| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Your File Download und Fast and Safe.Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
01.08.2014, 12:04
| #1 |
| |  Your File Download und Fast and Safe. Hallo, gestern habe ich etwas Falsches Runtergeladen und Sofort einige Maleware sachen auf dem PC gehabt. Übrig geblieben sind "Your File Downloader" und "Fast and Safe" Den Your File Download hatte ich Deinstalliert, jedoch erscheint bei dem Starten des PC´s immer ein Your File Download Fenster. Fast and Safe kann ich nicht Deinstallieren, bekomme jedesmal diese Meldung:  |
|
01.08.2014, 12:23
| #2 |
| /// Malwareteam   | Your File Download und Fast and Safe. Hallo
__________________dann schauen wir und das System mal an... bitte alle Tools als Administrator ausführen und die Logfiles in Code-Tags posten. Wenn du Fragen hast, stellen  Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
01.08.2014, 12:26
| #3 |
| | Your File Download und Fast and Safe. FRST Logfile:
__________________FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-07-2014 02
Ran by Ralfi (administrator) on RALFI-PC on 01-08-2014 13:24:37
Running from C:\Users\Ralfi\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginServices\PluginService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Qualcomm Atheros) C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(LogMeIn Inc.) D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(LogMeIn, Inc.) D:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Akamai Technologies, Inc.) C:\Users\Ralfi\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Ralfi\AppData\Local\Akamai\netsession_win.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(LogMeIn Inc.) D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(LogMeIn, Inc.) D:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Spotify Ltd) C:\Users\Ralfi\AppData\Roaming\Spotify\spotify.exe
(Spotify Ltd) C:\Users\Ralfi\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
() C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
() C:\Users\Ralfi\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Ralfi\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Ralfi\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Ralfi\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Ralfi\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
() C:\Users\Ralfi\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585048 2014-05-31] (Razer Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2688920 2014-05-26] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3816784 2014-07-21] (LogMeIn Inc.)
HKLM-x32\...\Run: [BlockAndSurf] => C:\Program Files (x86)\ver8BlockAndSurf\BlockAndSurf.exe
HKU\S-1-5-21-1657400046-2498356473-2034691632-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Ralfi\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1657400046-2498356473-2034691632-1001\...\Run: [Spotify] => C:\Users\Ralfi\AppData\Roaming\Spotify\Spotify.exe [6162488 2014-07-17] (Spotify Ltd)
HKU\S-1-5-21-1657400046-2498356473-2034691632-1001\...\Run: [Spotify Web Helper] => C:\Users\Ralfi\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1178168 2014-07-17] (Spotify Ltd)
AppInit_DLLs: C:\PROGRA~2\SupTab\SEARCH~2.DLL => C:\PROGRA~2\SupTab\SEARCH~2.DLL File Not Found
AppInit_DLLs: C:\PROGRA~3\FASTAN~1\FASTAN~2.DLL => C:\PROGRA~3\FASTAN~1\FASTAN~2.DLL File Not Found
AppInit_DLLs-x32: c:\progra~2\suptab\search~1.dll => "c:\progra~2\suptab\search~1.dll" File Not Found
AppInit_DLLs-x32: c:\progra~3\fastan~1\fastan~1.dll => "c:\progra~3\fastan~1\fastan~1.dll" File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\avsinit.vbs ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk
ShortcutTarget: Killer Network Manager.lnk -> C:\Windows\Installer\{4E08CC97-912D-458B-8705-9A14C325532F}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe (Flexera Software LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Packer.exe.lnk
ShortcutTarget: Packer.exe.lnk -> C:\Users\Ralfi\AppData\Local\Temp\Phx6F79\Packer.exe (No File)
ShellIconOverlayIdentifiers: AccExtIco1 -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: AccExtIco2 -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: AccExtIco3 -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StKZmhdFMQ5NhCfKoItf6XvwT60786OsN2fRsWr7MwcQfr2EbcdLMt3Ct2FO17TGBNcHASbNpo6Iw-vzcVWme3lQf07uMjETncfwcSmIsiWYei7_8X4GInn5FevqtFlpL1O4oA-Kei6Iibfd0wIO81d0KZwpE2yNEW2ervjkoHvySL560ZhcfMMYjhZ1uuveyWb8bHowKk2o5Nqg,,&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC6CBF700806BCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StKZmhdFMQ5NhCfKoItf6XvwT60786OsN2fRsWr7MwcQfr2EbcdLMt3Ct2FO17TGBNcHASbNpo6Iw-vzcVWme3lQf07uMjETncfwcSmIsiWYei7_8X4GInn5FevqtFlpL1O4oA-Kei6Iibfd0wIO81d0KZwpE2yNEW2ervjkoHvySL560ZhcfMMYjhZ1uuveyWb8bHowKk2o5Nqg,,&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1401467900&from=cor&uid=SamsungXSSDX840XEVOX120GB_S1BUNSAF401702D&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1401467900&from=cor&uid=SamsungXSSDX840XEVOX120GB_S1BUNSAF401702D&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1401467900&from=cor&uid=SamsungXSSDX840XEVOX120GB_S1BUNSAF401702D&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1401467900&from=cor&uid=SamsungXSSDX840XEVOX120GB_S1BUNSAF401702D&q={searchTerms}
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StKZmhdFMQ5NhCfKoItf6XvwT60786OsN2fRsWr7MwcQfr2EbcdLMt3Ct2FO17TGBNcHASbNpo6Iw-vzcVWme3lQf07uMjETncfwcSmIsiWYei7_8X4GInn5FevqtFlpL1O4oA-Kei6Iibfd0wIO81d0KZwpE2yNEW2ervjkoHvySL560ZhcfMMYjhZ1uuuo7GdMC-9TiA676hKw,,&q={searchTerms}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StKZmhdFMQ5NhCfKoItf6XvwT60786OsN2fRsWr7MwcQfr2EbcdLMt3Ct2FO17TGBNcHASbNpo6Iw-vzcVWme3lQf07uMjETncfwcSmIsiWYei7_8X4GInn5FevqtFlpL1O4oA-Kei6Iibfd0wIO81d0KZwpE2yNEW2ervjkoHvySL560ZhcfMMYjhZ1uuveyWb8bHowKk2o5Nqg,,&q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 - C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npNxGameEU.dll (Nexon)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Ralfi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
Chrome:
=======
CHR HomePage: hxxp://search.babylon.com/?affID=113480&tt=bandext_3312_4&babsrc=HP_ss&mntrId=341c704c00000000000000ff6cb80bd8
CHR StartupUrls: "hxxp://www.google.com/", "hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=5dcb2ce2-d62c-8a2c-991a-d2d3523f08f4&searchtype=hp&fr=linkury-tb&installDate={installDate}&type=hp1000", "hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=5dcb2ce2-d62c-8a2c-991a-d2d3523f08f4&searchtype=hp&fr=linkury-tb&installDate=09/01/2014&type=hp1000", "hxxp://www.sweet-page.com/?type=hp&ts=1399647427&from=cor&uid=SamsungXSSDX840XEVOX120GB_S1BUNSAF401702D", "hxxp://www.sweet-page.com/?type=hppp&ts=1399676034&from=cor&uid=SamsungXSSDX840XEVOX120GB_S1BUNSAF401702D", "hxxp://www.sweet-page.com/?type=hppp&ts=1399704410&from=cor&uid=SamsungXSSDX840XEVOX120GB_S1BUNSAF401702D", "hxxp://www.sweet-page.com/?type=hppp&ts=1399708660&from=cor&uid=SamsungXSSDX840XEVOX120GB_S1BUNSAF401702D", "hxxp://www.sweet-page.com/?type=hppp&ts=1399721255&from=cor&uid=SamsungXSSDX840XEVOX120GB_S1BUNSAF401702D", "hxxp://www.sweet-page.com/?type=hp&ts=1400380906&from=cor&uid=SamsungXSSDX840XEVOX120GB_S1BUNSAF401702D", "hxxp://www.sweet-page.com/?type=hp&ts=1400609547&from=cor&uid=SamsungXSSDX840XEVOX120GB_S1BUNSAF401702D", "hxxp://www.sweet-page.com/?type=hp&ts=1401467900&from=cor&uid=SamsungXSSDX840XEVOX120GB_S1BUNSAF401702D"
CHR Extension: (Google Docs) - C:\Users\Ralfi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-09]
CHR Extension: (Google Drive) - C:\Users\Ralfi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-09]
CHR Extension: (American Racing 2) - C:\Users\Ralfi\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfpfdjclhabpjncikdngdoldjjjegnbe [2014-05-09]
CHR Extension: (YouTube) - C:\Users\Ralfi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-09]
CHR Extension: (Adblock Plus) - C:\Users\Ralfi\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-05-09]
CHR Extension: (Google-Suche) - C:\Users\Ralfi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-09]
CHR Extension: (Google Wallet) - C:\Users\Ralfi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-09]
CHR Extension: (cosstminn) - C:\Users\Ralfi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nomemmocgpnaangbinabcokhlflpmmbn [2014-07-30]
CHR Extension: (Google Mail) - C:\Users\Ralfi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-09]
CHR Extension: (cosstminn) - C:\Users\Ralfi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nomemmocgpnaangbinabcokhlflpmmbn\2.0 [2014-07-30]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 Hamachi2Svc; D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2544976 2014-07-21] (LogMeIn Inc.)
R2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [704112 2014-05-08] (Cherished Technololgy LIMITED)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)
R2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [343040 2013-08-08] (Qualcomm Atheros) [File not signed]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 BfLwf; C:\Windows\System32\DRIVERS\bflwfx64.sys [67888 2013-02-13] (Qualcomm Atheros, Inc.)
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-02-13] ()
R3 Ke2200; C:\Windows\System32\DRIVERS\e22w7x64.sys [154320 2013-03-20] (Qualcomm Atheros, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39080 2014-05-19] (Razer Inc)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-05-17] (Anchorfree Inc.)
