| |
| |||||||
Log-Analyse und Auswertung: Windows 8: ungewollte Werbung bei SteamWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
01.06.2014, 09:09
| #1 |
| |  Windows 8: ungewollte Werbung bei Steam Hallo, Ich habe seit einigen Tagen das Problem, dass wenn ich bei Steam im Shop irgendwas anklicke, sich ein Popup über den Steambrowser öffnet. Ich benutze Avira und hab schon Malwarebytes durchlaufen lassen.Malwarebytes hat was gefunden, hab es aber gelöscht und kann jetzt die Logs hier nicht posten. Hab nur das: Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 30.05.2014 Suchlauf-Zeit: 20:30:20 Logdatei: suchlauf_protokoll_malwarebytes.txt Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.05.30.08 Rootkit Datenbank: v2014.05.21.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Self-protection: Deaktiviert Betriebssystem: Windows 8 CPU: x64 Dateisystem: NTFS Benutzer: Hoang Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 271272 Verstrichene Zeit: 13 Min, 56 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristics: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 0 (No malicious items detected) Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 0 (No malicious items detected) Physische Sektoren: 0 (No malicious items detected) (end) Schonmal Danke im Voraus. |
|
01.06.2014, 09:28
| #2 |
| /// the machine /// TB-Ausbilder    | Windows 8: ungewollte Werbung bei Steam hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
01.06.2014, 10:19
| #3 |
| | Windows 8: ungewollte Werbung bei Steam Ich kann die Datei nicht öffnen, wurde durch Windows blockiert, weil es "schädlich" ist.
__________________ |
|
02.06.2014, 10:07
| #4 |
| /// the machine /// TB-Ausbilder | Windows 8: ungewollte Werbung bei Steam Auf mehr Informationen klicken, dann auf trotzdem ausführen.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
02.06.2014, 14:44
| #5 |
| | Windows 8: ungewollte Werbung bei Steam Ah danke ^^, Hier ist die FRST: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-06-2014 Ran by Hoang (administrator) on MIEP-PC on 02-06-2014 15:40:17 Running from C:\Users\Hoang\Desktop Platform: Windows 8 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe () C:\Program Files (x86)\Pirrit\AutoUpdater.exe () C:\Windows\SysWOW64\PnkBstrA.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe () C:\Users\Hoang\AppData\Local\5ccf9f5034cbd628f96dfef491f2d7b1\3c4ee9082da815d.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe () C:\Users\Hoang\AppData\Local\5ccf9f5034cbd628f96dfef491f2d7b1\8d9701a125fd749.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe () C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Akamai Technologies, Inc.) C:\Users\Hoang\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) C:\Users\Hoang\AppData\Local\Akamai\netsession_win.exe () C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe (Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe () C:\Program Files (x86)\puush\puush.exe (ROCCAT) C:\Program Files (x86)\ROCCAT\Lua Mouse\Lua Config.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\TiWorker.exe (Microsoft Corporation) C:\Windows\System32\msiexec.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2012-09-19] (Hewlett-Packard ) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-09-19] (IDT, Inc.) HKLM\...\Run: [ShadowPlay] => C:\windows\system32\nvspcap64.dll [1179576 2014-01-21] (NVIDIA Corporation) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-01-21] (NVIDIA Corporation) HKLM-x32\...\Run: [CLMLServer_For_P2G8] => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink) HKLM-x32\...\Run: [CLVirtualDrive] => c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-02] (CyberLink Corp.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3814736 2014-05-13] (LogMeIn Inc.) HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [183376 2014-05-14] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [737872 2014-05-09] (Avira Operations GmbH & Co. KG) HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-05-27] (Hewlett-Packard) HKU\S-1-5-21-3899298961-605761135-190624624-1001\...\Run: [Pando Media Booster] => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2013-02-08] () HKU\S-1-5-21-3899298961-605761135-190624624-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [18706176 2013-01-08] (Skype Technologies S.A.) HKU\S-1-5-21-3899298961-605761135-190624624-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Hoang\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.) HKU\S-1-5-21-3899298961-605761135-190624624-1001\...\Run: [KPeerNexonEU] => C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe [438272 2013-06-03] (NEXON Inc.) HKU\S-1-5-21-3899298961-605761135-190624624-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd) HKU\S-1-5-21-3899298961-605761135-190624624-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3588952 2014-04-25] (Electronic Arts) HKU\S-1-5-21-3899298961-605761135-190624624-1001\...\Run: [puush] => C:\Program Files (x86)\puush\puush.exe [567880 2014-02-05] () HKU\S-1-5-21-3899298961-605761135-190624624-1001\...\MountPoints2: {37b830c9-7161-11e2-be6d-806e6f6e6963} - "E:\Launch.exe" HKU\S-1-5-21-3899298961-605761135-190624624-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Pando Media Booster] => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2013-02-08] () HKU\S-1-5-21-3899298961-605761135-190624624-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [18706176 2013-01-08] (Skype Technologies S.A.) HKU\S-1-5-21-3899298961-605761135-190624624-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Akamai NetSession Interface] => C:\Users\Hoang\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.) HKU\S-1-5-21-3899298961-605761135-190624624-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [KPeerNexonEU] => C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe [438272 2013-06-03] (NEXON Inc.) HKU\S-1-5-21-3899298961-605761135-190624624-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd) HKU\S-1-5-21-3899298961-605761135-190624624-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3588952 2014-04-25] (Electronic Arts) HKU\S-1-5-21-3899298961-605761135-190624624-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [puush] => C:\Program Files (x86)\puush\puush.exe [567880 2014-02-05] () HKU\S-1-5-21-3899298961-605761135-190624624-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {01149384-1569-11e3-be93-10604b5ccc3a} - "G:\setup.exe" HKU\S-1-5-21-3899298961-605761135-190624624-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {37b830c9-7161-11e2-be6d-806e6f6e6963} - "E:\Launch.exe" HKU\S-1-5-21-3899298961-605761135-190624624-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [Pando Media Booster] => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2013-02-08] () HKU\S-1-5-21-3899298961-605761135-190624624-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [18706176 2013-01-08] (Skype Technologies S.A.) HKU\S-1-5-21-3899298961-605761135-190624624-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [Akamai NetSession Interface] => C:\Users\Hoang\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.) HKU\S-1-5-21-3899298961-605761135-190624624-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [KPeerNexonEU] => C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe [438272 2013-06-03] (NEXON Inc.) HKU\S-1-5-21-3899298961-605761135-190624624-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd) HKU\S-1-5-21-3899298961-605761135-190624624-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3588952 2014-04-25] (Electronic Arts) HKU\S-1-5-21-3899298961-605761135-190624624-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [puush] => C:\Program Files (x86)\puush\puush.exe [567880 2014-02-05] () HKU\S-1-5-21-3899298961-605761135-190624624-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\MountPoints2: {01149384-1569-11e3-be93-10604b5ccc3a} - "G:\setup.exe" HKU\S-1-5-21-3899298961-605761135-190624624-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\MountPoints2: {37b830c9-7161-11e2-be6d-806e6f6e6963} - "E:\Launch.exe" Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Lua Driver.lnk ShortcutTarget: Lua Driver.lnk -> C:\Program Files (x86)\ROCCAT\Lua Mouse\Lua Config.exe (ROCCAT) Startup: C:\Users\Hoang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () ==================== Internet (Whitelisted) ==================== ProxyEnable: Internet Explorer proxy is enabled. ProxyServer: http=127.0.0.1:34224 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = eseeky HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login. HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = Nation Search SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF SearchScopes: HKLM - {D17AA79F-6794-48CF-9478-3BB89D4B65B3} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = Electronics, Cars, Fashion, Collectibles, Coupons and More | eBay ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.chatzum.com/?orig=DS&affid=62&cztbid=437211471&q={searchTerms} SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.chatzum.com/?orig=DS&affid=62&cztbid=437211471&q={searchTerms} SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF SearchScopes: HKLM-x32 - {D17AA79F-6794-48CF-9478-3BB89D4B65B3} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = Electronics, Cars, Fashion, Collectibles, Coupons and More | eBay ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} SearchScopes: HKCU - DefaultScope {A8105727-97B2-4B68-8BA5-57150A17B1B3} URL = hxxp://eseeky.com/ws/?tbp=rst&q={searchTerms} SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.chatzum.com/?orig=DS&affid=62&cztbid=437211471&q={searchTerms} SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF SearchScopes: HKCU - {A8105727-97B2-4B68-8BA5-57150A17B1B3} URL = hxxp://eseeky.com/ws/?tbp=rst&q={searchTerms} SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF SearchScopes: HKCU - {D17AA79F-6794-48CF-9478-3BB89D4B65B3} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = Electronics, Cars, Fashion, Collectibles, Coupons and More | eBay ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: IEExtension.Extension - {d40c654d-7c51-4eb3-95b2-1e23905c2a2d} - C:\windows\SysWOW64\mscoree.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\Hoang\AppData\Roaming\Mozilla\Firefox\Profiles\ex1mu0gu.default FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll () FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll () FF Plugin-x32: @esn/npbattlelog,version=2.3.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.13.2 - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.13.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npNxGameEU.dll (Nexon) FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Hoang\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: YouTube Unblocker - C:\Users\Hoang\AppData\Roaming\Mozilla\Firefox\Profiles\ex1mu0gu.default\Extensions\youtubeunblocker@unblocker.yt [2014-05-24] FF Extension: NoScript - C:\Users\Hoang\AppData\Roaming\Mozilla\Firefox\Profiles\ex1mu0gu.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-05-17] FF Extension: Adblock Plus - C:\Users\Hoang\AppData\Roaming\Mozilla\Firefox\Profiles\ex1mu0gu.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-17] Chrome: ======= CHR HomePage: hxxp://www.eseeky.com CHR StartupUrls: "hxxp://www.eseeky.com" CHR DefaultSearchKeyword: eseeky CHR DefaultSearchProvider: eseeky CHR DefaultSearchURL: hxxp://eseeky.com/ws/?tbp=rst&q={searchTerms} CHR DefaultNewTabURL: CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\pdf.dll () CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) CHR Plugin: (Java(TM) Platform SE 7 U13) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (Nexon Game Controller) - C:\ProgramData\NexonEU\NGM\npNxGameEU.dll (Nexon) CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll No File CHR Plugin: (Java Deployment Toolkit 7.0.130.20) - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) CHR Extension: (Google Docs) - C:\Users\Hoang\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-06-20] CHR Extension: (Google Drive) - C:\Users\Hoang\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-20] CHR Extension: (YouTube) - C:\Users\Hoang\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-20] CHR Extension: (Google-Suche) - C:\Users\Hoang\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-20] CHR Extension: (Google Wallet) - C:\Users\Hoang\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-04] CHR Extension: (Google Mail) - C:\Users\Hoang\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-20] ==================== Services (Whitelisted) ================= R2 3c4ee9082da815d.exe; C:\Users\Hoang\AppData\Local\5ccf9f5034cbd628f96dfef491f2d7b1\3c4ee9082da815d.exe [93696 2014-05-27] () R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-05-09] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-05-09] (Avira Operations GmbH & Co. KG) R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [123984 2014-05-14] (Avira Operations GmbH & Co. KG) R2 HPConnectedRemote; c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35232 2012-08-29] (Hewlett-Packard) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation) R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-04-15] (LogMeIn, Inc.) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-01-21] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16939296 2014-01-21] (NVIDIA Corporation) R2 PirritUpdater; C:\Program Files (x86)\Pirrit\AutoUpdater.exe [55296 2013-12-02] () R2 PnkBstrA; C:\windows\SysWOW64\PnkBstrA.exe [76888 2014-02-16] () S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation) S2 d35d1fefe712838.exe; C:\Users\Hoang\AppData\Local\9c8e5f111312b248b5f48516f8664940\d35d1fefe712838.exe [X] ==================== Drivers (Whitelisted) ==================== R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [112080 2014-05-09] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [130584 2014-05-09] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-05-09] (Avira Operations GmbH & Co. KG) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink) R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283200 2013-09-07] (DT Soft Ltd) R3 hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [46136 2014-05-13] (LogMeIn Inc.) R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-02] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation) R3 RegFltrX64; C:\Users\Hoang\AppData\Local\5ccf9f5034cbd628f96dfef491f2d7b1\RegFltrX64.sys [18064 2014-05-27] () R3 tilfilter; C:\Windows\System32\drivers\TIxHCIlfilter.sys [17528 2012-11-20] (Texas Instruments, Inc.) R3 tiufilter; C:\Windows\System32\drivers\TIxHCIufilter.sys [23184 2012-11-20] (Texas Instruments, Inc.) S3 EagleX64; \??\C:\windows\system32\drivers\EagleX64.sys [X] S3 xhunter1; \??\C:\windows\xhunter1.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-06-02 15:40 - 2014-06-02 15:40 - 00027345 _____ () C:\Users\Hoang\Desktop\FRST.txt 2014-06-02 15:39 - 2014-06-02 15:40 - 00000000 ____D () C:\FRST 2014-06-01 15:54 - 2014-06-01 15:54 - 00000000 ____D () C:\Users\Hoang\AppData\Local\5ccf9f5034cbd628f96dfef491f2d7b1 2014-06-01 11:22 - 2014-06-01 11:22 - 02067456 _____ (Farbar) C:\Users\Hoang\Desktop\FRST64.exe 2014-06-01 11:16 - 2014-06-01 11:16 - 02067456 _____ (Farbar) C:\Users\Hoang\Downloads\FRST64.exe 2014-06-01 10:00 - 2014-06-01 10:00 - 00001169 _____ () C:\Users\Hoang\Desktop\suchlauf_protokoll_malwarebytes.txt 2014-06-01 08:59 - 2014-06-01 08:59 - 00002772 _____ () C:\windows\System32\Tasks\CCleanerSkipUAC 2014-06-01 08:59 - 2014-06-01 08:59 - 00000000 ____D () C:\Program Files\CCleaner 2014-06-01 08:57 - 2014-06-01 08:57 - 04748896 _____ (Piriform Ltd) C:\Users\Hoang\Downloads\ccsetup414.exe 2014-05-31 10:25 - 2014-05-31 10:26 - 00259584 _____ (OldTimer Tools) C:\Users\Hoang\Downloads\OTH.scr 2014-05-30 19:59 - 2014-06-02 15:34 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-30 19:58 - 2014-05-30 19:58 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Hoang\Downloads\mbam-setup-2.0.2.1012(1).exe 2014-05-30 19:58 - 2014-05-30 19:58 - 00001104 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-05-30 19:58 - 2014-05-30 19:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-05-30 19:58 - 2014-05-30 19:58 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-05-30 19:58 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys 2014-05-30 19:58 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys 2014-05-30 19:58 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys 2014-05-29 14:46 - 2014-05-29 14:46 - 00000000 ____D () C:\Users\Hoang\AppData\Roaming\Avira 2014-05-29 14:40 - 2014-05-09 11:16 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys 2014-05-29 14:40 - 2014-05-09 11:16 - 00112080 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys 2014-05-29 14:40 - 2014-05-09 11:16 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avkmgr.sys 2014-05-29 14:39 - 2014-05-29 14:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-05-29 14:39 - 2014-05-29 14:40 - 00000000 ____D () C:\ProgramData\Avira 2014-05-29 14:39 - 2014-05-29 14:40 - 00000000 ____D () C:\Program Files (x86)\Avira 2014-05-29 14:39 - 2014-05-29 14:39 - 04536336 _____ (Avira Operations GmbH & Co. KG) C:\Users\Hoang\Downloads\avira_de_av_4006160815__ws.exe 2014-05-29 14:29 - 2014-05-29 14:29 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Hoang\Downloads\mbam-setup-2.0.2.1012.exe 2014-05-29 14:29 - 2014-05-29 14:29 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-05-28 20:58 - 2014-05-28 20:58 - 00342510 _____ () C:\Users\Hoang\Downloads\OptiFine_1.4.6_HD_D5.zip 2014-05-28 19:37 - 2014-05-28 19:37 - 00006384 _____ () C:\Users\Hoang\Downloads\1k18vtgw33x6d7a.dlc 2014-05-28 18:17 - 2014-05-30 14:37 - 00000000 ____D () C:\Users\Hoang\AppData\Local\4ff68f9b611df627146909e95ab1c403 2014-05-28 14:37 - 2014-05-28 14:38 - 00000000 ____D () C:\Users\Hoang\Downloads\assets 2014-05-28 14:37 - 2014-05-28 14:37 - 00000000 ____D () C:\Users\Hoang\Downloads\versions 2014-05-28 14:37 - 2014-05-28 14:37 - 00000000 ____D () C:\Users\Hoang\Downloads\libraries 2014-05-28 14:14 - 2014-05-29 20:15 - 00000000 ____D () C:\Users\Hoang\AppData\Local\ftblauncher 2014-05-28 09:22 - 2014-05-28 09:22 - 00000000 ____D () C:\Users\Hoang\AppData\Roaming\StunlockStudios 2014-05-18 10:35 - 2014-05-18 10:35 - 00000000 __SHD () C:\found.001 2014-05-18 10:18 - 2014-05-18 10:18 - 00000000 __SHD () C:\found.000 2014-05-18 09:54 - 2014-05-18 09:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\osu! 2014-05-17 20:51 - 2014-05-17 20:51 - 00000000 ____D () C:\Users\Hoang\AppData\Roaming\Awesomium 2014-05-17 20:50 - 2014-05-17 20:50 - 00002026 _____ () C:\Users\Public\Desktop\Smite.lnk 2014-05-17 20:50 - 2014-05-17 20:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios 2014-05-17 20:50 - 2014-05-17 20:50 - 00000000 ____D () C:\ProgramData\Hi-Rez Studios 2014-05-17 20:50 - 2014-05-17 20:50 - 00000000 ____D () C:\Program Files (x86)\Hi-Rez Studios 2014-05-17 20:49 - 2014-05-17 20:50 - 39967251 _____ (Hi-Rez Studios) C:\Users\Hoang\Downloads\InstallHiRezGamesEnglish.exe 2014-05-17 19:58 - 2014-05-17 19:58 - 00283144 _____ (Mozilla) C:\Users\Hoang\Downloads\Firefox Setup Stub 29.0.1.exe 2014-05-17 19:58 - 2014-05-17 19:58 - 00001161 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-05-17 19:56 - 2014-05-17 19:56 - 00003114 _____ () C:\windows\System32\Tasks\{9CF79E44-3096-42FA-8501-B0888A8F8F44} 2014-05-17 15:32 - 2014-06-01 17:47 - 00000000 ____D () C:\Program Files (x86)\Steam2 2014-05-17 15:12 - 2014-05-17 15:12 - 01141680 _____ () C:\Users\Hoang\Downloads\SteamSetup.exe 2014-05-16 17:08 - 2014-05-17 10:14 - 00000000 ____D () C:\Users\Hoang\AppData\Local\Arma 3 2014-05-16 17:08 - 2014-05-16 17:08 - 00000000 ____D () C:\Users\Hoang\Documents\Arma 3 2014-05-16 17:08 - 2014-05-16 17:08 - 00000000 ____D () C:\ProgramData\Bohemia Interactive 2014-05-16 15:17 - 2014-05-17 10:49 - 00000000 ____D () C:\Users\Hoang\Documents\Wichtig 2014-05-16 14:00 - 2014-05-16 14:00 - 06111731 _____ () C:\Users\Hoang\Downloads\LAN_Win7_7077.zip 2014-05-16 13:58 - 2014-05-16 13:58 - 00155838 _____ () C:\Users\Hoang\Downloads\Lan_Realtek_7.3.522.5009_W7x64_A.zip 2014-05-16 13:49 - 2014-05-16 13:49 - 04927173 _____ () C:\Users\Hoang\Downloads\INF_10.0.14.zip 2014-05-16 13:13 - 2014-05-16 13:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi 2014-05-16 13:13 - 2014-05-16 13:13 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi 2014-05-15 15:48 - 2014-03-28 10:23 - 19759104 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll 2014-05-15 15:48 - 2014-03-28 08:18 - 17562112 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll 2014-05-15 15:47 - 2014-04-12 11:10 - 00578048 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe 2014-05-15 15:47 - 2014-04-12 11:09 - 00588288 _____ (Microsoft Corporation) C:\windows\system32\SHCore.dll 2014-05-15 15:47 - 2014-04-12 11:08 - 01281536 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll 2014-05-15 15:47 - 2014-04-12 11:08 - 00827904 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll 2014-05-15 15:47 - 2014-04-12 11:08 - 00318464 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll 2014-05-15 15:47 - 2014-04-12 09:23 - 00273920 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll 2014-05-15 15:47 - 2014-04-12 09:22 - 00666624 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll 2014-05-15 15:47 - 2014-03-28 21:19 - 00035856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdBoot.sys 2014-05-15 15:47 - 2014-03-24 00:11 - 00269592 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdFilter.sys 2014-05-15 15:47 - 2014-03-11 05:32 - 06987096 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe 2014-05-15 15:47 - 2014-03-11 02:38 - 00982016 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll 2014-05-15 15:47 - 2014-03-11 02:38 - 00684032 _____ (Microsoft Corporation) C:\windows\system32\objsel.dll 2014-05-15 15:47 - 2014-03-11 02:38 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll 2014-05-15 15:47 - 2014-03-04 01:07 - 00570216 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys 2014-05-15 15:46 - 2014-04-12 11:27 - 00172888 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys 2014-05-15 15:46 - 2014-04-12 11:09 - 01043968 _____ (Microsoft Corporation) C:\windows\system32\usercpl.dll 2014-05-15 15:46 - 2014-04-12 11:09 - 00208896 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll 2014-05-15 15:46 - 2014-04-12 11:09 - 00094720 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll 2014-05-15 15:46 - 2014-04-12 11:08 - 00439808 _____ (Microsoft Corporation) C:\windows\system32\lsm.dll 2014-05-15 15:46 - 2014-04-12 11:07 - 00020480 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll 2014-05-15 15:46 - 2014-04-12 09:23 - 00961536 _____ (Microsoft Corporation) C:\windows\SysWOW64\usercpl.dll 2014-05-15 15:46 - 2014-04-12 09:23 - 00452608 _____ (Microsoft Corporation) C:\windows\SysWOW64\SHCore.dll 2014-05-15 15:46 - 2014-04-12 09:23 - 00178688 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll 2014-05-15 15:46 - 2014-04-12 09:23 - 00076800 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll 2014-05-15 15:46 - 2014-04-12 09:22 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll 2014-05-15 15:46 - 2014-04-12 08:58 - 00014848 _____ (Microsoft Corporation) C:\windows\system32\workerdd.dll 2014-05-15 15:46 - 2014-03-11 05:25 - 00100184 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys 2014-05-15 15:46 - 2014-03-11 02:41 - 00559104 _____ (Microsoft Corporation) C:\windows\SysWOW64\objsel.dll 2014-05-15 15:46 - 2014-03-11 02:41 - 00323072 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll 2014-05-15 15:46 - 2014-03-11 02:41 - 00038400 _____ (Microsoft Corporation) C:\windows\SysWOW64\dimsroam.dll 2014-05-15 15:46 - 2014-03-11 02:39 - 00035840 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe 2014-05-15 15:46 - 2014-03-11 02:38 - 00419328 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll 2014-05-15 15:46 - 2014-03-11 02:38 - 00179712 _____ (Microsoft Corporation) C:\windows\system32\dpapisrv.dll 2014-05-15 15:46 - 2014-03-11 02:38 - 00045056 _____ (Microsoft Corporation) C:\windows\system32\dimsroam.dll 2014-05-15 15:46 - 2014-03-11 02:38 - 00027648 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll 2014-05-15 15:46 - 2014-03-10 05:05 - 00668160 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll 2014-05-15 15:46 - 2014-03-10 03:27 - 00099840 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll 2014-05-15 15:45 - 2014-05-06 07:14 - 19274752 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2014-05-15 15:45 - 2014-05-06 