| |
| |||||||
Log-Analyse und Auswertung: Posadi17 verschwindet nicht mehr.Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
12.05.2014, 19:32
| #1 |
| |  Posadi17 verschwindet nicht mehr. Hallo, es wurde schon oft gepostet habe auch alle Programme ausgeführt wie bei anderen Usern empfohlen wurde doch leider ist es immer noch da. Hier gleich die Logfiles von den Programmen. FRST Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-05-2014 01
Ran by Steven (administrator) on STEVEN-PC on 12-05-2014 20:22:09
Running from C:\Users\Steven\Downloads
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
() C:\Program Files (x86)\Tor\tor.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(The Privoxy team - www.privoxy.org) C:\Program Files (x86)\MSR\Privoxy\privoxy.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [VX3000] => C:\Windows\vVX3000.exe [762736 2010-05-20] (Microsoft Corporation)
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2014-02-14] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2013-03-21] (Microsoft Corporation)
HKU\S-1-5-21-3548663749-2604073035-1364446154-1001\...\Run: [Facebook Update] => C:\Users\Steven\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-06-08] (Facebook Inc.)
HKU\S-1-5-21-3548663749-2604073035-1364446154-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1825984 2014-04-24] (Valve Corporation)
HKU\S-1-5-21-3548663749-2604073035-1364446154-1001\...\Run: [Pando Media Booster] => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [4287536 2013-11-01] ()
HKU\S-1-5-21-3548663749-2604073035-1364446154-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Steven\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3548663749-2604073035-1364446154-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20924064 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-3548663749-2604073035-1364446154-1001\...\MountPoints2: {9df90aa7-5b33-11e2-8456-806e6f6e6963} - D:\setup.exe /autorun
==================== Internet (Whitelisted) ====================
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:8118;https=127.0.0.1:8118
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC0112C0A43EFCD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - URL hxxp://search.conduit.com/Results.aspx?ctid=CT3321902&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=5&UP=SP663B87C6-8A3D-4CE8-B59C-1A74EF062EE0&q={searchTerms}&SSPV=
SearchScopes: HKCU - SuggestionsURL_JSON hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
SearchScopes: HKCU - EABAE5A3C45E4C8C962B7647CCF3B4C1 URL = hxxp://feed.snapdo.com/?publisher=TightropeYB&dpid=TightropeYB&co=DE&userid=dc4e5cbb-3918-42fc-9b3e-bd7a3429a538&searchtype=ds&q={searchTerms}&installDate=23/05/2013
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\nml0go5u.default
FF SearchEngineOrder.3: Bing
FF NetworkProxy: "type", 1);user_pref("network.proxy.http", "127.0.0.1");user_pref("network.proxy.http_port", 8118);user_pref("network.proxy.ssl", "127.0.0.1");user_pref("network.proxy.ssl_port", 8118
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 - C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Steven\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Amazon-Icon - C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\nml0go5u.default\Extensions\amazon-icon@winload.de [2013-08-29]
FF Extension: Snap.Do - C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\nml0go5u.default\Extensions\{dc4e5cbb-3918-42fc-9b3e-bd7a3429a538} [2013-06-13]
FF Extension: ReloadEvery - C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\nml0go5u.default\Extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi [2013-03-02]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-12-04]
FF HKCU\...\Firefox\Extensions: [{710723a6-29df-467c-ab26-052643f280eb}] - C:\Program Files (x86)\Re-markit\150.xpi
Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR Extension: (Google Docs) - C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-14]
CHR Extension: (Google Drive) - C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-14]
CHR Extension: (YouTube) - C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-14]
CHR Extension: (Google-Suche) - C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-14]
CHR Extension: (Google Wallet) - C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-14]
CHR Extension: (Google Mail) - C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-14]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Services (Whitelisted) =================
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4600264 2013-11-05] (INCA Internet Co., Ltd.)
S2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
S2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
S2 SystemUpdatekb70007; C:\Windows\Microsoft\SystemUpdatekb70007\WindowsUpdater.exe [18944 2014-05-08] ()
R2 tor; C:\Program Files (x86)\Tor\tor.exe [3233806 2013-08-24] ()
S2 d0e87c27; "C:\Windows\system32\rundll32.exe" "c:\progra~2\sw-boo~1\AssistantSvc.dll",service
==================== Drivers (Whitelisted) ====================
S4 sfdrv01; C:\Windows\System32\drivers\sfdrv01.sys [68608 2005-08-10] (Protection Technology)
S4 sfvfs02; C:\Windows\System32\drivers\sfvfs02.sys [89600 2005-11-03] (Protection Technology)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-09-17] (Anchorfree Inc.)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)
R1 {587cb346-a3d8-4884-b39b-f0ed918b6f96}Gw64; C:\Windows\System32\drivers\{587cb346-a3d8-4884-b39b-f0ed918b6f96}Gw64.sys [61120 2014-04-24] (StdLib)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [X]
S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [X]
S3 X6va013; \??\C:\Windows\SysWOW64\Drivers\X6va013 [X]
S3 X6va014; \??\C:\Windows\SysWOW64\Drivers\X6va014 [X]
S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [X]
S3 X6va016; \??\C:\Windows\SysWOW64\Drivers\X6va016 [X]
S3 X6va017; \??\C:\Windows\SysWOW64\Drivers\X6va017 [X]
S3 X6va019; \??\C:\Windows\SysWOW64\Drivers\X6va019 [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-05-12 20:22 - 2014-05-12 20:22 - 00013231 _____ () C:\Users\Steven\Downloads\FRST.txt
2014-05-12 20:22 - 2014-05-12 20:22 - 00000000 ____D () C:\FRST
2014-05-12 20:21 - 2014-05-12 20:21 - 02066944 _____ (Farbar) C:\Users\Steven\Downloads\FRST64.exe
2014-05-12 18:24 - 2014-05-12 18:24 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-05-12 18:23 - 2014-05-12 18:23 - 02347384 _____ (ESET) C:\Users\Steven\Downloads\esetsmartinstaller_enu.exe
2014-05-12 18:08 - 2014-05-12 18:08 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-12 18:08 - 2014-05-12 18:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-05-12 18:08 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 18:08 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 18:08 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-12 18:04 - 2014-05-12 18:04 - 00259584 _____ (OldTimer Tools) C:\Users\Steven\Downloads\OTH.scr
2014-05-12 17:56 - 2014-05-12 17:56 - 00003192 _____ () C:\Windows\System32\Tasks\{99574516-7C89-4FB0-A35D-24DE271C15BF}
2014-05-12 17:45 - 2014-05-12 17:45 - 00002351 _____ () C:\Users\Steven\Desktop\JRT.txt
2014-05-12 17:32 - 2014-05-12 17:33 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Steven\Downloads\revosetup.exe
2014-05-12 17:26 - 2014-05-12 17:29 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-12 17:26 - 2014-03-31 03:51 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-12 16:29 - 2014-05-12 16:29 - 01016261 _____ (Thisisu) C:\Users\Steven\Downloads\JRT.exe
2014-05-12 16:29 - 2014-05-12 16:29 - 00000000 ____D () C:\Windows\ERUNT
2014-05-12 16:17 - 2014-05-12 16:17 - 01325827 _____ () C:\Users\Steven\Downloads\adwcleaner.exe
2014-05-12 15:47 - 2014-05-12 20:14 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-12 15:47 - 2014-05-12 18:08 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-05-12 15:47 - 2014-05-12 15:47 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-12 15:45 - 2014-05-12 15:46 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Steven\Desktop\mbam-setup-2.0.1.1004.exe
2014-05-12 15:07 - 2014-05-12 15:12 - 150844400 _____ (Acresso Software Inc. ) C:\Users\Steven\Downloads\Stronghold_Crusader_HD_Update.exe
2014-05-12 14:52 - 2014-05-12 14:52 - 01745400 _____ (AnyProtect.com) C:\Users\Steven\AppData\Local\nsoFE10.tmp
2014-05-12 14:49 - 2014-05-12 14:49 - 00000000 ____D () C:\Users\Steven\AppData\Roaming\InetStat
2014-05-12 14:49 - 2014-05-12 14:49 - 00000000 ____D () C:\Program Files (x86)\MSR
2014-05-12 14:48 - 2014-05-12 16:13 - 00000000 ____D () C:\Users\Steven\AppData\Local\17170
2014-05-12 14:40 - 2014-05-12 14:40 - 01674832 _____ (BitTorrent Inc.) C:\Users\Steven\Downloads\uTorrent.exe
2014-05-08 01:20 - 2014-05-08 01:20 - 00000018 _____ () C:\Users\Steven\Desktop\Neues Textdokument.txt
2014-05-07 15:36 - 2014-05-07 15:37 - 00921512 _____ (Oracle Corporation) C:\Users\Steven\Downloads\chromeinstall-7u55.exe
2014-05-07 03:00 - 2014-05-07 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-06 14:35 - 2014-05-06 14:35 - 00094899 _____ () C:\Users\Steven\Downloads\SpeedAutoClicker (2).zip
2014-05-06 04:24 - 2014-05-06 04:24 - 00002958 _____ () C:\Windows\System32\Tasks\{B2FF17B4-C35E-4F3C-A57C-9CD9E56540B5}
2014-05-06 04:24 - 2014-05-06 04:24 - 00002958 _____ () C:\Windows\System32\Tasks\{2D45EAE4-584C-4DC8-968C-EE9F3DED24F1}
2014-05-06 04:23 - 2014-05-06 04:23 - 00094899 _____ () C:\Users\Steven\Downloads\SpeedAutoClicker (1).zip
2014-05-06 04:22 - 2014-05-06 04:22 - 00094899 _____ () C:\Users\Steven\Downloads\SpeedAutoClicker.zip
2014-05-06 04:11 - 2014-04-14 04:24 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-06 04:11 - 2014-04-14 04:19 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-03 20:44 - 2014-05-12 17:47 - 00001120 _____ () C:\Windows\setupact.log
2014-05-03 20:44 - 2014-05-03 20:44 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-03 20:43 - 2014-05-12 16:48 - 00011986 _____ () C:\Windows\PFRO.log
2014-05-03 12:38 - 2014-05-12 14:58 - 00001282 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-03 12:38 - 2014-05-12 14:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-05-03 12:37 - 2014-05-12 19:42 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-03 12:37 - 2014-05-12 18:04 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-03 12:37 - 2014-05-03 12:37 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-03 12:37 - 2014-05-03 12:37 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-03 01:43 - 2014-05-03 01:43 - 00000000 ____D () C:\Users\Steven\AppData\Roaming\OpenOffice
2014-05-02 11:49 - 2014-05-02 11:49 - 00147116 _____ () C:\Users\Steven\Documents\DH.rms
2014-05-02 01:32 - 2014-05-02 01:32 - 00143102 _____ () C:\Users\Steven\Documents\keiler +rep.rms
2014-04-30 11:11 - 2014-04-30 11:11 - 00258647 _____ () C:\Users\Steven\Documents\Keilerspot 2h.rms
2014-04-30 00:28 - 2014-04-30 00:28 - 00000000 ___HD () C:\Users\Steven\Desktop\.updtmp
2014-04-29 23:40 - 2014-04-29 23:40 - 00031445 _____ () C:\Users\Steven\Documents\F123.rms
2014-04-29 14:05 - 2014-04-29 14:05 - 00001067 _____ () C:\Users\Public\Desktop\ReMouse Micro.lnk
2014-04-29 14:05 - 2014-04-29 14:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ReMouse Micro
2014-04-29 14:05 - 2014-04-29 14:05 - 00000000 ____D () C:\Program Files (x86)\ReMouse Micro
2014-04-29 13:42 - 2012-11-18 11:27 - 00000000 ____D () C:\Users\Steven\Desktop\RobotSoft.Mouse.and.Keyboard.Recorder.v3.1.9.2.Incl.Keygen.and.Patch-BRD
2014-04-29 13:36 - 2014-04-29 13:37 - 00000000 ____D () C:\Users\Steven\AppData\Roaming\RobotSoft
2014-04-29 13:36 - 2014-04-29 13:36 - 00000000 ____D () C:\Users\Steven\Documents\RobotSoft
2014-04-29 13:36 - 2014-04-29 13:36 - 00000000 ____D () C:\Program Files (x86)\RobotSoft
2014-04-29 13:18 - 2014-04-24 12:34 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\{587cb346-a3d8-4884-b39b-f0ed918b6f96}Gw64.sys
2014-04-29 13:14 - 2014-04-29 13:14 - 00000000 ____D () C:\ProgramData\MiniApp
2014-04-29 13:13 - 2014-05-06 04:27 - 00000000 ____D () C:\ProgramData\f882b6e296045db1
2014-04-29 13:13 - 2014-04-29 13:35 - 00000000 ____D () C:\ProgramData\InstallMate
2014-04-29 13:13 - 2014-04-29 13:13 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Google
2014-04-29 13:13 - 2014-04-29 13:13 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Comodo
2014-04-29 13:13 - 2014-04-29 13:13 - 00000000 ____D () C:\Users\Steven\AppData\Local\Packages
2014-04-29 13:13 - 2014-04-29 13:13 - 00000000 ____D () C:\Users\Steven\AppData\Local\Comodo
2014-04-29 13:13 - 2014-04-29 13:13 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-04-29 13:13 - 2014-04-29 13:13 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-04-29 13:13 - 2014-04-29 13:13 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-04-29 13:13 - 2014-04-29 13:13 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google
2014-04-29 13:13 - 2014-04-29 13:13 - 00000000 ____D () C:\Users\Gast\AppData\Local\Comodo
2014-04-29 13:13 - 2014-04-29 13:13 - 00000000 ____D () C:\Users\Gast
2014-04-29 13:13 - 2014-04-29 13:13 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-04-29 13:13 - 2014-04-29 13:13 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-04-29 13:13 - 2014-04-29 13:13 - 00000000 ____D () C:\Users\Administrator
2014-04-29 11:48 - 2014-04-29 11:48 - 00301496 _____ (VuuPC Limited) C:\Users\Steven\AppData\Local\nsdEBAD.tmp
2014-04-29 11:46 - 2014-04-29 11:46 - 01107768 _____ (AnyProtect.com) C:\Users\Steven\AppData\Local\nsc7855.tmp
2014-04-29 00:38 - 2014-04-29 00:41 - 00000000 ____D () C:\Program Files (x86)\auto-clicker