S3 DIRECTIO; \??\UNC\srv1c027-b.wds8-b.intern\reminst\Test\BitPro64\DirectIo.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-01 13:24 - 2014-08-01 13:24 - 02094080 _____ (Farbar) C:\Users\Ralfi\Downloads\FRST64.exe
2014-08-01 13:24 - 2014-08-01 13:24 - 00022302 _____ () C:\Users\Ralfi\Downloads\FRST.txt
2014-08-01 13:24 - 2014-08-01 13:24 - 00000000 ____D () C:\FRST
2014-08-01 12:50 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-01 12:50 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-01 12:50 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-01 12:50 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-01 12:50 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-01 12:50 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-01 12:50 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-01 12:50 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-01 02:53 - 2014-08-01 02:53 - 01193008 _____ () C:\Users\Ralfi\Documents\Powereditfertig.veg
2014-08-01 02:21 - 2014-08-01 02:24 - 00059936 _____ () C:\Users\Ralfi\Documents\GEIL.mp4.sfk
2014-08-01 02:17 - 2014-08-01 02:19 - 69658742 _____ () C:\Users\Ralfi\Documents\GEIL.mp4
2014-07-31 22:57 - 2014-08-01 02:20 - 00533960 _____ () C:\Users\Ralfi\Documents\GEIL.veg
2014-07-31 22:57 - 2014-08-01 02:16 - 00533960 _____ () C:\Users\Ralfi\Documents\GEIL.veg.bak
2014-07-31 22:55 - 2014-07-31 22:56 - 25520351 _____ () C:\Users\Ralfi\Documents\Ichfick.mp4
2014-07-31 22:28 - 2014-07-31 22:28 - 00441736 _____ () C:\Users\Ralfi\Documents\Jolo.veg
2014-07-31 22:11 - 2014-07-31 22:12 - 00012704 _____ () C:\Users\Ralfi\Documents\Ohne Titel.mp4.sfk
2014-07-31 22:10 - 2014-07-31 22:10 - 01617216 _____ () C:\Users\Ralfi\Documents\Ohne Titel.wmv.sfap0
2014-07-31 20:46 - 2014-07-31 22:18 - 00430560 _____ () C:\Users\Ralfi\Documents\oipjio.veg
2014-07-31 20:46 - 2014-07-31 20:46 - 00432944 _____ () C:\Users\Ralfi\Documents\oipjio.veg.bak
2014-07-31 20:04 - 2014-07-31 20:04 - 02389569 _____ () C:\Users\Ralfi\Desktop\Switchbot..zip
2014-07-31 19:42 - 2014-08-01 02:44 - 63153816 _____ () C:\Users\Ralfi\Documents\Power Edit!.mp4
2014-07-31 19:36 - 2014-07-31 19:37 - 00226688 _____ () C:\Users\Ralfi\Downloads\B.o.B - Strange Clouds Remix ft. T.I & Young Jeezy (The Digital Connection Lazerstep Bootleg).mp3.sfk
2014-07-31 18:14 - 2014-07-31 18:14 - 00000030 _____ () C:\Users\Ralfi\Desktop\Neues Textdokument (2).txt
2014-07-31 00:08 - 2014-07-31 00:13 - 1195402287 _____ () C:\Users\Ralfi\Downloads\Elitarius2.rar
2014-07-30 18:25 - 2014-07-30 18:26 - 00000000 ____D () C:\Users\Ralfi\AppData\Roaming\Advanced System Protector
2014-07-30 18:23 - 2014-07-30 18:23 - 00000000 ____D () C:\Users\Ralfi\Documents\Optimizer Pro
2014-07-30 18:18 - 2014-07-31 00:16 - 00000000 ____D () C:\ProgramData\Systweak
2014-07-30 18:17 - 2014-07-30 18:31 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-07-30 18:17 - 2014-07-30 18:30 - 00000000 ____D () C:\ProgramData\cosstminn
2014-07-30 18:17 - 2014-07-30 18:27 - 00000000 ____D () C:\Users\Ralfi\AppData\Roaming\Systweak
2014-07-30 18:17 - 2014-07-30 18:27 - 00000000 ____D () C:\ProgramData\5ecf99686ab558bb
2014-07-30 18:17 - 2014-07-30 18:27 - 00000000 ____D () C:\Program Files (x86)\cosstminn
2014-07-30 18:17 - 2014-07-30 18:17 - 00003178 _____ () C:\Windows\System32\Tasks\YourFile DownloaderInstaller Starter
2014-07-30 18:17 - 2014-07-30 18:17 - 00003132 _____ () C:\Windows\System32\Tasks\YourFile DownloaderUpdate
2014-07-30 18:17 - 2014-07-30 18:17 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstr_01009.Wdf
2014-07-30 18:17 - 2014-07-30 18:17 - 00000000 ____D () C:\Users\Ralfi\AppData\Roaming\YourFileDownloader
2014-07-30 18:17 - 2014-07-30 18:17 - 00000000 ____D () C:\Users\Ralfi\AppData\Local\Torch
2014-07-30 18:17 - 2014-07-30 18:17 - 00000000 ____D () C:\Users\Ralfi\AppData\Local\Packages
2014-07-30 18:17 - 2014-07-30 18:17 - 00000000 ____D () C:\Users\Ralfi\AppData\Local\Comodo
2014-07-30 18:17 - 2014-07-30 18:17 - 00000000 ____D () C:\Users\Ralfi\AppData\Local\Chromatic Browser
2014-07-30 18:17 - 2014-07-30 18:17 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Torch
2014-07-30 18:17 - 2014-07-30 18:17 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-07-30 18:17 - 2014-07-30 18:17 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-07-30 18:17 - 2014-07-30 18:17 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
2014-07-30 18:17 - 2014-07-30 18:17 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-07-30 18:17 - 2014-07-30 18:17 - 00000000 ____D () C:\Users\Gast\AppData\Local\Torch
2014-07-30 18:17 - 2014-07-30 18:17 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google
2014-07-30 18:17 - 2014-07-30 18:17 - 00000000 ____D () C:\Users\Gast\AppData\Local\Comodo
2014-07-30 18:17 - 2014-07-30 18:17 - 00000000 ____D () C:\Users\Gast\AppData\Local\Chromatic Browser
2014-07-30 18:17 - 2014-07-30 18:17 - 00000000 ____D () C:\Users\Gast
2014-07-30 18:17 - 2014-07-30 18:17 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-07-30 18:17 - 2014-07-30 18:17 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-07-30 18:17 - 2014-07-30 18:17 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-07-30 18:17 - 2014-07-30 18:17 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser
2014-07-30 18:17 - 2014-07-30 18:17 - 00000000 ____D () C:\Users\Administrator
2014-07-30 18:17 - 2013-07-11 13:49 - 00020312 _____ (Systweak Inc., (www.systweak.com)) C:\Windows\system32\roboot64.exe
2014-07-30 18:16 - 2014-07-30 18:16 - 06985200 _____ (hxxp://yourfiledownloader.net) C:\Users\Ralfi\Downloads\Strange_Clouds_Ft_BOB_downloader.exe
2014-07-30 14:33 - 2014-07-30 14:33 - 70727715 _____ () C:\Users\Ralfi\Downloads\UnderTheInfluence.zip
2014-07-30 14:09 - 2014-07-30 14:09 - 00000000 _____ () C:\Users\Ralfi\Desktop\Neues Textdokument (3).txt
2014-07-30 13:56 - 2014-07-30 18:24 - 00000000 ____D () C:\Users\Ralfi\AppData\Local\wf-launcher
2014-07-30 13:56 - 2014-07-30 13:56 - 00001625 _____ () C:\Users\Ralfi\Desktop\Warface Launcher.lnk
2014-07-30 13:56 - 2014-07-30 13:56 - 00000000 ____D () C:\Users\Ralfi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Warface Launcher
2014-07-30 13:56 - 2014-07-30 13:56 - 00000000 ____D () C:\ProgramData\GFACE
2014-07-30 13:55 - 2014-07-30 13:55 - 29280872 _____ () C:\Users\Ralfi\Downloads\warface-launcher.exe
2014-07-30 12:56 - 2014-07-30 13:44 - 00000059 _____ () C:\Users\Ralfi\Desktop\PSC.txt
2014-07-29 15:58 - 2014-07-02 19:44 - 00609240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-07-29 15:57 - 2014-07-02 22:48 - 31512520 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-07-29 15:57 - 2014-07-02 22:48 - 24196896 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-07-29 15:57 - 2014-07-02 22:48 - 22994208 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-07-29 15:57 - 2014-07-02 22:48 - 15294296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-07-29 15:57 - 2014-07-02 22:48 - 13922752 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-07-29 15:57 - 2014-07-02 22:48 - 13835208 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-07-29 15:57 - 2014-07-02 22:48 - 12866008 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-07-29 15:57 - 2014-07-02 22:48 - 11283344 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-07-29 15:57 - 2014-07-02 22:48 - 11222048 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-07-29 15:57 - 2014-07-02 22:48 - 04247000 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-07-29 15:57 - 2014-07-02 22:48 - 03989960 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-07-29 15:57 - 2014-07-02 22:48 - 01890080 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434052.dll
2014-07-29 15:57 - 2014-07-02 22:48 - 01539928 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434052.dll
2014-07-29 15:57 - 2014-07-02 22:48 - 00944928 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-07-29 15:57 - 2014-07-02 22:48 - 00907096 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-07-29 15:57 - 2014-07-02 22:48 - 00903624 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-07-29 15:57 - 2014-07-02 22:48 - 00869152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-07-29 15:57 - 2014-07-02 22:48 - 00846832 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-07-29 15:57 - 2014-07-02 22:48 - 00502232 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2014-07-29 15:57 - 2014-07-02 22:48 - 00418760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2014-07-29 15:57 - 2014-07-02 22:48 - 00391640 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2014-07-29 15:57 - 2014-07-02 22:48 - 00354016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-07-29 15:57 - 2014-07-02 22:48 - 00348120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2014-07-29 15:57 - 2014-07-02 22:48 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-07-29 15:57 - 2014-07-02 22:48 - 00166568 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-07-29 15:57 - 2014-07-02 22:48 - 00146480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-07-28 22:17 - 2014-07-29 10:15 - 00000000 ____D () C:\ProgramData\avs
2014-07-28 22:06 - 2014-07-28 22:12 - 1083673262 _____ () C:\Users\Ralfi\Downloads\DF_Client_09022014.rar
2014-07-28 20:27 - 2014-07-28 20:28 - 20667876 _____ () C:\Users\Ralfi\Downloads\Offical Synea2 Client_Update01.rar
2014-07-28 20:06 - 2014-07-28 20:07 - 1076334290 _____ () C:\Users\Ralfi\Downloads\Offical Synea2 Client.zip
2014-07-28 18:43 - 2014-07-28 18:50 - 1163055614 _____ () C:\Users\Ralfi\Downloads\Firenze2 Version 1.2.rar
2014-07-28 00:30 - 2014-07-28 00:30 - 31579146 _____ (NewBlue, Inc ) C:\Users\Ralfi\Downloads\NewBlueFX Patch (for 64-bit).exe
2014-07-27 12:10 - 2014-07-27 12:11 - 1240454106 _____ () C:\Users\Ralfi\Desktop\Rebellution2.rar
2014-07-27 11:31 - 2014-07-27 11:31 - 00000000 ____D () C:\Users\Ralfi\Desktop\Waffen
2014-07-26 23:23 - 2014-07-26 23:26 - 14036826 _____ () C:\Users\Ralfi\Documents\Opfakind.mp4
2014-07-26 21:36 - 2014-07-26 21:36 - 05041280 _____ (Arktos Entertainment Group LLC ) C:\Users\Ralfi\Downloads\WarInc_WebSetup.exe
2014-07-26 18:38 - 2014-07-26 18:39 - 09974885 _____ () C:\Users\Ralfi\Downloads\Royal - Medieval Servervorstellung by LeKoArts.rar
2014-07-25 09:08 - 2014-07-25 09:08 - 00000000 ____D () C:\Users\Ralfi\AppData\Local\UWebKit151
2014-07-25 09:08 - 2014-07-25 09:08 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-07-24 22:03 - 2014-08-01 12:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge Live
2014-07-24 22:03 - 2014-07-25 09:06 - 00000000 ____D () C:\Users\Ralfi\Downloads\Gameforge Live
2014-07-24 22:03 - 2014-07-24 22:03 - 00000758 _____ () C:\Users\Public\Desktop\Gameforge Live.lnk
2014-07-24 22:03 - 2014-07-24 22:03 - 00000000 ____D () C:\Users\Ralfi\AppData\Local\Gameforge4d
2014-07-24 22:02 - 2014-07-24 22:03 - 20132328 _____ (Gameforge ) C:\Users\Ralfi\Downloads\OMD_GameforgeLiveSetup.exe
2014-07-24 21:14 - 2014-07-24 21:14 - 995862274 _____ () C:\Users\Ralfi\Downloads\Baumhausen City Client 24.05.2014.rar
2014-07-24 10:57 - 2014-07-25 21:17 - 00000000 ____D () C:\Users\Ralfi\Desktop\EterNexus-1.0.0.0.2a
2014-07-23 18:42 - 2014-07-23 18:47 - 1011205600 _____ () C:\Users\Ralfi\Downloads\Meteria2.rar
2014-07-23 15:28 - 2014-07-23 15:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-07-22 14:27 - 2014-07-22 14:28 - 00000000 ____D () C:\Users\Ralfi\AppData\Local\QQSM
2014-07-22 14:26 - 2014-07-22 14:26 - 00000734 _____ () C:\Users\Public\Desktop\Hazard Ops.lnk
2014-07-22 14:26 - 2014-07-22 14:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hazard Ops
2014-07-22 14:00 - 2014-07-22 14:30 - 00000000 ____D () C:\ProgramData\Solid State Networks
2014-07-22 14:00 - 2014-07-22 14:00 - 01779712 _____ (Infernum Productions AG) C:\Users\Ralfi\Downloads\HazardOpsDLM.exe
2014-07-22 08:39 - 2014-07-22 08:43 - 00221752 _____ () C:\Users\Ralfi\Downloads\Pigeons (Original Mix).mp3.sfk
2014-07-21 19:33 - 2014-07-21 19:33 - 1035574396 _____ () C:\Users\Ralfi\Downloads\Zitonia2 Unverschlüsselt - Kopie.rar
2014-07-21 13:04 - 2014-07-27 11:58 - 00000261 _____ () C:\Users\Ralfi\Desktop\Server PW´s.txt
2014-07-20 23:55 - 2014-07-20 23:55 - 00000572 _____ () C:\Users\Public\Desktop\Sirius MT2.lnk
2014-07-20 23:55 - 2014-07-20 23:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sirius MT2
2014-07-20 23:41 - 2014-07-20 23:51 - 1572305527 _____ (Sirius MT2 ) C:\Users\Ralfi\Documents\sirius.20.13.rev.client.exe
2014-07-20 23:41 - 2014-07-20 23:41 - 00836112 _____ (SiriusMT2) C:\Users\Ralfi\Downloads\sirius.20.13.rev.installer.exe
2014-07-18 13:47 - 2014-07-18 14:14 - 00000045 _____ () C:\Users\Ralfi\Desktop\E-Mail.txt
2014-07-18 06:54 - 2014-07-18 06:55 - 01269871 _____ () C:\Users\Ralfi\Desktop\2Elemente.rar
2014-07-18 06:47 - 2014-07-18 06:47 - 03148168 _____ () C:\Users\Ralfi\Desktop\Design.rar
