| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Chip Downloadbutton sieht anders ausWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
31.03.2014, 17:46
| #1 |
| |  Chip Downloadbutton sieht anders aus Hallo, ich hatte vor kurzem einen Pop-up-Virus und habe ihn soweit eigentlich auch entfernt. Ich habe dazu mehrere Anleitungen gelesen, wie man ihn entfernt und habe letztendlich Malwarbytes Anti Malware, ADW Cleaner und FRST benutzt. Der Virus war dann also weg. Nun ist mir jedoch aufgefallen, vielleicht war es auch schon bevor ich den Virus hatte, das weiß ich leider nicht, jedenfalls ist es mir erst dann aufgefallen, dass der Downloadbutton auf chip.de anders aussieht. D.h. der normale Button (mit den 3 kleinen Pfeilen, welche auf "Download" zeigen), ist bei mir zwar immer noch blau, jedoch steht nicht mehr "Download" darin, sondern einfach nur ein Downloadzeichen ohne die 3 kleinen Pfeile, welches definitiv nicht von Chip ist. Denn wenn ich mit der Maus über den Button fahre, um mir den Link anzeigen zu lassen, steht dort: "javascript  Sinit('aef5602c2...." usw.(<- da sollte kein grinsender Smiley drin sein sondern das: ": D") Also nicht der übliche Chip-Pfad. Das sehr seltsame an der Sache ist jedoch, dass nur Chip davon befallen ist und das noch nicht einmal immer. Denn manchmal wird mir der normale standard Button angezeigt und manchmal der "andere" wie oben beschrieben. Habe auch schon meinen Browser (Google Chrome) zurückgesetzt und neu installiert. Das gleiche Problem ist auch beim Internet Explorer und leider auch auf dem PC von meinem Vater. Er hatte jedoch keinen Virus gehabt und bei ihm ist es auch erst gewesen, nachdem ich meinen Virus hatte. Jetzt dachte ich, dass mein Virus evtl. über die Fritzbox auf den Rechner von meinem Vater kam. Unsere Fritzbox ist auch auf dem neusten Stand, also die Sicherheitslücke hatten wir gefüllt, bevor ich den Virus hatte. Habe schon überall im Internet nach Lösungen zu diesem Problem gesucht, wurde aber leider nicht fündig... Was soll ich nun tun? Bin echt am verzweifeln... Hoffe auf viele hilfreiche antworten! Mit freundlichen Grüßen NicNic |
|
31.03.2014, 17:49
| #2 |
| /// the machine /// TB-Ausbilder    | Chip Downloadbutton sieht anders aus hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
31.03.2014, 17:56
| #3 |
| | Chip Downloadbutton sieht anders aus Hier ist die FRST.txt:
__________________FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Nicholas (administrator) on NICHOLAS-PC on 31-03-2014 18:51:56
Running from C:\Users\Nicholas\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool
Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials
==================== Processes (Whitelisted) =================
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
() C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Overwolf LTD) C:\Program Files (x86)\Overwolf\Overwolf.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Overwolf LTD) C:\Program Files (x86)\Common Files\Overwolf\OverwolfHelper.exe
(Overwolf LTD) C:\Program Files (x86)\Common Files\Overwolf\OverwolfHelper64.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(TeamSpeak Systems GmbH) C:\Users\Nicholas\AppData\Local\TeamSpeak 3 Client\ts3client_win64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(René's Homepage) D:\Daten\Snipping Tool Plus.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2779024 2011-03-14] (CANON INC.)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-08-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [WinampAgent] - C:\Program Files (x86)\Winamp\winampa.exe [74752 2012-06-20] (Nullsoft, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [CanonSolutionMenuEx] - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1612920 2011-08-04] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] - C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2011-01-15] (CANON INC.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3814736 2014-02-26] (LogMeIn Inc.)
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2013-05-17] (Microsoft Corporation)
HKU\S-1-5-21-3026057269-3263426269-3197033770-1000\...\Run: [GoogleDriveSync] - C:\Program Files (x86)\Google\Drive\googledrivesync.exe [21822128 2014-01-30] (Google)
HKU\S-1-5-21-3026057269-3263426269-3197033770-1000\...\Run: [RGSC] - C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
HKU\S-1-5-21-3026057269-3263426269-3197033770-1000\...\Run: [Overwolf] - C:\Program Files (x86)\Overwolf\Overwolf.exe [37664 2014-03-05] (Overwolf LTD)
HKU\S-1-5-21-3026057269-3263426269-3197033770-1000\...\Run: [Steam] - C:\Program Files (x86)\Steam\steam.exe [1821888 2014-02-25] (Valve Corporation)
HKU\S-1-5-21-3026057269-3263426269-3197033770-1000\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF05D33963652CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll (CANON INC.)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Chrome:
=======
CHR HomePage: hxxp://www.youtube.com/
CHR Extension: (Google Docs) - C:\Users\Nicholas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-08]
CHR Extension: (Google Drive) - C:\Users\Nicholas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-08]
CHR Extension: (YouTube) - C:\Users\Nicholas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-08]
CHR Extension: (Adblock Plus) - C:\Users\Nicholas\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-03-08]
CHR Extension: (Google-Suche) - C:\Users\Nicholas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-08]
CHR Extension: (avast! Online Security) - C:\Users\Nicholas\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-03-08]
CHR Extension: (Boat_Sunset) - C:\Users\Nicholas\AppData\Local\Google\Chrome\User Data\Default\Extensions\iaifmdmjlhjgijopdldipdaaceimpbie [2014-03-08]
CHR Extension: (Google Wallet) - C:\Users\Nicholas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-08]
CHR Extension: (Mein Chrome-Design) - C:\Users\Nicholas\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic [2014-03-08]
CHR Extension: (Google Mail) - C:\Users\Nicholas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-08]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Services (Whitelisted) =================
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-03-31] (SurfRight B.V.)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [138192 2011-02-07] ()
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-02-26] (LogMeIn, Inc.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
S3 OverwolfUpdaterService; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [99616 2014-03-05] (Overwolf LTD)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-03-08] ()
==================== Drivers (Whitelisted) ====================
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [61592 2013-12-17] (NetFilterSDK.com)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
S3 StMp3Recx64; C:\Windows\System32\Drivers\StMp3Recx64.sys [26112 2007-01-12] (Generic)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-03-31 18:51 - 2014-03-31 18:52 - 00012135 _____ () C:\Users\Nicholas\Downloads\FRST.txt
2014-03-31 18:51 - 2014-03-31 18:51 - 00000000 ____D () C:\FRST
2014-03-31 18:50 - 2014-03-31 18:51 - 02157056 _____ (Farbar) C:\Users\Nicholas\Downloads\FRST64.exe
2014-03-31 17:52 - 2014-03-31 17:58 - 121504360 _____ (BitNami) C:\Users\Nicholas\Downloads\xampp-win32-1.8.3-1-vc11-installer.exe
2014-03-27 16:24 - 2014-03-27 16:28 - 00000000 ____D () C:\Users\Nicholas\Documents\Kletterwald
2014-03-27 16:18 - 2014-03-27 16:24 - 00009536 _____ () C:\Users\Nicholas\Downloads\Arbeitszeiten April xxx.xlsx
2014-03-21 11:20 - 2014-03-21 11:20 - 00000448 _____ () C:\Windows\system32\.crusader
2014-03-18 21:32 - 2014-03-18 21:34 - 00017627 _____ () C:\Windows\DirectX.log
2014-03-17 18:43 - 2014-03-17 18:43 - 00001899 _____ () C:\Users\Public\Desktop\Blender.lnk
2014-03-17 18:43 - 2014-03-17 18:43 - 00000000 ____D () C:\Users\Nicholas\.thumbnails
2014-03-17 18:42 - 2014-03-17 18:42 - 00000000 ____D () C:\Program Files\Blender Foundation
2014-03-17 18:34 - 2014-03-17 18:41 - 52155552 _____ () C:\Users\Nicholas\Downloads\blender-2.69-windows64.exe
2014-03-17 15:26 - 2014-03-17 15:26 - 00000000 ____D () C:\Users\Nicholas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-03-14 23:40 - 2014-03-14 23:40 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-14 23:40 - 2014-03-14 23:40 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-14 19:25 - 2014-03-01 08:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-14 19:25 - 2014-03-01 07:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-14 19:25 - 2014-03-01 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-14 19:25 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-14 19:25 - 2014-03-01 06:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-14 19:25 - 2014-03-01 06:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-14 19:25 - 2014-03-01 06:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-14 19:25 - 2014-03-01 06:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-14 19:25 - 2014-03-01 06:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-14 19:25 - 2014-03-01 06:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-14 19:25 - 2014-03-01 06:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-14 19:25 - 2014-03-01 06:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-14 19:25 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-14 19:25 - 2014-03-01 06:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-14 19:25 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-14 19:25 - 2014-03-01 06:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-14 19:25 - 2014-03-01 06:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-14 19:25 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-14 19:25 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-14 19:25 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-14 19:25 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-14 19:25 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-14 19:25 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-14 19:25 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-14 19:25 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-14 19:25 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-14 19:25 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-14 19:25 - 2014-03-01 05:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-14 19:25 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-14 19:25 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-14 19:25 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-14 19:25 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-14 19:25 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-14 19:25 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-14 19:25 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-14 19:25 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-14 19:25 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-14 19:25 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-14 19:25 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-14 19:25 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-14 19:25 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-14 19:25 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-14 19:25 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-14 19:25 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-14 19:22 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-14 19:22 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-14 19:21 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-14 19:21 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-10 15:09 - 2014-03-31 13:54 - 00002072 _____ () C:\Windows\setupact.log
2014-03-10 15:09 - 2014-03-10 15:09 - 00000584 _____ () C:\Windows\PFRO.log
2014-03-10 15:09 - 2014-03-10 15:09 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-09 16:43 - 2014-03-09 16:43 - 00002778 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-03-09 16:43 - 2014-03-09 16:43 - 00000000 ____D () C:\Program Files\CCleaner
2014-03-09 13:11 - 2014-03-09 13:11 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-03-09 13:11 - 2014-03-09 13:11 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-09 13:11 - 2014-03-09 13:11 - 00000000 ____D () C:\Users\Nicholas\AppData\Local\Skype
