| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: BetterMarkIT NICHT entfernbarWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
26.01.2015, 15:48
| #1 |
| |  BetterMarkIT NICHT entfernbar Hallo T-Board Team, ich habe mir letztens aus versehn durch einen fehlklick (schon doof) was gedownloadet und habe seid dem BetterMarkIT auf dem rechner. Ich habe dieses Programm bereits entfernt. Habe die benutzten datein per abmelden->untilman modiviziert zur CMD.exe->datei von BMIT gelöscht. Habe in %appdata% die datein rausgelöscht und die registry davon befreit sofern ich BetterMarkIt drinn gefunden habe. Der Browser Firefox hatte das Addon drinne. Was ich ebenfals entfernte. in About:config fand ich allerdings nichts von dem Program. Worauf ich den FIrefox, die caches und die temp datein gelöscht habe. und neu installierte. Jedoch habe ich imernoch diese werbe adds. Mein AdBlock+ und mein Noscript halten diese nicht auf und ich komm andauernd auf diese drive-by dinger. wenn ich nicht aufpasse lad ich mir sowas aus versehen runter wie Windowscleaner oder "Adobe Flash Player Update". Dies ist euserst störend und ich bitte euch mir zu helfen. MBAM, Hitman Pro und Stronghold Anti-Malware finden BMIT nicht weshalb ich keine log files erstellen kann.  ICh glaube das war alles. Ich hoffe das ihr mir behilflich sein könnt. LG Sparton LP |
|
26.01.2015, 15:54
| #2 |
| /// TB-Ausbilder   |  BetterMarkIT NICHT entfernbar Hallo SpartonLP
__________________ Mein Name ist Timo und ich werde Dir bei deinem Problem behilflich sein.
 Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist immer der sicherste Weg. Wir arbeiten hier alle freiwillig und meist auch nur in unserer Freizeit. Daher kann es bei Antworten zu Verzögerungen kommen. Solltest du innerhalb 48 Std keine Antwort von mir erhalten, dann schreib mit eine PM Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis ich oder jemand vom Team sagt, dass Du clean bist. Führe sämtliche Tools mit administrativen Rechten aus, Vista, Win7,Win8 User mit Rechtsklick "als Administrator starten". So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
28.01.2015, 23:11
| #3 |
| | BetterMarkIT NICHT entfernbar Wieso #-drücken. HA! LEARNING BY DOING
__________________ zu welcher sprache gehört das [CODE]?FRST FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-01-2015
Ran by User (administrator) on USER-PC on 28-01-2015 23:06:13
Running from C:\Users\CoD FTW\Downloads
Loaded Profiles: User & CoD FTW (Available profiles: User & CoD FTW)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(ppy) C:\Program Files (x86)\osu!\osu!.exe
(AMD) C:\Windows\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\Speech\Common\sapisvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [VIAxHCUtl] => C:\Program Files\VIA XHCI UASP Utility\usb3Monitor
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [Stronghold AntiMalware] => C:\Program Files (x86)\Stronghold AntiMalware\StrongholdAntiMalware.exe
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoDrives] 65536
HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\...\Run: [Speech Recognition] => C:\Windows\Speech\Common\sapisvr.exe [44544 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\...\MountPoints2: {0a9dafc1-4bb3-11e4-a7b1-b8975a2698fc} - E:\AutoRun.exe
HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\...\MountPoints2: {0a9dafd8-4bb3-11e4-a7b1-b8975a2698fc} - E:\AutoRun.exe
HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\...\MountPoints2: {208014db-4ac8-11e4-b4f1-b8975a2698fc} - E:\AutoRun.exe
HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\...\MountPoints2: {208014ec-4ac8-11e4-b4f1-b8975a2698fc} - E:\AutoRun.exe
HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\...\MountPoints2: {208014f9-4ac8-11e4-b4f1-b8975a2698fc} - E:\AutoRun.exe
HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\...\MountPoints2: {20801567-4ac8-11e4-b4f1-b8975a2698fc} - E:\AutoRun.exe
HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\...\MountPoints2: {625f33ca-5204-11e3-b989-806e6f6e6963} - D:\Bin\ASSETUP.exe
HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\...\MountPoints2: {cb91d5cb-81e8-11e2-a29c-806e6f6e6963} - D:\Bin\ASSETUP.exe
IFEO\utilman.exe: [Debugger] C:\Windows\System32\cmd.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyServer: [S-1-5-21-2260964575-2753946872-1401531445-1001] => localhost:8080
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKU\S-1-5-21-2260964575-2753946872-1401531445-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {438CB363-A94D-4AE3-8F99-E93393D46036} URL = hxxp://www.bing.com/?cc=de
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {50742086-32D3-4D7F-A73C-DDB2FBE0C4B3} URL = hxxp://www.bing.com/?cc=de
SearchScopes: HKU\S-1-5-21-2260964575-2753946872-1401531445-1001 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=ild&utm_campaign=install_ie&utm_content=ds&from=ild&uid=WDCXWD2500AAJS-07B4A0_WD-WCAT1287301873018&ts=1422032818&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2260964575-2753946872-1401531445-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=ild&utm_campaign=install_ie&utm_content=ds&from=ild&uid=WDCXWD2500AAJS-07B4A0_WD-WCAT1287301873018&ts=1422032818&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2260964575-2753946872-1401531445-1001 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=ild&utm_campaign=install_ie&utm_content=ds&from=ild&uid=WDCXWD2500AAJS-07B4A0_WD-WCAT1287301873018&ts=1422032818&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2260964575-2753946872-1401531445-1001 -> {438CB363-A94D-4AE3-8F99-E93393D46036} URL = hxxp://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=ild&utm_campaign=install_ie&utm_content=ds&from=ild&uid=WDCXWD2500AAJS-07B4A0_WD-WCAT1287301873018&ts=1422032818&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2260964575-2753946872-1401531445-1001 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=ild&utm_campaign=install_ie&utm_content=ds&from=ild&uid=WDCXWD2500AAJS-07B4A0_WD-WCAT1287301873018&ts=1422032818&type=default&q={searchTerms}
BHO: ClickMovie1-Downloaderv10 -> {11111111-1111-1111-1111-110611331117} -> C:\Program Files (x86)\ClickMovie1-Downloaderv10\ClickMovie1-Downloaderv10-bho64.dll No File
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ClickMovie1-Downloaderv10 -> {11111111-1111-1111-1111-110611331117} -> C:\Program Files (x86)\ClickMovie1-Downloaderv10\ClickMovie1-Downloaderv10-bho.dll No File
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll (Microsoft Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cjgdjad8.default
FF Plugin: @java.com/DTPlugin,version=10.72.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.72.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2260964575-2753946872-1401531445-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2260964575-2753946872-1401531445-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Extension: Adblock Plus - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cjgdjad8.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-01-25]
FF HKLM-x32\...\Firefox\Extensions: [fftoolbar2014@etech.com] - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\2ha8a6y9.default\extensions\fftoolbar2014@etech.com
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2014-08-26] ()
S4 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2015-01-23] (VIA Technologies, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /svc [X]
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /medsvc [X]
S4 LMIGuardianSvc; "C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe" [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R0 amdide64; C:\Windows\System32\DRIVERS\amdide64.sys [11944 2015-01-23] (Advanced Micro Devices Inc.)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43664 2015-01-24] ()
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-01-23] (REALiX(tm))
S3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [12256512 2010-12-16] (Intel Corporation) [File not signed]
S3 L1C; C:\Windows\System32\DRIVERS\l1c51x64.sys [104600 2012-11-19] (Atheros Communications, Inc.)