07:14 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll 2014-05-15 15:45 - 2014-05-06 05:48 - 14367232 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2014-05-15 15:45 - 2014-05-06 05:48 - 00080384 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll 2014-05-15 15:45 - 2014-05-06 05:37 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2014-05-15 15:45 - 2014-05-06 05:26 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb 2014-05-15 15:45 - 2014-03-28 10:23 - 01287168 _____ (Microsoft Corporation) C:\windows\system32\schedsvc.dll 2014-05-15 15:45 - 2014-03-01 11:47 - 01258496 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll 2014-05-15 15:45 - 2014-03-01 11:47 - 01120768 _____ (Microsoft Corporation) C:\windows\system32\gpedit.dll 2014-05-15 15:45 - 2014-03-01 10:07 - 01075200 _____ (Microsoft Corporation) C:\windows\SysWOW64\gpedit.dll 2014-05-15 15:45 - 2014-03-01 08:59 - 00974848 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll 2014-05-15 15:45 - 2014-02-27 01:18 - 00621568 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv2.sys 2014-05-15 15:45 - 2014-02-27 01:18 - 00370688 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys 2014-05-15 15:45 - 2014-02-27 01:18 - 00247808 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srvnet.sys 2014-05-15 15:45 - 2014-02-27 01:18 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys 2014-05-15 15:45 - 2014-02-15 06:15 - 00078336 _____ (Microsoft Corporation) C:\windows\system32\Drivers\IPMIDrv.sys 2014-05-13 16:21 - 2014-05-13 16:28 - 05828846 _____ () C:\Users\Hoang\Downloads\01 Hört, Hört (Intro).m4a 2014-05-13 14:29 - 2014-05-13 14:29 - 00046136 ____H (LogMeIn Inc.) C:\windows\system32\Drivers\Hamdrv.sys 2014-05-10 22:04 - 2014-05-10 22:04 - 00000000 ____D () C:\Users\Hoang\Documents\Klei 2014-05-10 22:03 - 2014-05-29 14:45 - 00000000 ____D () C:\Program Files (x86)\Dont Starve Reign of Giants 2014-05-10 22:02 - 2014-05-10 22:02 - 00000000 ____D () C:\Users\Hoang\Documents\Dont.Starve.Reign.of.Giants-CODEX 2014-05-10 21:53 - 2014-05-10 21:54 - 350810614 _____ () C:\Users\Hoang\Downloads\Dont.Starve.Reign.of.Giants-CODEX.rar 2014-05-10 10:13 - 2014-05-17 19:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-05-06 14:30 - 2014-04-19 11:39 - 00628024 _____ (Microsoft Corporation) C:\windows\system32\NotificationUI.exe 2014-05-06 14:30 - 2014-04-19 10:45 - 00693760 _____ (Microsoft Corporation) C:\windows\system32\WSShared.dll 2014-05-06 14:30 - 2014-04-19 10:45 - 00163840 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2014-05-06 14:30 - 2014-04-19 08:57 - 00566784 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSShared.dll 2014-05-06 14:30 - 2014-04-19 08:57 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 2014-05-04 18:47 - 2014-05-04 18:47 - 65912202 _____ () C:\Users\Hoang\Downloads\PAYDAY 2 ENDGAME 1.01.zip ==================== One Month Modified Files and Folders ======= 2014-06-02 15:40 - 2014-06-02 15:40 - 00027345 _____ () C:\Users\Hoang\Desktop\FRST.txt 2014-06-02 15:40 - 2014-06-02 15:39 - 00000000 ____D () C:\FRST 2014-06-02 15:40 - 2013-02-08 10:24 - 00000000 ____D () C:\Users\Hoang\AppData\Local\PMB Files 2014-06-02 15:40 - 2013-02-07 22:22 - 01106790 _____ () C:\windows\WindowsUpdate.log 2014-06-02 15:40 - 2013-02-07 22:22 - 00000000 ____D () C:\Users\Hoang\AppData\Local\Temp 2014-06-02 15:38 - 2014-04-30 13:56 - 00003162 _____ () C:\windows\System32\Tasks\HPCeeScheduleForHoang 2014-06-02 15:38 - 2013-02-09 20:03 - 00000348 _____ () C:\windows\Tasks\HPCeeScheduleForHoang.job 2014-06-02 15:38 - 2013-02-07 22:22 - 00000000 ____D () C:\Users\Hoang 2014-06-02 15:35 - 2013-02-08 12:57 - 00000000 ____D () C:\Users\Hoang\AppData\Roaming\Skype 2014-06-02 15:34 - 2014-05-30 19:59 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2014-06-02 15:34 - 2013-10-07 10:46 - 00000000 ____D () C:\Users\Hoang\AppData\Local\LogMeIn Hamachi 2014-06-02 15:34 - 2013-10-03 19:35 - 00000000 ____D () C:\ProgramData\Origin 2014-06-02 15:34 - 2013-10-03 19:35 - 00000000 ____D () C:\Program Files (x86)\Origin 2014-06-02 15:34 - 2013-06-20 16:33 - 00001120 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-06-02 15:14 - 2013-06-20 16:33 - 00001124 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-06-02 15:12 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\system32\sru 2014-06-02 15:12 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\AUInstallAgent 2014-06-01 20:22 - 2013-11-03 21:08 - 00000000 ____D () C:\Program Files (x86)\osu! 2014-06-01 20:08 - 2013-02-08 10:16 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job 2014-06-01 17:47 - 2014-05-17 15:32 - 00000000 ____D () C:\Program Files (x86)\Steam2 2014-06-01 15:54 - 2014-06-01 15:54 - 00000000 ____D () C:\Users\Hoang\AppData\Local\5ccf9f5034cbd628f96dfef491f2d7b1 2014-06-01 15:20 - 2013-02-08 12:10 - 00000000 ____D () C:\Users\Hoang\AppData\Roaming\.minecraft 2014-06-01 11:22 - 2014-06-01 11:22 - 02067456 _____ (Farbar) C:\Users\Hoang\Desktop\FRST64.exe 2014-06-01 11:16 - 2014-06-01 11:16 - 02067456 _____ (Farbar) C:\Users\Hoang\Downloads\FRST64.exe 2014-06-01 10:00 - 2014-06-01 10:00 - 00001169 _____ () C:\Users\Hoang\Desktop\suchlauf_protokoll_malwarebytes.txt 2014-06-01 09:16 - 2013-03-09 20:01 - 00431616 ___SH () C:\Users\Hoang\Desktop\Thumbs.db 2014-06-01 09:10 - 2013-09-07 20:24 - 00000000 ____D () C:\Users\Hoang\AppData\Roaming\DAEMON Tools Lite 2014-06-01 09:10 - 2013-05-20 19:54 - 00000000 ____D () C:\Users\Hoang\AppData\Roaming\TS3Client 2014-06-01 09:10 - 2013-05-07 14:33 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-06-01 09:03 - 2014-02-24 16:00 - 00000000 ____D () C:\windows\Minidump 2014-06-01 09:03 - 2012-08-02 04:02 - 00000000 ____D () C:\windows\Panther 2014-06-01 08:59 - 2014-06-01 08:59 - 00002772 _____ () C:\windows\System32\Tasks\CCleanerSkipUAC 2014-06-01 08:59 - 2014-06-01 08:59 - 00000000 ____D () C:\Program Files\CCleaner 2014-06-01 08:57 - 2014-06-01 08:57 - 04748896 _____ (Piriform Ltd) C:\Users\Hoang\Downloads\ccsetup414.exe 2014-05-31 19:08 - 2013-02-09 20:03 - 00000052 _____ () C:\windows\SysWOW64\DOErrors.log 2014-05-31 19:08 - 2013-02-09 20:03 - 00000000 _____ () C:\windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt 2014-05-31 11:24 - 2012-12-12 14:12 - 00745562 _____ () C:\windows\system32\perfh007.dat 2014-05-31 11:24 - 2012-12-12 14:12 - 00169488 _____ () C:\windows\system32\perfc007.dat 2014-05-31 11:24 - 2012-07-26 09:28 - 01752656 _____ () C:\windows\system32\PerfStringBackup.INI 2014-05-31 11:18 - 2012-12-12 05:18 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-05-31 11:18 - 2012-07-26 09:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2014-05-31 11:17 - 2012-07-26 07:26 - 00262144 ___SH () C:\windows\system32\config\BBI 2014-05-31 11:06 - 2013-09-30 18:34 - 00000000 ____D () C:\Users\Hoang\AppData\Roaming\Pirrit 2014-05-31 10:26 - 2014-05-31 10:25 - 00259584 _____ (OldTimer Tools) C:\Users\Hoang\Downloads\OTH.scr 2014-05-30 19:58 - 2014-05-30 19:58 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Hoang\Downloads\mbam-setup-2.0.2.1012(1).exe 2014-05-30 19:58 - 2014-05-30 19:58 - 00001104 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-05-30 19:58 - 2014-05-30 19:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-05-30 19:58 - 2014-05-30 19:58 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-05-30 19:36 - 2013-02-07 22:32 - 00003596 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3899298961-605761135-190624624-1001 2014-05-30 14:37 - 2014-05-28 18:17 - 00000000 ____D () C:\Users\Hoang\AppData\Local\4ff68f9b611df627146909e95ab1c403 2014-05-29 20:15 - 2014-05-28 14:14 - 00000000 ____D () C:\Users\Hoang\AppData\Local\ftblauncher 2014-05-29 14:46 - 2014-05-29 14:46 - 00000000 ____D () C:\Users\Hoang\AppData\Roaming\Avira 2014-05-29 14:45 - 2014-05-10 22:03 - 00000000 ____D () C:\Program Files (x86)\Dont Starve Reign of Giants 2014-05-29 14:43 - 2014-04-13 09:35 - 00000000 ____D () C:\Users\Hoang\Desktop\Unwichtig 2014-05-29 14:40 - 2014-05-29 14:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-05-29 14:40 - 2014-05-29 14:39 - 00000000 ____D () C:\ProgramData\Avira 2014-05-29 14:40 - 2014-05-29 14:39 - 00000000 ____D () C:\Program Files (x86)\Avira 2014-05-29 14:39 - 2014-05-29 14:39 - 04536336 _____ (Avira Operations GmbH & Co. KG) C:\Users\Hoang\Downloads\avira_de_av_4006160815__ws.exe 2014-05-29 14:39 - 2013-07-10 16:37 - 00000000 ____D () C:\ProgramData\Package Cache 2014-05-29 14:29 - 2014-05-29 14:29 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Hoang\Downloads\mbam-setup-2.0.2.1012.exe 2014-05-29 14:29 - 2014-05-29 14:29 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-05-29 12:36 - 2013-05-07 15:10 - 00000000 ____D () C:\Users\Hoang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2014-05-28 20:58 - 2014-05-28 20:58 - 00342510 _____ () C:\Users\Hoang\Downloads\OptiFine_1.4.6_HD_D5.zip 2014-05-28 19:37 - 2014-05-28 19:37 - 00006384 _____ () C:\Users\Hoang\Downloads\1k18vtgw33x6d7a.dlc 2014-05-28 14:38 - 2014-05-28 14:37 - 00000000 ____D () C:\Users\Hoang\Downloads\assets 2014-05-28 14:38 - 2013-08-17 09:52 - 00000000 ____D () C:\Users\Hoang\Downloads\FTBLite 2014-05-28 14:37 - 2014-05-28 14:37 - 00000000 ____D () C:\Users\Hoang\Downloads\versions 2014-05-28 14:37 - 2014-05-28 14:37 - 00000000 ____D () C:\Users\Hoang\Downloads\libraries 2014-05-28 14:37 - 2013-06-04 14:56 - 00000000 ____D () C:\Users\Hoang\AppData\Roaming\ftblauncher 2014-05-28 14:15 - 2014-02-21 16:46 - 00000000 ____D () C:\Users\Hoang\Downloads\authlib 2014-05-28 09:22 - 2014-05-28 09:22 - 00000000 ____D () C:\Users\Hoang\AppData\Roaming\StunlockStudios 2014-05-27 18:28 - 2013-10-25 18:51 - 00000000 ____D () C:\Users\Hoang\AppData\Roaming\.technic 2014-05-25 18:38 - 2013-08-21 18:03 - 00012502 _____ () C:\Users\Hoang\Documents\Praktikum-Lebenslauf.odt 2014-05-25 18:23 - 2013-06-06 17:48 - 00291128 _____ () C:\windows\SysWOW64\PnkBstrB.xtr 2014-05-25 18:23 - 2013-06-06 17:47 - 00291128 _____ () C:\windows\SysWOW64\PnkBstrB.exe 2014-05-25 18:22 - 2013-06-06 17:47 - 00291128 _____ () C:\windows\SysWOW64\PnkBstrB.ex0 2014-05-23 14:36 - 2013-05-07 19:45 - 00000000 ___HD () C:\windows\msdownld.tmp 2014-05-23 14:36 - 2013-05-07 19:45 - 00000000 ____D () C:\windows\SysWOW64\directx 2014-05-23 14:02 - 2014-04-30 18:38 - 00000000 ____D () C:\Program Files (x86)\OBS 2014-05-18 18:44 - 2013-05-06 18:10 - 00000000 ____D () C:\Users\Hoang\Desktop\Wichtig 2014-05-18 11:48 - 2013-04-04 18:08 - 00000000 ____D () C:\Users\Hoang\Documents\My Games 2014-05-18 10:36 - 2013-02-07 22:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-05-18 10:35 - 2014-05-18 10:35 - 00000000 __SHD () C:\found.001 2014-05-18 10:18 - 2014-05-18 10:18 - 00000000 __SHD () C:\found.000 2014-05-18 09:57 - 2013-11-03 21:08 - 00000000 ____D () C:\Users\Hoang\Documents\Songs 2014-05-18 09:56 - 2013-11-03 21:08 - 00000000 ____D () C:\Users\Hoang\Documents\Skins 2014-05-18 09:54 - 2014-05-18 09:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\osu! 2014-05-17 20:51 - 2014-05-17 20:51 - 00000000 ____D () C:\Users\Hoang\AppData\Roaming\Awesomium 2014-05-17 20:50 - 2014-05-17 20:50 - 00002026 _____ () C:\Users\Public\Desktop\Smite.lnk 2014-05-17 20:50 - 2014-05-17 20:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios 2014-05-17 20:50 - 2014-05-17 20:50 - 00000000 ____D () C:\ProgramData\Hi-Rez Studios 2014-05-17 20:50 - 2014-05-17 20:50 - 00000000 ____D () C:\Program Files (x86)\Hi-Rez Studios 2014-05-17 20:50 - 2014-05-17 20:49 - 39967251 _____ (Hi-Rez Studios) C:\Users\Hoang\Downloads\InstallHiRezGamesEnglish.exe 2014-05-17 20:50 - 2012-12-12 05:22 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-05-17 19:58 - 2014-05-17 19:58 - 00283144 _____ (Mozilla) C:\Users\Hoang\Downloads\Firefox Setup Stub 29.0.1.exe 2014-05-17 19:58 - 2014-05-17 19:58 - 00001161 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-05-17 19:58 - 2014-05-10 10:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-05-17 19:58 - 2013-02-07 22:30 - 00000000 ____D () C:\Users\Hoang\AppData\Roaming\Mozilla 2014-05-17 19:56 - 2014-05-17 19:56 - 00003114 _____ () C:\windows\System32\Tasks\{9CF79E44-3096-42FA-8501-B0888A8F8F44} 2014-05-17 15:32 - 2013-05-07 14:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam 2014-05-17 15:12 - 2014-05-17 15:12 - 01141680 _____ () C:\Users\Hoang\Downloads\SteamSetup.exe 2014-05-17 10:49 - 2014-05-16 15:17 - 00000000 ____D () C:\Users\Hoang\Documents\Wichtig 2014-05-17 10:16 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\LiveKernelReports 2014-05-17 10:14 - 2014-05-16 17:08 - 00000000 ____D () C:\Users\Hoang\AppData\Local\Arma 3 2014-05-16 20:22 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\rescache 2014-05-16 17:08 - 2014-05-16 17:08 - 00000000 ____D () C:\Users\Hoang\Documents\Arma 3 2014-05-16 17:08 - 2014-05-16 17:08 - 00000000 ____D () C:\ProgramData\Bohemia Interactive 2014-05-16 14:00 - 2014-05-16 14:00 - 06111731 _____ () C:\Users\Hoang\Downloads\LAN_Win7_7077.zip 2014-05-16 13:58 - 2014-05-16 13:58 - 00155838 _____ () C:\Users\Hoang\Downloads\Lan_Realtek_7.3.522.5009_W7x64_A.zip 2014-05-16 13:49 - 2014-05-16 13:49 - 04927173 _____ () C:\Users\Hoang\Downloads\INF_10.0.14.zip 2014-05-16 13:28 - 2013-02-07 22:24 - 00000000 ___RD () C:\Users\Hoang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-05-16 13:28 - 2013-02-07 22:24 - 00000000 ___RD () C:\Users\Hoang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-05-16 13:13 - 2014-05-16 13:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi 2014-05-16 13:13 - 2014-05-16 13:13 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi 2014-05-16 13:09 - 2012-07-26 10:12 - 00000000 ___RD () C:\windows\ToastData 2014-05-16 13:09 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-05-16 13:09 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-05-16 13:09 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\system32\SecureBootUpdates 2014-05-16 13:09 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files\Windows Defender 2014-05-16 13:09 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender 2014-05-15 18:12 - 2012-07-26 09:59 - 00000000 ____D () C:\windows\CbsTemp 2014-05-15 18:06 - 2013-08-14 16:27 - 00000000 ____D () C:\windows\system32\MRT 2014-05-15 18:03 - 2013-02-09 13:30 - 93223848 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2014-05-15 18:03 - 2012-07-26 07:26 - 00262144 ___SH () C:\windows\system32\config\ELAM 2014-05-13 20:09 - 2013-02-08 10:16 - 00003772 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater 2014-05-13 16:28 - 2014-05-13 16:21 - 05828846 _____ () C:\Users\Hoang\Downloads\01 Hört, Hört (Intro).m4a 2014-05-13 14:29 - 2014-05-13 14:29 - 00046136 ____H (LogMeIn Inc.) C:\windows\system32\Drivers\Hamdrv.sys 2014-05-12 15:48 - 2013-04-02 18:33 - 00000000 ____D () C:\Users\Hoang\Documents\uztcf 2014-05-12 07:26 - 2014-05-30 19:58 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys 2014-05-12 07:26 - 2014-05-30 19:58 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys 2014-05-12 07:25 - 2014-05-30 19:58 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys 2014-05-10 22:04 - 2014-05-10 22:04 - 00000000 ____D () C:\Users\Hoang\Documents\Klei 2014-05-10 22:02 - 2014-05-10 22:02 - 00000000 ____D () C:\Users\Hoang\Documents\Dont.Starve.Reign.of.Giants-CODEX 2014-05-10 21:54 - 2014-05-10 21:53 - 350810614 _____ () C:\Users\Hoang\Downloads\Dont.Starve.Reign.of.Giants-CODEX.rar 2014-05-10 09:09 - 2013-06-20 16:33 - 00004096 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-05-10 09:09 - 2013-06-20 16:33 - 00003860 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-05-09 11:16 - 2014-05-29 14:40 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys 2014-05-09 11:16 - 2014-05-29 14:40 - 00112080 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys 2014-05-09 11:16 - 2014-05-29 14:40 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avkmgr.sys 2014-05-06 17:25 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\WinStore 2014-05-06 07:14 - 2014-05-15 15:45 - 19274752 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2014-05-06 07:14 - 2014-05-15 15:45 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll 2014-05-06 05:48 - 2014-05-15 15:45 - 14367232 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2014-05-06 05:48 - 2014-05-15 15:45 - 00080384 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll 2014-05-06 05:37 - 2014-05-15 15:45 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2014-05-06 05:26 - 2014-05-15 15:45 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb 2014-05-04 18:47 - 2014-05-04 18:47 - 65912202 _____ () C:\Users\Hoang\Downloads\PAYDAY 2 ENDGAME 1.01.zip Some content of TEMP: ==================== C:\Users\Hoang\AppData\Local\Temp\avgnt.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe [2014-05-15 15:47] - [2014-04-12 11:10] - 0578048 ____A (Microsoft Corporation) 75DD70A14145499C9F7D903CF9A8C91B C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-05-26 19:48 ==================== End Of Log ============================ Und hier ist die Addition:FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-06-2014
Ran by Hoang at 2014-06-02 15:40:41
Running from C:\Users\Hoang\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKCU\...\Akamai) (Version: - Akamai Technologies, Inc)
Alien Swarm (HKLM-x32\...\Steam App 630) (Version: - Valve)
ArmA 2 Free Uninstall (HKLM-x32\...\ArmA 2) (Version: - )
Arma: Cold War Assault (HKLM-x32\...\Steam App 65790) (Version: - Bohemia Interactive)
Assassin's Creed (HKLM-x32\...\Steam App 15100) (Version: - Ubisoft Montreal)
Assassin's Creed II (HKLM-x32\...\Steam App 33230) (Version: - Ubisoft Montreal)
Avira (HKLM-x32\...\{68e29fba-92b1-4f6f-a604-1d8679da3a9f}) (Version: 1.1.13.24161 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.13.24161 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.4.642 - Avira)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Battlefield 1942™ (HKLM-x32\...\{5BE7BD06-512B-43bf-AD78-3BD2A5F5F7B3}) (Version: 1.6.20.0 - Electronic Arts)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlefield 4™ Beta (HKLM-x32\...\{CFAB3721-549D-4827-A4E8-7F90192114AB}) (Version: 1.0.0.0 - Electronic Arts)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version: - Gearbox Software)
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
ChatZum Toolbar (HKLM-x32\...\ChatZum Toolbar) (Version: 1.0.20 - ChatZum)
Clonk Rage (HKLM-x32\...\Clonk Rage) (Version: - RedWolf Design GmbH)
Combat Arms EU (HKLM-x32\...\Combat Arms EU) (Version: - )
Connected Music powered by Universal Music Group version 1.0 (HKLM-x32\...\{46037DC7-F927-46DF-935F-D6F122BDD34B}_is1) (Version: 1.0 - Snowite)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1.5510 - CyberLink Corp.)
CyberLink LabelPrint (x32 Version: 2.5.1.5510 - CyberLink Corp.) Hidden
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1916 - CyberLink Corp.)
CyberLink Media Suite 10 (x32 Version: 10.0.1.1916 - CyberLink Corp.) Hidden
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3109 - CyberLink Corp.)
CyberLink PhotoDirector (x32 Version: 2.0.1.3109 - CyberLink Corp.) Hidden
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.1.1902 - CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.1.1902 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1925 - CyberLink Corp.)
CyberLink PowerDirector 10 (x32 Version: 10.0.1.1925 - CyberLink Corp.) Hidden
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.1.4319 - CyberLink Corp.)
CyberLink PowerDVD (x32 Version: 10.0.1.4319 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0333 - Disc Soft Ltd)
DayZ (HKLM-x32\...\Steam App 221100) (Version: - Bohemia Interactive)
Dead Island (HKLM-x32\...\Steam App 91310) (Version: - Techland)
Dead Island: Epidemic (HKLM-x32\...\Steam App 222900) (Version: - Stunlock Studios)
Dungeon Lord (v1.4) (HKLM-x32\...\Dungeon Lords_is1) (Version: - dtp AG / Crimson Cow)
Empire: Total War (HKLM-x32\...\Steam App 10500) (Version: - The Creative Assembly)
Forsaken World (HKLM-x32\...\Steam App 36620) (Version: - Perfect World Beijing)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - )
Game Dev Tycoon (HKLM-x32\...\Steam App 239820) (Version: - Greenheart Games)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Facepunch Studios)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Ghost Recon Online (EU) (HKCU\...\d8be6c3f847d7d92) (Version: 1.34.288.2 - Ubisoft)
GIMP 2.8.6 (HKLM\...\GIMP-2_is1) (Version: 2.8.6 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version: - NCsoft Corporation, Ltd.)
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Herrscher des Olymp - Zeus + Addon Version 1.1 (HKLM-x32\...\{5BD89EC2-9DF3-4F11-ADDA-9ECF149C2C8F}_is1) (Version: 1.1 - UGP)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
HP Connected Remote (HKLM-x32\...\{F243A34B-AB7F-4065-B770-B85B767C247C}) (Version: 1.0.1206 - Hewlett-Packard)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Postscript Converter (Version: 3.1.3591 - Hewlett-Packard) Hidden
HP Quick Start (HKLM-x32\...\{BB27C290-AB30-4D9E-A5D1-88745AAE42E9}) (Version: 1.0.4660.30220 - Hewlett-Packard)
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6418.0 - IDT)
Infestation: Survivor Stories (HKLM-x32\...\Steam App 226700) (Version: - Hammerpoint Interactive)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
Java 7 Update 13 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217013FF}) (Version: 7.0.130 - Oracle)
Java 7 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417025FF}) (Version: 7.0.250 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden
League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.193 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.193 - LogMeIn, Inc.) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.0.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Halo (HKLM-x32\...\Halo) (Version: - Microsoft)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 24.2.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.2.0 (x86 de)) (Version: 24.2.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Neverwinter (HKLM-x32\...\Neverwinter) (Version: - Cryptic Studios)
Nidhogg incl. Update 1 (HKLM-x32\...\TmlkaG9nZ2luY2xVcGRhdGUx_is1) (Version: 1 - )
NVIDIA 3D Vision Controller-Treiber 326.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 326.01 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 327.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 327.23 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.8.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.2 - NVIDIA Corporation)
NVIDIA Grafiktreiber 327.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.23 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.142.992 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA ShadowPlay 11.10.11 (Version: 11.10.11 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.2723 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 327.23 (Version: 327.23 - NVIDIA Corporation) Hidden
NVIDIA Update 11.10.11 (Version: 11.10.11 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 11.10.11 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.20 - NVIDIA Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
Operation Flashpoint: Red River (HKLM-x32\...\Steam App 44340) (Version: - Codemasters Action Studio)
Origin (HKLM-x32\...\Origin) (Version: 9.3.7.2735 - Electronic Arts, Inc.)
osu! (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284C}) (Version: 0.0.0.0 - peppy)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.8 - Pando Networks Inc.)
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version: - OVERKILL - a Starbreeze Studio.)
Pirate Galaxy (HKCU\...\Pirate Galaxy) (Version: 12345.0.0.0 - Splitscreen Studios GmbH)
PlanetSide 2 (HKLM-x32\...\Steam App 218230) (Version: - Sony Online Entertainment)
Portal 2 (HKLM-x32\...\Steam App 620) (Version: - Valve)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
puush (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284B}) (Version: 1.0.0.0 - Dean Herbert)
Rapider (HKLM-x32\...\Rapider) (Version: 1.1.1140 - Zugara Investments Limited)
Recovery Manager (x32 Version: 5.5.0.5530 - CyberLink Corp.) Hidden
RIFT (HKCU\...\RIFT) (Version: - Trion Worlds, Inc.)
Rise And Fall (remove only) (HKLM-x32\...\Rise And Fall) (Version: 1.7.0.11.2.4.3 - Midway Home Entertainment Inc.)
ROCCAT Lua Mouse Driver (HKLM-x32\...\{10E03440-9A5B-48F5-BB24-359EFE3E6C71}) (Version: 1.13 - ROCCAT GmbH)
SHIELD Streaming (Version: 1.7.306 - NVIDIA Corporation) Hidden
Skype™ 6.1 (HKLM-x32\...\{1845470B-EB14-4ABC-835B-E36C693DC07D}) (Version: 6.1.129 - Skype Technologies S.A.)