2014-03-08 19:04 - 2014-03-21 22:15 - 00282296 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-03-08 19:04 - 2014-03-21 22:13 - 00215128 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-03-08 19:04 - 2014-03-08 19:07 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-03-08 18:30 - 2014-03-08 18:31 - 00714207 _____ () C:\Users\Nicholas\Downloads\pbsetup (2).zip
2014-03-08 18:11 - 2014-03-08 18:11 - 00000000 ____D () C:\ProgramData\Licenses
2014-03-08 18:11 - 2014-03-08 18:11 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2014-03-08 18:11 - 2009-03-24 13:52 - 00129872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSSTDFMT.DLL
2014-03-08 18:10 - 2014-03-08 18:10 - 04095448 _____ (BrightFort LLC ) C:\Users\Nicholas\Downloads\spywareblastersetup50.exe
2014-03-08 17:59 - 2014-03-15 16:44 - 00002177 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-08 16:30 - 2014-03-08 16:30 - 00001427 _____ () C:\Users\Nicholas\Desktop\Internet Explorer.lnk
2014-03-08 16:08 - 2014-03-09 16:30 - 00000000 ____D () C:\AdwCleaner
2014-03-08 10:25 - 2014-03-08 10:26 - 00001488 _____ () C:\DelFix.txt
2014-03-07 20:24 - 2014-03-07 20:24 - 00000000 ____D () C:\Program Files\HitmanPro
2014-03-07 20:23 - 2014-03-07 20:35 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-03-07 20:16 - 2014-03-07 20:17 - 10820032 _____ (SurfRight B.V.) C:\Users\Nicholas\Downloads\HitmanPro_x64.exe
2014-03-07 16:49 - 2013-04-04 15:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-07 16:46 - 2014-03-07 16:48 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Nicholas\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-07 16:44 - 2014-03-07 16:45 - 04621127 _____ (Malwarebytes Corporation ) C:\Users\Nicholas\Downloads\Nicht bestätigt 111287.crdownload
2014-03-07 15:24 - 2014-03-07 15:24 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-03-07 15:24 - 2014-03-07 15:24 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-03-07 15:24 - 2014-03-07 15:24 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-03-07 15:23 - 2014-03-07 15:23 - 00003254 _____ () C:\Windows\System32\Tasks\{A9235925-6F65-472B-B7D2-8461164FAAC4}
2014-03-07 14:40 - 2014-03-07 14:40 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-03-06 22:24 - 2014-03-06 22:24 - 00000000 ____D () C:\Users\Nicholas\AppData\Roaming\Malwarebytes
2014-03-06 22:23 - 2014-03-07 16:49 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-06 22:23 - 2014-03-06 22:23 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-06 18:24 - 2014-03-08 10:25 - 00000000 ____D () C:\Windows\ERUNT
2014-03-06 17:41 - 2014-03-06 17:41 - 00638531 _____ () C:\Users\Nicholas\Downloads\Pascal_Zeugnis.zip
2014-03-04 16:32 - 2014-03-04 17:43 - 00000000 ____D () C:\Users\Nicholas\Documents\Unversität_fh_da
==================== One Month Modified Files and Folders =======
2014-03-31 18:52 - 2014-03-31 18:51 - 00012135 _____ () C:\Users\Nicholas\Downloads\FRST.txt
2014-03-31 18:52 - 2013-05-16 16:12 - 00000000 ____D () C:\Users\Nicholas\AppData\Roaming\Skype
2014-03-31 18:51 - 2014-03-31 18:51 - 00000000 ____D () C:\FRST
2014-03-31 18:51 - 2014-03-31 18:50 - 02157056 _____ (Farbar) C:\Users\Nicholas\Downloads\FRST64.exe
2014-03-31 18:41 - 2013-05-16 15:10 - 00001114 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-31 18:19 - 2013-05-16 14:07 - 01878577 _____ () C:\Windows\WindowsUpdate.log
2014-03-31 18:02 - 2013-09-30 19:04 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-31 17:58 - 2014-03-31 17:52 - 121504360 _____ (BitNami) C:\Users\Nicholas\Downloads\xampp-win32-1.8.3-1-vc11-installer.exe
2014-03-31 17:25 - 2013-09-09 20:09 - 00000000 ____D () C:\Users\Nicholas\AppData\Roaming\TS3Client
2014-03-31 14:32 - 2013-11-18 15:16 - 00000000 ____D () C:\Users\Nicholas\AppData\Local\LogMeIn Hamachi
2014-03-31 14:32 - 2013-09-30 18:50 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-03-31 14:32 - 2013-09-09 20:09 - 00000000 ____D () C:\Users\Nicholas\AppData\Local\Overwolf
2014-03-31 14:32 - 2013-05-16 15:47 - 00000000 ___RD () C:\Users\Nicholas\Google Drive
2014-03-31 14:32 - 2013-05-16 15:10 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-31 14:02 - 2009-07-14 06:45 - 00016704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-31 14:02 - 2009-07-14 06:45 - 00016704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-31 13:59 - 2009-07-14 19:58 - 00699190 _____ () C:\Windows\system32\perfh007.dat
2014-03-31 13:59 - 2009-07-14 19:58 - 00149330 _____ () C:\Windows\system32\perfc007.dat
2014-03-31 13:59 - 2009-07-14 07:13 - 01619700 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-31 13:54 - 2014-03-10 15:09 - 00002072 _____ () C:\Windows\setupact.log
2014-03-31 13:54 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-27 18:43 - 2013-05-16 16:16 - 00000000 ____D () C:\Users\Nicholas\AppData\Roaming\Winamp
2014-03-27 16:28 - 2014-03-27 16:24 - 00000000 ____D () C:\Users\Nicholas\Documents\Kletterwald
2014-03-27 16:24 - 2014-03-27 16:18 - 00009536 _____ () C:\Users\Nicholas\Downloads\Arbeitszeiten April xxx.xlsx
2014-03-27 13:34 - 2014-01-25 14:27 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-03-27 13:31 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-21 22:15 - 2014-03-08 19:04 - 00282296 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-03-21 22:15 - 2013-10-16 13:14 - 00282296 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2014-03-21 22:13 - 2014-03-08 19:04 - 00215128 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-03-21 11:25 - 2013-09-09 20:12 - 00000000 ____D () C:\Program Files (x86)\Overwolf
2014-03-21 11:20 - 2014-03-21 11:20 - 00000448 _____ () C:\Windows\system32\.crusader
2014-03-19 23:48 - 2013-08-14 23:38 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-19 23:46 - 2013-05-16 23:22 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-18 21:34 - 2014-03-18 21:32 - 00017627 _____ () C:\Windows\DirectX.log
2014-03-18 19:40 - 2012-02-05 23:19 - 00000000 ___RD () C:\Users\Nicholas\Desktop\Games
2014-03-17 18:43 - 2014-03-17 18:43 - 00001899 _____ () C:\Users\Public\Desktop\Blender.lnk
2014-03-17 18:43 - 2014-03-17 18:43 - 00000000 ____D () C:\Users\Nicholas\.thumbnails
2014-03-17 18:43 - 2013-05-16 14:38 - 00000000 ____D () C:\Users\Nicholas
2014-03-17 18:42 - 2014-03-17 18:42 - 00000000 ____D () C:\Program Files\Blender Foundation
2014-03-17 18:41 - 2014-03-17 18:34 - 52155552 _____ () C:\Users\Nicholas\Downloads\blender-2.69-windows64.exe
2014-03-17 15:40 - 2013-06-04 14:06 - 00000000 ____D () C:\Users\Nicholas\Documents\my games
2014-03-17 15:26 - 2014-03-17 15:26 - 00000000 ____D () C:\Users\Nicholas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-03-17 15:11 - 2013-09-09 20:08 - 00000000 ____D () C:\Users\Nicholas\AppData\Local\TeamSpeak 3 Client
2014-03-15 16:44 - 2014-03-08 17:59 - 00002177 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-15 11:28 - 2009-07-14 06:45 - 00417008 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-14 23:43 - 2013-05-16 17:45 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-14 23:40 - 2014-03-14 23:40 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-14 23:40 - 2014-03-14 23:40 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-11 21:05 - 2013-09-30 19:04 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-11 21:05 - 2013-09-30 19:04 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-11 21:05 - 2013-09-30 19:04 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-10 15:09 - 2014-03-10 15:09 - 00000584 _____ () C:\Windows\PFRO.log
2014-03-10 15:09 - 2014-03-10 15:09 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-09 17:36 - 2013-04-08 20:06 - 00000000 ___RD () C:\Users\Nicholas\Desktop\Programme
2014-03-09 16:46 - 2013-05-16 15:00 - 00000000 ____D () C:\Windows\Panther
2014-03-09 16:43 - 2014-03-09 16:43 - 00002778 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-03-09 16:43 - 2014-03-09 16:43 - 00000000 ____D () C:\Program Files\CCleaner
2014-03-09 16:30 - 2014-03-08 16:08 - 00000000 ____D () C:\AdwCleaner
2014-03-09 13:11 - 2014-03-09 13:11 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-03-09 13:11 - 2014-03-09 13:11 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-09 13:11 - 2014-03-09 13:11 - 00000000 ____D () C:\Users\Nicholas\AppData\Local\Skype
2014-03-09 13:11 - 2013-05-16 16:12 - 00000000 ____D () C:\ProgramData\Skype
2014-03-08 19:07 - 2014-03-08 19:04 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-03-08 18:36 - 2012-06-29 00:15 - 00000000 ____D () C:\Users\Nicholas\Desktop\Müll
2014-03-08 18:31 - 2014-03-08 18:30 - 00714207 _____ () C:\Users\Nicholas\Downloads\pbsetup (2).zip
2014-03-08 18:11 - 2014-03-08 18:11 - 00000000 ____D () C:\ProgramData\Licenses
2014-03-08 18:11 - 2014-03-08 18:11 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2014-03-08 18:10 - 2014-03-08 18:10 - 04095448 _____ (BrightFort LLC ) C:\Users\Nicholas\Downloads\spywareblastersetup50.exe
2014-03-08 17:59 - 2013-05-16 15:10 - 00000000 ____D () C:\Users\Nicholas\AppData\Local\Google
2014-03-08 17:59 - 2013-05-16 15:10 - 00000000 ____D () C:\Program Files (x86)\Google
2014-03-08 16:53 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-03-08 16:30 - 2014-03-08 16:30 - 00001427 _____ () C:\Users\Nicholas\Desktop\Internet Explorer.lnk
2014-03-08 10:26 - 2014-03-08 10:25 - 00001488 _____ () C:\DelFix.txt
2014-03-08 10:25 - 2014-03-06 18:24 - 00000000 ____D () C:\Windows\ERUNT
2014-03-08 04:06 - 2013-10-16 23:42 - 01593044 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-03-07 20:35 - 2014-03-07 20:23 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-03-07 20:24 - 2014-03-07 20:24 - 00000000 ____D () C:\Program Files\HitmanPro
2014-03-07 20:17 - 2014-03-07 20:16 - 10820032 _____ (SurfRight B.V.) C:\Users\Nicholas\Downloads\HitmanPro_x64.exe
2014-03-07 17:04 - 2013-05-16 15:43 - 00000000 _____ () C:\Windows\SysWOW64\config.nt
2014-03-07 17:04 - 2013-05-16 15:42 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-03-07 17:04 - 2013-05-16 15:42 - 00000000 ____D () C:\Program Files\AVAST Software
2014-03-07 16:54 - 2014-02-21 18:00 - 18223998 _____ () C:\Windows\system32\SavingsBullFilterService.log
2014-03-07 16:49 - 2014-03-06 22:23 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-07 16:48 - 2014-03-07 16:46 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Nicholas\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-07 16:45 - 2014-03-07 16:44 - 04621127 _____ (Malwarebytes Corporation ) C:\Users\Nicholas\Downloads\Nicht bestätigt 111287.crdownload
2014-03-07 15:24 - 2014-03-07 15:24 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-03-07 15:24 - 2014-03-07 15:24 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-03-07 15:24 - 2014-03-07 15:24 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-03-07 15:23 - 2014-03-07 15:23 - 00003254 _____ () C:\Windows\System32\Tasks\{A9235925-6F65-472B-B7D2-8461164FAAC4}
2014-03-07 14:40 - 2014-03-07 14:40 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-03-07 14:40 - 2013-11-18 15:16 - 00000928 _____ () C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
2014-03-07 14:35 - 2013-10-16 13:14 - 00000000 ____D () C:\Users\Nicholas\Documents\BFBC2
2014-03-07 14:35 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-03-07 14:35 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat
2014-03-07 14:31 - 2013-04-08 17:23 - 00000000 __RHD () C:\MSOCache
2014-03-06 22:24 - 2014-03-06 22:24 - 00000000 ____D () C:\Users\Nicholas\AppData\Roaming\Malwarebytes
2014-03-06 22:23 - 2014-03-06 22:23 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-06 17:41 - 2014-03-06 17:41 - 00638531 _____ () C:\Users\Nicholas\Downloads\Pascal_Zeugnis.zip
2014-03-04 17:43 - 2014-03-04 16:32 - 00000000 ____D () C:\Users\Nicholas\Documents\Unversität_fh_da
2014-03-04 16:34 - 2013-11-27 15:19 - 00334278 _____ () C:\Users\Nicholas\Downloads\Mod162Loader.zip
2014-03-04 16:34 - 2013-10-15 19:12 - 00655558 _____ () C:\Users\Nicholas\Downloads\Outlook.zip