S3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 RTL85n64; C:\Windows\System32\DRIVERS\RTL85n64.sys [378368 2009-06-10] (Realtek)
S3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [1528976 2013-03-05] (Realtek Semiconductor Corporation )
S3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [225792 2013-09-25] (VIA Technologies, Inc.)
R2 webinstrNHKT; C:\Windows\system32\Drivers\webinstrNHKT.sys [56432 2015-01-23] (Corsica)
S3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [296960 2013-09-25] (VIA Technologies, Inc.)
S2 APXACC; system32\DRIVERS\appexDrv.sys [X]
S3 AthBTPort; system32\DRIVERS\btath_flt.sys [X]
S3 avchv; system32\DRIVERS\avchv.sys [X]
S3 BTATH_A2DP; system32\drivers\btath_a2dp.sys [X]
S3 BTATH_BUS; system32\DRIVERS\btath_bus.sys [X]
S3 BTATH_HCRP; system32\DRIVERS\btath_hcrp.sys [X]
S3 BTATH_LWFLT; system32\DRIVERS\btath_lwflt.sys [X]
S3 BTATH_RCP; system32\DRIVERS\btath_rcp.sys [X]
S3 BtFilter; system32\DRIVERS\btfilter.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]
S3 NVNET; system32\DRIVERS\nvmf6264.sys [X]
S3 sclbl; \??\C:\AeriaGames\ScarletBlade\avital\scarbt64.sys [X]
S0 ulqvswbe; System32\drivers\sowxxrb.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-28 22:56 - 2015-01-28 23:06 - 00015362 _____ () C:\Users\CoD FTW\Downloads\FRST.txt
2015-01-28 22:56 - 2015-01-28 23:06 - 00000000 ____D () C:\FRST
2015-01-28 22:55 - 2015-01-28 22:55 - 02130432 _____ (Farbar) C:\Users\CoD FTW\Downloads\FRST64.exe
2015-01-28 22:52 - 2015-01-28 22:52 - 00000000 __SHD () C:\Users\CoD FTW\AppData\Local\EmieUserList
2015-01-28 22:52 - 2015-01-28 22:52 - 00000000 __SHD () C:\Users\CoD FTW\AppData\Local\EmieSiteList
2015-01-28 22:52 - 2015-01-28 22:52 - 00000000 __SHD () C:\Users\CoD FTW\AppData\Local\EmieBrowserModeList
2015-01-28 22:28 - 2015-01-28 22:29 - 00000000 ____D () C:\Users\CoD FTW\Desktop\eg
2015-01-28 22:21 - 2015-01-28 22:22 - 00000000 ____D () C:\Users\CoD FTW\AppData\Roaming\Notepad++
2015-01-28 22:20 - 2015-01-28 22:20 - 00000000 ____D () C:\Users\CoD FTW\AppData\Roaming\WinRAR
2015-01-28 22:14 - 2015-01-28 22:14 - 00000907 _____ () C:\Users\CoD FTW\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\osu!.lnk
2015-01-28 22:14 - 2015-01-28 22:14 - 00000877 _____ () C:\Users\CoD FTW\Desktop\osu!.lnk
2015-01-28 22:13 - 2015-01-28 22:15 - 16235850 _____ () C:\Users\CoD FTW\Downloads\Blade+dance+2.0.rar
2015-01-28 22:12 - 2015-01-28 22:12 - 00000000 ____D () C:\Users\CoD FTW\AppData\Roaming\Mozilla
2015-01-28 22:12 - 2015-01-28 22:12 - 00000000 ____D () C:\Users\CoD FTW\AppData\Local\Mozilla
2015-01-28 22:10 - 2015-01-28 22:10 - 00058016 _____ () C:\Users\CoD FTW\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-28 22:08 - 2015-01-28 22:09 - 00000000 ____D () C:\Users\CoD FTW\AppData\Local\NVIDIA Corporation
2015-01-28 22:08 - 2015-01-28 22:08 - 00001433 _____ () C:\Users\CoD FTW\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-28 22:08 - 2015-01-28 22:08 - 00000020 ___SH () C:\Users\CoD FTW\ntuser.ini
2015-01-28 22:08 - 2015-01-28 22:08 - 00000000 _SHDL () C:\Users\CoD FTW\Vorlagen
2015-01-28 22:08 - 2015-01-28 22:08 - 00000000 _SHDL () C:\Users\CoD FTW\Startmenü
2015-01-28 22:08 - 2015-01-28 22:08 - 00000000 _SHDL () C:\Users\CoD FTW\Netzwerkumgebung
2015-01-28 22:08 - 2015-01-28 22:08 - 00000000 _SHDL () C:\Users\CoD FTW\Lokale Einstellungen
2015-01-28 22:08 - 2015-01-28 22:08 - 00000000 _SHDL () C:\Users\CoD FTW\Eigene Dateien
2015-01-28 22:08 - 2015-01-28 22:08 - 00000000 _SHDL () C:\Users\CoD FTW\Druckumgebung
2015-01-28 22:08 - 2015-01-28 22:08 - 00000000 _SHDL () C:\Users\CoD FTW\Documents\Eigene Musik
2015-01-28 22:08 - 2015-01-28 22:08 - 00000000 _SHDL () C:\Users\CoD FTW\Documents\Eigene Bilder
2015-01-28 22:08 - 2015-01-28 22:08 - 00000000 _SHDL () C:\Users\CoD FTW\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-01-28 22:08 - 2015-01-28 22:08 - 00000000 _SHDL () C:\Users\CoD FTW\AppData\Local\Verlauf
2015-01-28 22:08 - 2015-01-28 22:08 - 00000000 _SHDL () C:\Users\CoD FTW\AppData\Local\Anwendungsdaten
2015-01-28 22:08 - 2015-01-28 22:08 - 00000000 _SHDL () C:\Users\CoD FTW\Anwendungsdaten
2015-01-28 22:08 - 2015-01-28 22:08 - 00000000 ____D () C:\Users\CoD FTW\AppData\Roaming\Adobe
2015-01-28 22:08 - 2015-01-28 22:08 - 00000000 ____D () C:\Users\CoD FTW\AppData\Local\VirtualStore
2015-01-28 22:08 - 2015-01-28 22:08 - 00000000 ____D () C:\Users\CoD FTW\AppData\Local\NVIDIA
2015-01-28 22:08 - 2015-01-28 22:08 - 00000000 ____D () C:\Users\CoD FTW
2015-01-28 22:08 - 2009-07-14 05:54 - 00000000 ___RD () C:\Users\CoD FTW\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-28 22:08 - 2009-07-14 05:49 - 00000000 ___RD () C:\Users\CoD FTW\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-01-27 19:14 - 2015-01-27 19:14 - 00000085 _____ () C:\Windows\wininit.ini
2015-01-25 13:25 - 2015-01-25 15:37 - 00000000 ____D () C:\Users\Public\Documents\Stronghold AntiMalware
2015-01-25 13:23 - 2015-01-25 13:24 - 06611376 _____ (Security Stronghold ) C:\Users\User\Downloads\StrongholdAntiMalware_Avangate.exe
2015-01-25 13:23 - 2015-01-25 13:23 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\User\Downloads\SpyHunter-Installer.exe
2015-01-25 13:03 - 2015-01-25 13:03 - 00000777 _____ () C:\Users\User\Desktop\World of Tanks.lnk
2015-01-25 13:03 - 2015-01-25 13:03 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\World of Tanks
2015-01-25 13:03 - 2015-01-25 13:03 - 00000000 ____D () C:\Games
2015-01-25 13:01 - 2015-01-25 13:02 - 05994752 _____ (Wargaming.net ) C:\Users\User\Downloads\WoT_internet_install_eu.exe
2015-01-24 23:59 - 2015-01-24 23:59 - 00000221 _____ () C:\Users\User\Desktop\Dead Island.url
2015-01-24 12:37 - 2015-01-24 12:37 - 00000000 ____D () C:\Users\User\AppData\Roaming\Mozilla
2015-01-24 12:25 - 2015-01-24 12:25 - 00005136 _____ () C:\Windows\system32\.crusader
2015-01-24 12:11 - 2015-01-24 12:32 - 00043664 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2015-01-24 12:11 - 2015-01-24 12:10 - 11225840 _____ (SurfRight B.V.) C:\Users\User\Desktop\hitmanpro_x64.exe
2015-01-24 12:10 - 2015-01-24 12:27 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-01-24 12:09 - 2015-01-24 12:11 - 13770007 _____ () C:\Users\User\Downloads\hitmanpro379.zip
2015-01-24 12:06 - 2015-01-24 12:06 - 01188880 _____ (Elex do Brasil Participações Ltda) C:\Users\User\Downloads\yet_another_cleaner_sk_0.exe
2015-01-24 09:24 - 2015-01-28 14:40 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-01-24 09:24 - 2015-01-27 19:14 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-01-24 09:24 - 2015-01-24 09:24 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2015-01-24 09:22 - 2015-01-24 09:23 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\User\Downloads\spybot-2.4.exe