Smite (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}) (Version: 1.0.2151.6 - Hi-Rez Studios)
Sniper Elite: Zombie Army (HKLM-x32\...\Steam App 235700) (Version: - Rebellion)
Starbound version Update 6 (HKLM-x32\...\{33A37C4B-D8D7-448A-8CC5-FD4A189650DD}_is1) (Version: Update 6 - )
StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
Stranded II 1.0.0.1 (HKLM-x32\...\{CE0900ED-C76A-40C0-8DB4-0F68D825B283}_is1) (Version: - Unreal Software)
Stronghold Kingdoms (HKLM-x32\...\{D1D632A2-E249-466D-A094-B1B934D37645}_is1) (Version: 1.17 - Firefly Studios)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.13.1 - TeamSpeak Systems GmbH)
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.17396 - TeamViewer)
Terraria (HKLM-x32\...\Steam App 105600) (Version: - Re-Logic)
TI xHCI Filter Driver 1.0.0.4 (HKLM-x32\...\TI xHCI Filter Driver) (Version: 1.0.0.4 - Texas Instruments Inc.)
Titan Quest (HKLM-x32\...\{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}) (Version: 1.00.0000 - Iron Lore)
Titan Quest Immortal Throne (HKLM-x32\...\{B5C5C17E-FEF6-4062-8151-A427AE8AF9D7}) (Version: 1.00.0000 - Iron Lore)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
XMedia Recode Version 3.1.7.9 (HKLM-x32\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.1.7.9 - XMedia Recode)
==================== Restore Points =========================
01-06-2014 15:08:41 Geplanter Prüfpunkt
==================== Hosts content: ==========================
2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {29AD800B-65A3-4195-AC91-12397CD9F1B3} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\windows\system32\NotificationUI.exe [2014-04-19] (Microsoft Corporation)
Task: {75F768A8-0DEE-4AE7-A4CB-8F0E6CA368AF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {7941BA63-9AEF-4BFE-8B8D-36D2CE5AF622} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-03-21] (Hewlett-Packard)
Task: {7A527F40-1A92-4D30-81F1-E1BE21BB8231} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-20] (Google Inc.)
Task: {87FC5E2D-211A-4E81-8F6C-E244FB43B460} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-12-12] (Hewlett-Packard Company)
Task: {959C6E7F-DB84-4C23-AF77-F5230E6CA4E6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)
Task: {98E08121-DA66-4FE6-84BF-FE881A9E9F94} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-20] (Google Inc.)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {B86A6C7A-F1F9-4906-9129-6C80B8AB9A75} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {CFBCA82E-E79D-4994-BB16-B9B23CB77FF4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-03-21] (Hewlett-Packard)
Task: {D9EFE00A-B379-4C62-81DB-4CAEB88F5A10} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-13] (Adobe Systems Incorporated)
Task: {EA7EE1F9-7D60-477B-9523-962C94FE57A3} - System32\Tasks\HPCeeScheduleForHoang => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\HPCeeScheduleForHoang.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Loaded Modules (whitelisted) =============
2013-09-30 18:34 - 2013-12-02 15:28 - 00055296 _____ () C:\Program Files (x86)\Pirrit\AutoUpdater.exe
2013-06-06 17:47 - 2014-02-16 15:47 - 00076888 _____ () C:\windows\SysWOW64\PnkBstrA.exe
2012-08-29 12:02 - 2012-08-29 12:02 - 00120224 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesModule.dll
2012-08-29 12:02 - 2012-08-29 12:02 - 00048544 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesProxy.dll
2012-08-29 12:02 - 2012-08-29 12:02 - 00180224 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\zxing.dll
2014-06-01 15:54 - 2014-05-27 15:45 - 00093696 _____ () C:\Users\Hoang\AppData\Local\5ccf9f5034cbd628f96dfef491f2d7b1\3c4ee9082da815d.exe
2012-12-12 05:17 - 2013-09-12 09:25 - 00097568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-05-15 18:08 - 2014-05-15 18:08 - 00176048 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2014-06-01 15:54 - 2014-05-27 15:44 - 00288768 _____ () C:\Users\Hoang\AppData\Local\5ccf9f5034cbd628f96dfef491f2d7b1\8d9701a125fd749.exe
2013-02-08 10:24 - 2013-02-08 10:24 - 03093624 _____ () C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
2013-06-03 16:48 - 2013-06-03 16:48 - 01992328 _____ () C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe
2012-01-10 15:41 - 2014-02-05 17:55 - 00567880 _____ () C:\Program Files (x86)\puush\puush.exe
2013-02-07 22:23 - 2013-02-07 22:23 - 00120224 _____ () C:\Users\Hoang\AppData\Local\assembly\dl3\3XEMYH93.PBL\8WOZQA3L.EYD\7afc7911\0017145d_cd85cd01\HPItunesModule.DLL
2014-05-14 14:27 - 2014-05-14 14:27 - 00137296 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
2014-05-14 14:27 - 2014-05-14 14:27 - 00065616 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2012-12-12 05:22 - 2012-07-18 10:50 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-06-01 15:54 - 2014-03-07 20:56 - 00117262 _____ () C:\Users\Hoang\AppData\Local\5ccf9f5034cbd628f96dfef491f2d7b1\libgcc_s_dw2-1.dll
2014-06-01 15:54 - 2014-03-07 20:56 - 00970766 _____ () C:\Users\Hoang\AppData\Local\5ccf9f5034cbd628f96dfef491f2d7b1\libstdc++-6.dll
2014-01-29 08:28 - 2014-04-25 08:26 - 00962560 _____ () C:\Program Files (x86)\Origin\platforms\qwindows.dll
2014-01-29 08:28 - 2014-04-25 08:26 - 00024064 _____ () C:\Program Files (x86)\Origin\imageformats\qgif.dll
2014-01-29 08:28 - 2014-04-25 08:26 - 00025088 _____ () C:\Program Files (x86)\Origin\imageformats\qico.dll
2014-01-29 08:28 - 2014-04-25 08:26 - 00217088 _____ () C:\Program Files (x86)\Origin\imageformats\qjpeg.dll
2014-01-29 08:28 - 2014-04-25 08:26 - 00261632 _____ () C:\Program Files (x86)\Origin\imageformats\qmng.dll
2014-01-29 08:28 - 2014-04-25 08:26 - 00019968 _____ () C:\Program Files (x86)\Origin\imageformats\qtga.dll
2014-01-29 08:28 - 2014-04-25 08:26 - 00302592 _____ () C:\Program Files (x86)\Origin\imageformats\qtiff.dll
2014-01-29 08:28 - 2014-04-25 08:26 - 00018944 _____ () C:\Program Files (x86)\Origin\imageformats\qwbmp.dll
2012-12-12 05:28 - 2012-06-08 05:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 13:34 - 2012-06-08 13:34 - 00016400 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2012-08-10 17:51 - 2012-08-10 17:51 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2014-05-29 14:41 - 2014-05-14 14:27 - 00049744 _____ () C:\Users\Hoang\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2014-05-17 19:58 - 2014-05-07 04:27 - 03839088 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
==================== EXE Association (whitelisted) =============
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (06/01/2014 05:08:45 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddWin32ServiceFiles: Unable to back up image of service a3a34f2cc6d9887.exe since QueryServiceConfig API failed
System Error:
Das System kann die angegebene Datei nicht finden.
.
Error: (06/01/2014 10:02:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbam.exe, Version: 1.0.0.532, Zeitstempel: 0x53518532
Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325, Zeitstempel: 0x4df2be1e
Ausnahmecode: 0x40000015
Fehleroffset: 0x0008d6fd
ID des fehlerhaften Prozesses: 0x21a8
Startzeit der fehlerhaften Anwendung: 0xmbam.exe0
Pfad der fehlerhaften Anwendung: mbam.exe1
Pfad des fehlerhaften Moduls: mbam.exe2
Berichtskennung: mbam.exe3
Vollständiger Name des fehlerhaften Pakets: mbam.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: mbam.exe5
Error: (06/01/2014 10:02:17 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbam.exe, Version: 1.0.0.532, Zeitstempel: 0x53518532
Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325, Zeitstempel: 0x4df2be1e
Ausnahmecode: 0x40000015
Fehleroffset: 0x0008d6fd
ID des fehlerhaften Prozesses: 0x1a98
Startzeit der fehlerhaften Anwendung: 0xmbam.exe0
Pfad der fehlerhaften Anwendung: mbam.exe1
Pfad des fehlerhaften Moduls: mbam.exe2
Berichtskennung: mbam.exe3
Vollständiger Name des fehlerhaften Pakets: mbam.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: mbam.exe5
Error: (05/31/2014 11:20:26 AM) (Source: Windows Search Service) (EventID: 10021) (User: )
Description: Die Registrierungsinformationen der Leistungsindikatoren für WSearchIdxPi für die Instanz konnten wegen des folgenden Fehlers nicht abgerufen werden: Der Vorgang wurde erfolgreich beendet. 0x0.
Error: (05/31/2014 11:20:25 AM) (Source: Windows Search Service) (EventID: 3007) (User: )
Description: Die Leistungsüberwachung für den Gatherer-Dienst kann nicht initialisiert werden, da die Datenquellen nicht geladen sind oder das freigegebene Speicherobjekt nicht geöffnet werden konnte. Dies beeinträchtigt lediglich die Verfügbarkeit der Leistungsindikatoren. Starten Sie den Computer erneut.
Kontext: Anwendung, SystemIndex Katalog
Error: (05/31/2014 11:20:25 AM) (Source: Windows Search Service) (EventID: 3006) (User: )
Description: Die Leistungsüberwachung kann für den Gatherer-Dienst nicht initialisiert werden, da die Datenquellen nicht geladen sind oder das freigegebene Speicherobjekt nicht geöffnet werden konnte. Dies beeinträchtigt lediglich die Verfügbarkeit der Leistungsindikatoren. Starten Sie den Computer erneut.
Error: (05/31/2014 11:17:37 AM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]
Error: (05/30/2014 08:25:36 PM) (Source: Windows Search Service) (EventID: 10021) (User: )
Description: Die Registrierungsinformationen der Leistungsindikatoren für WSearchIdxPi für die Instanz konnten wegen des folgenden Fehlers nicht abgerufen werden: Der Vorgang wurde erfolgreich beendet. 0x0.
Error: (05/30/2014 08:25:36 PM) (Source: Windows Search Service) (EventID: 3007) (User: )
Description: Die Leistungsüberwachung für den Gatherer-Dienst kann nicht initialisiert werden, da die Datenquellen nicht geladen sind oder das freigegebene Speicherobjekt nicht geöffnet werden konnte. Dies beeinträchtigt lediglich die Verfügbarkeit der Leistungsindikatoren. Starten Sie den Computer erneut.
Kontext: Anwendung, SystemIndex Katalog
Error: (05/30/2014 08:25:35 PM) (Source: Windows Search Service) (EventID: 3006) (User: )
Description: Die Leistungsüberwachung kann für den Gatherer-Dienst nicht initialisiert werden, da die Datenquellen nicht geladen sind oder das freigegebene Speicherobjekt nicht geöffnet werden konnte. Dies beeinträchtigt lediglich die Verfügbarkeit der Leistungsindikatoren. Starten Sie den Computer erneut.
System errors:
=============
Error: (06/02/2014 03:34:08 PM) (Source: Schannel) (EventID: 4102) (User: NT-AUTORITÄT)
Description: Schwerwiegender Fehler beim Zugriff auf den privaten Schlüssel der Anmeldeinformationen Server für SSL. Der vom kryptografischen Modul zurückgegebene Fehlercode lautet 0x8009030d. Der interne Fehlerstatus ist 10001.
Error: (06/01/2014 08:54:43 PM) (Source: Schannel) (EventID: 4102) (User: NT-AUTORITÄT)
Description: Schwerwiegender Fehler beim Zugriff auf den privaten Schlüssel der Anmeldeinformationen Server für SSL. Der vom kryptografischen Modul zurückgegebene Fehlercode lautet 0x8009030d. Der interne Fehlerstatus ist 10001.
Error: (06/01/2014 03:54:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "d35d1fefe712838.exe" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (06/01/2014 08:54:11 AM) (Source: Schannel) (EventID: 4102) (User: NT-AUTORITÄT)
Description: Schwerwiegender Fehler beim Zugriff auf den privaten Schlüssel der Anmeldeinformationen Server für SSL. Der vom kryptografischen Modul zurückgegebene Fehlercode lautet 0x8009030d. Der interne Fehlerstatus ist 10001.
Error: (05/31/2014 11:03:20 PM) (Source: Schannel) (EventID: 4102) (User: NT-AUTORITÄT)
Description: Schwerwiegender Fehler beim Zugriff auf den privaten Schlüssel der Anmeldeinformationen Server für SSL. Der vom kryptografischen Modul zurückgegebene Fehlercode lautet 0x8009030d. Der interne Fehlerstatus ist 10001.
Error: (05/31/2014 11:22:40 AM) (Source: Schannel) (EventID: 4102) (User: NT-AUTORITÄT)
Description: Schwerwiegender Fehler beim Zugriff auf den privaten Schlüssel der Anmeldeinformationen Server für SSL. Der vom kryptografischen Modul zurückgegebene Fehlercode lautet 0x8009030d. Der interne Fehlerstatus ist 10001.
Error: (05/31/2014 11:22:27 AM) (Source: Schannel) (EventID: 4102) (User: NT-AUTORITÄT)
Description: Schwerwiegender Fehler beim Zugriff auf den privaten Schlüssel der Anmeldeinformationen Server für SSL. Der vom kryptografischen Modul zurückgegebene Fehlercode lautet 0x8009030d. Der interne Fehlerstatus ist 10001.
Error: (05/31/2014 11:20:07 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "PirritUpdater" wurde nicht richtig gestartet.
Error: (05/31/2014 11:20:06 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "d35d1fefe712838.exe" wurde nicht richtig gestartet.
Error: (05/31/2014 11:18:27 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "a3a34f2cc6d9887.exe" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Microsoft Office Sessions:
=========================
Error: (06/01/2014 05:08:45 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service a3a34f2cc6d9887.exe since QueryServiceConfig API failed
System Error:
Das System kann die angegebene Datei nicht finden.
Error: (06/01/2014 10:02:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd21a801cf7d6fd5b7366aC:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exeC:\Program Files (x86)\ Malwarebytes Anti-Malware \MSVCR100.dll20a64009-e963-11e3-bec1-10604b5ccc3a
Error: (06/01/2014 10:02:17 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd1a9801cf7d664a601b8aC:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exeC:\Program Files (x86)\ Malwarebytes Anti-Malware \MSVCR100.dll0c14f9a0-e963-11e3-bec1-10604b5ccc3a
Error: (05/31/2014 11:20:26 AM) (Source: Windows Search Service) (EventID: 10021) (User: )
Description: WSearchIdxPiDer Vorgang wurde erfolgreich beendet. 0x0
Error: (05/31/2014 11:20:25 AM) (Source: Windows Search Service) (EventID: 3007) (User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Error: (05/31/2014 11:20:25 AM) (Source: Windows Search Service) (EventID: 3006) (User: )
Description:
Error: (05/31/2014 11:17:37 AM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]
Error: (05/30/2014 08:25:36 PM) (Source: Windows Search Service) (EventID: 10021) (User: )
Description: WSearchIdxPiDer Vorgang wurde erfolgreich beendet. 0x0
Error: (05/30/2014 08:25:36 PM) (Source: Windows Search Service) (EventID: 3007) (User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Error: (05/30/2014 08:25:35 PM) (Source: Windows Search Service) (EventID: 3006) (User: )
Description:
==================== Memory info ===========================
Percentage of memory in use: 33%
Total physical RAM: 8147.35 MB
Available physical RAM: 5387.07 MB
Total Pagefile: 16339.35 MB
Available Pagefile: 13285.05 MB
Total Virtual: 8192 MB
Available Virtual: 8191.76 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:1850.32 GB) (Free:1362.5 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery Image) (Fixed) (Total:11.22 GB) (Free:1.37 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (TQGOLD) (CDROM) (Total:4.39 GB) (Free:0 GB) UDF
Drive g: (Reign of Giants) (CDROM) (Total:0.59 GB) (Free:0 GB) CDFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: 49EC6F4B)
Partition: GPT Partition Type.
==================== End Of Log ============================
|
|
03.06.2014, 10:13
| #6 |
| /// the machine /// TB-Ausbilder | Windows 8: ungewollte Werbung bei Steam Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> Windows 8: ungewollte Werbung bei Steam |
|
03.06.2014, 13:14
| #7 |
| | Windows 8: ungewollte Werbung bei Steam Das ist schonmal von AdwCleaner: (Habs es nicht auf dem Desktop gespeichert, hoffe es ist nicht so schlimm)AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v3.211 - Bericht erstellt am 03/06/2014 um 14:05:01
# Aktualisiert 26/05/2014 von Xplode
# Betriebssystem : Windows 8 (64 bits)
# Benutzername : Hoang - MIEP-PC
# Gestartet von : C:\Users\Hoang\Downloads\adwcleaner_3.211.exe
# Option : Löschen
***** [ Dienste ] *****
[#] Dienst Gelöscht : PirritUpdater
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Program Files (x86)\ChatZum Toolbar
Ordner Gelöscht : C:\Program Files (x86)\Pirrit
Ordner Gelöscht : C:\Users\Hoang\AppData\Local\Pirrit Suggestor
Ordner Gelöscht : C:\Users\Hoang\AppData\Local\WinRST
Ordner Gelöscht : C:\Users\Hoang\AppData\LocalLow\Toolbar4
Ordner Gelöscht : C:\Users\Hoang\AppData\Roaming\Pirrit
Datei Gelöscht : C:\Users\Hoang\AppData\Roaming\Mozilla\Firefox\Profiles\y4ubgkim.default\searchplugins\eseeky-search.xml
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D40C654D-7C51-4EB3-95B2-1E23905C2A2D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D40C654D-7C51-4EB3-95B2-1E23905C2A2D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D40C654D-7C51-4EB3-95B2-1E23905C2A2D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D40C654D-7C51-4EB3-95B2-1E23905C2A2D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Schlüssel Gelöscht : HKCU\Software\{ADFA33FD-16F5-4355-8504-DF4D664CFE83}
Schlüssel Gelöscht : HKCU\Software\ChatZum Toolbar
Schlüssel Gelöscht : HKCU\Software\Pirrit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software
Schlüssel Gelöscht : HKLM\Software\ChatZum Toolbar
Schlüssel Gelöscht : HKLM\Software\Pirrit
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ChatZum Toolbar
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Pirrit
***** [ Browser ] *****
-\\ Internet Explorer v10.0.9200.16537
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
-\\ Mozilla Firefox v29.0.1 (de)
[ Datei : C:\Users\Hoang\AppData\Roaming\Mozilla\Firefox\Profiles\ex1mu0gu.default\prefs.js ]
-\\ Google Chrome v35.0.1916.114
[ Datei : C:\Users\Hoang\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [7672 octets] - [03/06/2014 14:04:22]
AdwCleaner[S0].txt - [7063 octets] - [03/06/2014 14:05:01]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7123 octets] ##########
Das ist von MBAM: Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 03.06.2014 Suchlauf-Zeit: 14:12:35 Logdatei: 3-6-14-suchlauf_mbam.txt Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.06.03.04 Rootkit Datenbank: v2014.06.02.01 Lizenz: Premium Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Self-protection: Deaktiviert Betriebssystem: Windows 8 CPU: x64 Dateisystem: NTFS Benutzer: Hoang Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 269939 Verstrichene Zeit: 8 Min, 44 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Heuristics: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 0 (No malicious items detected) Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 0 (No malicious items detected) Physische Sektoren: 0 (No malicious items detected) (end) Das ist die JRT:JRT Logfile: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8 x64
Ran by Hoang on 03.06.2014 at 14:28:03,75
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{D17AA79F-6794-48CF-9478-3BB89D4B65B3}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{D17AA79F-6794-48CF-9478-3BB89D4B65B3}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Users\Hoang\appdata\locallow\boost_interprocess"
~~~ FireFox
Emptied folder: C:\Users\Hoang\AppData\Roaming\mozilla\firefox\profiles\ex1mu0gu.default\minidumps [4 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 03.06.2014 at 14:31:45,71
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Und die frische FRST: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-06-2014 Ran by Hoang (administrator) on MIEP-PC on 03-06-2014 14:37:02 Running from C:\Users\Hoang\Desktop Platform: Windows 8 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe () C:\Windows\SysWOW64\PnkBstrA.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe (Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe () C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Akamai Technologies, Inc.) C:\Users\Hoang\AppData\Local\Akamai\netsession_win.exe () C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe (Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe () C:\Program Files (x86)\puush\puush.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (ROCCAT) C:\Program Files (x86)\ROCCAT\Lua Mouse\Lua Config.exe (Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (Akamai Technologies, Inc.) C:\Users\Hoang\AppData\Local\Akamai\netsession_win.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2012-09-19] (Hewlett-Packard ) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-09-19] (IDT, Inc.) HKLM\...\Run: [ShadowPlay] => C:\windows\system32\nvspcap64.dll [1279480 2014-05-30] (NVIDIA Corporation) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2352072 2014-05-30] (NVIDIA Corporation) HKLM-x32\...\Run: [CLMLServer_For_P2G8] => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink) HKLM-x32\...\Run: [CLVirtualDrive] => c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-02] (CyberLink Corp.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3814736 2014-05-13] (LogMeIn Inc.) HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [183376 2014-05-14] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [737872 2014-05-09] (Avira Operations GmbH & Co. KG) HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-05-27] (Hewlett-Packard) HKU\S-1-5-21-3899298961-605761135-190624624-1001\...\Run: [Pando Media Booster] => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2013-02-08] () HKU\S-1-5-21-3899298961-605761135-190624624-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [18706176 2013-01-08] (Skype Technologies S.A.) HKU\S-1-5-21-3899298961-605761135-190624624-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Hoang\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.) HKU\S-1-5-21-3899298961-605761135-190624624-1001\...\Run: [KPeerNexonEU] => C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe [438272 2013-06-03] (NEXON Inc.) HKU\S-1-5-21-3899298961-605761135-190624624-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd) HKU\S-1-5-21-3899298961-605761135-190624624-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3588952 2014-04-25] (Electronic Arts) HKU\S-1-5-21-3899298961-605761135-190624624-1001\...\Run: [puush] => C:\Program Files (x86)\puush\puush.exe [567880 2014-02-05] () HKU\S-1-5-21-3899298961-605761135-190624624-1001\...\MountPoints2: {01149384-1569-11e3-be93-10604b5ccc3a} - "G:\setup.exe" HKU\S-1-5-21-3899298961-605761135-190624624-1001\...\MountPoints2: {37b830c9-7161-11e2-be6d-806e6f6e6963} - "E:\Launch.exe" HKU\S-1-5-21-3899298961-605761135-190624624-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Pando Media Booster] => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2013-02-08] () HKU\S-1-5-21-3899298961-605761135-190624624-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [18706176 2013-01-08] (Skype Technologies S.A.) HKU\S-1-5-21-3899298961-605761135-190624624-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Akamai NetSession Interface] => C:\Users\Hoang\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.) HKU\S-1-5-21-3899298961-605761135-190624624-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [KPeerNexonEU] => C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe [438272 2013-06-03] (NEXON Inc.) HKU\S-1-5-21-3899298961-605761135-190624624-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd) HKU\S-1-5-21-3899298961-605761135-190624624-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3588952 2014-04-25] (Electronic Arts) HKU\S-1-5-21-3899298961-605761135-190624624-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [puush] => C:\Program Files (x86)\puush\puush.exe [567880 2014-02-05] () HKU\S-1-5-21-3899298961-605761135-190624624-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {01149384-1569-11e3-be93-10604b5ccc3a} - "G:\setup.exe" HKU\S-1-5-21-3899298961-605761135-190624624-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {37b830c9-7161-11e2-be6d-806e6f6e6963} - "E:\Launch.exe" Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Lua Driver.lnk ShortcutTarget: Lua Driver.lnk -> C:\Program Files (x86)\ROCCAT\Lua Mouse\Lua Config.exe (ROCCAT) Startup: C:\Users\Hoang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () ==================== Internet (Whitelisted) ==================== ProxyEnable: Internet Explorer proxy is enabled. ProxyServer: http=127.0.0.1:34224 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.eseeky.