|
Plagegeister aller Art und deren Bekämpfung: [Win7] Eingabeaufforderung/CMD schließt sich sodort nach dem ÖfnenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
09.04.2014, 12:46 | #1 |
| [Win7] Eingabeaufforderung/CMD schließt sich sodort nach dem Öfnen Hallo Leute, ich habe vor kurzen bei einer Instalation gemerkt das sie versucht CMD zu nutzen es aber nicht will, habe es dann manuel nochmal probiert klapte auch net. Darauf hin habe ich dann versuch was dagegn zu tuen mit einem Program namens " Malwarebytes Anti-Malware " hatt auch nen haufen beseitigt aber anscheinen nicht das Richtige hier das Archiv. Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Protection, 08.04.2014 21:02:41, SYSTEM, CHRISTOPHER-PC, Protection, Malware Protection, Starting, Protection, 08.04.2014 21:02:41, SYSTEM, CHRISTOPHER-PC, Protection, Malware Protection, Started, Protection, 08.04.2014 21:02:41, SYSTEM, CHRISTOPHER-PC, Protection, Malicious Website Protection, Starting, Update, 08.04.2014 21:02:44, SYSTEM, CHRISTOPHER-PC, Manual, Rootkit Database, 2014.2.20.1, 2014.3.27.1, Update, 08.04.2014 21:02:52, SYSTEM, CHRISTOPHER-PC, Manual, Malware Database, 2014.3.4.9, 2014.4.8.6, Protection, 08.04.2014 21:02:56, SYSTEM, CHRISTOPHER-PC, Protection, Malicious Website Protection, Started, Protection, 08.04.2014 21:02:56, SYSTEM, CHRISTOPHER-PC, Protection, Refresh, Starting, Protection, 08.04.2014 21:02:56, SYSTEM, CHRISTOPHER-PC, Protection, Malicious Website Protection, Stopping, Protection, 08.04.2014 21:02:56, SYSTEM, CHRISTOPHER-PC, Protection, Malicious Website Protection, Stopped, Protection, 08.04.2014 21:02:59, SYSTEM, CHRISTOPHER-PC, Protection, Refresh, Success, Protection, 08.04.2014 21:02:59, SYSTEM, CHRISTOPHER-PC, Protection, Malicious Website Protection, Starting, Protection, 08.04.2014 21:02:59, SYSTEM, CHRISTOPHER-PC, Protection, Malicious Website Protection, Started, Detection, 08.04.2014 21:20:20, SYSTEM, CHRISTOPHER-PC, Protection, Malicious Website Protection, IP, 77.78.226.254, 54955, Outbound, C:\Program Files (x86)\Skype\Phone\Skype.exe, Detection, 08.04.2014 21:20:20, SYSTEM, CHRISTOPHER-PC, Protection, Malicious Website Protection, IP, 77.78.226.254, 54955, Outbound, C:\Program Files (x86)\Skype\Phone\Skype.exe, Detection, 08.04.2014 21:20:21, SYSTEM, CHRISTOPHER-PC, Protection, Malicious Website Protection, IP, 77.78.226.254, 54957, Outbound, C:\Program Files (x86)\Skype\Phone\Skype.exe, Detection, 08.04.2014 21:20:21, SYSTEM, CHRISTOPHER-PC, Protection, Malicious Website Protection, IP, 77.78.226.254, 54958, Outbound, C:\Program Files (x86)\Skype\Phone\Skype.exe, Detection, 08.04.2014 21:20:21, SYSTEM, CHRISTOPHER-PC, Protection, Malicious Website Protection, IP, 77.78.226.254, 54959, Outbound, C:\Program Files (x86)\Skype\Phone\Skype.exe, Detection, 08.04.2014 21:32:13, SYSTEM, CHRISTOPHER-PC, Protection, Malicious Website Protection, IP, 37.1.193.194, 55455, Outbound, C:\Program Files (x86)\Skype\Phone\Skype.exe, Detection, 08.04.2014 21:32:14, SYSTEM, CHRISTOPHER-PC, Protection, Malicious Website Protection, IP, 37.1.193.194, 55455, Outbound, C:\Program Files (x86)\Skype\Phone\Skype.exe, Detection, 08.04.2014 21:32:14, SYSTEM, CHRISTOPHER-PC, Protection, Malicious Website Protection, IP, 37.1.193.194, 55458, Outbound, C:\Program Files (x86)\Skype\Phone\Skype.exe, Detection, 08.04.2014 21:32:14, SYSTEM, CHRISTOPHER-PC, Protection, Malicious Website Protection, IP, 37.1.193.194, 55459, Outbound, C:\Program Files (x86)\Skype\Phone\Skype.exe, Detection, 08.04.2014 21:32:14, SYSTEM, CHRISTOPHER-PC, Protection, Malicious Website Protection, IP, 37.1.193.194, 55460, Outbound, C:\Program Files (x86)\Skype\Phone\Skype.exe, Detection, 08.04.2014 22:13:09, SYSTEM, CHRISTOPHER-PC, Protection, Malicious Website Protection, IP, 37.1.193.194, 57039, Outbound, C:\Program Files (x86)\Skype\Phone\Skype.exe, Detection, 08.04.2014 22:13:09, SYSTEM, CHRISTOPHER-PC, Protection, Malicious Website Protection, IP, 37.1.193.194, 57039, Outbound, C:\Program Files (x86)\Skype\Phone\Skype.exe, Detection, 08.04.2014 22:13:10, SYSTEM, CHRISTOPHER-PC, Protection, Malicious Website Protection, IP, 37.1.193.194, 57040, Outbound, C:\Program Files (x86)\Skype\Phone\Skype.exe, Detection, 08.04.2014 22:13:10, SYSTEM, CHRISTOPHER-PC, Protection, Malicious Website Protection, IP, 37.1.193.194, 57041, Outbound, C:\Program Files (x86)\Skype\Phone\Skype.exe, Detection, 08.04.2014 22:13:11, SYSTEM, CHRISTOPHER-PC, Protection, Malicious Website Protection, IP, 37.1.193.194, 57042, Outbound, C:\Program Files (x86)\Skype\Phone\Skype.exe, Protection, 08.04.2014 22:19:36, SYSTEM, CHRISTOPHER-PC, Protection, Malware Protection, Starting, Protection, 08.04.2014 22:19:36, SYSTEM, CHRISTOPHER-PC, Protection, Malware Protection, Started, Protection, 08.04.2014 22:19:36, SYSTEM, CHRISTOPHER-PC, Protection, Malicious Website Protection, Starting, Protection, 08.04.2014 22:22:26, SYSTEM, CHRISTOPHER-PC, Protection, Malicious Website Protection, Started, Update, 08.04.2014 22:27:00, SYSTEM, CHRISTOPHER-PC, Scheduler, Malware Database, 2014.4.8.6, 2014.4.8.7, Protection, 08.04.2014 22:27:10, SYSTEM, CHRISTOPHER-PC, Protection, Refresh, Starting, Protection, 08.04.2014 22:27:10, SYSTEM, CHRISTOPHER-PC, Protection, Malicious Website Protection, Stopping, Protection, 08.04.2014 22:27:10, SYSTEM, CHRISTOPHER-PC, Protection, Malicious Website Protection, Stopped, Protection, 08.04.2014 22:27:13, SYSTEM, CHRISTOPHER-PC, Protection, Refresh, Success, Protection, 08.04.2014 22:27:13, SYSTEM, CHRISTOPHER-PC, Protection, Malicious Website Protection, Starting, Protection, 08.04.2014 22:27:13, SYSTEM, CHRISTOPHER-PC, Protection, Malicious Website Protection, Started, (end) Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Protection, 09.04.2014 12:52:41, SYSTEM, CHRISTOPHER-PC, Protection, Malware Protection, Starting, Protection, 09.04.2014 12:52:41, SYSTEM, CHRISTOPHER-PC, Protection, Malware Protection, Started, Protection, 09.04.2014 12:52:41, SYSTEM, CHRISTOPHER-PC, Protection, Malicious Website Protection, Starting, Protection, 09.04.2014 12:56:09, SYSTEM, CHRISTOPHER-PC, Protection, Malicious Website Protection, Started, Update, 09.04.2014 13:35:48, SYSTEM, CHRISTOPHER-PC, Scheduler, Malware Database, 2014.4.8.7, 2014.4.9.4, Protection, 09.04.2014 13:35:49, SYSTEM, CHRISTOPHER-PC, Protection, Refresh, Starting, Protection, 09.04.2014 13:35:49, SYSTEM, CHRISTOPHER-PC, Protection, Malicious Website Protection, Stopping, Protection, 09.04.2014 13:35:50, SYSTEM, CHRISTOPHER-PC, Protection, Malicious Website Protection, Stopped, Protection, 09.04.2014 13:35:52, SYSTEM, CHRISTOPHER-PC, Protection, Refresh, Success, Protection, 09.04.2014 13:35:52, SYSTEM, CHRISTOPHER-PC, Protection, Malicious Website Protection, Starting, Protection, 09.04.2014 13:35:53, SYSTEM, CHRISTOPHER-PC, Protection, Malicious Website Protection, Started, (end) Frst FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 (ATTENTION: ====> FRST version is 27 days old and could be outdated) Ran by Christopher (administrator) on CHRISTOPHER-PC on 09-04-2014 13:39:35 Running from F:\Dokumente Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Check Point Software Technologies) C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe (Check Point Software Technologies) C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Comfort Software Group) C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe (Overwolf LTD) C:\Program Files (x86)\Overwolf\Overwolf.exe (Spotify Ltd) C:\Users\Christopher\AppData\Roaming\Spotify\spotify.exe (Spotify Ltd) C:\Users\Christopher\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Dropbox, Inc.) C:\Users\Christopher\AppData\Roaming\Dropbox\bin\Dropbox.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Disc Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTShellHlp.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe () C:\Users\Christopher\AppData\Roaming\Spotify\Data\SpotifyHelper.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe () C:\Users\Christopher\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\Christopher\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Windows\SysWOW64\PnkBstrA.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe () C:\Users\Christopher\AppData\Roaming\Spotify\Data\SpotifyHelper.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe () C:\Users\Christopher\AppData\Roaming\Spotify\Data\SpotifyHelper.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (Overwolf LTD) C:\Program Files (x86)\Common Files\Overwolf\OverwolfHelper.exe (Overwolf LTD) C:\Program Files (x86)\Common Files\Overwolf\OverwolfHelper64.exe (Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor) HKLM\...\Run: [ISW] - C:\Program Files\CheckPoint\ZAForceField\ForceField.exe [1127592 2012-11-22] (Check Point Software Technologies) HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2199840 2014-04-02] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\nvspcap64.dll [1225920 2014-04-02] (NVIDIA Corporation) HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-03-26] (Intel Corporation) HKLM-x32\...\Run: [ZoneAlarm] - C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [73832 2013-01-29] (Check Point Software Technologies LTD) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [BlueStacks Agent] - C:\Program Files (x86)\BlueStacks\HD-Agent.exe [601928 2013-08-07] (BlueStack Systems, Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3814736 2014-02-26] (LogMeIn Inc.) HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] - rmdir /s /q "\SearchProtect" HKU\S-1-5-21-1243158617-1119941495-1123096171-1001\...\Run: [Pando Media Booster] - null\Pando Networks\Media Booster\PMB.exe HKU\S-1-5-21-1243158617-1119941495-1123096171-1001\...\Run: [EPSON421CF4 (Epson Stylus Office BX320FW)] - C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGIE.EXE [224768 2009-09-14] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-1243158617-1119941495-1123096171-1001\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1821888 2014-02-25] (Valve Corporation) HKU\S-1-5-21-1243158617-1119941495-1123096171-1001\...\Run: [Akamai NetSession Interface] - C:\Users\Christopher\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.) HKU\S-1-5-21-1243158617-1119941495-1123096171-1001\...\Run: [FreeAC] - C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe [1328976 2012-04-25] (Comfort Software Group) HKU\S-1-5-21-1243158617-1119941495-1123096171-1001\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd) HKU\S-1-5-21-1243158617-1119941495-1123096171-1001\...\Run: [Overwolf] - C:\Program Files (x86)\Overwolf\Overwolf.exe [37664 2014-03-05] (Overwolf LTD) HKU\S-1-5-21-1243158617-1119941495-1123096171-1001\...\Run: [Spotify] - C:\Users\Christopher\AppData\Roaming\Spotify\Spotify.exe [6118400 2014-01-15] (Spotify Ltd) HKU\S-1-5-21-1243158617-1119941495-1123096171-1001\...\Run: [Spotify Web Helper] - C:\Users\Christopher\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-01-15] (Spotify Ltd) HKU\S-1-5-21-1243158617-1119941495-1123096171-1001\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20924576 2014-02-10] (Skype Technologies S.A.) HKU\S-1-5-21-1243158617-1119941495-1123096171-1001\...\RunOnce: [Application Restart #1] - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [859976 2014-03-15] (Google Inc.) HKU\S-1-5-21-1243158617-1119941495-1123096171-1001\...\MountPoints2: {2ea83c97-8278-11e2-929a-d43d7e31e76d} - E:\Install.exe HKU\S-1-5-21-1243158617-1119941495-1123096171-1001\...\MountPoints2: {7a21e395-925a-11e3-9600-d43d7e31e76d} - H:\Startme.exe HKU\S-1-5-21-1243158617-1119941495-1123096171-1001\...\MountPoints2: {a0f83e86-4ae0-11e3-b0f7-d43d7e31e76d} - E:\Autorun.exe HKU\S-1-5-21-1243158617-1119941495-1123096171-1001\...\Command Processor: <===== ATTENTION! AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => "C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" File Not Found Startup: C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Christopher\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) Startup: C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google Chrome.lnk ShortcutTarget: Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) Startup: C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TeamSpeak 3 Client.lnk ShortcutTarget: TeamSpeak 3 Client.lnk -> C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe (TeamSpeak Systems GmbH) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xAD16E1DFF315CE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) Toolbar: HKLM-x32 - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 80.69.103.78 80.69.102.158 FireFox: ======== FF ProfilePath: C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\yyqeewho.default-1374085442957 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll () FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @live.heroesandgenerals.com/npretox - C:\Program Files (x86)\Heroes & Generals\live\npretox-1.0.6.1\npretoxlive-1.0.6.1.dll (Reto-Moto ApS) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - null\Pando Networks\Media Booster\npPandoWebPlugin.dll No File FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Users\Christopher\Downloads\null\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll () FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: zonealarm.com - C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\yyqeewho.default-1374085442957\Extensions\ffxtlbr@zonealarm.com [2013-07-17] FF Extension: QuickShare Widget - C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\yyqeewho.default-1374085442957\Extensions\{b48f059e-4c8e-437e-8341-3f67dab778bb} [2014-03-11] FF Extension: BonanzaDeals - C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\yyqeewho.default-1374085442957\Extensions\{f9d03c26-0575-497e-821d-f7956d23e0ca}.xpi [2014-01-04] FF HKLM\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\TrustChecker FF Extension: No Name - C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2013-02-28] FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker FF Extension: ZoneAlarm Security Engine - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2013-02-28] Chrome: ======= CHR HomePage: CHR Extension: (Angry Birds) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2014-01-15] CHR Extension: (Google Drive) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-13] CHR Extension: (YouTube) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-13] CHR Extension: (GMX MailCheck) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\camnampocfohlcgbajligmemmabnljcm [2013-12-12] CHR Extension: (Google-Suche) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-13] CHR Extension: (Regentropfen(Non-Aero)) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpagcfbbmlebfnkeogkigellbgmfkjfg [2014-02-02] CHR Extension: (Heroes & Generals) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbophcdhblbipoaacgchllkobdaolpge [2014-03-02] CHR Extension: (New Tab Redirect) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\icpgjfneehieebagbmdbhnlpiopdcmna [2014-01-15] CHR Extension: (Google Wallet) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-13] CHR Extension: (Google Mail) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-13] ==================== Services (Whitelisted) ================= S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [393032 2013-08-07] (BlueStack Systems, Inc.) R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384840 2013-08-07] (BlueStack Systems, Inc.) S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [93016 2014-04-08] (EasyAntiCheat Ltd) R2 IswSvc; C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe [828072 2012-11-22] (Check Point Software Technologies) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165144 2012-03-29] (Intel Corporation) R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-02-26] (LogMeIn, Inc.) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1617352 2014-04-02] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [20542408 2014-04-02] (NVIDIA Corporation) S3 OverwolfUpdaterService; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [99616 2014-03-05] (Overwolf LTD) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2013-09-09] () R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [2447888 2013-01-29] (Check Point Software Technologies LTD) R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-21] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [70984 2013-08-07] (BlueStack Systems) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-11-11] (Disc Soft Ltd) R2 ISWKL; C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [33712 2012-11-22] (Check Point Software Technologies) U5 klflt; C:\Windows\System32\Drivers\klflt.sys [89432 2012-11-15] (Kaspersky Lab) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [611160 2012-11-15] (Kaspersky Lab) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-09] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-21] (NVIDIA Corporation) S1 StarOpen; C:\Windows\SysWow64\Drivers\StarOpen.sys [5632 2006-07-24] () R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [450136 2012-12-13] (Check Point Software Technologies LTD) S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\1.3\temp\FairplayKD.sys [X] U0 KL1; S3 MSICDSetup; \??\D:\CDriver64.sys [X] S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X] S3 xhunter1; \??\C:\Windows\xhunter1.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-09 13:39 - 2014-04-09 13:39 - 00000000 ____D () C:\FRST 2014-04-09 13:37 - 2014-04-09 13:37 - 00005186 _____ () C:\Users\Christopher\Desktop\archiv2.txt 2014-04-09 13:36 - 2014-04-09 13:36 - 00001211 _____ () C:\Users\Christopher\Desktop\Archiv.txt 2014-04-08 21:02 - 2014-04-09 13:35 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-08 21:02 - 2014-04-08 21:02 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-04-08 21:02 - 2014-04-08 21:02 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-04-08 21:02 - 2014-04-08 21:02 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-04-08 21:02 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-04-08 21:02 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-04-08 21:02 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-04-08 20:33 - 2014-04-08 20:39 - 00093016 _____ (EasyAntiCheat Ltd) C:\Windows\SysWOW64\EasyAntiCheat.exe 2014-04-08 20:22 - 2014-04-08 20:24 - 00000000 ____D () C:\Users\Christopher\AppData\Local\NVIDIA Corporation 2014-04-08 20:22 - 2014-04-02 15:28 - 01225920 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll 2014-04-08 20:22 - 2014-04-02 15:28 - 01081112 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll 2014-04-08 20:21 - 2014-03-21 21:43 - 00040392 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys 2014-04-08 20:21 - 2014-03-21 21:43 - 00037320 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll 2014-04-08 20:21 - 2014-03-21 21:43 - 00033568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll 2014-04-08 20:17 - 2014-04-08 20:17 - 00000222 _____ () C:\Users\Christopher\Desktop\Magicka Wizard Wars.url 2014-04-08 19:59 - 2014-04-08 20:24 - 00000000 ____D () C:\Users\Christopher\AppData\Local\NVIDIA 2014-04-08 19:55 - 2014-03-04 13:32 - 00599840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe 2014-04-04 22:05 - 2014-04-04 22:05 - 00001048 _____ () C:\Users\Christopher\Desktop\TERA.lnk 2014-04-04 17:24 - 2014-02-28 21:47 - 00000000 ____D () C:\Users\Christopher\Desktop\Minecraft Cracked 2014-03-30 17:11 - 2014-03-30 17:11 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf4c2a5dbd0a51.job 2014-03-29 20:58 - 2014-03-29 20:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-03-25 20:31 - 2014-03-26 00:04 - 00000015 _____ () C:\Users\Christopher\Desktop\Samp.txt 2014-03-25 17:24 - 2014-03-25 17:24 - 00001063 _____ () C:\Users\Christopher\Desktop\Notepad++.lnk 2014-03-25 17:24 - 2014-03-25 17:24 - 00000000 ____D () C:\Users\Christopher\AppData\Roaming\Notepad++ 2014-03-25 17:24 - 2014-03-25 17:24 - 00000000 ____D () C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++ 2014-03-25 17:24 - 2014-03-25 17:24 - 00000000 ____D () C:\Program Files (x86)\Notepad++ 2014-03-25 17:12 - 2014-03-25 17:12 - 00001762 _____ () C:\Users\Christopher\Desktop\starbound_opengl - Verknüpfung.lnk 2014-03-25 17:08 - 2014-03-25 17:08 - 00002266 _____ () C:\Users\Christopher\Desktop\Starbound Update 7.1.lnk 2014-03-25 17:07 - 2011-03-30 20:35 - 00292184 ____N (Microsoft Corporation) C:\Users\Christopher\Desktop\dxwebsetup.exe 2014-03-25 17:04 - 2014-03-27 19:13 - 00000000 ____D () C:\Program Files (x86)\Starbound Update 7.1 2014-03-25 15:33 - 2014-04-09 13:23 - 00000000 ____D () C:\AdwCleaner 2014-03-21 16:09 - 2014-03-21 16:09 - 00000000 ____D () C:\Users\Christopher\AppData\Local\Skype 2014-03-21 16:08 - 2014-03-21 16:08 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk 2014-03-20 23:03 - 2014-03-20 23:03 - 15783992 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll 2014-03-20 23:03 - 2014-03-20 23:03 - 11589272 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll 2014-03-20 23:03 - 2014-03-20 23:03 - 09690424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll 2014-03-20 23:03 - 2014-03-20 23:03 - 00832936 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 31474976 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 25255256 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 23716640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 17755424 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 12708128 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys 2014-03-20 23:02 - 2014-03-20 23:02 - 11636176 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 09728064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 03143456 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 02958792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 02783008 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 02715264 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 02411976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 01885472 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433523.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 01516488 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433523.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 01515296 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 00892704 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 00877856 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 00863064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 00846168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 00484296 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 00409544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 00377688 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 00353504 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 00333600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 00197408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys 2014-03-20 23:02 - 2014-03-20 23:02 - 00174296 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 00148016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll 2014-03-20 21:36 - 2014-03-20 21:36 - 00000221 _____ () C:\Users\Christopher\Desktop\Men of War Assault Squad.url 2014-03-12 14:08 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll 2014-03-12 14:08 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll 2014-03-12 14:08 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll 2014-03-12 14:07 - 2014-03-01 08:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-03-12 14:07 - 2014-03-01 07:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-03-12 14:07 - 2014-03-01 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-03-12 14:07 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-03-12 14:07 - 2014-03-01 06:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-03-12 14:07 - 2014-03-01 06:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-03-12 14:07 - 2014-03-01 06:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-03-12 14:07 - 2014-03-01 06:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-03-12 14:07 - 2014-03-01 06:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-03-12 14:07 - 2014-03-01 06:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-03-12 14:07 - 2014-03-01 06:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-03-12 14:07 - 2014-03-01 06:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-03-12 14:07 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-03-12 14:07 - 2014-03-01 06:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-03-12 14:07 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-03-12 14:07 - 2014-03-01 06:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-03-12 14:07 - 2014-03-01 06:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-03-12 14:07 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-03-12 14:07 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-03-12 14:07 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-03-12 14:07 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-03-12 14:07 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-03-12 14:07 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-03-12 14:07 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-03-12 14:07 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-03-12 14:07 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-03-12 14:07 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-03-12 14:07 - 2014-03-01 05:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-03-12 14:07 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-03-12 14:07 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-03-12 14:07 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-03-12 14:07 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-03-12 14:07 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-03-12 14:07 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-03-12 14:07 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-03-12 14:07 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-03-12 14:07 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-03-12 14:07 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-03-12 14:07 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-03-12 14:07 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-03-12 14:07 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-03-12 14:07 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-03-12 14:07 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-03-12 14:07 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2014-03-12 14:07 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll ==================== One Month Modified Files and Folders ======= 2014-04-09 13:39 - 2014-04-09 13:39 - 00000000 ____D () C:\FRST 2014-04-09 13:37 - 2014-04-09 13:37 - 00005186 _____ () C:\Users\Christopher\Desktop\archiv2.txt 2014-04-09 13:36 - 2014-04-09 13:36 - 00001211 _____ () C:\Users\Christopher\Desktop\Archiv.txt 2014-04-09 13:35 - 2014-04-08 21:02 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-09 13:29 - 2013-04-21 15:30 - 00000000 ____D () C:\Users\Christopher\AppData\Roaming\Skype 2014-04-09 13:23 - 2014-03-25 15:33 - 00000000 ____D () C:\AdwCleaner 2014-04-09 13:02 - 2013-10-06 11:37 - 01883092 _____ () C:\Windows\WindowsUpdate.log 2014-04-09 13:02 - 2013-03-02 10:28 - 00000000 ____D () C:\Users\Christopher\AppData\Roaming\TS3Client 2014-04-09 13:02 - 2009-07-14 06:45 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-04-09 13:02 - 2009-07-14 06:45 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-04-09 12:56 - 2013-11-30 23:14 - 00000000 ____D () C:\Users\Christopher\AppData\Roaming\Spotify 2014-04-09 12:54 - 2013-03-02 11:35 - 00000000 ____D () C:\Users\Christopher\AppData\Local\LogMeIn Hamachi 2014-04-09 12:53 - 2013-12-06 22:14 - 00013900 _____ () C:\Windows\setupact.log 2014-04-09 12:53 - 2013-09-20 13:07 - 00000000 ____D () C:\Users\Christopher\AppData\Local\Overwolf 2014-04-09 12:53 - 2013-06-04 18:39 - 00000000 ___RD () C:\Users\Christopher\Dropbox 2014-04-09 12:53 - 2013-06-04 18:33 - 00000000 ____D () C:\Users\Christopher\AppData\Roaming\Dropbox 2014-04-09 12:51 - 2013-03-17 19:09 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-04-09 12:50 - 2013-02-25 23:39 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-04-08 22:16 - 2013-12-09 17:08 - 00061954 _____ () C:\Windows\PFRO.log 2014-04-08 22:16 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Vss 2014-04-08 22:16 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\IME 2014-04-08 21:02 - 2014-04-08 21:02 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-04-08 21:02 - 2014-04-08 21:02 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-04-08 21:02 - 2014-04-08 21:02 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-04-08 20:39 - 2014-04-08 20:33 - 00093016 _____ (EasyAntiCheat Ltd) C:\Windows\SysWOW64\EasyAntiCheat.exe 2014-04-08 20:24 - 2014-04-08 20:22 - 00000000 ____D () C:\Users\Christopher\AppData\Local\NVIDIA Corporation 2014-04-08 20:24 - 2014-04-08 19:59 - 00000000 ____D () C:\Users\Christopher\AppData\Local\NVIDIA 2014-04-08 20:24 - 2013-02-25 23:39 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation 2014-04-08 20:22 - 2013-02-25 23:39 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation 2014-04-08 20:22 - 2013-02-25 23:38 - 00000000 ____D () C:\Program Files\NVIDIA Corporation 2014-04-08 20:17 - 2014-04-08 20:17 - 00000222 _____ () C:\Users\Christopher\Desktop\Magicka Wizard Wars.url 2014-04-08 20:17 - 2013-03-17 19:16 - 00000000 ____D () C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2014-04-07 20:32 - 2013-11-30 23:15 - 00000000 ____D () C:\Users\Christopher\AppData\Local\Spotify 2014-04-05 18:23 - 2013-09-03 11:13 - 00000000 ____D () C:\Program Files (x86)\Electronic Arts 2014-04-05 18:22 - 2013-09-07 19:13 - 00000000 ____D () C:\Users\Christopher\AppData\Roaming\Meine Der Herr der Ringe™, Aufstieg des Hexenkönigs™-Dateien 2014-04-05 18:20 - 2011-04-12 09:43 - 00781554 _____ () C:\Windows\system32\perfh007.dat 2014-04-05 18:20 - 2011-04-12 09:43 - 00179804 _____ () C:\Windows\system32\perfc007.dat 2014-04-05 18:20 - 2009-07-14 07:13 - 01830186 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-05 15:58 - 2013-08-23 13:47 - 00000000 ____D () C:\Users\Christopher\AppData\Roaming\.minecraft 2014-04-05 15:52 - 2014-03-02 14:40 - 00000000 ____D () C:\Program Files (x86)\Heroes & Generals 2014-04-04 22:06 - 2013-08-11 13:56 - 00000000 ____D () C:\Program Files (x86)\TERA 2014-04-04 22:05 - 2014-04-04 22:05 - 00001048 _____ () C:\Users\Christopher\Desktop\TERA.lnk 2014-04-04 22:04 - 2013-03-02 10:24 - 00000000 ____D () C:\Ubisoft 2014-04-04 22:04 - 2013-02-25 22:44 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-04-04 17:26 - 2013-08-23 13:47 - 00356864 _____ () C:\Users\Christopher\Desktop\Minecraft.exe 2014-04-04 17:10 - 2013-07-25 11:42 - 00000000 ____D () C:\Users\Christopher\AppData\Local\Akamai 2014-04-04 17:08 - 2013-02-28 22:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-04-03 09:51 - 2014-04-08 21:02 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-04-03 09:51 - 2014-04-08 21:02 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-04-03 09:50 - 2014-04-08 21:02 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-04-02 15:28 - 2014-04-08 20:22 - 01225920 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll 2014-04-02 15:28 - 2014-04-08 20:22 - 01081112 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll 2014-03-30 17:11 - 2014-03-30 17:11 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf4c2a5dbd0a51.job 2014-03-29 20:58 - 2014-03-29 20:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-03-29 14:51 - 2013-03-02 10:28 - 00000000 ____D () C:\Program Files (x86)\Ubisoft 2014-03-28 22:11 - 2013-12-12 20:39 - 00000000 ____D () C:\Users\Christopher\AppData\Local\Battle.net 2014-03-27 19:13 - 2014-03-25 17:04 - 00000000 ____D () C:\Program Files (x86)\Starbound Update 7.1 2014-03-26 17:43 - 2013-02-28 22:37 - 00000000 ____D () C:\Users\Christopher 2014-03-26 00:04 - 2014-03-25 20:31 - 00000015 _____ () C:\Users\Christopher\Desktop\Samp.txt 2014-03-25 17:24 - 2014-03-25 17:24 - 00001063 _____ () C:\Users\Christopher\Desktop\Notepad++.lnk 2014-03-25 17:24 - 2014-03-25 17:24 - 00000000 ____D () C:\Users\Christopher\AppData\Roaming\Notepad++ 2014-03-25 17:24 - 2014-03-25 17:24 - 00000000 ____D () C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++ 2014-03-25 17:24 - 2014-03-25 17:24 - 00000000 ____D () C:\Program Files (x86)\Notepad++ 2014-03-25 17:12 - 2014-03-25 17:12 - 00001762 _____ () C:\Users\Christopher\Desktop\starbound_opengl - Verknüpfung.lnk 2014-03-25 17:08 - 2014-03-25 17:08 - 00002266 _____ () C:\Users\Christopher\Desktop\Starbound Update 7.1.lnk 2014-03-25 17:08 - 2013-02-28 23:21 - 00000000 ___HD () C:\Windows\msdownld.tmp 2014-03-25 17:08 - 2013-02-28 23:21 - 00000000 ____D () C:\Windows\SysWOW64\directx 2014-03-25 15:43 - 2013-10-13 01:54 - 00001442 _____ () C:\Users\Christopher\Desktop\Chrome-App-Übersicht.lnk 2014-03-25 15:37 - 2013-10-13 01:54 - 00000000 ____D () C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-03-25 15:37 - 2013-10-13 01:51 - 00001282 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-03-25 15:37 - 2013-02-28 22:57 - 00001053 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-03-25 15:37 - 2013-02-28 22:37 - 00001007 _____ () C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-03-25 15:37 - 2013-02-28 22:37 - 00000000 ___RD () C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-03-22 22:29 - 2013-12-12 20:39 - 00000000 ____D () C:\Program Files (x86)\Battle.net 2014-03-21 21:43 - 2014-04-08 20:21 - 00040392 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys 2014-03-21 21:43 - 2014-04-08 20:21 - 00037320 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll 2014-03-21 21:43 - 2014-04-08 20:21 - 00033568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll 2014-03-21 16:09 - 2014-03-21 16:09 - 00000000 ____D () C:\Users\Christopher\AppData\Local\Skype 2014-03-21 16:08 - 2014-03-21 16:08 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk 2014-03-21 16:08 - 2013-04-21 15:30 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-03-21 16:08 - 2013-04-21 15:30 - 00000000 ____D () C:\ProgramData\Skype 2014-03-20 23:03 - 2014-03-20 23:03 - 15783992 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll 2014-03-20 23:03 - 2014-03-20 23:03 - 11589272 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll 2014-03-20 23:03 - 2014-03-20 23:03 - 09690424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll 2014-03-20 23:03 - 2014-03-20 23:03 - 00832936 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll 2014-03-20 23:03 - 2013-09-17 22:22 - 18302384 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll 2014-03-20 23:03 - 2013-09-17 22:22 - 00947808 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll 2014-03-20 23:03 - 2013-02-25 23:39 - 00062408 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll 2014-03-20 23:03 - 2013-02-25 23:39 - 00054216 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 31474976 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 25255256 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 23716640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 17755424 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 12708128 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys 2014-03-20 23:02 - 2014-03-20 23:02 - 11636176 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 09728064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 03143456 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 02958792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 02783008 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 02715264 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 02411976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 01885472 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433523.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 01516488 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433523.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 01515296 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 00892704 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 00877856 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 00863064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 00846168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 00484296 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 00409544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 00377688 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 00353504 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 00333600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 00197408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys 2014-03-20 23:02 - 2014-03-20 23:02 - 00174296 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 00148016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll 2014-03-20 23:02 - 2013-09-17 22:22 - 14709720 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll 2014-03-20 23:02 - 2013-09-17 22:22 - 03093280 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll 2014-03-20 23:02 - 2013-02-25 23:38 - 00024544 _____ () C:\Windows\system32\nvinfo.pb 2014-03-20 22:48 - 2013-05-28 16:35 - 00000000 ____D () C:\Users\Christopher\Documents\My Games 2014-03-20 22:47 - 2013-12-08 23:08 - 00070508 _____ () C:\Windows\DirectX.log 2014-03-20 21:36 - 2014-03-20 21:36 - 00000221 _____ () C:\Users\Christopher\Desktop\Men of War Assault Squad.url 2014-03-19 16:02 - 2013-09-20 13:08 - 00000000 ____D () C:\Program Files (x86)\Overwolf 2014-03-19 15:34 - 2013-08-16 01:13 - 00000000 ____D () C:\Windows\system32\MRT 2014-03-19 15:32 - 2012-01-06 12:03 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-03-15 18:52 - 2014-01-16 21:46 - 00000000 ____D () C:\Program Files (x86)\Hearthstone 2014-03-15 12:01 - 2013-02-28 23:19 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-03-15 12:01 - 2013-02-28 23:19 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-03-15 12:01 - 2013-02-28 23:19 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-03-14 16:05 - 2009-07-14 06:45 - 00276968 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-03-14 16:04 - 2013-10-22 01:31 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-03-14 16:04 - 2013-10-22 01:31 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2014-03-13 17:24 - 2013-03-02 10:27 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client Files to move or delete: ==================== C:\Users\Christopher\AppData\Roaming\skype.ini C:\ProgramData\0od37.bat C:\ProgramData\0od37.pad C:\ProgramData\0od37.reg C:\ProgramData\8ejf2.bat C:\ProgramData\8ejf2.pad C:\ProgramData\8ejf2.reg C:\ProgramData\ofbh.pad Some content of TEMP: ==================== C:\Users\Christopher\AppData\Local\Temp\AutoRun.exe C:\Users\Christopher\AppData\Local\Temp\AutoRunGUI.dll C:\Users\Christopher\AppData\Local\Temp\EAInstall.dll C:\Users\Christopher\AppData\Local\Temp\eauninstall.exe C:\Users\Christopher\AppData\Local\Temp\runprog.exe C:\Users\Christopher\AppData\Local\Temp\The Lord of the Rings, The Rise of the Witch-king_uninst.exe C:\Users\Christopher\AppData\Local\Temp\xmlUpdater.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-06-14 17:39 ==================== End Of Log ============================ Addition Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014 Ran by Christopher at 2014-04-09 13:40:10 Running from F:\Dokumente Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: ZoneAlarm Free Firewall Firewall (Enabled) {E6380B7E-D4B2-19F1-083E-56486607704B} ==================== Installed Programs ====================== 7 Days to Die - Alpha version 0.9.1 (HKLM-x32\...\{967E55B4-6DDD-4A2F-BFC7-07F1E327971E}_is1) (Version: 0.9.1 - The Fun Pimps LLC) Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.7.700.224 - Adobe Systems Incorporated) Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated) Adobe Reader XI (11.0.05) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.05 - Adobe Systems Incorporated) Akamai NetSession Interface (HKCU\...\Akamai) (Version: - Akamai Technologies, Inc) ArmA 2 Uninstall (HKLM-x32\...\ArmA 2) (Version: - ) AS-Vokabeltrainer (HKLM-x32\...\AS-Vokabeltrainer) (Version: - ) Banished (HKLM-x32\...\Steam App 242920) (Version: - Shining Rock Software LLC) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) BattlEye Uninstall (HKLM-x32\...\BattlEye for A2) (Version: - ) BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.7.17.916 - BlueStack Systems, Inc.) BlueStacks Notification Center (HKLM-x32\...\{7E6316CA-5ED0-4EF9-9920-A92115E286B7}) (Version: 0.7.17.916 - BlueStack Systems, Inc.) CCleaner (HKLM\...\CCleaner) (Version: 3.28 - Piriform) Clonk Endeavour 4.95.5 (HKLM-x32\...\Clonk Endeavour) (Version: 4.95.5 - RedWolf Design GmbH) Company of Heroes 2 (HKLM-x32\...\Steam App 231430) (Version: - Relic Entertainment) Cossacks - Back To War (HKLM-x32\...\Cossacks : Back To War) (Version: - ) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.48.1.0347 - Disc Soft Ltd) DayZ (HKLM-x32\...\Steam App 221100) (Version: - Bohemia Interactive) Die Schlacht um Mittelerde™ II (HKLM-x32\...\{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}) (Version: - ) DMUninstaller (HKLM-x32\...\DMUninstaller) (Version: - ) <==== ATTENTION Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.) EPSON BX320FW Series Printer Uninstall (HKLM\...\EPSON BX320FW Series) (Version: - SEIKO EPSON Corporation) Evernote v. 5.1.1 (HKLM-x32\...\{19ABCFE2-7EED-11E3-B98A-00163E98E7D6}) (Version: 5.1.1.2334 - Evernote Corp.) Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - ) Free Alarm Clock 2.7.0 (HKLM-x32\...\{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1) (Version: 2.7 - Comfort Software Group) Gameforge Live 1.9.0 "Legend" (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 1.9.0 - Gameforge) GameRanger (HKCU\...\GameRanger) (Version: - GameRanger Technologies) Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Facepunch Studios) Ghost Recon Online (EU) (HKCU\...\d8be6c3f847d7d92) (Version: 1.34.3556.1 - Ubisoft) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.) Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden Grand Theft Auto San Andreas (HKLM-x32\...\{086BADF8-9B1F-4E89-B207-2EDA520972D6}) (Version: 1.00.00001 - Rockstar Games) Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment) Heroes & Generals (HKLM-x32\...\Heroes & Generals) (Version: 1.0.6.1 - Reto-Moto) Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.10.1464 - Intel Corporation) Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.225 - Intel Corporation) Intel® Trusted Connect Service Client (Version: 1.23.943.1 - Intel Corporation) Hidden Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle) Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games ) League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.173 - LogMeIn, Inc.) LogMeIn Hamachi (x32 Version: 2.2.0.173 - LogMeIn, Inc.) Hidden Magicka: Wizard Wars (HKLM-x32\...\Steam App 202090) (Version: - Paradox North) Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation) Men of War: Assault Squad (HKLM-x32\...\Steam App 64000) (Version: - Digitalmindsoft) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1 (1033)) (Version: - ) Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322 - Microsoft) Hidden Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation) Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation) Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation) Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla) MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MTA:SA v1.3.2 (HKLM-x32\...\MTA:SA 1.3) (Version: v1.3.2 - Multi Theft Auto) No More Room in Hell (HKLM-x32\...\Steam App 224260) (Version: - No More Room in Hell Team) Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.5 - Notepad++ Team) NVIDIA 3D Vision Controller-Treiber 314.07 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 314.07 - NVIDIA Corporation) NVIDIA 3D Vision Treiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 335.23 - NVIDIA Corporation) NVIDIA GeForce Experience 2.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.0 - NVIDIA Corporation) NVIDIA Grafiktreiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation) NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation) NVIDIA Install Application (Version: 2.1002.151.1095 - NVIDIA Corporation) Hidden NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden NVIDIA PhysX (x32 Version: 9.12.1031 - NVIDIA Corporation) Hidden NVIDIA PhysX-Systemsoftware 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation) NVIDIA ShadowPlay 12.4.55 (Version: 12.4.55 - NVIDIA Corporation) Hidden NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3523 - NVIDIA Corporation) Hidden NVIDIA Systemsteuerung 335.23 (Version: 335.23 - NVIDIA Corporation) Hidden NVIDIA Update 12.4.55 (Version: 12.4.55 - NVIDIA Corporation) Hidden NVIDIA Update Core (Version: 12.4.55 - NVIDIA Corporation) Hidden NVIDIA Virtual Audio 1.2.22 (Version: 1.2.22 - NVIDIA Corporation) Hidden Origin (HKLM-x32\...\Origin) (Version: 9.1.10.2728 - Electronic Arts, Inc.) Overwolf (HKLM-x32\...\{FB83467F-D8EB-43E6-8B3D-860B045C1C52}) (Version: 0.51.325 - Overwolf) Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.9 - Pando Networks Inc.) PlanetSide 2 (HKCU\...\soe-PlanetSide 2 PSG) (Version: 1.0.3.183 - Sony Online Entertainment) PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.) QuickShare (HKLM-x32\...\{11D4FAA0-A577-4FA8-B24E-D24283D861D1}) (Version: 11.24.60.15709 - Linkury Inc.) <==== ATTENTION Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.53.216.2012 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6657 - Realtek Semiconductor Corp.) S.K.I.L.L. - Special Force 2 (HKLM-x32\...\Special Force 2 Beta_is1) (Version: - ) SA-MP Colorpicker 1.1.0 (HKLM-x32\...\SA-MP Colorpicker) (Version: 1.1.0 - GTAvision.com) SAMSUNG Mobile Composite Device Software (HKLM\...\SAMSUNG Mobile Composite Device) (Version: - ) SAMSUNG Mobile Modem Driver Set (HKLM\...\SAMSUNG Mobile Modem) (Version: - ) Samsung Mobile phone USB driver Drive Software (HKLM\...\Samsung Mobile phone USB driver Drive) (Version: - ) SAMSUNG Mobile USB Modem 1.0 Software (HKLM\...\SAMSUNG Mobile USB Modem 1.0) (Version: - ) SAMSUNG Mobile USB Modem Software (HKLM\...\SAMSUNG Mobile USB Modem) (Version: - ) SHIELD Streaming (Version: 1.8.323 - NVIDIA Corporation) Hidden SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 1.0.0.0 - Electronic Arts) Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.) Smite (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}) (Version: 1.0.2070.0 - Hi-Rez Studios) Spotify (HKCU\...\Spotify) (Version: 0.9.7.16.g4b197456 - Spotify AB) Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH) TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.22298 - TeamViewer) TERA (HKLM-x32\...\{A2F166A0-F031-4E27-A057-C69733219434}_is1) (Version: 7 - Gameforge Productions GmbH) Total War: ROME II (HKLM-x32\...\Steam App 214950) (Version: - Creative Assembly) Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT) Update_for_BonanzaDeals (HKCU\...\Bonanza) (Version: - Update_for_BonanzaDeals) <==== ATTENTION WestwoodChat (HKLM-x32\...\{7CAE6A67-AF7B-4A6A-8705-8AFACA45BB60}) (Version: 1.0.0.0 - WestwoodChat) Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation) Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Family Safety (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH) World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1) (Version: - Wargaming.net) World of Warplanes (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C813EU}_is1) (Version: - Wargaming.net) WoT Statistics (HKLM-x32\...\WoT Statistics_is1) (Version: 2.0.6.63 - Nick Saaiman) ZoneAlarm Antivirus (x32 Version: 11.0.000.057 - Check Point Software Technologies Ltd.) Hidden ZoneAlarm Firewall (x32 Version: 11.0.000.057 - Check Point Software Technologies Ltd.) Hidden ZoneAlarm Free Firewall (HKLM-x32\...\ZoneAlarm Free Firewall) (Version: 11.0.000.057 - Check Point) ZoneAlarm Security (x32 Version: 11.0.000.057 - Check Point Software Technologies Ltd.) Hidden ==================== Restore Points ========================= 08-04-2014 12:33:38 Windows Update 08-04-2014 18:22:55 DirectX wurde installiert ==================== Hosts content: ========================== 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {507FEE5C-F4BD-4F49-B488-8337C046F7C3} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-02-25] (Piriform Ltd) Task: {56046A02-AB8E-4E87-A639-ADDE2326EFC1} - System32\Tasks\{C968D213-2F1D-417B-B596-C19B0A1B6E25} => C:\Program Files (x86)\Riot Games\League of Legends\lol.launcher.exe Task: {9D405C7D-A25A-4BA7-894E-7756B27E9C82} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-15] (Adobe Systems Incorporated) Task: {C43FD6A8-62F7-41BA-A1A7-3C973A445770} - \AmiUpdXp No Task File Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf4c2a5dbd0a51.