2014-03-01 08:05 - 2014-03-14 19:25 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-01 07:17 - 2014-03-14 19:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-01 07:16 - 2014-03-14 19:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-01 06:58 - 2014-03-14 19:25 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-01 06:52 - 2014-03-14 19:25 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-01 06:51 - 2014-03-14 19:25 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-01 06:42 - 2014-03-14 19:25 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-01 06:40 - 2014-03-14 19:25 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-01 06:37 - 2014-03-14 19:25 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-01 06:33 - 2014-03-14 19:25 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-01 06:33 - 2014-03-14 19:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-01 06:32 - 2014-03-14 19:25 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-01 06:30 - 2014-03-14 19:25 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-01 06:23 - 2014-03-14 19:25 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-01 06:17 - 2014-03-14 19:25 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-01 06:11 - 2014-03-14 19:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-01 06:02 - 2014-03-14 19:25 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-01 05:54 - 2014-03-14 19:25 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-01 05:52 - 2014-03-14 19:25 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-01 05:51 - 2014-03-14 19:25 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-01 05:47 - 2014-03-14 19:25 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-01 05:43 - 2014-03-14 19:25 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-01 05:43 - 2014-03-14 19:25 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-01 05:42 - 2014-03-14 19:25 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-01 05:40 - 2014-03-14 19:25 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-01 05:38 - 2014-03-14 19:25 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-01 05:37 - 2014-03-14 19:25 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-01 05:35 - 2014-03-14 19:25 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-01 05:18 - 2014-03-14 19:25 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-01 05:16 - 2014-03-14 19:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-01 05:14 - 2014-03-14 19:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-01 05:10 - 2014-03-14 19:25 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-01 05:03 - 2014-03-14 19:25 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-01 05:00 - 2014-03-14 19:25 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-01 04:57 - 2014-03-14 19:25 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-01 04:38 - 2014-03-14 19:25 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-01 04:32 - 2014-03-14 19:25 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-01 04:27 - 2014-03-14 19:25 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-01 04:25 - 2014-03-14 19:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-01 04:25 - 2014-03-14 19:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
Some content of TEMP:
====================
C:\Users\Nicholas\AppData\Local\Temp\Foxit Reader Updater.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-03-31 14:24
==================== End Of Log ============================
Und hier die Addition.txtFRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Nicholas at 2014-03-31 18:53:02
Running from C:\Users\Nicholas\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
==================== Installed Programs ======================
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Amazon Kindle (HKCU\...\Amazon Kindle) (Version: - Amazon)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - ATI Technologies Inc.) Hidden
ARMA 2 Operation Arrowhead Uninstall (HKLM-x32\...\ARMA 2 Operation Arrowhead) (Version: - )
ArmA 2 Uninstall (HKLM-x32\...\ArmA 2) (Version: - )
Assassin's Creed IV Black Flag (HKLM-x32\...\Uplay Install 273) (Version: - Ubisoft)
ATI AVIVO64 Codecs (Version: 11.6.0.50825 - ATI Technologies Inc.) Hidden
AwesomiumSetup (HKLM-x32\...\{19EF99D1-7EE6-4B5E-ABEE-0B3825F703B0}) (Version: 1.00.0000 - SIX Networks GmbH)
Battlefield: Bad Company™ 2 (HKLM-x32\...\{3AC8457C-0385-4BEA-A959-E095F05D6D67}) (Version: 1.0.0.0 - Electronic Arts)
BattlEye Uninstall (HKLM-x32\...\BattlEye for A2) (Version: - )
BattlEye Uninstall (HKLM-x32\...\BattlEye) (Version: - )
BioShock 2 (HKLM-x32\...\{4A8B461A-9336-4CF9-98F4-14DD38E673F0}) (Version: 1.00.0000 - 2K Games)
BioShock 2 (x32 Version: 1.0.0005.131 - Take-Two Interactive Software) Hidden
Blender (HKLM\...\Blender) (Version: 2.69 - Blender Foundation)
BlueJ (HKLM-x32\...\{7D66971C-652B-4065-A6B1-B3EE313C254B}) (Version: 3.0.9 - BlueJ Team)
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - )
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.4.0.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.1 - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: - )
Canon MG5300 series Benutzerregistrierung (HKLM-x32\...\Canon MG5300 series Benutzerregistrierung) (Version: - )
Canon MG5300 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series) (Version: - Canon Inc.)
Canon MG5300 series On-screen Manual (HKLM-x32\...\Canon MG5300 series On-screen Manual) (Version: - )
Canon MP Navigator EX 5.0 (HKLM-x32\...\MP Navigator EX 5.0) (Version: - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version: - )
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0825.2146.37182 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0825.2146.37182 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.0830.1944.33589 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2010.0825.2146.37182 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2010.0825.2145.37182 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2010.0825.2145.37182 - ATI) Hidden
CCC Help Czech (x32 Version: 2010.0825.2145.37182 - ATI) Hidden
CCC Help Danish (x32 Version: 2010.0825.2145.37182 - ATI) Hidden
CCC Help Dutch (x32 Version: 2010.0825.2145.37182 - ATI) Hidden
CCC Help English (x32 Version: 2010.0825.2145.37182 - ATI) Hidden
CCC Help Finnish (x32 Version: 2010.0825.2145.37182 - ATI) Hidden
CCC Help French (x32 Version: 2010.0825.2145.37182 - ATI) Hidden
CCC Help German (x32 Version: 2010.0825.2145.37182 - ATI) Hidden
CCC Help Greek (x32 Version: 2010.0825.2145.37182 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2010.0825.2145.37182 - ATI) Hidden
CCC Help Italian (x32 Version: 2010.0825.2145.37182 - ATI) Hidden
CCC Help Japanese (x32 Version: 2010.0825.2145.37182 - ATI) Hidden
CCC Help Korean (x32 Version: 2010.0825.2145.37182 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2010.0825.2145.37182 - ATI) Hidden
CCC Help Polish (x32 Version: 2010.0825.2145.37182 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2010.0825.2145.37182 - ATI) Hidden
CCC Help Russian (x32 Version: 2010.0825.2145.37182 - ATI) Hidden
CCC Help Spanish (x32 Version: 2010.0825.2145.37182 - ATI) Hidden
CCC Help Swedish (x32 Version: 2010.0825.2145.37182 - ATI) Hidden
CCC Help Thai (x32 Version: 2010.0825.2145.37182 - ATI) Hidden
CCC Help Turkish (x32 Version: 2010.0825.2145.37182 - ATI) Hidden
ccc-core-static (x32 Version: 2010.0825.2146.37182 - Ihr Firmenname) Hidden
ccc-utility64 (Version: 2010.0825.2146.37182 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)
Chivalry: Medieval Warfare (HKLM-x32\...\Steam App 219640) (Version: - Torn Banner Studios)
Contagion (HKLM-x32\...\Steam App 238430) (Version: - Monochrome LLC)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
Counter-Strike: Source (HKLM-x32\...\{9580813D-94B1-4C28-9426-A441E2BB29A5}) (Version: 1.0.0.0 - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version: - Valve)
Cry of Fear (HKLM-x32\...\Steam App 223710) (Version: - Team Psykskallar)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{92C42EDD-6524-4577-B2EB-6C68C63B6D4A}) (Version: - Microsoft)
Diablo II (HKLM-x32\...\Diablo II) (Version: - )
Die*Sims™*3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.0.631 - Electronic Arts)
Dishonored (HKLM-x32\...\Steam App 205100) (Version: 1.0 - Bethesda Softworks)
Far Cry® 3 (HKLM-x32\...\Steam App 220240) (Version: - Ubisoft Montreal, Massive Entertainment, and Ubisoft Shanghai)
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.0.5.618 - Foxit Corporation)
Free YouTube Download version 3.2.20.1230 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.20.1230 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.20.1230 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.20.1230 - DVDVideoSoft Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Drive (HKLM-x32\...\{E87022D3-C8C9-4C76-8E27-BC7F18F9B8FB}) (Version: 1.14.6059.644 - Google, Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
Grand Theft Auto IV (HKLM-x32\...\{579BA58C-F33D-4970-9953-B94B43768AC3}) (Version: 1.00.0000 - Rockstar Games)
Grand Theft Auto IV (x32 Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden
HAWKEN (HKLM-x32\...\Steam App 271290) (Version: - Adhesive Games)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.216 - SurfRight B.V.)
HydraVision (x32 Version: 4.2.180.0 - ATI Technologies Inc.) Hidden
Java 7 Update 21 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417021FF}) (Version: 7.0.210 - Oracle)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java SE Development Kit 7 Update 21 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170210}) (Version: 1.7.0.210 - Oracle)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve)
Lightworks (HKLM-x32\...\{E94DD4E4-7746-472c-AA7B-1242FED0CFC8}) (Version: 11.5.0.0 - Lightworks)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.173 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.173 - LogMeIn, Inc.) Hidden
Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Metro: Last Light (HKLM-x32\...\Steam App 43160) (Version: - 4A Games)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE (HKLM-x32\...\{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}) (Version: 3.1.186.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
Overwolf (HKLM-x32\...\{FB83467F-D8EB-43E6-8B3D-860B045C1C52}) (Version: 0.51.325 - Overwolf)
Overwolf.Setup.VC100CRTx64.Dist (HKLM\...\{EC9D5554-6852-4A55-81BB-AC02C7A8CFED}) (Version: 1.0.0 - Overwolf)
Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Pinnacle Studio 12 (HKLM-x32\...\{D041EB9E-890A-4098-8F94-51DA194AC72A}) (Version: 12.1.3.6605 - Pinnacle Systems)
Pinnacle Video Treiber (HKLM\...\{6DE721A5-5E89-4D74-994C-652BB3C0672E}) (Version: 12.1.0.029 - Pinnacle Systems)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.987 - Even Balance, Inc.)
SavingsBull (x32 Version: 1.0.0.0 - SavingsBull) Hidden <==== ATTENTION
SavingsbullFilter (Version: 1.0.0.0 - SavingsBull Filter) Hidden <==== ATTENTION
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)
TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
The Witcher 2 Enhanced Edition Version 3.0 (HKLM-x32\...\The Witcher 2 Enhanced Edition_is1) (Version: 3.0 - CD Projekt RED)
Tomb Raider (HKLM-x32\...\Steam App 203160) (Version: - Crystal Dynamics)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{83B1B530-7D9E-4C6A-907F-E979CEE9C295}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{81812245-FC84-426A-BC02-6659C88CC7B2}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{80F56E3F-1D47-4E45-B6E0-FEF4E919F4F9}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft Visio 2010 (KB2878227) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5D357893-40BA-4323-86BA-D97C66CD72F4}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version: - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{E78E2B68-8FD1-42EE-BB74-99A4D9E6222D}) (Version: - Microsoft)
Uplay (HKLM-x32\...\Uplay) (Version: 4.0 - Ubisoft)
War Thunder (HKLM-x32\...\Steam App 236390) (Version: - Gaijin Entertainment)
Warframe (HKLM-x32\...\Steam App 230410) (Version: - Digital Extremes)
Winamp (HKLM-x32\...\Winamp) (Version: 5.63 - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
==================== Restore Points =========================
25-03-2014 15:03:24 Windows Update
31-03-2014 12:06:07 Windows Update
==================== Hosts content: ==========================
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {1983BDE0-5843-4673-B3AD-3ED84EF6FA91} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-16] (Google Inc.)