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK13/4 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK13/4 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK13/4 SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS SearchScopes: HKLM - {D17AA79F-6794-48CF-9478-3BB89D4B65B3} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search SearchScopes: HKCU - {A8105727-97B2-4B68-8BA5-57150A17B1B3} URL = hxxp://eseeky.com/ws/?tbp=rst&q={searchTerms} SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\Hoang\AppData\Roaming\Mozilla\Firefox\Profiles\ex1mu0gu.default FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll () FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll () FF Plugin-x32: @esn/npbattlelog,version=2.3.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.13.2 - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.13.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npNxGameEU.dll (Nexon) FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Hoang\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: YouTube Unblocker - C:\Users\Hoang\AppData\Roaming\Mozilla\Firefox\Profiles\ex1mu0gu.default\Extensions\youtubeunblocker@unblocker.yt [2014-05-24] FF Extension: NoScript - C:\Users\Hoang\AppData\Roaming\Mozilla\Firefox\Profiles\ex1mu0gu.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-05-17] FF Extension: Adblock Plus - C:\Users\Hoang\AppData\Roaming\Mozilla\Firefox\Profiles\ex1mu0gu.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-17] Chrome: ======= CHR HomePage: hxxp://www.eseeky.com CHR StartupUrls: "hxxp://www.eseeky.com" CHR DefaultSearchKeyword: hxxp://www.eseeky.com CHR DefaultSearchProvider: eseeky CHR DefaultSearchURL: hxxp://eseeky.com/ws/?tbp=rst&q={searchTerms} CHR DefaultNewTabURL: CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\pdf.dll () CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) CHR Plugin: (Java(TM) Platform SE 7 U13) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (Nexon Game Controller) - C:\ProgramData\NexonEU\NGM\npNxGameEU.dll (Nexon) CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll No File CHR Plugin: (Java Deployment Toolkit 7.0.130.20) - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) CHR Extension: (Google Docs) - C:\Users\Hoang\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-06-20] CHR Extension: (Google Drive) - C:\Users\Hoang\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-20] CHR Extension: (YouTube) - C:\Users\Hoang\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-20] CHR Extension: (Google-Suche) - C:\Users\Hoang\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-20] CHR Extension: (Google Wallet) - C:\Users\Hoang\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-04] CHR Extension: (Google Mail) - C:\Users\Hoang\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-20] ==================== Services (Whitelisted) ================= S2 3c4ee9082da815d.exe; C:\Users\Hoang\AppData\Local\5ccf9f5034cbd628f96dfef491f2d7b1\3c4ee9082da815d.exe [93696 2014-05-27] () R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-05-09] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-05-09] (Avira Operations GmbH & Co. KG) R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [123984 2014-05-14] (Avira Operations GmbH & Co. KG) R2 HPConnectedRemote; c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35232 2012-08-29] (Hewlett-Packard) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation) R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-04-15] (LogMeIn, Inc.) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1631008 2014-05-30] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21055432 2014-05-30] (NVIDIA Corporation) R2 PnkBstrA; C:\windows\SysWOW64\PnkBstrA.exe [76888 2014-02-16] () S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation) S2 d35d1fefe712838.exe; C:\Users\Hoang\AppData\Local\9c8e5f111312b248b5f48516f8664940\d35d1fefe712838.exe [X] ==================== Drivers (Whitelisted) ==================== R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [112080 2014-05-09] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [130584 2014-05-09] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-05-09] (Avira Operations GmbH & Co. KG) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink) R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283200 2013-09-07] (DT Soft Ltd) R3 hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [46136 2014-05-13] (LogMeIn Inc.) R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-03] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-05-30] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation) R3 RegFltrX64; C:\Users\Hoang\AppData\Local\5ccf9f5034cbd628f96dfef491f2d7b1\RegFltrX64.sys [18064 2014-05-27] () R3 tilfilter; C:\Windows\System32\drivers\TIxHCIlfilter.sys [17528 2012-11-20] (Texas Instruments, Inc.) R3 tiufilter; C:\Windows\System32\drivers\TIxHCIufilter.sys [23184 2012-11-20] (Texas Instruments, Inc.) S3 EagleX64; \??\C:\windows\system32\drivers\EagleX64.sys [X] S3 xhunter1; \??\C:\windows\xhunter1.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-06-03 14:31 - 2014-06-03 14:31 - 00001439 _____ () C:\Users\Hoang\Desktop\JRT.txt 2014-06-03 14:28 - 2014-06-03 14:28 - 00000000 ____D () C:\windows\ERUNT 2014-06-03 14:27 - 2014-06-03 14:27 - 01016261 _____ (Thisisu) C:\Users\Hoang\Desktop\JRT.exe 2014-06-03 14:24 - 2014-06-03 14:24 - 00001151 _____ () C:\Users\Hoang\Desktop\3-6-14-suchlauf_mbam.txt 2014-06-03 14:06 - 2014-06-03 14:06 - 00000772 _____ () C:\windows\PFRO.log 2014-06-03 14:04 - 2014-06-03 14:05 - 00000000 ____D () C:\AdwCleaner 2014-06-03 14:03 - 2014-06-03 14:03 - 01327971 _____ () C:\Users\Hoang\Downloads\adwcleaner_3.211.exe 2014-06-02 19:49 - 2014-06-02 19:49 - 00000000 ____D () C:\windows\LastGood.Tmp 2014-06-02 19:49 - 2014-05-30 01:07 - 01715176 _____ (NVIDIA Corporation) C:\windows\system32\nvspbridge64.dll 2014-06-02 19:49 - 2014-05-30 01:07 - 01291232 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvspbridge.dll 2014-06-02 19:49 - 2014-03-31 18:42 - 00040392 _____ (NVIDIA Corporation) C:\windows\system32\Drivers\nvvad64v.sys 2014-06-02 19:49 - 2014-03-31 18:42 - 00034760 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvaudcap32v.dll 2014-06-02 19:48 - 2014-06-02 19:49 - 00000103 _____ () C:\windows\setupact.log 2014-06-02 19:48 - 2014-06-02 19:48 - 00000000 _____ () C:\windows\setuperr.log 2014-06-02 15:40 - 2014-06-03 14:37 - 00023324 _____ () C:\Users\Hoang\Desktop\FRST.txt 2014-06-02 15:40 - 2014-06-03 14:35 - 00056270 _____ () C:\Users\Hoang\Desktop\FRST1-6.txt 2014-06-02 15:40 - 2014-06-02 15:41 - 00036767 _____ () C:\Users\Hoang\Desktop\Addition.txt 2014-06-02 15:39 - 2014-06-03 14:37 - 00000000 ____D () C:\FRST 2014-06-01 15:54 - 2014-06-02 17:58 - 00000000 ____D () C:\Users\Hoang\AppData\Local\5ccf9f5034cbd628f96dfef491f2d7b1 2014-06-01 11:22 - 2014-06-01 11:22 - 02067456 _____ (Farbar) C:\Users\Hoang\Desktop\FRST64.exe 2014-06-01 11:16 - 2014-06-01 11:16 - 02067456 _____ (Farbar) C:\Users\Hoang\Downloads\FRST64.exe 2014-06-01 10:00 - 2014-06-01 10:00 - 00001169 _____ () C:\Users\Hoang\Desktop\suchlauf_protokoll_malwarebytes.txt 2014-06-01 08:59 - 2014-06-01 08:59 - 00002772 _____ () C:\windows\System32\Tasks\CCleanerSkipUAC 2014-06-01 08:59 - 2014-06-01 08:59 - 00000000 ____D () C:\Program Files\CCleaner 2014-06-01 08:57 - 2014-06-01 08:57 - 04748896 _____ (Piriform Ltd) C:\Users\Hoang\Downloads\ccsetup414.exe 2014-05-31 10:25 - 2014-05-31 10:26 - 00259584 _____ (OldTimer Tools) C:\Users\Hoang\Downloads\OTH.scr 2014-05-30 19:59 - 2014-06-03 14:08 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-30 19:58 - 2014-05-30 19:58 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Hoang\Downloads\mbam-setup-2.0.2.1012(1).exe 2014-05-30 19:58 - 2014-05-30 19:58 - 00001104 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-05-30 19:58 - 2014-05-30 19:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-05-30 19:58 - 2014-05-30 19:58 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-05-30 19:58 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys 2014-05-30 19:58 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys 2014-05-30 19:58 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys 2014-05-29 14:46 - 2014-05-29 14:46 - 00000000 ____D () C:\Users\Hoang\AppData\Roaming\Avira 2014-05-29 14:40 - 2014-05-09 11:16 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys 2014-05-29 14:40 - 2014-05-09 11:16 - 00112080 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys 2014-05-29 14:40 - 2014-05-09 11:16 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avkmgr.sys 2014-05-29 14:39 - 2014-05-29 14:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-05-29 14:39 - 2014-05-29 14:40 - 00000000 ____D () C:\ProgramData\Avira 2014-05-29 14:39 - 2014-05-29 14:40 - 00000000 ____D () C:\Program Files (x86)\Avira 2014-05-29 14:39 - 2014-05-29 14:39 - 04536336 _____ (Avira Operations GmbH & Co. KG) C:\Users\Hoang\Downloads\avira_de_av_4006160815__ws.exe 2014-05-29 14:29 - 2014-05-29 14:29 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Hoang\Downloads\mbam-setup-2.0.2.1012.exe 2014-05-29 14:29 - 2014-05-29 14:29 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-05-28 20:58 - 2014-05-28 20:58 - 00342510 _____ () C:\Users\Hoang\Downloads\OptiFine_1.4.6_HD_D5.zip 2014-05-28 19:37 - 2014-05-28 19:37 - 00006384 _____ () C:\Users\Hoang\Downloads\1k18vtgw33x6d7a.dlc 2014-05-28 18:17 - 2014-06-02 17:58 - 00000000 ____D () C:\Users\Hoang\AppData\Local\4ff68f9b611df627146909e95ab1c403 2014-05-28 14:37 - 2014-05-28 14:38 - 00000000 ____D () C:\Users\Hoang\Downloads\assets 2014-05-28 14:37 - 2014-05-28 14:37 - 00000000 ____D () C:\Users\Hoang\Downloads\versions 2014-05-28 14:37 - 2014-05-28 14:37 - 00000000 ____D () C:\Users\Hoang\Downloads\libraries 2014-05-28 14:14 - 2014-05-29 20:15 - 00000000 ____D () C:\Users\Hoang\AppData\Local\ftblauncher 2014-05-28 09:22 - 2014-05-28 09:22 - 00000000 ____D () C:\Users\Hoang\AppData\Roaming\StunlockStudios 2014-05-18 10:35 - 2014-05-18 10:35 - 00000000 __SHD () C:\found.001 2014-05-18 10:18 - 2014-05-18 10:18 - 00000000 __SHD () C:\found.000 2014-05-18 09:54 - 2014-05-18 09:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\osu! 2014-05-17 20:51 - 2014-05-17 20:51 - 00000000 ____D () C:\Users\Hoang\AppData\Roaming\Awesomium 2014-05-17 20:50 - 2014-05-17 20:50 - 00002026 _____ () C:\Users\Public\Desktop\Smite.lnk 2014-05-17 20:50 - 2014-05-17 20:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios 2014-05-17 20:50 - 2014-05-17 20:50 - 00000000 ____D () C:\ProgramData\Hi-Rez Studios 2014-05-17 20:50 - 2014-05-17 20:50 - 00000000 ____D () C:\Program Files (x86)\Hi-Rez Studios 2014-05-17 20:49 - 2014-05-17 20:50 - 39967251 _____ (Hi-Rez Studios) C:\Users\Hoang\Downloads\InstallHiRezGamesEnglish.exe 2014-05-17 19:58 - 2014-05-17 19:58 - 00283144 _____ (Mozilla) C:\Users\Hoang\Downloads\Firefox Setup Stub 29.0.1.exe 2014-05-17 19:58 - 2014-05-17 19:58 - 00001161 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-05-17 19:56 - 2014-05-17 19:56 - 00003114 _____ () C:\windows\System32\Tasks\{9CF79E44-3096-42FA-8501-B0888A8F8F44} 2014-05-17 15:32 - 2014-06-02 19:51 - 00000000 ____D () C:\Program Files (x86)\Steam2 2014-05-17 15:12 - 2014-05-17 15:12 - 01141680 _____ () C:\Users\Hoang\Downloads\SteamSetup.exe 2014-05-16 17:08 - 2014-05-17 10:14 - 00000000 ____D () C:\Users\Hoang\AppData\Local\Arma 3 2014-05-16 17:08 - 2014-05-16 17:08 - 00000000 ____D () C:\Users\Hoang\Documents\Arma 3 2014-05-16 17:08 - 2014-05-16 17:08 - 00000000 ____D () C:\ProgramData\Bohemia Interactive 2014-05-16 15:17 - 2014-05-17 10:49 - 00000000 ____D () C:\Users\Hoang\Documents\Wichtig 2014-05-16 14:00 - 2014-05-16 14:00 - 06111731 _____ () C:\Users\Hoang\Downloads\LAN_Win7_7077.zip 2014-05-16 13:58 - 2014-05-16 13:58 - 00155838 _____ () C:\Users\Hoang\Downloads\Lan_Realtek_7.3.522.5009_W7x64_A.zip 2014-05-16 13:49 - 2014-05-16 13:49 - 04927173 _____ () C:\Users\Hoang\Downloads\INF_10.0.14.zip 2014-05-16 13:13 - 2014-05-16 13:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi 2014-05-16 13:13 - 2014-05-16 13:13 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi 2014-05-15 15:48 - 2014-03-28 10:23 - 19759104 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll 2014-05-15 15:48 - 2014-03-28 08:18 - 17562112 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll 2014-05-15 15:47 - 2014-04-12 11:10 - 00578048 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe 2014-05-15 15:47 - 2014-04-12 11:09 - 00588288 _____ (Microsoft Corporation) C:\windows\system32\SHCore.dll 2014-05-15 15:47 - 2014-04-12 11:08 - 01281536 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll 2014-05-15 15:47 - 2014-04-12 11:08 - 00827904 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll 2014-05-15 15:47 - 2014-04-12 11:08 - 00318464 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll 2014-05-15 15:47 - 2014-04-12 09:23 - 00273920 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll 2014-05-15 15:47 - 2014-04-12 09:22 - 00666624 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll 2014-05-15 15:47 - 2014-03-28 21:19 - 00035856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdBoot.sys 2014-05-15 15:47 - 2014-03-24 00:11 - 00269592 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdFilter.sys 2014-05-15 15:47 - 2014-03-11 05:32 - 06987096 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe 2014-05-15 15:47 - 2014-03-11 02:38 - 00982016 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll 2014-05-15 15:47 - 2014-03-11 02:38 - 00684032 _____ (Microsoft Corporation) C:\windows\system32\objsel.dll 2014-05-15 15:47 - 2014-03-11 02:38 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll 2014-05-15 15:47 - 2014-03-04 01:07 - 00570216 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys 2014-05-15 15:46 - 2014-04-12 11:27 - 00172888 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys 2014-05-15 15:46 - 2014-04-12 11:09 - 01043968 _____ (Microsoft Corporation) C:\windows\system32\usercpl.dll 2014-05-15 15:46 - 2014-04-12 11:09 - 00208896 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll 2014-05-15 15:46 - 2014-04-12 11:09 - 00094720 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll 2014-05-15 15:46 - 2014-04-12 11:08 - 00439808 _____ (Microsoft Corporation) C:\windows\system32\lsm.dll 2014-05-15 15:46 - 2014-04-12 11:07 - 00020480 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll 2014-05-15 15:46 - 2014-04-12 09:23 - 00961536 _____ (Microsoft Corporation) C:\windows\SysWOW64\usercpl.dll 2014-05-15 15:46 - 2014-04-12 09:23 - 00452608 _____ (Microsoft Corporation) C:\windows\SysWOW64\SHCore.dll 2014-05-15 15:46 - 2014-04-12 09:23 - 00178688 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll 2014-05-15 15:46 - 2014-04-12 09:23 - 00076800 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll 2014-05-15 15:46 - 2014-04-12 09:22 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll 2014-05-15 15:46 - 2014-04-12 08:58 - 00014848 _____ (Microsoft Corporation) C:\windows\system32\workerdd.dll 2014-05-15 15:46 - 2014-03-11 05:25 - 00100184 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys 2014-05-15 15:46 - 2014-03-11 02:41 - 00559104 _____ (Microsoft Corporation) C:\windows\SysWOW64\objsel.dll 2014-05-15 15:46 - 2014-03-11 02:41 - 00323072 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll 2014-05-15 15:46 - 2014-03-11 02:41 - 00038400 _____ (Microsoft Corporation) C:\windows\SysWOW64\dimsroam.dll 2014-05-15 15:46 - 2014-03-11 02:39 - 00035840 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe 2014-05-15 15:46 - 2014-03-11 02:38 - 00419328 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll 2014-05-15 15:46 - 2014-03-11 02:38 - 00179712 _____ (Microsoft Corporation) C:\windows\system32\dpapisrv.dll 2014-05-15 15:46 - 2014-03-11 02:38 - 00045056 _____ (Microsoft Corporation) C:\windows\system32\dimsroam.dll 2014-05-15 15:46 - 2014-03-11 02:38 - 00027648 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll 2014-05-15 15:46 - 2014-03-10 05:05 - 00668160 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll 2014-05-15 15:46 - 2014-03-10 03:27 - 00099840 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll 2014-05-15 15:45 - 2014-05-06 07:14 - 19274752 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2014-05-15 15:45 - 2014-05-06 07:14 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll 2014-05-15 15:45 - 2014-05-06 05:48 - 14367232 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2014-05-15 15:45 - 2014-05-06 05:48 - 00080384 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll 2014-05-15 15:45 - 2014-05-06 05:37 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2014-05-15 15:45 - 2014-05-06 05:26 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb 2014-05-15 15:45 - 2014-03-28 10:23 - 01287168 _____ (Microsoft Corporation) C:\windows\system32\schedsvc.dll 2014-05-15 15:45 - 2014-03-01 11:47 - 01258496 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll 2014-05-15 15:45 - 2014-03-01 11:47 - 01120768 _____ (Microsoft Corporation) C:\windows\system32\gpedit.dll 2014-05-15 15:45 - 2014-03-01 10:07 - 01075200 _____ (Microsoft Corporation) C:\windows\SysWOW64\gpedit.dll 2014-05-15 15:45 - 2014-03-01 08:59 - 00974848 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll 2014-05-15 15:45 - 2014-02-27 01:18 - 00621568 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv2.sys 2014-05-15 15:45 - 2014-02-27 01:18 - 00370688 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys 2014-05-15 15:45 - 2014-02-27 01:18 - 00247808 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srvnet.sys 2014-05-15 15:45 - 2014-02-27 01:18 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys 2014-05-15 15:45 - 2014-02-15 06:15 - 00078336 _____ (Microsoft Corporation) C:\windows\system32\Drivers\IPMIDrv.sys 2014-05-13 16:21 - 2014-05-13 16:28 - 05828846 _____ () C:\Users\Hoang\Downloads\01 Hört, Hört (Intro).m4a 2014-05-13 14:29 - 2014-05-13 14:29 - 00046136 ____H (LogMeIn Inc.) C:\windows\system32\Drivers\Hamdrv.sys 2014-05-10 22:04 - 2014-05-10 22:04 - 00000000 ____D () C:\Users\Hoang\Documents\Klei 2014-05-10 22:03 - 2014-05-29 14:45 - 00000000 ____D () C:\Program Files (x86)\Dont Starve Reign of Giants 2014-05-10 22:02 - 2014-05-10 22:02 - 00000000 ____D () C:\Users\Hoang\Documents\Dont.Starve.Reign.of.Giants-CODEX 2014-05-10 21:53 - 2014-05-10 21:54 - 350810614 _____ () C:\Users\Hoang\Downloads\Dont.Starve.Reign.of.Giants-CODEX.rar 2014-05-10 10:13 - 2014-05-17 19:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-05-06 14:30 - 2014-04-19 11:39 - 00628024 _____ (Microsoft Corporation) C:\windows\system32\NotificationUI.exe 2014-05-06 14:30 - 2014-04-19 10:45 - 00693760 _____ (Microsoft Corporation) C:\windows\system32\WSShared.dll 2014-05-06 14:30 - 2014-04-19 10:45 - 00163840 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2014-05-06 14:30 - 2014-04-19 08:57 - 00566784 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSShared.dll 2014-05-06 14:30 - 2014-04-19 08:57 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 2014-05-04 18:47 - 2014-05-04 18:47 - 65912202 _____ () C:\Users\Hoang\Downloads\PAYDAY 2 ENDGAME 1.01.zip ==================== One Month Modified Files and Folders ======= 2014-06-03 14:37 - 2014-06-02 15:40 - 00023324 _____ () C:\Users\Hoang\Desktop\FRST.txt 2014-06-03 14:37 - 2014-06-02 15:39 - 00000000 ____D () C:\FRST 2014-06-03 14:37 - 2013-02-08 10:24 - 00000000 ____D () C:\Users\Hoang\AppData\Local\PMB Files 2014-06-03 14:37 - 2013-02-07 22:22 - 00000000 ____D () C:\Users\Hoang\AppData\Local\Temp 2014-06-03 14:35 - 2014-06-02 15:40 - 00056270 _____ () C:\Users\Hoang\Desktop\FRST1-6.txt 2014-06-03 14:34 - 2013-02-08 12:57 - 00000000 ____D () C:\Users\Hoang\AppData\Roaming\Skype 2014-06-03 14:34 - 2013-02-07 22:32 - 00003594 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3899298961-605761135-190624624-1001 2014-06-03 14:31 - 2014-06-03 14:31 - 00001439 _____ () C:\Users\Hoang\Desktop\JRT.txt 2014-06-03 14:28 - 2014-06-03 14:28 - 00000000 ____D () C:\windows\ERUNT 2014-06-03 14:27 - 2014-06-03 14:27 - 01016261 _____ (Thisisu) C:\Users\Hoang\Desktop\JRT.exe 2014-06-03 14:24 - 2014-06-03 14:24 - 00001151 _____ () C:\Users\Hoang\Desktop\3-6-14-suchlauf_mbam.txt 2014-06-03 14:14 - 2013-06-20 16:33 - 00001124 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-06-03 14:12 - 2012-12-12 14:12 - 00745562 _____ () C:\windows\system32\perfh007.dat 2014-06-03 14:12 - 2012-12-12 14:12 - 00169488 _____ () C:\windows\system32\perfc007.dat 2014-06-03 14:12 - 2012-07-26 09:28 - 01752656 _____ () C:\windows\system32\PerfStringBackup.INI 2014-06-03 14:09 - 2013-10-07 10:46 - 00000000 ____D () C:\Users\Hoang\AppData\Local\LogMeIn Hamachi 2014-06-03 14:09 - 2013-10-03 19:35 - 00000000 ____D () C:\Program Files (x86)\Origin 2014-06-03 14:08 - 2014-05-30 19:59 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2014-06-03 14:08 - 2013-02-08 10:16 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job 2014-06-03 14:07 - 2013-06-20 16:33 - 00001120 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-06-03 14:06 - 2014-06-03 14:06 - 00000772 _____ () C:\windows\PFRO.log 2014-06-03 14:06 - 2013-02-09 20:03 - 00000348 _____ () C:\windows\Tasks\HPCeeScheduleForHoang.job 2014-06-03 14:06 - 2012-12-12 05:18 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-06-03 14:06 - 2012-07-26 09:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2014-06-03 14:06 - 2012-07-26 07:26 - 00262144 ___SH () C:\windows\system32\config\BBI 2014-06-03 14:05 - 2014-06-03 14:04 - 00000000 ____D () C:\AdwCleaner 2014-06-03 14:05 - 2013-02-07 22:22 - 01126208 _____ () C:\windows\WindowsUpdate.log 2014-06-03 14:03 - 2014-06-03 14:03 - 01327971 _____ () C:\Users\Hoang\Downloads\adwcleaner_3.211.exe 2014-06-03 14:00 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\system32\sru 2014-06-03 13:53 - 2013-10-03 19:35 - 00000000 ____D () C:\ProgramData\Origin 2014-06-02 19:53 - 2013-11-03 21:08 - 00000000 ____D () C:\Program Files (x86)\osu! 2014-06-02 19:51 - 2014-05-17 15:32 - 00000000 ____D () C:\Program Files (x86)\Steam2 2014-06-02 19:49 - 2014-06-02 19:49 - 00000000 ____D () C:\windows\LastGood.Tmp 2014-06-02 19:49 - 2014-06-02 19:48 - 00000103 _____ () C:\windows\setupact.log 2014-06-02 19:49 - 2013-11-12 20:30 - 00000000 ____D () C:\Users\Hoang\AppData\Local\NVIDIA Corporation 2014-06-02 19:49 - 2012-12-12 05:17 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation 2014-06-02 19:49 - 2012-12-12 05:16 - 00000000 ____D () C:\Program Files\NVIDIA Corporation 2014-06-02 19:49 - 2012-12-12 05:16 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation 2014-06-02 19:48 - 2014-06-02 19:48 - 00000000 _____ () C:\windows\setuperr.log 2014-06-02 17:58 - 