2014-07-18 06:43 - 2014-07-18 06:43 - 02680558 _____ () C:\Users\Ralfi\Downloads\Release1.rar
2014-07-18 05:06 - 2014-07-18 05:06 - 00000770 _____ () C:\Users\Ralfi\Desktop\Neues Textdokument.txt
2014-07-17 23:28 - 2014-07-17 23:28 - 12983159 _____ () C:\Users\Ralfi\Desktop\EterNexus-1.0.3.1a.zip
2014-07-17 20:13 - 2014-07-17 20:13 - 00004623 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-17 17:58 - 2014-07-17 17:58 - 00000023 _____ () C:\Users\Ralfi\Desktop\Newssss.txt
2014-07-17 02:02 - 2014-07-19 06:42 - 00002082 _____ () C:\Users\Ralfi\Desktop\Bonis ID.txt
2014-07-16 20:46 - 2014-07-16 20:46 - 00009587 _____ () C:\Users\Ralfi\Desktop\delicia.txt
2014-07-16 18:28 - 2014-07-16 18:30 - 00000000 ____D () C:\Users\Ralfi\Downloads\sachen zum einfügen
2014-07-16 14:33 - 2014-07-16 14:33 - 00000000 ____D () C:\Windows\SysWOW64\Hotspot Shield
2014-07-16 01:48 - 2014-07-16 02:07 - 00000000 ____D () C:\Users\Ralfi\Documents\FIFA World
2014-07-16 01:47 - 2014-07-16 01:47 - 00000864 _____ () C:\Users\Public\Desktop\EA Sports FIFA World.lnk
2014-07-15 18:56 - 2014-07-31 00:17 - 00000000 ____D () C:\Users\Ralfi\Desktop\Extractoren
2014-07-15 13:15 - 2014-07-27 23:35 - 00000000 ____D () C:\Users\Ralfi\Desktop\Rebellution2
2014-07-14 23:30 - 2014-07-14 23:30 - 00000000 ____D () C:\Users\Ralfi\Desktop\Tor Browser
2014-07-14 17:20 - 2014-07-14 17:24 - 20499640 _____ () C:\Users\Ralfi\Desktop\Skype 2014-07-14 17-00-53-82.avi
2014-07-10 18:41 - 2014-07-18 20:29 - 00000000 ____D () C:\Users\Ralfi\Desktop\Backup Rebellution2
2014-07-10 13:20 - 2014-06-30 04:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-10 13:20 - 2014-06-30 04:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-10 13:19 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-10 13:19 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-10 13:19 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-10 13:19 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-10 13:19 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-10 13:19 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-10 13:19 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-10 13:19 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-10 13:19 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-10 13:19 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-10 13:19 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-10 13:19 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-10 13:19 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-10 13:19 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-10 13:19 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-10 13:19 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-10 13:19 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-10 13:19 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-10 13:19 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-10 13:19 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-10 13:19 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-10 13:19 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-10 13:19 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-10 13:19 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-10 13:19 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-10 13:19 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-10 13:19 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-10 13:19 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-10 13:19 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-10 13:19 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-10 13:19 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-10 13:19 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-10 13:19 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-10 13:19 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-10 13:19 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-10 13:19 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-10 13:19 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-10 13:19 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-10 13:19 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-10 13:19 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-10 13:19 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-10 13:19 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-10 13:19 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-10 13:19 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-10 13:19 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-10 13:19 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-10 13:19 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-10 13:19 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-10 13:19 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-10 13:19 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-10 13:19 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-10 13:19 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-10 13:19 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-10 13:19 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-10 13:19 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-10 13:19 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-10 13:19 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-10 13:19 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-10 13:19 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-10 13:19 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-10 13:19 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-10 13:19 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-10 13:19 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-10 13:19 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-10 13:19 - 2014-05-30 10:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-10 13:19 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-10 13:19 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-10 13:19 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-10 13:19 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-10 13:19 - 2014-05-30 10:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-10 13:19 - 2014-05-30 10:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-10 13:19 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-10 13:19 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-10 13:19 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-10 13:19 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-10 13:19 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-10 13:19 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-10 13:19 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-10 13:19 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-08 16:16 - 2014-07-08 16:16 - 00000000 ____D () C:\Users\Ralfi\AppData\Roaming\TeamViewer
2014-07-08 15:36 - 2014-07-08 15:41 - 25815280 _____ () C:\Users\Ralfi\Desktop\Hardcore-reloaded HP.rar
2014-07-08 03:09 - 2014-07-08 03:09 - 00333680 _____ () C:\Windows\Minidump\070814-8361-01.dmp
2014-07-08 02:33 - 2014-07-08 02:33 - 00000000 ____D () C:\Users\Ralfi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-07-08 02:33 - 2014-07-08 02:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-07-08 01:16 - 2014-07-10 17:10 - 00000000 ____D () C:\extract
2014-07-07 16:20 - 2014-07-13 04:39 - 00000654 _____ () C:\Users\Ralfi\Desktop\Forum usw One.txt
2014-07-07 01:52 - 2014-07-27 18:20 - 00000000 ____D () C:\Users\Ralfi\Desktop\test
2014-07-07 00:21 - 2014-07-18 06:49 - 00001544 _____ () C:\Users\Ralfi\Desktop\config.inc.php
2014-07-05 01:31 - 2014-07-05 01:31 - 00293096 _____ () C:\Windows\Minidump\070514-7971-01.dmp
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-01 13:24 - 2014-08-01 13:24 - 02094080 _____ (Farbar) C:\Users\Ralfi\Downloads\FRST64.exe
2014-08-01 13:24 - 2014-08-01 13:24 - 00022302 _____ () C:\Users\Ralfi\Downloads\FRST.txt
2014-08-01 13:24 - 2014-08-01 13:24 - 00000000 ____D () C:\FRST
2014-08-01 13:20 - 2014-05-13 01:06 - 00000000 ____D () C:\Users\Ralfi\AppData\Roaming\Skype
2014-08-01 12:56 - 2014-05-09 14:44 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-01 12:54 - 2009-07-14 06:45 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-01 12:54 - 2009-07-14 06:45 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-01 12:53 - 2011-04-12 09:43 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2014-08-01 12:53 - 2011-04-12 09:43 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2014-08-01 12:53 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-01 12:51 - 2014-05-09 17:05 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-01 12:51 - 2014-05-09 13:53 - 01786267 _____ () C:\Windows\WindowsUpdate.log
2014-08-01 12:48 - 2014-07-24 22:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge Live
2014-08-01 12:48 - 2014-05-29 17:42 - 00000000 ____D () C:\Users\Ralfi\AppData\Roaming\Spotify
2014-08-01 12:48 - 2014-05-26 13:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexon
2014-08-01 12:47 - 2014-06-08 04:24 - 00000000 ____D () C:\Users\Ralfi\AppData\Local\LogMeIn Hamachi
2014-08-01 12:47 - 2014-05-09 14:44 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-01 12:47 - 2014-05-07 17:16 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-08-01 12:47 - 2010-11-21 05:47 - 00038152 _____ () C:\Windows\PFRO.log
2014-08-01 12:47 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-01 12:47 - 2009-07-14 06:51 - 00075818 _____ () C:\Windows\setupact.log
2014-08-01 03:19 - 2014-05-10 21:00 - 00000000 ____D () C:\Users\Ralfi\AppData\Roaming\TS3Client
2014-08-01 02:53 - 2014-08-01 02:53 - 01193008 _____ () C:\Users\Ralfi\Documents\Powereditfertig.veg
2014-08-01 02:44 - 2014-07-31 19:42 - 63153816 _____ () C:\Users\Ralfi\Documents\Power Edit!.mp4
2014-08-01 02:24 - 2014-08-01 02:21 - 00059936 _____ () C:\Users\Ralfi\Documents\GEIL.mp4.sfk
2014-08-01 02:20 - 2014-07-31 22:57 - 00533960 _____ () C:\Users\Ralfi\Documents\GEIL.veg
2014-08-01 02:19 - 2014-08-01 02:17 - 69658742 _____ () C:\Users\Ralfi\Documents\GEIL.mp4
2014-08-01 02:16 - 2014-07-31 22:57 - 00533960 _____ () C:\Users\Ralfi\Documents\GEIL.veg.bak
2014-08-01 02:00 - 2014-06-23 00:49 - 00000000 ____D () C:\Users\Ralfi\AppData\Local\Adobe
2014-07-31 22:56 - 2014-07-31 22:55 - 25520351 _____ () C:\Users\Ralfi\Documents\Ichfick.mp4
2014-07-31 22:28 - 2014-07-31 22:28 - 00441736 _____ () C:\Users\Ralfi\Documents\Jolo.veg
2014-07-31 22:18 - 2014-07-31 20:46 - 00430560 _____ () C:\Users\Ralfi\Documents\oipjio.veg
2014-07-31 22:12 - 2014-07-31 22:11 - 00012704 _____ () C:\Users\Ralfi\Documents\Ohne Titel.mp4.sfk
2014-07-31 22:10 - 2014-07-31 22:10 - 01617216 _____ () C:\Users\Ralfi\Documents\Ohne Titel.wmv.sfap0
2014-07-31 21:13 - 2014-06-21 12:57 - 00000600 _____ () C:\Users\Ralfi\AppData\Roaming\winscp.rnd
2014-07-31 20:46 - 2014-07-31 20:46 - 00432944 _____ () C:\Users\Ralfi\Documents\oipjio.veg.bak
2014-07-31 20:04 - 2014-07-31 20:04 - 02389569 _____ () C:\Users\Ralfi\Desktop\Switchbot..zip
2014-07-31 20:04 - 2014-05-25 18:49 - 00000000 ____D () C:\Users\Ralfi\Desktop\Tools by Unpublished
2014-07-31 19:37 - 2014-07-31 19:36 - 00226688 _____ () C:\Users\Ralfi\Downloads\B.o.B - Strange Clouds Remix ft. T.I & Young Jeezy (The Digital Connection Lazerstep Bootleg).mp3.sfk
2014-07-31 19:30 - 2014-06-18 23:48 - 00000600 _____ () C:\Users\Ralfi\AppData\Local\PUTTY.RND
2014-07-31 18:14 - 2014-07-31 18:14 - 00000030 _____ () C:\Users\Ralfi\Desktop\Neues Textdokument (2).txt
2014-07-31 00:17 - 2014-07-15 18:56 - 00000000 ____D () C:\Users\Ralfi\Desktop\Extractoren
2014-07-31 00:16 - 2014-07-30 18:18 - 00000000 ____D () C:\ProgramData\Systweak
2014-07-31 00:13 - 2014-07-31 00:08 - 1195402287 _____ () C:\Users\Ralfi\Downloads\Elitarius2.rar
2014-07-30 18:33 - 2014-05-30 18:39 - 00000000 ____D () C:\ProgramData\374311380
2014-07-30 18:31 - 2014-07-30 18:17 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-07-30 18:30 - 2014-07-30 18:17 - 00000000 ____D () C:\ProgramData\cosstminn
2014-07-30 18:30 - 2014-05-29 17:42 - 00000000 ____D () C:\Users\Ralfi\AppData\Local\Spotify
2014-07-30 18:27 - 2014-07-30 18:17 - 00000000 ____D () C:\Users\Ralfi\AppData\Roaming\Systweak
2014-07-30 18:27 - 2014-07-30 18:17 - 00000000 ____D () C:\ProgramData\5ecf99686ab558bb
2014-07-30 18:27 - 2014-07-30 18:17 - 00000000 ____D () C:\Program Files (x86)\cosstminn
2014-07-30 18:26 - 2014-07-30 18:25 - 00000000 ____D () C:\Users\Ralfi\AppData\Roaming\Advanced System Protector
2014-07-30 18:24 - 2014-07-30 13:56 - 00000000 ____D () C:\Users\Ralfi\AppData\Local\wf-launcher
2014-07-30 18:23 - 2014-07-30 18:23 - 00000000 ____D () C:\Users\Ralfi\Documents\Optimizer Pro
2014-07-30 18:20 - 2014-05-14 02:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shutdown4U
2014-07-30 18:17 - 2014-07-30 18:17 - 00003178 _____ () C:\Windows\System32\Tasks\YourFile DownloaderInstaller Starter
2014-07-30 18:17 - 2014-07-30 18:17 - 00003132 _____ () C:\Windows\System32\Tasks\YourFile DownloaderUpdate