2014-04-29 00:25 - 2014-04-29 00:25 - 00000000 ___RD () C:\Sandbox
2014-04-29 00:22 - 2014-04-30 00:33 - 00001578 _____ () C:\Windows\Sandboxie.ini
2014-04-28 22:20 - 2014-04-29 14:05 - 00000000 ____D () C:\Users\Steven\Documents\AutomaticSolution Software
2014-04-27 11:31 - 2014-04-27 11:31 - 00000000 ____D () C:\Users\Steven\AppData\Local\Blizzard
2014-04-27 11:21 - 2014-04-27 11:32 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-04-27 11:21 - 2014-04-27 11:21 - 00001161 _____ () C:\Users\Public\Desktop\Hearthstone.lnk
2014-04-27 11:21 - 2014-04-27 11:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
2014-04-27 11:19 - 2014-04-27 12:47 - 00000000 ____D () C:\Users\Steven\AppData\Local\Battle.net
2014-04-27 11:19 - 2014-04-27 11:20 - 00000000 ____D () C:\Users\Steven\AppData\Roaming\Battle.net
2014-04-27 11:19 - 2014-04-27 11:19 - 00000000 ____D () C:\Users\Steven\AppData\Local\Blizzard Entertainment
2014-04-27 11:18 - 2014-04-27 11:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2014-04-27 11:18 - 2014-04-27 11:19 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2014-04-27 11:18 - 2014-04-27 11:19 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-04-27 11:16 - 2014-04-27 11:16 - 00000000 ____D () C:\ProgramData\Battle.net
2014-04-24 16:34 - 2014-04-24 16:34 - 01010720 ___RS (Microsoft Corporation) C:\Windows\SysWOW64\MSCHRT20.OCX
2014-04-24 16:34 - 2014-04-24 16:34 - 00224016 ___RS (Microsoft Corporation) C:\Windows\SysWOW64\TABCTL32.OCX
2014-04-24 16:34 - 2014-04-24 16:34 - 00152848 ___RS (Microsoft Corporation) C:\Windows\SysWOW64\COMDLG32.OCX
2014-04-24 13:33 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-04-24 13:30 - 2014-04-24 13:45 - 00003510 _____ () C:\Windows\System32\Tasks\FinishInstall igdhbblpcellaljokkpfhcjlagemhgjl
2014-04-23 19:42 - 2014-04-23 19:42 - 00000046 _____ () C:\Users\Steven\AppData\Roaming\WB.CFG
2014-04-23 17:53 - 2014-04-29 00:05 - 00000000 ____D () C:\Users\Steven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Glarysoft
2014-04-23 17:53 - 2014-04-29 00:05 - 00000000 ____D () C:\Program Files (x86)\Glarysoft
2014-04-23 17:53 - 2014-04-23 17:53 - 00000000 ____D () C:\Users\Steven\AppData\Roaming\GlarySoft
2014-04-23 17:48 - 2014-05-12 14:58 - 00000000 ____D () C:\Users\Steven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WorldofTanks551
2014-04-23 17:48 - 2014-04-23 17:48 - 00000000 ____D () C:\Users\Steven\AppData\Roaming\WorldofTanks
2014-04-23 17:47 - 2014-04-23 17:50 - 00000000 ____D () C:\Users\Steven\AppData\Roaming\Nico Mak Computing
2014-04-23 17:47 - 2014-04-23 17:47 - 00001112 _____ () C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk
2014-04-23 17:47 - 2014-04-23 17:47 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.1
2014-04-23 17:46 - 2014-04-23 17:46 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2014-04-21 17:48 - 2014-04-21 17:48 - 00004224 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-04-21 17:48 - 2014-04-21 17:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-04-21 17:48 - 2014-04-14 20:13 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-21 17:48 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-21 17:48 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-21 17:48 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-04-21 17:41 - 2014-04-21 17:41 - 00000000 __SHD () C:\Users\Steven\AppData\Local\EmieUserList
2014-04-21 17:41 - 2014-04-21 17:41 - 00000000 __SHD () C:\Users\Steven\AppData\Local\EmieSiteList
==================== One Month Modified Files and Folders =======
2014-05-12 20:22 - 2014-05-12 20:22 - 00013231 _____ () C:\Users\Steven\Downloads\FRST.txt
2014-05-12 20:22 - 2014-05-12 20:22 - 00000000 ____D () C:\FRST
2014-05-12 20:21 - 2014-05-12 20:21 - 02066944 _____ (Farbar) C:\Users\Steven\Downloads\FRST64.exe
2014-05-12 20:21 - 2013-10-29 12:53 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-12 20:14 - 2014-05-12 15:47 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-12 19:42 - 2014-05-03 12:37 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-12 18:47 - 2013-06-08 18:42 - 00000932 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3548663749-2604073035-1364446154-1001UA.job
2014-05-12 18:47 - 2013-06-08 18:42 - 00000910 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3548663749-2604073035-1364446154-1001Core.job
2014-05-12 18:24 - 2014-05-12 18:24 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-05-12 18:23 - 2014-05-12 18:23 - 02347384 _____ (ESET) C:\Users\Steven\Downloads\esetsmartinstaller_enu.exe
2014-05-12 18:08 - 2014-05-12 18:08 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-12 18:08 - 2014-05-12 18:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-05-12 18:08 - 2014-05-12 15:47 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-05-12 18:04 - 2014-05-12 18:04 - 00259584 _____ (OldTimer Tools) C:\Users\Steven\Downloads\OTH.scr
2014-05-12 18:04 - 2014-05-03 12:37 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-12 18:04 - 2013-10-29 23:24 - 00000000 ____D () C:\Users\Steven\AppData\Local\PMB Files
2014-05-12 18:02 - 2013-08-29 14:02 - 00000000 ____D () C:\AdwCleaner
2014-05-12 17:57 - 2009-07-14 19:58 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2014-05-12 17:57 - 2009-07-14 19:58 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2014-05-12 17:57 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-12 17:56 - 2014-05-12 17:56 - 00003192 _____ () C:\Windows\System32\Tasks\{99574516-7C89-4FB0-A35D-24DE271C15BF}
2014-05-12 17:55 - 2009-07-14 06:45 - 00016944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-12 17:55 - 2009-07-14 06:45 - 00016944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-12 17:51 - 2013-01-10 16:43 - 02097116 _____ () C:\Windows\WindowsUpdate.log
2014-05-12 17:47 - 2014-05-03 20:44 - 00001120 _____ () C:\Windows\setupact.log
2014-05-12 17:47 - 2013-08-21 14:33 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-05-12 17:47 - 2013-05-23 00:35 - 00000416 _____ () C:\Windows\Tasks\PC Optimizer Pro64 startups.job
2014-05-12 17:47 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-12 17:45 - 2014-05-12 17:45 - 00002351 _____ () C:\Users\Steven\Desktop\JRT.txt
2014-05-12 17:33 - 2014-05-12 17:32 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Steven\Downloads\revosetup.exe
2014-05-12 17:29 - 2014-05-12 17:26 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-12 16:48 - 2014-05-03 20:43 - 00011986 _____ () C:\Windows\PFRO.log
2014-05-12 16:29 - 2014-05-12 16:29 - 01016261 _____ (Thisisu) C:\Users\Steven\Downloads\JRT.exe
2014-05-12 16:29 - 2014-05-12 16:29 - 00000000 ____D () C:\Windows\ERUNT
2014-05-12 16:17 - 2014-05-12 16:17 - 01325827 _____ () C:\Users\Steven\Downloads\adwcleaner.exe
2014-05-12 16:14 - 2013-01-10 16:48 - 00000000 ___RD () C:\Users\Steven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-12 16:14 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat
2014-05-12 16:13 - 2014-05-12 14:48 - 00000000 ____D () C:\Users\Steven\AppData\Local\17170
2014-05-12 15:47 - 2014-05-12 15:47 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-12 15:46 - 2014-05-12 15:45 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Steven\Desktop\mbam-setup-2.0.1.1004.exe
2014-05-12 15:38 - 2013-01-10 16:39 - 00000000 ____D () C:\Windows\Panther
2014-05-12 15:36 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-05-12 15:28 - 2013-01-10 19:43 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-05-12 15:20 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-05-12 15:19 - 2014-01-21 15:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefly Studios
2014-05-12 15:19 - 2014-01-21 15:57 - 00000000 ____D () C:\Program Files (x86)\Firefly Studios
2014-05-12 15:19 - 2013-01-10 19:45 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-05-12 15:12 - 2014-05-12 15:07 - 150844400 _____ (Acresso Software Inc. ) C:\Users\Steven\Downloads\Stronghold_Crusader_HD_Update.exe
2014-05-12 14:58 - 2014-05-03 12:38 - 00001282 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-12 14:58 - 2014-05-03 12:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-05-12 14:58 - 2014-04-23 17:48 - 00000000 ____D () C:\Users\Steven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WorldofTanks551
2014-05-12 14:58 - 2013-03-02 12:24 - 00001065 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-12 14:52 - 2014-05-12 14:52 - 01745400 _____ (AnyProtect.com) C:\Users\Steven\AppData\Local\nsoFE10.tmp
2014-05-12 14:49 - 2014-05-12 14:49 - 00000000 ____D () C:\Users\Steven\AppData\Roaming\InetStat
2014-05-12 14:49 - 2014-05-12 14:49 - 00000000 ____D () C:\Program Files (x86)\MSR
2014-05-12 14:46 - 2013-01-10 19:39 - 00000000 ____D () C:\Users\Steven\AppData\Roaming\TS3Client
2014-05-12 14:40 - 2014-05-12 14:40 - 01674832 _____ (BitTorrent Inc.) C:\Users\Steven\Downloads\uTorrent.exe
2014-05-11 00:43 - 2013-01-10 23:15 - 00000000 ____D () C:\Users\Steven\Documents\Cross Fire
2014-05-10 01:32 - 2013-10-29 23:24 - 00000000 ____D () C:\ProgramData\PMB Files
2014-05-08 19:45 - 2013-01-10 23:15 - 00000000 ____D () C:\CFLog
2014-05-08 13:16 - 2014-04-06 22:30 - 00000000 ____D () C:\Users\Steven\AppData\Local\fabi.me
2014-05-08 01:20 - 2014-05-08 01:20 - 00000018 _____ () C:\Users\Steven\Desktop\Neues Textdokument.txt
2014-05-07 23:34 - 2013-09-22 23:34 - 00000328 _____ () C:\Windows\Tasks\SuperEasyDriverUpdater_UPDATES.job
2014-05-07 15:37 - 2014-05-07 15:36 - 00921512 _____ (Oracle Corporation) C:\Users\Steven\Downloads\chromeinstall-7u55.exe
2014-05-07 14:03 - 2014-03-12 13:13 - 00000866 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-05-07 14:03 - 2013-08-27 12:15 - 00000994 _____ () C:\Users\Public\Desktop\Rappelz.lnk
2014-05-07 14:03 - 2007-01-01 01:12 - 00000961 _____ () C:\Users\Steven\Desktop\TeamSpeak 3 Client.lnk
2014-05-07 03:00 - 2014-05-07 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-06 14:35 - 2014-05-06 14:35 - 00094899 _____ () C:\Users\Steven\Downloads\SpeedAutoClicker (2).zip
2014-05-06 04:27 - 2014-04-29 13:13 - 00000000 ____D () C:\ProgramData\f882b6e296045db1
2014-05-06 04:24 - 2014-05-06 04:24 - 00002958 _____ () C:\Windows\System32\Tasks\{B2FF17B4-C35E-4F3C-A57C-9CD9E56540B5}
2014-05-06 04:24 - 2014-05-06 04:24 - 00002958 _____ () C:\Windows\System32\Tasks\{2D45EAE4-584C-4DC8-968C-EE9F3DED24F1}
2014-05-06 04:23 - 2014-05-06 04:23 - 00094899 _____ () C:\Users\Steven\Downloads\SpeedAutoClicker (1).zip
2014-05-06 04:22 - 2014-05-06 04:22 - 00094899 _____ () C:\Users\Steven\Downloads\SpeedAutoClicker.zip
2014-05-03 20:44 - 2014-05-03 20:44 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-03 12:38 - 2013-08-29 13:24 - 00000000 ____D () C:\Program Files (x86)\Google
2014-05-03 12:37 - 2014-05-03 12:37 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-03 12:37 - 2014-05-03 12:37 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-03 12:37 - 2014-03-14 11:06 - 00000000 ____D () C:\Users\Steven\AppData\Local\Deployment
2014-05-03 11:08 - 2013-08-22 13:34 - 00000000 ____D () C:\Users\Steven\Desktop\Neuer Ordner
2014-05-03 01:43 - 2014-05-03 01:43 - 00000000 ____D () C:\Users\Steven\AppData\Roaming\OpenOffice
2014-05-02 20:46 - 2013-01-13 20:23 - 00021504 ____H () C:\Users\Steven\Desktop\photothumb.db
2014-05-02 11:49 - 2014-05-02 11:49 - 00147116 _____ () C:\Users\Steven\Documents\DH.rms
2014-05-02 01:32 - 2014-05-02 01:32 - 00143102 _____ () C:\Users\Steven\Documents\keiler +rep.rms
2014-05-02 01:23 - 2014-03-01 01:12 - 00000000 ____D () C:\Users\Steven\Desktop\123123
2014-04-30 21:36 - 2013-01-24 22:03 - 00000000 ____D () C:\Users\Steven\AppData\Roaming\Skype
2014-04-30 11:11 - 2014-04-30 11:11 - 00258647 _____ () C:\Users\Steven\Documents\Keilerspot 2h.rms
2014-04-30 00:33 - 2014-04-29 00:22 - 00001578 _____ () C:\Windows\Sandboxie.ini
2014-04-30 00:28 - 2014-04-30 00:28 - 00000000 ___HD () C:\Users\Steven\Desktop\.updtmp
2014-04-29 23:40 - 2014-04-29 23:40 - 00031445 _____ () C:\Users\Steven\Documents\F123.rms
2014-04-29 14:05 - 2014-04-29 14:05 - 00001067 _____ () C:\Users\Public\Desktop\ReMouse Micro.lnk
2014-04-29 14:05 - 2014-04-29 14:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ReMouse Micro
2014-04-29 14:05 - 2014-04-29 14:05 - 00000000 ____D () C:\Program Files (x86)\ReMouse Micro
2014-04-29 14:05 - 2014-04-28 22:20 - 00000000 ____D () C:\Users\Steven\Documents\AutomaticSolution Software
2014-04-29 13:37 - 2014-04-29 13:36 - 00000000 ____D () C:\Users\Steven\AppData\Roaming\RobotSoft
2014-04-29 13:36 - 2014-04-29 13:36 - 00000000 ____D () C:\Users\Steven\Documents\RobotSoft
2014-04-29 13:36 - 2014-04-29 13:36 - 00000000 ____D () C:\Program Files (x86)\RobotSoft
2014-04-29 13:35 - 2014-04-29 13:13 - 00000000 ____D () C:\ProgramData\InstallMate
2014-04-29 13:18 - 2009-07-14 04:34 - 00000505 _____ () C:\Windows\win.ini
2014-04-29 13:14 - 2014-04-29 13:14 - 00000000 ____D () C:\ProgramData\MiniApp
2014-04-29 13:13 - 2014-04-29 13:13 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Google
2014-04-29 13:13 - 2014-04-29 13:13 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Comodo
2014-04-29 13:13 - 2014-04-29 13:13 - 00000000 ____D () C:\Users\Steven\AppData\Local\Packages
2014-04-29 13:13 - 2014-04-29 13:13 - 00000000 ____D () C:\Users\Steven\AppData\Local\Comodo
2014-04-29 13:13 - 2014-04-29 13:13 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-04-29 13:13 - 2014-04-29 13:13 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-04-29 13:13 - 2014-04-29 13:13 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-04-29 13:13 - 2014-04-29 13:13 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google