Task: {6269A25E-77DD-4E63-8F56-38E30CE1AFF2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-16] (Google Inc.)
Task: {7C9D51A7-3935-4EC8-A51D-A7D960BCC22F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-11] (Adobe Systems Incorporated)
Task: {87BB544A-238E-4C23-8A11-6E4E47A39DD9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-02-20] (Piriform Ltd)
Task: {A704F7D2-4950-4DE4-A011-A2D509B65210} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2014-01-25 14:29 - 2011-02-07 09:56 - 00138192 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2014-03-08 19:04 - 2014-03-08 19:07 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2010-08-04 15:58 - 2010-08-04 15:58 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-08-25 21:44 - 2010-08-25 21:44 - 00270336 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-03-17 15:11 - 2014-03-17 15:11 - 00173568 _____ () C:\Users\Nicholas\AppData\Local\TeamSpeak 3 Client\quazip.dll
2014-03-17 15:11 - 2014-03-17 15:11 - 01080832 _____ () C:\Users\Nicholas\AppData\Local\TeamSpeak 3 Client\platforms\qwindows.dll
2014-03-17 15:11 - 2014-03-17 15:11 - 00833024 _____ () C:\Users\Nicholas\AppData\Local\TeamSpeak 3 Client\sqldrivers\qsqlite.dll
2013-09-09 10:31 - 2014-03-17 15:11 - 00102344 _____ () C:\Users\Nicholas\AppData\Local\TeamSpeak 3 Client\soundbackends\directsound_win64.dll
2013-09-09 10:31 - 2014-03-17 15:11 - 00108488 _____ () C:\Users\Nicholas\AppData\Local\TeamSpeak 3 Client\soundbackends\windowsaudiosession_win64.dll
2014-03-17 15:11 - 2014-03-17 15:11 - 00030208 _____ () C:\Users\Nicholas\AppData\Local\TeamSpeak 3 Client\imageformats\qgif.dll
2014-03-17 15:11 - 2014-03-17 15:11 - 00233984 _____ () C:\Users\Nicholas\AppData\Local\TeamSpeak 3 Client\imageformats\qjpeg.dll
2013-09-09 10:31 - 2014-03-17 15:11 - 00563656 _____ () C:\Users\Nicholas\AppData\Local\TeamSpeak 3 Client\plugins\clientquery_plugin.dll
2013-09-09 10:31 - 2014-03-17 15:11 - 00577480 _____ () C:\Users\Nicholas\AppData\Local\TeamSpeak 3 Client\plugins\teamspeak_control_plugin.dll
2014-03-17 15:11 - 2014-03-17 15:11 - 00159232 _____ () C:\Users\Nicholas\AppData\Local\TeamSpeak 3 Client\accessible\qtaccessiblewidgets.dll
2014-03-05 20:30 - 2014-03-05 20:30 - 00025600 _____ () C:\Program Files (x86)\Overwolf\CoreAudioApi.dll
2014-03-05 20:29 - 2014-03-05 20:29 - 00607232 _____ () C:\Program Files (x86)\Overwolf\client_c_api_win32.dll
2014-01-08 16:44 - 2013-12-13 00:19 - 00142848 _____ () C:\Program Files (x86)\Steam\libavresample-1.dll
2014-01-08 16:44 - 2013-11-05 03:12 - 00890592 _____ () C:\Program Files (x86)\Steam\libavutil-52.dll
2013-08-21 14:18 - 2014-02-11 04:34 - 00751616 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2013-09-21 10:35 - 2014-02-25 23:57 - 01135296 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2013-12-03 23:54 - 2014-01-11 01:33 - 20625832 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2013-06-14 15:49 - 2013-06-15 01:49 - 01100800 _____ () C:\Program Files (x86)\Steam\bin\avcodec-53.dll
2013-06-14 15:49 - 2013-06-15 01:49 - 00124416 _____ () C:\Program Files (x86)\Steam\bin\avutil-51.dll
2013-06-14 15:49 - 2013-06-15 01:49 - 00192000 _____ () C:\Program Files (x86)\Steam\bin\avformat-53.dll
2014-03-31 14:32 - 2014-03-31 14:32 - 00098816 _____ () C:\Users\Nicholas\AppData\Local\Temp\_MEI22642\win32api.pyd
2014-03-31 14:32 - 2014-03-31 14:32 - 00110080 _____ () C:\Users\Nicholas\AppData\Local\Temp\_MEI22642\pywintypes27.dll
2014-03-31 14:32 - 2014-03-31 14:32 - 00364544 _____ () C:\Users\Nicholas\AppData\Local\Temp\_MEI22642\pythoncom27.dll
2014-03-31 14:32 - 2014-03-31 14:32 - 00044032 _____ () C:\Users\Nicholas\AppData\Local\Temp\_MEI22642\_socket.pyd
2014-03-31 14:32 - 2014-03-31 14:32 - 01157120 _____ () C:\Users\Nicholas\AppData\Local\Temp\_MEI22642\_ssl.pyd
2014-03-31 14:32 - 2014-03-31 14:32 - 00320512 _____ () C:\Users\Nicholas\AppData\Local\Temp\_MEI22642\win32com.shell.shell.pyd
2014-03-31 14:32 - 2014-03-31 14:32 - 00712192 _____ () C:\Users\Nicholas\AppData\Local\Temp\_MEI22642\_hashlib.pyd
2014-03-31 14:32 - 2014-03-31 14:32 - 01175040 _____ () C:\Users\Nicholas\AppData\Local\Temp\_MEI22642\wx._core_.pyd
2014-03-31 14:32 - 2014-03-31 14:32 - 00805888 _____ () C:\Users\Nicholas\AppData\Local\Temp\_MEI22642\wx._gdi_.pyd
2014-03-31 14:32 - 2014-03-31 14:32 - 00811008 _____ () C:\Users\Nicholas\AppData\Local\Temp\_MEI22642\wx._windows_.pyd
2014-03-31 14:32 - 2014-03-31 14:32 - 01062400 _____ () C:\Users\Nicholas\AppData\Local\Temp\_MEI22642\wx._controls_.pyd
2014-03-31 14:32 - 2014-03-31 14:32 - 00735232 _____ () C:\Users\Nicholas\AppData\Local\Temp\_MEI22642\wx._misc_.pyd
2014-03-31 14:32 - 2014-03-31 14:32 - 00128512 _____ () C:\Users\Nicholas\AppData\Local\Temp\_MEI22642\_elementtree.pyd
2014-03-31 14:32 - 2014-03-31 14:32 - 00127488 _____ () C:\Users\Nicholas\AppData\Local\Temp\_MEI22642\pyexpat.pyd
2014-03-31 14:32 - 2014-03-31 14:32 - 00557056 _____ () C:\Users\Nicholas\AppData\Local\Temp\_MEI22642\pysqlite2._sqlite.pyd
2014-03-31 14:32 - 2014-03-31 14:32 - 00087040 _____ () C:\Users\Nicholas\AppData\Local\Temp\_MEI22642\_ctypes.pyd
2014-03-31 14:32 - 2014-03-31 14:32 - 00119808 _____ () C:\Users\Nicholas\AppData\Local\Temp\_MEI22642\win32file.pyd
2014-03-31 14:32 - 2014-03-31 14:32 - 00108544 _____ () C:\Users\Nicholas\AppData\Local\Temp\_MEI22642\win32security.pyd
2014-03-31 14:32 - 2014-03-31 14:32 - 00018432 _____ () C:\Users\Nicholas\AppData\Local\Temp\_MEI22642\win32event.pyd
2014-03-31 14:32 - 2014-03-31 14:32 - 00038912 _____ () C:\Users\Nicholas\AppData\Local\Temp\_MEI22642\win32inet.pyd
2014-03-31 14:32 - 2014-03-31 14:32 - 00122368 _____ () C:\Users\Nicholas\AppData\Local\Temp\_MEI22642\wx._wizard.pyd
2014-03-31 14:32 - 2014-03-31 14:32 - 00070656 _____ () C:\Users\Nicholas\AppData\Local\Temp\_MEI22642\wx._html2.pyd
2014-03-31 14:32 - 2014-03-31 14:32 - 00026624 _____ () C:\Users\Nicholas\AppData\Local\Temp\_MEI22642\_multiprocessing.pyd
2014-03-31 14:32 - 2014-03-31 14:32 - 00010240 _____ () C:\Users\Nicholas\AppData\Local\Temp\_MEI22642\select.pyd
2014-03-31 14:32 - 2014-03-31 14:32 - 00024064 _____ () C:\Users\Nicholas\AppData\Local\Temp\_MEI22642\win32pipe.pyd
2014-03-31 14:32 - 2014-03-31 14:32 - 00686080 _____ () C:\Users\Nicholas\AppData\Local\Temp\_MEI22642\unicodedata.pyd
2014-03-31 14:32 - 2014-03-31 14:32 - 00025600 _____ () C:\Users\Nicholas\AppData\Local\Temp\_MEI22642\win32pdh.pyd
2014-03-31 14:32 - 2014-03-31 14:32 - 00525640 _____ () C:\Users\Nicholas\AppData\Local\Temp\_MEI22642\windows._lib_cacheinvalidation.pyd
2014-03-31 14:32 - 2014-03-31 14:32 - 00011264 _____ () C:\Users\Nicholas\AppData\Local\Temp\_MEI22642\win32crypt.pyd
2014-03-31 14:32 - 2014-03-31 14:32 - 00035840 _____ () C:\Users\Nicholas\AppData\Local\Temp\_MEI22642\win32process.pyd
2014-03-31 14:32 - 2014-03-31 14:32 - 00017408 _____ () C:\Users\Nicholas\AppData\Local\Temp\_MEI22642\win32profile.pyd
2014-03-31 14:32 - 2014-03-31 14:32 - 00022528 _____ () C:\Users\Nicholas\AppData\Local\Temp\_MEI22642\win32ts.pyd
2014-03-15 16:44 - 2014-03-15 02:50 - 00051016 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll
2014-03-15 16:44 - 2014-03-15 02:50 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libglesv2.dll
2014-03-15 16:44 - 2014-03-15 02:50 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libegl.dll
2014-03-15 16:44 - 2014-03-15 02:50 - 04061000 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll
2014-03-15 16:44 - 2014-03-15 02:50 - 00394568 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
2014-03-15 16:44 - 2014-03-15 02:50 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (03/31/2014 02:32:48 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall
Error: (03/27/2014 05:50:47 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: AC4BFSP.exe, Version: 0.0.0.0, Zeitstempel: 0x52ce9f39
Name des fehlerhaften Moduls: atidxx32.dll, Version: 8.17.10.303, Zeitstempel: 0x4c75c8d5
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00012919
ID des fehlerhaften Prozesses: 0x1318
Startzeit der fehlerhaften Anwendung: 0xAC4BFSP.exe0
Pfad der fehlerhaften Anwendung: AC4BFSP.exe1
Pfad des fehlerhaften Moduls: AC4BFSP.exe2
Berichtskennung: AC4BFSP.exe3
Error: (03/27/2014 01:34:00 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall
Error: (03/25/2014 11:01:30 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: AC4BFSP.exe, Version: 0.0.0.0, Zeitstempel: 0x52ce9f39
Name des fehlerhaften Moduls: atidxx32.dll, Version: 8.17.10.303, Zeitstempel: 0x4c75c8d5
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00012919
ID des fehlerhaften Prozesses: 0x1590
Startzeit der fehlerhaften Anwendung: 0xAC4BFSP.exe0
Pfad der fehlerhaften Anwendung: AC4BFSP.exe1
Pfad des fehlerhaften Moduls: AC4BFSP.exe2
Berichtskennung: AC4BFSP.exe3
Error: (03/25/2014 06:40:41 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: AC4BFSP.exe, Version: 0.0.0.0, Zeitstempel: 0x52ce9f39
Name des fehlerhaften Moduls: atidxx32.dll, Version: 8.17.10.303, Zeitstempel: 0x4c75c8d5
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00012919
ID des fehlerhaften Prozesses: 0x1250
Startzeit der fehlerhaften Anwendung: 0xAC4BFSP.exe0
Pfad der fehlerhaften Anwendung: AC4BFSP.exe1
Pfad des fehlerhaften Moduls: AC4BFSP.exe2
Berichtskennung: AC4BFSP.exe3
Error: (03/25/2014 04:54:29 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall
Error: (03/22/2014 04:29:27 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall
Error: (03/22/2014 02:40:00 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: AC4BFSP.exe, Version: 0.0.0.0, Zeitstempel: 0x52ce9f39
Name des fehlerhaften Moduls: atidxx32.dll, Version: 8.17.10.303, Zeitstempel: 0x4c75c8d5
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00012919
ID des fehlerhaften Prozesses: 0xa14
Startzeit der fehlerhaften Anwendung: 0xAC4BFSP.exe0
Pfad der fehlerhaften Anwendung: AC4BFSP.exe1
Pfad des fehlerhaften Moduls: AC4BFSP.exe2
Berichtskennung: AC4BFSP.exe3
Error: (03/21/2014 10:08:29 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall
Error: (03/21/2014 08:38:39 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall
System errors:
=============
Error: (03/28/2014 00:47:40 AM) (Source: DCOM) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
Error: (03/21/2014 11:22:44 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "HitmanPro 3.7 Crusader (Boot)" wurde mit folgendem dienstspezifischem Fehler beendet: %%0.