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\RunOW.job => C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe Task: C:\Windows\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013.job => C:\Program Files (x86)\TuneUp Utilities 2014\OneClick.exe ==================== Loaded Modules (whitelisted) ============= 2013-02-25 23:39 - 2014-03-04 15:05 - 00116056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2012-06-18 17:24 - 2012-06-18 17:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll 2013-11-30 23:15 - 2014-01-15 16:05 - 00603648 _____ () C:\Users\Christopher\AppData\Roaming\Spotify\Data\SpotifyHelper.exe 2013-08-17 22:12 - 2013-09-09 15:49 - 00075136 _____ () C:\Windows\SysWOW64\PnkBstrA.exe 2014-03-05 20:30 - 2014-03-05 20:30 - 00025600 _____ () C:\Program Files (x86)\Overwolf\CoreAudioApi.dll 2013-09-20 13:09 - 2014-03-05 20:29 - 00016160 _____ () C:\Users\Christopher\AppData\Local\Overwolf\Apps\Contracts\ODK.AddIns.V2.Contract.dll 2013-09-20 13:09 - 2014-03-05 20:29 - 00016672 _____ () C:\Users\Christopher\AppData\Local\Overwolf\Apps\AddInViews\ODK.AddIns.V2.AddInView.dll 2013-09-20 13:10 - 2013-09-20 13:10 - 00876544 _____ () C:\Users\Christopher\AppData\Local\Overwolf\Apps\AddIns\KillingFactory_and_BareL_Dota_2_Timers_2.0.0\ODK.AddIns.ThirdParty.KillingFactory_and_BareL_Dota_2_Timers.dll 2013-09-20 13:09 - 2014-03-05 20:29 - 00018208 _____ () C:\Users\Christopher\AppData\Local\Overwolf\Apps\AddInSideAdapters\ODK.AddIns.V2.AddInSideAdapter.dll 2013-09-20 13:09 - 2014-03-05 20:28 - 00019232 _____ () C:\Users\Christopher\AppData\Local\Overwolf\Apps\HostSideAdapters\ODK.AddIns.V2.HostSideAdapter.dll 2014-03-05 20:29 - 2014-03-05 20:29 - 00607232 _____ () C:\Program Files (x86)\Overwolf\client_c_api_win32.dll 2013-11-30 23:15 - 2014-01-15 16:06 - 36967424 _____ () C:\Users\Christopher\AppData\Roaming\Spotify\Data\libcef.dll 2013-10-19 01:55 - 2013-10-19 01:55 - 25100288 _____ () C:\Users\Christopher\AppData\Roaming\Dropbox\bin\libcef.dll 2013-12-20 13:14 - 2013-12-20 13:14 - 00433664 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll 2013-12-20 13:14 - 2013-12-20 13:14 - 00315392 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll 2014-03-15 12:04 - 2014-03-15 02:50 - 00051016 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll 2014-03-15 12:04 - 2014-03-15 02:50 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libglesv2.dll 2014-03-15 12:04 - 2014-03-15 02:50 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libegl.dll 2014-03-15 12:04 - 2014-03-15 02:50 - 04061000 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll 2014-03-15 12:04 - 2014-03-15 02:50 - 00394568 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll 2014-03-15 12:04 - 2014-03-15 02:50 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll 2013-11-30 23:15 - 2014-01-15 16:05 - 00887808 _____ () C:\Users\Christopher\AppData\Roaming\Spotify\Data\libglesv2.dll 2013-11-30 23:15 - 2014-01-15 16:05 - 00109568 _____ () C:\Users\Christopher\AppData\Roaming\Spotify\Data\libegl.dll 2014-03-15 12:04 - 2014-03-15 02:50 - 13637448 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll 2013-02-25 23:36 - 2012-03-29 07:18 - 01198872 ____R () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\ProgramData\TEMP:373E1720 AlternateDataStreams: C:\Users\Christopher\Anwendungsdaten:NT AlternateDataStreams: C:\Users\Christopher\AppData\Roaming:NT ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service" ==================== Disabled items from MSCONFIG ============== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (04/09/2014 00:56:30 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/09/2014 00:56:23 PM) (Source: Steam Client Service) (User: ) Description: Error: Failed to poke open firewall Error: (04/09/2014 00:54:34 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/09/2014 00:54:11 PM) (Source: BstHdAndroidSvc) (User: ) Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run. bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args) bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state) Error: (04/08/2014 10:22:27 PM) (Source: Steam Client Service) (User: ) Description: Error: Failed to poke open firewall Error: (04/08/2014 10:21:21 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/08/2014 10:20:59 PM) (Source: BstHdAndroidSvc) (User: ) Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run. bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args) bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state) Error: (04/08/2014 08:40:38 PM) (Source: MsiInstaller) (User: Christopher-PC) Description: Produkt: NVIDIA PhysX -- Fehler 1316. Beim Lesen der Datei C:\Program Files (x86)\Steam\steamapps\common\MagickaWizardWars\_CommonRedist\PhysX\9.12.1031\PhysX_9.12.1031_SystemSoftware.msi ist ein Netzwerkfehler aufgetreten Error: (04/08/2014 08:33:21 PM) (Source: MsiInstaller) (User: Christopher-PC) Description: Produkt: NVIDIA PhysX -- Fehler 1316. Beim Lesen der Datei C:\Program Files (x86)\Steam\steamapps\common\MagickaWizardWars\_CommonRedist\PhysX\9.12.1031\PhysX_9.12.1031_SystemSoftware.msi ist ein Netzwerkfehler aufgetreten Error: (04/08/2014 08:33:13 PM) (Source: MsiInstaller) (User: Christopher-PC) Description: Produkt: NVIDIA PhysX -- Fehler 1316. Beim Lesen der Datei C:\Program Files (x86)\Steam\steamapps\common\MagickaWizardWars\_CommonRedist\PhysX\9.12.1031\PhysX_9.12.1031_SystemSoftware.msi ist ein Netzwerkfehler aufgetreten System errors: ============= Error: (04/09/2014 00:58:55 PM) (Source: DCOM) (User: ) Description: {B77C4C36-0154-4C52-AB49-FAA03837E47F} Error: (04/09/2014 00:57:18 PM) (Source: Service Control Manager) (User: ) Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows-Verwaltungsinstrumentation" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: %%1056 Error: (04/09/2014 00:57:18 PM) (Source: Service Control Manager) (User: ) Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Benutzerprofildienst" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: %%1056 Error: (04/09/2014 00:57:18 PM) (Source: Service Control Manager) (User: ) Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Multimediaklassenplaner" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: %%1056 Error: (04/09/2014 00:57:12 PM) (Source: Service Control Manager) (User: ) Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: %%1056 Error: (04/09/2014 00:56:28 PM) (Source: Service Control Manager) (User: ) Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Server" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: %%1056 Error: (04/09/2014 00:55:12 PM) (Source: Service Control Manager) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: StarOpen Error: (04/09/2014 00:55:12 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts. Error: (04/09/2014 00:55:12 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Designs" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts. Error: (04/09/2014 00:55:12 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Shellhardwareerkennung" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts. Microsoft Office Sessions: ========================= Error: (04/09/2014 00:56:30 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/09/2014 00:56:23 PM) (Source: Steam Client Service)(User: ) Description: Failed to poke open firewall Error: (04/09/2014 00:54:34 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/09/2014 00:54:11 PM) (Source: BstHdAndroidSvc)(User: ) Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run. bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args) bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state) Error: (04/08/2014 10:22:27 PM) (Source: Steam Client Service)(User: ) Description: Failed to poke open firewall Error: (04/08/2014 10:21:21 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/08/2014 10:20:59 PM) (Source: BstHdAndroidSvc)(User: ) Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run. bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args) bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state) Error: (04/08/2014 08:40:38 PM) (Source: MsiInstaller)(User: Christopher-PC) Description: Produkt: NVIDIA PhysX -- Fehler 1316. Beim Lesen der Datei C:\Program Files (x86)\Steam\steamapps\common\MagickaWizardWars\_CommonRedist\PhysX\9.12.1031\PhysX_9.12.1031_SystemSoftware.msi ist ein Netzwerkfehler aufgetreten(NULL)(NULL)(NULL)(NULL)(NULL) Error: (04/08/2014 08:33:21 PM) (Source: MsiInstaller)(User: Christopher-PC) Description: Produkt: NVIDIA PhysX -- Fehler 1316. Beim Lesen der Datei C:\Program Files (x86)\Steam\steamapps\common\MagickaWizardWars\_CommonRedist\PhysX\9.12.1031\PhysX_9.12.1031_SystemSoftware.msi ist ein Netzwerkfehler aufgetreten(NULL)(NULL)(NULL)(NULL)(NULL) Error: (04/08/2014 08:33:13 PM) (Source: MsiInstaller)(User: Christopher-PC) Description: Produkt: NVIDIA PhysX -- Fehler 1316. Beim Lesen der Datei C:\Program Files (x86)\Steam\steamapps\common\MagickaWizardWars\_CommonRedist\PhysX\9.12.1031\PhysX_9.12.1031_SystemSoftware.msi ist ein Netzwerkfehler aufgetreten(NULL)(NULL)(NULL)(NULL)(NULL) ==================== Memory info =========================== Percentage of memory in use: 44% Total physical RAM: 8136.91 MB Available physical RAM: 4533.34 MB Total Pagefile: 16272.01 MB Available Pagefile: 11917.96 MB Total Virtual: 8192 MB Available Virtual: 8191.81 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:365.66 GB) (Free:12.58 GB) NTFS Drive e: (LOTRBFME2) (CDROM) (Total:5.68 GB) (Free:0 GB) UDF Drive f: (Daten) (Fixed) (Total:100 GB) (Free:3.54 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: D2F94CF8) Partition: GPT Partition Type. ==================== End Of Log ============================ Falls was fehlen sollte einfach sagen werde es wen möglich nachreichen. Geändert von Herdringen (09.04.2014 um 12:48 Uhr) Grund: Was vergessen |
09.04.2014, 13:25 | #2 |
/// the machine /// TB-Ausbilder | [Win7] Eingabeaufforderung/CMD schließt sich sodort nach dem Öfnen hi,
__________________Revo Uninstaller - Download - Filepony Damit alles deinstallieren was Du in der Additional.txt findest mit dem Zusatz <== ATTENTION Mit Revo auch Moderat die Reste entfernen lassen. Downloade Dir bitte Malwarebytes Anti-Malware
Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ |
09.04.2014, 14:46 | #3 |
| [Win7] Eingabeaufforderung/CMD schließt sich sodort nach dem Öfnen So habe versucht alles so auszuführen wie du gesagt hast doch "Junkware Removal Tool" startet nicht es öfnet kurz CMD und das wars
__________________aber hier erstmal die Textdateien mbam Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 09.04.2014 Suchlauf-Zeit: 15:24:20 Logdatei: mbam.txt Administrator: Nein Version: 2.00.1.1004 Malware Datenbank: v2014.04.09.04 Rootkit Datenbank: v2014.03.27.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Chameleon: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Christopher Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 280874 Verstrichene Zeit: 22 Min, 12 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Shuriken: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 0 (No malicious items detected) Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 0 (No malicious items detected) Physische Sektoren: 0 (No malicious items detected) (end) Code:
ATTFilter # AdwCleaner v3.023 - Bericht erstellt am 09/04/2014 um 15:29:56 # Aktualisiert 01/04/2014 von Xplode # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits) # Benutzername : Christopher - CHRISTOPHER-PC # Gestartet von : F:\Dokumente\adwcleaner3023.exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** [!] Ordner Gelöscht : C:\Users\Christopher\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar Ordner Gelöscht : C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\icpgjfneehieebagbmdbhnlpiopdcmna ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** ***** [ Browser ] ***** -\\ Internet Explorer v11.0.9600.16521 -\\ Mozilla Firefox v28.0 (de) [ Datei : C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\yyqeewho.default-1374085442957\prefs.js ] Zeile gelöscht : user_pref("extensions.helperbar.BackPageActive", true); Zeile gelöscht : user_pref("extensions.helperbar.DockingPositionDown", false); Zeile gelöscht : user_pref("extensions.helperbar.SmartbarDisabled", false); Zeile gelöscht : user_pref("extensions.helperbar.SmartbarStateMinimaized", false); Zeile gelöscht : user_pref("extensions.helperbar.Visibility", false); Zeile gelöscht : user_pref("extensions.helperbar.keepAliveLastevent", "1395934643"); Zeile gelöscht : user_pref("extensions.helperbar.lastExternalJsUpdate", "1396069634459"); -\\ Google Chrome v33.0.1750.154 [ Datei : C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [70035 octets] - [25/03/2014 15:33:47] AdwCleaner[R1].txt - [1867 octets] - [09/04/2014 13:21:28] AdwCleaner[R2].txt - [1925 octets] - [09/04/2014 13:23:19] AdwCleaner[R3].txt - [1985 octets] - [09/04/2014 15:28:51] AdwCleaner[S0].txt - [63153 octets] - [25/03/2014 15:36:52] AdwCleaner[S1].txt - [1912 octets] - [09/04/2014 15:29:56] ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1972 octets] ########## FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 (ATTENTION: ====> FRST version is 27 days old and could be outdated) Ran by Christopher (administrator) on CHRISTOPHER-PC on 09-04-2014 15:41:07 Running from F:\Dokumente Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Check Point Software Technologies) C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Comfort Software Group) C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe (Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe (Spotify Ltd) C:\Users\Christopher\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Dropbox, Inc.) C:\Users\Christopher\AppData\Roaming\Dropbox\bin\Dropbox.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Disc Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTShellHlp.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe () C:\Windows\SysWOW64\PnkBstrA.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation) C:\Windows\SysWOW64\DllHost.exe (Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies) C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor) HKLM\...\Run: [ISW] - C:\Program Files\CheckPoint\ZAForceField\ForceField.exe [1127592 2012-11-22] (Check Point Software Technologies) HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2199840 2014-04-02] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\nvspcap64.dll [1225920 2014-04-02] (NVIDIA Corporation) HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-03-26] (Intel Corporation) HKLM-x32\...\Run: [ZoneAlarm] - C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [73832 2013-01-29] (Check Point Software Technologies LTD) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [BlueStacks Agent] - C:\Program Files (x86)\BlueStacks\HD-Agent.exe [601928 2013-08-07] (BlueStack Systems, Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3814736 2014-02-26] (LogMeIn Inc.) HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] - rmdir /s /q "\SearchProtect" HKU\S-1-5-21-1243158617-1119941495-1123096171-1001\...\Run: [Pando Media Booster] - null\Pando Networks\Media Booster\PMB.exe HKU\S-1-5-21-1243158617-1119941495-1123096171-1001\...\Run: [EPSON421CF4 (Epson Stylus Office BX320FW)] - C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGIE.EXE [224768 2009-09-14] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-1243158617-1119941495-1123096171-1001\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1821888 2014-02-25] (Valve Corporation) HKU\S-1-5-21-1243158617-1119941495-1123096171-1001\...\Run: [Akamai NetSession Interface] - C:\Users\Christopher\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.) HKU\S-1-5-21-1243158617-1119941495-1123096171-1001\...\Run: [FreeAC] - C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe [1328976 2012-04-25] (Comfort Software Group) HKU\S-1-5-21-1243158617-1119941495-1123096171-1001\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd) HKU\S-1-5-21-1243158617-1119941495-1123096171-1001\...\Run: [Overwolf] - C:\Program Files (x86)\Overwolf\Overwolf.exe [37664 2014-03-05] (Overwolf LTD) HKU\S-1-5-21-1243158617-1119941495-1123096171-1001\...\Run: [Spotify] - C:\Users\Christopher\AppData\Roaming\Spotify\Spotify.exe [6118400 2014-01-15] (Spotify Ltd) HKU\S-1-5-21-1243158617-1119941495-1123096171-1001\...\Run: [Spotify Web Helper] - C:\Users\Christopher\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-01-15] (Spotify Ltd) HKU\S-1-5-21-1243158617-1119941495-1123096171-1001\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20924576 2014-02-10] (Skype Technologies S.A.) HKU\S-1-5-21-1243158617-1119941495-1123096171-1001\...