2014-04-29 13:13 - 2014-04-29 13:13 - 00000000 ____D () C:\Users\Gast\AppData\Local\Comodo
2014-04-29 13:13 - 2014-04-29 13:13 - 00000000 ____D () C:\Users\Gast
2014-04-29 13:13 - 2014-04-29 13:13 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-04-29 13:13 - 2014-04-29 13:13 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-04-29 13:13 - 2014-04-29 13:13 - 00000000 ____D () C:\Users\Administrator
2014-04-29 13:13 - 2013-01-10 19:39 - 00000000 ____D () C:\Users\Steven\AppData\Local\Google
2014-04-29 11:48 - 2014-04-29 11:48 - 00301496 _____ (VuuPC Limited) C:\Users\Steven\AppData\Local\nsdEBAD.tmp
2014-04-29 11:46 - 2014-04-29 11:46 - 01107768 _____ (AnyProtect.com) C:\Users\Steven\AppData\Local\nsc7855.tmp
2014-04-29 00:41 - 2014-04-29 00:38 - 00000000 ____D () C:\Program Files (x86)\auto-clicker
2014-04-29 00:38 - 2013-11-02 19:39 - 00000000 ____D () C:\Program Files (x86)\Brick-Force
2014-04-29 00:30 - 2013-01-10 17:02 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-04-29 00:25 - 2014-04-29 00:25 - 00000000 ___RD () C:\Sandbox
2014-04-29 00:05 - 2014-04-23 17:53 - 00000000 ____D () C:\Users\Steven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Glarysoft
2014-04-29 00:05 - 2014-04-23 17:53 - 00000000 ____D () C:\Program Files (x86)\Glarysoft
2014-04-28 22:21 - 2013-10-29 12:53 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-28 22:21 - 2013-01-12 07:48 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-28 22:21 - 2013-01-12 07:48 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-27 12:47 - 2014-04-27 11:19 - 00000000 ____D () C:\Users\Steven\AppData\Local\Battle.net
2014-04-27 11:32 - 2014-04-27 11:21 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-04-27 11:31 - 2014-04-27 11:31 - 00000000 ____D () C:\Users\Steven\AppData\Local\Blizzard
2014-04-27 11:21 - 2014-04-27 11:21 - 00001161 _____ () C:\Users\Public\Desktop\Hearthstone.lnk
2014-04-27 11:21 - 2014-04-27 11:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
2014-04-27 11:20 - 2014-04-27 11:19 - 00000000 ____D () C:\Users\Steven\AppData\Roaming\Battle.net
2014-04-27 11:19 - 2014-04-27 11:19 - 00000000 ____D () C:\Users\Steven\AppData\Local\Blizzard Entertainment
2014-04-27 11:19 - 2014-04-27 11:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2014-04-27 11:19 - 2014-04-27 11:18 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2014-04-27 11:19 - 2014-04-27 11:18 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-04-27 11:16 - 2014-04-27 11:16 - 00000000 ____D () C:\ProgramData\Battle.net
2014-04-24 16:34 - 2014-04-24 16:34 - 01010720 ___RS (Microsoft Corporation) C:\Windows\SysWOW64\MSCHRT20.OCX
2014-04-24 16:34 - 2014-04-24 16:34 - 00224016 ___RS (Microsoft Corporation) C:\Windows\SysWOW64\TABCTL32.OCX
2014-04-24 16:34 - 2014-04-24 16:34 - 00152848 ___RS (Microsoft Corporation) C:\Windows\SysWOW64\COMDLG32.OCX
2014-04-24 13:50 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-24 13:45 - 2014-04-24 13:30 - 00003510 _____ () C:\Windows\System32\Tasks\FinishInstall igdhbblpcellaljokkpfhcjlagemhgjl
2014-04-24 13:45 - 2013-01-10 16:47 - 00000000 ____D () C:\Users\Steven
2014-04-24 12:34 - 2014-04-29 13:18 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\{587cb346-a3d8-4884-b39b-f0ed918b6f96}Gw64.sys
2014-04-24 02:49 - 2013-11-05 16:51 - 00000000 ____D () C:\Users\Steven\AppData\Local\Akamai
2014-04-24 02:47 - 2009-07-14 06:45 - 00426456 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-23 19:42 - 2014-04-23 19:42 - 00000046 _____ () C:\Users\Steven\AppData\Roaming\WB.CFG
2014-04-23 19:22 - 2013-01-10 17:02 - 00116392 _____ () C:\Users\Steven\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-23 17:53 - 2014-04-23 17:53 - 00000000 ____D () C:\Users\Steven\AppData\Roaming\GlarySoft
2014-04-23 17:50 - 2014-04-23 17:47 - 00000000 ____D () C:\Users\Steven\AppData\Roaming\Nico Mak Computing
2014-04-23 17:48 - 2014-04-23 17:48 - 00000000 ____D () C:\Users\Steven\AppData\Roaming\WorldofTanks
2014-04-23 17:47 - 2014-04-23 17:47 - 00001112 _____ () C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk
2014-04-23 17:47 - 2014-04-23 17:47 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.1
2014-04-23 17:46 - 2014-04-23 17:46 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2014-04-21 17:51 - 2014-01-21 15:38 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-21 17:48 - 2014-04-21 17:48 - 00004224 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-04-21 17:48 - 2014-04-21 17:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-04-21 17:48 - 2013-10-18 18:55 - 00000000 ____D () C:\Program Files (x86)\Java
2014-04-21 17:41 - 2014-04-21 17:41 - 00000000 __SHD () C:\Users\Steven\AppData\Local\EmieUserList
2014-04-21 17:41 - 2014-04-21 17:41 - 00000000 __SHD () C:\Users\Steven\AppData\Local\EmieSiteList
2014-04-21 00:09 - 2013-06-20 20:42 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2014-04-20 01:47 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-04-14 20:13 - 2014-04-21 17:48 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-14 20:05 - 2014-04-21 17:48 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-14 20:05 - 2014-04-21 17:48 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-14 20:04 - 2014-04-21 17:48 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-04-14 04:24 - 2014-05-06 04:11 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-04-14 04:19 - 2014-05-06 04:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
Some content of TEMP:
====================
C:\Users\Steven\AppData\Local\Temp\f.exe
C:\Users\Steven\AppData\Local\Temp\GLB1A2B.EXE
C:\Users\Steven\AppData\Local\Temp\htmlayout.dll
C:\Users\Steven\AppData\Local\Temp\IrsoDLL.dll
C:\Users\Steven\AppData\Local\Temp\toolbar74341428.exe
C:\Users\Steven\AppData\Local\Temp\toolbar74344212.exe
C:\Users\Steven\AppData\Local\Temp\toolbar74344362.exe
C:\Users\Steven\AppData\Local\Temp\vp.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-05-09 00:19
==================== End Of Log ============================
Additional Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-05-2014 01
Ran by Steven at 2014-05-12 20:22:46
Running from C:\Users\Steven\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.)
Akamai NetSession Interface (HKCU\...\Akamai) (Version: - Akamai Technologies, Inc)
ATI Catalyst Install Manager (HKLM\...\{ED49426D-A15D-D7E0-DF56-3AC844CEDF8E}) (Version: 3.0.762.0 - ATI Technologies, Inc.)
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - )
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Brick-Force (HKLM-x32\...\{9853ABB2-6416-4C87-8650-DD8E528FF564}}_is1) (Version: 3.10.274.74.11 - Infernum Productions AG)
CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)
Cross Fire En (HKLM-x32\...\Cross Fire_is1) (Version: - Z8Games.com)
Crossfire Europe (HKLM-x32\...\Crossfire Europe) (Version: 1197 - SG INTERACTIVE)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.100 - DivX, LLC)
Facebook Video Calling 2.0.0.447 (HKLM-x32\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited)
Feature Update Service (YFD) (HKCU\...\YourFileDownloaderUpdater) (Version: 2.14.20 - ) <==== ATTENTION
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - )
GameSpy Arcade (HKLM-x32\...\GameSpy Arcade) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.131 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
HydraVision (x32 Version: 4.2.142.0 - ATI Technologies Inc.) Hidden
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Corporation (Version: 9.1.0.0 - Microsoft Corporation) Hidden
Microsoft Corporation (x32 Version: 9.1.0.0 - Microsoft Corporation) Hidden
Microsoft LifeCam (HKLM\...\{6965A8D2-465D-4F98-9FAA-0E9E2348F329}) (Version: 3.22.270.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.145.0 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (Version: 2.3.145.0 - Microsoft Corporation) Hidden
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 23.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 23.0.1 (x86 de)) (Version: 23.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 23.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NVIDIA 3D Vision Controller Driver (x32 Version: 270.61 - NVIDIA Corporation) Hidden
NVIDIA 3D Vision Controller Driver 270.61 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 270.61 - NVIDIA Corporation)
NVIDIA Grafiktreiber 270.61 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 270.61 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.270.54.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
NVIDIA Systemsteuerung 270.61 (Version: 270.61 - NVIDIA Corporation) Hidden
NVIDIA Update 1.1.34 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.1.34 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.1.34 - NVIDIA Corporation) Hidden
Open Office Packages (HKCU\...\Open Office Packages) (Version: - ) <==== ATTENTION
OpenOffice 4.0.1 (HKLM-x32\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)
Opera 12.12 (HKLM-x32\...\Opera 12.12.1707) (Version: 12.12.1707 - Opera Software ASA)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.9 - Pando Networks Inc.)
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.2 - pdfforge)
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
PhotoScape (HKLM-x32\...\PhotoScape) (Version: - )
Rappelz (HKLM-x32\...\{90877318-0BD0-4BDE-BFC0-C4BB12DAC86A}_is1) (Version: Rappelz - gPotato.eu)
ReMouse Micro (HKLM-x32\...\ReMouse Micro_is1) (Version: Micro V3.5 - AutomaticSolution Software)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Snap.Do (HKLM-x32\...\{0376A539-A4FF-4C94-87DB-7DC6290BD754}) (Version: 1.23.1.10743 - ReSoft Ltd.) <==== ATTENTION
Snap.Do Engine (HKCU\...\{1f58698d-b268-4953-ad8c-a308504284c5}) (Version: 1.6.1.918 - ReSoft Ltd.) <==== ATTENTION
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Stronghold 2 (HKLM-x32\...\Steam App 40960) (Version: - FireFly Studios)
Stronghold Crusader HD (HKLM-x32\...\{8C3727F2-8E37-49E4-820C-03B1677F53B6}) (Version: 1.30.0004 - Firefly Studios)
Stronghold Crusader HD (HKLM-x32\...\Steam App 40970) (Version: - FireFly Studios)
Stronghold HD (HKLM-x32\...\Steam App 40950) (Version: - FireFly Studios)
Stronghold Kingdoms (HKLM-x32\...\{D1D632A2-E249-466D-A094-B1B934D37645}_is1) (Version: 1.17 - Firefly Studios)
Stronghold Kingdoms (HKLM-x32\...\Steam App 47410) (Version: - FireFly Studios)
Stronghold Legends (HKLM-x32\...\Steam App 40980) (Version: - FireFly Studios)
SupraSavings (x32 Version: 1.0.0.0 - SupraSavings) Hidden <==== ATTENTION
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Update kb70007 (x32 Version: 1.0.0 - MSR) Hidden
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.16642 - TeamViewer)
Tony Hawk's Pro Skater 3® (HKLM-x32\...\Tony Hawk's Pro Skater 3®) (Version: - )
TrackMania Nations Forever (HKLM-x32\...\Steam App 11020) (Version: - Nadeo)
Tunatic (HKLM-x32\...\Tunatic) (Version: - )
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Vegas Pro 12.0 (64-bit) (HKLM\...\{7A0D09B0-6575-11E2-89D5-F04DA23A5C58}) (Version: 12.0.486 - Sony)
Virtual Audio Cable 4.10 (HKLM\...\Virtual Audio Cable 4.10) (Version: - )
Winamp (HKLM-x32\...\Winamp) (Version: 5.65 - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
WinRAR 4.20 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Zoo Tycoon 2 (HKLM-x32\...\Zoo Tycoon 2) (Version: 1.0 - Microsoft)
==================== Restore Points =========================
02-05-2014 23:23:27 Windows Update
03-05-2014 01:00:13 Windows Update
06-05-2014 12:27:32 Windows Update
07-05-2014 01:00:12 Windows Update
07-05-2014 13:38:39 Removed Java 7 Update 55
12-05-2014 13:19:27 Installiert Stronghold Crusader HD
12-05-2014 13:34:09 Windows Modules Installer
12-05-2014 15:26:13 Windows Update
==================== Hosts content: ==========================
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {054870C6-C6C5-4247-B219-C510C52B9CE4} - System32\Tasks\Google Updater and Installer => C:\Users\Steven\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {0E14DC98-6376-465D-A3D1-3C2B98D823FA} - System32\Tasks\{99EB5100-67E9-4EBD-A3E1-1846C7ACFE60} => C:\Program Files (x86)\osu!\osu!.exe
Task: {1006EAA4-F6EE-47B5-9352-0415C28E9F9B} - System32\Tasks\{7AFFA3B4-DD76-485E-A5FD-6E7CC5F9AC23} => C:\Program Files (x86)\Steam\SteamApps\common\Stronghold Crusader Extreme\Stronghold Crusader.exe [2014-02-27] ( )
Task: {12783C8D-8D85-4A19-9C2F-3B50011529EC} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3548663749-2604073035-1364446154-1001
Task: {1343F2FE-808F-40B8-8A13-8CE9EAC5278C} - System32\Tasks\{CDB20145-D9C5-4D41-BE74-C2FFAD442CAF} => C:\Program Files (x86)\Steam\SteamApps\common\Stronghold Crusader Extreme\Stronghold Crusader.exe [2014-02-27] ( )
Task: {18D12368-74A4-4C28-85C1-084FDF70A400} - \YourFile DownloaderUpdate No Task File <==== ATTENTION
Task: {1BBC52F4-F76E-4727-AB77-B60CD3B4E386} - \Plus-HD-1.2-firefoxinstaller No Task File <==== ATTENTION
Task: {27C86200-8E72-40FC-812F-DA6F5CCEC459} - \Plus-HD-1.2-codedownloader No Task File <==== ATTENTION
Task: {2B3BC716-4763-484F-975C-E49EC6C7FB5C} - System32\Tasks\{7086E8CA-C8C5-4517-A99B-36C7CD79A073} => C:\Users\Steven\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe
Task: {2B8D6E02-FF62-484D-A167-72D010930CAB} - System32\Tasks\{84626E7B-9591-4F86-B39C-29CD047AB4B4} => C:\Users\Steven\Desktop\Stronghold Crusader\Stronghold Crusader.exe
Task: {2FF2E0E5-E890-41B4-ACE5-E80E117853AD} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3548663749-2604073035-1364446154-1001Core => C:\Users\Steven\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-06-08] (Facebook Inc.)