2015-01-24 09:18 - 2015-01-24 09:18 - 00000000 ____D () C:\Windows\system32\SRSLabs
2015-01-24 09:08 - 2015-01-24 09:08 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
2015-01-24 09:05 - 2015-01-24 09:05 - 01937320 _____ () C:\Users\User\Downloads\AdAware115WebInstaller.exe
2015-01-23 23:40 - 2015-01-23 23:43 - 54428497 _____ () C:\Users\User\Downloads\mods.rar
2015-01-23 23:38 - 2015-01-23 23:38 - 00000222 _____ () C:\Users\User\Desktop\Starbound.url
2015-01-23 20:42 - 2015-01-23 20:42 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2015-01-23 20:41 - 2015-01-23 20:41 - 00319912 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2015-01-23 20:41 - 2015-01-23 20:41 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2015-01-23 20:41 - 2015-01-23 20:41 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2015-01-23 20:41 - 2015-01-23 20:41 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-01-23 20:41 - 2015-01-23 20:41 - 00000000 ____D () C:\Program Files\Java
2015-01-23 20:38 - 2015-01-23 20:38 - 27646720 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioVnA64.dll
2015-01-23 20:38 - 2015-01-23 20:38 - 07163744 _____ (Dolby Laboratories) C:\Windows\system32\EEP64H.dll
2015-01-23 20:38 - 2015-01-23 20:38 - 07163744 _____ (Dolby Laboratories) C:\Windows\system32\EEP64A.dll
2015-01-23 20:38 - 2015-01-23 20:38 - 03322368 _____ (VIA Technologies, Inc.) C:\Windows\system32\VIAPropPageExt.dll
2015-01-23 20:38 - 2015-01-23 20:38 - 02103040 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib64.dll
2015-01-23 20:38 - 2015-01-23 20:38 - 01985024 _____ (Creative Technology Ltd.) C:\Windows\system32\VMAPO264.DLL
2015-01-23 20:38 - 2015-01-23 20:38 - 01845424 _____ (VIA Technologies, Inc.) C:\Windows\system32\ViaMicArrayAPO.dll
2015-01-23 20:38 - 2015-01-23 20:38 - 01713664 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\VMAPO232.DLL
2015-01-23 20:38 - 2015-01-23 20:38 - 01161336 _____ (VIA Technologies, Inc.) C:\Windows\system32\ViaKaraokeApo.dll
2015-01-23 20:38 - 2015-01-23 20:38 - 01013504 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell64.dll
2015-01-23 20:38 - 2015-01-23 20:38 - 00942808 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys
2015-01-23 20:38 - 2015-01-23 20:38 - 00884400 _____ (VIA Technologies, Inc.) C:\Windows\system32\VIASysFx.dll
2015-01-23 20:38 - 2015-01-23 20:38 - 00879616 _____ (Creative Technology Ltd.) C:\Windows\system32\VMAPO64.DLL
2015-01-23 20:38 - 2015-01-23 20:38 - 00739328 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\VMAPO32.DLL
2015-01-23 20:38 - 2015-01-23 20:38 - 00689840 _____ (VIA Technologies, Inc.) C:\Windows\system32\Drivers\viahduaa.sys
2015-01-23 20:38 - 2015-01-23 20:38 - 00663296 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll
2015-01-23 20:38 - 2015-01-23 20:38 - 00619520 _____ (Creative Technology Ltd.) C:\Windows\system32\VMTHX64.DLL
2015-01-23 20:38 - 2015-01-23 20:38 - 00554496 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\VMTHX32.DLL
2015-01-23 20:38 - 2015-01-23 20:38 - 00433504 _____ (Dolby Laboratories) C:\Windows\system32\EED64H.dll
2015-01-23 20:38 - 2015-01-23 20:38 - 00433504 _____ (Dolby Laboratories) C:\Windows\system32\EED64A.dll
2015-01-23 20:38 - 2015-01-23 20:38 - 00388096 _____ (Creative Technology Ltd.) C:\Windows\system32\VMWRP64.DLL
2015-01-23 20:38 - 2015-01-23 20:38 - 00248952 _____ (Windows (R) Codename Longhorn DDK provider) C:\Windows\system32\Dts2APO.dll
2015-01-23 20:38 - 2015-01-23 20:38 - 00137056 _____ (Dolby Laboratories) C:\Windows\system32\EEL64H.dll
2015-01-23 20:38 - 2015-01-23 20:38 - 00137056 _____ (Dolby Laboratories) C:\Windows\system32\EEL64A.dll
2015-01-23 20:38 - 2015-01-23 20:38 - 00123512 _____ (VIA Technologies,Inc.) C:\Windows\system32\ViaKaraokePropPageExt.dll
2015-01-23 20:38 - 2015-01-23 20:38 - 00120160 _____ (Dolby Laboratories) C:\Windows\system32\EEA64H.dll
2015-01-23 20:38 - 2015-01-23 20:38 - 00120160 _____ (Dolby Laboratories) C:\Windows\system32\EEA64A.dll
2015-01-23 20:38 - 2015-01-23 20:38 - 00095352 _____ (VIA Technologies,Inc.) C:\Windows\system32\ViaMicArrayPropPageExt.dll
2015-01-23 20:38 - 2015-01-23 20:38 - 00092280 _____ (VIA Technologies, Inc.) C:\Windows\system32\Dts2PropPageExt.dll
2015-01-23 20:38 - 2015-01-23 20:38 - 00086016 _____ (QSound Labs, Inc.) C:\Windows\system32\nQPropPageExt.dll
2015-01-23 20:38 - 2015-01-23 20:38 - 00083968 _____ (QSound Labs, Inc.) C:\Windows\system32\nQAPO.dll
2015-01-23 20:38 - 2015-01-23 20:38 - 00075104 _____ (Dolby Laboratories) C:\Windows\system32\EEG64H.dll
2015-01-23 20:38 - 2015-01-23 20:38 - 00075104 _____ (Dolby Laboratories) C:\Windows\system32\EEG64A.dll
2015-01-23 20:38 - 2015-01-23 20:38 - 00073800 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
2015-01-23 20:38 - 2015-01-23 20:38 - 00070776 _____ (Windows (R) Codename Longhorn DDK provider) C:\Windows\system32\VtSrdAPO.dll
2015-01-23 20:38 - 2015-01-23 20:38 - 00057856 _____ (Creative Technology Ltd.) C:\Windows\system32\VMPPLD64.DLL
2015-01-23 20:38 - 2015-01-23 20:38 - 00055416 _____ (TODO: <Company name>) C:\Windows\system32\PropPageExt.dll
2015-01-23 20:38 - 2015-01-23 20:38 - 00053760 _____ (Creative Technology Ltd.) C:\Windows\system32\VMPPCN64.DLL
2015-01-23 20:38 - 2015-01-23 20:38 - 00033456 _____ (Creative Technology Ltd.) C:\Windows\system32\Drivers\VMfilt64.sys
2015-01-23 20:38 - 2015-01-23 20:38 - 00027768 _____ (VIA Technologies, Inc.) C:\Windows\system32\ViakaraokeSrv.exe
2015-01-23 20:36 - 2015-01-23 20:36 - 00011944 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\Drivers\amdide64.sys
2015-01-23 20:16 - 2015-01-28 23:06 - 00002852 _____ () C:\Windows\System32\Tasks\Driver Booster SkipUAC (User)
2015-01-23 20:16 - 2015-01-23 20:42 - 00002118 _____ () C:\Users\Public\Desktop\Driver Booster 2.lnk
2015-01-23 20:16 - 2015-01-23 20:16 - 00026528 _____ (REALiX(tm)) C:\Windows\SysWOW64\Drivers\HWiNFO64A.SYS
2015-01-23 20:16 - 2015-01-23 20:16 - 00003212 _____ () C:\Windows\System32\Tasks\Driver Booster Scan
2015-01-23 20:16 - 2015-01-23 20:16 - 00003156 _____ () C:\Windows\System32\Tasks\Driver Booster Update
2015-01-23 20:16 - 2015-01-23 20:16 - 00000000 ____D () C:\Users\User\AppData\Roaming\IObit
2015-01-23 20:16 - 2015-01-23 20:16 - 00000000 ____D () C:\ProgramData\ProductData
2015-01-23 20:16 - 2015-01-23 20:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 2
2015-01-23 20:16 - 2015-01-23 20:16 - 00000000 ____D () C:\ProgramData\IObit
2015-01-23 20:16 - 2015-01-23 20:16 - 00000000 ____D () C:\Program Files (x86)\IObit
2015-01-23 20:15 - 2015-01-23 20:16 - 10603200 _____ (IObit ) C:\Users\User\Downloads\driver_booster21_setup.exe
2015-01-23 20:05 - 2015-01-23 20:08 - 00000000 ____D () C:\ProgramData\DriverGenius
2015-01-23 20:01 - 2015-01-23 20:02 - 08719056 _____ (Driver-Soft Inc. ) C:\Users\User\Downloads\Driver_Genius_14de.exe