2014-06-01 15:54 - 00000000 ____D () C:\Users\Hoang\AppData\Local\5ccf9f5034cbd628f96dfef491f2d7b1 2014-06-02 17:58 - 2014-05-28 18:17 - 00000000 ____D () C:\Users\Hoang\AppData\Local\4ff68f9b611df627146909e95ab1c403 2014-06-02 16:55 - 2013-02-08 12:10 - 00000000 ____D () C:\Users\Hoang\AppData\Roaming\.minecraft 2014-06-02 15:41 - 2014-06-02 15:40 - 00036767 _____ () C:\Users\Hoang\Desktop\Addition.txt 2014-06-02 15:38 - 2014-04-30 13:56 - 00003162 _____ () C:\windows\System32\Tasks\HPCeeScheduleForHoang 2014-06-02 15:38 - 2013-02-07 22:22 - 00000000 ____D () C:\Users\Hoang 2014-06-02 15:12 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\AUInstallAgent 2014-06-01 11:22 - 2014-06-01 11:22 - 02067456 _____ (Farbar) C:\Users\Hoang\Desktop\FRST64.exe 2014-06-01 11:16 - 2014-06-01 11:16 - 02067456 _____ (Farbar) C:\Users\Hoang\Downloads\FRST64.exe 2014-06-01 10:00 - 2014-06-01 10:00 - 00001169 _____ () C:\Users\Hoang\Desktop\suchlauf_protokoll_malwarebytes.txt 2014-06-01 09:16 - 2013-03-09 20:01 - 00431616 ___SH () C:\Users\Hoang\Desktop\Thumbs.db 2014-06-01 09:10 - 2013-09-07 20:24 - 00000000 ____D () C:\Users\Hoang\AppData\Roaming\DAEMON Tools Lite 2014-06-01 09:10 - 2013-05-20 19:54 - 00000000 ____D () C:\Users\Hoang\AppData\Roaming\TS3Client 2014-06-01 09:10 - 2013-05-07 14:33 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-06-01 09:03 - 2014-02-24 16:00 - 00000000 ____D () C:\windows\Minidump 2014-06-01 09:03 - 2012-08-02 04:02 - 00000000 ____D () C:\windows\Panther 2014-06-01 08:59 - 2014-06-01 08:59 - 00002772 _____ () C:\windows\System32\Tasks\CCleanerSkipUAC 2014-06-01 08:59 - 2014-06-01 08:59 - 00000000 ____D () C:\Program Files\CCleaner 2014-06-01 08:57 - 2014-06-01 08:57 - 04748896 _____ (Piriform Ltd) C:\Users\Hoang\Downloads\ccsetup414.exe 2014-05-31 19:08 - 2013-02-09 20:03 - 00000052 _____ () C:\windows\SysWOW64\DOErrors.log 2014-05-31 19:08 - 2013-02-09 20:03 - 00000000 _____ () C:\windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt 2014-05-31 10:26 - 2014-05-31 10:25 - 00259584 _____ (OldTimer Tools) C:\Users\Hoang\Downloads\OTH.scr 2014-05-30 19:58 - 2014-05-30 19:58 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Hoang\Downloads\mbam-setup-2.0.2.1012(1).exe 2014-05-30 19:58 - 2014-05-30 19:58 - 00001104 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-05-30 19:58 - 2014-05-30 19:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-05-30 19:58 - 2014-05-30 19:58 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-05-30 01:07 - 2014-06-02 19:49 - 01715176 _____ (NVIDIA Corporation) C:\windows\system32\nvspbridge64.dll 2014-05-30 01:07 - 2014-06-02 19:49 - 01291232 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvspbridge.dll 2014-05-30 01:07 - 2013-10-29 18:15 - 01279480 _____ (NVIDIA Corporation) C:\windows\system32\nvspcap64.dll 2014-05-30 01:07 - 2013-10-29 18:15 - 01122312 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvspcap.dll 2014-05-29 20:15 - 2014-05-28 14:14 - 00000000 ____D () C:\Users\Hoang\AppData\Local\ftblauncher 2014-05-29 14:46 - 2014-05-29 14:46 - 00000000 ____D () C:\Users\Hoang\AppData\Roaming\Avira 2014-05-29 14:45 - 2014-05-10 22:03 - 00000000 ____D () C:\Program Files (x86)\Dont Starve Reign of Giants 2014-05-29 14:43 - 2014-04-13 09:35 - 00000000 ____D () C:\Users\Hoang\Desktop\Unwichtig 2014-05-29 14:40 - 2014-05-29 14:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-05-29 14:40 - 2014-05-29 14:39 - 00000000 ____D () C:\ProgramData\Avira 2014-05-29 14:40 - 2014-05-29 14:39 - 00000000 ____D () C:\Program Files (x86)\Avira 2014-05-29 14:39 - 2014-05-29 14:39 - 04536336 _____ (Avira Operations GmbH & Co. KG) C:\Users\Hoang\Downloads\avira_de_av_4006160815__ws.exe 2014-05-29 14:39 - 2013-07-10 16:37 - 00000000 ____D () C:\ProgramData\Package Cache 2014-05-29 14:29 - 2014-05-29 14:29 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Hoang\Downloads\mbam-setup-2.0.2.1012.exe 2014-05-29 14:29 - 2014-05-29 14:29 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-05-29 12:36 - 2013-05-07 15:10 - 00000000 ____D () C:\Users\Hoang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2014-05-28 20:58 - 2014-05-28 20:58 - 00342510 _____ () C:\Users\Hoang\Downloads\OptiFine_1.4.6_HD_D5.zip 2014-05-28 19:37 - 2014-05-28 19:37 - 00006384 _____ () C:\Users\Hoang\Downloads\1k18vtgw33x6d7a.dlc 2014-05-28 14:38 - 2014-05-28 14:37 - 00000000 ____D () C:\Users\Hoang\Downloads\assets 2014-05-28 14:38 - 2013-08-17 09:52 - 00000000 ____D () C:\Users\Hoang\Downloads\FTBLite 2014-05-28 14:37 - 2014-05-28 14:37 - 00000000 ____D () C:\Users\Hoang\Downloads\versions 2014-05-28 14:37 - 2014-05-28 14:37 - 00000000 ____D () C:\Users\Hoang\Downloads\libraries 2014-05-28 14:37 - 2013-06-04 14:56 - 00000000 ____D () C:\Users\Hoang\AppData\Roaming\ftblauncher 2014-05-28 14:15 - 2014-02-21 16:46 - 00000000 ____D () C:\Users\Hoang\Downloads\authlib 2014-05-28 09:22 - 2014-05-28 09:22 - 00000000 ____D () C:\Users\Hoang\AppData\Roaming\StunlockStudios 2014-05-27 18:28 - 2013-10-25 18:51 - 00000000 ____D () C:\Users\Hoang\AppData\Roaming\.technic 2014-05-25 18:38 - 2013-08-21 18:03 - 00012502 _____ () C:\Users\Hoang\Documents\Praktikum-Lebenslauf.odt 2014-05-25 18:23 - 2013-06-06 17:48 - 00291128 _____ () C:\windows\SysWOW64\PnkBstrB.xtr 2014-05-25 18:23 - 2013-06-06 17:47 - 00291128 _____ () C:\windows\SysWOW64\PnkBstrB.exe 2014-05-25 18:22 - 2013-06-06 17:47 - 00291128 _____ () C:\windows\SysWOW64\PnkBstrB.ex0 2014-05-23 14:36 - 2013-05-07 19:45 - 00000000 ___HD () C:\windows\msdownld.tmp 2014-05-23 14:36 - 2013-05-07 19:45 - 00000000 ____D () C:\windows\SysWOW64\directx 2014-05-23 14:02 - 2014-04-30 18:38 - 00000000 ____D () C:\Program Files (x86)\OBS 2014-05-18 18:44 - 2013-05-06 18:10 - 00000000 ____D () C:\Users\Hoang\Desktop\Wichtig 2014-05-18 11:48 - 2013-04-04 18:08 - 00000000 ____D () C:\Users\Hoang\Documents\My Games 2014-05-18 10:36 - 2013-02-07 22:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-05-18 10:35 - 2014-05-18 10:35 - 00000000 __SHD () C:\found.001 2014-05-18 10:18 - 2014-05-18 10:18 - 00000000 __SHD () C:\found.000 2014-05-18 09:57 - 2013-11-03 21:08 - 00000000 ____D () C:\Users\Hoang\Documents\Songs 2014-05-18 09:56 - 2013-11-03 21:08 - 00000000 ____D () C:\Users\Hoang\Documents\Skins 2014-05-18 09:54 - 2014-05-18 09:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\osu! 2014-05-17 20:51 - 2014-05-17 20:51 - 00000000 ____D () C:\Users\Hoang\AppData\Roaming\Awesomium 2014-05-17 20:50 - 2014-05-17 20:50 - 00002026 _____ () C:\Users\Public\Desktop\Smite.lnk 2014-05-17 20:50 - 2014-05-17 20:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios 2014-05-17 20:50 - 2014-05-17 20:50 - 00000000 ____D () C:\ProgramData\Hi-Rez Studios 2014-05-17 20:50 - 2014-05-17 20:50 - 00000000 ____D () C:\Program Files (x86)\Hi-Rez Studios 2014-05-17 20:50 - 2014-05-17 20:49 - 39967251 _____ (Hi-Rez Studios) C:\Users\Hoang\Downloads\InstallHiRezGamesEnglish.exe 2014-05-17 20:50 - 2012-12-12 05:22 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-05-17 19:58 - 2014-05-17 19:58 - 00283144 _____ (Mozilla) C:\Users\Hoang\Downloads\Firefox Setup Stub 29.0.1.exe 2014-05-17 19:58 - 2014-05-17 19:58 - 00001161 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-05-17 19:58 - 2014-05-10 10:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-05-17 19:58 - 2013-02-07 22:30 - 00000000 ____D () C:\Users\Hoang\AppData\Roaming\Mozilla 2014-05-17 19:56 - 2014-05-17 19:56 - 00003114 _____ () C:\windows\System32\Tasks\{9CF79E44-3096-42FA-8501-B0888A8F8F44} 2014-05-17 15:32 - 2013-05-07 14:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam 2014-05-17 15:12 - 2014-05-17 15:12 - 01141680 _____ () C:\Users\Hoang\Downloads\SteamSetup.exe 2014-05-17 10:49 - 2014-05-16 15:17 - 00000000 ____D () C:\Users\Hoang\Documents\Wichtig 2014-05-17 10:16 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\LiveKernelReports 2014-05-17 10:14 - 2014-05-16 17:08 - 00000000 ____D () C:\Users\Hoang\AppData\Local\Arma 3 2014-05-16 20:22 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\rescache 2014-05-16 17:08 - 2014-05-16 17:08 - 00000000 ____D () C:\Users\Hoang\Documents\Arma 3 2014-05-16 17:08 - 2014-05-16 17:08 - 00000000 ____D () C:\ProgramData\Bohemia Interactive 2014-05-16 14:00 - 2014-05-16 14:00 - 06111731 _____ () C:\Users\Hoang\Downloads\LAN_Win7_7077.zip 2014-05-16 13:58 - 2014-05-16 13:58 - 00155838 _____ () C:\Users\Hoang\Downloads\Lan_Realtek_7.3.522.5009_W7x64_A.zip 2014-05-16 13:49 - 2014-05-16 13:49 - 04927173 _____ () C:\Users\Hoang\Downloads\INF_10.0.14.zip 2014-05-16 13:28 - 2013-02-07 22:24 - 00000000 ___RD () C:\Users\Hoang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-05-16 13:28 - 2013-02-07 22:24 - 00000000 ___RD () C:\Users\Hoang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-05-16 13:13 - 2014-05-16 13:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi 2014-05-16 13:13 - 2014-05-16 13:13 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi 2014-05-16 13:09 - 2012-07-26 10:12 - 00000000 ___RD () C:\windows\ToastData 2014-05-16 13:09 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-05-16 13:09 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-05-16 13:09 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\system32\SecureBootUpdates 2014-05-16 13:09 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files\Windows Defender 2014-05-16 13:09 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender 2014-05-15 18:12 - 2012-07-26 09:59 - 00000000 ____D () C:\windows\CbsTemp 2014-05-15 18:06 - 2013-08-14 16:27 - 00000000 ____D () C:\windows\system32\MRT 2014-05-15 18:03 - 2013-02-09 13:30 - 93223848 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2014-05-15 18:03 - 2012-07-26 07:26 - 00262144 ___SH () C:\windows\system32\config\ELAM 2014-05-13 20:09 - 2013-02-08 10:16 - 00003772 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater 2014-05-13 16:28 - 2014-05-13 16:21 - 05828846 _____ () C:\Users\Hoang\Downloads\01 Hört, Hört (Intro).m4a 2014-05-13 14:29 - 2014-05-13 14:29 - 00046136 ____H (LogMeIn Inc.) C:\windows\system32\Drivers\Hamdrv.sys 2014-05-12 15:48 - 2013-04-02 18:33 - 00000000 ____D () C:\Users\Hoang\Documents\uztcf 2014-05-12 07:26 - 2014-05-30 19:58 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys 2014-05-12 07:26 - 2014-05-30 19:58 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys 2014-05-12 07:25 - 2014-05-30 19:58 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys 2014-05-10 22:04 - 2014-05-10 22:04 - 00000000 ____D () C:\Users\Hoang\Documents\Klei 2014-05-10 22:02 - 2014-05-10 22:02 - 00000000 ____D () C:\Users\Hoang\Documents\Dont.Starve.Reign.of.Giants-CODEX 2014-05-10 21:54 - 2014-05-10 21:53 - 350810614 _____ () C:\Users\Hoang\Downloads\Dont.Starve.Reign.of.Giants-CODEX.rar 2014-05-10 09:09 - 2013-06-20 16:33 - 00004096 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-05-10 09:09 - 2013-06-20 16:33 - 00003860 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-05-09 11:16 - 2014-05-29 14:40 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys 2014-05-09 11:16 - 2014-05-29 14:40 - 00112080 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys 2014-05-09 11:16 - 2014-05-29 14:40 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avkmgr.sys 2014-05-06 17:25 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\WinStore 2014-05-06 07:14 - 2014-05-15 15:45 - 19274752 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2014-05-06 07:14 - 2014-05-15 15:45 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll 2014-05-06 05:48 - 2014-05-15 15:45 - 14367232 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2014-05-06 05:48 - 2014-05-15 15:45 - 00080384 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll 2014-05-06 05:37 - 2014-05-15 15:45 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2014-05-06 05:26 - 2014-05-15 15:45 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb 2014-05-04 18:47 - 2014-05-04 18:47 - 65912202 _____ () C:\Users\Hoang\Downloads\PAYDAY 2 ENDGAME 1.01.zip Some content of TEMP: ==================== C:\Users\Hoang\AppData\Local\Temp\avgnt.exe C:\Users\Hoang\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe [2014-05-15 15:47] - [2014-04-12 11:10] - 0578048 ____A (Microsoft Corporation) 75DD70A14145499C9F7D903CF9A8C91B C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-05-26 19:48 ==================== End Of Log ============================ Geändert von SkyMiep (03.06.2014 um 13:41 Uhr) |
|
04.06.2014, 08:24
| #8 |
| /// the machine /// TB-Ausbilder | Windows 8: ungewollte Werbung bei SteamESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
04.06.2014, 14:55
| #9 |
| | Windows 8: ungewollte Werbung bei Steam Eset Online Scanner kann die Updates nicht runterladen. >_> Da steht: Updates funktionieren nicht. Ist ein Proxy eingerichtet? |
|
05.06.2014, 11:59
| #10 |
| /// the machine /// TB-Ausbilder | Windows 8: ungewollte Werbung bei Steam Lass ESET weg und mach dafür nen Vollscan mit deinem AV Programm.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
05.06.2014, 13:26
| #11 |
| | Windows 8: ungewollte Werbung bei Steam Security Check: Results of screen317's Security Check version 0.99.83 x64 (UAC is enabled) Internet Explorer 10 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Windows Defender Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Java 7 Update 13 Java version out of Date! Adobe Flash Player 13.0.0.214 Mozilla Firefox (29.0.1) Mozilla Thunderbird (24.2.0) Google Chrome 34.0.1847.137 Google Chrome 35.0.1916.114 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Avira Antivir avgnt.exe Avira Antivir avguard.exe Malwarebytes Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` FRST: FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-06-2014 Ran by Hoang (administrator) on MIEP-PC on 05-06-2014 14:14:09 Running from C:\Users\Hoang\Desktop Platform: Windows 8 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe () C:\Users\Hoang\AppData\Local\5ccf9f5034cbd628f96dfef491f2d7b1\3c4ee9082da815d.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe () C:\Windows\SysWOW64\PnkBstrA.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe () C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Akamai Technologies, Inc.) C:\Users\Hoang\AppData\Local\Akamai\netsession_win.exe () C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe (Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe () C:\Program Files (x86)\puush\puush.exe (ROCCAT) C:\Program Files (x86)\ROCCAT\Lua Mouse\Lua Config.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Akamai Technologies, Inc.) C:\Users\Hoang\AppData\Local\Akamai\netsession_win.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2012-09-19] (Hewlett-Packard ) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-09-19] (IDT, Inc.) HKLM\...\Run: [ShadowPlay] => C:\windows\system32\nvspcap64.dll [1279480 2014-05-30] (NVIDIA Corporation) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2352072 2014-05-30] (NVIDIA Corporation) HKLM-x32\...\Run: [CLMLServer_For_P2G8] => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink) HKLM-x32\...\Run: [CLVirtualDrive] => c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-02] (CyberLink Corp.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3814736 2014-05-13] (LogMeIn Inc.) HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [183376 2014-05-14] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [737872 2014-05-09] (Avira Operations GmbH & Co. KG) HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-05-27] (Hewlett-Packard) HKU\S-1-5-21-3899298961-605761135-190624624-1001\...\Run: [Pando Media Booster] => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2013-02-08] () HKU\S-1-5-21-3899298961-605761135-190624624-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [18706176 2013-01-08] (Skype Technologies S.A.) HKU\S-1-5-21-3899298961-605761135-190624624-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Hoang\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.) HKU\S-1-5-21-3899298961-605761135-190624624-1001\...\Run: [KPeerNexonEU] => C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe [438272 2013-06-03] (NEXON Inc.) HKU\S-1-5-21-3899298961-605761135-190624624-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd) HKU\S-1-5-21-3899298961-605761135-190624624-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3588952 2014-04-25] (Electronic Arts) HKU\S-1-5-21-3899298961-605761135-190624624-1001\...\Run: [puush] => C:\Program Files (x86)\puush\puush.exe [567880 2014-02-05] () HKU\S-1-5-21-3899298961-605761135-190624624-1001\...\MountPoints2: {37b830c9-7161-11e2-be6d-806e6f6e6963} - "E:\Launch.exe" Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Lua Driver.lnk ShortcutTarget: Lua Driver.lnk -> C:\Program Files (x86)\ROCCAT\Lua Mouse\Lua Config.exe (ROCCAT) Startup: C:\Users\Hoang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () ==================== Internet (Whitelisted) ==================== ProxyEnable: Internet Explorer proxy is enabled. ProxyServer: http=127.0.0.1:34224 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = eseeky HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login. HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login. SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS SearchScopes: HKLM - {D17AA79F-6794-48CF-9478-3BB89D4B65B3} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = Electronics, Cars, Fashion, Collectibles, Coupons and More | eBay ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = Electronics, Cars, Fashion, Collectibles, Coupons and More | eBay ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = Bing SearchScopes: HKCU - {A8105727-97B2-4B68-8BA5-57150A17B1B3} URL = hxxp://eseeky.com/ws/?tbp=rst&q={searchTerms} SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = Electronics, Cars, Fashion, Collectibles, Coupons and More | eBay ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\Hoang\AppData\Roaming\Mozilla\Firefox\Profiles\ex1mu0gu.default FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll () FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll () FF Plugin-x32: @esn/npbattlelog,version=2.3.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.13.2 - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.13.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npNxGameEU.dll (Nexon) FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Hoang\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: YouTube Unblocker - C:\Users\Hoang\AppData\Roaming\Mozilla\Firefox\Profiles\ex1mu0gu.default\Extensions\youtubeunblocker@unblocker.yt [2014-05-24] FF Extension: NoScript - C:\Users\Hoang\AppData\Roaming\Mozilla\Firefox\Profiles\ex1mu0gu.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-05-17] FF Extension: Adblock Plus - C:\Users\Hoang\AppData\Roaming\Mozilla\Firefox\Profiles\ex1mu0gu.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-17] Chrome: ======= CHR HomePage: hxxp://www.eseeky.com CHR StartupUrls: "hxxp://www.eseeky.com" CHR DefaultSearchKeyword: eseeky CHR DefaultSearchProvider: eseeky CHR DefaultSearchURL: hxxp://eseeky.com/ws/?tbp=rst&q={searchTerms} CHR DefaultNewTabURL: CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\pdf.dll () CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) CHR Plugin: (Java(TM) Platform SE 7 U13) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (Nexon Game Controller) - C:\ProgramData\NexonEU\NGM\npNxGameEU.dll (Nexon) CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll No File CHR Plugin: (Java Deployment Toolkit 7.0.130.20) - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) CHR Extension: (Google Docs) - C:\Users\Hoang\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-06-20] CHR Extension: (Google Drive) - C:\Users\Hoang\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-20] CHR Extension: (YouTube) - C:\Users\Hoang\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-20] CHR Extension: (Google-Suche) - C:\Users\Hoang\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-20] CHR Extension: (Google Wallet) - C:\Users\Hoang\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-04] CHR Extension: (Google Mail) - C:\Users\Hoang\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-20] ==================== Services (Whitelisted) ================= R2 3c4ee9082da815d.exe; C:\Users\Hoang\AppData\Local\5ccf9f5034cbd628f96dfef491f2d7b1\3c4ee9082da815d.exe [93696 2014-05-27] () R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-05-09] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-05-09] (Avira Operations GmbH & Co. KG) R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [123984 2014-05-14] (Avira Operations GmbH & Co. KG) R2 HPConnectedRemote; c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35232 2012-08-29] (Hewlett-Packard) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation) R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-04-15] (LogMeIn, Inc.) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1631008 2014-05-30] (NVIDIA Corporation) S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21055432 2014-05-30] (NVIDIA Corporation) R2 PnkBstrA; C:\windows\SysWOW64\PnkBstrA.exe [76888 2014-02-16] () S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation) S2 d35d1fefe712838.exe; C:\Users\Hoang\AppData\Local\9c8e5f111312b248b5f48516f8664940\d35d1fefe712838.exe [X] ==================== Drivers (Whitelisted) ==================== R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [112080 2014-05-09] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [130584 2014-05-09] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-05-09] (Avira Operations GmbH & Co. KG) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink) R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283200 2013-09-07] (DT Soft Ltd) R3 hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [46136 2014-05-13] (LogMeIn Inc.) R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-05] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation) R3 tilfilter; C:\Windows\System32\drivers\TIxHCIlfilter.sys [17528 2012-11-20] (Texas Instruments, Inc.) R3 tiufilter; C:\Windows\System32\drivers\TIxHCIufilter.sys [23184 2012-11-20] (Texas Instruments, Inc.) S3 EagleX64; \??\C:\windows\system32\drivers\EagleX64.sys [X] S3 xhunter1; \??\C:\windows\xhunter1.