\RunOnce: [Application Restart #1] - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [859976 2014-03-15] (Google Inc.) HKU\S-1-5-21-1243158617-1119941495-1123096171-1001\...\MountPoints2: {2ea83c97-8278-11e2-929a-d43d7e31e76d} - E:\Install.exe HKU\S-1-5-21-1243158617-1119941495-1123096171-1001\...\MountPoints2: {7a21e395-925a-11e3-9600-d43d7e31e76d} - H:\Startme.exe HKU\S-1-5-21-1243158617-1119941495-1123096171-1001\...\MountPoints2: {a0f83e86-4ae0-11e3-b0f7-d43d7e31e76d} - E:\Autorun.exe HKU\S-1-5-21-1243158617-1119941495-1123096171-1001\...\Command Processor: <===== ATTENTION! AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => "C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" File Not Found Startup: C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Christopher\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) Startup: C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google Chrome.lnk ShortcutTarget: Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) Startup: C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TeamSpeak 3 Client.lnk ShortcutTarget: TeamSpeak 3 Client.lnk -> C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe (TeamSpeak Systems GmbH) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xAD16E1DFF315CE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) Toolbar: HKLM-x32 - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) FireFox: ======== FF ProfilePath: C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\yyqeewho.default-1374085442957 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll () FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @live.heroesandgenerals.com/npretox - C:\Program Files (x86)\Heroes & Generals\live\npretox-1.0.6.1\npretoxlive-1.0.6.1.dll (Reto-Moto ApS) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - null\Pando Networks\Media Booster\npPandoWebPlugin.dll No File FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Users\Christopher\Downloads\null\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll () FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: zonealarm.com - C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\yyqeewho.default-1374085442957\Extensions\ffxtlbr@zonealarm.com [2013-07-17] FF Extension: QuickShare Widget - C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\yyqeewho.default-1374085442957\Extensions\{b48f059e-4c8e-437e-8341-3f67dab778bb} [2014-03-11] FF Extension: BonanzaDeals - C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\yyqeewho.default-1374085442957\Extensions\{f9d03c26-0575-497e-821d-f7956d23e0ca}.xpi [2014-01-04] FF HKLM\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\TrustChecker FF Extension: No Name - C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2013-02-28] FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker FF Extension: ZoneAlarm Security Engine - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2013-02-28] Chrome: ======= CHR HomePage: CHR Extension: (Angry Birds) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2014-01-15] CHR Extension: (Google Drive) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-13] CHR Extension: (YouTube) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-13] CHR Extension: (GMX MailCheck) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\camnampocfohlcgbajligmemmabnljcm [2013-12-12] CHR Extension: (Google-Suche) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-13] CHR Extension: (Regentropfen(Non-Aero)) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpagcfbbmlebfnkeogkigellbgmfkjfg [2014-02-02] CHR Extension: (Heroes & Generals) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbophcdhblbipoaacgchllkobdaolpge [2014-03-02] CHR Extension: (Google Wallet) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-13] CHR Extension: (Google Mail) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-13] ==================== Services (Whitelisted) ================= S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [393032 2013-08-07] (BlueStack Systems, Inc.) R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384840 2013-08-07] (BlueStack Systems, Inc.) S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [93016 2014-04-08] (EasyAntiCheat Ltd) R2 IswSvc; C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe [828072 2012-11-22] (Check Point Software Technologies) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165144 2012-03-29] (Intel Corporation) R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-02-26] (LogMeIn, Inc.) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1617352 2014-04-02] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [20542408 2014-04-02] (NVIDIA Corporation) S3 OverwolfUpdaterService; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [99616 2014-03-05] (Overwolf LTD) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2013-09-09] () R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [2447888 2013-01-29] (Check Point Software Technologies LTD) R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-21] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [70984 2013-08-07] (BlueStack Systems) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-11-11] (Disc Soft Ltd) R2 ISWKL; C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [33712 2012-11-22] (Check Point Software Technologies) U5 klflt; C:\Windows\System32\Drivers\klflt.sys [89432 2012-11-15] (Kaspersky Lab) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [611160 2012-11-15] (Kaspersky Lab) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-09] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-21] (NVIDIA Corporation) S1 StarOpen; C:\Windows\SysWow64\Drivers\StarOpen.sys [5632 2006-07-24] () R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [450136 2012-12-13] (Check Point Software Technologies LTD) S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\1.3\temp\FairplayKD.sys [X] U0 KL1; S3 MSICDSetup; \??\D:\CDriver64.sys [X] S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X] S3 xhunter1; \??\C:\Windows\xhunter1.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-09 15:26 - 2014-04-09 15:26 - 00001155 _____ () C:\Users\Christopher\Desktop\mbam.txt 2014-04-09 15:05 - 2014-04-09 15:05 - 00000000 ____D () C:\Users\Christopher\Desktop\Sicherheit 2014-04-09 14:59 - 2014-04-09 14:59 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-04-09 14:59 - 2014-04-09 14:59 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-04-09 14:59 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-04-09 14:59 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-04-09 14:59 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-04-09 14:38 - 2014-04-09 14:38 - 00001268 _____ () C:\Users\Christopher\Desktop\Revo Uninstaller.lnk 2014-04-09 14:38 - 2014-04-09 14:38 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-04-09 13:39 - 2014-04-09 15:41 - 00000000 ____D () C:\FRST 2014-04-09 13:37 - 2014-04-09 13:37 - 00005186 _____ () C:\Users\Christopher\Desktop\archiv2.txt 2014-04-09 13:36 - 2014-04-09 13:36 - 00001211 _____ () C:\Users\Christopher\Desktop\Archiv.txt 2014-04-08 21:02 - 2014-04-09 15:39 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-08 21:02 - 2014-04-08 21:02 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-04-08 20:33 - 2014-04-08 20:39 - 00093016 _____ (EasyAntiCheat Ltd) C:\Windows\SysWOW64\EasyAntiCheat.exe 2014-04-08 20:22 - 2014-04-08 20:24 - 00000000 ____D () C:\Users\Christopher\AppData\Local\NVIDIA Corporation 2014-04-08 20:22 - 2014-04-02 15:28 - 01225920 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll 2014-04-08 20:22 - 2014-04-02 15:28 - 01081112 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll 2014-04-08 20:21 - 2014-03-21 21:43 - 00040392 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys 2014-04-08 20:21 - 2014-03-21 21:43 - 00037320 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll 2014-04-08 20:21 - 2014-03-21 21:43 - 00033568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll 2014-04-08 20:17 - 2014-04-08 20:17 - 00000222 _____ () C:\Users\Christopher\Desktop\Magicka Wizard Wars.url 2014-04-08 19:59 - 2014-04-08 20:24 - 00000000 ____D () C:\Users\Christopher\AppData\Local\NVIDIA 2014-04-08 19:55 - 2014-03-04 13:32 - 00599840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe 2014-04-04 22:05 - 2014-04-04 22:05 - 00001048 _____ () C:\Users\Christopher\Desktop\TERA.lnk 2014-04-04 17:24 - 2014-02-28 21:47 - 00000000 ____D () C:\Users\Christopher\Desktop\Minecraft Cracked 2014-03-30 17:11 - 2014-03-30 17:11 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf4c2a5dbd0a51.job 2014-03-29 20:58 - 2014-03-29 20:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-03-25 20:31 - 2014-03-26 00:04 - 00000015 _____ () C:\Users\Christopher\Desktop\Samp.txt 2014-03-25 17:24 - 2014-03-25 17:24 - 00001063 _____ () C:\Users\Christopher\Desktop\Notepad++.lnk 2014-03-25 17:24 - 2014-03-25 17:24 - 00000000 ____D () C:\Users\Christopher\AppData\Roaming\Notepad++ 2014-03-25 17:24 - 2014-03-25 17:24 - 00000000 ____D () C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++ 2014-03-25 17:24 - 2014-03-25 17:24 - 00000000 ____D () C:\Program Files (x86)\Notepad++ 2014-03-25 17:12 - 2014-03-25 17:12 - 00001762 _____ () C:\Users\Christopher\Desktop\starbound_opengl - Verknüpfung.lnk 2014-03-25 17:08 - 2014-03-25 17:08 - 00002266 _____ () C:\Users\Christopher\Desktop\Starbound Update 7.1.lnk 2014-03-25 17:07 - 2011-03-30 20:35 - 00292184 ____N (Microsoft Corporation) C:\Users\Christopher\Desktop\dxwebsetup.exe 2014-03-25 17:04 - 2014-03-27 19:13 - 00000000 ____D () C:\Program Files (x86)\Starbound Update 7.1 2014-03-25 15:33 - 2014-04-09 15:30 - 00000000 ____D () C:\AdwCleaner 2014-03-21 16:09 - 2014-03-21 16:09 - 00000000 ____D () C:\Users\Christopher\AppData\Local\Skype 2014-03-21 16:08 - 2014-03-21 16:08 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk 2014-03-20 23:03 - 2014-03-20 23:03 - 15783992 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll 2014-03-20 23:03 - 2014-03-20 23:03 - 11589272 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll 2014-03-20 23:03 - 2014-03-20 23:03 - 09690424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll 2014-03-20 23:03 - 2014-03-20 23:03 - 00832936 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 31474976 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 25255256 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 23716640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 17755424 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 12708128 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys 2014-03-20 23:02 - 2014-03-20 23:02 - 11636176 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 09728064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 03143456 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 02958792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 02783008 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 02715264 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 02411976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 01885472 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433523.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 01516488 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433523.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 01515296 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 00892704 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 00877856 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 00863064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 00846168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 00484296 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 00409544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 00377688 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 00353504 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 00333600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 00197408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys 2014-03-20 23:02 - 2014-03-20 23:02 - 00174296 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 00148016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll 2014-03-20 21:36 - 2014-03-20 21:36 - 00000221 _____ () C:\Users\Christopher\Desktop\Men of War Assault Squad.url 2014-03-12 14:08 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll 2014-03-12 14:08 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll 2014-03-12 14:08 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll 2014-03-12 14:07 - 2014-03-01 08:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-03-12 14:07 - 2014-03-01 07:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-03-12 14:07 - 2014-03-01 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-03-12 14:07 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-03-12 14:07 - 2014-03-01 06:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-03-12 14:07 - 2014-03-01 06:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-03-12 14:07 - 2014-03-01 06:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-03-12 14:07 - 2014-03-01 06:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-03-12 14:07 - 2014-03-01 06:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-03-12 14:07 - 2014-03-01 06:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-03-12 14:07 - 2014-03-01 06:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-03-12 14:07 - 2014-03-01 06:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-03-12 14:07 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-03-12 14:07 - 2014-03-01 06:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-03-12 14:07 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-03-12 14:07 - 2014-03-01 06:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-03-12 14:07 - 2014-03-01 06:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-03-12 14:07 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-03-12 14:07 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-03-12 14:07 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-03-12 14:07 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-03-12 14:07 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-03-12 14:07 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-03-12 14:07 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-03-12 14:07 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-03-12 14:07 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-03-12 14:07 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-03-12 14:07 - 2014-03-01 05:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-03-12 14:07 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-03-12 14:07 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-03-12 14:07 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-03-12 14:07 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-03-12 14:07 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-03-12 14:07 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-03-12 14:07 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-03-12 14:07 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-03-12 14:07 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-03-12 14:07 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-03-12 14:07 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-03-12 14:07 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-03-12 14:07 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-03-12 14:07 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-03-12 14:07 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-03-12 14:07 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2014-03-12 14:07 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll ==================== One Month Modified Files and Folders ======= 2014-04-09 15:41 - 2014-04-09 13:39 - 00000000 ____D () C:\FRST 2014-04-09 15:39 - 2014-04-08 21:02 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-09 15:39 - 2013-10-06 11:37 - 01898364 _____ () C:\Windows\WindowsUpdate.log 2014-04-09 15:39 - 2013-03-17 19:09 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-04-09 15:38 - 2013-11-30 23:14 - 00000000 ____D () C:\Users\Christopher\AppData\Roaming\Spotify 2014-04-09 15:37 - 2013-09-20 13:07 - 00000000 ____D () C:\Users\Christopher\AppData\Local\Overwolf 