2015-01-23 20:00 - 2015-01-24 23:59 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-01-23 20:00 - 2015-01-23 20:00 - 00000221 _____ () C:\Users\User\Desktop\Sniper Ghost Warrior 2.url
2015-01-23 19:59 - 2015-01-23 19:59 - 00001131 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-23 19:59 - 2015-01-23 19:59 - 00001119 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-01-23 19:59 - 2015-01-23 19:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-23 19:59 - 2015-01-23 19:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-23 19:54 - 2015-01-23 19:54 - 00243728 _____ () C:\Users\User\Downloads\Firefox Setup Stub 35.0.exe
2015-01-23 18:44 - 2015-01-24 12:47 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-23 18:44 - 2015-01-23 18:44 - 00001074 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-01-23 18:44 - 2015-01-23 18:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-01-23 18:44 - 2015-01-23 18:44 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-23 18:44 - 2015-01-23 18:44 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-01-23 18:44 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-23 18:44 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-23 18:44 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-23 18:43 - 2015-01-23 18:44 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\User\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-23 18:05 - 2015-01-28 23:05 - 00001330 _____ () C:\Windows\Tasks\FHOZ.job
2015-01-23 18:05 - 2015-01-23 18:05 - 00056432 _____ (Corsica) C:\Windows\system32\Drivers\webinstrNHKT.sys
2015-01-23 18:05 - 2015-01-23 18:05 - 00004352 _____ () C:\Windows\System32\Tasks\FHOZ
2015-01-23 18:05 - 2015-01-23 18:05 - 00002358 _____ () C:\Windows\patsearch.bin
2015-01-23 18:05 - 2015-01-23 18:05 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstrNHKT_01009.Wdf
2015-01-23 18:04 - 2015-01-28 23:05 - 00001332 _____ () C:\Windows\Tasks\OWIAD.job
2015-01-23 18:04 - 2015-01-23 18:04 - 00004354 _____ () C:\Windows\System32\Tasks\OWIAD
2015-01-23 18:01 - 2015-01-23 18:01 - 00000000 ____D () C:\Users\User\AppData\Local\DriverToolkit
2015-01-23 18:00 - 2015-01-23 18:00 - 02448688 _____ (Megaify Software ) C:\Users\User\Downloads\driver_setup.exe
2015-01-23 10:13 - 2015-01-23 10:13 - 00000222 _____ () C:\Users\User\Desktop\Halo Spartan Assault.url
2015-01-20 23:32 - 2015-01-20 23:33 - 01989090 _____ () C:\Users\User\Downloads\HoxHud P8.7 Self-installer.exe
2015-01-20 21:19 - 2015-01-20 21:19 - 00057466 _____ () C:\Users\User\Downloads\config_mp tiescher fps.cfg
2015-01-20 15:26 - 2015-01-28 23:05 - 00003018 _____ () C:\Windows\System32\Tasks\MSIAfterburner
2015-01-20 15:24 - 2015-01-27 18:49 - 00000000 ____D () C:\Program Files (x86)\MSI Afterburner
2015-01-20 15:24 - 2015-01-20 15:24 - 00001058 _____ () C:\Users\User\Desktop\MSI Afterburner.lnk
2015-01-20 15:22 - 2015-01-20 15:23 - 36210245 _____ () C:\Users\User\Downloads\MSIAfterburnerSetup410.zip
2015-01-20 14:20 - 2015-01-20 14:20 - 00734473 _____ () C:\Users\User\Downloads\CoreTemp_106.zip
2015-01-19 15:24 - 2015-01-19 15:24 - 00000221 _____ () C:\Users\User\Desktop\Call of Duty Modern Warfare 2 - Multiplayer.url
2015-01-19 09:59 - 2015-01-19 09:59 - 00000000 _____ () C:\Users\User\Desktop\Virus.txt
2015-01-19 09:32 - 2015-01-19 12:43 - 00000000 ____D () C:\Icons
2015-01-18 23:48 - 2015-01-18 23:48 - 00000750 _____ () C:\Users\User\Downloads\serial.txt
2015-01-18 23:48 - 2015-01-18 23:48 - 00000002 _____ () C:\Users\User\Downloads\myFile.txt
2015-01-18 19:09 - 2015-01-18 19:10 - 00000437 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2015-01-18 19:00 - 2015-01-18 19:00 - 04791280 _____ (Tunngle.net GmbH ) C:\Users\User\Downloads\Tunngle_Setup_v5.1.exe
2015-01-18 18:59 - 2015-01-18 18:59 - 00000000 _____ () C:\Windows\SysWOW64\Access.dat
2015-01-18 17:41 - 2015-01-18 17:41 - 07965917 _____ () C:\Users\User\Downloads\npp.6.7.4.Installer.exe
2015-01-18 17:41 - 2015-01-18 17:41 - 00000000 ____D () C:\Users\User\AppData\Roaming\Notepad++
2015-01-18 17:41 - 2015-01-18 17:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2015-01-18 17:41 - 2015-01-18 17:41 - 00000000 ____D () C:\Program Files (x86)\Notepad++
2015-01-18 17:35 - 2015-01-18 17:56 - 00000000 ____D () C:\Program Files (x86)\Cube World
2015-01-18 17:34 - 2015-01-18 17:35 - 38854527 _____ (Edmund Mcmillen & Florian Himsl ) C:\Users\User\Downloads\Isaac.exe
2015-01-18 17:34 - 2015-01-18 17:35 - 33192061 _____ () C:\Users\User\Downloads\Cube World.rar
2015-01-18 15:07 - 2015-01-18 15:08 - 31029672 _____ (Oracle Corporation) C:\Users\User\Downloads\jre-7u71-windows-x64.exe
2015-01-18 15:04 - 2015-01-18 15:04 - 02936397 _____ () C:\Users\User\Downloads\forge-1.7.2-10.12.2.1147-installer.jar
2015-01-18 14:55 - 2015-01-18 14:55 - 00097988 _____ () C:\Users\User\Downloads\camper.wav
2015-01-18 14:53 - 2015-01-19 12:44 - 00000000 ____D () C:\Users\User\AppData\Roaming\.minecraft
2015-01-18 14:33 - 2015-01-18 14:33 - 01692545 _____ (TeamExtreme) C:\Users\User\Desktop\Minecraft Cracked Launcher.exe
2015-01-18 14:24 - 2015-01-18 14:24 - 00059331 _____ () C:\Users\User\Downloads\config_mp1.cfg
2015-01-18 14:24 - 2015-01-18 14:24 - 00058848 _____ () C:\Users\User\Downloads\123456_mp.cfg
2015-01-18 13:45 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-01-18 13:45 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-01-18 10:38 - 2015-01-18 10:38 - 00000000 ____D () C:\Windows\system32\appraiser
2015-01-18 01:36 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-01-18 01:36 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-01-18 01:36 - 2014-07-07 03:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-01-18 01:36 - 2014-07-07 03:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-01-18 01:36 - 2014-07-07 03:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-01-18 01:36 - 2014-07-07 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-01-18 01:36 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-01-18 01:36 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-01-18 01:36 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-01-18 01:36 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-01-17 21:19 - 2015-01-17 21:20 - 07718224 _____ (TeamViewer GmbH) C:\Users\User\Downloads\TeamViewer36897_Setup_de.exe
2015-01-17 21:11 - 2015-01-17 21:11 - 00000000 ____D () C:\Users\User\AppData\Roaming\java
2015-01-17 21:09 - 2015-01-18 15:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-01-17 21:09 - 2015-01-17 21:08 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-17 21:01 - 2015-01-17 21:55 - 00000000 ____D () C:\Users\User\Downloads\Zusatz Mods nur für euch