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-06-05 14:09 - 2014-06-05 14:09 - 00854367 _____ () C:\Users\Hoang\Downloads\SecurityCheck.exe 2014-06-04 15:48 - 2014-06-04 15:48 - 02347384 _____ (ESET) C:\Users\Hoang\Downloads\esetsmartinstaller_deu.exe 2014-06-04 15:48 - 2014-06-04 15:48 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-06-03 14:31 - 2014-06-03 14:31 - 00001439 _____ () C:\Users\Hoang\Desktop\JRT.txt 2014-06-03 14:28 - 2014-06-03 14:28 - 00000000 ____D () C:\windows\ERUNT 2014-06-03 14:27 - 2014-06-03 14:27 - 01016261 _____ (Thisisu) C:\Users\Hoang\Desktop\JRT.exe 2014-06-03 14:24 - 2014-06-03 14:24 - 00001151 _____ () C:\Users\Hoang\Desktop\3-6-14-suchlauf_mbam.txt 2014-06-03 14:06 - 2014-06-03 14:06 - 00000772 _____ () C:\windows\PFRO.log 2014-06-03 14:04 - 2014-06-03 14:05 - 00000000 ____D () C:\AdwCleaner 2014-06-03 14:03 - 2014-06-03 14:03 - 01327971 _____ () C:\Users\Hoang\Downloads\adwcleaner_3.211.exe 2014-06-02 19:49 - 2014-06-02 19:49 - 00000000 ____D () C:\windows\LastGood.Tmp 2014-06-02 19:49 - 2014-05-30 01:07 - 01715176 _____ (NVIDIA Corporation) C:\windows\system32\nvspbridge64.dll 2014-06-02 19:49 - 2014-05-30 01:07 - 01291232 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvspbridge.dll 2014-06-02 19:49 - 2014-03-31 18:42 - 00040392 _____ (NVIDIA Corporation) C:\windows\system32\Drivers\nvvad64v.sys 2014-06-02 19:49 - 2014-03-31 18:42 - 00034760 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvaudcap32v.dll 2014-06-02 19:48 - 2014-06-02 19:49 - 00000103 _____ () C:\windows\setupact.log 2014-06-02 19:48 - 2014-06-02 19:48 - 00000000 _____ () C:\windows\setuperr.log 2014-06-02 15:40 - 2014-06-05 14:14 - 00021128 _____ () C:\Users\Hoang\Desktop\FRST.txt 2014-06-02 15:40 - 2014-06-03 14:37 - 00056454 _____ () C:\Users\Hoang\Desktop\FRST-.txt 2014-06-02 15:40 - 2014-06-03 14:35 - 00056270 _____ () C:\Users\Hoang\Desktop\FRST1-6.txt 2014-06-02 15:40 - 2014-06-02 15:41 - 00036767 _____ () C:\Users\Hoang\Desktop\Addition.txt 2014-06-02 15:39 - 2014-06-05 14:14 - 00000000 ____D () C:\FRST 2014-06-01 15:54 - 2014-06-02 17:58 - 00000000 ____D () C:\Users\Hoang\AppData\Local\5ccf9f5034cbd628f96dfef491f2d7b1 2014-06-01 11:22 - 2014-06-01 11:22 - 02067456 _____ (Farbar) C:\Users\Hoang\Desktop\FRST64.exe 2014-06-01 11:16 - 2014-06-01 11:16 - 02067456 _____ (Farbar) C:\Users\Hoang\Downloads\FRST64.exe 2014-06-01 10:00 - 2014-06-01 10:00 - 00001169 _____ () C:\Users\Hoang\Desktop\suchlauf_protokoll_malwarebytes.txt 2014-06-01 08:59 - 2014-06-01 08:59 - 00002772 _____ () C:\windows\System32\Tasks\CCleanerSkipUAC 2014-06-01 08:59 - 2014-06-01 08:59 - 00000000 ____D () C:\Program Files\CCleaner 2014-06-01 08:57 - 2014-06-01 08:57 - 04748896 _____ (Piriform Ltd) C:\Users\Hoang\Downloads\ccsetup414.exe 2014-05-31 10:25 - 2014-05-31 10:26 - 00259584 _____ (OldTimer Tools) C:\Users\Hoang\Downloads\OTH.scr 2014-05-30 19:59 - 2014-06-05 14:05 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-30 19:58 - 2014-05-30 19:58 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Hoang\Downloads\mbam-setup-2.0.2.1012(1).exe 2014-05-30 19:58 - 2014-05-30 19:58 - 00001104 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-05-30 19:58 - 2014-05-30 19:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-05-30 19:58 - 2014-05-30 19:58 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-05-30 19:58 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys 2014-05-30 19:58 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys 2014-05-30 19:58 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys 2014-05-29 14:46 - 2014-05-29 14:46 - 00000000 ____D () C:\Users\Hoang\AppData\Roaming\Avira 2014-05-29 14:40 - 2014-05-09 11:16 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys 2014-05-29 14:40 - 2014-05-09 11:16 - 00112080 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys 2014-05-29 14:40 - 2014-05-09 11:16 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avkmgr.sys 2014-05-29 14:39 - 2014-05-29 14:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-05-29 14:39 - 2014-05-29 14:40 - 00000000 ____D () C:\ProgramData\Avira 2014-05-29 14:39 - 2014-05-29 14:40 - 00000000 ____D () C:\Program Files (x86)\Avira 2014-05-29 14:39 - 2014-05-29 14:39 - 04536336 _____ (Avira Operations GmbH & Co. KG) C:\Users\Hoang\Downloads\avira_de_av_4006160815__ws.exe 2014-05-29 14:29 - 2014-05-29 14:29 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Hoang\Downloads\mbam-setup-2.0.2.1012.exe 2014-05-29 14:29 - 2014-05-29 14:29 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-05-28 20:58 - 2014-05-28 20:58 - 00342510 _____ () C:\Users\Hoang\Downloads\OptiFine_1.4.6_HD_D5.zip 2014-05-28 19:37 - 2014-05-28 19:37 - 00006384 _____ () C:\Users\Hoang\Downloads\1k18vtgw33x6d7a.dlc 2014-05-28 18:17 - 2014-06-02 17:58 - 00000000 ____D () C:\Users\Hoang\AppData\Local\4ff68f9b611df627146909e95ab1c403 2014-05-28 14:37 - 2014-05-28 14:38 - 00000000 ____D () C:\Users\Hoang\Downloads\assets 2014-05-28 14:37 - 2014-05-28 14:37 - 00000000 ____D () C:\Users\Hoang\Downloads\versions 2014-05-28 14:37 - 2014-05-28 14:37 - 00000000 ____D () C:\Users\Hoang\Downloads\libraries 2014-05-28 14:14 - 2014-06-04 19:02 - 00000000 ____D () C:\Users\Hoang\AppData\Local\ftblauncher 2014-05-28 09:22 - 2014-05-28 09:22 - 00000000 ____D () C:\Users\Hoang\AppData\Roaming\StunlockStudios 2014-05-18 10:35 - 2014-05-18 10:35 - 00000000 __SHD () C:\found.001 2014-05-18 10:18 - 2014-05-18 10:18 - 00000000 __SHD () C:\found.000 2014-05-18 09:54 - 2014-05-18 09:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\osu! 2014-05-17 20:51 - 2014-05-17 20:51 - 00000000 ____D () C:\Users\Hoang\AppData\Roaming\Awesomium 2014-05-17 20:50 - 2014-05-17 20:50 - 00002026 _____ () C:\Users\Public\Desktop\Smite.lnk 2014-05-17 20:50 - 2014-05-17 20:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios 2014-05-17 20:50 - 2014-05-17 20:50 - 00000000 ____D () C:\ProgramData\Hi-Rez Studios 2014-05-17 20:50 - 2014-05-17 20:50 - 00000000 ____D () C:\Program Files (x86)\Hi-Rez Studios 2014-05-17 20:49 - 2014-05-17 20:50 - 39967251 _____ (Hi-Rez Studios) C:\Users\Hoang\Downloads\InstallHiRezGamesEnglish.exe 2014-05-17 19:58 - 2014-05-17 19:58 - 00283144 _____ (Mozilla) C:\Users\Hoang\Downloads\Firefox Setup Stub 29.0.1.exe 2014-05-17 19:58 - 2014-05-17 19:58 - 00001161 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-05-17 19:56 - 2014-05-17 19:56 - 00003114 _____ () C:\windows\System32\Tasks\{9CF79E44-3096-42FA-8501-B0888A8F8F44} 2014-05-17 15:32 - 2014-06-04 17:17 - 00000000 ____D () C:\Program Files (x86)\Steam2 2014-05-17 15:12 - 2014-05-17 15:12 - 01141680 _____ () C:\Users\Hoang\Downloads\SteamSetup.exe 2014-05-16 17:08 - 2014-05-17 10:14 - 00000000 ____D () C:\Users\Hoang\AppData\Local\Arma 3 2014-05-16 17:08 - 2014-05-16 17:08 - 00000000 ____D () C:\Users\Hoang\Documents\Arma 3 2014-05-16 17:08 - 2014-05-16 17:08 - 00000000 ____D () C:\ProgramData\Bohemia Interactive 2014-05-16 15:17 - 2014-05-17 10:49 - 00000000 ____D () C:\Users\Hoang\Documents\Wichtig 2014-05-16 14:00 - 2014-05-16 14:00 - 06111731 _____ () C:\Users\Hoang\Downloads\LAN_Win7_7077.zip 2014-05-16 13:58 - 2014-05-16 13:58 - 00155838 _____ () C:\Users\Hoang\Downloads\Lan_Realtek_7.3.522.5009_W7x64_A.zip 2014-05-16 13:49 - 2014-05-16 13:49 - 04927173 _____ () C:\Users\Hoang\Downloads\INF_10.0.14.zip 2014-05-16 13:13 - 2014-05-16 13:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi 2014-05-16 13:13 - 2014-05-16 13:13 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi 2014-05-15 15:48 - 2014-03-28 10:23 - 19759104 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll 2014-05-15 15:48 - 2014-03-28 08:18 - 17562112 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll 2014-05-15 15:47 - 2014-04-12 11:10 - 00578048 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe 2014-05-15 15:47 - 2014-04-12 11:09 - 00588288 _____ (Microsoft Corporation) C:\windows\system32\SHCore.dll 2014-05-15 15:47 - 2014-04-12 11:08 - 01281536 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll 2014-05-15 15:47 - 2014-04-12 11:08 - 00827904 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll 2014-05-15 15:47 - 2014-04-12 11:08 - 00318464 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll 2014-05-15 15:47 - 2014-04-12 09:23 - 00273920 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll 2014-05-15 15:47 - 2014-04-12 09:22 - 00666624 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll 2014-05-15 15:47 - 2014-03-28 21:19 - 00035856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdBoot.sys 2014-05-15 15:47 - 2014-03-24 00:11 - 00269592 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdFilter.sys 2014-05-15 15:47 - 2014-03-11 05:32 - 06987096 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe 2014-05-15 15:47 - 2014-03-11 02:38 - 00982016 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll 2014-05-15 15:47 - 2014-03-11 02:38 - 00684032 _____ (Microsoft Corporation) C:\windows\system32\objsel.dll 2014-05-15 15:47 - 2014-03-11 02:38 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll 2014-05-15 15:47 - 2014-03-04 01:07 - 00570216 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys 2014-05-15 15:46 - 2014-04-12 11:27 - 00172888 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys 2014-05-15 15:46 - 2014-04-12 11:09 - 01043968 _____ (Microsoft Corporation) C:\windows\system32\usercpl.dll 2014-05-15 15:46 - 2014-04-12 11:09 - 00208896 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll 2014-05-15 15:46 - 2014-04-12 11:09 - 00094720 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll 2014-05-15 15:46 - 2014-04-12 11:08 - 00439808 _____ (Microsoft Corporation) C:\windows\system32\lsm.dll 2014-05-15 15:46 - 2014-04-12 11:07 - 00020480 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll 2014-05-15 15:46 - 2014-04-12 09:23 - 00961536 _____ (Microsoft Corporation) C:\windows\SysWOW64\usercpl.dll 2014-05-15 15:46 - 2014-04-12 09:23 - 00452608 _____ (Microsoft Corporation) C:\windows\SysWOW64\SHCore.dll 2014-05-15 15:46 - 2014-04-12 09:23 - 00178688 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll 2014-05-15 15:46 - 2014-04-12 09:23 - 00076800 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll 2014-05-15 15:46 - 2014-04-12 09:22 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll 2014-05-15 15:46 - 2014-04-12 08:58 - 00014848 _____ (Microsoft Corporation) C:\windows\system32\workerdd.dll 2014-05-15 15:46 - 2014-03-11 05:25 - 00100184 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys 2014-05-15 15:46 - 2014-03-11 02:41 - 00559104 _____ (Microsoft Corporation) C:\windows\SysWOW64\objsel.dll 2014-05-15 15:46 - 2014-03-11 02:41 - 00323072 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll 2014-05-15 15:46 - 2014-03-11 02:41 - 00038400 _____ (Microsoft Corporation) C:\windows\SysWOW64\dimsroam.dll 2014-05-15 15:46 - 2014-03-11 02:39 - 00035840 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe 2014-05-15 15:46 - 2014-03-11 02:38 - 00419328 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll 2014-05-15 15:46 - 2014-03-11 02:38 - 00179712 _____ (Microsoft Corporation) C:\windows\system32\dpapisrv.dll 2014-05-15 15:46 - 2014-03-11 02:38 - 00045056 _____ (Microsoft Corporation) C:\windows\system32\dimsroam.dll 2014-05-15 15:46 - 2014-03-11 02:38 - 00027648 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll 2014-05-15 15:46 - 2014-03-10 05:05 - 00668160 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll 2014-05-15 15:46 - 2014-03-10 03:27 - 00099840 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll 2014-05-15 15:45 - 2014-05-06 07:14 - 19274752 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2014-05-15 15:45 - 2014-05-06 07:14 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll 2014-05-15 15:45 - 2014-05-06 05:48 - 14367232 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2014-05-15 15:45 - 2014-05-06 05:48 - 00080384 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll 2014-05-15 15:45 - 2014-05-06 05:37 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2014-05-15 15:45 - 2014-05-06 05:26 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb 2014-05-15 15:45 - 2014-03-28 10:23 - 01287168 _____ (Microsoft Corporation) C:\windows\system32\schedsvc.dll 2014-05-15 15:45 - 2014-03-01 11:47 - 01258496 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll 2014-05-15 15:45 - 2014-03-01 11:47 - 01120768 _____ (Microsoft Corporation) C:\windows\system32\gpedit.dll 2014-05-15 15:45 - 2014-03-01 10:07 - 01075200 _____ (Microsoft Corporation) C:\windows\SysWOW64\gpedit.dll 2014-05-15 15:45 - 2014-03-01 08:59 - 00974848 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll 2014-05-15 15:45 - 2014-02-27 01:18 - 00621568 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv2.sys 2014-05-15 15:45 - 2014-02-27 01:18 - 00370688 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys 2014-05-15 15:45 - 2014-02-27 01:18 - 00247808 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srvnet.sys 2014-05-15 15:45 - 2014-02-27 01:18 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys 2014-05-15 15:45 - 2014-02-15 06:15 - 00078336 _____ (Microsoft Corporation) C:\windows\system32\Drivers\IPMIDrv.sys 2014-05-13 16:21 - 2014-05-13 16:28 - 05828846 _____ () C:\Users\Hoang\Downloads\01 Hört, Hört (Intro).m4a 2014-05-13 14:29 - 2014-05-13 14:29 - 00046136 ____H (LogMeIn Inc.) C:\windows\system32\Drivers\Hamdrv.sys 2014-05-10 22:04 - 2014-05-10 22:04 - 00000000 ____D () C:\Users\Hoang\Documents\Klei 2014-05-10 22:03 - 2014-05-29 14:45 - 00000000 ____D () C:\Program Files (x86)\Dont Starve Reign of Giants 2014-05-10 22:02 - 2014-05-10 22:02 - 00000000 ____D () C:\Users\Hoang\Documents\Dont.Starve.Reign.of.Giants-CODEX 2014-05-10 21:53 - 2014-05-10 21:54 - 350810614 _____ () C:\Users\Hoang\Downloads\Dont.Starve.Reign.of.Giants-CODEX.rar 2014-05-10 10:13 - 2014-05-17 19:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-05-06 14:30 - 2014-04-19 11:39 - 00628024 _____ (Microsoft Corporation) C:\windows\system32\NotificationUI.exe 2014-05-06 14:30 - 2014-04-19 10:45 - 00693760 _____ (Microsoft Corporation) C:\windows\system32\WSShared.dll 2014-05-06 14:30 - 2014-04-19 10:45 - 00163840 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2014-05-06 14:30 - 2014-04-19 08:57 - 00566784 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSShared.dll 2014-05-06 14:30 - 2014-04-19 08:57 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll ==================== One Month Modified Files and Folders ======= 2014-06-05 14:14 - 2014-06-02 15:40 - 00021128 _____ () C:\Users\Hoang\Desktop\FRST.txt 2014-06-05 14:14 - 2014-06-02 15:39 - 00000000 ____D () C:\FRST 2014-06-05 14:14 - 2013-06-20 16:33 - 00001124 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-06-05 14:14 - 2013-02-08 10:24 - 00000000 ____D () C:\Users\Hoang\AppData\Local\PMB Files 2014-06-05 14:14 - 2013-02-07 22:22 - 00000000 ____D () C:\Users\Hoang\AppData\Local\Temp 2014-06-05 14:09 - 2014-06-05 14:09 - 00854367 _____ () C:\Users\Hoang\Downloads\SecurityCheck.exe 2014-06-05 14:08 - 2013-02-08 10:16 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job 2014-06-05 14:07 - 2013-02-08 12:57 - 00000000 ____D () C:\Users\Hoang\AppData\Roaming\Skype 2014-06-05 14:06 - 2013-10-07 10:46 - 00000000 ____D () C:\Users\Hoang\AppData\Local\LogMeIn Hamachi 2014-06-05 14:06 - 2013-10-03 19:35 - 00000000 ____D () C:\ProgramData\Origin 2014-06-05 14:06 - 2013-10-03 19:35 - 00000000 ____D () C:\Program Files (x86)\Origin 2014-06-05 14:06 - 2013-06-20 16:33 - 00001120 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-06-05 14:05 - 2014-05-30 19:59 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2014-06-04 20:00 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\system32\sru 2014-06-04 19:02 - 2014-05-28 14:14 - 00000000 ____D () C:\Users\Hoang\AppData\Local\ftblauncher 2014-06-04 19:02 - 2013-11-03 21:08 - 00000000 ____D () C:\Program Files (x86)\osu! 2014-06-04 17:17 - 2014-05-17 15:32 - 00000000 ____D () C:\Program Files (x86)\Steam2 2014-06-04 16:34 - 2013-02-07 22:22 - 01272174 _____ () C:\windows\WindowsUpdate.log 2014-06-04 15:48 - 2014-06-04 15:48 - 02347384 _____ (ESET) C:\Users\Hoang\Downloads\esetsmartinstaller_deu.exe 2014-06-04 15:48 - 2014-06-04 15:48 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-06-03 18:47 - 2014-04-13 09:35 - 00000000 ____D () C:\Users\Hoang\Desktop\Unwichtig 2014-06-03 17:53 - 2013-03-09 20:01 - 00443392 ___SH () C:\Users\Hoang\Desktop\Thumbs.db 2014-06-03 17:28 - 2013-02-07 22:32 - 00003596 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3899298961-605761135-190624624-1001 2014-06-03 14:50 - 2013-02-08 12:10 - 00000000 ____D () C:\Users\Hoang\AppData\Roaming\.minecraft 2014-06-03 14:49 - 2012-12-12 14:12 - 00745562 _____ () C:\windows\system32\perfh007.dat 2014-06-03 14:49 - 2012-12-12 14:12 - 00169488 _____ () C:\windows\system32\perfc007.dat 2014-06-03 14:49 - 2012-07-26 09:28 - 01752656 _____ () C:\windows\system32\PerfStringBackup.INI 2014-06-03 14:43 - 2012-12-12 05:18 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-06-03 14:43 - 2012-07-26 09:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2014-06-03 14:43 - 2012-07-26 07:26 - 00262144 ___SH () C:\windows\system32\config\BBI 2014-06-03 14:37 - 2014-06-02 15:40 - 00056454 _____ () C:\Users\Hoang\Desktop\FRST-.txt 2014-06-03 14:35 - 2014-06-02 15:40 - 00056270 _____ () C:\Users\Hoang\Desktop\FRST1-6.txt 2014-06-03 14:31 - 2014-06-03 14:31 - 00001439 _____ () C:\Users\Hoang\Desktop\JRT.txt 2014-06-03 14:28 - 2014-06-03 14:28 - 00000000 ____D () C:\windows\ERUNT 2014-06-03 14:27 - 2014-06-03 14:27 - 01016261 _____ (Thisisu) C:\Users\Hoang\Desktop\JRT.exe 2014-06-03 14:24 - 2014-06-03 14:24 - 00001151 _____ () C:\Users\Hoang\Desktop\3-6-14-suchlauf_mbam.txt 2014-06-03 14:06 - 2014-06-03 14:06 - 00000772 _____ () C:\windows\PFRO.log 2014-06-03 14:06 - 2013-02-09 20:03 - 00000348 _____ () C:\windows\Tasks\HPCeeScheduleForHoang.job 2014-06-03 14:05 - 2014-06-03 14:04 - 00000000 ____D () C:\AdwCleaner 2014-06-03 14:03 - 2014-06-03 14:03 - 01327971 _____ () C:\Users\Hoang\Downloads\adwcleaner_3.211.exe 2014-06-02 19:49 - 2014-06-02 19:49 - 00000000 ____D () C:\windows\LastGood.Tmp 2014-06-02 19:49 - 2014-06-02 19:48 - 00000103 _____ () C:\windows\setupact.log 2014-06-02 19:49 - 2013-11-12 20:30 - 00000000 ____D () C:\Users\Hoang\AppData\Local\NVIDIA Corporation 2014-06-02 19:49 - 2012-12-12 05:17 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation 2014-06-02 19:49 - 2012-12-12 05:16 - 00000000 ____D () C:\Program Files\NVIDIA Corporation 2014-06-02 19:49 - 2012-12-12 05:16 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation 2014-06-02 19:48 - 2014-06-02 19:48 - 00000000 _____ () C:\windows\setuperr.log 2014-06-02 17:58 - 2014-06-01 15:54 - 00000000 ____D () C:\Users\Hoang\AppData\Local\5ccf9f5034cbd628f96dfef491f2d7b1 2014-06-02 17:58 - 2014-05-28 18:17 - 00000000 ____D () C:\Users\Hoang\AppData\Local\4ff68f9b611df627146909e95ab1c403 2014-06-02 15:41 - 2014-06-02 15:40 - 00036767 _____ () C:\Users\Hoang\Desktop\Addition.txt 2014-06-02 15:38 - 2014-04-30 13:56 - 00003162 _____ () C:\windows\System32\Tasks\HPCeeScheduleForHoang 2014-06-02 15:38 - 2013-02-07 22:22 - 00000000 ____D () C:\Users\Hoang 2014-06-02 15:12 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\AUInstallAgent 2014-06-01 11:22 - 2014-06-01 11:22 - 02067456 _____ (Farbar) C:\Users\Hoang\Desktop\FRST64.exe 2014-06-01 11:16 - 2014-06-01 11:16 - 02067456 _____ (Farbar) C:\Users\Hoang\Downloads\FRST64.exe 2014-06-01 10:00 - 2014-06-01 10:00 - 00001169 _____ () C:\Users\Hoang\Desktop\suchlauf_protokoll_malwarebytes.txt 2014-06-01 09:10 - 2013-09-07 20:24 - 00000000 ____D () C:\Users\Hoang\AppData\Roaming\DAEMON Tools Lite 2014-06-01 09:10 - 2013-05-20 19:54 - 00000000 ____D () C:\Users\Hoang\AppData\Roaming\TS3Client 2014-06-01 09:10 - 2013-05-07 14:33 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-06-01 09:03 - 2014-02-24 16:00 - 00000000 ____D () C:\windows\Minidump 2014-06-01 09:03 - 2012-08-02 04:02 - 00000000 ____D () C:\windows\Panther 2014-06-01 08:59 - 2014-06-01 08:59 - 00002772 _____ () C:\windows\System32\Tasks\CCleanerSkipUAC 2014-06-01 08:59 - 2014-06-01 08:59 - 00000000 ____D () C:\Program Files\CCleaner 2014-06-01 08:57 - 2014-06-01 08:57 - 04748896 _____ (Piriform Ltd) C:\Users\Hoang\Downloads\ccsetup414.exe 2014-05-31 19:08 - 2013-02-09 20:03 - 00000052 _____ () C:\windows\SysWOW64\DOErrors.log 2014-05-31 19:08 - 2013-02-09 20:03 - 00000000 _____ () C:\windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt 2014-05-31 10:26 - 2014-05-31 10:25 - 00259584 _____ (OldTimer Tools) C:\Users\Hoang\Downloads\OTH.scr 2014-05-30 19:58 - 2014-05-30 19:58 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Hoang\Downloads\mbam-setup-2.0.2.1012(1).exe 2014-05-30 19:58 - 2014-05-30 19:58 - 00001104 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-05-30 19:58 - 2014-05-30 19:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-05-30 19:58 - 2014-05-30 19:58 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-05-30 01:07 - 2014-06-02 19:49 - 01715176 _____ (NVIDIA Corporation) C:\windows\system32\nvspbridge64.dll 2014-05-30 01:07 - 2014-06-02 19:49 - 01291232 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvspbridge.dll 2014-05-30 01:07 - 2013-10-29 18:15 - 01279480 _____ (NVIDIA Corporation) C:\windows\system32\nvspcap64.dll 2014-05-30 01:07 - 2013-10-29 18:15 - 01122312 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvspcap.dll 2014-05-29 14:46 - 2014-05-29 14:46 - 00000000 ____D () C:\Users\Hoang\AppData\Roaming\Avira 2014-05-29 14:45 - 2014-05-10 22:03 - 00000000 ____D () C:\Program Files (x86)\Dont Starve Reign of Giants 2014-05-29 14:40 - 2014-05-29 14:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-05-29 14:40 - 2014-05-29 14:39 - 00000000 ____D () C:\ProgramData\Avira 2014-05-29 14:40 - 2014-05-29 14:39 - 00000000 ____D () C:\Program Files (x86)\Avira 2014-05-29 14:39 - 2014-05-29 14:39 - 04536336 _____ (Avira Operations GmbH & Co. KG) C:\Users\Hoang\Downloads\avira_de_av_4006160815__ws.exe 2014-05-29 14:39 - 2013-07-10 16:37 - 00000000 ____D () C:\ProgramData\Package Cache 2014-05-29 14:29 - 2014-05-29 14:29 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Hoang\Downloads\mbam-setup-2.0.2.1012.exe 2014-05-29 14:29 - 2014-05-29 14:29 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-05-29 12:36 - 2013-05-07 15:10 - 00000000 ____D () C:\Users\Hoang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2014-05-28 20:58 - 2014-05-28 20:58 - 00342510 _____ () C:\Users\Hoang\Downloads\OptiFine_1.4.6_HD_D5.zip 2014-05-28 19:37 - 2014-05-28 19:37 - 00006384 _____ () C:\Users\Hoang\Downloads\1k18vtgw33x6d7a.dlc 2014-05-28 14:38 - 2014-05-28 14:37 - 00000000 ____D () C:\Users\Hoang\Downloads\assets 2014-05-28 14:38 - 2013-08-17 09:52 - 00000000 ____D () C:\Users\Hoang\Downloads\FTBLite 2014-05-28 14:37 - 2014-05-28 14:37 - 00000000 ____D () C:\Users\Hoang\Downloads\versions 2014-05-28 14:37 - 2014-05-28 14:37 - 00000000 ____D () C:\Users\Hoang\Downloads\libraries 2014-05-28 14:37 - 2013-06-04 14:56 - 00000000 ____D () C:\Users\Hoang\AppData\Roaming\ftblauncher 2014-05-28 14:15 - 2014-02-21 16:46 - 00000000 ____D () C:\Users\Hoang\Downloads\authlib 2014-05-28 14:14 - 2013-06-04 14:56 - 04916349 _____ () C:\Users\Hoang\Desktop\FTB_Launcher.exe 2014-05-28 09:22 - 2014-05-28 09:22 - 00000000 ____D () C:\Users\Hoang\AppData\Roaming\StunlockStudios 2014-05-27 18:28 - 2013-10-25 18:51 - 00000000 ____D () C:\Users\Hoang\AppData\Roaming\.technic 2014-05-25 18:38 - 2013-08-21 18:03 - 00012502 _____ () C:\Users\Hoang\Documents\Praktikum-Lebenslauf.odt 2014-05-25 18:23 - 2013-06-06 17:48 - 00291128 _____ () C:\windows\SysWOW64\PnkBstrB.xtr 2014-05-25 18:23 - 2013-06-06 17:47 - 00291128 _____ () C:\windows\SysWOW64\PnkBstrB.exe 2014-05-25 18:22 - 2013-06-06 17:47 - 00291128 _____ () C:\windows\SysWOW64\PnkBstrB.ex0 2014-05-23 14:36 - 2013-05-07 19:45 - 00000000 ___HD () C:\windows\msdownld.tmp 2014-05-23 14:36 - 2013-05-07 19:45 - 00000000 ____D () C:\windows\SysWOW64\directx 2014-05-23 14:02 - 2014-04-30 18:38 - 00000000 ____D () C:\Program Files (x86)\OBS 2014-05-18 18:44 - 2013-05-06 18:10 - 00000000 ____D () C:\Users\Hoang\Desktop\Wichtig 2014-05-18 11:48 - 2013-04-04 18:08 - 00000000 ____D () C:\Users\Hoang\Documents\My Games 2014-05-18 10:36 - 2013-02-07 22:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-05-18 10:35 - 2014-05-18 10:35 - 00000000 __SHD () C:\found.001 2014-05-18 10:18 - 2014-05-18 10:18 - 00000000 __SHD () C:\found.000 2014-05-18 09:57 - 2013-11-03 21:08 - 00000000 ____D () C:\Users\Hoang\Documents\Songs 