Error: (03/18/2014 08:52:13 PM) (Source: volsnap) (User: )
Description: Die Schattenkopien von Volume "C:" wurden aufgrund eines E/A-Fehlers auf Volume "C:" abgebrochen.
Error: (03/17/2014 06:25:52 PM) (Source: volsnap) (User: )
Description: Die Schattenkopien von Volume "C:" wurden aufgrund eines E/A-Fehlers auf Volume "C:" abgebrochen.
Error: (03/10/2014 01:55:25 AM) (Source: DCOM) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
Error: (03/08/2014 04:25:28 PM) (Source: Microsoft Antimalware) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.
Neue Signaturversion:
Vorherige Signaturversion: 1.167.1400.0
Aktualisierungsquelle: %NT-AUTORITÄT59
Aktualisierungsphase: 4.4.0304.00
Quellpfad: 4.4.0304.01
Signaturtyp: %NT-AUTORITÄT602
Aktualisierungstyp: %NT-AUTORITÄT604
Benutzer: NT-AUTORITÄT\SYSTEM
Aktuelle Modulversion: %NT-AUTORITÄT605
Vorherige Modulversion: %NT-AUTORITÄT606
Fehlercode: %NT-AUTORITÄT607
Fehlerbeschreibung: %NT-AUTORITÄT608
Error: (03/08/2014 10:20:22 AM) (Source: Service Control Manager) (User: )
Description: Dienst "Adobe Acrobat Update Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Microsoft Office Sessions:
=========================
Error: (03/31/2014 02:32:48 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall
Error: (03/27/2014 05:50:47 PM) (Source: Application Error)(User: )
Description: AC4BFSP.exe0.0.0.052ce9f39atidxx32.dll8.17.10.3034c75c8d5c000000500012919131801cf49cb69d34319C:\Program Files (x86)\Ubisoft\Assassin's Creed IV Black Flag\AC4BFSP.exeC:\Windows\system32\atidxx32.dll8f6e1834-b5c7-11e3-b0b3-00248c06e591
Error: (03/27/2014 01:34:00 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall
Error: (03/25/2014 11:01:30 PM) (Source: Application Error)(User: )
Description: AC4BFSP.exe0.0.0.052ce9f39atidxx32.dll8.17.10.3034c75c8d5c000000500012919159001cf4861482930d7C:\Program Files (x86)\Ubisoft\Assassin's Creed IV Black Flag\AC4BFSP.exeC:\Windows\system32\atidxx32.dlla2d5ee2e-b460-11e3-b4bb-00248c06e591
Error: (03/25/2014 06:40:41 PM) (Source: Application Error)(User: )
Description: AC4BFSP.exe0.0.0.052ce9f39atidxx32.dll8.17.10.3034c75c8d5c000000500012919125001cf48465c274e00C:\Program Files (x86)\Ubisoft\Assassin's Creed IV Black Flag\AC4BFSP.exeC:\Windows\system32\atidxx32.dll337929ac-b43c-11e3-b4bb-00248c06e591
Error: (03/25/2014 04:54:29 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall
Error: (03/22/2014 04:29:27 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall
Error: (03/22/2014 02:40:00 AM) (Source: Application Error)(User: )
Description: AC4BFSP.exe0.0.0.052ce9f39atidxx32.dll8.17.10.3034c75c8d5c000000500012919a1401cf454ce2bb7ca8C:\Program Files (x86)\Ubisoft\Assassin's Creed IV Black Flag\AC4BFSP.exeC:\Windows\system32\atidxx32.dll7f983486-b15a-11e3-9f8e-00248c06e591
Error: (03/21/2014 10:08:29 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall
Error: (03/21/2014 08:38:39 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall
==================== Memory info ===========================
Percentage of memory in use: 44%
Total physical RAM: 6143.23 MB
Available physical RAM: 3411 MB
Total Pagefile: 12284.63 MB
Available Pagefile: 8850.36 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: (HP) (Fixed) (Total:581.74 GB) (Free:121.3 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (HP2) (Fixed) (Total:596.17 GB) (Free:339.8 GB) NTFS
Drive e: (FACTORY_IMAGE) (Fixed) (Total:14.43 GB) (Free:2.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (65300) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=582 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=14 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 596 GB) (Disk ID: A9F93586)
Partition: GPT Partition Type.
==================== End Of Log ============================
|
|
01.04.2014, 12:25
| #4 |
| /// the machine /// TB-Ausbilder | Chip Downloadbutton sieht anders aus Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Revo Uninstaller - Download - Filepony Damit alles deinstallieren was Du in der Additional.txt findest mit dem Zusatz <== ATTENTION Mit Revo auch Moderat die Reste entfernen lassen. Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
03.04.2014, 22:49
| #5 |
| | Chip Downloadbutton sieht anders aus Hallo schrauber, tut mir leid für die späte Rückmeldung, hatte leider sehr viel Stress in den letzten Tagen.... Hier sind die gewünschten Daten: Das fixlog.txt Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014 Ran by Nicholas at 2014-04-03 21:58:32 Run:1 Running from C:\Users\Nicholas\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ***************** HKLM\SOFTWARE\Policies\Google => Key deleted successfully. ==== End of Fixlog ==== Hier das mbam.txt Malwarebytes Anti-Malware Malwarebytes | Free Anti-Malware & Internet Security Software Protection, 03.04.2014 22:06:01, SYSTEM, NICHOLAS-PC, Protection, Malware Protection, Starting, Protection, 03.04.2014 22:06:01, SYSTEM, NICHOLAS-PC, Protection, Malware Protection, Started, Protection, 03.04.2014 22:06:01, SYSTEM, NICHOLAS-PC, Protection, Malicious Website Protection, Starting, Update, 03.04.2014 22:06:20, SYSTEM, NICHOLAS-PC, Manual, Rootkit Database, 2014.2.20.1, 2014.3.27.1, Protection, 03.04.2014 22:06:23, SYSTEM, NICHOLAS-PC, Protection, Malicious Website Protection, Started, Update, 03.04.2014 22:06:41, SYSTEM, NICHOLAS-PC, Manual, Malware Database, 2014.3.4.9, 2014.4.3.8, Protection, 03.04.2014 22:06:42, SYSTEM, NICHOLAS-PC, Protection, Refresh, Starting, Protection, 03.04.2014 22:06:42, SYSTEM, NICHOLAS-PC, Protection, Malicious Website Protection, Stopping, Protection, 03.04.2014 22:06:42, SYSTEM, NICHOLAS-PC, Protection, Malicious Website Protection, Stopped, Protection, 03.04.2014 22:06:46, SYSTEM, NICHOLAS-PC, Protection, Refresh, Success, Protection, 03.04.2014 22:06:46, SYSTEM, NICHOLAS-PC, Protection, Malicious Website Protection, Starting, Protection, 03.04.2014 22:06:47, SYSTEM, NICHOLAS-PC, Protection, Malicious Website Protection, Started, Protection, 03.04.2014 22:27:43, SYSTEM, NICHOLAS-PC, Protection, Malware Protection, Starting, Protection, 03.04.2014 22:27:43, SYSTEM, NICHOLAS-PC, Protection, Malware Protection, Started, Protection, 03.04.2014 22:27:43, SYSTEM, NICHOLAS-PC, Protection, Malicious Website Protection, Starting, Protection, 03.04.2014 22:28:36, SYSTEM, NICHOLAS-PC, Protection, Malicious Website Protection, Started, Protection, 03.04.2014 22:31:23, SYSTEM, NICHOLAS-PC, Protection, Malware Protection, Starting, Protection, 03.04.2014 22:31:23, SYSTEM, NICHOLAS-PC, Protection, Malware Protection, Started, Protection, 03.04.2014 22:31:23, SYSTEM, NICHOLAS-PC, Protection, Malicious Website Protection, Starting, Protection, 03.04.2014 22:32:18, SYSTEM, NICHOLAS-PC, Protection, Malicious Website Protection, Started, Protection, 03.04.2014 22:49:21, SYSTEM, NICHOLAS-PC, Protection, Malware Protection, Starting, Protection, 03.04.2014 22:49:21, SYSTEM, NICHOLAS-PC, Protection, Malware Protection, Started, Protection, 03.04.2014 22:49:21, SYSTEM, NICHOLAS-PC, Protection, Malicious Website Protection, Starting, Protection, 03.04.2014 22:51:41, SYSTEM, NICHOLAS-PC, Protection, Malicious Website Protection, Started, (end) Hier das adwcleander.txtAdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v3.023 - Bericht erstellt am 03/04/2014 um 23:18:19
# Aktualisiert 01/04/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : Nicholas - NICHOLAS-PC
# Gestartet von : C:\Users\Nicholas\Desktop\Programme\Anti-Virenprogramme\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Windows\Installer\{6DDE8071-E4BA-461B-8A96-990DFAA0EBD1}
Ordner Gelöscht : C:\Windows\Installer\{813BA625-B0FA-48D8-9B75-59759C88C219}
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6DDE8071-E4BA-461B-8A96-990DFAA0EBD1}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{813BA625-B0FA-48D8-9B75-59759C88C219}
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\1708EDD6AB4EB164A86999D0AF0ABE1D
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\526AB318AF0B8D84B9579557C9882C91
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\1708EDD6AB4EB164A86999D0AF0ABE1D
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\526AB318AF0B8D84B9579557C9882C91
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.16521
-\\ Google Chrome v33.0.1750.154
[ Datei : C:\Users\Nicholas\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [895 octets] - [08/03/2014 16:08:30]
AdwCleaner[R1].txt - [1158 octets] - [09/03/2014 16:26:00]
AdwCleaner[R2].txt - [1858 octets] - [03/04/2014 23:17:12]
AdwCleaner[S0].txt - [955 octets] - [08/03/2014 16:10:20]
AdwCleaner[S1].txt - [1118 octets] - [09/03/2014 16:30:29]
AdwCleaner[S2].txt - [1779 octets] - [03/04/2014 23:18:19]
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1839 octets] ##########
Hier das jrt.txtJRT Logfile: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 7 Professional x64
Ran by Nicholas on 03.04.2014 at 23:29:09,43
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 03.04.2014 at 23:37:57,95
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
und hier das frst.txt FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 Ran by Nicholas (administrator) on NICHOLAS-PC on 03-04-2014 23:42:55 Running from C:\Users\Nicholas\Desktop Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials ==================== Processes (Whitelisted) ================= (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (AMD) C:\Windows\system32\atiesrxx.exe (AMD) C:\Windows\system32\atieclxx.exe (SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Overwolf LTD) C:\Program Files (x86)\Overwolf\Overwolf.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe (CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Microsoft Corporation) C:\Windows\splwow64.exe (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Overwolf LTD) C:\Program Files (x86)\Common Files\Overwolf\OverwolfHelper.exe (Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (Overwolf LTD) C:\Program Files (x86)\Common Files\Overwolf\OverwolfHelper64.exe (Microsoft Corporation) C:\Windows\system32\msiexec.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2779024 2011-03-14] (CANON INC.) HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation) HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-08-25] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [WinampAgent] - C:\Program Files (x86)\Winamp\winampa.exe [74752 2012-06-20] (Nullsoft, Inc.) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [CanonSolutionMenuEx] - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1612920 2011-08-04] (CANON INC.) HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] - C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2011-01-15] (CANON INC.) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3814736 2014-02-26] (LogMeIn Inc.) HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2013-05-17] (Microsoft Corporation) HKU\S-1-5-21-3026057269-3263426269-3197033770-1000\...