2015-01-17 21:01 - 2015-01-17 21:55 - 00000000 ____D () C:\Users\User\Downloads\Notwendige Mods
2015-01-17 21:01 - 2015-01-17 21:28 - 333997894 _____ () C:\Users\User\Downloads\MC 1.7.2.rar
2015-01-17 21:00 - 2015-01-17 21:02 - 00638888 _____ (Oracle Corporation) C:\Users\User\Downloads\jxpiinstall.exe
2015-01-17 18:55 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-17 18:55 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-17 18:55 - 2014-12-11 18:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-17 18:55 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-17 18:55 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-17 18:55 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-17 18:55 - 2014-12-04 03:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-01-17 18:55 - 2014-12-04 03:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-01-17 18:55 - 2014-12-04 03:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-01-17 18:55 - 2014-12-04 03:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-01-17 18:55 - 2014-12-04 03:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-01-17 18:55 - 2014-12-04 03:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-01-17 18:55 - 2014-12-04 03:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-01-17 18:55 - 2014-12-02 00:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-01-17 18:55 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-01-17 18:55 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-01-17 18:55 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-01-17 18:54 - 2014-11-27 02:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-01-17 18:54 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-01-17 18:54 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-01-17 18:54 - 2014-11-22 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-01-17 18:54 - 2014-11-22 04:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-01-17 18:54 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-01-17 18:54 - 2014-11-22 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-01-17 18:54 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-01-17 18:54 - 2014-11-22 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-01-17 18:54 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-01-17 18:54 - 2014-11-22 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-01-17 18:54 - 2014-11-22 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-01-17 18:54 - 2014-11-22 03:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-01-17 18:54 - 2014-11-22 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-01-17 18:54 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-01-17 18:54 - 2014-11-22 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-01-17 18:54 - 2014-11-22 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-01-17 18:54 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-01-17 18:54 - 2014-11-22 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-01-17 18:54 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-01-17 18:54 - 2014-11-22 03:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-01-17 18:54 - 2014-11-22 03:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-01-17 18:54 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-01-17 18:54 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-01-17 18:54 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-01-17 18:54 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-01-17 18:54 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-01-17 18:54 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-01-17 18:54 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-01-17 18:54 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-01-17 18:54 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-01-17 18:54 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-01-17 18:54 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-01-17 18:54 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-01-17 18:54 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-01-17 18:54 - 2014-11-22 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-01-17 18:54 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-01-17 18:54 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-01-17 18:54 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-01-17 18:54 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-01-17 18:54 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-01-17 18:54 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-01-17 18:54 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-01-17 18:54 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-01-17 18:54 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-01-17 18:54 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-01-17 18:54 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-01-17 18:54 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-01-17 18:54 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-01-17 18:54 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-01-17 18:54 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-01-17 18:54 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-01-17 18:54 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-01-17 18:54 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-01-17 18:51 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2015-01-17 18:51 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2015-01-17 18:51 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2015-01-17 18:51 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2015-01-17 18:51 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2015-01-17 18:51 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2015-01-17 18:51 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2015-01-17 18:51 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2015-01-17 18:51 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2015-01-17 18:51 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2015-01-17 18:51 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2015-01-17 18:51 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2015-01-17 18:50 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-17 18:50 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-17 18:50 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-17 18:50 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-17 18:50 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-17 18:50 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-17 18:50 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-17 18:50 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-01-17 18:50 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-28 22:53 - 2014-11-08 21:30 - 00000000 ____D () C:\Program Files (x86)\osu!