2014-05-18 09:56 - 2013-11-03 21:08 - 00000000 ____D () C:\Users\Hoang\Documents\Skins 2014-05-18 09:54 - 2014-05-18 09:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\osu! 2014-05-17 20:51 - 2014-05-17 20:51 - 00000000 ____D () C:\Users\Hoang\AppData\Roaming\Awesomium 2014-05-17 20:50 - 2014-05-17 20:50 - 00002026 _____ () C:\Users\Public\Desktop\Smite.lnk 2014-05-17 20:50 - 2014-05-17 20:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios 2014-05-17 20:50 - 2014-05-17 20:50 - 00000000 ____D () C:\ProgramData\Hi-Rez Studios 2014-05-17 20:50 - 2014-05-17 20:50 - 00000000 ____D () C:\Program Files (x86)\Hi-Rez Studios 2014-05-17 20:50 - 2014-05-17 20:49 - 39967251 _____ (Hi-Rez Studios) C:\Users\Hoang\Downloads\InstallHiRezGamesEnglish.exe 2014-05-17 20:50 - 2012-12-12 05:22 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-05-17 19:58 - 2014-05-17 19:58 - 00283144 _____ (Mozilla) C:\Users\Hoang\Downloads\Firefox Setup Stub 29.0.1.exe 2014-05-17 19:58 - 2014-05-17 19:58 - 00001161 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-05-17 19:58 - 2014-05-10 10:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-05-17 19:58 - 2013-02-07 22:30 - 00000000 ____D () C:\Users\Hoang\AppData\Roaming\Mozilla 2014-05-17 19:56 - 2014-05-17 19:56 - 00003114 _____ () C:\windows\System32\Tasks\{9CF79E44-3096-42FA-8501-B0888A8F8F44} 2014-05-17 15:32 - 2013-05-07 14:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam 2014-05-17 15:12 - 2014-05-17 15:12 - 01141680 _____ () C:\Users\Hoang\Downloads\SteamSetup.exe 2014-05-17 10:49 - 2014-05-16 15:17 - 00000000 ____D () C:\Users\Hoang\Documents\Wichtig 2014-05-17 10:16 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\LiveKernelReports 2014-05-17 10:14 - 2014-05-16 17:08 - 00000000 ____D () C:\Users\Hoang\AppData\Local\Arma 3 2014-05-16 20:22 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\rescache 2014-05-16 17:08 - 2014-05-16 17:08 - 00000000 ____D () C:\Users\Hoang\Documents\Arma 3 2014-05-16 17:08 - 2014-05-16 17:08 - 00000000 ____D () C:\ProgramData\Bohemia Interactive 2014-05-16 14:00 - 2014-05-16 14:00 - 06111731 _____ () C:\Users\Hoang\Downloads\LAN_Win7_7077.zip 2014-05-16 13:58 - 2014-05-16 13:58 - 00155838 _____ () C:\Users\Hoang\Downloads\Lan_Realtek_7.3.522.5009_W7x64_A.zip 2014-05-16 13:49 - 2014-05-16 13:49 - 04927173 _____ () C:\Users\Hoang\Downloads\INF_10.0.14.zip 2014-05-16 13:28 - 2013-02-07 22:24 - 00000000 ___RD () C:\Users\Hoang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-05-16 13:28 - 2013-02-07 22:24 - 00000000 ___RD () C:\Users\Hoang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-05-16 13:13 - 2014-05-16 13:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi 2014-05-16 13:13 - 2014-05-16 13:13 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi 2014-05-16 13:09 - 2012-07-26 10:12 - 00000000 ___RD () C:\windows\ToastData 2014-05-16 13:09 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-05-16 13:09 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-05-16 13:09 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\system32\SecureBootUpdates 2014-05-16 13:09 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files\Windows Defender 2014-05-16 13:09 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender 2014-05-15 18:12 - 2012-07-26 09:59 - 00000000 ____D () C:\windows\CbsTemp 2014-05-15 18:06 - 2013-08-14 16:27 - 00000000 ____D () C:\windows\system32\MRT 2014-05-15 18:03 - 2013-02-09 13:30 - 93223848 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2014-05-15 18:03 - 2012-07-26 07:26 - 00262144 ___SH () C:\windows\system32\config\ELAM 2014-05-13 20:09 - 2013-02-08 10:16 - 00003772 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater 2014-05-13 16:28 - 2014-05-13 16:21 - 05828846 _____ () C:\Users\Hoang\Downloads\01 Hört, Hört (Intro).m4a 2014-05-13 14:29 - 2014-05-13 14:29 - 00046136 ____H (LogMeIn Inc.) C:\windows\system32\Drivers\Hamdrv.sys 2014-05-12 15:48 - 2013-04-02 18:33 - 00000000 ____D () C:\Users\Hoang\Documents\uztcf 2014-05-12 07:26 - 2014-05-30 19:58 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys 2014-05-12 07:26 - 2014-05-30 19:58 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys 2014-05-12 07:25 - 2014-05-30 19:58 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys 2014-05-10 22:04 - 2014-05-10 22:04 - 00000000 ____D () C:\Users\Hoang\Documents\Klei 2014-05-10 22:02 - 2014-05-10 22:02 - 00000000 ____D () C:\Users\Hoang\Documents\Dont.Starve.Reign.of.Giants-CODEX 2014-05-10 21:54 - 2014-05-10 21:53 - 350810614 _____ () C:\Users\Hoang\Downloads\Dont.Starve.Reign.of.Giants-CODEX.rar 2014-05-10 09:09 - 2013-06-20 16:33 - 00004096 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-05-10 09:09 - 2013-06-20 16:33 - 00003860 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-05-09 11:16 - 2014-05-29 14:40 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys 2014-05-09 11:16 - 2014-05-29 14:40 - 00112080 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys 2014-05-09 11:16 - 2014-05-29 14:40 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avkmgr.sys 2014-05-06 17:25 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\WinStore 2014-05-06 07:14 - 2014-05-15 15:45 - 19274752 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2014-05-06 07:14 - 2014-05-15 15:45 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll 2014-05-06 05:48 - 2014-05-15 15:45 - 14367232 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2014-05-06 05:48 - 2014-05-15 15:45 - 00080384 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll 2014-05-06 05:37 - 2014-05-15 15:45 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2014-05-06 05:26 - 2014-05-15 15:45 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb Some content of TEMP: ==================== C:\Users\Hoang\AppData\Local\Temp\avgnt.exe C:\Users\Hoang\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe [2014-05-15 15:47] - [2014-04-12 11:10] - 0578048 ____A (Microsoft Corporation) 75DD70A14145499C9F7D903CF9A8C91B C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-05-26 19:48 ==================== End Of Log ============================ --- --- --- Sieht aus als würde das Problem weg sein Danke Geändert von SkyMiep (05.06.2014 um 13:38 Uhr) |
|
05.06.2014, 19:45
| #12 |
| /// the machine /// TB-Ausbilder | Windows 8: ungewollte Werbung bei Steam Java updatne. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:34224
R2 3c4ee9082da815d.exe; C:\Users\Hoang\AppData\Local\5ccf9f5034cbd628f96dfef491f2d7b1\3c4ee9082da815d.exe [93696 2014-05-27] ()
C:\Users\Hoang\AppData\Local\5ccf9f5034cbd628f96dfef491f2d7b1\3c4ee9082da815d.exe
S2 d35d1fefe712838.exe; C:\Users\Hoang\AppData\Local\9c8e5f111312b248b5f48516f8664940\d35d1fefe712838.exe [X]
C:\Users\Hoang\AppData\Local\9c8e5f111312b248b5f48516f8664940\d35d1fefe712838.exe
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
06.06.2014, 13:13
| #13 |
| | Windows 8: ungewollte Werbung bei Steam Fixlog: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 06-06-2014 Ran by Hoang at 2014-06-06 14:07:28 Run:1 Running from C:\Users\Hoang\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** ProxyEnable: Internet Explorer proxy is enabled. ProxyServer: http=127.0.0.1:34224 R2 3c4ee9082da815d.exe; C:\Users\Hoang\AppData\Local\5ccf9f5034cbd628f96dfef491f2d7b1\3c4ee9082da815d.exe [93696 2014-05-27] () C:\Users\Hoang\AppData\Local\5ccf9f5034cbd628f96dfef491f2d7b1\3c4ee9082da815d.exe S2 d35d1fefe712838.exe; C:\Users\Hoang\AppData\Local\9c8e5f111312b248b5f48516f8664940\d35d1fefe712838.exe [X] C:\Users\Hoang\AppData\Local\9c8e5f111312b248b5f48516f8664940\d35d1fefe712838.exe ***************** HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully. HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully. 3c4ee9082da815d.exe => Unable to stop service 3c4ee9082da815d.exe => Service deleted successfully. C:\Users\Hoang\AppData\Local\5ccf9f5034cbd628f96dfef491f2d7b1\3c4ee9082da815d.exe => Moved successfully. d35d1fefe712838.exe => Service deleted successfully. "C:\Users\Hoang\AppData\Local\9c8e5f111312b248b5f48516f8664940\d35d1fefe712838.exe" => File/Directory not found. The system needed a reboot. ==== End of Fixlog ==== FRST: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-06-2014 Ran by Hoang (administrator) on MIEP-PC on 06-06-2014 14:14:16 Running from C:\Users\Hoang\Desktop Platform: Windows 8 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe () C:\Windows\SysWOW64\PnkBstrA.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe () C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Akamai Technologies, Inc.) C:\Users\Hoang\AppData\Local\Akamai\netsession_win.exe () C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe (Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe () C:\Program Files (x86)\puush\puush.exe (ROCCAT) C:\Program Files (x86)\ROCCAT\Lua Mouse\Lua Config.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Akamai Technologies, Inc.) C:\Users\Hoang\AppData\Local\Akamai\netsession_win.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2012-09-19] (Hewlett-Packard ) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-09-19] (IDT, Inc.) HKLM\...\Run: [ShadowPlay] => C:\windows\system32\nvspcap64.dll [1279480 2014-05-30] (NVIDIA Corporation) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2352072 2014-05-30] (NVIDIA Corporation) HKLM-x32\...\Run: [CLMLServer_For_P2G8] => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink) HKLM-x32\...\Run: [CLVirtualDrive] => c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-02] (CyberLink Corp.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3814736 2014-05-13] (LogMeIn Inc.) HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [183376 2014-05-14] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [737872 2014-05-09] (Avira Operations GmbH & Co. KG) HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-05-27] (Hewlett-Packard) HKU\S-1-5-21-3899298961-605761135-190624624-1001\...\Run: [Pando Media Booster] => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2013-02-08] () HKU\S-1-5-21-3899298961-605761135-190624624-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [18706176 2013-01-08] (Skype Technologies S.A.) HKU\S-1-5-21-3899298961-605761135-190624624-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Hoang\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.) HKU\S-1-5-21-3899298961-605761135-190624624-1001\...\Run: [KPeerNexonEU] => C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe [438272 2013-06-03] (NEXON Inc.) HKU\S-1-5-21-3899298961-605761135-190624624-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd) HKU\S-1-5-21-3899298961-605761135-190624624-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3588952 2014-04-25] (Electronic Arts) HKU\S-1-5-21-3899298961-605761135-190624624-1001\...\Run: [puush] => C:\Program Files (x86)\puush\puush.exe [567880 2014-02-05] () HKU\S-1-5-21-3899298961-605761135-190624624-1001\...\MountPoints2: {01149384-1569-11e3-be93-10604b5ccc3a} - "G:\setup.exe" HKU\S-1-5-21-3899298961-605761135-190624624-1001\...\MountPoints2: {37b830c9-7161-11e2-be6d-806e6f6e6963} - "E:\Launch.exe" Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Lua Driver.lnk ShortcutTarget: Lua Driver.lnk -> C:\Program Files (x86)\ROCCAT\Lua Mouse\Lua Config.exe (ROCCAT) Startup: C:\Users\Hoang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () ==================== Internet (Whitelisted) ==================== HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK13/4 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK13/4 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK13/4 SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS SearchScopes: HKLM - {D17AA79F-6794-48CF-9478-3BB89D4B65B3} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search SearchScopes: HKCU - {A8105727-97B2-4B68-8BA5-57150A17B1B3} URL = hxxp://eseeky.com/ws/?tbp=rst&q={searchTerms} SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\Hoang\AppData\Roaming\Mozilla\Firefox\Profiles\ex1mu0gu.default FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll () FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll () FF Plugin-x32: @esn/npbattlelog,version=2.3.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.13.2 - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.13.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npNxGameEU.dll (Nexon) FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Hoang\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: YouTube Unblocker - C:\Users\Hoang\AppData\Roaming\Mozilla\Firefox\Profiles\ex1mu0gu.default\Extensions\youtubeunblocker@unblocker.yt [2014-05-24] FF Extension: NoScript - C:\Users\Hoang\AppData\Roaming\Mozilla\Firefox\Profiles\ex1mu0gu.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-05-17] FF Extension: Adblock Plus - C:\Users\Hoang\AppData\Roaming\Mozilla\Firefox\Profiles\ex1mu0gu.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-17] Chrome: ======= CHR HomePage: hxxp://www.eseeky.com CHR StartupUrls: "hxxp://www.eseeky.com" CHR DefaultSearchKeyword: hxxp://www.eseeky.com CHR DefaultSearchProvider: eseeky CHR DefaultSearchURL: hxxp://eseeky.com/ws/?tbp=rst&q={searchTerms} CHR DefaultNewTabURL: CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\pdf.dll () CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) CHR Plugin: (Java(TM) Platform SE 7 U13) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (Nexon Game Controller) - C:\ProgramData\NexonEU\NGM\npNxGameEU.dll (Nexon) CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll No File CHR Plugin: (Java Deployment Toolkit 7.0.130.20) - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) CHR Extension: (Google Docs) - C:\Users\Hoang\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-06-20] CHR Extension: (Google Drive) - C:\Users\Hoang\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-20] CHR Extension: (YouTube) - C:\Users\Hoang\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-20] CHR Extension: (Google-Suche) - C:\Users\Hoang\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-20] CHR Extension: (Google Wallet) - C:\Users\Hoang\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-04] CHR Extension: (Google Mail) - C:\Users\Hoang\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-20] ==================== Services (Whitelisted) ================= R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-05-09] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-05-09] (Avira Operations GmbH & Co. KG) R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [123984 2014-05-14] (Avira Operations GmbH & Co. KG) R2 HPConnectedRemote; c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35232 2012-08-29] (Hewlett-Packard) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation) R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-04-15] (LogMeIn, Inc.) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1631008 2014-05-30] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21055432 2014-05-30] (NVIDIA Corporation) R2 PnkBstrA; C:\windows\SysWOW64\PnkBstrA.exe [76888 2014-02-16] () S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [112080 2014-05-09] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [130584 2014-05-09] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-05-09] (Avira Operations GmbH & Co. KG) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink) R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283200 2013-09-07] (DT Soft Ltd) R3 hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [46136 2014-05-13] (LogMeIn Inc.) R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-06] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-05-30] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation) S3 RegFltrX64; C:\Users\Hoang\AppData\Local\5ccf9f5034cbd628f96dfef491f2d7b1\RegFltrX64.sys [18064 2014-05-27] () R3 tilfilter; C:\Windows\System32\drivers\TIxHCIlfilter.sys [17528 2012-11-20] (Texas Instruments, Inc.) R3 tiufilter; C:\Windows\System32\drivers\TIxHCIufilter.sys [23184 2012-11-20] (Texas Instruments, Inc.) S3 EagleX64; \??\C:\windows\system32\drivers\EagleX64.sys [X] S3 xhunter1; \??\C:\windows\xhunter1.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-06-06 14:07 - 2014-06-06 14:07 - 00000000 ____D () C:\Users\Hoang\Desktop\FRST-OlderVersion 2014-06-05 14:35 - 2014-06-05 14:35 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avnetflt.sys 2014-06-05 14:09 - 2014-06-05 14:09 - 00854367 _____ () C:\Users\Hoang\Downloads\SecurityCheck.exe 2014-06-04 15:48 - 2014-06-04 15:48 - 02347384 _____ (ESET) C:\Users\Hoang\Downloads\esetsmartinstaller_deu.exe 2014-06-04 15:48 - 2014-06-04 15:48 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-06-03 14:31 - 2014-06-03 14:31 - 00001439 _____ () C:\Users\Hoang\Desktop\JRT.txt 2014-06-03 14:28 - 2014-06-03 14:28 - 00000000 ____D () C:\windows\ERUNT 2014-06-03 14:27 - 2014-06-03 14:27 - 01016261 _____ (Thisisu) C:\Users\Hoang\Desktop\JRT.exe 2014-06-03 14:24 - 2014-06-03 14:24 - 00001151 _____ () C:\Users\Hoang\Desktop\3-6-14-suchlauf_mbam.txt 2014-06-03 14:06 - 2014-06-03 14:06 - 00000772 _____ () C:\windows\PFRO.log 2014-06-03 14:04 - 2014-06-03 14:05 - 00000000 ____D () C:\AdwCleaner 2014-06-03 14:03 - 2014-06-03 14:03 - 01327971 _____ () C:\Users\Hoang\Downloads\adwcleaner_3.211.exe 2014-06-02 19:49 - 2014-06-02 19:49 - 00000000 ____D () C:\windows\LastGood.Tmp 2014-06-02 19:49 - 2014-05-30 01:07 - 01715176 _____ (NVIDIA Corporation) C:\windows\system32\nvspbridge64.dll 2014-06-02 19:49 - 2014-05-30 01:07 - 01291232 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvspbridge.dll 2014-06-02 19:49 - 2014-03-31 18:42 - 00040392 _____ (NVIDIA Corporation) C:\windows\system32\Drivers\nvvad64v.sys 2014-06-02 19:49 - 2014-03-31 18:42 - 00034760 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvaudcap32v.dll 2014-06-02 19:48 - 2014-06-02 19:49 - 00000103 _____ () C:\windows\setupact.log 2014-06-02 19:48 - 2014-06-02 19:48 - 00000000 _____ () C:\windows\setuperr.log 2014-06-02 15:40 - 2014-06-06 14:14 - 00021303 _____ () C:\Users\Hoang\Desktop\FRST.txt 2014-06-02 15:40 - 2014-06-05 14:15 - 00054915 _____ () C:\Users\Hoang\Desktop\FRST5-6.txt 2014-06-02 15:40 - 2014-06-03 14:37 - 00056454 _____ () C:\Users\Hoang\Desktop\FRST-.txt 2014-06-02 15:40 - 2014-06-03 14:35 - 00056270 _____ () C:\Users\Hoang\Desktop\FRST1-6.txt 2014-06-02 15:40 - 2014-06-02 15:41 - 00036767 _____ () C:\Users\Hoang\Desktop\Addition.txt 2014-06-02 15:39 - 2014-06-06 14:14 - 00000000 ____D () C:\FRST 2014-06-01 15:54 - 2014-06-06 14:07 - 00000000 ____D () C:\Users\Hoang\AppData\Local\5ccf9f5034cbd628f96dfef491f2d7b1 2014-06-01 11:22 - 2014-06-06 14:07 - 02072576 _____ (Farbar) C:\Users\Hoang\Desktop\FRST64.exe 2014-06-01 11:16 - 2014-06-01 11:16 - 02067456 _____ (Farbar) C:\Users\Hoang\Downloads\FRST64.exe 2014-06-01 10:00 - 2014-06-01 10:00 - 00001169 _____ () C:\Users\Hoang\Desktop\suchlauf_protokoll_malwarebytes.txt 2014-06-01 08:59 - 2014-06-01 08:59 - 00002772 _____ () C:\windows\System32\Tasks\CCleanerSkipUAC 2014-06-01 08:59 - 2014-06-01 08:59 - 00000000 ____D () C:\Program Files\CCleaner 2014-06-01 08:57 - 2014-06-01 08:57 - 04748896 _____ (Piriform Ltd) C:\Users\Hoang\Downloads\ccsetup414.exe 2014-05-31 10:25 - 2014-05-31 10:26 - 00259584 _____ (OldTimer Tools) C:\Users\Hoang\Downloads\OTH.scr 2014-05-30 19:59 - 2014-06-06 14:09 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-30 19:58 - 2014-05-30 19:58 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Hoang\Downloads\mbam-setup-2.0.2.1012(1).exe 2014-05-30 19:58 - 2014-05-30 19:58 - 00001104 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-05-30 19:58 - 2014-05-30 19:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-05-30 19:58 - 2014-05-30 19:58 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-05-30 19:58 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys 2014-05-30 19:58 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys 2014-05-30 19:58 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys 2014-05-29 14:46 - 2014-05-29 14:46 - 00000000 ____D () C:\Users\Hoang\AppData\Roaming\Avira 2014-05-29 14:40 - 2014-05-09 11:16 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys 2014-05-29 14:40 - 2014-05-09 11:16 - 00112080 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys 2014-05-29 14:40 - 2014-05-09 11:16 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avkmgr.sys 2014-05-29 14:39 - 2014-05-29 14:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-05-29 14:39 - 2014-05-29 14:40 - 00000000 ____D () C:\ProgramData\Avira 2014-05-29 14:39 - 2014-05-29 14:40 - 00000000 ____D () C:\Program Files (x86)\Avira 2014-05-29 14:39 - 2014-05-29 14:39 - 04536336 _____ (Avira Operations GmbH & Co. KG) C:\Users\Hoang\Downloads\avira_de_av_4006160815__ws.exe 2014-05-29 14:29 - 2014-05-29 14:29 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Hoang\Downloads\mbam-setup-2.0.2.1012.exe 2014-05-29 14:29 - 2014-05-29 14:29 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-05-28 20:58 - 2014-05-28 20:58 - 00342510 _____ () C:\Users\Hoang\Downloads\OptiFine_1.4.6_HD_D5.zip 2014-05-28 19:37 - 2014-05-28 19:37 - 00006384 _____ () C:\Users\Hoang\Downloads\1k18vtgw33x6d7a.dlc 2014-05-28 18:17 - 2014-06-02 17:58 - 00000000 ____D () C:\Users\Hoang\AppData\Local\4ff68f9b611df627146909e95ab1c403 2014-05-28 14:37 - 2014-05-28 14:38 - 00000000 ____D () C:\Users\Hoang\Downloads\assets 2014-05-28 14:37 - 2014-05-28 14:37 - 00000000 ____D () C:\Users\Hoang\Downloads\versions 2014-05-28 14:37 - 2014-05-28 14:37 - 00000000 ____D () C:\Users\Hoang\Downloads\libraries 2014-05-28 14:14 - 2014-06-05 20:29 - 00000000 ____D () C:\Users\Hoang\AppData\Local\ftblauncher 2014-05-28 09:22 - 2014-05-28 09:22 - 00000000 ____D () C:\Users\Hoang\AppData\Roaming\StunlockStudios 2014-05-18 10:35 - 2014-05-18 10:35 - 00000000 __SHD () C:\found.001 2014-05-18 10:18 - 2014-05-18 10:18 - 00000000 __SHD () C:\found.000 2014-05-18 09:54 - 2014-05-18 09:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\osu! 2014-05-17 20:51 - 2014-05-17 20:51 - 00000000 ____D () C:\Users\Hoang\AppData\Roaming\Awesomium 2014-05-17 20:50 - 2014-05-17 20:50 - 00002026 _____ () C:\Users\Public\Desktop\Smite.lnk 2014-05-17 20:50 - 2014-05-17 20:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios 2014-05-17 20:50 - 2014-05-17 20:50 - 00000000 ____D () C:\ProgramData\Hi-Rez Studios 2014-05-17 20:50 - 2014-05-17 20:50 - 00000000 ____D () C:\Program Files (x86)\Hi-Rez Studios 2014-05-17 20:49 - 2014-05-17 20:50 - 39967251 _____ (Hi-Rez Studios) C:\Users\Hoang\Downloads\InstallHiRezGamesEnglish.exe 2014-05-17 19:58 - 2014-05-17 19:58 - 00283144 _____ (Mozilla) C:\Users\Hoang\Downloads\Firefox Setup Stub 29.0.1.exe 2014-05-17 19:58 - 2014-05-17 19:58 - 00001161 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-05-17 19:56 - 2014-05-17 19:56 - 00003114 _____ () C:\windows\System32\Tasks\{9CF79E44-3096-42FA-8501-B0888A8F8F44} 2014-05-17 15:32 - 2014-06-05 21:01 - 00000000 ____D () C:\Program Files (x86)\Steam2 2014-05-17 15:12 - 2014-05-17 15:12 - 01141680 _____ () C:\Users\Hoang\Downloads\SteamSetup.exe 2014-05-16 17:08 - 2014-05-17 10:14 - 00000000 ____D () C:\Users\Hoang\AppData\Local\Arma 3 2014-05-16 17:08 - 2014-05-16 17:08 - 00000000 ____D () C:\Users\Hoang\Documents\Arma 3 2014-05-16 17:08 - 2014-05-16 17:08 - 00000000 ____D () C:\ProgramData\Bohemia Interactive 2014-05-16 15:17 - 2014-05-17 10:49 - 00000000 ____D () C:\Users\Hoang\Documents\Wichtig 