\Run: [GoogleDriveSync] - C:\Program Files (x86)\Google\Drive\googledrivesync.exe [21822128 2014-01-30] (Google) HKU\S-1-5-21-3026057269-3263426269-3197033770-1000\...\Run: [RGSC] - C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent HKU\S-1-5-21-3026057269-3263426269-3197033770-1000\...\Run: [Overwolf] - C:\Program Files (x86)\Overwolf\Overwolf.exe [37664 2014-03-05] (Overwolf LTD) HKU\S-1-5-21-3026057269-3263426269-3197033770-1000\...\Run: [Steam] - C:\Program Files (x86)\Steam\steam.exe [1821888 2014-02-25] (Valve Corporation) HKU\S-1-5-21-3026057269-3263426269-3197033770-1000\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login. HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF05D33963652CE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll (CANON INC.) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll (CANON INC.) Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Chrome: ======= CHR HomePage: hxxp://www.youtube.com/ CHR Extension: (Google Docs) - C:\Users\Nicholas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-08] CHR Extension: (Google Drive) - C:\Users\Nicholas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-08] CHR Extension: (YouTube) - C:\Users\Nicholas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-08] CHR Extension: (Adblock Plus) - C:\Users\Nicholas\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-03-08] CHR Extension: (Google-Suche) - C:\Users\Nicholas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-08] CHR Extension: (avast! Online Security) - C:\Users\Nicholas\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-03-08] CHR Extension: (Boat_Sunset) - C:\Users\Nicholas\AppData\Local\Google\Chrome\User Data\Default\Extensions\iaifmdmjlhjgijopdldipdaaceimpbie [2014-03-08] CHR Extension: (Google Wallet) - C:\Users\Nicholas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-08] CHR Extension: (Mein Chrome-Design) - C:\Users\Nicholas\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic [2014-03-08] CHR Extension: (Google Mail) - C:\Users\Nicholas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-08] ==================== Services (Whitelisted) ================= R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-03-31] (SurfRight B.V.) R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [138192 2011-02-07] () R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-02-26] (LogMeIn, Inc.) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-03-05] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-03-05] (Malwarebytes Corporation) R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation) R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation) S3 OverwolfUpdaterService; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [99616 2014-03-05] (Overwolf LTD) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-04-03] () ==================== Drivers (Whitelisted) ==================== R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-03-05] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-03] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-03-05] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation) R1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [61592 2013-12-17] (NetFilterSDK.com) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation) S3 StMp3Recx64; C:\Windows\System32\Drivers\StMp3Recx64.sys [26112 2007-01-12] (Generic) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-03 23:42 - 2014-04-03 23:42 - 00012295 _____ () C:\Users\Nicholas\Desktop\FRST.txt 2014-04-03 23:37 - 2014-04-03 23:37 - 00000628 _____ () C:\Users\Nicholas\Desktop\JRT.txt 2014-04-03 23:25 - 2014-03-23 22:41 - 01038974 _____ (Thisisu) C:\Users\Nicholas\Desktop\JRT_NEW.exe 2014-04-03 22:08 - 2014-04-03 23:40 - 00000000 ____D () C:\Users\Nicholas\Desktop\Posten 2014-04-03 22:06 - 2014-04-03 23:27 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-03 22:05 - 2014-04-03 22:05 - 00001108 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-04-03 22:05 - 2014-04-03 22:05 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-04-03 22:05 - 2014-03-05 09:26 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-04-03 22:05 - 2014-03-05 09:26 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-04-03 22:04 - 2014-04-03 22:05 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Nicholas\Downloads\mbam-setup-2.0.0.1000.exe 2014-03-31 22:13 - 2014-04-01 00:00 - 00000000 ____D () C:\Users\Nicholas\AppData\Roaming\Notepad++ 2014-03-31 22:13 - 2014-03-31 22:13 - 00001065 _____ () C:\Users\Nicholas\Desktop\Notepad++.lnk 2014-03-31 22:13 - 2014-03-31 22:13 - 00000000 ____D () C:\Users\Nicholas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++ 2014-03-31 22:13 - 2014-03-31 22:13 - 00000000 ____D () C:\Program Files (x86)\Notepad++ 2014-03-31 22:11 - 2014-03-31 22:11 - 07624808 _____ () C:\Users\Nicholas\Downloads\npp.6.5.5.Installer.exe 2014-03-31 22:04 - 2014-03-31 22:04 - 00000636 _____ () C:\Users\Nicholas\Desktop\XAMPP Control Panel.lnk 2014-03-31 22:02 - 2014-04-01 00:17 - 00000000 ____D () C:\xampp 2014-03-31 18:53 - 2014-03-31 18:54 - 00041383 _____ () C:\Users\Nicholas\Downloads\Addition.txt 2014-03-31 18:51 - 2014-04-03 23:42 - 00000000 ____D () C:\FRST 2014-03-31 18:51 - 2014-03-31 18:54 - 00037838 _____ () C:\Users\Nicholas\Downloads\FRST.txt 2014-03-31 18:50 - 2014-03-31 18:51 - 02157056 _____ (Farbar) C:\Users\Nicholas\Desktop\FRST64.exe 2014-03-31 17:52 - 2014-03-31 17:58 - 121504360 _____ (BitNami) C:\Users\Nicholas\Downloads\xampp-win32-1.8.3-1-vc11-installer.exe 2014-03-27 16:24 - 2014-03-27 16:28 - 00000000 ____D () C:\Users\Nicholas\Documents\Kletterwald 2014-03-27 16:18 - 2014-03-27 16:24 - 00009536 _____ () C:\Users\Nicholas\Downloads\Arbeitszeiten April xxx.xlsx 2014-03-21 11:20 - 2014-03-21 11:20 - 00000448 _____ () C:\Windows\system32\.crusader 2014-03-18 21:32 - 2014-04-03 23:36 - 00054763 _____ () C:\Windows\DirectX.log 2014-03-17 18:43 - 2014-03-17 18:43 - 00001899 _____ () C:\Users\Public\Desktop\Blender.lnk 2014-03-17 18:43 - 2014-03-17 18:43 - 00000000 ____D () C:\Users\Nicholas\.thumbnails 2014-03-17 18:42 - 2014-03-17 18:42 - 00000000 ____D () C:\Program Files\Blender Foundation 2014-03-17 18:34 - 2014-03-17 18:41 - 52155552 _____ () C:\Users\Nicholas\Downloads\blender-2.69-windows64.exe 2014-03-17 15:26 - 2014-03-17 15:26 - 00000000 ____D () C:\Users\Nicholas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2014-03-14 23:40 - 2014-03-14 23:40 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-03-14 23:40 - 2014-03-14 23:40 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2014-03-14 19:25 - 2014-03-01 08:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-03-14 19:25 - 2014-03-01 07:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-03-14 19:25 - 2014-03-01 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-03-14 19:25 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-03-14 19:25 - 2014-03-01 06:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-03-14 19:25 - 2014-03-01 06:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-03-14 19:25 - 2014-03-01 06:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-03-14 19:25 - 2014-03-01 06:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-03-14 19:25 - 2014-03-01 06:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-03-14 19:25 - 2014-03-01 06:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-03-14 19:25 - 2014-03-01 06:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-03-14 19:25 - 2014-03-01 06:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-03-14 19:25 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-03-14 19:25 - 2014-03-01 06:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-03-14 19:25 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-03-14 19:25 - 2014-03-01 06:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-03-14 19:25 - 2014-03-01 06:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-03-14 19:25 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-03-14 19:25 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-03-14 19:25 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-03-14 19:25 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-03-14 19:25 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-03-14 19:25 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-03-14 19:25 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-03-14 19:25 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-03-14 19:25 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-03-14 19:25 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-03-14 19:25 - 2014-03-01 05:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-03-14 19:25 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-03-14 19:25 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-03-14 19:25 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-03-14 19:25 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-03-14 19:25 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-03-14 19:25 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-03-14 19:25 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-03-14 19:25 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-03-14 19:25 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-03-14 19:25 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-03-14 19:25 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-03-14 19:25 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-03-14 19:25 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-03-14 19:25 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll 2014-03-14 19:25 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll 2014-03-14 19:25 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll 2014-03-14 19:22 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-03-14 19:22 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2014-03-14 19:21 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-03-14 19:21 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2014-03-10 15:09 - 2014-04-03 23:19 - 00002688 _____ () C:\Windows\setupact.log 2014-03-10 15:09 - 2014-04-03 22:30 - 00001300 _____ () C:\Windows\PFRO.log 2014-03-10 15:09 - 2014-03-10 15:09 - 00000000 _____ () C:\Windows\setuperr.log 2014-03-09 16:43 - 2014-03-09 16:43 - 00002778 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC 2014-03-09 16:43 - 2014-03-09 16:43 - 00000000 ____D () C:\Program Files\CCleaner 2014-03-09 13:11 - 2014-03-09 13:11 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk 2014-03-09 13:11 - 2014-03-09 13:11 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-03-09 13:11 - 2014-03-09 13:11 - 00000000 ____D () C:\Users\Nicholas\AppData\Local\Skype 2014-03-08 19:04 - 2014-04-03 23:37 - 00282512 _____ () C:\Windows\SysWOW64\PnkBstrB.exe 