2015-01-28 22:11 - 2009-07-14 05:45 - 00035552 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-28 22:11 - 2009-07-14 05:45 - 00035552 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-28 22:07 - 2011-05-07 00:46 - 01687095 _____ () C:\Windows\WindowsUpdate.log
2015-01-28 22:03 - 2014-04-27 16:36 - 00077084 _____ () C:\Windows\setupact.log
2015-01-28 22:03 - 2013-11-19 03:12 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-28 22:03 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-28 22:02 - 2014-11-15 00:51 - 00000000 ____D () C:\Users\User\AppData\Roaming\TS3Client
2015-01-28 22:02 - 2014-08-23 17:30 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-01-28 21:57 - 2014-12-06 14:37 - 00007598 _____ () C:\Users\User\AppData\Local\Resmon.ResmonCfg
2015-01-28 14:40 - 2010-11-21 04:47 - 00565600 _____ () C:\Windows\PFRO.log
2015-01-27 19:11 - 2014-11-02 18:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quake 4
2015-01-25 21:41 - 2014-08-24 11:26 - 00000000 ____D () C:\Users\User\Documents\Bandicam
2015-01-25 20:47 - 2009-07-14 05:45 - 00267816 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-25 15:30 - 2013-07-07 17:46 - 00058016 _____ () C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-25 15:28 - 2014-08-24 06:37 - 00000000 ____D () C:\Users\User\AppData\Local\CrashDumps
2015-01-25 13:02 - 2014-10-18 12:10 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft
2015-01-24 09:13 - 2014-08-31 17:56 - 00000000 ____D () C:\Users\User\AppData\Local\Unity
2015-01-24 02:30 - 2014-08-22 22:20 - 00000000 ____D () C:\Users\User\Documents\My Games
2015-01-23 20:38 - 2011-05-16 00:34 - 00107552 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst64.dll
2015-01-23 18:58 - 2011-05-07 01:43 - 00000000 ____D () C:\Windows\Panther
2015-01-22 16:17 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-01-22 14:46 - 2014-08-25 15:57 - 00000000 ____D () C:\Users\User\AppData\Roaming\Skype
2015-01-19 13:31 - 2014-08-22 21:42 - 00379213 _____ () C:\Windows\DirectX.log
2015-01-19 02:22 - 2014-04-27 16:37 - 00000000 ____D () C:\Windows\rescache
2015-01-18 19:13 - 2014-09-23 20:19 - 00000000 ____D () C:\Users\User\AppData\Roaming\Tunngle
2015-01-18 19:12 - 2010-11-21 07:50 - 00724650 _____ () C:\Windows\system32\perfh007.dat
2015-01-18 19:12 - 2010-11-21 07:50 - 00158956 _____ () C:\Windows\system32\perfc007.dat
2015-01-18 19:12 - 2009-07-14 06:13 - 01678210 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-18 12:01 - 2014-08-22 21:31 - 00000000 ____D () C:\Program Files (x86)\Ubisoft
2015-01-18 11:28 - 2014-08-23 16:58 - 00000000 ____D () C:\Users\User\AppData\Local\Battle.net
2015-01-18 11:27 - 2014-10-17 17:55 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2015-01-18 10:38 - 2014-04-26 12:27 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-01-18 10:38 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2015-01-18 10:37 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-01-18 01:36 - 2013-11-13 21:22 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-17 21:21 - 2014-09-13 15:46 - 00000000 ____D () C:\Users\User\AppData\Roaming\TeamViewer
2015-01-17 21:09 - 2014-09-06 17:00 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-17 21:08 - 2014-09-06 16:59 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-08 09:55 - 2010-11-21 04:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-31 13:12 - 2013-07-07 18:24 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
==================== Files in the root of some directories =======
2014-12-06 14:37 - 2015-01-28 21:57 - 0007598 _____ () C:\Users\User\AppData\Local\Resmon.ResmonCfg
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-24 02:47
==================== End Of Log ============================
--- --- --- Addition Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-01-2015
Ran by CoD FTW at 2015-01-28 22:57:58
Running from C:\Users\CoD FTW\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\...\uTorrent) (Version: 3.4.2.33080 - BitTorrent Inc.)
Adobe Photoshop 7.0 CE (HKLM-x32\...\Adobe Photoshop 7.0 CE) (Version: 7.0 CE - Adobe Systems, Inc.)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{F5B2C61F-1C10-FD9B-C29C-D8B88C9849CF}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.11 Beta2 - Michael Tippach)
Bandicam (HKLM-x32\...\Bandicam) (Version: 1.9.4.505 - Bandisoft.com)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - Bandisoft.com)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Battlefield 3 (HKLM-x32\...\Battlefield 3_R.G. Mechanics_is1) (Version: - R.G. Mechanics, DANTE2050)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version: - Gearbox Software)
Call of Duty: Black Ops - Multiplayer (HKLM-x32\...\Steam App 42710) (Version: - Treyarch)
Call of Duty: Black Ops (HKLM-x32\...\Steam App 42700) (Version: - Treyarch)
Call of Duty: Modern Warfare 2 - Multiplayer (HKLM-x32\...\Steam App 10190) (Version: - Infinity Ward)
Call of Duty: Modern Warfare 2 (HKLM-x32\...\Steam App 10180) (Version: - Infinity Ward)
Dead Island (HKLM-x32\...\Steam App 91310) (Version: - Techland)
Driver Booster 2.1 (HKLM-x32\...\Driver Booster_is1) (Version: 2.1 - IObit)
F.E.A.R. 3 (HKLM-x32\...\F.E.A.R. 3_is1) (Version: - )
FL Studio 11 (HKLM-x32\...\FL Studio 11) (Version: - Image-Line)
FlowStone FL 3.0 (HKLM-x32\...\FlowStone) (Version: - )
Freemake Video Converter Version 4.1.4 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.4 - Ellora Assets Corporation)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Facepunch Studios)
Halo: Spartan Assault (HKLM-x32\...\Steam App 277430) (Version: - Vanguard Games)
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
IL Shared Libraries (HKLM-x32\...\IL Shared Libraries) (Version: - Image-Line)
ISY USB Wireless Adapter (HKLM-x32\...\InstallShield_{549CE1BD-88E4-4C5E-BF75-B155624714CC}) (Version: 1.0.0.14 - ISY)
ISY USB Wireless Adapter (x32 Version: 1.0.0.14 - ISY) Hidden
Java 7 Update 72 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417072FF}) (Version: 7.0.720 - Oracle)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Killing Floor v.1055 version 1.0.5.5 (HKLM-x32\...\Killing Floor v.1055_is1) (Version: 1.0.5.5 - ©SunriseProject)
LuaEdit 2010 (x86 - 3.0.10.0) (HKLM-x32\...\LuaEdit 2010_is1) (Version: - Open Source)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mass Effect 2 (HKLM-x32\...\{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}) (Version: 1.00 - Electronic Arts, Inc.)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x64 8.0.61000 (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{0f12c81f-93ef-46ec-bc94-d952c1a775d4}) (Version: 11.0.50727.1 - Корпорация Майкрософт)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{6c95b50e-cb5a-4a1f-a7b4-8a6004f8dd6a}) (Version: 11.0.50727.1 - Корпорация Майкрософт)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Minecraft1.7.9 (HKLM-x32\...\Minecraft1.7.9) (Version: - )
Mozilla Firefox 35.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0 (x86 de)) (Version: 35.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0 - Mozilla)
MSI Afterburner 4.1.0 (HKLM-x32\...\Afterburner) (Version: 4.1.0 - MSI Co., LTD)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.4 - Notepad++ Team)
NVIDIA 3D Vision Controller-Treiber 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
osu! (HKLM-x32\...\{489863ab-977e-4828-8ea8-8d44ea2ab471}) (Version: latest - ppy Pty Ltd)
osu! (HKLM-x32\...\{591ffbd5-f070-4a22-8246-280ee89a55e0}) (Version: latest - ppy Pty Ltd)
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version: - OVERKILL - a Starbreeze Studio.)
Platform (x32 Version: 1.34 - VIA Technologies, Inc.) Hidden
Portal 2 (HKLM-x32\...\Steam App 620) (Version: - Valve)
Project Nomads (HKLM-x32\...\Project Nomads) (Version: - )
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.990 - Even Balance, Inc.)
Quake 4 Deutsch Mod V0.5 (HKLM-x32\...\Quake 4 Deutsch Mod V0.5_is1) (Version: - )
Saints Row IV (HKLM-x32\...\Steam App 206420) (Version: - Deep Silver Volition)
SAMSUNG Android USB Modem Software (HKLM\...\SAMSUNG Android USB Modem) (Version: V5.28.2.1 - )
SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Sniper Ghost Warrior 2 (HKLM-x32\...\Steam App 34870) (Version: - City Interactive)
Starbound (HKLM-x32\...\Steam App 211820) (Version: - )
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
Takatis - A Tribute To Manfred Trenz (HKLM-x32\...\Takatis - A Tribute To Manfred Trenz) (Version: - )
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
The Body Changer (HKLM-x32\...\Steam App 324390) (Version: - )
The Stanley Parable (HKLM-x32\...\The Stanley Parable_is1) (Version: - )
Tom Clancy's Splinter Cell Double Agent (HKLM-x32\...\{CAD1691A-FA24-4B95-9009-3257B8440ECC}) (Version: 1.00.0000 - Ubisoft)
Unity Web Player (HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\...\UnityWebPlayer) (Version: 4.6.1f1 - Unity Technologies ApS)
Unreal Development Kit: 2012-10 (HKLM\...\UDK-6f25bff8-2fc7-4677-bf66-ae4c64485a5f) (Version: - Epic Games, Inc.)