Task: {300C8B5A-B7AB-4E64-8532-FC7F1E62D564} - \Plus-HD-1.2-updater No Task File <==== ATTENTION
Task: {353014E3-B059-4289-AF28-CB50040B54FE} - \AdobeFlashPlayerUpdate 2 No Task File <==== ATTENTION
Task: {36E93CFE-CE85-4AF2-AA36-AB7EBA802F70} - System32\Tasks\{21AF458B-8020-4200-875F-B4E45BDC667B} => C:\Users\Steven\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe
Task: {3AC04900-7C88-4025-AE05-FF0A5B6F7C59} - System32\Tasks\{10E2760C-2CE3-4D78-87EF-BE8E72B56E03} => C:\Users\Steven\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe
Task: {3C7959C2-3160-4B51-A1CD-72EFDFF59A3D} - \Plus-HD-1.2-enabler No Task File <==== ATTENTION
Task: {47130E7E-E860-41E8-A497-9B41700D035C} - System32\Tasks\FinishInstall igdhbblpcellaljokkpfhcjlagemhgjl => C:\Users\Steven\AppData\Roaming\igdhbblpcellaljokkpfhcjlagemhgjl\minibarchrome.exe
Task: {4C7BEC29-D150-4CDA-ABE2-EF288C161F44} - \SomotoUpdateCheckerAutoStart No Task File <==== ATTENTION
Task: {512D6274-3A72-465A-8F1E-6854B1A8A137} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-02-20] (Piriform Ltd)
Task: {550FC65C-09D4-45B4-993E-179657EBC587} - System32\Tasks\{3F7FC5C8-B861-4BAF-AEF7-D8BEE76A7E58} => C:\Users\Steven\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe
Task: {5C1DF189-E24C-49C2-B846-74792EB69DE6} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-09-04] (Microsoft Corporation)
Task: {631AE6B9-2D2B-419E-A6DB-98D05F563B10} - System32\Tasks\{01CFF5D2-8281-4BC4-A1A6-2E6071763459} => C:\Users\Steven\Desktop\Stronghold Crusader Extreme\Stronghold Crusader.exe
Task: {6ABD9989-B69E-4ED8-BA67-9274DCF96BE5} - \AdobeFlashPlayerUpdate No Task File <==== ATTENTION
Task: {74C09AE8-8D11-4069-AF61-BAEDBAD7B3AD} - System32\Tasks\{2D45EAE4-584C-4DC8-968C-EE9F3DED24F1} => C:\Users\Steven\Desktop\SpeedAutoClicker.exe
Task: {7F23203F-1C08-49D0-BA1F-115EDA479BCD} - \AppCloudUpdater No Task File <==== ATTENTION
Task: {8A4139D5-4A1F-4C82-ADE4-E06A8F89F75D} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3548663749-2604073035-1364446154-1001UA => C:\Users\Steven\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-06-08] (Facebook Inc.)
Task: {8CDC56EE-0AE3-4D22-B151-C1BE265C995F} - System32\Tasks\SuperEasyDriverUpdater_UPDATES => C:\Program Files (x86)\SuperEasy Software\Driver Updater\supereasydu.exe
Task: {8D54BE03-ED2E-45FC-8955-9B8CEABD1A56} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation)
Task: {8E434AB7-6C61-41AD-9027-12492520EB16} - System32\Tasks\{2A96B4E0-4865-4391-9FD5-0BA65A54539E} => C:\Program Files (x86)\Z8Games\CrossFire\CF_G4box.exe [2011-12-14] (G4box Inc.)
Task: {930B7AFA-6B35-44A2-AECC-56B14BC7E084} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-09-04] (Microsoft Corporation)
Task: {9340E816-D4EF-4BCF-B0E6-D3F563800370} - System32\Tasks\PC Optimizer Pro64 startups => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
Task: {9B55A024-FFE4-4AD7-8B51-C3115466C4D9} - \Plus-HD-1.2-chromeinstaller No Task File <==== ATTENTION
Task: {9CF9E49E-41FD-4A7E-84E9-5D4A4F6A92E6} - \AmiUpdXp No Task File <==== ATTENTION
Task: {A9AF17C3-914C-44E9-A986-1FBDB6EEDA15} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-03] (Google Inc.)
Task: {AF1296B1-3224-4C5A-B776-58427E953745} - System32\Tasks\{57A1E1D1-60AF-4868-B16F-5BB2FEEC59C8} => C:\Program Files (x86)\Z8Games\CrossFire\CF_G4box.exe [2011-12-14] (G4box Inc.)
Task: {B7CC9FE1-5581-4D78-A24F-C046B67C3850} - System32\Tasks\{AAA54910-27AF-4D5F-93AB-CAA07D846147} => C:\Users\Steven\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe
Task: {C481A718-08AF-45CE-A26D-09BA75FE8BCA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-28] (Adobe Systems Incorporated)
Task: {D2E77962-98BC-439B-93B6-887B8943CA78} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-03] (Google Inc.)
Task: {E51F0528-86EA-493D-B9FF-D05B151752B5} - System32\Tasks\{99E93FCA-CFC3-40F8-A9C3-A634825120E5} => C:\Users\Steven\Desktop\Stronghold Crusader Extreme\Stronghold Crusader.exe
Task: {E7C0B7A4-65CB-44BA-87D5-C4FCD3F0C81A} - System32\Tasks\{B2FF17B4-C35E-4F3C-A57C-9CD9E56540B5} => C:\Users\Steven\Desktop\SpeedAutoClicker.exe
Task: {ECECE1F8-2BA4-4AED-AB44-CE258B1A42BB} - System32\Tasks\SuperEasyDriverUpdaterRunAtStartup => C:\Program Files (x86)\SuperEasy Software\Driver Updater\supereasydu.exe
Task: {F0169B03-06E0-4D29-BD49-E7A2055F07B5} - \Re-markit Update No Task File <==== ATTENTION
Task: {FE60F59C-186F-4966-9E07-F04F70C49BC0} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => c:\Program Files\Microsoft IntelliType Pro\IType.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3548663749-2604073035-1364446154-1001Core.job => C:\Users\Steven\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3548663749-2604073035-1364446154-1001UA.job => C:\Users\Steven\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PC Optimizer Pro64 startups.job => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
Task: C:\Windows\Tasks\SuperEasyDriverUpdater_UPDATES.job => C:\Program Files (x86)\SuperEasy Software\Driver Updater\supereasydu.exe
==================== Loaded Modules (whitelisted) =============
2013-08-24 17:01 - 2013-08-24 17:01 - 03233806 _____ () C:\Program Files (x86)\Tor\tor.exe
2014-05-12 14:49 - 2014-05-12 17:48 - 00086528 _____ () C:\Program Files (x86)\MSR\Privoxy\mgwz.dll
2014-05-03 12:38 - 2014-04-24 02:33 - 00065352 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\chrome_elf.dll
2014-05-03 12:38 - 2014-04-24 02:33 - 00674632 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\libglesv2.dll
2014-05-03 12:38 - 2014-04-24 02:33 - 00093000 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\libegl.dll
2014-05-03 12:38 - 2014-04-24 02:33 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ffmpegsumo.dll
2014-05-03 12:38 - 2014-04-24 02:33 - 13692232 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll
2014-05-03 12:38 - 2014-04-24 02:33 - 04081480 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\pdf.dll
2014-05-03 12:38 - 2014-04-24 02:33 - 00390472 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== EXE Association (whitelisted) =============
HKU\S-1-5-21-3548663749-2604073035-1364446154-1001\Software\Classes\exefile: <===== ATTENTION!
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: Microsoft USB Dual Receiver Wireless Mouse (Mouse and Keyboard Center)
Description: Microsoft USB Dual Receiver Wireless Mouse (Mouse and Keyboard Center)
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: mouhid
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Unknown Device
Description: Unknown Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard-USB-Hostcontroller)
Service:
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.
Name: NETGEAR WG311v3 54Mbps Wireless PCI Adapter
Description: NETGEAR WG311v3 54Mbps Wireless PCI Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Marvell
Service: MRV6X64P
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (05/12/2014 08:06:10 PM) (Source: SideBySide) (User: ) (EventID: 80)
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (05/12/2014 08:06:08 PM) (Source: SideBySide) (User: ) (EventID: 80)
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (05/12/2014 08:06:06 PM) (Source: SideBySide) (User: ) (EventID: 80)
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (05/12/2014 06:24:12 PM) (Source: SideBySide) (User: ) (EventID: 80)
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (05/12/2014 05:47:53 PM) (Source: Application Error) (User: ) (EventID: 1000)
Description: Name der fehlerhaften Anwendung: nvvsvc.exe, Version: 8.17.13.783, Zeitstempel: 0x510a34dc
Name des fehlerhaften Moduls: nvvsvc.exe, Version: 8.17.13.783, Zeitstempel: 0x510a34dc
Ausnahmecode: 0x40000015
Fehleroffset: 0x000000000004a995
ID des fehlerhaften Prozesses: 0x480
Startzeit der fehlerhaften Anwendung: 0xnvvsvc.exe0
Pfad der fehlerhaften Anwendung: nvvsvc.exe1
Pfad des fehlerhaften Moduls: nvvsvc.exe2
Berichtskennung: nvvsvc.exe3
System errors:
=============
Error: (05/12/2014 06:07:49 PM) (Source: Service Control Manager) (User: ) (EventID: 7031)
Description: Der Dienst "TeamViewer 8" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 2000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (05/12/2014 06:05:46 PM) (Source: Service Control Manager) (User: ) (EventID: 7034)
Description: Dienst "SystemUpdatekb70007" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (05/12/2014 06:04:50 PM) (Source: Service Control Manager) (User: ) (EventID: 7034)
Description: Dienst "PDF Architect Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (05/12/2014 06:04:39 PM) (Source: Service Control Manager) (User: ) (EventID: 7034)
Description: Dienst "PDF Architect Helper Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (05/12/2014 05:50:14 PM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (05/12/2014 05:50:14 PM) (Source: Service Control Manager) (User: ) (EventID: 7038)
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1326
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (05/12/2014 05:48:09 PM) (Source: Service Control Manager) (User: ) (EventID: 7009)
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst SW-Sustainer erreicht.