2014-07-30 18:17 - 2014-07-30 18:17 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstr_01009.Wdf
2014-07-30 18:17 - 2014-07-30 18:17 - 00000000 ____D () C:\Users\Ralfi\AppData\Roaming\YourFileDownloader
2014-07-30 18:17 - 2014-07-30 18:17 - 00000000 ____D () C:\Users\Ralfi\AppData\Local\Torch
2014-07-30 18:17 - 2014-07-30 18:17 - 00000000 ____D () C:\Users\Ralfi\AppData\Local\Packages
2014-07-30 18:17 - 2014-07-30 18:17 - 00000000 ____D () C:\Users\Ralfi\AppData\Local\Comodo
2014-07-30 18:17 - 2014-07-30 18:17 - 00000000 ____D () C:\Users\Ralfi\AppData\Local\Chromatic Browser
2014-07-30 18:17 - 2014-07-30 18:17 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Torch
2014-07-30 18:17 - 2014-07-30 18:17 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-07-30 18:17 - 2014-07-30 18:17 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-07-30 18:17 - 2014-07-30 18:17 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
2014-07-30 18:17 - 2014-07-30 18:17 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-07-30 18:17 - 2014-07-30 18:17 - 00000000 ____D () C:\Users\Gast\AppData\Local\Torch
2014-07-30 18:17 - 2014-07-30 18:17 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google
2014-07-30 18:17 - 2014-07-30 18:17 - 00000000 ____D () C:\Users\Gast\AppData\Local\Comodo
2014-07-30 18:17 - 2014-07-30 18:17 - 00000000 ____D () C:\Users\Gast\AppData\Local\Chromatic Browser
2014-07-30 18:17 - 2014-07-30 18:17 - 00000000 ____D () C:\Users\Gast
2014-07-30 18:17 - 2014-07-30 18:17 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-07-30 18:17 - 2014-07-30 18:17 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-07-30 18:17 - 2014-07-30 18:17 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-07-30 18:17 - 2014-07-30 18:17 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser
2014-07-30 18:17 - 2014-07-30 18:17 - 00000000 ____D () C:\Users\Administrator
2014-07-30 18:17 - 2014-05-09 14:44 - 00000000 ____D () C:\Users\Ralfi\AppData\Local\Google
2014-07-30 18:17 - 2014-05-09 14:44 - 00000000 ____D () C:\Program Files (x86)\Google
2014-07-30 18:17 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-07-30 18:17 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-07-30 18:16 - 2014-07-30 18:16 - 06985200 _____ (hxxp://yourfiledownloader.net) C:\Users\Ralfi\Downloads\Strange_Clouds_Ft_BOB_downloader.exe
2014-07-30 14:33 - 2014-07-30 14:33 - 70727715 _____ () C:\Users\Ralfi\Downloads\UnderTheInfluence.zip
2014-07-30 14:09 - 2014-07-30 14:09 - 00000000 _____ () C:\Users\Ralfi\Desktop\Neues Textdokument (3).txt
2014-07-30 13:56 - 2014-07-30 13:56 - 00001625 _____ () C:\Users\Ralfi\Desktop\Warface Launcher.lnk
2014-07-30 13:56 - 2014-07-30 13:56 - 00000000 ____D () C:\Users\Ralfi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Warface Launcher
2014-07-30 13:56 - 2014-07-30 13:56 - 00000000 ____D () C:\ProgramData\GFACE
2014-07-30 13:55 - 2014-07-30 13:55 - 29280872 _____ () C:\Users\Ralfi\Downloads\warface-launcher.exe
2014-07-30 13:44 - 2014-07-30 12:56 - 00000059 _____ () C:\Users\Ralfi\Desktop\PSC.txt
2014-07-29 15:59 - 2014-05-09 17:33 - 00000000 ____D () C:\temp
2014-07-29 15:59 - 2014-05-07 17:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-07-29 15:58 - 2014-05-07 17:15 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-07-29 15:58 - 2014-05-07 17:13 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-07-29 15:45 - 2014-05-09 14:13 - 00000000 ____D () C:\Users\Ralfi\AppData\Local\NVIDIA Corporation
2014-07-29 10:15 - 2014-07-28 22:17 - 00000000 ____D () C:\ProgramData\avs
2014-07-28 23:52 - 2014-05-09 14:12 - 00000000 ____D () C:\Users\Ralfi\AppData\Local\VirtualStore
2014-07-28 22:12 - 2014-07-28 22:06 - 1083673262 _____ () C:\Users\Ralfi\Downloads\DF_Client_09022014.rar
2014-07-28 20:28 - 2014-07-28 20:27 - 20667876 _____ () C:\Users\Ralfi\Downloads\Offical Synea2 Client_Update01.rar
2014-07-28 20:07 - 2014-07-28 20:06 - 1076334290 _____ () C:\Users\Ralfi\Downloads\Offical Synea2 Client.zip
2014-07-28 18:50 - 2014-07-28 18:43 - 1163055614 _____ () C:\Users\Ralfi\Downloads\Firenze2 Version 1.2.rar
2014-07-28 16:41 - 2014-06-11 16:14 - 00722720 _____ () C:\Users\Ralfi\Documents\Ohne Titel.veg
2014-07-28 00:50 - 2014-06-02 12:26 - 00000000 ____D () C:\Program Files\NewBlue
2014-07-28 00:30 - 2014-07-28 00:30 - 31579146 _____ (NewBlue, Inc ) C:\Users\Ralfi\Downloads\NewBlueFX Patch (for 64-bit).exe
2014-07-27 23:37 - 2014-06-25 16:43 - 00000000 ____D () C:\Users\Ralfi\AppData\Local\fabi.me
2014-07-27 23:35 - 2014-07-15 13:15 - 00000000 ____D () C:\Users\Ralfi\Desktop\Rebellution2
2014-07-27 18:20 - 2014-07-07 01:52 - 00000000 ____D () C:\Users\Ralfi\Desktop\test
2014-07-27 12:11 - 2014-07-27 12:10 - 1240454106 _____ () C:\Users\Ralfi\Desktop\Rebellution2.rar
2014-07-27 11:58 - 2014-07-21 13:04 - 00000261 _____ () C:\Users\Ralfi\Desktop\Server PW´s.txt
2014-07-27 11:31 - 2014-07-27 11:31 - 00000000 ____D () C:\Users\Ralfi\Desktop\Waffen
2014-07-26 23:26 - 2014-07-26 23:23 - 14036826 _____ () C:\Users\Ralfi\Documents\Opfakind.mp4
2014-07-26 21:36 - 2014-07-26 21:36 - 05041280 _____ (Arktos Entertainment Group LLC ) C:\Users\Ralfi\Downloads\WarInc_WebSetup.exe
2014-07-26 18:50 - 2014-05-09 14:12 - 00000000 ____D () C:\Users\Ralfi
2014-07-26 18:39 - 2014-07-26 18:38 - 09974885 _____ () C:\Users\Ralfi\Downloads\Royal - Medieval Servervorstellung by LeKoArts.rar
2014-07-25 21:17 - 2014-07-24 10:57 - 00000000 ____D () C:\Users\Ralfi\Desktop\EterNexus-1.0.0.0.2a
2014-07-25 15:50 - 2014-06-03 13:29 - 01715224 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2014-07-25 15:50 - 2014-06-03 13:29 - 01291280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2014-07-25 15:50 - 2014-05-07 17:17 - 01283136 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2014-07-25 15:50 - 2014-05-07 17:17 - 01126480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2014-07-25 09:16 - 2014-05-15 01:28 - 00000000 ____D () C:\Users\Ralfi\Documents\My Games
2014-07-25 09:08 - 2014-07-25 09:08 - 00000000 ____D () C:\Users\Ralfi\AppData\Local\UWebKit151
2014-07-25 09:08 - 2014-07-25 09:08 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-07-25 09:06 - 2014-07-24 22:03 - 00000000 ____D () C:\Users\Ralfi\Downloads\Gameforge Live
2014-07-24 23:52 - 2009-07-14 06:45 - 00303680 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-24 23:22 - 2014-05-09 22:29 - 00000000 ____D () C:\ProgramData\Origin
2014-07-24 22:05 - 2014-05-07 17:04 - 00336343 _____ () C:\Windows\DirectX.log
2014-07-24 22:03 - 2014-07-24 22:03 - 00000758 _____ () C:\Users\Public\Desktop\Gameforge Live.lnk
2014-07-24 22:03 - 2014-07-24 22:03 - 00000000 ____D () C:\Users\Ralfi\AppData\Local\Gameforge4d
2014-07-24 22:03 - 2014-07-24 22:02 - 20132328 _____ (Gameforge ) C:\Users\Ralfi\Downloads\OMD_GameforgeLiveSetup.exe
2014-07-24 21:14 - 2014-07-24 21:14 - 995862274 _____ () C:\Users\Ralfi\Downloads\Baumhausen City Client 24.05.2014.rar
2014-07-24 17:09 - 2014-05-09 14:12 - 00063200 _____ () C:\Users\Ralfi\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-23 18:47 - 2014-07-23 18:42 - 1011205600 _____ () C:\Users\Ralfi\Downloads\Meteria2.rar
2014-07-23 15:28 - 2014-07-23 15:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-07-22 14:30 - 2014-07-22 14:00 - 00000000 ____D () C:\ProgramData\Solid State Networks
2014-07-22 14:28 - 2014-07-22 14:27 - 00000000 ____D () C:\Users\Ralfi\AppData\Local\QQSM
2014-07-22 14:26 - 2014-07-22 14:26 - 00000734 _____ () C:\Users\Public\Desktop\Hazard Ops.lnk
2014-07-22 14:26 - 2014-07-22 14:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hazard Ops
2014-07-22 14:00 - 2014-07-22 14:00 - 01779712 _____ (Infernum Productions AG) C:\Users\Ralfi\Downloads\HazardOpsDLM.exe
2014-07-22 08:43 - 2014-07-22 08:39 - 00221752 _____ () C:\Users\Ralfi\Downloads\Pigeons (Original Mix).mp3.sfk
2014-07-21 19:33 - 2014-07-21 19:33 - 1035574396 _____ () C:\Users\Ralfi\Downloads\Zitonia2 Unverschlüsselt - Kopie.rar
2014-07-21 14:38 - 2014-05-09 17:01 - 00000000 ____D () C:\Users\Ralfi\AppData\Roaming\.minecraft
2014-07-21 02:49 - 2014-05-09 17:23 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2014-07-20 23:55 - 2014-07-20 23:55 - 00000572 _____ () C:\Users\Public\Desktop\Sirius MT2.lnk
2014-07-20 23:55 - 2014-07-20 23:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sirius MT2
2014-07-20 23:51 - 2014-07-20 23:41 - 1572305527 _____ (Sirius MT2 ) C:\Users\Ralfi\Documents\sirius.20.13.rev.client.exe
2014-07-20 23:41 - 2014-07-20 23:41 - 00836112 _____ (SiriusMT2) C:\Users\Ralfi\Downloads\sirius.20.13.rev.installer.exe
2014-07-19 06:42 - 2014-07-17 02:02 - 00002082 _____ () C:\Users\Ralfi\Desktop\Bonis ID.txt
2014-07-18 20:29 - 2014-07-10 18:41 - 00000000 ____D () C:\Users\Ralfi\Desktop\Backup Rebellution2
2014-07-18 14:14 - 2014-07-18 13:47 - 00000045 _____ () C:\Users\Ralfi\Desktop\E-Mail.txt
2014-07-18 14:00 - 2014-05-09 14:44 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-18 10:36 - 2014-05-09 17:05 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-18 10:36 - 2014-05-09 17:05 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-18 10:36 - 2014-05-09 17:05 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-18 06:55 - 2014-07-18 06:54 - 01269871 _____ () C:\Users\Ralfi\Desktop\2Elemente.rar
2014-07-18 06:49 - 2014-07-07 00:21 - 00001544 _____ () C:\Users\Ralfi\Desktop\config.inc.php
2014-07-18 06:47 - 2014-07-18 06:47 - 03148168 _____ () C:\Users\Ralfi\Desktop\Design.rar
2014-07-18 06:43 - 2014-07-18 06:43 - 02680558 _____ () C:\Users\Ralfi\Downloads\Release1.rar
2014-07-18 05:06 - 2014-07-18 05:06 - 00000770 _____ () C:\Users\Ralfi\Desktop\Neues Textdokument.txt
2014-07-17 23:28 - 2014-07-17 23:28 - 12983159 _____ () C:\Users\Ralfi\Desktop\EterNexus-1.0.3.1a.zip
2014-07-17 20:34 - 2014-05-09 17:26 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-17 20:13 - 2014-07-17 20:13 - 00004623 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-17 20:13 - 2014-05-26 16:00 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-17 17:58 - 2014-07-17 17:58 - 00000023 _____ () C:\Users\Ralfi\Desktop\Newssss.txt
2014-07-17 01:26 - 2014-05-22 00:44 - 00000000 ____D () C:\Users\Ralfi\Documents\Txt
2014-07-16 20:46 - 2014-07-16 20:46 - 00009587 _____ () C:\Users\Ralfi\Desktop\delicia.txt
2014-07-16 18:30 - 2014-07-16 18:28 - 00000000 ____D () C:\Users\Ralfi\Downloads\sachen zum einfügen
2014-07-16 14:33 - 2014-07-16 14:33 - 00000000 ____D () C:\Windows\SysWOW64\Hotspot Shield
2014-07-16 02:07 - 2014-07-16 01:48 - 00000000 ____D () C:\Users\Ralfi\Documents\FIFA World
2014-07-16 01:47 - 2014-07-16 01:47 - 00000864 _____ () C:\Users\Public\Desktop\EA Sports FIFA World.lnk
2014-07-16 01:47 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-07-16 01:11 - 2014-05-10 09:03 - 00000000 ____D () C:\ProgramData\PopCap Games
2014-07-15 14:40 - 2014-05-21 23:11 - 00000000 ____D () C:\Users\Ralfi\AppData\Local\Battle.net
2014-07-14 23:30 - 2014-07-14 23:30 - 00000000 ____D () C:\Users\Ralfi\Desktop\Tor Browser
2014-07-14 17:24 - 2014-07-14 17:20 - 20499640 _____ () C:\Users\Ralfi\Desktop\Skype 2014-07-14 17-00-53-82.avi
2014-07-13 04:39 - 2014-07-07 16:20 - 00000654 _____ () C:\Users\Ralfi\Desktop\Forum usw One.txt
2014-07-12 19:36 - 2014-06-18 23:29 - 00000000 ____D () C:\Users\Ralfi\AppData\Roaming\FileZilla
2014-07-11 17:15 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-07-11 03:34 - 2014-05-12 03:43 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-11 03:34 - 2011-04-12 09:55 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-11 03:34 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-11 03:34 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-11 03:02 - 2014-05-26 16:00 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-11 03:01 - 2014-05-20 07:35 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-11 03:00 - 2014-05-20 07:35 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-11 02:56 - 2014-05-26 16:00 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-11 02:56 - 2014-05-26 16:00 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-11 02:55 - 2014-05-26 16:00 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-10 17:10 - 2014-07-08 01:16 - 00000000 ____D () C:\extract
2014-07-08 18:27 - 2014-06-18 21:30 - 00001102 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-07-08 18:27 - 2014-06-18 21:30 - 00001090 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-07-08 16:16 - 2014-07-08 16:16 - 00000000 ____D () C:\Users\Ralfi\AppData\Roaming\TeamViewer
2014-07-08 15:41 - 2014-07-08 15:36 - 25815280 _____ () C:\Users\Ralfi\Desktop\Hardcore-reloaded HP.rar
2014-07-08 03:09 - 2014-07-08 03:09 - 00333680 _____ () C:\Windows\Minidump\070814-8361-01.dmp
2014-07-08 03:09 - 2014-05-10 00:53 - 895889797 _____ () C:\Windows\MEMORY.DMP
2014-07-08 03:09 - 2014-05-10 00:53 - 00000000 ____D () C:\Windows\Minidump