Uplay (HKLM-x32\...\Uplay) (Version: 4.7 - Ubisoft)
VIA Plattform-Geräte-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WinRAR 4.00 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
WMV9/VC-1 Video Playback (Version: 1.00.0000 - ATI Technologies Inc.) Hidden
World of Tanks (HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1) (Version: - Wargaming.net)
X - Beyond the Frontier (HKLM-x32\...\X - Beyond the Frontier) (Version: - )
X-TENSION (HKLM-x32\...\X-TENSION) (Version: - )
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
ATTENTION: System Restore is disabled.
Check "winmgmt" service or repair WMI.
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: C:\Windows\Tasks\FHOZ.job => ?
Task: C:\Windows\Tasks\OWIAD.job => ?
==================== Loaded Modules (whitelisted) =============
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: CLPSLauncher => 2
MSCONFIG\Services: DragonUpdater => 2
MSCONFIG\Services: GeekBuddyRSP => 2
MSCONFIG\Services: Hamachi2Svc => 2
MSCONFIG\Services: LMIGuardianSvc => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: TunngleService => 3
MSCONFIG\Services: VIAKaraokeService => 2
MSCONFIG\Services: WindowsMangerProtect => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk => C:\Windows\pss\Adobe Gamma Loader.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Start GeekBuddy.lnk => C:\Windows\pss\Start GeekBuddy.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Aeria Ignite => "C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe" silent
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\User\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: AthBtTray => "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
MSCONFIG\startupreg: AtherosBtStack => "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
MSCONFIG\startupreg: HDAudDeck => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: NUSB3MON => "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: PrivDogService => "C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\trustedadssvc.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: tvncontrol => "C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" -controlservice -slave
MSCONFIG\startupreg: uTorrent => "C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
========================= Accounts: ==========================
Administrator (S-1-5-21-2260964575-2753946872-1401531445-500 - Administrator - Disabled)
CoD FTW (S-1-5-21-2260964575-2753946872-1401531445-1004 - Limited - Enabled) => C:\Users\CoD FTW
Gast (S-1-5-21-2260964575-2753946872-1401531445-501 - Limited - Disabled)
User (S-1-5-21-2260964575-2753946872-1401531445-1001 - Administrator - Enabled) => C:\Users\User
==================== Faulty Device Manager Devices =============
Name: AppEx Networks Accelerator LWF
Description: AppEx Networks Accelerator LWF
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: APXACC
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: =========================
Application errors:
==================
Error: (01/28/2015 10:05:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/28/2015 02:42:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/27/2015 02:00:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/26/2015 10:07:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/26/2015 02:21:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/25/2015 08:48:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/25/2015 03:28:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: WoTLauncher.exe, Version: 0.3.9.391, Zeitstempel: 0x54afcc2a
Name des fehlerhaften Moduls: WoTLauncher.exe, Version: 0.3.9.391, Zeitstempel: 0x54afcc2a
Ausnahmecode: 0x40000015
Fehleroffset: 0x0000350f
ID des fehlerhaften Prozesses: 0xe34
Startzeit der fehlerhaften Anwendung: 0xWoTLauncher.exe0
Pfad der fehlerhaften Anwendung: WoTLauncher.exe1
Pfad des fehlerhaften Moduls: WoTLauncher.exe2
Berichtskennung: WoTLauncher.exe3
Error: (01/25/2015 11:20:02 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/24/2015 10:50:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: SniperGhostWarrior2.exe, Version: 3.4.4.6290, Zeitstempel: 0x5214a539
Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325, Zeitstempel: 0x4df2be1e
Ausnahmecode: 0x40000015
Fehleroffset: 0x0008d6fd
ID des fehlerhaften Prozesses: 0x110c
Startzeit der fehlerhaften Anwendung: 0xSniperGhostWarrior2.exe0
Pfad der fehlerhaften Anwendung: SniperGhostWarrior2.exe1
Pfad des fehlerhaften Moduls: SniperGhostWarrior2.exe2
Berichtskennung: SniperGhostWarrior2.exe3
Error: (01/24/2015 00:33:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (01/28/2015 10:05:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "globalUpdate Update Service (globalUpdate)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (01/28/2015 10:03:56 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
ulqvswbe
Error: (01/28/2015 10:03:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AppEx Networks Accelerator LWF" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (01/28/2015 10:02:16 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
Error: (01/28/2015 05:38:42 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error: (01/28/2015 05:33:55 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error: (01/28/2015 02:44:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "globalUpdate Update Service (globalUpdate)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (01/28/2015 02:42:06 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
ulqvswbe
Error: (01/28/2015 02:41:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AppEx Networks Accelerator LWF" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (01/27/2015 11:50:22 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
Microsoft Office Sessions:
=========================
Error: (01/28/2015 10:05:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/28/2015 02:42:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/27/2015 02:00:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/26/2015 10:07:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/26/2015 02:21:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/25/2015 08:48:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/25/2015 03:28:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: WoTLauncher.exe0.3.9.39154afcc2aWoTLauncher.exe0.3.9.39154afcc2a400000150000350fe3401d03896f47f5ac8C:\Games\World_of_Tanks\WoTLauncher.exeC:\Games\World_of_Tanks\WoTLauncher.exe604b5317-a49e-11e4-b36f-b8975a2698fc
Error: (01/25/2015 11:20:02 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/24/2015 10:50:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SniperGhostWarrior2.exe3.4.4.62905214a539MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd110c01d038151629c85eC:\Program Files (x86)\Steam\steamapps\common\SniperGhostWarrior2\Bin32\SniperGhostWarrior2.exeC:\Windows\system32\MSVCR100.dllfc438823-a412-11e4-b28e-b8975a2698fc
Error: (01/24/2015 00:33:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
==================== Memory info ===========================
Processor: AMD Athlon(tm) II X2 250e Processor
Percentage of memory in use: 19%
Total physical RAM: 8191.3 MB
Available physical RAM: 6579.7 MB
Total Pagefile: 16380.79 MB
Available Pagefile: 14681.43 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: (Windows7) (Fixed) (Total:232.79 GB) (Free:36.97 GB) NTFS
==================== MBR & Partition Table ==================
==================== End Of Log ============================
und danke für die schnellen antworten. Bis ich dashier geschaft habe gefühlte 3000000 werbe adds xD und die seite beim laden abbrechen damit ich die UI sehe aber die Adds nicht kommen is au net das wahre ^^ Helfen sie mir bite. Ich bin ein Leidenschaftlicher OSU! zocker und kann keine Beatmap downloaden wegen den Adds Schönen abend noch.  |
|
29.01.2015, 08:54
| #4 | ||
| /// TB-Ausbilder | BetterMarkIT NICHT entfernbarZitat:
Der Eintrag bewirkt, das die Utilman.exe, das ist das Hilfsprogramm für Eingaben, das ist auch im Login-Screen von Windows erreichbar, beim Aufrufen nicht sich selbst sondern ein Eingabefenster startet. Zitat:
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter Task: C:\Windows\Tasks\FHOZ.job => ?
