\binaries\win32\dishonored.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bethesda softworks\dishonored\binaries\win32\dishonored.exe | 
    "UDP Query User{AA0DAD53-6250-42C0-B1F7-6A8457F4DE61}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
    "UDP Query User{B6DEEF8E-A9CD-4E52-9537-2EB5FC850CC1}C:\program files (x86)\2k games\borderlands 2\binaries\win32\borderlands2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\2k games\borderlands 2\binaries\win32\borderlands2.exe | 
    "UDP Query User{BBD76849-E0D6-4715-83AA-579A64683F53}C:\program files (x86)\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe | 
    "UDP Query User{C605B543-114D-49E1-BE40-07771B1B840A}C:\program files (x86)\ea games\need for speed most wanted\nfs13.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\need for speed most wanted\nfs13.exe | 
    "UDP Query User{CC9B0105-9771-4053-BABD-10727E8C2757}C:\users\rape\desktop\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\users\rape\desktop\warcraft iii\war3.exe | 
     
    ========== HKEY_LOCAL_MACHINE Uninstall List ==========
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
    "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
    "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
    "{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy Gamepad tool 0.7.1001
    "{391ED0B2-B886-A6D0-B1A6-C25A7FE5B452}" = ATI AVIVO64 Codecs
    "{4F8A27CA-6788-7965-3259-5C3B9C37FCD8}" = ATI Problem Report Wizard
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{60A95961-E9F4-17C6-2A91-578C34ED9A0C}" = ATI Catalyst Install Manager
    "{6DF41AAD-B5F7-84BE-37F5-4C93184F5FBE}" = ccc-utility64
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{83ED5086-5D6B-698F-5CD4-2F631DA8FD69}" = AMD Drag and Drop Transcoding
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "WinRAR archiver" = WinRAR 4.20 (64-Bit)
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0471C553-36C2-E7A0-7489-E99CD3F9683C}" = CCC Help Chinese Standard
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
    "{07BFA98D-6DB0-6D9C-95D5-7EF347AF587B}" = HydraVision
    "{08A25478-C5DD-4EA7-B168-3D687CA987FF}" = Die Sims™ 3 Traumsuite-Accessoires
    "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0BD171A4-7DAC-A12B-14E3-E33DA0B6FE6A}" = CCC Help Finnish
    "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
    "{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
    "{1C9B6173-6DC9-4EEE-9EFC-6BA115CFBE43}" = Die Sims™ 3 Diesel Accessoires
    "{1D33BBA9-75E5-7B82-9776-277DEA2C4BA2}" = Catalyst Control Center Graphics Previews Vista
    "{1D4BA420-070F-3F9B-4969-126689978A98}" = CCC Help Greek
    "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{2198B991-FCB1-F74E-26C9-5F7127B9DB0F}" = ccc-core-static
    "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
    "{289AC7E0-0AEE-4a7b-913C-709D9803D23E}" = Nexon Game Manager
    "{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
    "{29F05234-DCBB-4FE0-88DC-5160C9250312}" = Adobe Photoshop CS3
    "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
    "{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer
    "{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
    "{3ED6B766-BDF2-F30F-F18E-16BA10ABA22A}" = CCC Help French
    "{3F0BBF8C-9BAF-5F16-A2BF-B513D528F1B9}" = Catalyst Control Center Graphics Previews Common
    "{4198AE83-A3C6-4C41-85C8-EC63E990696E}" = Crysis®3
    "{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = Die Sims™ 3 Late Night
    "{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B10.0516.1
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4
    "{516D7330-6BA3-6E53-9C7A-F50666C758E0}" = CCC Help Swedish
    "{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
    "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
    "{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
    "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
    "{66391B4E-194D-C20E-F1E5-D7222F1A8104}" = CCC Help Turkish
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
    "{6D1496ED-3150-FCD5-CA3B-4C08B89D00D0}" = Catalyst Control Center Localization All
    "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{71828142-5A24-4BD0-97E7-976DA08CE6CF}" = Die Sims™ 3 Luxus-Accessoires
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
    "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
    "{77CD6B28-D387-9905-EF5B-78BF8AF722C6}" = CCC Help Chinese Traditional
    "{7B11296A-F894-449C-8DF6-6AAAA7D4D118}" = Die Sims™ 3 Stadt-Accessoires
    "{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
    "{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 5.2.0
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
    "{8A54BB79-658E-84A4-FBB7-93FD1EB20174}" = CCC Help Danish
    "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