Microsoft Office Sessions:
=========================
Error: (05/12/2014 08:06:10 PM) (Source: SideBySide) (User: ) (EventID: 80)
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Steven\Downloads\esetsmartinstaller_enu.exe
Error: (05/12/2014 08:06:08 PM) (Source: SideBySide) (User: ) (EventID: 80)
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Steven\Downloads\esetsmartinstaller_enu.exe
Error: (05/12/2014 08:06:06 PM) (Source: SideBySide) (User: ) (EventID: 80)
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Steven\Downloads\esetsmartinstaller_enu.exe
Error: (05/12/2014 06:24:12 PM) (Source: SideBySide) (User: ) (EventID: 80)
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Steven\Downloads\esetsmartinstaller_enu.exe
Error: (05/12/2014 05:47:53 PM) (Source: Application Error) (User: ) (EventID: 1000)
Description: nvvsvc.exe8.17.13.783510a34dcnvvsvc.exe8.17.13.783510a34dc40000015000000000004a99548001cf6df97fa0c280C:\Windows\system32\nvvsvc.exeC:\Windows\system32\nvvsvc.exec72ae040-d9ec-11e3-8e09-001bfcea857b
CodeIntegrity Errors:
===================================
Date: 2014-03-03 07:57:40.560
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\vrtaucbl.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-03-03 07:57:40.206
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\vrtaucbl.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-10-08 15:41:02.712
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\vrtaucbl.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-10-08 15:41:02.525
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\vrtaucbl.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-10-08 06:00:19.868
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\vrtaucbl.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-10-08 06:00:19.681
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\vrtaucbl.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-10-07 06:01:14.087
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\vrtaucbl.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-10-07 06:01:13.884
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\vrtaucbl.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-10-04 10:54:14.978
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\vrtaucbl.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-10-04 10:54:14.775
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\vrtaucbl.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Percentage of memory in use: 61%
Total physical RAM: 3838.55 MB
Available physical RAM: 1464.12 MB
Total Pagefile: 7675.29 MB
Available Pagefile: 5202.64 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:232.79 GB) (Free:138.06 GB) NTFS
Drive d: (ZOOTYCN2) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: BADA7CC1)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=233 GB) - (Type=07 NTFS)
==================== End Of Log ============================
MBAM log Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 12.05.2014 Suchlauf-Zeit: 16:13:24 Logdatei: Mbam.txt Administrator: Ja Version: 2.00.1.1004 Malware Datenbank: v2014.05.12.03 Rootkit Datenbank: v2014.03.27.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Chameleon: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Steven Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 322183 Verstrichene Zeit: 25 Min, 19 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Shuriken: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 3 Trojan.Agent, C:\Windows\adsminirun.exe, 3084, Löschen bei Neustart, [5033f759c7b47fb718445eda1fe1d828] Trojan.Banker, C:\Users\Steven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\windowsupdate.exe, 3116, Löschen bei Neustart, [4340ea664338c571ea90c8158a78d030] Trojan.Banker, C:\Users\Steven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\windowsupdate.exe, 3196, Löschen bei Neustart, [4340ea664338c571ea90c8158a78d030] Module: 0 (No malicious items detected) Registrierungsschlüssel: 4 PUP.Optional.Amonetize.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{EAB5257A-1FB3-474C-9B42-231F52622E72}, In Quarantäne, [94ef52fe86f52412dc837dc680800df3], PUP.Optional.Amonetize.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{EAB5257A-1FB3-474C-9B42-231F52622E72}, In Quarantäne, [94ef52fe86f52412dc837dc680800df3], PUP.Optional.SupraSavings.A, HKU\S-1-5-21-3548663749-2604073035-1364446154-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Supra Savings, In Quarantäne, [a3e0f8585625bd79478a0f770bf79c64], PUP.Optional.Iminent.A, HKU\S-1-5-21-3548663749-2604073035-1364446154-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOWREGISTRY\Iminent, In Quarantäne, [fc87dd73b8c3f24440b63b45719144bc], Registrierungswerte: 2 Trojan.Agent, HKU\S-1-5-21-3548663749-2604073035-1364446154-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|adsmini, C:\WINDOWS\adsminirun.exe, In Quarantäne, [5033f759c7b47fb718445eda1fe1d828] Trojan.Banker, HKU\S-1-5-21-3548663749-2604073035-1364446154-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN, C:\Users\Steven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\windowsupdate.exe, In Quarantäne, [4340ea664338c571ea90c8158a78d030] Registrierungsdaten: 1 PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[1b689fb1e29959dde5ddac9807fd7888] Ordner: 1 Stolen.Data, C:\Users\Steven\AppData\Roaming\dclogs, In Quarantäne, [f1921937f289c0768712bdaa857e669a], Dateien: 32 Trojan.Agent, C:\Windows\adsminirun.exe, Löschen bei Neustart, [5033f759c7b47fb718445eda1fe1d828], PUP.Optional.InstalleRex.A, C:\ProgramData\InstallMate\{03ED4BE8-B4AF-47C4-A52F-FC8DD80E691E}\Custom.dll, In Quarantäne, [740fee62532851e5d76f8cb70ff19868], PUP.Optional.InstalleRex.A, C:\ProgramData\InstallMate\{0E3BA8E6-8AC9-4291-A07A-C2EBD5D88A10}\Custom.dll, In Quarantäne, [ee9583cdd0abe452f74f0340be423ec2], PUP.Optional.InstalleRex.A, C:\ProgramData\InstallMate\{1814FB55-62F9-490E-ABE5-2ADBC3F7D9A3}\Custom.dll, In Quarantäne, [fc8766eaf2891125f45298aba858d030], PUP.Optional.InstalleRex.A, C:\ProgramData\InstallMate\{CBEAAD88-70DD-4E9C-AC77-38FF10098F7E}\Custom.dll, In Quarantäne, [c8bb153b7803ee481c2a2f14ff015aa6], PUP.Optional.WebCake.A, C:\Program Files (x86)\WDesktop.Updater.exe, In Quarantäne, [0d764f019cdf2511a62deb1d8c75c838], PUP.Optional.AdPeak.A, C:\temp\InstallFilter64.msi, In Quarantäne, [c3c00848bac103335f1968d5e31dd22e], PUP.Optional.SupraSavings.A, C:\temp\t.msi, In Quarantäne, [fa896ee21e5de74f036fc5709f6527d9], PUP.Optional.YourFileDownloader, C:\Users\Steven\AppData\Local\Temp\uninstall74549635.exe, In Quarantäne, [3e459eb26f0c38fe8d7c4dd16f9112ee], PUP.Optional.YourFileDownloader, C:\Users\Steven\AppData\Local\Temp\uninstall74556564.exe, In Quarantäne, [c5be8fc15922ba7cfd0c110d4eb206fa], PUP.Optional.SkyTech.A, C:\Users\Steven\AppData\Local\Temp\fullpackage_temp1399898916\alilog.dll, In Quarantäne, [c0c379d7e596f83e42d52f030df33ac6], PUP.Optional.IePluginService.A, C:\Users\Steven\AppData\Local\Temp\fullpackage_temp1399898916\tmp\SupTab.exe, In Quarantäne, [fb88bf91bbc088ae03510f46e21f0ef2], PUP.Optional.WpManager, C:\Users\Steven\AppData\Local\Temp\fullpackage_temp1399898916\tmp\wpm_v18.8.0.304.exe, In Quarantäne, [dea5440c7308ee486250e27dff02629e], PUP.Optional.OpenCandy.A, C:\Users\Steven\Downloads\winamp565_full_emusic-7plus_all.exe, In Quarantäne, [6a1966eaf18a7eb8640bdd655ca4da26], PUP.Optional.Spigot.A, C:\Users\Steven\Downloads\YTD43Setup.exe, In Quarantäne, [fe85f0605922999dadd237ef4bb56b95], PUP.Optional.Amonetize, C:\Users\Steven\Downloads\american civil war gettysburg crack__3039_i664360933_il8589860.exe, In Quarantäne, [23603d132f4c84b2cf30bf84c7395ea2], PUP.Optional.Amonetize, C:\Users\Steven\Downloads\american civil war gettysburg crack__3515_i664364592_il8590967.exe, In Quarantäne, [bac940100c6fe74f4bb47ec5cf311be5], PUP.Optional.YourFileDownloader, C:\Users\Steven\Downloads\american_civil_war_gettysburg_crack_downloader.exe, In Quarantäne, [ccb762eea3d8f24459b064ba6d9317e9], Trojan.Dropper, C:\Users\Steven\Downloads\H_LOADER.exe, In Quarantäne, [97ec4709fe7d6ccaf4679c9c7f81c13f], PUP.Optional.BundleInstaller.A, C:\Users\Steven\Downloads\Java.exe, In Quarantäne, [d8abe66a0b708da96313251f1be65ba5], Trojan.Dropper, C:\Users\Steven\Downloads\HLBOT_CFEU_2014.rar, In Quarantäne, [a4df7ed285f6eb4ba4b7c573916f6f91], PUP.Optional.Domalq, C:\Users\Steven\Downloads\Player Setup.exe, In Quarantäne, [32512729f08bab8b990bb91c778cb14f], PUP.Optional.OutBrowse, C:\Users\Steven\Downloads\setup.exe, In Quarantäne, [295a54fc304b2e089660483040c1ea16], PUP.Optional.Softonic.A, C:\Users\Steven\Downloads\SoftonicDownloader_for_american-civil-war-gettysburg.exe, In Quarantäne, [ccb77dd34734ae8845bf4bd4f90804fc], PUP.Optional.Softonic.A, C:\Users\Steven\Downloads\SoftonicDownloader_for_virtual-audio-cable.exe, In Quarantäne, [a6dd82ceaecd91a51ce8d04fb34e2ad6], PUP.Optional.SuperCool, C:\Users\Steven\Downloads\AdobeFlashPlayer.exe, In Quarantäne, [661d87c9ed8e2c0a02efec4ce3218b75], PUP.Optional.Amonetize.A, C:\Users\Steven\AppData\Local\17170\a3544.exe, In Quarantäne, [94ef52fe86f52412dc837dc680800df3], PUP.Optional.SupraSavings.A, C:\Windows\Installer\2a0909.msi, In Quarantäne, [0a7983cdc0bbdf57f57dcb6a8f75c739], PUP.Optional.SmartBar.A, C:\Windows\Installer\566f036.msi, In Quarantäne, [82013f115b20ec4aba1f3aed4db3926e], PUP.Optional.BrowseMark.A, C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\nml0go5u.default\extensions\{b99c8534-7800-48fa-bd71-519a46cdc7e1}.xpi, In Quarantäne, [e1a21937fb809b9b508a10751de511ef], Trojan.Banker, C:\Users\Steven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\windowsupdate.exe, Löschen bei Neustart, [4340ea664338c571ea90c8158a78d030], Stolen.Data, C:\Users\Steven\AppData\Roaming\dclogs\2013-12-04-4.dc, In Quarantäne, [f1921937f289c0768712bdaa857e669a], Physische Sektoren: 0 (No malicious items detected) (end) ADWCleaner Code:
ATTFilter # AdwCleaner v3.202 - Bericht erstellt am 12/05/2014 um 14:58:19
# Aktualisiert 23/04/2014 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzername : Steven - STEVEN-PC
# Gestartet von : C:\Users\Steven\Desktop\adwcleaner-3202.exe
# Option : Löschen
***** [ Dienste ] *****
Dienst Gelöscht : IePluginService
Dienst Gelöscht : Wpm
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\IePluginService
Ordner Gelöscht : C:\ProgramData\Trymedia
Ordner Gelöscht : C:\ProgramData\WPM
Ordner Gelöscht : C:\ProgramData\NetoCOupon
Ordner Gelöscht : C:\ProgramData\saave nnet
Ordner Gelöscht : C:\ProgramData\Save net
Ordner Gelöscht : C:\ProgramData\Savei NNet
Ordner Gelöscht : C:\ProgramData\SeArch-iNEuwTab
Ordner Gelöscht : C:\ProgramData\Search-NeWTaeb
Ordner Gelöscht : C:\ProgramData\suaave net
Ordner Gelöscht : C:\ProgramData\YoutubeAdblocker
Ordner Gelöscht : C:\Program Files (x86)\SupTab
[!] Ordner Gelöscht : C:\Program Files (x86)\SW-Booster
Ordner Gelöscht : C:\Program Files (x86)\saave nnet
Ordner Gelöscht : C:\Program Files (x86)\Save net
Ordner Gelöscht : C:\Program Files (x86)\Savei NNet
Ordner Gelöscht : C:\Program Files (x86)\SeArch-iNEuwTab
Ordner Gelöscht : C:\Program Files (x86)\Search-NeWTaeb
Ordner Gelöscht : C:\Program Files (x86)\suaave net
Ordner Gelöscht : C:\Program Files (x86)\YoutubeAdblocker
Ordner Gelöscht : C:\Users\Steven\AppData\Local\lollipop
Ordner Gelöscht : C:\Users\Steven\AppData\Local\torch
Ordner Gelöscht : C:\Users\Steven\AppData\Roaming\AppCloudUpdater
Ordner Gelöscht : C:\Users\Steven\AppData\Roaming\EZDownloader
Ordner Gelöscht : C:\Users\Steven\AppData\Roaming\SkypEmoticons
Ordner Gelöscht : C:\Users\Steven\AppData\Roaming\SupTab
Ordner Gelöscht : C:\Users\Steven\AppData\Roaming\VOPackage
Ordner Gelöscht : C:\Users\Steven\AppData\Roaming\webssearches
Ordner Gelöscht : C:\Users\Steven\AppData\Roaming\yourfiledownloader
Ordner Gelöscht : C:\Users\UpdatusUser\AppData\Local\torch
Ordner Gelöscht : C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\nml0go5u.default\Extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}
Ordner Gelöscht : C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\nml0go5u.default\Extensions\quick_start@gmail.com
Ordner Gelöscht : C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\akfbiihbfbkmdhnmifljhphbdoikgclk
Ordner Gelöscht : C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpeiofcliacimidklggfnjgjechlmben
Ordner Gelöscht : C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\hagoabaagcciliffnaoenggopfcpofma
Ordner Gelöscht : C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\nanhhkbkebejcngmngcoaihpgjojpdlh
Ordner Gelöscht : C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\neodnakfaliekfkkbhapinfppdcmeabc
Ordner Gelöscht : C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbkbjjjdckecminmkaclipggphnfamel
Datei Gelöscht : C:\Users\Steven\AppData\Roaming\aps.uninstall.scan.results
Datei Gelöscht : C:\Users\Steven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\lollipop.lnk
Datei Gelöscht : C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\nml0go5u.default\searchplugins\WebSearch.xml
Datei Gelöscht : C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\nml0go5u.default\user.js
Datei Gelöscht : C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_sb.scorecardresearch.com_0.localstorage
Datei Gelöscht : C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_sb.scorecardresearch.com_0.localstorage-journal
Datei Gelöscht : C:\Windows\Tasks\AmiUpdXp.job
Datei Gelöscht : C:\Windows\System32\Tasks\AmiUpdXp
Datei Gelöscht : C:\Windows\Tasks\AppCloudUpdater.job
Datei Gelöscht : C:\Windows\System32\Tasks\AppCloudUpdater
***** [ Verknüpfungen ] *****
Verknüpfung Desinfiziert : C:\Users\Public\Desktop\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\Steven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WorldofTanks551\WorldofTanks.lnk
Verknüpfung Desinfiziert : C:\Users\Steven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Verknüpfung Desinfiziert : C:\Users\Steven\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\Steven\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Verknüpfung Desinfiziert : C:\Users\Steven\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\WorldofTanks.lnk
Verknüpfung Desinfiziert : C:\Users\Steven\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
***** [ Registrierungsdatenbank ] *****
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [quick_start@gmail.com]