2014-07-08 02:34 - 2014-06-17 00:08 - 00000000 ____D () C:\Users\Ralfi\AppData\Roaming\Notepad++
2014-07-08 02:33 - 2014-07-08 02:33 - 00000000 ____D () C:\Users\Ralfi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-07-08 02:33 - 2014-07-08 02:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-07-08 02:33 - 2014-06-17 00:08 - 00000000 ____D () C:\Program Files (x86)\Notepad++
2014-07-07 23:31 - 2014-05-27 23:09 - 00000000 ____D () C:\Users\Ralfi\Desktop\Publ 1.5.4
2014-07-05 01:31 - 2014-07-05 01:31 - 00293096 _____ () C:\Windows\Minidump\070514-7971-01.dmp
2014-07-02 22:48 - 2014-07-29 15:57 - 31512520 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-07-02 22:48 - 2014-07-29 15:57 - 24196896 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-07-02 22:48 - 2014-07-29 15:57 - 22994208 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-07-02 22:48 - 2014-07-29 15:57 - 15294296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-07-02 22:48 - 2014-07-29 15:57 - 13922752 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-07-02 22:48 - 2014-07-29 15:57 - 13835208 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-07-02 22:48 - 2014-07-29 15:57 - 12866008 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-07-02 22:48 - 2014-07-29 15:57 - 11283344 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-07-02 22:48 - 2014-07-29 15:57 - 11222048 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-07-02 22:48 - 2014-07-29 15:57 - 04247000 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-07-02 22:48 - 2014-07-29 15:57 - 03989960 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-07-02 22:48 - 2014-07-29 15:57 - 01890080 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434052.dll
2014-07-02 22:48 - 2014-07-29 15:57 - 01539928 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434052.dll
2014-07-02 22:48 - 2014-07-29 15:57 - 00944928 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-07-02 22:48 - 2014-07-29 15:57 - 00907096 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-07-02 22:48 - 2014-07-29 15:57 - 00903624 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-07-02 22:48 - 2014-07-29 15:57 - 00869152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-07-02 22:48 - 2014-07-29 15:57 - 00846832 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-07-02 22:48 - 2014-07-29 15:57 - 00502232 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2014-07-02 22:48 - 2014-07-29 15:57 - 00418760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2014-07-02 22:48 - 2014-07-29 15:57 - 00391640 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2014-07-02 22:48 - 2014-07-29 15:57 - 00354016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-07-02 22:48 - 2014-07-29 15:57 - 00348120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2014-07-02 22:48 - 2014-07-29 15:57 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-07-02 22:48 - 2014-07-29 15:57 - 00166568 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-07-02 22:48 - 2014-07-29 15:57 - 00146480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-07-02 22:48 - 2014-05-28 03:57 - 16122344 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-07-02 22:48 - 2014-05-09 14:54 - 17555104 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-07-02 22:48 - 2014-05-07 17:15 - 00075040 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2014-07-02 22:48 - 2014-05-07 17:15 - 00061912 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2014-07-02 22:48 - 2014-05-07 17:14 - 18626304 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-07-02 22:48 - 2014-05-07 17:14 - 14498552 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-07-02 22:48 - 2014-05-07 17:14 - 03196816 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2014-07-02 22:48 - 2014-05-07 17:14 - 02814656 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-07-02 22:48 - 2014-05-07 17:14 - 00965312 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2014-07-02 22:48 - 2014-05-07 17:14 - 00026353 _____ () C:\Windows\system32\nvinfo.pb
2014-07-02 20:55 - 2014-05-07 17:15 - 06783776 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-07-02 20:55 - 2014-05-07 17:15 - 03522392 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2014-07-02 20:55 - 2014-05-07 17:15 - 02559960 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2014-07-02 20:55 - 2014-05-07 17:15 - 00935368 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-07-02 20:55 - 2014-05-07 17:15 - 00386520 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-07-02 20:55 - 2014-05-07 17:15 - 00062808 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-07-02 19:44 - 2014-07-29 15:58 - 00609240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-07-02 12:14 - 2014-05-07 17:15 - 03826628 _____ () C:\Windows\system32\nvcoproc.bin
2014-07-02 01:53 - 2014-06-11 16:18 - 00000000 ____D () C:\Users\Ralfi\Downloads\OTTOFOX EDITING PACK
Some content of TEMP:
====================
C:\Users\Ralfi\AppData\Local\Temp\ad8e0305e65adb359898b639e006bf2f.dll
C:\Users\Ralfi\AppData\Local\Temp\BackupSetup.exe
C:\Users\Ralfi\AppData\Local\Temp\drm_dyndata_7390006.dll
C:\Users\Ralfi\AppData\Local\Temp\htmlayout.dll
C:\Users\Ralfi\AppData\Local\Temp\ICReinstall_download-city-car-driving.exe
C:\Users\Ralfi\AppData\Local\Temp\install20450981.exe
C:\Users\Ralfi\AppData\Local\Temp\installer_gta-sanandreas_English.exe
C:\Users\Ralfi\AppData\Local\Temp\IrsoDLL.dll
C:\Users\Ralfi\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Ralfi\AppData\Local\Temp\NGMDll.dll
C:\Users\Ralfi\AppData\Local\Temp\NGMResource.dll
C:\Users\Ralfi\AppData\Local\Temp\NGMSetup.exe
C:\Users\Ralfi\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Ralfi\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Ralfi\AppData\Local\Temp\nvStInst.exe
C:\Users\Ralfi\AppData\Local\Temp\optprosetup.exe
C:\Users\Ralfi\AppData\Local\Temp\RegClean2.exe
C:\Users\Ralfi\AppData\Local\Temp\toolbar20403657.exe
C:\Users\Ralfi\AppData\Local\Temp\toolbar20405013.exe
C:\Users\Ralfi\AppData\Local\Temp\toolbar20407069.exe
C:\Users\Ralfi\AppData\Local\Temp\toolbar20407921.exe
C:\Users\Ralfi\AppData\Local\Temp\toolbar20435936.exe
C:\Users\Ralfi\AppData\Local\Temp\toolbar20439570.exe
C:\Users\Ralfi\AppData\Local\Temp\toolbar20449970.exe
C:\Users\Ralfi\AppData\Local\Temp\toolbar20454574.exe
C:\Users\Ralfi\AppData\Local\Temp\toolbar20454702.exe
C:\Users\Ralfi\AppData\Local\Temp\toolbar20454754.exe
C:\Users\Ralfi\AppData\Local\Temp\unicows.dll
C:\Users\Ralfi\AppData\Local\Temp\uninstall-updater179239.exe
C:\Users\Ralfi\AppData\Local\Temp\uninstall189585.exe
C:\Users\Ralfi\AppData\Local\Temp\uninstall20550009.exe
C:\Users\Ralfi\AppData\Local\Temp\uninstall20556818.exe
C:\Users\Ralfi\AppData\Local\Temp\xmlUpdater.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-07-28 01:59
==================== End Of Log ============================
--- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-07-2014 02
Ran by Ralfi at 2014-08-01 13:25:04
Running from C:\Users\Ralfi\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.6.0.393 - Adobe Systems Incorporated)
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.0 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKCU\...\Akamai) (Version: - Akamai Technologies, Inc)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.4.0 - EA Digital Illusions CE AB)
Burnout™ Paradise: The Ultimate Box (HKLM-x32\...\{9A996B6A-846E-4A89-B9C4-17546B7BE49F}) (Version: 1.1.0.0 - Electronic Arts)
Call of Duty(R) 4 - Modern Warfare(TM) Demo (HKLM-x32\...\InstallShield_{6734CA10-8FB8-4C7F-B8C7-75317C617DC5}) (Version: 1.00.0000 - Activision)
Call of Duty(R) 4 - Modern Warfare(TM) Demo (x32 Version: 1.00.0000 - Activision) Hidden
Call of Duty: Black Ops II - Multiplayer (HKLM-x32\...\Steam App 202990) (Version: - )
Call of Duty: Ghosts - Multiplayer (HKLM-x32\...\Steam App 209170) (Version: - )
Call of Duty: Modern Warfare 2 - Multiplayer (HKLM-x32\...\Steam App 10190) (Version: - Infinity Ward)
Call of Duty: Modern Warfare 3 - Multiplayer (HKLM-x32\...\Steam App 42690) (Version: - Infinity Ward)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version: - Valve)
Crysis® 2 (HKLM-x32\...\{6033673D-2530-4587-8AD0-EB059FC263F9}) (Version: 1.9.0.0 - Electronic Arts)
DayZ (HKLM-x32\...\Steam App 221100) (Version: - Bohemia Interactive)
EA Sports FIFA World (HKLM-x32\...\{8F9AC744-EEF6-43DB-A4B6-FA1A18F1C640}) (Version: 7.0.0.45489 - Electronic Arts, Inc.)
Fast And Safe (HKLM-x32\...\{5F189DF5-2D05-472B-9091-84D9848AE48B}{64af91bf}) (Version: - GTgroup) <==== ATTENTION
FileZilla Client 3.8.1 (HKLM-x32\...\FileZilla Client) (Version: 3.8.1 - Tim Kosse)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - )
Gameforge Live 2.0.4 (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.4 - Gameforge)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Hazard Ops (HKLM-x32\...\{F70DE052-CFFD-4DCB-8DA3-3ECAAFBB7D15}}_is1) (Version: 0.2.0.2042 - Infernum Productions AG)
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Infestation Survivor Stories version 1.0 (HKLM-x32\...\{BC3051A7-1021-4B57-A3DA-AAC24566FAE7}_is1) (Version: 1.0 - OP Productions LLC)
Java 7 Update 55 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417055FF}) (Version: 7.0.550 - Oracle)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.650 - Oracle)
Java Auto Updater (x32 Version: 2.1.65.20 - Oracle, Inc.) Hidden
Java technology allows you to work and play in a secure computing environment. Packages (HKCU\...\Java technology allows you to work and play in a secure computing environment. Packages) (Version: - ) <==== ATTENTION
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.227 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.227 - LogMeIn, Inc.) Hidden
Magic Bullet Suite 64-bit (HKLM-x32\...\InstallShield_{26055432-339E-4776-803B-F22240B91864}) (Version: 11.1.2 - Red Giant Software)
Magic Bullet Suite 64-bit (Version: 11.1.2 - Red Giant Software) Hidden
Medal of Honor (TM) (HKLM-x32\...\{415030B8-3E8B-462A-8C03-41D95AA3AB3B}) (Version: 1.0.0.0 - Electronic Arts)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{2DFD8316-9EF1-3210-908C-4CB61961C1AC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
MoonTools Version 1.7 (HKLM-x32\...\{61946000-8054-4452-B5F9-719D35D899D8}_is1) (Version: 1.7 - DotExE)
MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden
MTA:SA v1.3.5 (HKLM-x32\...\MTA:SA 1.3) (Version: v1.3.5 - Multi Theft Auto)
NewBlue Art Effects for Windows (HKLM-x32\...\NewBlue Art Effects for Windows) (Version: 3.0 - NewBlue)
NewBlue Film Effects for Windows (HKLM-x32\...\NewBlue Film Effects for Windows) (Version: 3.0 - NewBlue)
NewBlue Light Effects for Windows (HKLM-x32\...\NewBlue Light Effects for Windows) (Version: 3.0 - NewBlue)
NewBlue Motion Effects for Windows (HKLM-x32\...\NewBlue Motion Effects for Windows) (Version: 3.0 - NewBlue)
NewBlue Paint Effects for Windows (HKLM-x32\...\NewBlue Paint Effects for Windows) (Version: 3.0 - NewBlue)
NewBlue plug-ins bundle patch build 121206 (HKLM\...\NewBlue plug-ins bundle patch build 121206_is1) (Version: 3.0.0.0 - NewBlue Inc.)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 5.6.1 - )
NVIDIA 3D Vision Controller-Treiber 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.157.1165 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 15.3.33 (Version: 15.3.33 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6514 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 340.52 (Version: 340.52 - NVIDIA Corporation) Hidden
NVIDIA Update 15.3.33 (Version: 15.3.33 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 15.3.33 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden
Operation Flashpoint: Red River (HKLM-x32\...\Steam App 44340) (Version: - Codemasters Action Studio)
Oracle VM VirtualBox 4.3.12 (HKLM\...\{B5121457-0126-4E62-BCBF-6DC7C73D9E4A}) (Version: 4.3.12 - Oracle Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.4.7.2799 - Electronic Arts, Inc.)
paint.net (HKLM\...\{3F5F509B-E226-417C-8CD1-CAAE756C328A}) (Version: 4.0.0 - dotPDN LLC)
Peggle (HKLM-x32\...\{715AD72D-887A-459E-988B-D4F3E87FA24B}) (Version: 1.04.0.0 - PopCap Games)
Pflanzen gegen Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.)
PremiumSoft Navicat Lite 10.0 (HKLM-x32\...\PremiumSoft Navicat Lite_is1) (Version: - PremiumSoft CyberTech Ltd.)
Qualcomm Atheros Bandwidth Control Filter Driver (Version: 1.0.30.1003 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer E220x Drivers (Version: 1.0.30.1003 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer Network Manager Suite (HKLM-x32\...\{DD21E907-9A2A-44B8-A12E-13691E166664}) (Version: 1.0.30.1003 - Qualcomm Atheros)
Qualcomm Atheros Network Manager (Version: 1.0.30.1003 - Qualcomm Atheros) Hidden
Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.13 - Razer Inc.)