2014-03-08 19:04 - 2014-04-03 23:37 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe 2014-03-08 19:04 - 2014-03-21 22:13 - 00215128 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0 2014-03-08 18:30 - 2014-03-08 18:31 - 00714207 _____ () C:\Users\Nicholas\Downloads\pbsetup (2).zip 2014-03-08 18:11 - 2014-03-08 18:11 - 00000000 ____D () C:\ProgramData\Licenses 2014-03-08 18:11 - 2014-03-08 18:11 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster 2014-03-08 18:11 - 2009-03-24 13:52 - 00129872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSSTDFMT.DLL 2014-03-08 18:10 - 2014-03-08 18:10 - 04095448 _____ (BrightFort LLC ) C:\Users\Nicholas\Downloads\spywareblastersetup50.exe 2014-03-08 17:59 - 2014-03-15 16:44 - 00002177 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-03-08 16:30 - 2014-03-08 16:30 - 00001427 _____ () C:\Users\Nicholas\Desktop\Internet Explorer.lnk 2014-03-08 16:08 - 2014-04-03 23:18 - 00000000 ____D () C:\AdwCleaner 2014-03-08 10:25 - 2014-03-08 10:26 - 00001488 _____ () C:\DelFix.txt 2014-03-07 20:24 - 2014-03-07 20:24 - 00000000 ____D () C:\Program Files\HitmanPro 2014-03-07 20:23 - 2014-03-07 20:35 - 00000000 ____D () C:\ProgramData\HitmanPro 2014-03-07 20:16 - 2014-03-07 20:17 - 10820032 _____ (SurfRight B.V.) C:\Users\Nicholas\Downloads\HitmanPro_x64.exe 2014-03-07 16:49 - 2014-03-05 09:26 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-03-07 16:46 - 2014-03-07 16:48 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Nicholas\Downloads\mbam-setup-1.75.0.1300.exe 2014-03-07 16:44 - 2014-03-07 16:45 - 04621127 _____ (Malwarebytes Corporation ) C:\Users\Nicholas\Downloads\Nicht bestätigt 111287.crdownload 2014-03-07 15:24 - 2014-04-03 17:37 - 00001912 _____ () C:\Windows\epplauncher.mif 2014-03-07 15:24 - 2014-04-03 17:37 - 00000000 ____D () C:\Program Files\Microsoft Security Client 2014-03-07 15:24 - 2014-04-03 17:37 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client 2014-03-07 15:23 - 2014-03-07 15:23 - 00003254 _____ () C:\Windows\System32\Tasks\{A9235925-6F65-472B-B7D2-8461164FAAC4} 2014-03-07 14:40 - 2014-03-07 14:40 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi 2014-03-06 22:24 - 2014-03-06 22:24 - 00000000 ____D () C:\Users\Nicholas\AppData\Roaming\Malwarebytes 2014-03-06 22:23 - 2014-04-03 22:05 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-03-06 18:24 - 2014-03-08 10:25 - 00000000 ____D () C:\Windows\ERUNT 2014-03-06 17:41 - 2014-03-06 17:41 - 00638531 _____ () C:\Users\Nicholas\Downloads\Pascal_Zeugnis.zip 2014-03-04 16:32 - 2014-03-04 17:43 - 00000000 ____D () C:\Users\Nicholas\Documents\Unversität_fh_da ==================== One Month Modified Files and Folders ======= 2014-04-03 23:43 - 2014-04-03 23:42 - 00012295 _____ () C:\Users\Nicholas\Desktop\FRST.txt 2014-04-03 23:42 - 2014-03-31 18:51 - 00000000 ____D () C:\FRST 2014-04-03 23:40 - 2014-04-03 22:08 - 00000000 ____D () C:\Users\Nicholas\Desktop\Posten 2014-04-03 23:37 - 2014-04-03 23:37 - 00000628 _____ () C:\Users\Nicholas\Desktop\JRT.txt 2014-04-03 23:37 - 2014-03-08 19:04 - 00282512 _____ () C:\Windows\SysWOW64\PnkBstrB.exe 2014-04-03 23:37 - 2014-03-08 19:04 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe 2014-04-03 23:36 - 2014-03-18 21:32 - 00054763 _____ () C:\Windows\DirectX.log 2014-04-03 23:27 - 2014-04-03 22:06 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-03 23:27 - 2009-07-14 06:45 - 00016704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-04-03 23:27 - 2009-07-14 06:45 - 00016704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-04-03 23:25 - 2009-07-14 19:58 - 00699190 _____ () C:\Windows\system32\perfh007.dat 2014-04-03 23:25 - 2009-07-14 19:58 - 00149330 _____ () C:\Windows\system32\perfc007.dat 2014-04-03 23:25 - 2009-07-14 07:13 - 01619700 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-03 23:22 - 2013-05-16 14:07 - 02012177 _____ () C:\Windows\WindowsUpdate.log 2014-04-03 23:21 - 2013-05-16 16:12 - 00000000 ____D () C:\Users\Nicholas\AppData\Roaming\Skype 2014-04-03 23:20 - 2013-11-18 15:16 - 00000000 ____D () C:\Users\Nicholas\AppData\Local\LogMeIn Hamachi 2014-04-03 23:20 - 2013-09-30 18:50 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-04-03 23:20 - 2013-09-09 20:09 - 00000000 ____D () C:\Users\Nicholas\AppData\Local\Overwolf 2014-04-03 23:20 - 2013-05-16 15:47 - 00000000 ___RD () C:\Users\Nicholas\Google Drive 2014-04-03 23:20 - 2013-05-16 15:10 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-04-03 23:19 - 2014-03-10 15:09 - 00002688 _____ () C:\Windows\setupact.log 2014-04-03 23:19 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-03 23:18 - 2014-03-08 16:08 - 00000000 ____D () C:\AdwCleaner 2014-04-03 23:02 - 2013-09-30 19:04 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-04-03 22:46 - 2013-05-16 15:10 - 00001114 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-04-03 22:30 - 2014-03-10 15:09 - 00001300 _____ () C:\Windows\PFRO.log 2014-04-03 22:27 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\L2Schemas 2014-04-03 22:05 - 2014-04-03 22:05 - 00001108 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-04-03 22:05 - 2014-04-03 22:05 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-04-03 22:05 - 2014-04-03 22:04 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Nicholas\Downloads\mbam-setup-2.0.0.1000.exe 2014-04-03 22:05 - 2014-03-06 22:24 - 00000000 ____D () C:\Users\Nicholas\AppData\Roaming\Malwarebytes 2014-04-03 22:05 - 2014-03-06 22:23 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-04-03 20:41 - 2013-05-16 15:10 - 00004110 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-04-03 20:41 - 2013-05-16 15:10 - 00003858 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-04-03 17:37 - 2014-03-07 15:24 - 00001912 _____ () C:\Windows\epplauncher.mif 2014-04-03 17:37 - 2014-03-07 15:24 - 00000000 ____D () C:\Program Files\Microsoft Security Client 2014-04-03 17:37 - 2014-03-07 15:24 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client 2014-04-01 22:48 - 2013-09-09 20:09 - 00000000 ____D () C:\Users\Nicholas\AppData\Roaming\TS3Client 2014-04-01 14:10 - 2013-05-16 16:16 - 00000000 ____D () C:\Users\Nicholas\AppData\Roaming\Winamp 2014-04-01 00:18 - 2014-01-25 14:27 - 00000000 ____D () C:\ProgramData\CanonIJPLM 2014-04-01 00:17 - 2014-03-31 22:02 - 00000000 ____D () C:\xampp 2014-04-01 00:00 - 2014-03-31 22:13 - 00000000 ____D () C:\Users\Nicholas\AppData\Roaming\Notepad++ 2014-03-31 22:13 - 2014-03-31 22:13 - 00001065 _____ () C:\Users\Nicholas\Desktop\Notepad++.lnk 2014-03-31 22:13 - 2014-03-31 22:13 - 00000000 ____D () C:\Users\Nicholas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++ 2014-03-31 22:13 - 2014-03-31 22:13 - 00000000 ____D () C:\Program Files (x86)\Notepad++ 2014-03-31 22:11 - 2014-03-31 22:11 - 07624808 _____ () C:\Users\Nicholas\Downloads\npp.6.5.5.Installer.exe 2014-03-31 22:04 - 2014-03-31 22:04 - 00000636 _____ () C:\Users\Nicholas\Desktop\XAMPP Control Panel.lnk 2014-03-31 18:54 - 2014-03-31 18:53 - 00041383 _____ () C:\Users\Nicholas\Downloads\Addition.txt 2014-03-31 18:54 - 2014-03-31 18:51 - 00037838 _____ () C:\Users\Nicholas\Downloads\FRST.txt 2014-03-31 18:51 - 2014-03-31 18:50 - 02157056 _____ (Farbar) C:\Users\Nicholas\Desktop\FRST64.exe 2014-03-31 17:58 - 2014-03-31 17:52 - 121504360 _____ (BitNami) C:\Users\Nicholas\Downloads\xampp-win32-1.8.3-1-vc11-installer.exe 2014-03-27 16:28 - 2014-03-27 16:24 - 00000000 ____D () C:\Users\Nicholas\Documents\Kletterwald 2014-03-27 16:24 - 2014-03-27 16:18 - 00009536 _____ () C:\Users\Nicholas\Downloads\Arbeitszeiten April xxx.xlsx 2014-03-27 13:31 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-03-23 22:41 - 2014-04-03 23:25 - 01038974 _____ (Thisisu) C:\Users\Nicholas\Desktop\JRT_NEW.exe 2014-03-21 22:15 - 2013-10-16 13:14 - 00282296 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr 2014-03-21 22:13 - 2014-03-08 19:04 - 00215128 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0 2014-03-21 11:25 - 2013-09-09 20:12 - 00000000 ____D () C:\Program Files (x86)\Overwolf 2014-03-21 11:20 - 2014-03-21 11:20 - 00000448 _____ () C:\Windows\system32\.crusader 2014-03-19 23:48 - 2013-08-14 23:38 - 00000000 ____D () C:\Windows\system32\MRT 2014-03-19 23:46 - 2013-05-16 23:22 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-03-18 19:40 - 2012-02-05 23:19 - 00000000 ___RD () C:\Users\Nicholas\Desktop\Games 2014-03-17 18:43 - 2014-03-17 18:43 - 00001899 _____ () C:\Users\Public\Desktop\Blender.lnk 2014-03-17 18:43 - 2014-03-17 18:43 - 00000000 ____D () C:\Users\Nicholas\.thumbnails 2014-03-17 18:43 - 2013-05-16 14:38 - 00000000 ____D () C:\Users\Nicholas 2014-03-17 18:42 - 2014-03-17 18:42 - 00000000 ____D () C:\Program Files\Blender Foundation 2014-03-17 18:41 - 2014-03-17 18:34 - 52155552 _____ () C:\Users\Nicholas\Downloads\blender-2.69-windows64.exe 2014-03-17 15:40 - 2013-06-04 14:06 - 00000000 ____D () C:\Users\Nicholas\Documents\my games 2014-03-17 15:26 - 2014-03-17 15:26 - 00000000 ____D () C:\Users\Nicholas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2014-03-17 15:11 - 2013-09-09 20:08 - 00000000 ____D () C:\Users\Nicholas\AppData\Local\TeamSpeak 3 Client 2014-03-15 16:44 - 2014-03-08 17:59 - 00002177 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-03-15 11:28 - 2009-07-14 06:45 - 00417008 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-03-14 23:43 - 2013-05-16 17:45 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-03-14 23:40 - 2014-03-14 23:40 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-03-14 23:40 - 2014-03-14 23:40 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2014-03-11 21:05 - 2013-09-30 19:04 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-03-11 21:05 - 2013-09-30 19:04 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-03-11 21:05 - 2013-09-30 19:04 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-03-11 09:52 - 2013-09-27 10:53 - 00133928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\NisDrvWFP.sys 2014-03-10 15:09 - 2014-03-10 15:09 - 00000000 _____ () C:\Windows\setuperr.log 2014-03-09 17:36 - 2013-04-08 20:06 - 00000000 ___RD () C:\Users\Nicholas\Desktop\Programme 2014-03-09 16:46 - 2013-05-16 15:00 - 00000000 ____D () C:\Windows\Panther 2014-03-09 16:43 - 2014-03-09 16:43 - 00002778 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC 2014-03-09 16:43 - 2014-03-09 16:43 - 00000000 ____D () C:\Program Files\CCleaner 2014-03-09 13:11 - 2014-03-09 13:11 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk 2014-03-09 13:11 - 2014-03-09 13:11 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-03-09 13:11 - 2014-03-09 13:11 - 00000000 ____D () C:\Users\Nicholas\AppData\Local\Skype 2014-03-09 13:11 - 2013-05-16 16:12 - 00000000 ____D () C:\ProgramData\Skype 2014-03-08 18:36 - 2012-06-29 00:15 - 00000000 ____D () C:\Users\Nicholas\Desktop\Müll 2014-03-08 18:31 - 2014-03-08 18:30 - 