Schlüssel Gelöscht : HKCU\Software\Classes\Applications\lollipop.exe
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [lollipop]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\net
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\net.5.14
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Updater.AmiUpd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\NeotooCOupon.NeotooCOupon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\NeotooCOupon.NeotooCOupon.6.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Saearch-NNewTaBB.Saearch-NNewTaBB
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Saearch-NNewTaBB.Saearch-NNewTaBB.2.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\S-1052359469
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{d0e87c27}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{900C3B9A-855C-8AA6-08BC-8E3BDBCFC0DE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{90A28280-ACAE-6C59-A132-7E4F6A829A09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{94C2BF50-D9E0-1160-F539-2850E48DA673}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EEF8C35D-0C80-439C-C949-6B74F31AFE5F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F5B40BDC-A95A-9290-CE8E-2084CE62CDE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{900C3B9A-855C-8AA6-08BC-8E3BDBCFC0DE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{90A28280-ACAE-6C59-A132-7E4F6A829A09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{94C2BF50-D9E0-1160-F539-2850E48DA673}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEF8C35D-0C80-439C-C949-6B74F31AFE5F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F5B40BDC-A95A-9290-CE8E-2084CE62CDE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{90A28280-ACAE-6C59-A132-7E4F6A829A09}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{94C2BF50-D9E0-1160-F539-2850E48DA673}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEF8C35D-0C80-439C-C949-6B74F31AFE5F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F5B40BDC-A95A-9290-CE8E-2084CE62CDE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{90A28280-ACAE-6C59-A132-7E4F6A829A09}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{94C2BF50-D9E0-1160-F539-2850E48DA673}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEF8C35D-0C80-439C-C949-6B74F31AFE5F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F5B40BDC-A95A-9290-CE8E-2084CE62CDE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{900C3B9A-855C-8AA6-08BC-8E3BDBCFC0DE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{90A28280-ACAE-6C59-A132-7E4F6A829A09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{94C2BF50-D9E0-1160-F539-2850E48DA673}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EEF8C35D-0C80-439C-C949-6B74F31AFE5F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F5B40BDC-A95A-9290-CE8E-2084CE62CDE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{900C3B9A-855C-8AA6-08BC-8E3BDBCFC0DE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{90A28280-ACAE-6C59-A132-7E4F6A829A09}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{94C2BF50-D9E0-1160-F539-2850E48DA673}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{EEF8C35D-0C80-439C-C949-6B74F31AFE5F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{F5B40BDC-A95A-9290-CE8E-2084CE62CDE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{900C3B9A-855C-8AA6-08BC-8E3BDBCFC0DE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{90A28280-ACAE-6C59-A132-7E4F6A829A09}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{94C2BF50-D9E0-1160-F539-2850E48DA673}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEF8C35D-0C80-439C-C949-6B74F31AFE5F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F5B40BDC-A95A-9290-CE8E-2084CE62CDE6}
Daten Wiederhergestellt : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Daten Wiederhergestellt : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command
Schlüssel Gelöscht : HKCU\Software\AnyProtect
Schlüssel Gelöscht : HKCU\Software\AppCloudUpdater
Schlüssel Gelöscht : HKCU\Software\LiveSupport
Schlüssel Gelöscht : HKCU\Software\lollipop
Schlüssel Gelöscht : HKCU\Software\RegisteredApplicationsEx
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\YourFileDownloader
Schlüssel Gelöscht : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\Software\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Schlüssel Gelöscht : HKLM\Software\supTab
Schlüssel Gelöscht : HKLM\Software\supWPM
Schlüssel Gelöscht : HKLM\Software\Trymedia Systems
Schlüssel Gelöscht : HKLM\Software\webssearchesSoftware
Schlüssel Gelöscht : HKLM\Software\Wpm
Schlüssel Gelöscht : HKLM\Software\YourFileDownloader
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\AppCloudUpdater
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\lollipop
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7DD5E91C-3864-77EC-7635-D14910C2A03E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wpm
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Daten Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\sw-boo~1\assist~1.dll
Daten Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SW-BOO~1\ASSIST~2.DLL
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17041
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
-\\ Mozilla Firefox v23.0.1 (de)
[ Datei : C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\nml0go5u.default\prefs.js ]
Zeile gelöscht : user_pref("browser.search.defaultenginename", "webssearches");
Zeile gelöscht : user_pref("browser.search.defaultenginename,S", "WebSearch");
Zeile gelöscht : user_pref("browser.search.defaulturl", "hxxp://websearch.searchsun.info/?pid=724&r=2014/04/29&hid=14914997460830585315&lg=EN&cc=DE&l=1&q=");
Zeile gelöscht : user_pref("browser.search.order.1", "WebSearch");
Zeile gelöscht : user_pref("browser.search.order.1,S", "WebSearch");
Zeile gelöscht : user_pref("browser.search.selectedEngine,S", "WebSearch");
-\\ Google Chrome v34.0.1847.131
[ Datei : C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gelöscht [Search Provider] : hxxp://websearch.searchsun.info/?l=1&q={searchTerms}&pid=724&r=2014/04/29&hid=14914997460830585315&lg=EN&cc=DE
Gelöscht [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
Gelöscht [Search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1399898931&from=amt&uid=395049983_397233_34C89C65&q={searchTerms}
Gelöscht [Startup_urls] : hxxp://istart.webssearches.com/?type=hp&ts=1399898931&from=amt&uid=395049983_397233_34C89C65
Gelöscht [Homepage] : hxxp://istart.webssearches.com/?type=hp&ts=1399898931&from=amt&uid=395049983_397233_34C89C65
*************************
AdwCleaner[R0].txt - [26540 octets] - [29/08/2013 14:02:22]
AdwCleaner[R1].txt - [25802 octets] - [29/08/2013 14:10:31]
AdwCleaner[R2].txt - [23041 octets] - [01/01/2014 23:01:03]
AdwCleaner[R3].txt - [8575 octets] - [24/03/2014 14:34:35]
AdwCleaner[R4].txt - [1426 octets] - [10/04/2014 23:30:53]
AdwCleaner[R5].txt - [18500 octets] - [24/04/2014 13:32:30]
AdwCleaner[R6].txt - [5298 octets] - [29/04/2014 11:52:31]
AdwCleaner[R7].txt - [15434 octets] - [29/04/2014 13:49:42]
AdwCleaner[R8].txt - [21593 octets] - [12/05/2014 14:56:31]
AdwCleaner[S0].txt - [1275 octets] - [29/08/2013 14:03:20]
AdwCleaner[S1].txt - [25356 octets] - [29/08/2013 14:11:25]
AdwCleaner[S2].txt - [17399 octets] - [01/01/2014 23:02:04]
AdwCleaner[S3].txt - [7742 octets] - [24/03/2014 14:35:32]
AdwCleaner[S4].txt - [1487 octets] - [10/04/2014 23:33:03]
AdwCleaner[S5].txt - [17110 octets] - [24/04/2014 13:45:47]
AdwCleaner[S6].txt - [4993 octets] - [29/04/2014 11:54:28]
AdwCleaner[S7].txt - [18548 octets] - [12/05/2014 14:58:19]
########## EOF - C:\AdwCleaner\AdwCleaner[S7].txt - [18609 octets] ##########
JRT Log Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Ultimate x64
Ran by Steven on 12.05.2014 at 17:34:48,55
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3548663749-2604073035-1364446154-1001\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3548663749-2604073035-1364446154-1001\Software\wajam
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\chatzum_softonic_yahoo_61_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\chatzum_softonic_yahoo_61_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\chatzum_softonic_yahoo_61_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\chatzum_softonic_yahoo_61_RASMANCS
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\ytd video downloader"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader"
~~~ FireFox
Successfully deleted: [Folder] C:\Users\Steven\AppData\Roaming\mozilla\firefox\profiles\nml0go5u.default\extensions\staged
Emptied folder: C:\Users\Steven\AppData\Roaming\mozilla\firefox\profiles\nml0go5u.default\minidumps [4 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 12.05.2014 at 17:45:58,55
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Ich hoffe das waren alle wichtigen Infos die ihr erstmal braucht sollte was fehlen bitte einfach schreiben. |
|
13.05.2014, 06:33
| #2 |
| /// the machine /// TB-Ausbilder    | Posadi17 verschwindet nicht mehr. hi,
__________________Revo Uninstaller - Download - Filepony Damit alles deinstallieren was Du in der Additional.txt findest mit dem Zusatz <== ATTENTION Mit Revo auch Moderat die Reste entfernen lassen. Frisches FRST log bitte.
__________________ |
|
13.05.2014, 10:02
| #3 |
| | Posadi17 verschwindet nicht mehr. Hallo Posadi ist seit gestern verschwunden und kam auch nicht mehr wieder aber jetzt habe ich Jollywallet drauf ohne das ich gestern etwas gedownloadet habe außer die programme und viele Programme mit Attention findet man im Uninstaller nicht.
__________________FRST Log FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-05-2014 01
Ran by Steven (administrator) on STEVEN-PC on 13-05-2014 10:59:24
Running from C:\Users\Steven\Downloads
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Windows\vVX3000.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Akamai Technologies, Inc.) C:\Users\Steven\AppData\Local\Akamai\netsession_win.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Akamai Technologies, Inc.) C:\Users\Steven\AppData\Local\Akamai\netsession_win.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
() C:\Windows\Microsoft\SystemUpdatekb70007\WindowsUpdater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(The Privoxy team - www.privoxy.org) C:\Program Files (x86)\MSR\Privoxy\privoxy.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [VX3000] => C:\Windows\vVX3000.exe [762736 2010-05-20] (Microsoft Corporation)
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2014-02-14] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2013-03-21] (Microsoft Corporation)
HKU\S-1-5-21-3548663749-2604073035-1364446154-1001\...\Run: [Facebook Update] => C:\Users\Steven\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-06-08] (Facebook Inc.)
HKU\S-1-5-21-3548663749-2604073035-1364446154-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1825984 2014-04-24] (Valve Corporation)
HKU\S-1-5-21-3548663749-2604073035-1364446154-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Steven\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3548663749-2604073035-1364446154-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20924064 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-3548663749-2604073035-1364446154-1001\...\MountPoints2: {9df90aa7-5b33-11e2-8456-806e6f6e6963} - D:\setup.exe /autorun
==================== Internet (Whitelisted) ====================
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:8118;https=127.0.0.1:8118
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC0112C0A43EFCD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - URL hxxp://search.conduit.com/Results.aspx?ctid=CT3321902&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=5&UP=SP663B87C6-8A3D-4CE8-B59C-1A74EF062EE0&q={searchTerms}&SSPV=
SearchScopes: HKCU - SuggestionsURL_JSON hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
SearchScopes: HKCU - EABAE5A3C45E4C8C962B7647CCF3B4C1 URL = hxxp://feed.snapdo.com/?publisher=TightropeYB&dpid=TightropeYB&co=DE&userid=dc4e5cbb-3918-42fc-9b3e-bd7a3429a538&searchtype=ds&q={searchTerms}&installDate=23/05/2013
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\nml0go5u.default
FF SearchEngineOrder.3: Bing
FF NetworkProxy: "type", 1);user_pref("network.proxy.http", "127.0.0.1");user_pref("network.proxy.http_port", 8118);user_pref("network.proxy.ssl", "127.0.0.1");user_pref("network.proxy.ssl_port", 8118
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 - C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Steven\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Amazon-Icon - C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\nml0go5u.default\Extensions\amazon-icon@winload.de [2013-08-29]
FF Extension: Snap.Do - C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\nml0go5u.default\Extensions\{dc4e5cbb-3918-42fc-9b3e-bd7a3429a538} [2013-06-13]
FF Extension: ReloadEvery - C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\nml0go5u.default\Extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi [2013-03-02]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-12-04]
FF HKCU\...\Firefox\Extensions: [{710723a6-29df-467c-ab26-052643f280eb}] - C:\Program Files (x86)\Re-markit\150.xpi
Chrome:
=======
CHR Extension: (Google Docs) - C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-12]
CHR Extension: (Google Drive) - C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-12]
CHR Extension: (YouTube) - C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-12]
CHR Extension: (Google-Suche) - C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-12]
CHR Extension: (Google Wallet) - C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-12]
CHR Extension: (Google Mail) - C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-12]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Services (Whitelisted) =================
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4600264 2013-11-05] (INCA Internet Co., Ltd.)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 SystemUpdatekb70007; C:\Windows\Microsoft\SystemUpdatekb70007\WindowsUpdater.exe [18944 2014-05-08] ()
S2 tor; C:\Program Files (x86)\Tor\tor.exe [3233806 2013-08-24] ()
S2 d0e87c27; "C:\Windows\system32\rundll32.exe" "c:\progra~2\sw-boo~1\AssistantSvc.dll",service
==================== Drivers (Whitelisted) ====================