Rust (HKLM-x32\...\Steam App 252490) (Version: - Facepunch Studios)
SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden
Sirius MT2 Version 20.13 (HKLM-x32\...\{831D4B74-7A92-4363-869D-524876C480B1}_is1) (Version: 20.13 - Sirius MT2)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
South Park - The Stick of Truth (HKLM-x32\...\South Park - The Stick of Truth_R.G. Mechanics_is1) (Version: - R.G. Mechanics, spider91)
Spotify (HKCU\...\Spotify) (Version: 0.9.11.27.g2b1a638c - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.29947 - TeamViewer)
Titanfall™ (HKLM-x32\...\{347EE0C3-0690-48F6-A231-53853C2A80D6}) (Version: 1.0.4.15 - Electronic Arts)
Überwachungstool für die Intel® Turbo-Boost-Technik 2.6 (HKLM\...\{6C9365EB-1F9E-4893-9196-3EC77C88D0C5}) (Version: 2.6.2.0 - Intel)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: 4.5.0f6 - Unity Technologies ApS)
Uplay (HKLM-x32\...\Uplay) (Version: 4.5 - Ubisoft)
Vegas Pro 12.0 (64-bit) (HKLM\...\{BE94768F-5232-11E3-BD78-F04DA23A5C58}) (Version: 12.0.770 - Sony)
Warface Launcher (Beta) (HKLM-x32\...\{28D1723C-31C4-4A83-9799-DFFB3739026D}) (Version: 1.0.0 - Crytek GmbH)
Watch_Dogs (HKLM-x32\...\Uplay Install 274) (Version: - Ubisoft)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
WinSCP 5.5.4 (HKLM-x32\...\winscp3_is1) (Version: 5.5.4 - Martin Prikryl)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
30-07-2014 11:56:44 Installed Warface Launcher (Beta)
31-07-2014 13:38:57 Windows Update
01-08-2014 10:50:46 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {2132EEA0-55D9-40C8-B014-B2F2393DDF5C} - System32\Tasks\AdobeAAMUpdater-1.0-Ralfi-PC-Ralfi => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)
Task: {325212BB-0C09-42F6-BB27-0B3712DE814A} - System32\Tasks\Red Giant Link => C:\Program Files (x86)\Red Giant Link\Common\Red Giant Link.exe [2011-11-23] ()
Task: {367A4F3D-5F96-4C21-AB16-8B181BC582DC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {39DEDED4-3FB7-4B8D-9A44-9BE03C0F9907} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-18] (Adobe Systems Incorporated)
Task: {45ACB7EF-11B8-4FA2-AF77-B30E890B295A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {4D8BC769-341B-4C86-8D7A-29114D11CBB7} - System32\Tasks\YourFile DownloaderInstaller Starter => C:\Users\Ralfi\AppData\Local\Temp\install20450981.exe [2014-07-30] (hxxp://yourfiledownloader.net) <==== ATTENTION
Task: {7A834270-F4A4-4922-BBF2-013022CE6D0D} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {8C3C8FA8-3E14-4A65-8167-74D6ED47B5A5} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {95C3D335-8B1B-4EB9-A9A3-6573B0A7C1B7} - System32\Tasks\{41A47AF3-6E4C-46BD-85D0-4E0BFCF145EB} => C:\Users\Ralfi\Desktop\Minecraft.exe [2014-05-09] ()
Task: {A2A42D7B-092B-4209-B33A-4B10417085C0} - System32\Tasks\YourFile DownloaderUpdate => C:\Program Files (x86)\YourFileDownloader Updater\YourFileUpdater.exe <==== ATTENTION
Task: {B9CE560E-0066-460E-B483-F1398CC19150} - System32\Tasks\AppCloudUpdater => C:\Users\Ralfi\AppData\Roaming\APPCLO~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {CF3B707A-6679-468A-B7F4-6C5B871451AF} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AppCloudUpdater.job => C:\Users\Ralfi\AppData\Roaming\APPCLO~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2014-05-07 17:15 - 2014-07-02 20:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-05-01 21:29 - 2014-05-01 21:29 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2014-05-23 02:10 - 2014-05-23 02:10 - 00671904 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
2013-08-08 14:35 - 2013-08-08 14:35 - 00283648 _____ () C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
2014-05-29 17:42 - 2014-07-17 20:06 - 00601144 _____ () C:\Users\Ralfi\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
2014-05-23 02:10 - 2014-05-23 02:10 - 05341856 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2014-05-29 17:42 - 2014-07-17 20:06 - 36966968 _____ () C:\Users\Ralfi\AppData\Roaming\Spotify\Data\libcef.dll
2014-05-26 05:52 - 2014-05-26 05:52 - 32733088 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\libcef.dll
2014-07-17 20:06 - 2014-07-17 20:06 - 00867896 _____ () C:\Users\Ralfi\AppData\Roaming\Spotify\Data\ffmpegsumo.dll
2014-05-29 17:42 - 2014-07-17 20:06 - 00886840 _____ () C:\Users\Ralfi\AppData\Roaming\Spotify\Data\libglesv2.dll
2014-05-29 17:42 - 2014-07-17 20:06 - 00108600 _____ () C:\Users\Ralfi\AppData\Roaming\Spotify\Data\libegl.dll
2014-05-12 22:22 - 2014-05-12 22:22 - 02217128 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\plugins\ExchangePlugin\ExManCoreLib\ExManZxpSign.dll
2014-07-18 10:36 - 2014-07-18 10:36 - 17029808 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll
2014-06-01 11:08 - 2014-06-01 11:08 - 00035328 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2014-05-24 18:41 - 2014-05-24 18:41 - 00091648 _____ () C:\Program Files (x86)\FileZilla FTP Client\libgcc_s_sjlj-1.dll
2014-05-24 18:41 - 2014-05-24 18:41 - 00892416 _____ () C:\Program Files (x86)\FileZilla FTP Client\libstdc++-6.dll
2014-07-18 14:00 - 2014-07-15 11:24 - 00718664 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libglesv2.dll
2014-07-18 14:00 - 2014-07-15 11:24 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libegl.dll
2014-07-18 14:00 - 2014-07-15 11:24 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll
2014-07-18 14:00 - 2014-07-15 11:24 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
2014-07-18 14:00 - 2014-07-15 11:24 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll
2014-07-18 14:00 - 2014-07-15 11:24 - 14664008 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData:NT
AlternateDataStreams: C:\ProgramData:NT2
AlternateDataStreams: C:\Users\All Users:NT
AlternateDataStreams: C:\Users\All Users:NT2
AlternateDataStreams: C:\ProgramData\Anwendungsdaten:NT
AlternateDataStreams: C:\ProgramData\Anwendungsdaten:NT2
AlternateDataStreams: C:\ProgramData\Application Data:NT
AlternateDataStreams: C:\ProgramData\Application Data:NT2
AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT
AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT2
AlternateDataStreams: C:\Users\Ralfi\Anwendungsdaten:NT
AlternateDataStreams: C:\Users\Ralfi\Anwendungsdaten:NT2
AlternateDataStreams: C:\Users\Ralfi\AppData\Roaming:NT
AlternateDataStreams: C:\Users\Ralfi\AppData\Roaming:NT2
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (08/01/2014 00:47:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/31/2014 10:23:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: vegas120.exe, Version: 12.0.0.770, Zeitstempel: 0x528d33e2
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521eaf24
Ausnahmecode: 0xc0000374
Fehleroffset: 0x00000000000c4102
ID des fehlerhaften Prozesses: 0x19a8
Startzeit der fehlerhaften Anwendung: 0xvegas120.exe0
Pfad der fehlerhaften Anwendung: vegas120.exe1
Pfad des fehlerhaften Moduls: vegas120.exe2
Berichtskennung: vegas120.exe3
Error: (07/31/2014 03:28:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/30/2014 10:14:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: fraps.exe, Version: 3.5.99.15618, Zeitstempel: 0x512c56a2
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7
Ausnahmecode: 0xc0000374
Fehleroffset: 0x000ce753
ID des fehlerhaften Prozesses: 0x1264
Startzeit der fehlerhaften Anwendung: 0xfraps.exe0
Pfad der fehlerhaften Anwendung: fraps.exe1
Pfad des fehlerhaften Moduls: fraps.exe2
Berichtskennung: fraps.exe3
Error: (07/30/2014 06:31:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: hsswd.exe, Version: 0.0.0.0, Zeitstempel: 0x51087583
Name des fehlerhaften Moduls: af_proxy.dll, Version: 0.0.0.0, Zeitstempel: 0x5376a94a
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00029c7c
ID des fehlerhaften Prozesses: 0x17a0
Startzeit der fehlerhaften Anwendung: 0xhsswd.exe0
Pfad der fehlerhaften Anwendung: hsswd.exe1
Pfad des fehlerhaften Moduls: hsswd.exe2
Berichtskennung: hsswd.exe3
Error: (07/30/2014 06:31:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/30/2014 06:25:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/30/2014 00:37:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/29/2014 03:59:15 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Rebellution.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1658
Startzeit: 01cfab115a63490f
Endzeit: 4
Anwendungspfad: C:\Users\Ralfi\Desktop\Rebellution2\Rebellution.exe
Berichts-ID:
Error: (07/29/2014 03:59:13 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Rebellution.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: e10
Startzeit: 01cfab092862eb01
Endzeit: 4
Anwendungspfad: C:\Users\Ralfi\Desktop\Rebellution2\Rebellution.exe
Berichts-ID:
System errors:
=============
Error: (08/01/2014 00:49:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (07/31/2014 03:30:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (07/30/2014 06:33:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (07/30/2014 06:31:55 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Hotspot Shield Monitoring Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (07/30/2014 06:31:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Computer Backup (MyPC Backup)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (07/30/2014 06:31:02 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Computer Backup (MyPC Backup) erreicht.
Error: (07/30/2014 06:27:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (07/30/2014 06:18:52 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Update Adanak" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (07/23/2014 03:28:19 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "LogMeIn Hamachi Tunneling Engine" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (07/18/2014 05:09:33 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung empfangen: 80.
Microsoft Office Sessions:
=========================
Error: (08/01/2014 00:47:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/31/2014 10:23:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: vegas120.exe12.0.0.770528d33e2ntdll.dll6.1.7601.18247521eaf24c000037400000000000c410219a801cfacfb9f9ec67eC:\Program Files\Sony\Vegas Pro 12.0\vegas120.exeC:\Windows\SYSTEM32\ntdll.dll847b596b-18f0-11e4-b4fb-448a5b676762
Error: (07/31/2014 03:28:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/30/2014 10:14:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: fraps.exe3.5.99.15618512c56a2ntdll.dll6.1.7601.18247521ea8e7c0000374000ce753126401cfac2efed893c3D:\Fraps\fraps.exeC:\Windows\SysWOW64\ntdll.dll15440110-1826-11e4-86a5-448a5b676762
Error: (07/30/2014 06:31:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: hsswd.exe0.0.0.051087583af_proxy.dll0.0.0.05376a94ac000000500029c7c17a001cfac13a77efb06C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exeC:\Program Files (x86)\Hotspot Shield\bin\af_proxy.dll043ff8cf-1807-11e4-86a5-448a5b676762
Error: (07/30/2014 06:31:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/30/2014 06:25:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/30/2014 00:37:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/29/2014 03:59:15 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Rebellution.exe0.0.0.0165801cfab115a63490f4C:\Users\Ralfi\Desktop\Rebellution2\Rebellution.exe
Error: (07/29/2014 03:59:13 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Rebellution.exe0.0.0.0e1001cfab092862eb014C:\Users\Ralfi\Desktop\Rebellution2\Rebellution.exe
==================== Memory info ===========================
Percentage of memory in use: 36%
Total physical RAM: 16327.91 MB
Available physical RAM: 10318.59 MB
Total Pagefile: 32654.01 MB
Available Pagefile: 25944.56 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:111.69 GB) (Free:19.15 GB) NTFS
Drive d: (Volume) (Fixed) (Total:1863.01 GB) (Free:1529.93 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 112 GB) (Disk ID: BC66EA14)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=112 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: B3513036)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
01.08.2014, 12:49
| #4 |
| /// Malwareteam | Your File Download und Fast and Safe. Hi Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [BlockAndSurf] => C:\Program Files (x86)\ver8BlockAndSurf\BlockAndSurf.exe
AppInit_DLLs: C:\PROGRA~2\SupTab\SEARCH~2.DLL => C:\PROGRA~2\SupTab\SEARCH~2.DLL File Not Found
AppInit_DLLs: C:\PROGRA~3\FASTAN~1\FASTAN~2.DLL => C:\PROGRA~3\FASTAN~1\FASTAN~2.DLL File Not Found
AppInit_DLLs-x32: c:\progra~2\suptab\search~1.dll => "c:\progra~2\suptab\search~1.dll" File Not Found
AppInit_DLLs-x32: c:\progra~3\fastan~1\fastan~1.dll => "c:\progra~3\fastan~1\fastan~1.dll" File Not Found
C:\Program Files (x86)\ver8BlockAndSurf\
C:\PROGRA~2\SupTab\
C:\PROGRA~3\FASTAN~1\
c:\progra~2\suptab\
c:\progra~3\fastan~1
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
ShortcutTarget: Packer.exe.lnk -> C:\Users\Ralfi\AppData\Local\Temp\Phx6F79\Packer.exe (No File)
C:\Users\Ralfi\AppData\Local\Temp\Phx6F79\
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2: Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 3: Downloade Dir bitte  Malwarebytes Anti-Malware
Schritt 4: erstelle ein neues FRST Logfile und poste es hier, setze bitte den Haken bei Addition.txt Geändert von Aneri (01.08.2014 um 13:06 Uhr) |
|
01.08.2014, 14:16
| #5 |
| /// Malwareteam | Your File Download und Fast and Safe. da dein additions.txt erst später kam... hier liegt auch der grund warum du das Zeug nicht deinstallieren kannst. Es installiert ich bei den Neustarts immer wieder von selbst, da es in den TASKS eingetragen ist. ein zweiter Fix für FRST Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter Task: {4D8BC769-341B-4C86-8D7A-29114D11CBB7} - System32\Tasks\YourFile DownloaderInstaller Starter => C:\Users\Ralfi\AppData\Local\Temp\install20450981.exe [2014-07-30] (hxxp://yourfiledownloader.net) <==== ATTENTION
Task: {7A834270-F4A4-4922-BBF2-013022CE6D0D} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {8C3C8FA8-3E14-4A65-8167-74D6ED47B5A5} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {A2A42D7B-092B-4209-B33A-4B10417085C0} - System32\Tasks\YourFile DownloaderUpdate => C:\Program Files (x86)\YourFileDownloader Updater\YourFileUpdater.exe <==== ATTENTION
Task: {B9CE560E-0066-460E-B483-F1398CC19150} - System32\Tasks\AppCloudUpdater => C:\Users\Ralfi\AppData\Roaming\APPCLO~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {CF3B707A-6679-468A-B7F4-6C5B871451AF} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\AppCloudUpdater.job => C:\Users\Ralfi\AppData\Roaming\APPCLO~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
C:\Program Files (x86)\AnyProtectEx\
C:\Windows\Tasks\AppCloudUpdater.job => C:\Users\Ralfi\AppData\Roaming\APPCLO~1\
C:\Program Files (x86)\YourFileDownloader Updater\
C:\Users\Ralfi\AppData\Local\Temp\install20450981.exe
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
|
|
01.08.2014, 14:18
| #6 |
| | Your File Download und Fast and Safe.Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 31-07-2014 02
Ran by Ralfi at 2014-08-01 15:07:04 Run:1
Running from C:\Users\Ralfi\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [BlockAndSurf] => C:\Program Files (x86)\ver8BlockAndSurf\BlockAndSurf.exe
AppInit_DLLs: C:\PROGRA~2\SupTab\SEARCH~2.DLL => C:\PROGRA~2\SupTab\SEARCH~2.DLL File Not Found
AppInit_DLLs: C:\PROGRA~3\FASTAN~1\FASTAN~2.DLL => C:\PROGRA~3\FASTAN~1\FASTAN~2.DLL File Not Found
AppInit_DLLs-x32: c:\progra~2\suptab\search~1.dll => "c:\progra~2\suptab\search~1.dll" File Not Found
AppInit_DLLs-x32: c:\progra~3\fastan~1\fastan~1.dll => "c:\progra~3\fastan~1\fastan~1.dll" File Not Found
C:\Program Files (x86)\ver8BlockAndSurf\
C:\PROGRA~2\SupTab\
C:\PROGRA~3\FASTAN~1\
c:\progra~2\suptab\
c:\progra~3\fastan~1
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
ShortcutTarget: Packer.exe.lnk -> C:\Users\Ralfi\AppData\Local\Temp\Phx6F79\Packer.exe (No File)
C:\Users\Ralfi\AppData\Local\Temp\Phx6F79\
*****************
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\BlockAndSurf => value deleted successfully.