    "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
    "{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = Die Sims™ 3 Traumkarrieren
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9B2506E3-9A3F-45B5-96BF-509CAD584650}" = Die Sims™ 3 Katy Perry Süße Welt
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{A0855EE1-F653-3A5A-C7AF-D6CC3BF7A506}" = Catalyst Control Center InstallProxy
    "{A0D2B948-BB85-589F-D283-2145A54BB11B}" = CCC Help English
    "{A29E18C2-7AB1-4b6b-848C-5D5E2C85F0C0}" = FIFA 13
    "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
    "{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
    "{A2F991E7-DDCD-42B7-AFEC-47789A099FDC}" = Browser Configuration Utility
    "{A6356F2F-D3E1-4D83-9AA2-72871DD0C298}" = Tom Clancy's Splinter Cell® Blacklist™
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{A9C4FF3C-C5E5-07F7-AD5D-C26C2B41CFF3}" = CCC Help Dutch
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{ABA5FB59-633D-23B0-5841-D11A7B97C624}" = CCC Help Hungarian
    "{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
    "{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
    "{B0F9D227-9243-E2E6-21CE-7FB9528202C5}" = CCC Help Norwegian
    "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
    "{B1D6F9CC-55FC-CD82-1D5C-BF725BF9311E}" = CCC Help Portuguese
    "{B282CB34-95CC-06B2-DFBC-07617F722837}" = CCC Help Spanish
    "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
    "{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
    "{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
    "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
    "{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
    "{C9AAF970-4E7E-4C98-AD67-09C74379D345}" = Harry Potter und die Heiligtümer des Todes™ - Teil 1
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
    "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
    "{D4329609-4102-4F8C-B83F-7FE024EEA314}" = Dead Space™ 3
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
    "{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
    "{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
    "{DDA34038-89BD-4804-B0B8-DC48D5DFB463}" = Catalyst Control Center - Branding
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E342FAD9-ACA4-BE69-D78C-F26CDF6DC9DC}" = CCC Help Italian
    "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
    "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
    "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
    "{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}" = Die Sims™ 3 Lebensfreude
    "{ED9E5BCC-371A-5BE1-6DC6-CF7D8DC9A2B7}" = CCC Help Czech
    "{EF829AE4-69BB-F791-F3DF-C6CBF8942881}" = CCC Help Korean
    "{EFF33410-5603-B27E-778A-7AB406C7A785}" = CCC Help Japanese
    "{F01F79AD-1F47-4685-AE4E-CCFA4EA9FF7C}" = Adobe Setup
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F241F4AB-9D50-52E4-6CA5-D1EA5A0713BC}" = CCC Help Russian
    "{F3F8BEC4-1D0E-9E50-0AF6-54A16094C92E}" = CCC Help German
    "{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
    "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
    "{FA39D1A0-3B11-AF64-5EF0-1DBC97F47075}" = CCC Help Thai
    "{FD20D0EA-5F36-5870-26EC-5CA842E8C713}" = CCC Help Polish
    "{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
    "0630-0716-3135-7887" = JDownloader 2
    "8461-7759-5462-8226" = Vuze
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
    "Adobe Photoshop_is1" = Adobe Photoshop
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.6
    "Adobe_5f143314a5d434c8511097393d17397" = Adobe Photoshop CS3
    "Audacity_is1" = Audacity 2.0
    "Borderlands 2_is1" = Borderlands 2
    "Castlevania: Lords of Shadow - Ultimate Edition_is1" = Castlevania: Lords of Shadow - Ultimate Edition
    "claro" = Claro toolbar  
    "DAEMON Tools Lite" = DAEMON Tools Lite
    "Darksiders II_is1" = Darksiders II
    "Fifa 12 (c) Electronic Arts_is1" = Fifa 12 (c) Electronic Arts version 1
    "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
    "InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
    "Mozilla Firefox 24.0 (x86 de)" = Mozilla Firefox 24.0 (x86 de)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "Need for Speed Most Wanted_is1" = Need for Speed Most Wanted
    "Sniper Elite V2_is1" = Sniper Elite V2
    "Steam App 202970" = Call of Duty: Black Ops II
    "Steam App 202990" = Call of Duty: Black Ops II - Multiplayer
    "Steam App 212910" = Call of Duty: Black Ops II - Zombies
    "Steam App 72850" = The Elder Scrolls V: Skyrim
    "Steam App 730" = Counter-Strike: Global Offensive
    "T3V0bGFzdA==_is1" = Outlast
    "TeamSpeak 3 Client" = TeamSpeak 3 Client
    "Tunngle beta_is1" = Tunngle beta
    "Uplay" = Uplay
    "Warrock EU" = WarRock
    "WinLiveSuite" = Windows Live Essentials
     