S4 sfdrv01; C:\Windows\System32\drivers\sfdrv01.sys [68608 2005-08-10] (Protection Technology)
S4 sfvfs02; C:\Windows\System32\drivers\sfvfs02.sys [89600 2005-11-03] (Protection Technology)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-09-17] (Anchorfree Inc.)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)
R1 {587cb346-a3d8-4884-b39b-f0ed918b6f96}Gw64; C:\Windows\System32\drivers\{587cb346-a3d8-4884-b39b-f0ed918b6f96}Gw64.sys [61120 2014-04-24] (StdLib)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [X]
S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [X]
S3 X6va013; \??\C:\Windows\SysWOW64\Drivers\X6va013 [X]
S3 X6va014; \??\C:\Windows\SysWOW64\Drivers\X6va014 [X]
S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [X]
S3 X6va016; \??\C:\Windows\SysWOW64\Drivers\X6va016 [X]
S3 X6va017; \??\C:\Windows\SysWOW64\Drivers\X6va017 [X]
S3 X6va019; \??\C:\Windows\SysWOW64\Drivers\X6va019 [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-05-13 10:45 - 2014-05-13 10:45 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Steven\Downloads\revosetup95.exe
2014-05-13 10:45 - 2014-05-13 10:45 - 00001268 _____ () C:\Users\Steven\Desktop\Revo Uninstaller.lnk
2014-05-13 10:45 - 2014-05-13 10:45 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-05-12 22:26 - 2014-05-12 22:26 - 00000011 ____R () C:\Windows\amunres.lsl
2014-05-12 22:20 - 2014-05-12 22:20 - 00002251 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-12 22:20 - 2014-05-12 22:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-05-12 22:19 - 2014-05-13 10:24 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-12 22:19 - 2014-05-12 22:57 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-12 22:19 - 2014-05-12 22:19 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-12 22:19 - 2014-05-12 22:19 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-12 21:59 - 2014-05-12 22:13 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-05-12 21:57 - 2014-05-12 21:57 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Steven\Downloads\SpyHunter-installer.exe
2014-05-12 20:27 - 2014-05-12 20:27 - 00007563 _____ () C:\Users\Steven\Desktop\Mbam.txt
2014-05-12 20:22 - 2014-05-13 10:59 - 00013378 _____ () C:\Users\Steven\Downloads\FRST.txt
2014-05-12 20:22 - 2014-05-13 10:59 - 00000000 ____D () C:\FRST
2014-05-12 20:22 - 2014-05-12 20:23 - 00038383 _____ () C:\Users\Steven\Downloads\Addition.txt
2014-05-12 20:21 - 2014-05-12 20:21 - 02066944 _____ (Farbar) C:\Users\Steven\Downloads\FRST64.exe
2014-05-12 18:23 - 2014-05-12 18:23 - 02347384 _____ (ESET) C:\Users\Steven\Downloads\esetsmartinstaller_enu.exe
2014-05-12 18:08 - 2014-05-12 18:08 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-12 18:08 - 2014-05-12 18:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-05-12 18:08 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 18:08 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 18:08 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-12 18:04 - 2014-05-12 18:04 - 00259584 _____ (OldTimer Tools) C:\Users\Steven\Downloads\OTH.scr
2014-05-12 17:56 - 2014-05-12 17:56 - 00003192 _____ () C:\Windows\System32\Tasks\{99574516-7C89-4FB0-A35D-24DE271C15BF}
2014-05-12 17:45 - 2014-05-12 17:45 - 00002351 _____ () C:\Users\Steven\Desktop\JRT.txt
2014-05-12 17:32 - 2014-05-12 17:33 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Steven\Downloads\revosetup.exe
2014-05-12 17:26 - 2014-05-12 17:29 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-12 17:26 - 2014-03-31 03:51 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-12 16:29 - 2014-05-12 16:29 - 01016261 _____ (Thisisu) C:\Users\Steven\Downloads\JRT.exe
2014-05-12 16:29 - 2014-05-12 16:29 - 00000000 ____D () C:\Windows\ERUNT
2014-05-12 16:17 - 2014-05-12 16:17 - 01325827 _____ () C:\Users\Steven\Downloads\adwcleaner.exe
2014-05-12 15:47 - 2014-05-12 22:32 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-12 15:47 - 2014-05-12 18:08 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-05-12 15:47 - 2014-05-12 15:47 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-12 15:07 - 2014-05-12 15:12 - 150844400 _____ (Acresso Software Inc. ) C:\Users\Steven\Downloads\Stronghold_Crusader_HD_Update.exe
2014-05-12 14:52 - 2014-05-12 14:52 - 01745400 _____ (AnyProtect.com) C:\Users\Steven\AppData\Local\nsoFE10.tmp
2014-05-12 14:49 - 2014-05-12 14:49 - 00000000 ____D () C:\Program Files (x86)\MSR
2014-05-12 14:48 - 2014-05-12 16:13 - 00000000 ____D () C:\Users\Steven\AppData\Local\17170
2014-05-12 14:40 - 2014-05-12 14:40 - 01674832 _____ (BitTorrent Inc.) C:\Users\Steven\Downloads\uTorrent.exe
2014-05-08 01:20 - 2014-05-08 01:20 - 00000018 _____ () C:\Users\Steven\Desktop\Neues Textdokument.txt
2014-05-07 15:36 - 2014-05-07 15:37 - 00921512 _____ (Oracle Corporation) C:\Users\Steven\Downloads\chromeinstall-7u55.exe
2014-05-07 03:00 - 2014-05-07 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-06 14:35 - 2014-05-06 14:35 - 00094899 _____ () C:\Users\Steven\Downloads\SpeedAutoClicker (2).zip
2014-05-06 04:24 - 2014-05-06 04:24 - 00002958 _____ () C:\Windows\System32\Tasks\{B2FF17B4-C35E-4F3C-A57C-9CD9E56540B5}
2014-05-06 04:24 - 2014-05-06 04:24 - 00002958 _____ () C:\Windows\System32\Tasks\{2D45EAE4-584C-4DC8-968C-EE9F3DED24F1}
2014-05-06 04:23 - 2014-05-06 04:23 - 00094899 _____ () C:\Users\Steven\Downloads\SpeedAutoClicker (1).zip
2014-05-06 04:22 - 2014-05-06 04:22 - 00094899 _____ () C:\Users\Steven\Downloads\SpeedAutoClicker.zip
2014-05-06 04:11 - 2014-04-14 04:24 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-06 04:11 - 2014-04-14 04:19 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-03 20:44 - 2014-05-12 22:57 - 00001232 _____ () C:\Windows\setupact.log
2014-05-03 20:44 - 2014-05-03 20:44 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-03 20:43 - 2014-05-12 22:57 - 00013088 _____ () C:\Windows\PFRO.log
2014-05-03 01:43 - 2014-05-03 01:43 - 00000000 ____D () C:\Users\Steven\AppData\Roaming\OpenOffice
2014-05-02 11:49 - 2014-05-02 11:49 - 00147116 _____ () C:\Users\Steven\Documents\DH.rms
2014-05-02 01:32 - 2014-05-02 01:32 - 00143102 _____ () C:\Users\Steven\Documents\keiler +rep.rms
2014-04-30 11:11 - 2014-04-30 11:11 - 00258647 _____ () C:\Users\Steven\Documents\Keilerspot 2h.rms
2014-04-30 00:28 - 2014-04-30 00:28 - 00000000 ___HD () C:\Users\Steven\Desktop\.updtmp
2014-04-29 23:40 - 2014-04-29 23:40 - 00031445 _____ () C:\Users\Steven\Documents\F123.rms
2014-04-29 14:05 - 2014-04-29 14:05 - 00001067 _____ () C:\Users\Public\Desktop\ReMouse Micro.lnk
2014-04-29 14:05 - 2014-04-29 14:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ReMouse Micro
2014-04-29 14:05 - 2014-04-29 14:05 - 00000000 ____D () C:\Program Files (x86)\ReMouse Micro
2014-04-29 13:42 - 2012-11-18 11:27 - 00000000 ____D () C:\Users\Steven\Desktop\RobotSoft.Mouse.and.Keyboard.Recorder.v3.1.9.2.Incl.Keygen.and.Patch-BRD
2014-04-29 13:36 - 2014-04-29 13:37 - 00000000 ____D () C:\Users\Steven\AppData\Roaming\RobotSoft
2014-04-29 13:36 - 2014-04-29 13:36 - 00000000 ____D () C:\Users\Steven\Documents\RobotSoft
2014-04-29 13:36 - 2014-04-29 13:36 - 00000000 ____D () C:\Program Files (x86)\RobotSoft
2014-04-29 13:18 - 2014-04-24 12:34 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\{587cb346-a3d8-4884-b39b-f0ed918b6f96}Gw64.sys
2014-04-29 13:14 - 2014-04-29 13:14 - 00000000 ____D () C:\ProgramData\MiniApp
2014-04-29 13:13 - 2014-05-06 04:27 - 00000000 ____D () C:\ProgramData\f882b6e296045db1
2014-04-29 13:13 - 2014-04-29 13:35 - 00000000 ____D () C:\ProgramData\InstallMate
2014-04-29 13:13 - 2014-04-29 13:13 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Google
2014-04-29 13:13 - 2014-04-29 13:13 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Comodo
2014-04-29 13:13 - 2014-04-29 13:13 - 00000000 ____D () C:\Users\Steven\AppData\Local\Packages
2014-04-29 13:13 - 2014-04-29 13:13 - 00000000 ____D () C:\Users\Steven\AppData\Local\Comodo
2014-04-29 13:13 - 2014-04-29 13:13 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-04-29 13:13 - 2014-04-29 13:13 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-04-29 13:13 - 2014-04-29 13:13 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-04-29 13:13 - 2014-04-29 13:13 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google
2014-04-29 13:13 - 2014-04-29 13:13 - 00000000 ____D () C:\Users\Gast\AppData\Local\Comodo
2014-04-29 13:13 - 2014-04-29 13:13 - 00000000 ____D () C:\Users\Gast
2014-04-29 13:13 - 2014-04-29 13:13 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-04-29 13:13 - 2014-04-29 13:13 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-04-29 13:13 - 2014-04-29 13:13 - 00000000 ____D () C:\Users\Administrator
2014-04-29 11:48 - 2014-04-29 11:48 - 00301496 _____ (VuuPC Limited) C:\Users\Steven\AppData\Local\nsdEBAD.tmp
2014-04-29 11:46 - 2014-04-29 11:46 - 01107768 _____ (AnyProtect.com) C:\Users\Steven\AppData\Local\nsc7855.tmp
2014-04-29 00:38 - 2014-04-29 00:41 - 00000000 ____D () C:\Program Files (x86)\auto-clicker
2014-04-29 00:25 - 2014-04-29 00:25 - 00000000 ___RD () C:\Sandbox
2014-04-29 00:22 - 2014-04-30 00:33 - 00001578 _____ () C:\Windows\Sandboxie.ini
2014-04-28 22:20 - 2014-04-29 14:05 - 00000000 ____D () C:\Users\Steven\Documents\AutomaticSolution Software
2014-04-27 11:31 - 2014-04-27 11:31 - 00000000 ____D () C:\Users\Steven\AppData\Local\Blizzard
2014-04-27 11:19 - 2014-04-27 12:47 - 00000000 ____D () C:\Users\Steven\AppData\Local\Battle.net
2014-04-27 11:19 - 2014-04-27 11:20 - 00000000 ____D () C:\Users\Steven\AppData\Roaming\Battle.net
2014-04-27 11:19 - 2014-04-27 11:19 - 00000000 ____D () C:\Users\Steven\AppData\Local\Blizzard Entertainment
2014-04-27 11:18 - 2014-04-27 11:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2014-04-27 11:18 - 2014-04-27 11:19 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2014-04-27 11:18 - 2014-04-27 11:19 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-04-27 11:16 - 2014-04-27 11:16 - 00000000 ____D () C:\ProgramData\Battle.net
2014-04-24 16:34 - 2014-04-24 16:34 - 01010720 ___RS (Microsoft Corporation) C:\Windows\SysWOW64\MSCHRT20.OCX
2014-04-24 16:34 - 2014-04-24 16:34 - 00224016 ___RS (Microsoft Corporation) C:\Windows\SysWOW64\TABCTL32.OCX
2014-04-24 16:34 - 2014-04-24 16:34 - 00152848 ___RS (Microsoft Corporation) C:\Windows\SysWOW64\COMDLG32.OCX
2014-04-24 13:33 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-04-24 13:30 - 2014-04-24 13:45 - 00003510 _____ () C:\Windows\System32\Tasks\FinishInstall igdhbblpcellaljokkpfhcjlagemhgjl
2014-04-23 19:42 - 2014-04-23 19:42 - 00000046 _____ () C:\Users\Steven\AppData\Roaming\WB.CFG
2014-04-23 17:53 - 2014-04-29 00:05 - 00000000 ____D () C:\Users\Steven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Glarysoft
2014-04-23 17:53 - 2014-04-29 00:05 - 00000000 ____D () C:\Program Files (x86)\Glarysoft
2014-04-23 17:53 - 2014-04-23 17:53 - 00000000 ____D () C:\Users\Steven\AppData\Roaming\GlarySoft
2014-04-23 17:48 - 2014-05-12 14:58 - 00000000 ____D () C:\Users\Steven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WorldofTanks551
2014-04-23 17:48 - 2014-04-23 17:48 - 00000000 ____D () C:\Users\Steven\AppData\Roaming\WorldofTanks
2014-04-23 17:47 - 2014-04-23 17:50 - 00000000 ____D () C:\Users\Steven\AppData\Roaming\Nico Mak Computing
2014-04-23 17:47 - 2014-04-23 17:47 - 00001112 _____ () C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk
2014-04-23 17:47 - 2014-04-23 17:47 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.1
2014-04-23 17:46 - 2014-04-23 17:46 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2014-04-21 17:48 - 2014-04-21 17:48 - 00004224 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-04-21 17:48 - 2014-04-21 17:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-04-21 17:48 - 2014-04-14 20:13 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-21 17:48 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-21 17:48 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-21 17:48 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-04-21 17:41 - 2014-04-21 17:41 - 00000000 __SHD () C:\Users\Steven\AppData\Local\EmieUserList
2014-04-21 17:41 - 2014-04-21 17:41 - 00000000 __SHD () C:\Users\Steven\AppData\Local\EmieSiteList
==================== One Month Modified Files and Folders =======
2014-05-13 10:59 - 2014-05-12 20:22 - 00013378 _____ () C:\Users\Steven\Downloads\FRST.txt
2014-05-13 10:59 - 2014-05-12 20:22 - 00000000 ____D () C:\FRST
2014-05-13 10:45 - 2014-05-13 10:45 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Steven\Downloads\revosetup95.exe
2014-05-13 10:45 - 2014-05-13 10:45 - 00001268 _____ () C:\Users\Steven\Desktop\Revo Uninstaller.lnk
2014-05-13 10:45 - 2014-05-13 10:45 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-05-13 10:24 - 2014-05-12 22:19 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-13 10:21 - 2013-10-29 12:53 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-13 09:47 - 2013-06-08 18:42 - 00000932 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3548663749-2604073035-1364446154-1001UA.job
2014-05-12 23:05 - 2009-07-14 19:58 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2014-05-12 23:05 - 2009-07-14 19:58 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2014-05-12 23:05 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-12 23:05 - 2009-07-14 06:45 - 00016944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-12 23:05 - 2009-07-14 06:45 - 00016944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-12 22:58 - 2013-08-21 14:33 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-05-12 22:58 - 2013-01-24 22:03 - 00000000 ____D () C:\Users\Steven\AppData\Roaming\Skype
2014-05-12 22:57 - 2014-05-12 22:19 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-12 22:57 - 2014-05-03 20:44 - 00001232 _____ () C:\Windows\setupact.log
2014-05-12 22:57 - 2014-05-03 20:43 - 00013088 _____ () C:\Windows\PFRO.log
2014-05-12 22:57 - 2013-05-23 00:35 - 00000416 _____ () C:\Windows\Tasks\PC Optimizer Pro64 startups.job
2014-05-12 22:57 - 2013-02-04 15:45 - 00000000 ____D () C:\Program Files (x86)\Pando Networks
2014-05-12 22:57 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-12 22:56 - 2013-01-10 16:43 - 01065572 _____ () C:\Windows\WindowsUpdate.log
2014-05-12 22:32 - 2014-05-12 15:47 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-12 22:30 - 2013-08-29 14:02 - 00000000 ____D () C:\AdwCleaner