"C:\PROGRA~2\SupTab\SEARCH~2.DLL" => Value Data removed successfully.
" C:\PROGRA~3\FASTAN~1\FASTAN~2.DLL" => Value Data removed successfully.
"c:\progra~2\suptab\search~1.dll" => Value Data removed successfully.
" c:\progra~3\fastan~1\fastan~1.dll" => Value Data removed successfully.
"C:\Program Files (x86)\ver8BlockAndSurf" => File/Directory not found.
C:\PROGRA~2\SupTab => Moved successfully.
"C:\PROGRA~3\FASTAN~1" => File/Directory not found.
"c:\progra~2\suptab" => File/Directory not found.
"c:\progra~3\fastan~1" => File/Directory not found.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
C:\Users\Ralfi\AppData\Local\Temp\Phx6F79\Packer.exe not found.
C:\Users\Ralfi\AppData\Local\Temp\Phx6F79 => Moved successfully.
The system needed a reboot.
==== End of Fixlog ====
Code:
ATTFilter # AdwCleaner v3.302 - Bericht erstellt am 01/08/2014 um 15:14:20
# Aktualisiert 30/07/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Ralfi - RALFI-PC
# Gestartet von : C:\Users\Ralfi\Downloads\adwcleaner_3.302.exe
# Option : Löschen
***** [ Dienste ] *****
Dienst Gelöscht : IePluginServices
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\374311380
Ordner Gelöscht : C:\ProgramData\IePluginServices
Ordner Gelöscht : C:\ProgramData\Systweak
Ordner Gelöscht : C:\ProgramData\WPM
Ordner Gelöscht : C:\ProgramData\cosstminn
Ordner Gelöscht : C:\Program Files (x86)\cosstminn
Ordner Gelöscht : C:\Windows\SysWOW64\hotspot shield
Ordner Gelöscht : C:\Program Files\002
Ordner Gelöscht : C:\Users\Administrator\AppData\Local\Chromatic Browser
Ordner Gelöscht : C:\Users\Administrator\AppData\Local\torch
Ordner Gelöscht : C:\Users\Gast\AppData\Local\Chromatic Browser
Ordner Gelöscht : C:\Users\Gast\AppData\Local\torch
Ordner Gelöscht : C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
Ordner Gelöscht : C:\Users\HomeGroupUser$\AppData\Local\torch
Ordner Gelöscht : C:\Users\Ralfi\AppData\Local\Chromatic Browser
Ordner Gelöscht : C:\Users\Ralfi\AppData\Local\Genesis
Ordner Gelöscht : C:\Users\Ralfi\AppData\Local\torch
Ordner Gelöscht : C:\Users\Ralfi\AppData\Local\Temp\hotspot shield
Ordner Gelöscht : C:\Users\Ralfi\AppData\Local\Temp\OCS
Ordner Gelöscht : C:\Users\Ralfi\AppData\Local\Temp\Rock Turner
Ordner Gelöscht : C:\Users\Ralfi\AppData\Local\Temp\webget
Ordner Gelöscht : C:\Users\Ralfi\AppData\Roaming\1H1Q
Ordner Gelöscht : C:\Users\Ralfi\AppData\Roaming\Advanced System Protector
Ordner Gelöscht : C:\Users\Ralfi\AppData\Roaming\AppCloudUpdater
Ordner Gelöscht : C:\Users\Ralfi\AppData\Roaming\InetStat
Ordner Gelöscht : C:\Users\Ralfi\AppData\Roaming\sweet-page
Ordner Gelöscht : C:\Users\Ralfi\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\Ralfi\AppData\Roaming\YourFileDownloader
Ordner Gelöscht : C:\Users\Ralfi\Documents\Optimizer Pro
Ordner Gelöscht : C:\Users\Ralfi\Documents\PC Speed Maximizer
Datei Gelöscht : C:\Windows\System32\roboot64.exe
Datei Gelöscht : C:\Users\Ralfi\AppData\Local\AnyProtectScannerSetup.exe
Datei Gelöscht : C:\Users\Ralfi\AppData\Roaming\aps.uninstall.scan.results
Datei Gelöscht : C:\Users\Ralfi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Datei Gelöscht : C:\Users\Ralfi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
Datei Gelöscht : C:\Users\Ralfi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.livelyrics00.live-lyrics.com_0.localstorage
Datei Gelöscht : C:\Users\Ralfi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.livelyrics00.live-lyrics.com_0.localstorage-journal
***** [ Tasks ] *****
Task Gelöscht : AppCloudUpdater
Task Gelöscht : APSnotifierPP1
Task Gelöscht : APSnotifierPP2
Task Gelöscht : APSnotifierPP3
Task Gelöscht : YourFile DownloaderUpdate
***** [ Verknüpfungen ] *****
Verknüpfung Desinfiziert : C:\Users\Ralfi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Genesis_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Genesis_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SupTab_Setup302_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SupTab_Setup302_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\updatewebget_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\updatewebget_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\webget_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\webget_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\webget_setup_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\webget_setup_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\wpm_v18_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\wpm_v18_RASMANCS
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{64af91bf}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : HKCU\Software\anchorfree
Schlüssel Gelöscht : HKCU\Software\AnyProtect
Schlüssel Gelöscht : HKCU\Software\AppCloudUpdater
Schlüssel Gelöscht : HKCU\Software\genesis
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Optimizer Pro
Schlüssel Gelöscht : HKCU\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKCU\Software\Vittalia
Schlüssel Gelöscht : HKCU\Software\YourFileDownloader
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\blockAndSurf
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Rr Savings
Schlüssel Gelöscht : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Schlüssel Gelöscht : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gelöscht : HKLM\Software\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Schlüssel Gelöscht : HKLM\Software\SupDp
Schlüssel Gelöscht : HKLM\Software\SupTab
Schlüssel Gelöscht : HKLM\Software\supWPM
Schlüssel Gelöscht : HKLM\Software\sweet-pageSoftware
Schlüssel Gelöscht : HKLM\Software\systweak
Schlüssel Gelöscht : HKLM\Software\Wpm
Schlüssel Gelöscht : HKLM\Software\YourFileDownloader
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\LevelQualityWatcher
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\RrSavings
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17207
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
-\\ Google Chrome v36.0.1985.125
[ Datei : C:\Users\Ralfi\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gelöscht [Startup_urls] : hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=5dcb2ce2-d62c-8a2c-991a-d2d3523f08f4&searchtype=hp&fr=linkury-tb&installDate={installDate}&type=hp1000
Gelöscht [Startup_urls] : hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=5dcb2ce2-d62c-8a2c-991a-d2d3523f08f4&searchtype=hp&fr=linkury-tb&installDate=09/01/2014&type=hp1000
Gelöscht [Startup_urls] : hxxp://www.sweet-page.com/?type=hp&ts=1399647427&from=cor&uid=SamsungXSSDX840XEVOX120GB_S1BUNSAF401702D
Gelöscht [Startup_urls] : hxxp://www.sweet-page.com/?type=hppp&ts=1399676034&from=cor&uid=SamsungXSSDX840XEVOX120GB_S1BUNSAF401702D
Gelöscht [Startup_urls] : hxxp://www.sweet-page.com/?type=hppp&ts=1399704410&from=cor&uid=SamsungXSSDX840XEVOX120GB_S1BUNSAF401702D
Gelöscht [Startup_urls] : hxxp://www.sweet-page.com/?type=hppp&ts=1399708660&from=cor&uid=SamsungXSSDX840XEVOX120GB_S1BUNSAF401702D
Gelöscht [Startup_urls] : hxxp://www.sweet-page.com/?type=hppp&ts=1399721255&from=cor&uid=SamsungXSSDX840XEVOX120GB_S1BUNSAF401702D
Gelöscht [Startup_urls] : hxxp://www.sweet-page.com/?type=hp&ts=1400380906&from=cor&uid=SamsungXSSDX840XEVOX120GB_S1BUNSAF401702D
Gelöscht [Startup_urls] : hxxp://www.sweet-page.com/?type=hp&ts=1400609547&from=cor&uid=SamsungXSSDX840XEVOX120GB_S1BUNSAF401702D
Gelöscht [Startup_urls] : hxxp://www.sweet-page.com/?type=hp&ts=1401467900&from=cor&uid=SamsungXSSDX840XEVOX120GB_S1BUNSAF401702D
Gelöscht [Homepage] : hxxp://search.babylon.com/?affID=113480&tt=bandext_3312_4&babsrc=HP_ss&mntrId=341c704c00000000000000ff6cb80bd8
Gelöscht [Extension] : igjjkeeamkpihpncmmbgdkhdnjpcfmfb
*************************
AdwCleaner[R0].txt - [13666 octets] - [01/08/2014 15:12:38]
AdwCleaner[S0].txt - [10452 octets] - [01/08/2014 15:14:20]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10513 octets] ##########
Malewarebytes scannt noch. Danke schonmal für all die Hilfe. Habe grade bei Chrome eine Erweiterung (AddOn) Gefunden was auch jedesmal wieder da ist. Es heißt: cosstminn 2.0 Geändert von Tunefisch. (01.08.2014 um 14:32 Uhr) |
|
01.08.2014, 14:33
| #7 |
| /// Malwareteam | Your File Download und Fast and Safe. Ich habe dir einen zweiten Fix gepostet, vor deiner letzten Antwort. führ den bite noch aus |
|
01.08.2014, 14:42
| #8 |
| | Your File Download und Fast and Safe.Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 01.08.2014 Suchlauf-Zeit: 15:20:34 Logdatei: mbam.txt Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.08.01.02 Rootkit Datenbank: v2014.07.17.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Self-protection: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Ralfi Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 328232 Verstrichene Zeit: 13 Min, 2 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristics: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 2 PUP.Optional.MultiPlug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{CE681A67-9477-CBE6-EB9D-FE534875F98D}, In Quarantäne, [8dd9af1287f4181e277896c9e919c739], PUP.Optional.SuperFish.A, HKU\S-1-5-21-1657400046-2498356473-2034691632-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com, In Quarantäne, [83e3bb0648333afcf73dd303f40e52ae], Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 1 PUP.Optional.Adanak.A, C:\Users\Ralfi\AppData\Local\Temp\Adanak, In Quarantäne, [b8ae18a94f2c72c497899333ac569e62], Dateien: 35 PUP.Optional.AdPeak, C:\temp\InstallFilter64.msi, In Quarantäne, [c6a014ad5e1d75c14063ecb705fcd62a], PUP.Optional.AdPeak.A, C:\temp\t.msi, In Quarantäne, [a6c0efd285f6c76fef1ef5b1a064a060], PUP.Optional.RegCleanerPro, C:\Users\Ralfi\AppData\Local\Temp\RegClean2.exe, In Quarantäne, [b0b6625f374456e0005d8f850001837d], PUP.Optional.InstallCore, C:\Users\Ralfi\AppData\Local\Temp\installer_gta-sanandreas_English.exe, In Quarantäne, [4c1aecd52c4f8caaae215f46f90b9070], PUP.Optional.MultiPlug, C:\Users\Ralfi\AppData\Local\Temp\toolbar20405013.exe, In Quarantäne, [4b1b536ef883e254e4edd1d0db2634cc], PUP.Optional.RegCleanerPro, C:\Users\Ralfi\AppData\Local\Temp\toolbar20435936.exe, In Quarantäne, [69fdfbc688f347ef24396ba9679a7c84], PUP.Optional.MultiPlug, C:\Users\Ralfi\AppData\Local\Temp\toolbar20454754.exe, In Quarantäne, [e5810bb6413a95a114bdcdd4b64b2bd5], PUP.Optional.InstallCore, C:\Users\Ralfi\AppData\Local\Temp\ICReinstall_download-city-car-driving.exe, In Quarantäne, [5c0a952c24576cca1ab63173897bc63a], PUP.Optional.SkyTech.A, C:\Users\Ralfi\AppData\Local\Temp\16399293\16399293.zipDir\alilog.dll, In