    ========== HKEY_USERS Uninstall List ==========
     
    [HKEY_USERS\S-1-5-21-916265873-225623776-2837566140-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Google Chrome" = Google Chrome
    "ICQ" = ICQ 8.1 (build 6322)
    "SOE-PlanetSide 2 PSG" = PlanetSide 2
     
    ========== Last 20 Event Log Errors ==========
     
    [ Application Events ]
    Error - 19.09.2013 10:06:00 | Computer Name = Rape-PC | Source = Application Error | ID = 1000
    Description = Name der fehlerhaften Anwendung: FlashPlayerUpdateService.exe, Version:
     11.6.602.180, Zeitstempel: 0x51a4ab8c  Name des fehlerhaften Moduls: ntdll.dll, Version:
     6.1.7601.18229, Zeitstempel: 0x51fb1072  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0002e243
    ID
     des fehlerhaften Prozesses: 0xba4  Startzeit der fehlerhaften Anwendung: 0x01ceb5415e65d442
    Pfad
     der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Pfad
     des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: 9c7f616d-2134-11e3-a170-1c6f653e2513
     
    Error - 19.09.2013 11:06:00 | Computer Name = Rape-PC | Source = Application Error | ID = 1000
    Description = Name der fehlerhaften Anwendung: FlashPlayerUpdateService.exe, Version:
     11.6.602.180, Zeitstempel: 0x51a4ab8c  Name des fehlerhaften Moduls: ntdll.dll, Version:
     6.1.7601.18229, Zeitstempel: 0x51fb1072  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0002e243
    ID
     des fehlerhaften Prozesses: 0x1600  Startzeit der fehlerhaften Anwendung: 0x01ceb549c02a011f
    Pfad
     der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Pfad
     des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: fe49f899-213c-11e3-a170-1c6f653e2513
     
    Error - 19.09.2013 12:06:00 | Computer Name = Rape-PC | Source = Application Error | ID = 1000
    Description = Name der fehlerhaften Anwendung: FlashPlayerUpdateService.exe, Version:
     11.6.602.180, Zeitstempel: 0x51a4ab8c  Name des fehlerhaften Moduls: ntdll.dll, Version:
     6.1.7601.18229, Zeitstempel: 0x51fb1072  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0002e243
    ID
     des fehlerhaften Prozesses: 0x67c  Startzeit der fehlerhaften Anwendung: 0x01ceb55221ee04d6
    Pfad
     der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Pfad
     des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: 600f3324-2145-11e3-a170-1c6f653e2513
     
    Error - 19.09.2013 17:26:55 | Computer Name = Rape-PC | Source = Application Error | ID = 1000
    Description = Name der fehlerhaften Anwendung: FlashPlayerUpdateService.exe, Version:
     11.6.602.180, Zeitstempel: 0x51a4ab8c  Name des fehlerhaften Moduls: ntdll.dll, Version:
     6.1.7601.18229, Zeitstempel: 0x51fb1072  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0002e243
    ID
     des fehlerhaften Prozesses: 0x1bf0  Startzeit der fehlerhaften Anwendung: 0x01ceb57ef6139c17
    Pfad
     der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Pfad
     des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: 34e5caf2-2172-11e3-a170-1c6f653e2513
     