2014-04-09 15:37 - 2013-03-02 10:28 - 00000000 ____D () C:\Users\Christopher\AppData\Roaming\TS3Client 2014-04-09 15:36 - 2013-03-02 11:35 - 00000000 ____D () C:\Users\Christopher\AppData\Local\LogMeIn Hamachi 2014-04-09 15:35 - 2013-06-04 18:39 - 00000000 ___RD () C:\Users\Christopher\Dropbox 2014-04-09 15:35 - 2013-06-04 18:33 - 00000000 ____D () C:\Users\Christopher\AppData\Roaming\Dropbox 2014-04-09 15:35 - 2013-04-21 15:30 - 00000000 ____D () C:\Users\Christopher\AppData\Roaming\Skype 2014-04-09 15:34 - 2013-12-06 22:14 - 00014068 _____ () C:\Windows\setupact.log 2014-04-09 15:31 - 2013-12-09 17:08 - 00062336 _____ () C:\Windows\PFRO.log 2014-04-09 15:31 - 2013-02-25 23:39 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-04-09 15:30 - 2014-03-25 15:33 - 00000000 ____D () C:\AdwCleaner 2014-04-09 15:26 - 2014-04-09 15:26 - 00001155 _____ () C:\Users\Christopher\Desktop\mbam.txt 2014-04-09 15:05 - 2014-04-09 15:05 - 00000000 ____D () C:\Users\Christopher\Desktop\Sicherheit 2014-04-09 14:59 - 2014-04-09 14:59 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-04-09 14:59 - 2014-04-09 14:59 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-04-09 14:52 - 2014-01-07 02:34 - 00000000 ____D () C:\Users\Christopher\AppData\Roaming\Bonanza 2014-04-09 14:38 - 2014-04-09 14:38 - 00001268 _____ () C:\Users\Christopher\Desktop\Revo Uninstaller.lnk 2014-04-09 14:38 - 2014-04-09 14:38 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-04-09 13:37 - 2014-04-09 13:37 - 00005186 _____ () C:\Users\Christopher\Desktop\archiv2.txt 2014-04-09 13:36 - 2014-04-09 13:36 - 00001211 _____ () C:\Users\Christopher\Desktop\Archiv.txt 2014-04-09 13:02 - 2009-07-14 06:45 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-04-09 13:02 - 2009-07-14 06:45 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-04-08 22:16 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Vss 2014-04-08 22:16 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\IME 2014-04-08 21:02 - 2014-04-08 21:02 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-04-08 20:39 - 2014-04-08 20:33 - 00093016 _____ (EasyAntiCheat Ltd) C:\Windows\SysWOW64\EasyAntiCheat.exe 2014-04-08 20:24 - 2014-04-08 20:22 - 00000000 ____D () C:\Users\Christopher\AppData\Local\NVIDIA Corporation 2014-04-08 20:24 - 2014-04-08 19:59 - 00000000 ____D () C:\Users\Christopher\AppData\Local\NVIDIA 2014-04-08 20:24 - 2013-02-25 23:39 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation 2014-04-08 20:22 - 2013-02-25 23:39 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation 2014-04-08 20:22 - 2013-02-25 23:38 - 00000000 ____D () C:\Program Files\NVIDIA Corporation 2014-04-08 20:17 - 2014-04-08 20:17 - 00000222 _____ () C:\Users\Christopher\Desktop\Magicka Wizard Wars.url 2014-04-08 20:17 - 2013-03-17 19:16 - 00000000 ____D () C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2014-04-07 20:32 - 2013-11-30 23:15 - 00000000 ____D () C:\Users\Christopher\AppData\Local\Spotify 2014-04-05 18:23 - 2013-09-03 11:13 - 00000000 ____D () C:\Program Files (x86)\Electronic Arts 2014-04-05 18:22 - 2013-09-07 19:13 - 00000000 ____D () C:\Users\Christopher\AppData\Roaming\Meine Der Herr der Ringe™, Aufstieg des Hexenkönigs™-Dateien 2014-04-05 18:20 - 2011-04-12 09:43 - 00781554 _____ () C:\Windows\system32\perfh007.dat 2014-04-05 18:20 - 2011-04-12 09:43 - 00179804 _____ () C:\Windows\system32\perfc007.dat 2014-04-05 18:20 - 2009-07-14 07:13 - 01830186 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-05 15:58 - 2013-08-23 13:47 - 00000000 ____D () C:\Users\Christopher\AppData\Roaming\.minecraft 2014-04-05 15:52 - 2014-03-02 14:40 - 00000000 ____D () C:\Program Files (x86)\Heroes & Generals 2014-04-04 22:06 - 2013-08-11 13:56 - 00000000 ____D () C:\Program Files (x86)\TERA 2014-04-04 22:05 - 2014-04-04 22:05 - 00001048 _____ () C:\Users\Christopher\Desktop\TERA.lnk 2014-04-04 22:04 - 2013-03-02 10:24 - 00000000 ____D () C:\Ubisoft 2014-04-04 22:04 - 2013-02-25 22:44 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-04-04 17:26 - 2013-08-23 13:47 - 00356864 _____ () C:\Users\Christopher\Desktop\Minecraft.exe 2014-04-04 17:10 - 2013-07-25 11:42 - 00000000 ____D () C:\Users\Christopher\AppData\Local\Akamai 2014-04-04 17:08 - 2013-02-28 22:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-04-03 09:51 - 2014-04-09 14:59 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-04-03 09:51 - 2014-04-09 14:59 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-04-03 09:50 - 2014-04-09 14:59 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-04-02 15:28 - 2014-04-08 20:22 - 01225920 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll 2014-04-02 15:28 - 2014-04-08 20:22 - 01081112 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll 2014-03-30 17:11 - 2014-03-30 17:11 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf4c2a5dbd0a51.job 2014-03-29 20:58 - 2014-03-29 20:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-03-29 14:51 - 2013-03-02 10:28 - 00000000 ____D () C:\Program Files (x86)\Ubisoft 2014-03-28 22:11 - 2013-12-12 20:39 - 00000000 ____D () C:\Users\Christopher\AppData\Local\Battle.net 2014-03-27 19:13 - 2014-03-25 17:04 - 00000000 ____D () C:\Program Files (x86)\Starbound Update 7.1 2014-03-26 17:43 - 2013-02-28 22:37 - 00000000 ____D () C:\Users\Christopher 2014-03-26 00:04 - 2014-03-25 20:31 - 00000015 _____ () C:\Users\Christopher\Desktop\Samp.txt 2014-03-25 17:24 - 2014-03-25 17:24 - 00001063 _____ () C:\Users\Christopher\Desktop\Notepad++.lnk 2014-03-25 17:24 - 2014-03-25 17:24 - 00000000 ____D () C:\Users\Christopher\AppData\Roaming\Notepad++ 2014-03-25 17:24 - 2014-03-25 17:24 - 00000000 ____D () C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++ 2014-03-25 17:24 - 2014-03-25 17:24 - 00000000 ____D () C:\Program Files (x86)\Notepad++ 2014-03-25 17:12 - 2014-03-25 17:12 - 00001762 _____ () C:\Users\Christopher\Desktop\starbound_opengl - Verknüpfung.lnk 2014-03-25 17:08 - 2014-03-25 17:08 - 00002266 _____ () C:\Users\Christopher\Desktop\Starbound Update 7.1.lnk 2014-03-25 17:08 - 2013-02-28 23:21 - 00000000 ___HD () C:\Windows\msdownld.tmp 2014-03-25 17:08 - 2013-02-28 23:21 - 00000000 ____D () C:\Windows\SysWOW64\directx 2014-03-25 15:43 - 2013-10-13 01:54 - 00001442 _____ () C:\Users\Christopher\Desktop\Chrome-App-Übersicht.lnk 2014-03-25 15:37 - 2013-10-13 01:54 - 00000000 ____D () C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-03-25 15:37 - 2013-10-13 01:51 - 00001282 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-03-25 15:37 - 2013-02-28 22:57 - 00001053 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-03-25 15:37 - 2013-02-28 22:37 - 00001007 _____ () C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-03-25 15:37 - 2013-02-28 22:37 - 00000000 ___RD () C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-03-22 22:29 - 2013-12-12 20:39 - 00000000 ____D () C:\Program Files (x86)\Battle.net 2014-03-21 21:43 - 2014-04-08 20:21 - 00040392 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys 2014-03-21 21:43 - 2014-04-08 20:21 - 00037320 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll 2014-03-21 21:43 - 2014-04-08 20:21 - 00033568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll 2014-03-21 16:09 - 2014-03-21 16:09 - 00000000 ____D () C:\Users\Christopher\AppData\Local\Skype 2014-03-21 16:08 - 2014-03-21 16:08 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk 2014-03-21 16:08 - 2013-04-21 15:30 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-03-21 16:08 - 2013-04-21 15:30 - 00000000 ____D () C:\ProgramData\Skype 2014-03-20 23:03 - 2014-03-20 23:03 - 15783992 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll 2014-03-20 23:03 - 2014-03-20 23:03 - 11589272 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll 2014-03-20 23:03 - 2014-03-20 23:03 - 09690424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll 2014-03-20 23:03 - 2014-03-20 23:03 - 00832936 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll 2014-03-20 23:03 - 2013-09-17 22:22 - 18302384 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll 2014-03-20 23:03 - 2013-09-17 22:22 - 00947808 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll 2014-03-20 23:03 - 2013-02-25 23:39 - 00062408 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll 2014-03-20 23:03 - 2013-02-25 23:39 - 00054216 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 31474976 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 25255256 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 23716640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 17755424 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 12708128 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys 2014-03-20 23:02 - 2014-03-20 23:02 - 11636176 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 09728064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 03143456 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 02958792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 02783008 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 02715264 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 02411976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 01885472 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433523.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 01516488 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433523.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 01515296 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 00892704 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 00877856 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 00863064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 00846168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 00484296 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 00409544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 00377688 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 00353504 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 00333600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 00197408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys 2014-03-20 23:02 - 2014-03-20 23:02 - 00174296 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 00148016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll 2014-03-20 23:02 - 2013-09-17 22:22 - 14709720 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll 2014-03-20 23:02 - 2013-09-17 22:22 - 03093280 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll 2014-03-20 23:02 - 2013-02-25 23:38 - 00024544 _____ () C:\Windows\system32\nvinfo.pb 2014-03-20 22:48 - 2013-05-28 16:35 - 00000000 ____D () C:\Users\Christopher\Documents\My Games 2014-03-20 22:47 - 2013-12-08 23:08 - 00070508 _____ () C:\Windows\DirectX.log 2014-03-20 21:36 - 2014-03-20 21:36 - 00000221 _____ () C:\Users\Christopher\Desktop\Men of War Assault Squad.url 2014-03-19 16:02 - 2013-09-20 13:08 - 00000000 ____D () C:\Program Files (x86)\Overwolf 2014-03-19 15:34 - 2013-08-16 01:13 - 00000000 ____D () C:\Windows\system32\MRT 2014-03-19 15:32 - 2012-01-06 12:03 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-03-15 18:52 - 2014-01-16 21:46 - 00000000 ____D () C:\Program Files (x86)\Hearthstone 2014-03-15 12:01 - 2013-02-28 23:19 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-03-15 12:01 - 2013-02-28 23:19 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-03-15 12:01 - 2013-02-28 23:19 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-03-14 16:05 - 2009-07-14 06:45 - 00276968 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-03-14 16:04 - 2013-10-22 01:31 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-03-14 16:04 - 2013-10-22 01:31 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2014-03-13 17:24 - 2013-03-02 10:27 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client Files to move or delete: ==================== C:\Users\Christopher\AppData\Roaming\skype.ini C:\ProgramData\0od37.bat C:\ProgramData\0od37.pad C:\ProgramData\0od37.reg C:\ProgramData\8ejf2.bat C:\ProgramData\8ejf2.pad C:\ProgramData\8ejf2.reg C:\ProgramData\ofbh.pad Some content of TEMP: ==================== C:\Users\Christopher\AppData\Local\Temp\AutoRun.exe C:\Users\Christopher\AppData\Local\Temp\AutoRunGUI.dll C:\Users\Christopher\AppData\Local\Temp\EAInstall.dll C:\Users\Christopher\AppData\Local\Temp\eauninstall.exe C:\Users\Christopher\AppData\Local\Temp\Quarantine.exe C:\Users\Christopher\AppData\Local\Temp\runprog.exe C:\Users\Christopher\AppData\Local\Temp\The Lord of the Rings, The Rise of the Witch-king_uninst.exe C:\Users\Christopher\AppData\Local\Temp\xmlUpdater.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-06-14 17:39 ==================== End Of Log ============================ --- --- --- Eine "Addition.txt" datei wurde nicht erstellt Geändert von Herdringen (09.04.2014 um 14:50 Uhr) Grund: Fehler entdeckt |
10.04.2014, 09:33 | #4 |
/// the machine /// TB-Ausbilder | [Win7] Eingabeaufforderung/CMD schließt sich sodort nach dem ÖfnenESET Online Scanner
Downloade Dir bitte SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
10.04.2014, 18:43 | #5 |
| [Win7] Eingabeaufforderung/CMD schließt sich sodort nach dem Öfnen hallo "SecurityCheck" läst sich ebenfals nicht ausführen, es öfnet kurz Cmd schließt sofort wieder und das war dann die letzte regung von Produkt. Hier sind wieder die Text dateien. Und zu deiner Frage ob ich noch probleme haba ja es CMD schließt sich immer noch. die log.txt Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=35face06dd476a49afd29650f6a04054 # engine=17832 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2014-04-10 04:45:44 # local_time=2014-04-10 06:45:44 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=5893 16776573 100 94 98094 148778194 0 0 # compatibility_mode=9217 16776893 100 13 23060398 37667412 0 0 # scanned=358852 # found=6 # cleaned=0 # scan_time=12440 sh=2AE65B3436787DADDED7F4F508B1BACE1CFE10F7 ft=0 fh=0000000000000000 vn="Win32/Reveton.M trojan" ac=I fn="C:\ProgramData\0od37.bat" sh=DCA05A439481650EF0F54DEC259BB7BABA2A0E08 ft=0 fh=0000000000000000 vn="Win32/Reveton.M trojan" ac=I fn="C:\ProgramData\8ejf2.bat" sh=E9F27D87ABD3036BDDB6B47D9C21C85CA4AFB3B2 ft=0 fh=0000000000000000 vn="Win32/Reveton.M trojan" ac=I fn="C:\ProgramData\sdaksda.txt" sh=2AE65B3436787DADDED7F4F508B1BACE1CFE10F7 ft=0 fh=0000000000000000 vn="Win32/Reveton.M trojan" ac=I fn="C:\Users\All Users\0od37.bat" sh=DCA05A439481650EF0F54DEC259BB7BABA2A0E08 ft=0 fh=0000000000000000 vn="Win32/Reveton.M trojan" ac=I fn="C:\Users\All Users\8ejf2.bat" sh=E9F27D87ABD3036BDDB6B47D9C21C85CA4AFB3B2 ft=0 fh=0000000000000000 vn="Win32/Reveton.M trojan" ac=I fn="C:\Users\All Users\sdaksda.txt" FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 (ATTENTION: ====> FRST version is 28 days old and could be outdated) Ran by Christopher (administrator) on CHRISTOPHER-PC on 10-04-2014 19:39:21 Running from F:\Dokumente Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Check Point Software Technologies) C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Comfort Software Group) C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe (Overwolf LTD) C:\Program Files (x86)\Overwolf\Overwolf.exe (Dropbox, Inc.) C:\Users\Christopher\AppData\Roaming\Dropbox\bin\Dropbox.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Disc Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTShellHlp.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Overwolf LTD) C:\Program Files (x86)\Common Files\Overwolf\OverwolfHelper.exe (Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (Overwolf LTD) C:\Program Files (x86)\Common Files\Overwolf\OverwolfHelper64.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Spotify Ltd) C:\Users\Christopher\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies) C:\Program Files\CheckPoint\ZAForceField\ForceField.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor) HKLM\...\Run: [ISW] - C:\Program Files\CheckPoint\ZAForceField\ForceField.exe [1127592 2012-11-22] (Check Point Software Technologies) HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2199840 2014-04-02] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\nvspcap64.dll [1225920 2014-04-02] (NVIDIA Corporation) HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-03-26] (Intel Corporation) HKLM-x32\...