Quarantäne, [7ee8bb06106bfc3ac570cb67a25e946c], PUP.Optional.V9.A, C:\Users\Ralfi\AppData\Local\Temp\16399293\16399293.zipDir\qSE.exe, In Quarantäne, [491d962b3546e74f2bb82a1e3fc1d828], PUP.Optional.Skytech.A, C:\Users\Ralfi\AppData\Local\Temp\16399293\16399293.zipDir\UninstallManager.exe, In Quarantäne, [64026a571368e84e20fa810e69983dc3], PUP.Optional.IePluginService.A, C:\Users\Ralfi\AppData\Local\Temp\16399293\16399293.zipDir\tmp\SupTab_Setup302.exe, In Quarantäne, [f571e4dd7209ed493f821847f40d8a76], PUP.Optional.WpManager, C:\Users\Ralfi\AppData\Local\Temp\16399293\16399293.zipDir\tmp\wpm_v18.8.0.304.exe, In Quarantäne, [d59106bb15669f9756f193d7ad5403fd], PUP.Optional.SkyTech.A, C:\Users\Ralfi\AppData\Local\Temp\17254428\17254428.zipDir\alilog.dll, In Quarantäne, [c1a549785e1dff37260fcb6788785aa6], PUP.Optional.V9.A, C:\Users\Ralfi\AppData\Local\Temp\17254428\17254428.zipDir\qSE.exe, In Quarantäne, [8bdb7a472c4fad891fc4b296778914ec], PUP.Optional.Skytech.A, C:\Users\Ralfi\AppData\Local\Temp\17254428\17254428.zipDir\UninstallManager.exe, In Quarantäne, [2442d2ef2952b383be5ca8e71ee33cc4], PUP.Optional.IePluginService.A, C:\Users\Ralfi\AppData\Local\Temp\17254428\17254428.zipDir\tmp\SupTab_Setup302.exe, In Quarantäne, [72f43a872c4fb28468594a1550b1fb05], PUP.Optional.WpManager, C:\Users\Ralfi\AppData\Local\Temp\17254428\17254428.zipDir\tmp\wpm_v18.8.0.304.exe, In Quarantäne, [a0c61ca593e8f244a3a4a6c429d8f20e], PUP.Optional.SkyTech.A, C:\Users\Ralfi\AppData\Local\Temp\6571401\6571401.zipDir\alilog.dll, In Quarantäne, [9dc9f1d04239b2841124c270b14f24dc], PUP.Optional.V9.A, C:\Users\Ralfi\AppData\Local\Temp\6571401\6571401.zipDir\qSE.exe, In Quarantäne, [0e585a674d2e67cf459e0e3ac53bc937], PUP.Optional.Skytech.A, C:\Users\Ralfi\AppData\Local\Temp\6571401\6571401.zipDir\UninstallManager.exe, In Quarantäne, [72f4863b2b5021153fdb7b14de2332ce], PUP.Optional.IePluginService.A, C:\Users\Ralfi\AppData\Local\Temp\6571401\6571401.zipDir\tmp\SupTab_Setup302.exe, In Quarantäne, [24421ca5e89385b17150c59ac140867a], PUP.Optional.WpManager, C:\Users\Ralfi\AppData\Local\Temp\6571401\6571401.zipDir\tmp\wpm_v18.8.0.273.exe, In Quarantäne, [8ed85f62bebd6cca20276ffbc43d43bd], PUP.Optional.SkyTech.A, C:\Users\Ralfi\AppData\Local\Temp\27191972\27191972.zipDir\alilog.dll, In Quarantäne, [a3c3cff26b10e254f0452111837d659b], PUP.Optional.V9.A, C:\Users\Ralfi\AppData\Local\Temp\27191972\27191972.zipDir\qSE.exe, In Quarantäne, [df87932ef982c96dba2967e114ec2ad6], PUP.Optional.Skytech.A, C:\Users\Ralfi\AppData\Local\Temp\27191972\27191972.zipDir\UninstallManager.exe, In Quarantäne, [cc9a328f9be09e980f0b94fb8879e917], PUP.Optional.IePluginService.A, C:\Users\Ralfi\AppData\Local\Temp\27191972\27191972.zipDir\tmp\SupTab_Setup302.exe, In Quarantäne, [71f53d84ccaf2016c6fbc49bf20fac54], PUP.Optional.WpManager, C:\Users\Ralfi\AppData\Local\Temp\27191972\27191972.zipDir\tmp\wpm_v18.8.0.304.exe, In Quarantäne, [a8be1da4accf092d1e297cee6d942ed2], PUP.Optional.BetterDeals.A, C:\Users\Ralfi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.betterdeals00.betterdeals.co_0.localstorage, In Quarantäne, [77ef1fa2e29957df189c6d6f9969f50b], PUP.Optional.BetterDeals.A, C:\Users\Ralfi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.betterdeals00.betterdeals.co_0.localstorage-journal, In Quarantäne, [085ee2dfd8a365d16d47e6f6ba48e11f], PUP.Optional.Superfish.A, C:\Users\Ralfi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage, Löschen bei Neustart, [81e5932e91ea6acc5c934a976f932cd4], PUP.Optional.Superfish.A, C:\Users\Ralfi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal, Löschen bei Neustart, [91d59f220e6d62d42ac5627fd62cf50b], PUP.Optional.Adanak.A, C:\Users\Ralfi\AppData\Local\Temp\Adanak\7za.exe, In Quarantäne, [b8ae18a94f2c72c497899333ac569e62], PUP.Optional.Babylon.A, C:\Users\Ralfi\AppData\Local\Google\Chrome\User Data\Default\Preferences, Gut: (), Schlecht: ( "homepage": "hxxp://search.babylon.com/?affID=113480&tt=bandext_3312_4&babsrc=HP_ss&mntrId=341c704c00000000000000ff6cb80bd8",), Ersetzt,[620410b14932aa8c0e08cf1eef151ae6] PUP.Optional.HelperBar.A, C:\Users\Ralfi\AppData\Local\Google\Chrome\User Data\Default\Preferences, Gut: (), Schlecht: ( "startup_urls": [ "hxxp://www.google.com/", "hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=5dcb2ce2-d62c-8a2c-991a-d2d3523f08f4&searchtype=hp&fr=linkury-tb&installDate={installDate}&type=hp1000", "hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=5dcb2ce2-d62c-8a2c-991a-d2d3523f08f4&searchtype=hp&fr=linkury-tb&installDate=09/01/2014&type=hp1000", "hxxp://www.sweet-page.com/?type=hp&ts=1399647427&from=cor&uid=SamsungXSSDX840XEVOX120GB_S1BUNSAF401702D", "hxxp://www.sweet-page.com/?type=hppp&ts=1399676034&from=cor&uid=SamsungXSSDX840XEVOX120GB_S1BUNSAF401702D", "hxxp://www.sweet-page.com/?type=hppp&ts=1399704410&from=cor&uid=SamsungXSSDX840XEVOX120GB_S1BUNSAF401702D", "hxxp://www.sweet-page.com/?type=hppp&ts=1399708660&from=cor&uid=SamsungXSSDX840XEVOX120GB_S1BUNSAF401702D", "hxxp://www.sweet-page.com/?type=hppp&ts=1399721255&from=cor&uid=SamsungXSSDX840XEVOX120GB_S1BUNSAF401702D", "hxxp://www.sweet-page.com/?type=hp&ts=1400380906&from=cor&uid=SamsungXSSDX840XEVOX120GB_S1BUNSAF401702D", "hxxp://www.sweet-page.com/?type=hp&ts=1400609547&from=cor&uid=SamsungXSSDX840XEVOX120GB_S1BUNSAF401702D", "hxxp://www.sweet-page.com/?type=hp&ts=1401467900&from=cor&uid=SamsungXSSDX840XEVOX120GB_S1BUNSAF401702D" ],), Ersetzt,[bbabf7cafc7f270fd97f98555ea62cd4] Physische Sektoren: 0 (No malicious items detected) (end) Alles klare mache ich. Fix2: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 31-07-2014 02
Ran by Ralfi at 2014-08-01 15:44:48 Run:2
Running from C:\Users\Ralfi\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Task: {4D8BC769-341B-4C86-8D7A-29114D11CBB7} - System32\Tasks\YourFile DownloaderInstaller Starter => C:\Users\Ralfi\AppData\Local\Temp\install20450981.exe [2014-07-30] (hxxp://yourfiledownloader.net) <==== ATTENTION
Task: {7A834270-F4A4-4922-BBF2-013022CE6D0D} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {8C3C8FA8-3E14-4A65-8167-74D6ED47B5A5} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {A2A42D7B-092B-4209-B33A-4B10417085C0} - System32\Tasks\YourFile DownloaderUpdate => C:\Program Files (x86)\YourFileDownloader Updater\YourFileUpdater.exe <==== ATTENTION
Task: {B9CE560E-0066-460E-B483-F1398CC19150} - System32\Tasks\AppCloudUpdater => C:\Users\Ralfi\AppData\Roaming\APPCLO~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {CF3B707A-6679-468A-B7F4-6C5B871451AF} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\AppCloudUpdater.job => C:\Users\Ralfi\AppData\Roaming\APPCLO~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
C:\Program Files (x86)\AnyProtectEx\
C:\Windows\Tasks\AppCloudUpdater.job => C:\Users\Ralfi\AppData\Roaming\APPCLO~1\
C:\Program Files (x86)\YourFileDownloader Updater\
C:\Users\Ralfi\AppData\Local\Temp\install20450981.exe
*****************
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4D8BC769-341B-4C86-8D7A-29114D11CBB7}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4D8BC769-341B-4C86-8D7A-29114D11CBB7}" => Key deleted successfully.
C:\Windows\System32\Tasks\YourFile DownloaderInstaller Starter => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YourFile DownloaderInstaller Starter" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7A834270-F4A4-4922-BBF2-013022CE6D0D}" => Key not found.
C:\Windows\System32\Tasks\APSnotifierPP3 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP3" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8C3C8FA8-3E14-4A65-8167-74D6ED47B5A5}" => Key not found.
C:\Windows\System32\Tasks\APSnotifierPP2 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP2" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A2A42D7B-092B-4209-B33A-4B10417085C0}" => Key not found.
C:\Windows\System32\Tasks\YourFile DownloaderUpdate not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YourFile DownloaderUpdate" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B9CE560E-0066-460E-B483-F1398CC19150}" => Key not found.
C:\Windows\System32\Tasks\AppCloudUpdater not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AppCloudUpdater" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CF3B707A-6679-468A-B7F4-6C5B871451AF}" => Key not found.
C:\Windows\System32\Tasks\APSnotifierPP1 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP1" => Key not found.
C:\WINDOWS\Tasks\AppCloudUpdater.job not found.
C:\Windows\Tasks\APSnotifierPP1.job not found.
C:\Windows\Tasks\APSnotifierPP2.job not found.
C:\Windows\Tasks\APSnotifierPP3.job not found.
"C:\Program Files (x86)\AnyProtectEx" => File/Directory not found.
"C:\Windows\Tasks\AppCloudUpdater.job => C:\Users\Ralfi\AppData\Roaming\APPCLO~1" => File/Directory not found.
"C:\Program Files (x86)\YourFileDownloader Updater" => File/Directory not found.
C:\Users\Ralfi\AppData\Local\Temp\install20450981.exe => Moved successfully.
==== End of Fixlog ====
|
|
02.08.2014, 11:46
| #9 |
| /// Malwareteam | Your File Download und Fast and Safe. Hi das sieht ja ganz gut aus Schritt 1: Lade dir  TFC (TempFileCleaner von Oldtimer) herunter und speichere es auf den Desktop.
Schritt 2: ACHTUNG: Lass die Funde bitte gleich löschen, nicht gem Anleitung ESET Online Scanner
Schritt 3: bitte erstelle ein neues FRST Logfile (inkl Adittion.txt) und poste es hier |
|
07.08.2014, 12:29
| #10 |
| /// Malwareteam | Your File Download und Fast and Safe. ich hab schon länger keine Antwort mehr von dir erhalten. Brauchst du weiterhin noch Hilfe? Wenn ich in den nächsten 24 Stunden nichts von dir höre, gehe ich davon aus, dass sich das Thema erledigt hat und lösche es aus meinen Abos. Hinweis: Wir sind noch nicht fertig! Auch wenn die Symptome verschwunden sein sollten, kann dein System weiterhin infiziert sein und über Sicherheitslücken verfügen, welche eine erneute Infektion möglich machen. |
|
07.08.2014, 18:17
| #11 |
| | Your File Download und Fast and Safe. Sorry ich bin im moment nicht Daheim. Ich mache es Sobald ich daheim bin. Die Symptome sind wie du sagst Verschwunden, keinerlei Werbung mehr vorhanden. |
|
28.08.2014, 17:28
| #12 |
| /// Malwareteam | Your File Download und Fast and Safe. Hi benötigst du weiterhin Hilfe? |
|
25.09.2014, 20:51
| #13 |
| /// Malwareteam | Your File Download und Fast and Safe. Fehlende Rückmeldung Dieses Thema wurde aus den Abos gelöscht. Somit bekomm ich keine Benachrichtigung über neue Antworten. PM an mich falls Du denoch weiter machen willst. Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist. Jeder andere bitte hier klicken und einen eigenen Thread erstellen |
|
Gruß Aneri 
Linear-Darstellung