    Error - 19.09.2013 18:06:00 | Computer Name = Rape-PC | Source = Application Error | ID = 1000
    Description = Name der fehlerhaften Anwendung: FlashPlayerUpdateService.exe, Version:
     11.6.602.180, Zeitstempel: 0x51a4ab8c  Name des fehlerhaften Moduls: ntdll.dll, Version:
     6.1.7601.18229, Zeitstempel: 0x51fb1072  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0002e243
    ID
     des fehlerhaften Prozesses: 0x193c  Startzeit der fehlerhaften Anwendung: 0x01ceb5846c87bb2e
    Pfad
     der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Pfad
     des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: aaa6881b-2177-11e3-a170-1c6f653e2513
     
    Error - 19.09.2013 19:06:00 | Computer Name = Rape-PC | Source = Application Error | ID = 1000
    Description = Name der fehlerhaften Anwendung: FlashPlayerUpdateService.exe, Version:
     11.6.602.180, Zeitstempel: 0x51a4ab8c  Name des fehlerhaften Moduls: ntdll.dll, Version:
     6.1.7601.18229, Zeitstempel: 0x51fb1072  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0002e243
    ID
     des fehlerhaften Prozesses: 0x1b94  Startzeit der fehlerhaften Anwendung: 0x01ceb58cce4bf023
    Pfad
     der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Pfad
     des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: 0c6bc08c-2180-11e3-a170-1c6f653e2513
     
    Error - 20.09.2013 07:34:47 | Computer Name = Rape-PC | Source = Application Error | ID = 1000
    Description = Name der fehlerhaften Anwendung: FlashPlayerUpdateService.exe, Version:
     11.6.602.180, Zeitstempel: 0x51a4ab8c  Name des fehlerhaften Moduls: ntdll.dll, Version:
     6.1.7601.18229, Zeitstempel: 0x51fb1072  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0002e243
    ID
     des fehlerhaften Prozesses: 0x1c48  Startzeit der fehlerhaften Anwendung: 0x01ceb5f568d15855
    Pfad
     der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Pfad
     des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: a6f9aac3-21e8-11e3-a170-1c6f653e2513
     
    Error - 20.09.2013 08:06:01 | Computer Name = Rape-PC | Source = Application Error | ID = 1000
    Description = Name der fehlerhaften Anwendung: FlashPlayerUpdateService.exe, Version:
     11.6.602.180, Zeitstempel: 0x51a4ab8c  Name des fehlerhaften Moduls: ntdll.dll, Version:
     6.1.7601.18229, Zeitstempel: 0x51fb1072  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0002e243
    ID
     des fehlerhaften Prozesses: 0x1ff8  Startzeit der fehlerhaften Anwendung: 0x01ceb5f9c54451eb
    Pfad
     der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Pfad
     des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: 03fdd84a-21ed-11e3-a170-1c6f653e2513
     
    Error - 28.09.2013 07:47:54 | Computer Name = Rape-PC | Source = Application Error | ID = 1000
    Description = Name der fehlerhaften Anwendung: OLGame.exe, Version: 1.0.11771.0,
     Zeitstempel: 0x52280fe1  Name des fehlerhaften Moduls: ole32.dll, Version: 6.1.7601.17514,
     Zeitstempel: 0x4ce7b96f  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0003bc21  ID des fehlerhaften
     Prozesses: 0x11dc  Startzeit der fehlerhaften Anwendung: 0x01cebc3f0100e2da  Pfad der
     fehlerhaften Anwendung: C:\Program Files (x86)\Outlast\Binaries\Win32\OLGame.exe
    Pfad
     des fehlerhaften Moduls: C:\Windows\syswow64\ole32.dll  Berichtskennung: cf62a230-2833-11e3-8d91-1c6f653e2513
     
    Error - 10.10.2013 16:12:30 | Computer Name = Rape-PC | Source = Application Hang | ID = 1002
    Description = Programm Skype.exe, Version 5.9.0.115 kann nicht mehr unter Windows
     ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
     um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 161c    Startzeit:
     01cec5b9aa8057cb    Endzeit: 13    Anwendungspfad: C:\Program Files (x86)\Skype\Phone\Skype.exe
    
    Berichts-ID:
     487ab303-31e8-11e3-94d7-1c6f653e2513  
     
    [ System Events ]
    Error - 07.10.2013 22:29:52 | Computer Name = Rape-PC | Source = Service Control Manager | ID = 7009
    Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
     Steam Client Service erreicht.
     