2014-05-16 14:00 - 2014-05-16 14:00 - 06111731 _____ () C:\Users\Hoang\Downloads\LAN_Win7_7077.zip 2014-05-16 13:58 - 2014-05-16 13:58 - 00155838 _____ () C:\Users\Hoang\Downloads\Lan_Realtek_7.3.522.5009_W7x64_A.zip 2014-05-16 13:49 - 2014-05-16 13:49 - 04927173 _____ () C:\Users\Hoang\Downloads\INF_10.0.14.zip 2014-05-16 13:13 - 2014-05-16 13:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi 2014-05-16 13:13 - 2014-05-16 13:13 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi 2014-05-15 15:48 - 2014-03-28 10:23 - 19759104 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll 2014-05-15 15:48 - 2014-03-28 08:18 - 17562112 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll 2014-05-15 15:47 - 2014-04-12 11:10 - 00578048 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe 2014-05-15 15:47 - 2014-04-12 11:09 - 00588288 _____ (Microsoft Corporation) C:\windows\system32\SHCore.dll 2014-05-15 15:47 - 2014-04-12 11:08 - 01281536 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll 2014-05-15 15:47 - 2014-04-12 11:08 - 00827904 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll 2014-05-15 15:47 - 2014-04-12 11:08 - 00318464 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll 2014-05-15 15:47 - 2014-04-12 09:23 - 00273920 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll 2014-05-15 15:47 - 2014-04-12 09:22 - 00666624 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll 2014-05-15 15:47 - 2014-03-28 21:19 - 00035856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdBoot.sys 2014-05-15 15:47 - 2014-03-24 00:11 - 00269592 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdFilter.sys 2014-05-15 15:47 - 2014-03-11 05:32 - 06987096 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe 2014-05-15 15:47 - 2014-03-11 02:38 - 00982016 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll 2014-05-15 15:47 - 2014-03-11 02:38 - 00684032 _____ (Microsoft Corporation) C:\windows\system32\objsel.dll 2014-05-15 15:47 - 2014-03-11 02:38 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll 2014-05-15 15:47 - 2014-03-04 01:07 - 00570216 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys 2014-05-15 15:46 - 2014-04-12 11:27 - 00172888 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys 2014-05-15 15:46 - 2014-04-12 11:09 - 01043968 _____ (Microsoft Corporation) C:\windows\system32\usercpl.dll 2014-05-15 15:46 - 2014-04-12 11:09 - 00208896 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll 2014-05-15 15:46 - 2014-04-12 11:09 - 00094720 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll 2014-05-15 15:46 - 2014-04-12 11:08 - 00439808 _____ (Microsoft Corporation) C:\windows\system32\lsm.dll 2014-05-15 15:46 - 2014-04-12 11:07 - 00020480 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll 2014-05-15 15:46 - 2014-04-12 09:23 - 00961536 _____ (Microsoft Corporation) C:\windows\SysWOW64\usercpl.dll 2014-05-15 15:46 - 2014-04-12 09:23 - 00452608 _____ (Microsoft Corporation) C:\windows\SysWOW64\SHCore.dll 2014-05-15 15:46 - 2014-04-12 09:23 - 00178688 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll 2014-05-15 15:46 - 2014-04-12 09:23 - 00076800 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll 2014-05-15 15:46 - 2014-04-12 09:22 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll 2014-05-15 15:46 - 2014-04-12 08:58 - 00014848 _____ (Microsoft Corporation) C:\windows\system32\workerdd.dll 2014-05-15 15:46 - 2014-03-11 05:25 - 00100184 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys 2014-05-15 15:46 - 2014-03-11 02:41 - 00559104 _____ (Microsoft Corporation) C:\windows\SysWOW64\objsel.dll 2014-05-15 15:46 - 2014-03-11 02:41 - 00323072 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll 2014-05-15 15:46 - 2014-03-11 02:41 - 00038400 _____ (Microsoft Corporation) C:\windows\SysWOW64\dimsroam.dll 2014-05-15 15:46 - 2014-03-11 02:39 - 00035840 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe 2014-05-15 15:46 - 2014-03-11 02:38 - 00419328 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll 2014-05-15 15:46 - 2014-03-11 02:38 - 00179712 _____ (Microsoft Corporation) C:\windows\system32\dpapisrv.dll 2014-05-15 15:46 - 2014-03-11 02:38 - 00045056 _____ (Microsoft Corporation) C:\windows\system32\dimsroam.dll 2014-05-15 15:46 - 2014-03-11 02:38 - 00027648 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll 2014-05-15 15:46 - 2014-03-10 05:05 - 00668160 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll 2014-05-15 15:46 - 2014-03-10 03:27 - 00099840 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll 2014-05-15 15:45 - 2014-05-06 07:14 - 19274752 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2014-05-15 15:45 - 2014-05-06 07:14 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll 2014-05-15 15:45 - 2014-05-06 05:48 - 14367232 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2014-05-15 15:45 - 2014-05-06 05:48 - 00080384 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll 2014-05-15 15:45 - 2014-05-06 05:37 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2014-05-15 15:45 - 2014-05-06 05:26 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb 2014-05-15 15:45 - 2014-03-28 10:23 - 01287168 _____ (Microsoft Corporation) C:\windows\system32\schedsvc.dll 2014-05-15 15:45 - 2014-03-01 11:47 - 01258496 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll 2014-05-15 15:45 - 2014-03-01 11:47 - 01120768 _____ (Microsoft Corporation) C:\windows\system32\gpedit.dll 2014-05-15 15:45 - 2014-03-01 10:07 - 01075200 _____ (Microsoft Corporation) C:\windows\SysWOW64\gpedit.dll 2014-05-15 15:45 - 2014-03-01 08:59 - 00974848 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll 2014-05-15 15:45 - 2014-02-27 01:18 - 00621568 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv2.sys 2014-05-15 15:45 - 2014-02-27 01:18 - 00370688 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys 2014-05-15 15:45 - 2014-02-27 01:18 - 00247808 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srvnet.sys 2014-05-15 15:45 - 2014-02-27 01:18 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys 2014-05-15 15:45 - 2014-02-15 06:15 - 00078336 _____ (Microsoft Corporation) C:\windows\system32\Drivers\IPMIDrv.sys 2014-05-13 16:21 - 2014-05-13 16:28 - 05828846 _____ () C:\Users\Hoang\Downloads\01 Hört, Hört (Intro).m4a 2014-05-13 14:29 - 2014-05-13 14:29 - 00046136 ____H (LogMeIn Inc.) C:\windows\system32\Drivers\Hamdrv.sys 2014-05-10 22:04 - 2014-05-10 22:04 - 00000000 ____D () C:\Users\Hoang\Documents\Klei 2014-05-10 22:03 - 2014-05-29 14:45 - 00000000 ____D () C:\Program Files (x86)\Dont Starve Reign of Giants 2014-05-10 22:02 - 2014-05-10 22:02 - 00000000 ____D () C:\Users\Hoang\Documents\Dont.Starve.Reign.of.Giants-CODEX 2014-05-10 21:53 - 2014-05-10 21:54 - 350810614 _____ () C:\Users\Hoang\Downloads\Dont.Starve.Reign.of.Giants-CODEX.rar 2014-05-10 10:13 - 2014-05-17 19:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox ==================== One Month Modified Files and Folders ======= 2014-06-06 14:14 - 2014-06-02 15:40 - 00021303 _____ () C:\Users\Hoang\Desktop\FRST.txt 2014-06-06 14:14 - 2014-06-02 15:39 - 00000000 ____D () C:\FRST 2014-06-06 14:14 - 2013-06-20 16:33 - 00001124 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-06-06 14:14 - 2013-02-08 10:24 - 00000000 ____D () C:\Users\Hoang\AppData\Local\PMB Files 2014-06-06 14:14 - 2013-02-07 22:22 - 00000000 ____D () C:\Users\Hoang\AppData\Local\Temp 2014-06-06 14:09 - 2014-05-30 19:59 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2014-06-06 14:09 - 2013-10-07 10:46 - 00000000 ____D () C:\Users\Hoang\AppData\Local\LogMeIn Hamachi 2014-06-06 14:09 - 2013-10-03 19:35 - 00000000 ____D () C:\Program Files (x86)\Origin 2014-06-06 14:09 - 2013-06-20 16:33 - 00001120 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-06-06 14:09 - 2013-02-08 12:57 - 00000000 ____D () C:\Users\Hoang\AppData\Roaming\Skype 2014-06-06 14:08 - 2012-12-12 05:18 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-06-06 14:08 - 2012-07-26 09:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2014-06-06 14:08 - 2012-07-26 07:26 - 00262144 ___SH () C:\windows\system32\config\BBI 2014-06-06 14:07 - 2014-06-06 14:07 - 00000000 ____D () C:\Users\Hoang\Desktop\FRST-OlderVersion 2014-06-06 14:07 - 2014-06-01 15:54 - 00000000 ____D () C:\Users\Hoang\AppData\Local\5ccf9f5034cbd628f96dfef491f2d7b1 2014-06-06 14:07 - 2014-06-01 11:22 - 02072576 _____ (Farbar) C:\Users\Hoang\Desktop\FRST64.exe 2014-06-06 14:07 - 2013-02-07 22:22 - 01327947 _____ () C:\windows\WindowsUpdate.log 2014-06-06 14:04 - 2013-10-03 19:35 - 00000000 ____D () C:\ProgramData\Origin 2014-06-06 14:00 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\system32\sru 2014-06-05 21:49 - 2013-11-03 21:08 - 00000000 ____D () C:\Program Files (x86)\osu! 2014-06-05 21:08 - 2013-02-08 10:16 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job 2014-06-05 21:01 - 2014-05-17 15:32 - 00000000 ____D () C:\Program Files (x86)\Steam2 2014-06-05 20:29 - 2014-05-28 14:14 - 00000000 ____D () C:\Users\Hoang\AppData\Local\ftblauncher 2014-06-05 15:42 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\AUInstallAgent 2014-06-05 14:35 - 2014-06-05 14:35 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avnetflt.sys 2014-06-05 14:26 - 2012-12-12 14:12 - 00745562 _____ () C:\windows\system32\perfh007.dat 2014-06-05 14:26 - 2012-12-12 14:12 - 00169488 _____ () C:\windows\system32\perfc007.dat 2014-06-05 14:26 - 2012-07-26 09:28 - 01752656 _____ () C:\windows\system32\PerfStringBackup.INI 2014-06-05 14:15 - 2014-06-02 15:40 - 00054915 _____ () C:\Users\Hoang\Desktop\FRST5-6.txt 2014-06-05 14:09 - 2014-06-05 14:09 - 00854367 _____ () C:\Users\Hoang\Downloads\SecurityCheck.exe 2014-06-04 15:48 - 2014-06-04 15:48 - 02347384 _____ (ESET) C:\Users\Hoang\Downloads\esetsmartinstaller_deu.exe 2014-06-04 15:48 - 2014-06-04 15:48 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-06-03 18:47 - 2014-04-13 09:35 - 00000000 ____D () C:\Users\Hoang\Desktop\Unwichtig 2014-06-03 17:53 - 2013-03-09 20:01 - 00443392 ___SH () C:\Users\Hoang\Desktop\Thumbs.db 2014-06-03 17:28 - 2013-02-07 22:32 - 00003596 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3899298961-605761135-190624624-1001 2014-06-03 14:50 - 2013-02-08 12:10 - 00000000 ____D () C:\Users\Hoang\AppData\Roaming\.minecraft 2014-06-03 14:37 - 2014-06-02 15:40 - 00056454 _____ () C:\Users\Hoang\Desktop\FRST-.txt 2014-06-03 14:35 - 2014-06-02 15:40 - 00056270 _____ () C:\Users\Hoang\Desktop\FRST1-6.txt 2014-06-03 14:31 - 2014-06-03 14:31 - 00001439 _____ () C:\Users\Hoang\Desktop\JRT.txt 2014-06-03 14:28 - 2014-06-03 14:28 - 00000000 ____D () C:\windows\ERUNT 2014-06-03 14:27 - 2014-06-03 14:27 - 01016261 _____ (Thisisu) C:\Users\Hoang\Desktop\JRT.exe 2014-06-03 14:24 - 2014-06-03 14:24 - 00001151 _____ () C:\Users\Hoang\Desktop\3-6-14-suchlauf_mbam.txt 2014-06-03 14:06 - 2014-06-03 14:06 - 00000772 _____ () C:\windows\PFRO.log 2014-06-03 14:06 - 2013-02-09 20:03 - 00000348 _____ () C:\windows\Tasks\HPCeeScheduleForHoang.job 2014-06-03 14:05 - 2014-06-03 14:04 - 00000000 ____D () C:\AdwCleaner 2014-06-03 14:03 - 2014-06-03 14:03 - 01327971 _____ () C:\Users\Hoang\Downloads\adwcleaner_3.211.exe 2014-06-02 19:49 - 2014-06-02 19:49 - 00000000 ____D () C:\windows\LastGood.Tmp 2014-06-02 19:49 - 2014-06-02 19:48 - 00000103 _____ () C:\windows\setupact.log 2014-06-02 19:49 - 2013-11-12 20:30 - 00000000 ____D () C:\Users\Hoang\AppData\Local\NVIDIA Corporation 2014-06-02 19:49 - 2012-12-12 05:17 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation 2014-06-02 19:49 - 2012-12-12 05:16 - 00000000 ____D () C:\Program Files\NVIDIA Corporation 2014-06-02 19:49 - 2012-12-12 05:16 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation 2014-06-02 19:48 - 2014-06-02 19:48 - 00000000 _____ () C:\windows\setuperr.log 2014-06-02 17:58 - 2014-05-28 18:17 - 00000000 ____D () C:\Users\Hoang\AppData\Local\4ff68f9b611df627146909e95ab1c403 2014-06-02 15:41 - 2014-06-02 15:40 - 00036767 _____ () C:\Users\Hoang\Desktop\Addition.txt 2014-06-02 15:38 - 2014-04-30 13:56 - 00003162 _____ () C:\windows\System32\Tasks\HPCeeScheduleForHoang 2014-06-02 15:38 - 2013-02-07 22:22 - 00000000 ____D () C:\Users\Hoang 2014-06-01 11:16 - 2014-06-01 11:16 - 02067456 _____ (Farbar) C:\Users\Hoang\Downloads\FRST64.exe 2014-06-01 10:00 - 2014-06-01 10:00 - 00001169 _____ () C:\Users\Hoang\Desktop\suchlauf_protokoll_malwarebytes.txt 2014-06-01 09:10 - 2013-09-07 20:24 - 00000000 ____D () C:\Users\Hoang\AppData\Roaming\DAEMON Tools Lite 2014-06-01 09:10 - 2013-05-20 19:54 - 00000000 ____D () C:\Users\Hoang\AppData\Roaming\TS3Client 2014-06-01 09:10 - 2013-05-07 14:33 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-06-01 09:03 - 2014-02-24 16:00 - 00000000 ____D () C:\windows\Minidump 2014-06-01 09:03 - 2012-08-02 04:02 - 00000000 ____D () C:\windows\Panther 2014-06-01 08:59 - 2014-06-01 08:59 - 00002772 _____ () C:\windows\System32\Tasks\CCleanerSkipUAC 2014-06-01 08:59 - 2014-06-01 08:59 - 00000000 ____D () C:\Program Files\CCleaner 2014-06-01 08:57 - 2014-06-01 08:57 - 04748896 _____ (Piriform Ltd) C:\Users\Hoang\Downloads\ccsetup414.exe 2014-05-31 19:08 - 2013-02-09 20:03 - 00000052 _____ () C:\windows\SysWOW64\DOErrors.log 2014-05-31 19:08 - 2013-02-09 20:03 - 00000000 _____ () C:\windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt 2014-05-31 10:26 - 2014-05-31 10:25 - 00259584 _____ (OldTimer Tools) C:\Users\Hoang\Downloads\OTH.scr 2014-05-30 19:58 - 2014-05-30 19:58 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Hoang\Downloads\mbam-setup-2.0.2.1012(1).exe 2014-05-30 19:58 - 2014-05-30 19:58 - 00001104 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-05-30 19:58 - 2014-05-30 19:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-05-30 19:58 - 2014-05-30 19:58 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-05-30 01:07 - 2014-06-02 19:49 - 01715176 _____ (NVIDIA Corporation) C:\windows\system32\nvspbridge64.dll 2014-05-30 01:07 - 2014-06-02 19:49 - 01291232 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvspbridge.dll 2014-05-30 01:07 - 2013-10-29 18:15 - 01279480 _____ (NVIDIA Corporation) C:\windows\system32\nvspcap64.dll 2014-05-30 01:07 - 2013-10-29 18:15 - 01122312 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvspcap.dll 2014-05-29 14:46 - 2014-05-29 14:46 - 00000000 ____D () C:\Users\Hoang\AppData\Roaming\Avira 2014-05-29 14:45 - 2014-05-10 22:03 - 00000000 ____D () C:\Program Files (x86)\Dont Starve Reign of Giants 2014-05-29 14:40 - 2014-05-29 14:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-05-29 14:40 - 2014-05-29 14:39 - 00000000 ____D () C:\ProgramData\Avira 2014-05-29 14:40 - 2014-05-29 14:39 - 00000000 ____D () C:\Program Files (x86)\Avira 2014-05-29 14:39 - 2014-05-29 14:39 - 04536336 _____ (Avira Operations GmbH & Co. KG) C:\Users\Hoang\Downloads\avira_de_av_4006160815__ws.exe 2014-05-29 14:39 - 2013-07-10 16:37 - 00000000 ____D () C:\ProgramData\Package Cache 2014-05-29 14:29 - 2014-05-29 14:29 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Hoang\Downloads\mbam-setup-2.0.2.1012.exe 2014-05-29 14:29 - 2014-05-29 14:29 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-05-29 12:36 - 2013-05-07 15:10 - 00000000 ____D () C:\Users\Hoang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2014-05-28 20:58 - 2014-05-28 20:58 - 00342510 _____ () C:\Users\Hoang\Downloads\OptiFine_1.4.6_HD_D5.zip 2014-05-28 19:37 - 2014-05-28 19:37 - 00006384 _____ () C:\Users\Hoang\Downloads\1k18vtgw33x6d7a.dlc 2014-05-28 14:38 - 2014-05-28 14:37 - 00000000 ____D () C:\Users\Hoang\Downloads\assets 2014-05-28 14:38 - 2013-08-17 09:52 - 00000000 ____D () C:\Users\Hoang\Downloads\FTBLite 2014-05-28 14:37 - 2014-05-28 14:37 - 00000000 ____D () C:\Users\Hoang\Downloads\versions 2014-05-28 14:37 - 2014-05-28 14:37 - 00000000 ____D () C:\Users\Hoang\Downloads\libraries 2014-05-28 14:37 - 2013-06-04 14:56 - 00000000 ____D () C:\Users\Hoang\AppData\Roaming\ftblauncher 2014-05-28 14:15 - 2014-02-21 16:46 - 00000000 ____D () C:\Users\Hoang\Downloads\authlib 2014-05-28 14:14 - 2013-06-04 14:56 - 04916349 _____ () C:\Users\Hoang\Desktop\FTB_Launcher.exe 2014-05-28 09:22 - 2014-05-28 09:22 - 00000000 ____D () C:\Users\Hoang\AppData\Roaming\StunlockStudios 2014-05-27 18:28 - 2013-10-25 18:51 - 00000000 ____D () C:\Users\Hoang\AppData\Roaming\.technic 2014-05-25 18:38 - 2013-08-21 18:03 - 00012502 _____ () C:\Users\Hoang\Documents\Praktikum-Lebenslauf.odt 2014-05-25 18:23 - 2013-06-06 17:48 - 00291128 _____ () C:\windows\SysWOW64\PnkBstrB.xtr 2014-05-25 18:23 - 2013-06-06 17:47 - 00291128 _____ () C:\windows\SysWOW64\PnkBstrB.exe 2014-05-25 18:22 - 2013-06-06 17:47 - 00291128 _____ () C:\windows\SysWOW64\PnkBstrB.ex0 2014-05-23 14:36 - 2013-05-07 19:45 - 00000000 ___HD () C:\windows\msdownld.tmp 2014-05-23 14:36 - 2013-05-07 19:45 - 00000000 ____D () C:\windows\SysWOW64\directx 2014-05-23 14:02 - 2014-04-30 18:38 - 00000000 ____D () C:\Program Files (x86)\OBS 2014-05-18 18:44 - 2013-05-06 18:10 - 00000000 ____D () C:\Users\Hoang\Desktop\Wichtig 2014-05-18 11:48 - 2013-04-04 18:08 - 00000000 ____D () C:\Users\Hoang\Documents\My Games 2014-05-18 10:36 - 2013-02-07 22:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-05-18 10:35 - 2014-05-18 10:35 - 00000000 __SHD () C:\found.001 2014-05-18 10:18 - 2014-05-18 10:18 - 00000000 __SHD () C:\found.000 2014-05-18 09:57 - 2013-11-03 21:08 - 00000000 ____D () C:\Users\Hoang\Documents\Songs 2014-05-18 09:56 - 2013-11-03 21:08 - 00000000 ____D () C:\Users\Hoang\Documents\Skins 2014-05-18 09:54 - 2014-05-18 09:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\osu! 2014-05-17 20:51 - 2014-05-17 20:51 - 00000000 ____D () C:\Users\Hoang\AppData\Roaming\Awesomium 2014-05-17 20:50 - 2014-05-17 20:50 - 00002026 _____ () C:\Users\Public\Desktop\Smite.lnk 2014-05-17 20:50 - 2014-05-17 20:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios 2014-05-17 20:50 - 2014-05-17 20:50 - 00000000 ____D () C:\ProgramData\Hi-Rez Studios 2014-05-17 20:50 - 2014-05-17 20:50 - 00000000 ____D () C:\Program Files (x86)\Hi-Rez Studios 2014-05-17 20:50 - 2014-05-17 20:49 - 39967251 _____ (Hi-Rez Studios) C:\Users\Hoang\Downloads\InstallHiRezGamesEnglish.exe 2014-05-17 20:50 - 2012-12-12 05:22 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-05-17 19:58 - 2014-05-17 19:58 - 00283144 _____ (Mozilla) C:\Users\Hoang\Downloads\Firefox Setup Stub 29.0.1.exe 2014-05-17 19:58 - 2014-05-17 19:58 - 00001161 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-05-17 19:58 - 2014-05-10 10:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-05-17 19:58 - 2013-02-07 22:30 - 00000000 ____D () C:\Users\Hoang\AppData\Roaming\Mozilla 2014-05-17 19:56 - 2014-05-17 19:56 - 00003114 _____ () C:\windows\System32\Tasks\{9CF79E44-3096-42FA-8501-B0888A8F8F44} 2014-05-17 15:32 - 2013-05-07 14:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam 2014-05-17 15:12 - 2014-05-17 15:12 - 01141680 _____ () C:\Users\Hoang\Downloads\SteamSetup.exe 2014-05-17 10:49 - 2014-05-16 15:17 - 00000000 ____D () C:\Users\Hoang\Documents\Wichtig 2014-05-17 10:16 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\LiveKernelReports 2014-05-17 10:14 - 2014-05-16 17:08 - 00000000 ____D () C:\Users\Hoang\AppData\Local\Arma 3 2014-05-16 20:22 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\rescache 2014-05-16 17:08 - 2014-05-16 17:08 - 00000000 ____D () C:\Users\Hoang\Documents\Arma 3 2014-05-16 17:08 - 2014-05-16 17:08 - 00000000 ____D () C:\ProgramData\Bohemia Interactive 2014-05-16 14:00 - 2014-05-16 14:00 - 06111731 _____ () C:\Users\Hoang\Downloads\LAN_Win7_7077.zip 2014-05-16 13:58 - 2014-05-16 13:58 - 00155838 _____ () C:\Users\Hoang\Downloads\Lan_Realtek_7.3.522.5009_W7x64_A.zip 2014-05-16 13:49 - 2014-05-16 13:49 - 04927173 _____ () C:\Users\Hoang\Downloads\INF_10.0.14.zip 2014-05-16 13:28 - 2013-02-07 22:24 - 00000000 ___RD () C:\Users\Hoang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-05-16 13:28 - 2013-02-07 22:24 - 00000000 ___RD () C:\Users\Hoang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-05-16 13:13 - 2014-05-16 13:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi 2014-05-16 13:13 - 2014-05-16 13:13 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi 2014-05-16 13:09 - 2012-07-26 10:12 - 00000000 ___RD () C:\windows\ToastData 2014-05-16 13:09 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-05-16 13:09 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-05-16 13:09 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\system32\SecureBootUpdates 2014-05-16 13:09 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files\Windows Defender 2014-05-16 13:09 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender 2014-05-15 18:12 - 2012-07-26 09:59 - 00000000 ____D () C:\windows\CbsTemp 2014-05-15 18:06 - 2013-08-14 16:27 - 00000000 ____D () C:\windows\system32\MRT 2014-05-15 18:03 - 2013-02-09 13:30 - 93223848 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2014-05-15 18:03 - 2012-07-26 07:26 - 00262144 ___SH () C:\windows\system32\config\ELAM 2014-05-13 20:09 - 2013-02-08 10:16 - 00003772 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater 2014-05-13 16:28 - 2014-05-13 16:21 - 05828846 _____ () C:\Users\Hoang\Downloads\01 Hört, Hört (Intro).m4a 2014-05-13 14:29 - 2014-05-13 14:29 - 00046136 ____H (LogMeIn Inc.) C:\windows\system32\Drivers\Hamdrv.sys 2014-05-12 15:48 - 2013-04-02 18:33 - 00000000 ____D () C:\Users\Hoang\Documents\uztcf 2014-05-12 07:26 - 2014-05-30 19:58 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys 2014-05-12 07:26 - 2014-05-30 19:58 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys 2014-05-12 07:25 - 2014-05-30 19:58 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys 2014-05-10 22:04 - 2014-05-10 22:04 - 00000000 ____D () C:\Users\Hoang\Documents\Klei 2014-05-10 22:02 - 2014-05-10 22:02 - 00000000 ____D () C:\Users\Hoang\Documents\Dont.Starve.Reign.of.Giants-CODEX 2014-05-10 21:54 - 2014-05-10 21:53 - 350810614 _____ () C:\Users\Hoang\Downloads\Dont.Starve.Reign.of.Giants-CODEX.rar 2014-05-10 09:09 - 2013-06-20 16:33 - 00004096 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-05-10 09:09 - 2013-06-20 16:33 - 00003860 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-05-09 11:16 - 2014-05-29 14:40 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys 2014-05-09 11:16 - 2014-05-29 14:40 - 00112080 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys 2014-05-09 11:16 - 2014-05-29 14:40 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avkmgr.sys Some content of TEMP: ==================== C:\Users\Hoang\AppData\Local\Temp\avgnt.exe C:\Users\Hoang\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe [2014-05-15 15:47] - [2014-04-12 11:10] - 0578048 ____A (Microsoft Corporation) 75DD70A14145499C9F7D903CF9A8C91B C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-05-26 19:48 ==================== End Of Log ============================ |
|
07.06.2014, 05:55
| #14 |
| /// the machine /// TB-Ausbilder | Windows 8: ungewollte Werbung bei Steam Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
07.06.2014, 12:32
| #15 |
| | Windows 8: ungewollte Werbung bei Steam Sehr gut, die lästige Werbung ist jetzt weg. Vielen Dank  |
|
| Themen zu Windows 8: ungewollte Werbung bei Steam |
| avira, datenbank, datum, detected, gefunde, gelöscht, ics, klicke, malicious, malwarebytes, objekte, popup, poste, problem, protokoll, schutz, steam, tagen, ungewollte, ungewollte werbung, webseite, webseiten, werbung, windows, windows 8 |
Linear-Darstellung