\Run: [ZoneAlarm] - C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [73832 2013-01-29] (Check Point Software Technologies LTD) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [BlueStacks Agent] - C:\Program Files (x86)\BlueStacks\HD-Agent.exe [601928 2013-08-07] (BlueStack Systems, Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3814736 2014-02-26] (LogMeIn Inc.) HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] - rmdir /s /q "\SearchProtect" HKU\S-1-5-21-1243158617-1119941495-1123096171-1001\...\Run: [Pando Media Booster] - null\Pando Networks\Media Booster\PMB.exe HKU\S-1-5-21-1243158617-1119941495-1123096171-1001\...\Run: [EPSON421CF4 (Epson Stylus Office BX320FW)] - C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGIE.EXE [224768 2009-09-14] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-1243158617-1119941495-1123096171-1001\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1821888 2014-02-25] (Valve Corporation) HKU\S-1-5-21-1243158617-1119941495-1123096171-1001\...\Run: [Akamai NetSession Interface] - C:\Users\Christopher\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.) HKU\S-1-5-21-1243158617-1119941495-1123096171-1001\...\Run: [FreeAC] - C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe [1328976 2012-04-25] (Comfort Software Group) HKU\S-1-5-21-1243158617-1119941495-1123096171-1001\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd) HKU\S-1-5-21-1243158617-1119941495-1123096171-1001\...\Run: [Overwolf] - C:\Program Files (x86)\Overwolf\Overwolf.exe [37664 2014-03-05] (Overwolf LTD) HKU\S-1-5-21-1243158617-1119941495-1123096171-1001\...\Run: [Spotify] - C:\Users\Christopher\AppData\Roaming\Spotify\Spotify.exe [6087224 2014-04-10] (Spotify Ltd) HKU\S-1-5-21-1243158617-1119941495-1123096171-1001\...\Run: [Spotify Web Helper] - C:\Users\Christopher\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000 2014-04-10] (Spotify Ltd) HKU\S-1-5-21-1243158617-1119941495-1123096171-1001\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20924576 2014-02-10] (Skype Technologies S.A.) HKU\S-1-5-21-1243158617-1119941495-1123096171-1001\...\RunOnce: [Application Restart #1] - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [859976 2014-03-15] (Google Inc.) HKU\S-1-5-21-1243158617-1119941495-1123096171-1001\...\MountPoints2: {2ea83c97-8278-11e2-929a-d43d7e31e76d} - E:\Install.exe HKU\S-1-5-21-1243158617-1119941495-1123096171-1001\...\MountPoints2: {7a21e395-925a-11e3-9600-d43d7e31e76d} - H:\Startme.exe HKU\S-1-5-21-1243158617-1119941495-1123096171-1001\...\MountPoints2: {a0f83e86-4ae0-11e3-b0f7-d43d7e31e76d} - E:\Autorun.exe HKU\S-1-5-21-1243158617-1119941495-1123096171-1001\...\Command Processor: <===== ATTENTION! AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => "C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" File Not Found Startup: C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Christopher\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) Startup: C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google Chrome.lnk ShortcutTarget: Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) Startup: C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TeamSpeak 3 Client.lnk ShortcutTarget: TeamSpeak 3 Client.lnk -> C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe (TeamSpeak Systems GmbH) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xAD16E1DFF315CE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) Toolbar: HKLM-x32 - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 80.69.103.78 80.69.102.158 FireFox: ======== FF ProfilePath: C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\yyqeewho.default-1374085442957 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll () FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @live.heroesandgenerals.com/npretox - C:\Program Files (x86)\Heroes & Generals\live\npretox-1.0.6.1\npretoxlive-1.0.6.1.dll (Reto-Moto ApS) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - null\Pando Networks\Media Booster\npPandoWebPlugin.dll No File FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Users\Christopher\Downloads\null\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll () FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: zonealarm.com - C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\yyqeewho.default-1374085442957\Extensions\ffxtlbr@zonealarm.com [2013-07-17] FF Extension: QuickShare Widget - C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\yyqeewho.default-1374085442957\Extensions\{b48f059e-4c8e-437e-8341-3f67dab778bb} [2014-03-11] FF Extension: BonanzaDeals - C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\yyqeewho.default-1374085442957\Extensions\{f9d03c26-0575-497e-821d-f7956d23e0ca}.xpi [2014-01-04] FF HKLM\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\TrustChecker FF Extension: No Name - C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2013-02-28] FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker FF Extension: ZoneAlarm Security Engine - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2013-02-28] Chrome: ======= CHR HomePage: CHR Extension: (Angry Birds) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2014-01-15] CHR Extension: (Google Drive) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-13] CHR Extension: (YouTube) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-13] CHR Extension: (GMX MailCheck) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\camnampocfohlcgbajligmemmabnljcm [2013-12-12] CHR Extension: (Google-Suche) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-13] CHR Extension: (Regentropfen(Non-Aero)) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpagcfbbmlebfnkeogkigellbgmfkjfg [2014-02-02] CHR Extension: (Heroes & Generals) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbophcdhblbipoaacgchllkobdaolpge [2014-03-02] CHR Extension: (Google Wallet) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-13] CHR Extension: (Google Mail) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-13] ==================== Services (Whitelisted) ================= S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [393032 2013-08-07] (BlueStack Systems, Inc.) R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384840 2013-08-07] (BlueStack Systems, Inc.) S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [93016 2014-04-08] (EasyAntiCheat Ltd) R2 IswSvc; C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe [828072 2012-11-22] (Check Point Software Technologies) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165144 2012-03-29] (Intel Corporation) R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-02-26] (LogMeIn, Inc.) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1617352 2014-04-02] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [20542408 2014-04-02] (NVIDIA Corporation) S3 OverwolfUpdaterService; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [99616 2014-03-05] (Overwolf LTD) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2013-09-09] () R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [2447888 2013-01-29] (Check Point Software Technologies LTD) R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-21] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [70984 2013-08-07] (BlueStack Systems) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-11-11] (Disc Soft Ltd) R2 ISWKL; C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [33712 2012-11-22] (Check Point Software Technologies) U5 klflt; C:\Windows\System32\Drivers\klflt.sys [89432 2012-11-15] (Kaspersky Lab) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [611160 2012-11-15] (Kaspersky Lab) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-10] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-21] (NVIDIA Corporation) S1 StarOpen; C:\Windows\SysWow64\Drivers\StarOpen.sys [5632 2006-07-24] () R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [450136 2012-12-13] (Check Point Software Technologies LTD) S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\1.3\temp\FairplayKD.sys [X] U0 KL1; S3 MSICDSetup; \??\D:\CDriver64.sys [X] S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X] S3 xhunter1; \??\C:\Windows\xhunter1.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-09 15:26 - 2014-04-09 15:26 - 00001155 _____ () C:\Users\Christopher\Desktop\mbam.txt 2014-04-09 15:05 - 2014-04-10 19:35 - 00000000 ____D () C:\Users\Christopher\Desktop\Sicherheit 2014-04-09 14:59 - 2014-04-09 14:59 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-04-09 14:59 - 2014-04-09 14:59 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-04-09 14:59 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-04-09 14:59 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-04-09 14:59 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-04-09 14:38 - 2014-04-09 14:38 - 00001268 _____ () C:\Users\Christopher\Desktop\Revo Uninstaller.lnk 2014-04-09 14:38 - 2014-04-09 14:38 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-04-09 13:39 - 2014-04-10 19:39 - 00000000 ____D () C:\FRST 2014-04-09 13:37 - 2014-04-09 13:37 - 00005186 _____ () C:\Users\Christopher\Desktop\archiv2.txt 2014-04-09 13:36 - 2014-04-09 13:36 - 00001211 _____ () C:\Users\Christopher\Desktop\Archiv.txt 2014-04-08 21:02 - 2014-04-10 19:17 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-08 21:02 - 2014-04-08 21:02 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-04-08 20:33 - 2014-04-08 20:39 - 00093016 _____ (EasyAntiCheat Ltd) C:\Windows\SysWOW64\EasyAntiCheat.exe 2014-04-08 20:22 - 2014-04-08 20:24 - 00000000 ____D () C:\Users\Christopher\AppData\Local\NVIDIA Corporation 2014-04-08 20:22 - 2014-04-02 15:28 - 01225920 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll 2014-04-08 20:22 - 2014-04-02 15:28 - 01081112 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll 2014-04-08 20:21 - 2014-03-21 21:43 - 00040392 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys 2014-04-08 20:21 - 2014-03-21 21:43 - 00037320 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll 2014-04-08 20:21 - 2014-03-21 21:43 - 00033568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll 2014-04-08 20:17 - 2014-04-08 20:17 - 00000222 _____ () C:\Users\Christopher\Desktop\Magicka Wizard Wars.url 2014-04-08 19:59 - 2014-04-08 20:24 - 00000000 ____D () C:\Users\Christopher\AppData\Local\NVIDIA 2014-04-08 19:55 - 2014-03-04 13:32 - 00599840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe 2014-04-04 22:05 - 2014-04-04 22:05 - 00001048 _____ () C:\Users\Christopher\Desktop\TERA.lnk 2014-04-04 17:24 - 2014-02-28 21:47 - 00000000 ____D () C:\Users\Christopher\Desktop\Minecraft Cracked 2014-03-30 17:11 - 2014-03-30 17:11 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf4c2a5dbd0a51.job 2014-03-29 20:58 - 2014-03-29 20:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-03-25 20:31 - 2014-03-26 00:04 - 00000015 _____ () C:\Users\Christopher\Desktop\Samp.txt 2014-03-25 17:24 - 2014-03-25 17:24 - 00001063 _____ () C:\Users\Christopher\Desktop\Notepad++.lnk 2014-03-25 17:24 - 2014-03-25 17:24 - 00000000 ____D () C:\Users\Christopher\AppData\Roaming\Notepad++ 2014-03-25 17:24 - 2014-03-25 17:24 - 00000000 ____D () C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++ 2014-03-25 17:24 - 2014-03-25 17:24 - 00000000 ____D () C:\Program Files (x86)\Notepad++ 2014-03-25 17:12 - 2014-03-25 17:12 - 00001762 _____ () C:\Users\Christopher\Desktop\starbound_opengl - Verknüpfung.lnk 2014-03-25 17:08 - 2014-03-25 17:08 - 00002266 _____ () C:\Users\Christopher\Desktop\Starbound Update 7.1.lnk 2014-03-25 17:07 - 2011-03-30 20:35 - 00292184 ____N (Microsoft Corporation) C:\Users\Christopher\Desktop\dxwebsetup.exe 2014-03-25 17:04 - 2014-03-27 19:13 - 00000000 ____D () C:\Program Files (x86)\Starbound Update 7.1 2014-03-25 15:33 - 2014-04-09 15:30 - 00000000 ____D () C:\AdwCleaner 2014-03-21 16:09 - 2014-03-21 16:09 - 00000000 ____D () C:\Users\Christopher\AppData\Local\Skype 2014-03-21 16:08 - 2014-03-21 16:08 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk 2014-03-20 23:03 - 2014-03-20 23:03 - 15783992 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll 2014-03-20 23:03 - 2014-03-20 23:03 - 11589272 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll 2014-03-20 23:03 - 2014-03-20 23:03 - 09690424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll 2014-03-20 23:03 - 2014-03-20 23:03 - 00832936 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 31474976 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 25255256 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 23716640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 17755424 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 12708128 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys 2014-03-20 23:02 - 2014-03-20 23:02 - 11636176 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 09728064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 03143456 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 02958792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 02783008 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 02715264 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 02411976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 01885472 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433523.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 01516488 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433523.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 01515296 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 00892704 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 00877856 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 00863064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 00846168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 00484296 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 00409544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 00377688 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 00353504 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 00333600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 00197408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys 2014-03-20 23:02 - 2014-03-20 23:02 - 00174296 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 00148016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll 2014-03-20 21:36 - 2014-03-20 21:36 - 00000221 _____ () C:\Users\Christopher\Desktop\Men of War Assault Squad.url 2014-03-12 14:08 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll 2014-03-12 14:08 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll 2014-03-12 14:08 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll 2014-03-12 14:07 - 2014-03-01 08:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-03-12 14:07 - 2014-03-01 07:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-03-12 14:07 - 2014-03-01 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-03-12 14:07 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-03-12 14:07 - 2014-03-01 06:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-03-12 14:07 - 2014-03-01 06:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-03-12 14:07 - 2014-03-01 06:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-03-12 14:07 - 2014-03-01 06:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-03-12 14:07 - 2014-03-01 06:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-03-12 14:07 - 2014-03-01 06:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-03-12 14:07 - 2014-03-01 06:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-03-12 14:07 - 2014-03-01 06:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-03-12 14:07 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-03-12 14:07 - 2014-03-01 06:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-03-12 14:07 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-03-12 14:07 - 2014-03-01 06:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-03-12 14:07 - 2014-03-01 06:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-03-12 14:07 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-03-12 14:07 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-03-12 14:07 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-03-12 14:07 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-03-12 14:07 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-03-12 14:07 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-03-12 14:07 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-03-12 14:07 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-03-12 14:07 