    Error - 07.10.2013 22:29:52 | Computer Name = Rape-PC | Source = Service Control Manager | ID = 7000
    Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
     nicht gestartet:   %%1053
     
    Error - 11.10.2013 05:35:18 | Computer Name = Rape-PC | Source = EventLog | ID = 6008
    Description = Das System wurde zuvor am ?11.?10.?2013 um 11:33:05 unerwartet heruntergefahren.
     
    Error - 11.10.2013 05:37:49 | Computer Name = Rape-PC | Source = Service Control Manager | ID = 7009
    Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
     Steam Client Service erreicht.
     
    Error - 11.10.2013 05:37:49 | Computer Name = Rape-PC | Source = Service Control Manager | ID = 7000
    Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
     nicht gestartet:   %%1053
     
     
    < End of report >
    Gruß Dennis

  2. #2
    Einsteiger
    Registriert seit
    15.10.2013
    Beiträge
    3
    Vielleicht noch eine kurze Erklärung.

    Es ist dieser "Trojaner" (andere Seiten sagten es sei kein Trojaner) den es in zig verschiedenen Varationen gibt. Man wird zur Kasse gebeten und es wird sonst mit Konsequenzen gedroht. Habe ihn schon das vierte Mal, jedes mal in einer anderen Version des Virus, sodass ich auch jedes Mal einen neuen Weg suchen muss um ihn zu beseitigen. Anders als sonst, ist es dieses Mal kein weißer Bildschirm der alles blockiert, sondern nur ein Browser-Fenster welches sich nicht schließen lässt. Kann es allerdings minimieren, fänds trotzdem schöner wenn mein PC wieder sauber wäre.

    Ich benutze Firefox als Standartbrowser, der Rest ist ja unten zu entnehmen.
    Brauche dringend Hilfe, bedanke mich schonmal im Voraus in der Hoffnung auf schnelle Unterstützung
    Geändert von Dennis Sonny Rehmann (15.10.2013 um 16:15 Uhr)

  3. #3
    Moderator Avatar von MatrixReloaded
    Registriert seit
    15.05.2012
    Ort
    Oslo, Norwegen
    Beiträge
    1.090


    Bereinigung mit Malwarebytes' Anti-Malware (Komplett-Scan)

    Mache bitte mit Malwarebytes' Anti-Malware einen Komplett-Scan nach dieser Anleitung und poste das Logfile hier in den Thread.

    (Vista/Win7-User: mit Rechtsklick als Administrator starten)
    Worauf musst du während der Bereinigung achten: http://forum.botfrei.de/showthread.p...inigung-achten

    Worauf musst du nach der Bereinigung achten: http://blog.botfrei.de/2011/12/malwa...fernt-was-nun/


    Eine Malware-Infektion ist vermeidbar!
    https://www.bsi-fuer-buerger.de/BSIF...tangriffe.html




  4. #4
    Einsteiger
    Registriert seit
    15.10.2013
    Beiträge
    3
    Code:
    Malwarebytes Anti-Malware 1.75.0.1300
    www.malwarebytes.org
    
    Datenbank Version: v2013.10.15.05
    
    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 10.0.9200.16721
    Rape :: RAPE-PC [Administrator]
    
    15.10.2013 20:35:33
    mbam-log-2013-10-15 (20-35-33).txt
    
    Art des Suchlaufs: Vollständiger Suchlauf (C:\|H:\|)
    Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
    Deaktivierte Suchlaufeinstellungen: P2P
    Durchsuchte Objekte: 523545
    Laufzeit: 1 Stunde(n), 42 Minute(n), 5 Sekunde(n)
    