Task: C:\Windows\Tasks\OWIAD.job => ?
emptytemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Downloade Dir bitte  SecurityCheck und:
Und bitte neue FRST Logs. Haken setzen bei addition.txt dann auf Scan klicken 
__________________ Lerne, zurück zu schlagen und unterstütze uns! TB Akademie | Spende | Lob & Kritik |
|
29.01.2015, 11:10
| #5 |
| | BetterMarkIT NICHT entfernbar So viele Programme. ja das mit der cmd ist gewolt. hate nen trojaner der mit nem rootkit geschützt war. ich konnte ihn nur abgemeldet entschärfen. daher habe ich mir nen schlüssel für den untilman geschrieben. Das mit dem wiederherstellungspunkt war gewollt sollt ich aber ändern. nachdem ich bmit entfernt habe. was die logs angeht kann ich erst ab 15 uhr. Schätze ich. |
|
29.01.2015, 11:30
| #6 |
| /// TB-Ausbilder | BetterMarkIT NICHT entfernbar Kein Ding.
__________________ --> BetterMarkIT NICHT entfernbar |
|
29.01.2015, 14:26
| #7 |
| | BetterMarkIT NICHT entfernbar ALSO ich habe mir eben mal Noscript konfiguriert! Es ist genial und keine Probleme mehr + volle kontrolle. ABER dennoch würde ich die lösung gerne für zukünftige probleme haben. Zudem habe ich keine ahnung ob ich irgennt ne Payload scheise dadurch aufn rechner habe. also durch BMIT. Die scanns sind in ca. einer stunde fertig. Wenn nicht schon früher. |
|
01.02.2015, 22:00
| #8 |
| | BetterMarkIT NICHT entfernbar JRT Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Home Premium x64
Ran by User on 29.01.2015 at 19:15:10,37
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{11111111-1111-1111-1111-110611331117}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220622332217}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{55555555-5555-5555-5555-550655335517}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660666336617}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{44444444-4444-4444-4444-440644334417}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{11111111-1111-1111-1111-110611331117}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{22222222-2222-2222-2222-220622332217}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{55555555-5555-5555-5555-550655335517}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{66666666-6666-6666-6666-660666336617}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440644334417}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{55555555-5555-5555-5555-550655335517}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660666336617}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{44444444-4444-4444-4444-440644334417}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{55555555-5555-5555-5555-550655335517}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{66666666-6666-6666-6666-660666336617}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440644334417}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611331117}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{438CB363-A94D-4AE3-8F99-E93393D46036}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}
~~~ Files
Successfully deleted: [File] "C:\Windows\wininit.ini"
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\adtrustmedia"
Successfully deleted: [Folder] "C:\ProgramData\drivergenius"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 29.01.2015 at 19:18:45,38
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v4.109 - Bericht erstellt am 29/01/2015 um 19:21:30
# Aktualisiert 24/01/2015 von Xplode
# Database : 2015-01-26.1 [Live]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : User - USER-PC
# Gestartet von : C:\eg\AdwCleaner_4.109.exe
# Option : Suchen
***** [ Dienste ] *****
Dienst Gefunden : globalUpdate
Dienst Gefunden : globalUpdatem
Dienst Gefunden : webinstrNHKT
***** [ Dateien / Ordner ] *****
Datei Gefunden : C:\Windows\patsearch.bin
Datei Gefunden : C:\Windows\System32\drivers\Msft_Kernel_webinstrNHKT_01009.Wdf
Datei Gefunden : C:\Windows\System32\drivers\webinstrNHKT.sys
Ordner Gefunden : C:\Program Files\AdTrustMedia
***** [ Tasks ] *****
Task Gefunden : Driver Booster Scan
Task Gefunden : Driver Booster Update
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Daten Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>
Daten Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - localhost:8080
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\adawarebp
Schlüssel Gefunden : HKCU\Software\GlobalUpdate
Schlüssel Gefunden : HKCU\Software\InstalledBrowserExtensions
Schlüssel Gefunden : HKCU\Software\powerpack
Schlüssel Gefunden : [x64] HKCU\Software\GlobalUpdate
Schlüssel Gefunden : [x64] HKCU\Software\InstalledBrowserExtensions
Schlüssel Gefunden : [x64] HKCU\Software\powerpack
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{06DEB529-DE09-43EC-B6E2-451AAB0FF000}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{987D9269-F8A1-408F-BF62-4397D2F5363E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{E0722BEB-FDA1-4AA1-A2A8-15A74A5B3F70}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{06DEB529-DE09-43EC-B6E2-451AAB0FF000}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{E00DE9B9-B128-4C39-B732-B5D85013FA48}
Schlüssel Gefunden : HKLM\SOFTWARE\Driver-Soft
Schlüssel Gefunden : HKLM\SOFTWARE\GlobalUpdate
Schlüssel Gefunden : HKLM\SOFTWARE\InstalledBrowserExtensions
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494
Wert Gefunden : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [fftoolbar2014@etech.com]
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17496
-\\ Mozilla Firefox v35.0.1 (x86 de)
*************************
AdwCleaner[R0].txt - [8350 octets] - [29/01/2015 19:21:30]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [8410 octets] ##########
AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v4.109 - Bericht erstellt am 29/01/2015 um 19:23:27
# Aktualisiert 24/01/2015 von Xplode
# Database : 2015-01-26.1 [Live]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : User - USER-PC
# Gestartet von : C:\eg\AdwCleaner_4.109.exe
# Option : Löschen
***** [ Dienste ] *****
[#] Dienst Gelöscht : globalUpdate
[#] Dienst Gelöscht : globalUpdatem
Dienst Gelöscht : webinstrNHKT
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Program Files\AdTrustMedia
Datei Gelöscht : C:\Windows\patsearch.bin
Datei Gelöscht : C:\Windows\System32\drivers\Msft_Kernel_webinstrNHKT_01009.Wdf
Datei Gelöscht : C:\Windows\System32\drivers\webinstrNHKT.sys
***** [ Tasks ] *****
Task Gelöscht : Driver Booster Scan
Task Gelöscht : Driver Booster Update
***** [ Verknüpfungen ] *****
Verknüpfung Desinfiziert : C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
***** [ Registrierungsdatenbank ] *****
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [fftoolbar2014@etech.com]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{06DEB529-DE09-43EC-B6E2-451AAB0FF000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{987D9269-F8A1-408F-BF62-4397D2F5363E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E0722BEB-FDA1-4AA1-A2A8-15A74A5B3F70}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{06DEB529-DE09-43EC-B6E2-451AAB0FF000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E00DE9B9-B128-4C39-B732-B5D85013FA48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Schlüssel Gelöscht : HKCU\Software\GlobalUpdate
Schlüssel Gelöscht : HKCU\Software\InstalledBrowserExtensions
Schlüssel Gelöscht : HKCU\Software\powerpack
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\adawarebp
Schlüssel Gelöscht : HKLM\SOFTWARE\Driver-Soft
Schlüssel Gelöscht : HKLM\SOFTWARE\GlobalUpdate
Schlüssel Gelöscht : HKLM\SOFTWARE\InstalledBrowserExtensions
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - localhost:8080
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17496
-\\ Mozilla Firefox v35.0.1 (x86 de)
*************************
AdwCleaner[R0].txt - [8522 octets] - [29/01/2015 19:21:30]
AdwCleaner[S0].txt - [8391 octets] - [29/01/2015 19:23:27]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8451 octets] ##########
Rest kommt Morgen. Inet ging nicht daher so spät |
|
| Themen zu BetterMarkIT NICHT entfernbar |
| about, adobe, adobe flash player, anti-malware, appdata, benutzte, benutzten, bettermarkit, browser, config, datei, erstellen, files, firefox, flash, flash player, log, mbam, neu, nichts, player, programm, registry, runter, temp, update |