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-03-12 14:07 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-03-12 14:07 - 2014-03-01 05:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-03-12 14:07 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-03-12 14:07 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-03-12 14:07 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-03-12 14:07 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-03-12 14:07 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-03-12 14:07 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-03-12 14:07 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-03-12 14:07 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-03-12 14:07 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-03-12 14:07 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-03-12 14:07 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-03-12 14:07 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-03-12 14:07 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-03-12 14:07 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-03-12 14:07 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-03-12 14:07 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2014-03-12 14:07 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll ==================== One Month Modified Files and Folders ======= 2014-04-10 19:40 - 2013-04-21 15:30 - 00000000 ____D () C:\Users\Christopher\AppData\Roaming\Skype 2014-04-10 19:39 - 2014-04-09 13:39 - 00000000 ____D () C:\FRST 2014-04-10 19:39 - 2013-03-17 19:09 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-04-10 19:35 - 2014-04-09 15:05 - 00000000 ____D () C:\Users\Christopher\Desktop\Sicherheit 2014-04-10 19:17 - 2014-04-08 21:02 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-10 17:17 - 2013-10-06 11:37 - 01962176 _____ () C:\Windows\WindowsUpdate.log 2014-04-10 16:35 - 2013-11-30 23:14 - 00000000 ____D () C:\Users\Christopher\AppData\Roaming\Spotify 2014-04-10 16:32 - 2013-11-30 23:15 - 00000000 ____D () C:\Users\Christopher\AppData\Local\Spotify 2014-04-10 15:24 - 2013-03-02 11:35 - 00000000 ____D () C:\Users\Christopher\AppData\Local\LogMeIn Hamachi 2014-04-10 15:20 - 2013-08-16 01:13 - 00000000 ____D () C:\Windows\system32\MRT 2014-04-10 15:20 - 2012-01-06 12:03 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-04-10 15:20 - 2009-07-14 06:45 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-04-10 15:20 - 2009-07-14 06:45 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-04-10 15:17 - 2013-03-02 10:28 - 00000000 ____D () C:\Users\Christopher\AppData\Roaming\TS3Client 2014-04-10 15:17 - 2011-04-12 09:43 - 00781554 _____ () C:\Windows\system32\perfh007.dat 2014-04-10 15:17 - 2011-04-12 09:43 - 00179804 _____ () C:\Windows\system32\perfc007.dat 2014-04-10 15:17 - 2009-07-14 07:13 - 01830186 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-10 15:11 - 2013-12-06 22:14 - 00014292 _____ () C:\Windows\setupact.log 2014-04-10 15:11 - 2013-09-20 13:07 - 00000000 ____D () C:\Users\Christopher\AppData\Local\Overwolf 2014-04-10 15:11 - 2013-06-04 18:39 - 00000000 ___RD () C:\Users\Christopher\Dropbox 2014-04-10 15:11 - 2013-06-04 18:33 - 00000000 ____D () C:\Users\Christopher\AppData\Roaming\Dropbox 2014-04-10 15:08 - 2013-02-25 23:39 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-04-09 15:31 - 2013-12-09 17:08 - 00062336 _____ () C:\Windows\PFRO.log 2014-04-09 15:30 - 2014-03-25 15:33 - 00000000 ____D () C:\AdwCleaner 2014-04-09 15:26 - 2014-04-09 15:26 - 00001155 _____ () C:\Users\Christopher\Desktop\mbam.txt 2014-04-09 14:59 - 2014-04-09 14:59 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-04-09 14:59 - 2014-04-09 14:59 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-04-09 14:52 - 2014-01-07 02:34 - 00000000 ____D () C:\Users\Christopher\AppData\Roaming\Bonanza 2014-04-09 14:38 - 2014-04-09 14:38 - 00001268 _____ () C:\Users\Christopher\Desktop\Revo Uninstaller.lnk 2014-04-09 14:38 - 2014-04-09 14:38 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-04-09 13:37 - 2014-04-09 13:37 - 00005186 _____ () C:\Users\Christopher\Desktop\archiv2.txt 2014-04-09 13:36 - 2014-04-09 13:36 - 00001211 _____ () C:\Users\Christopher\Desktop\Archiv.txt 2014-04-08 22:16 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Vss 2014-04-08 22:16 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\IME 2014-04-08 21:02 - 2014-04-08 21:02 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-04-08 20:39 - 2014-04-08 20:33 - 00093016 _____ (EasyAntiCheat Ltd) C:\Windows\SysWOW64\EasyAntiCheat.exe 2014-04-08 20:24 - 2014-04-08 20:22 - 00000000 ____D () C:\Users\Christopher\AppData\Local\NVIDIA Corporation 2014-04-08 20:24 - 2014-04-08 19:59 - 00000000 ____D () C:\Users\Christopher\AppData\Local\NVIDIA 2014-04-08 20:24 - 2013-02-25 23:39 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation 2014-04-08 20:22 - 2013-02-25 23:39 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation 2014-04-08 20:22 - 2013-02-25 23:38 - 00000000 ____D () C:\Program Files\NVIDIA Corporation 2014-04-08 20:17 - 2014-04-08 20:17 - 00000222 _____ () C:\Users\Christopher\Desktop\Magicka Wizard Wars.url 2014-04-08 20:17 - 2013-03-17 19:16 - 00000000 ____D () C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2014-04-05 18:23 - 2013-09-03 11:13 - 00000000 ____D () C:\Program Files (x86)\Electronic Arts 2014-04-05 18:22 - 2013-09-07 19:13 - 00000000 ____D () C:\Users\Christopher\AppData\Roaming\Meine Der Herr der Ringe™, Aufstieg des Hexenkönigs™-Dateien 2014-04-05 15:58 - 2013-08-23 13:47 - 00000000 ____D () C:\Users\Christopher\AppData\Roaming\.minecraft 2014-04-05 15:52 - 2014-03-02 14:40 - 00000000 ____D () C:\Program Files (x86)\Heroes & Generals 2014-04-04 22:06 - 2013-08-11 13:56 - 00000000 ____D () C:\Program Files (x86)\TERA 2014-04-04 22:05 - 2014-04-04 22:05 - 00001048 _____ () C:\Users\Christopher\Desktop\TERA.lnk 2014-04-04 22:04 - 2013-03-02 10:24 - 00000000 ____D () C:\Ubisoft 2014-04-04 22:04 - 2013-02-25 22:44 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-04-04 17:26 - 2013-08-23 13:47 - 00356864 _____ () C:\Users\Christopher\Desktop\Minecraft.exe 2014-04-04 17:10 - 2013-07-25 11:42 - 00000000 ____D () C:\Users\Christopher\AppData\Local\Akamai 2014-04-04 17:08 - 2013-02-28 22:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-04-03 09:51 - 2014-04-09 14:59 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-04-03 09:51 - 2014-04-09 14:59 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-04-03 09:50 - 2014-04-09 14:59 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-04-02 15:28 - 2014-04-08 20:22 - 01225920 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll 2014-04-02 15:28 - 2014-04-08 20:22 - 01081112 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll 2014-03-30 17:11 - 2014-03-30 17:11 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf4c2a5dbd0a51.job 2014-03-29 20:58 - 2014-03-29 20:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-03-29 14:51 - 2013-03-02 10:28 - 00000000 ____D () C:\Program Files (x86)\Ubisoft 2014-03-28 22:11 - 2013-12-12 20:39 - 00000000 ____D () C:\Users\Christopher\AppData\Local\Battle.net 2014-03-27 19:13 - 2014-03-25 17:04 - 00000000 ____D () C:\Program Files (x86)\Starbound Update 7.1 2014-03-26 17:43 - 2013-02-28 22:37 - 00000000 ____D () C:\Users\Christopher 2014-03-26 00:04 - 2014-03-25 20:31 - 00000015 _____ () C:\Users\Christopher\Desktop\Samp.txt 2014-03-25 17:24 - 2014-03-25 17:24 - 00001063 _____ () C:\Users\Christopher\Desktop\Notepad++.lnk 2014-03-25 17:24 - 2014-03-25 17:24 - 00000000 ____D () C:\Users\Christopher\AppData\Roaming\Notepad++ 2014-03-25 17:24 - 2014-03-25 17:24 - 00000000 ____D () C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++ 2014-03-25 17:24 - 2014-03-25 17:24 - 00000000 ____D () C:\Program Files (x86)\Notepad++ 2014-03-25 17:12 - 2014-03-25 17:12 - 00001762 _____ () C:\Users\Christopher\Desktop\starbound_opengl - Verknüpfung.lnk 2014-03-25 17:08 - 2014-03-25 17:08 - 00002266 _____ () C:\Users\Christopher\Desktop\Starbound Update 7.1.lnk 2014-03-25 17:08 - 2013-02-28 23:21 - 00000000 ___HD () C:\Windows\msdownld.tmp 2014-03-25 17:08 - 2013-02-28 23:21 - 00000000 ____D () C:\Windows\SysWOW64\directx 2014-03-25 15:43 - 2013-10-13 01:54 - 00001442 _____ () C:\Users\Christopher\Desktop\Chrome-App-Übersicht.lnk 2014-03-25 15:37 - 2013-10-13 01:54 - 00000000 ____D () C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-03-25 15:37 - 2013-10-13 01:51 - 00001282 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-03-25 15:37 - 2013-02-28 22:57 - 00001053 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-03-25 15:37 - 2013-02-28 22:37 - 00001007 _____ () C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-03-25 15:37 - 2013-02-28 22:37 - 00000000 ___RD () C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-03-22 22:29 - 2013-12-12 20:39 - 00000000 ____D () C:\Program Files (x86)\Battle.net 2014-03-21 21:43 - 2014-04-08 20:21 - 00040392 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys 2014-03-21 21:43 - 2014-04-08 20:21 - 00037320 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll 2014-03-21 21:43 - 2014-04-08 20:21 - 00033568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll 2014-03-21 16:09 - 2014-03-21 16:09 - 00000000 ____D () C:\Users\Christopher\AppData\Local\Skype 2014-03-21 16:08 - 2014-03-21 16:08 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk 2014-03-21 16:08 - 2013-04-21 15:30 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-03-21 16:08 - 2013-04-21 15:30 - 00000000 ____D () C:\ProgramData\Skype 2014-03-20 23:03 - 2014-03-20 23:03 - 15783992 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll 2014-03-20 23:03 - 2014-03-20 23:03 - 11589272 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll 2014-03-20 23:03 - 2014-03-20 23:03 - 09690424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll 2014-03-20 23:03 - 2014-03-20 23:03 - 00832936 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll 2014-03-20 23:03 - 2013-09-17 22:22 - 18302384 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll 2014-03-20 23:03 - 2013-09-17 22:22 - 00947808 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll 2014-03-20 23:03 - 2013-02-25 23:39 - 00062408 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll 2014-03-20 23:03 - 2013-02-25 23:39 - 00054216 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 31474976 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 25255256 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 23716640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 17755424 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 12708128 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys 2014-03-20 23:02 - 2014-03-20 23:02 - 11636176 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 09728064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 03143456 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 02958792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 02783008 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 02715264 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 02411976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 01885472 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433523.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 01516488 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433523.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 01515296 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 00892704 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 00877856 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 00863064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 00846168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 00484296 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 00409544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 00377688 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 00353504 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 00333600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 00197408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys 2014-03-20 23:02 - 2014-03-20 23:02 - 00174296 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 00148016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll 2014-03-20 23:02 - 2014-03-20 23:02 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll 2014-03-20 23:02 - 2013-09-17 22:22 - 14709720 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll 2014-03-20 23:02 - 2013-09-17 22:22 - 03093280 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll 2014-03-20 23:02 - 2013-02-25 23:38 - 00024544 _____ () C:\Windows\system32\nvinfo.pb 2014-03-20 22:48 - 2013-05-28 16:35 - 00000000 ____D () C:\Users\Christopher\Documents\My Games 2014-03-20 22:47 - 2013-12-08 23:08 - 00070508 _____ () C:\Windows\DirectX.log 2014-03-20 21:36 - 2014-03-20 21:36 - 00000221 _____ () C:\Users\Christopher\Desktop\Men of War Assault Squad.url 2014-03-19 16:02 - 2013-09-20 13:08 - 00000000 ____D () C:\Program Files (x86)\Overwolf 2014-03-15 18:52 - 2014-01-16 21:46 - 00000000 ____D () C:\Program Files (x86)\Hearthstone 2014-03-15 12:01 - 2013-02-28 23:19 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-03-15 12:01 - 2013-02-28 23:19 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-03-15 12:01 - 2013-02-28 23:19 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-03-14 16:05 - 2009-07-14 06:45 - 00276968 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-03-14 16:04 - 2013-10-22 01:31 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-03-14 16:04 - 2013-10-22 01:31 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2014-03-13 17:24 - 2013-03-02 10:27 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client Files to move or delete: ==================== C:\Users\Christopher\AppData\Roaming\skype.ini C:\ProgramData\0od37.bat C:\ProgramData\0od37.pad C:\ProgramData\0od37.reg C:\ProgramData\8ejf2.bat C:\ProgramData\8ejf2.pad C:\ProgramData\8ejf2.reg C:\ProgramData\ofbh.pad Some content of TEMP: ==================== C:\Users\Christopher\AppData\Local\Temp\AutoRun.exe C:\Users\Christopher\AppData\Local\Temp\AutoRunGUI.dll C:\Users\Christopher\AppData\Local\Temp\EAInstall.dll C:\Users\Christopher\AppData\Local\Temp\eauninstall.exe C:\Users\Christopher\AppData\Local\Temp\Quarantine.exe C:\Users\Christopher\AppData\Local\Temp\runprog.exe C:\Users\Christopher\AppData\Local\Temp\The Lord of the Rings, The Rise of the Witch-king_uninst.exe C:\Users\Christopher\AppData\Local\Temp\xmlUpdater.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-06-14 17:39 ==================== End Of Log ============================ --- --- --- --- --- --- |
11.04.2014, 07:00 | #6 |
/// the machine /// TB-Ausbilder | [Win7] Eingabeaufforderung/CMD schließt sich sodort nach dem Öfnen Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\ProgramData\0od37.bat C:\ProgramData\8ejf2.bat C:\ProgramData\sdaksda.txt HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] - rmdir /s /q "\SearchProtect" HKU\S-1-5-21-1243158617-1119941495-1123096171-1001\...\Command Processor: <===== ATTENTION! AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => "C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" File Not Found C:\Users\Christopher\AppData\Roaming\skype.ini C:\ProgramData\0od37.bat C:\ProgramData\0od37.pad C:\ProgramData\0od37.reg C:\ProgramData\8ejf2.bat C:\ProgramData\8ejf2.pad C:\ProgramData\8ejf2.reg C:\ProgramData\ofbh.pad Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ --> [Win7] Eingabeaufforderung/CMD schließt sich sodort nach dem Öfnen |
12.04.2014, 13:27 | #7 |
| [Win7] Eingabeaufforderung/CMD schließt sich sodort nach dem Öfnen Danke Schrauber vielen danke alle Probleme sind gelöst und das Einwandfrei warst echt ne super Hilfe danke nochmal |
13.04.2014, 16:50 | #8 |
/// the machine /// TB-Ausbilder | [Win7] Eingabeaufforderung/CMD schließt sich sodort nach dem Öfnen Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Themen zu [Win7] Eingabeaufforderung/CMD schließt sich sodort nach dem Öfnen |
akamai, antivirus, avira, bluestacks, browser, cmd offnet nicht, desktop, eingabeaufforderung, error, failed, fehler, flash player, google, home, homepage, iexplore.exe, installation, kaspersky, linkury, mozilla, msiinstaller, object, outbound, realtek, refresh, registry, rootkit, scan, security, software, spotify web helper, system, teamspeak |