    Infizierte Speicherprozesse: 0
    (Keine bösartigen Objekte gefunden)
    
    Infizierte Speichermodule: 0
    (Keine bösartigen Objekte gefunden)
    
    Infizierte Registrierungsschlüssel: 8
    HKCR\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17} (PUP.Optional.Wajam.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} (PUP.Optional.Wajam) -> Erfolgreich gelöscht und in Quarantäne gestellt.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} (PUP.Optional.Wajam) -> Erfolgreich gelöscht und in Quarantäne gestellt.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{89E2702F-2968-05CE-F529-02B884FBB773} (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
    HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
    HKCU\Software\DataMngr (PUP.Optional.DataMngr.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
    HKCU\Software\AppDataLow\SProtector (PUP.Optional.SProtector.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
    HKCU\Software\BabSolution\Updater (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
    
    Infizierte Registrierungswerte: 0
    (Keine bösartigen Objekte gefunden)
    
    Infizierte Dateiobjekte der Registrierung: 0
    (Keine bösartigen Objekte gefunden)
    
    Infizierte Verzeichnisse: 5
    C:\Users\Rape\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
    C:\ProgramData\SearchNewTab (PUP.Optional.SearchNewTab) -> Erfolgreich gelöscht und in Quarantäne gestellt.
    C:\Users\Rape\AppData\Roaming\File Scout (PUP.Optional.FileScout.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
    C:\Users\Rape\AppData\Local\Temp\ct2504091 (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
    C:\Users\Rape\AppData\Local\Temp\ct2504091\xpi (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
    
    Infizierte Dateien: 31
    C:\Program Files\Aimbot\AntiShield.exe (PasswordStealer.MSIL) -> Erfolgreich gelöscht und in Quarantäne gestellt.
    C:\Program Files (x86)\Fifa13\FIFA 13\Game\rld.dll (Trojan.VirTool) -> Erfolgreich gelöscht und in Quarantäne gestellt.
    C:\Program Files (x86)\Outlast\Binaries\Win32\steam_api.dll (VirTool.Obfuscator) -> Erfolgreich gelöscht und in Quarantäne gestellt.
    C:\ProgramData\InstallMate\{1F1B0120-52AC-44EE-A605-1A8EC4F823D6}\Setup.exe (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
    C:\ProgramData\InstallMate\{1F1B0120-52AC-44EE-A605-1A8EC4F823D6}\TsuDll.dll (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
    C:\Users\Rape\AppData\Local\Temp\dGOs35ZA.exe.part (PUP.Optional.Installex) -> Erfolgreich gelöscht und in Quarantäne gestellt.
    C:\Users\Rape\AppData\Local\Temp\E36B.tmp (PUP.Optional.PerformerSoft.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
    C:\Users\Rape\AppData\Local\Temp\Fn899GeI.exe.part (PUP.BundleInstaller.DW) -> Erfolgreich gelöscht und in Quarantäne gestellt.
    C:\Users\Rape\AppData\Local\Temp\setup_fsu_cid.exe (Trojan.Sefnit) -> Erfolgreich gelöscht und in Quarantäne gestellt.
    C:\Users\Rape\AppData\Local\Temp\SqobcVj7.exe.part (PUP.Optional.Installex) -> Erfolgreich gelöscht und in Quarantäne gestellt.
    C:\Users\Rape\AppData\Local\Temp\wajam_install.exe (PUP.Optional.Wajam.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
    C:\Users\Rape\AppData\Local\Temp\is1070216317\MyBabylonTB.exe (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
    C:\Users\Rape\AppData\Local\Temp\{1F1B0120-52AC-44EE-A605-1A8EC4F823D6}\Addons\ext_setup.exe (PUP.Adware.MultiPlug) -> Erfolgreich gelöscht und in Quarantäne gestellt.
    C:\Users\Rape\AppData\Local\Temp\{1F1B0120-52AC-44EE-A605-1A8EC4F823D6}\Addons\newtab_setup.exe (PUP.Adware.MultiPlug) -> Erfolgreich gelöscht und in Quarantäne gestellt.
    C:\Users\Rape\AppData\Local\Temp\{1F1B0120-52AC-44EE-A605-1A8EC4F823D6}\Addons\web_assistant_v2.exe (PUP.Optional.SProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
    C:\Users\Rape\AppData\Roaming\File Scout\filescout.exe (PUP.Optional.FileScout.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
    C:\Users\Rape\Documents\Vuze Downloads\Adobe Photoshop CS3 Extended-Version (Deutsch)\Adobe Photoshop CS3 Extended-Version (Deutsch)\KeyGen\Keygen.exe (RiskWare.Tool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt.
    C:\Windows\System32\config\systemprofile\AppData\Local\Windows Internet Name Service\wins.exe (Trojan.Downloader.WI) -> Erfolgreich gelöscht und in Quarantäne gestellt.
    C:\Users\Rape\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
    C:\Users\Rape\AppData\Roaming\File Scout\uninst.exe (PUP.Optional.FileScout.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
    C:\Users\Rape\AppData\Local\Temp\ct2504091\chLogic.exe (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
    C:\Users\Rape\AppData\Local\Temp\ct2504091\CT2504091.txt (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
    C:\Users\Rape\AppData\Local\Temp\ct2504091\CT2504091.xpi (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
    C:\Users\Rape\AppData\Local\Temp\ct2504091\dtime.csf (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
    C:\Users\Rape\AppData\Local\Temp\ct2504091\ffLogic.exe (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
    C:\Users\Rape\AppData\Local\Temp\ct2504091\ieLogic.exe (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
    C:\Users\Rape\AppData\Local\Temp\ct2504091\initData.json (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
    C:\Users\Rape\AppData\Local\Temp\ct2504091\manifest.json (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
    C:\Users\Rape\AppData\Local\Temp\ct2504091\statisticsStub.exe (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
    C:\Users\Rape\AppData\Local\Temp\ct2504091\version.txt (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
    C:\Users\Rape\AppData\Local\Temp\ct2504091\xpi\install.rdf (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
    