2014-05-12 22:26 - 2014-05-12 22:26 - 00000011 ____R () C:\Windows\amunres.lsl
2014-05-12 22:25 - 2013-08-21 16:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameSpy Arcade
2014-05-12 22:20 - 2014-05-12 22:20 - 00002251 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-12 22:20 - 2014-05-12 22:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-05-12 22:20 - 2013-08-29 13:24 - 00000000 ____D () C:\Program Files (x86)\Google
2014-05-12 22:20 - 2013-01-10 19:39 - 00000000 ____D () C:\Users\Steven\AppData\Local\Google
2014-05-12 22:19 - 2014-05-12 22:19 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-12 22:19 - 2014-05-12 22:19 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-12 22:13 - 2014-05-12 21:59 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-05-12 21:57 - 2014-05-12 21:57 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Steven\Downloads\SpyHunter-installer.exe
2014-05-12 21:55 - 2013-01-10 19:39 - 00000000 ____D () C:\Users\Steven\AppData\Roaming\TS3Client
2014-05-12 20:27 - 2014-05-12 20:27 - 00007563 _____ () C:\Users\Steven\Desktop\Mbam.txt
2014-05-12 20:23 - 2014-05-12 20:22 - 00038383 _____ () C:\Users\Steven\Downloads\Addition.txt
2014-05-12 20:21 - 2014-05-12 20:21 - 02066944 _____ (Farbar) C:\Users\Steven\Downloads\FRST64.exe
2014-05-12 18:47 - 2013-06-08 18:42 - 00000910 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3548663749-2604073035-1364446154-1001Core.job
2014-05-12 18:23 - 2014-05-12 18:23 - 02347384 _____ (ESET) C:\Users\Steven\Downloads\esetsmartinstaller_enu.exe
2014-05-12 18:08 - 2014-05-12 18:08 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-12 18:08 - 2014-05-12 18:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-05-12 18:08 - 2014-05-12 15:47 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-05-12 18:04 - 2014-05-12 18:04 - 00259584 _____ (OldTimer Tools) C:\Users\Steven\Downloads\OTH.scr
2014-05-12 17:56 - 2014-05-12 17:56 - 00003192 _____ () C:\Windows\System32\Tasks\{99574516-7C89-4FB0-A35D-24DE271C15BF}
2014-05-12 17:45 - 2014-05-12 17:45 - 00002351 _____ () C:\Users\Steven\Desktop\JRT.txt
2014-05-12 17:33 - 2014-05-12 17:32 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Steven\Downloads\revosetup.exe
2014-05-12 17:29 - 2014-05-12 17:26 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-12 16:29 - 2014-05-12 16:29 - 01016261 _____ (Thisisu) C:\Users\Steven\Downloads\JRT.exe
2014-05-12 16:29 - 2014-05-12 16:29 - 00000000 ____D () C:\Windows\ERUNT
2014-05-12 16:17 - 2014-05-12 16:17 - 01325827 _____ () C:\Users\Steven\Downloads\adwcleaner.exe
2014-05-12 16:14 - 2013-01-10 16:48 - 00000000 ___RD () C:\Users\Steven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-12 16:14 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat
2014-05-12 16:13 - 2014-05-12 14:48 - 00000000 ____D () C:\Users\Steven\AppData\Local\17170
2014-05-12 15:47 - 2014-05-12 15:47 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-12 15:38 - 2013-01-10 16:39 - 00000000 ____D () C:\Windows\Panther
2014-05-12 15:36 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-05-12 15:28 - 2013-01-10 19:43 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-05-12 15:20 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-05-12 15:19 - 2014-01-21 15:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefly Studios
2014-05-12 15:19 - 2014-01-21 15:57 - 00000000 ____D () C:\Program Files (x86)\Firefly Studios
2014-05-12 15:19 - 2013-01-10 19:45 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-05-12 15:12 - 2014-05-12 15:07 - 150844400 _____ (Acresso Software Inc. ) C:\Users\Steven\Downloads\Stronghold_Crusader_HD_Update.exe
2014-05-12 14:58 - 2014-04-23 17:48 - 00000000 ____D () C:\Users\Steven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WorldofTanks551
2014-05-12 14:58 - 2013-03-02 12:24 - 00001065 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-12 14:52 - 2014-05-12 14:52 - 01745400 _____ (AnyProtect.com) C:\Users\Steven\AppData\Local\nsoFE10.tmp
2014-05-12 14:49 - 2014-05-12 14:49 - 00000000 ____D () C:\Program Files (x86)\MSR
2014-05-12 14:40 - 2014-05-12 14:40 - 01674832 _____ (BitTorrent Inc.) C:\Users\Steven\Downloads\uTorrent.exe
2014-05-11 00:43 - 2013-01-10 23:15 - 00000000 ____D () C:\Users\Steven\Documents\Cross Fire
2014-05-08 19:45 - 2013-01-10 23:15 - 00000000 ____D () C:\CFLog
2014-05-08 13:16 - 2014-04-06 22:30 - 00000000 ____D () C:\Users\Steven\AppData\Local\fabi.me
2014-05-08 01:20 - 2014-05-08 01:20 - 00000018 _____ () C:\Users\Steven\Desktop\Neues Textdokument.txt
2014-05-07 23:34 - 2013-09-22 23:34 - 00000328 _____ () C:\Windows\Tasks\SuperEasyDriverUpdater_UPDATES.job
2014-05-07 15:37 - 2014-05-07 15:36 - 00921512 _____ (Oracle Corporation) C:\Users\Steven\Downloads\chromeinstall-7u55.exe
2014-05-07 14:03 - 2014-03-12 13:13 - 00000866 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-05-07 14:03 - 2013-08-27 12:15 - 00000994 _____ () C:\Users\Public\Desktop\Rappelz.lnk
2014-05-07 14:03 - 2007-01-01 01:12 - 00000961 _____ () C:\Users\Steven\Desktop\TeamSpeak 3 Client.lnk
2014-05-07 03:00 - 2014-05-07 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-06 14:35 - 2014-05-06 14:35 - 00094899 _____ () C:\Users\Steven\Downloads\SpeedAutoClicker (2).zip
2014-05-06 04:27 - 2014-04-29 13:13 - 00000000 ____D () C:\ProgramData\f882b6e296045db1
2014-05-06 04:24 - 2014-05-06 04:24 - 00002958 _____ () C:\Windows\System32\Tasks\{B2FF17B4-C35E-4F3C-A57C-9CD9E56540B5}
2014-05-06 04:24 - 2014-05-06 04:24 - 00002958 _____ () C:\Windows\System32\Tasks\{2D45EAE4-584C-4DC8-968C-EE9F3DED24F1}
2014-05-06 04:23 - 2014-05-06 04:23 - 00094899 _____ () C:\Users\Steven\Downloads\SpeedAutoClicker (1).zip
2014-05-06 04:22 - 2014-05-06 04:22 - 00094899 _____ () C:\Users\Steven\Downloads\SpeedAutoClicker.zip
2014-05-03 20:44 - 2014-05-03 20:44 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-03 12:37 - 2014-03-14 11:06 - 00000000 ____D () C:\Users\Steven\AppData\Local\Deployment
2014-05-03 11:08 - 2013-08-22 13:34 - 00000000 ____D () C:\Users\Steven\Desktop\Neuer Ordner
2014-05-03 01:43 - 2014-05-03 01:43 - 00000000 ____D () C:\Users\Steven\AppData\Roaming\OpenOffice
2014-05-02 20:46 - 2013-01-13 20:23 - 00021504 ____H () C:\Users\Steven\Desktop\photothumb.db
2014-05-02 11:49 - 2014-05-02 11:49 - 00147116 _____ () C:\Users\Steven\Documents\DH.rms
2014-05-02 01:32 - 2014-05-02 01:32 - 00143102 _____ () C:\Users\Steven\Documents\keiler +rep.rms
2014-05-02 01:23 - 2014-03-01 01:12 - 00000000 ____D () C:\Users\Steven\Desktop\123123
2014-04-30 11:11 - 2014-04-30 11:11 - 00258647 _____ () C:\Users\Steven\Documents\Keilerspot 2h.rms
2014-04-30 00:33 - 2014-04-29 00:22 - 00001578 _____ () C:\Windows\Sandboxie.ini
2014-04-30 00:28 - 2014-04-30 00:28 - 00000000 ___HD () C:\Users\Steven\Desktop\.updtmp
2014-04-29 23:40 - 2014-04-29 23:40 - 00031445 _____ () C:\Users\Steven\Documents\F123.rms
2014-04-29 14:05 - 2014-04-29 14:05 - 00001067 _____ () C:\Users\Public\Desktop\ReMouse Micro.lnk
2014-04-29 14:05 - 2014-04-29 14:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ReMouse Micro
2014-04-29 14:05 - 2014-04-29 14:05 - 00000000 ____D () C:\Program Files (x86)\ReMouse Micro
2014-04-29 14:05 - 2014-04-28 22:20 - 00000000 ____D () C:\Users\Steven\Documents\AutomaticSolution Software
2014-04-29 13:37 - 2014-04-29 13:36 - 00000000 ____D () C:\Users\Steven\AppData\Roaming\RobotSoft
2014-04-29 13:36 - 2014-04-29 13:36 - 00000000 ____D () C:\Users\Steven\Documents\RobotSoft
2014-04-29 13:36 - 2014-04-29 13:36 - 00000000 ____D () C:\Program Files (x86)\RobotSoft
2014-04-29 13:35 - 2014-04-29 13:13 - 00000000 ____D () C:\ProgramData\InstallMate
2014-04-29 13:18 - 2009-07-14 04:34 - 00000505 _____ () C:\Windows\win.ini
2014-04-29 13:14 - 2014-04-29 13:14 - 00000000 ____D () C:\ProgramData\MiniApp
2014-04-29 13:13 - 2014-04-29 13:13 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Google
2014-04-29 13:13 - 2014-04-29 13:13 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Comodo
2014-04-29 13:13 - 2014-04-29 13:13 - 00000000 ____D () C:\Users\Steven\AppData\Local\Packages
2014-04-29 13:13 - 2014-04-29 13:13 - 00000000 ____D () C:\Users\Steven\AppData\Local\Comodo
2014-04-29 13:13 - 2014-04-29 13:13 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-04-29 13:13 - 2014-04-29 13:13 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-04-29 13:13 - 2014-04-29 13:13 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-04-29 13:13 - 2014-04-29 13:13 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google
2014-04-29 13:13 - 2014-04-29 13:13 - 00000000 ____D () C:\Users\Gast\AppData\Local\Comodo
2014-04-29 13:13 - 2014-04-29 13:13 - 00000000 ____D () C:\Users\Gast
2014-04-29 13:13 - 2014-04-29 13:13 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-04-29 13:13 - 2014-04-29 13:13 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-04-29 13:13 - 2014-04-29 13:13 - 00000000 ____D () C:\Users\Administrator
2014-04-29 11:48 - 2014-04-29 11:48 - 00301496 _____ (VuuPC Limited) C:\Users\Steven\AppData\Local\nsdEBAD.tmp
2014-04-29 11:46 - 2014-04-29 11:46 - 01107768 _____ (AnyProtect.com) C:\Users\Steven\AppData\Local\nsc7855.tmp
2014-04-29 00:41 - 2014-04-29 00:38 - 00000000 ____D () C:\Program Files (x86)\auto-clicker
2014-04-29 00:38 - 2013-11-02 19:39 - 00000000 ____D () C:\Program Files (x86)\Brick-Force
2014-04-29 00:30 - 2013-01-10 17:02 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-04-29 00:25 - 2014-04-29 00:25 - 00000000 ___RD () C:\Sandbox
2014-04-29 00:05 - 2014-04-23 17:53 - 00000000 ____D () C:\Users\Steven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Glarysoft
2014-04-29 00:05 - 2014-04-23 17:53 - 00000000 ____D () C:\Program Files (x86)\Glarysoft
2014-04-28 22:21 - 2013-10-29 12:53 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-28 22:21 - 2013-01-12 07:48 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-28 22:21 - 2013-01-12 07:48 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-27 12:47 - 2014-04-27 11:19 - 00000000 ____D () C:\Users\Steven\AppData\Local\Battle.net
2014-04-27 11:31 - 2014-04-27 11:31 - 00000000 ____D () C:\Users\Steven\AppData\Local\Blizzard
2014-04-27 11:20 - 2014-04-27 11:19 - 00000000 ____D () C:\Users\Steven\AppData\Roaming\Battle.net
2014-04-27 11:19 - 2014-04-27 11:19 - 00000000 ____D () C:\Users\Steven\AppData\Local\Blizzard Entertainment
2014-04-27 11:19 - 2014-04-27 11:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2014-04-27 11:19 - 2014-04-27 11:18 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2014-04-27 11:19 - 2014-04-27 11:18 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-04-27 11:16 - 2014-04-27 11:16 - 00000000 ____D () C:\ProgramData\Battle.net
2014-04-24 16:34 - 2014-04-24 16:34 - 01010720 ___RS (Microsoft Corporation) C:\Windows\SysWOW64\MSCHRT20.OCX
2014-04-24 16:34 - 2014-04-24 16:34 - 00224016 ___RS (Microsoft Corporation) C:\Windows\SysWOW64\TABCTL32.OCX
2014-04-24 16:34 - 2014-04-24 16:34 - 00152848 ___RS (Microsoft Corporation) C:\Windows\SysWOW64\COMDLG32.OCX
2014-04-24 13:50 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-24 13:45 - 2014-04-24 13:30 - 00003510 _____ () C:\Windows\System32\Tasks\FinishInstall igdhbblpcellaljokkpfhcjlagemhgjl
2014-04-24 13:45 - 2013-01-10 16:47 - 00000000 ____D () C:\Users\Steven
2014-04-24 12:34 - 2014-04-29 13:18 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\{587cb346-a3d8-4884-b39b-f0ed918b6f96}Gw64.sys
2014-04-24 02:49 - 2013-11-05 16:51 - 00000000 ____D () C:\Users\Steven\AppData\Local\Akamai
2014-04-24 02:47 - 2009-07-14 06:45 - 00426456 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-23 19:42 - 2014-04-23 19:42 - 00000046 _____ () C:\Users\Steven\AppData\Roaming\WB.CFG
2014-04-23 19:22 - 2013-01-10 17:02 - 00116392 _____ () C:\Users\Steven\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-23 17:53 - 2014-04-23 17:53 - 00000000 ____D () C:\Users\Steven\AppData\Roaming\GlarySoft
2014-04-23 17:50 - 2014-04-23 17:47 - 00000000 ____D () C:\Users\Steven\AppData\Roaming\Nico Mak Computing
2014-04-23 17:48 - 2014-04-23 17:48 - 00000000 ____D () C:\Users\Steven\AppData\Roaming\WorldofTanks
2014-04-23 17:47 - 2014-04-23 17:47 - 00001112 _____ () C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk
2014-04-23 17:47 - 2014-04-23 17:47 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.1
2014-04-23 17:46 - 2014-04-23 17:46 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2014-04-21 17:51 - 2014-01-21 15:38 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-21 17:48 - 2014-04-21 17:48 - 00004224 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-04-21 17:48 - 2014-04-21 17:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-04-21 17:48 - 2013-10-18 18:55 - 00000000 ____D () C:\Program Files (x86)\Java
2014-04-21 17:41 - 2014-04-21 17:41 - 00000000 __SHD () C:\Users\Steven\AppData\Local\EmieUserList
2014-04-21 17:41 - 2014-04-21 17:41 - 00000000 __SHD () C:\Users\Steven\AppData\Local\EmieSiteList
2014-04-21 00:09 - 2013-06-20 20:42 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2014-04-20 01:47 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-04-14 20:13 - 2014-04-21 17:48 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-14 20:05 - 2014-04-21 17:48 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-14 20:05 - 2014-04-21 17:48 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-14 20:04 - 2014-04-21 17:48 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-04-14 04:24 - 2014-05-06 04:11 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-04-14 04:19 - 2014-05-06 04:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
Some content of TEMP:
====================
C:\Users\Steven\AppData\Local\Temp\f.exe
C:\Users\Steven\AppData\Local\Temp\GLB1A2B.EXE
C:\Users\Steven\AppData\Local\Temp\htmlayout.dll
C:\Users\Steven\AppData\Local\Temp\IrsoDLL.dll
C:\Users\Steven\AppData\Local\Temp\SHSetup.exe
C:\Users\Steven\AppData\Local\Temp\toolbar74341428.exe
C:\Users\Steven\AppData\Local\Temp\toolbar74344212.exe
C:\Users\Steven\AppData\Local\Temp\toolbar74344362.exe
C:\Users\Steven\AppData\Local\Temp\vp.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-05-09 00:19
==================== End Of Log ============================
|
|
14.05.2014, 08:47
| #4 |
| /// the machine /// TB-Ausbilder | Posadi17 verschwindet nicht mehr.ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
Linear-Darstellung