    (Ende)

  5. #5
    Moderator Avatar von MatrixReloaded
    Registriert seit
    15.05.2012
    Ort
    Oslo, Norwegen
    Beiträge
    1.090
    Hallo,

    wir geben kein Support für PC-Systeme auf denen Cracks/Keygens installiert worden sind. Solch eine Nutzung ist illegal und 99% dieser gecrackten Software enthält Adware/Malware.

    Solltest du eine Weiterführung der Bereinigung wünschen, deinstalliere alle gecrackte Software.
    Worauf musst du während der Bereinigung achten: http://forum.botfrei.de/showthread.p...inigung-achten

    Worauf musst du nach der Bereinigung achten: http://blog.botfrei.de/2011/12/malwa...fernt-was-nun/


    Eine Malware-Infektion ist vermeidbar!
    https://www.bsi-fuer-buerger.de/BSIF...tangriffe.html




Ähnliche Themen

  1. Win8 Bundespolizei Trojaner hat Browser gesperrt, was tun ?
    Von Helpless87 im Forum Windows
    Antworten: 10
    Letzter Beitrag: 03.01.2014, 15:33
  2. Win7 Browser gesperrt
    Von horstine im Forum Windows
    Antworten: 7
    Letzter Beitrag: 18.12.2013, 00:34
  3. Win7 Virus Bundespolizei - Ihr Browser hat gesperrt
    Von Karlson im Forum Allgemeines
    Antworten: 13
    Letzter Beitrag: 13.12.2013, 10:48
  4. Win8 Bundespolizei ihr Browser hat gesperrt
    Von Colgate im Forum Windows
    Antworten: 7
    Letzter Beitrag: 06.12.2013, 01:33
  5. Win8 Bundespolizei-Virus Browser gesperrt
    Von Hannibal90 im Forum Windows
    Antworten: 4
    Letzter Beitrag: 24.11.2013, 13:27

Lesezeichen

Berechtigungen

  • Neue Themen erstellen: Nein
  • Themen beantworten: Nein
  • Anhänge hochladen: Nein
  • Beiträge bearbeiten: Nein
  •  
G Data
forum.botfrei.de wird überprüft von der Initiative-S