00714207 _____ () C:\Users\Nicholas\Downloads\pbsetup (2).zip 2014-03-08 18:11 - 2014-03-08 18:11 - 00000000 ____D () C:\ProgramData\Licenses 2014-03-08 18:11 - 2014-03-08 18:11 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster 2014-03-08 18:10 - 2014-03-08 18:10 - 04095448 _____ (BrightFort LLC ) C:\Users\Nicholas\Downloads\spywareblastersetup50.exe 2014-03-08 17:59 - 2013-05-16 15:10 - 00000000 ____D () C:\Users\Nicholas\AppData\Local\Google 2014-03-08 17:59 - 2013-05-16 15:10 - 00000000 ____D () C:\Program Files (x86)\Google 2014-03-08 16:53 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy 2014-03-08 16:30 - 2014-03-08 16:30 - 00001427 _____ () C:\Users\Nicholas\Desktop\Internet Explorer.lnk 2014-03-08 10:26 - 2014-03-08 10:25 - 00001488 _____ () C:\DelFix.txt 2014-03-08 10:25 - 2014-03-06 18:24 - 00000000 ____D () C:\Windows\ERUNT 2014-03-08 04:06 - 2013-10-16 23:42 - 01593044 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-03-07 20:35 - 2014-03-07 20:23 - 00000000 ____D () C:\ProgramData\HitmanPro 2014-03-07 20:24 - 2014-03-07 20:24 - 00000000 ____D () C:\Program Files\HitmanPro 2014-03-07 20:17 - 2014-03-07 20:16 - 10820032 _____ (SurfRight B.V.) C:\Users\Nicholas\Downloads\HitmanPro_x64.exe 2014-03-07 17:04 - 2013-05-16 15:43 - 00000000 _____ () C:\Windows\SysWOW64\config.nt 2014-03-07 17:04 - 2013-05-16 15:42 - 00000000 ____D () C:\ProgramData\AVAST Software 2014-03-07 17:04 - 2013-05-16 15:42 - 00000000 ____D () C:\Program Files\AVAST Software 2014-03-07 16:54 - 2014-02-21 18:00 - 18223998 _____ () C:\Windows\system32\SavingsBullFilterService.log 2014-03-07 16:48 - 2014-03-07 16:46 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Nicholas\Downloads\mbam-setup-1.75.0.1300.exe 2014-03-07 16:45 - 2014-03-07 16:44 - 04621127 _____ (Malwarebytes Corporation ) C:\Users\Nicholas\Downloads\Nicht bestätigt 111287.crdownload 2014-03-07 15:23 - 2014-03-07 15:23 - 00003254 _____ () C:\Windows\System32\Tasks\{A9235925-6F65-472B-B7D2-8461164FAAC4} 2014-03-07 14:40 - 2014-03-07 14:40 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi 2014-03-07 14:40 - 2013-11-18 15:16 - 00000928 _____ () C:\Users\Public\Desktop\LogMeIn Hamachi.lnk 2014-03-07 14:35 - 2013-10-16 13:14 - 00000000 ____D () C:\Users\Nicholas\Documents\BFBC2 2014-03-07 14:35 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration 2014-03-07 14:35 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat 2014-03-07 14:31 - 2013-04-08 17:23 - 00000000 __RHD () C:\MSOCache 2014-03-06 17:41 - 2014-03-06 17:41 - 00638531 _____ () C:\Users\Nicholas\Downloads\Pascal_Zeugnis.zip 2014-03-05 09:26 - 2014-04-03 22:05 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-03-05 09:26 - 2014-04-03 22:05 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-03-05 09:26 - 2014-03-07 16:49 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-03-04 17:43 - 2014-03-04 16:32 - 00000000 ____D () C:\Users\Nicholas\Documents\Unversität_fh_da 2014-03-04 16:34 - 2013-11-27 15:19 - 00334278 _____ () C:\Users\Nicholas\Downloads\Mod162Loader.zip 2014-03-04 16:34 - 2013-10-15 19:12 - 00655558 _____ () C:\Users\Nicholas\Downloads\Outlook.zip Some content of TEMP: ==================== C:\Users\Nicholas\AppData\Local\Temp\Foxit Reader Updater.exe C:\Users\Nicholas\AppData\Local\Temp\Quarantine.exe C:\Users\Nicholas\AppData\Local\Temp\xmlUpdater.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-03-31 14:24 ==================== End Of Log ============================ LG NicNic |
|
04.04.2014, 11:57
| #6 |
| /// the machine /// TB-Ausbilder | Chip Downloadbutton sieht anders ausESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ --> Chip Downloadbutton sieht anders aus |
|
05.04.2014, 10:18
| #7 |
| | Chip Downloadbutton sieht anders aus Hier sind die Daten: ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=ed60421e6932c94aa45b32f2068078eb # engine=17763 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2014-04-05 04:00:35 # local_time=2014-04-05 06:00:35 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=5893 16776574 100 94 2474203 148300285 0 0 # scanned=437730 # found=1 # cleaned=0 # scan_time=17983 sh=6205DDE47C041E3B67EFC540F89F24344835EE11 ft=0 fh=0000000000000000 vn="Win32/AdWare.Adpeak.B application" ac=I fn="C:\Windows\Installer\122245d.msi" und Results of screen317's Security Check version 0.99.80 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Microsoft Security Essentials Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` SpywareBlaster 5.0 Java 7 Update 51 Adobe Reader XI Google Chrome 33.0.1750.146 Google Chrome 33.0.1750.154 ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Malwarebytes Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` und FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 Ran by Nicholas (administrator) on NICHOLAS-PC on 05-04-2014 11:16:54 Running from C:\Users\Nicholas\Desktop\Programme\Anti-Virenprogramme Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials ==================== Processes (Whitelisted) ================= (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (AMD) C:\Windows\system32\atiesrxx.exe (SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe (AMD) C:\Windows\system32\atieclxx.exe () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe (CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Microsoft Corporation) C:\Windows\splwow64.exe (Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2779024 2011-03-14] (CANON INC.) HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation) HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-08-25] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [WinampAgent] - C:\Program Files (x86)\Winamp\winampa.exe [74752 2012-06-20] (Nullsoft, Inc.) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [CanonSolutionMenuEx] - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1612920 2011-08-04] (CANON INC.) HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] - C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2011-01-15] (CANON INC.) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3814736 2014-02-26] (LogMeIn Inc.) HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2013-05-17] (Microsoft Corporation) HKU\S-1-5-21-3026057269-3263426269-3197033770-1000\...\Run: [GoogleDriveSync] - C:\Program Files (x86)\Google\Drive\googledrivesync.exe [21822128 2014-01-30] (Google) HKU\S-1-5-21-3026057269-3263426269-3197033770-1000\...\Run: [RGSC] - C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent HKU\S-1-5-21-3026057269-3263426269-3197033770-1000\...\Run: [Overwolf] - C:\Program Files (x86)\Overwolf\Overwolf.exe [37664 2014-03-05] (Overwolf LTD) HKU\S-1-5-21-3026057269-3263426269-3197033770-1000\...\Run: [Steam] - C:\Program Files (x86)\Steam\steam.exe [1821888 2014-02-25] (Valve Corporation) HKU\S-1-5-21-3026057269-3263426269-3197033770-1000\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login. HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF05D33963652CE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll (CANON INC.) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll (CANON INC.) Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Chrome: ======= CHR HomePage: hxxp://www.youtube.com/ CHR Extension: (Google Docs) - C:\Users\Nicholas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-08] CHR Extension: (Google Drive) - C:\Users\Nicholas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-08] CHR Extension: (YouTube) - C:\Users\Nicholas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-08] CHR Extension: (Adblock Plus) - C:\Users\Nicholas\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-03-08] CHR Extension: (Google-Suche) - C:\Users\Nicholas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-08] CHR Extension: (avast! Online Security) - C:\Users\Nicholas\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-03-08] CHR Extension: (Boat_Sunset) - C:\Users\Nicholas\AppData\Local\Google\Chrome\User Data\Default\Extensions\iaifmdmjlhjgijopdldipdaaceimpbie [2014-03-08] CHR Extension: (Google Wallet) - C:\Users\Nicholas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-08] CHR Extension: (Mein Chrome-Design) - C:\Users\Nicholas\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic [2014-03-08] CHR Extension: (Google Mail) - C:\Users\Nicholas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-08] ==================== Services (Whitelisted) ================= R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-03-31] (SurfRight B.V.) R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [138192 2011-02-07] () R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-02-26] (LogMeIn, Inc.) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation) R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation) R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation) S3 OverwolfUpdaterService; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [99616 2014-03-05] (Overwolf LTD) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-04-03] () ==================== Drivers (Whitelisted) ==================== R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-05] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation) R1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [61592 2013-12-17] (NetFilterSDK.com) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation) S3 StMp3Recx64; C:\Windows\System32\Drivers\StMp3Recx64.sys [26112 2007-01-12] (Generic) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-05 11:06 - 2014-04-05 11:06 - 00987442 _____ () C:\Users\Nicholas\Desktop\SecurityCheck.exe 2014-04-05 11:04 - 2014-04-05 11:04 - 00001108 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-04-05 00:55 - 2014-04-05 00:55 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-04-05 00:54 - 2014-04-05 00:54 - 02347384 _____ (ESET) C:\Users\Nicholas\Downloads\esetsmartinstaller_enu.exe 2014-04-04 20:58 - 2014-04-04 20:58 - 00001196 _____ () C:\Users\Public\Desktop\Dead Space.lnk 2014-04-04 15:45 - 2014-04-04 15:45 - 00001580 _____ () C:\Users\Nicholas\Desktop\Uplay.lnk 2014-04-04 15:44 - 2014-04-04 15:45 - 00000000 ____D () C:\Program Files (x86)\Origin Games 2014-04-04 15:43 - 2014-04-04 15:44 - 00000000 ____D () C:\Users\Nicholas\AppData\Roaming\Origin 2014-04-04 15:43 - 2014-04-04 15:44 - 00000000 ____D () C:\Users\Nicholas\AppData\Local\Origin 2014-04-04 15:39 - 2014-04-05 00:58 - 00000000 ____D () C:\ProgramData\Origin 2014-04-04 15:39 - 2014-04-04 15:43 - 00000000 ____D () C:\Program Files (x86)\Origin 2014-04-04 15:39 - 2014-04-04 15:39 - 00000985 _____ () C:\Users\Public\Desktop\Origin.lnk 2014-04-04 15:37 - 2014-04-04 15:38 - 17009704 _____ (Electronic Arts, Inc.) C:\Users\Nicholas\Downloads\OriginThinSetup.exe 2014-04-04 15:25 - 2014-04-04 15:25 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-04-03 22:08 - 2014-04-05 11:05 - 00000000 ____D () C:\Users\Nicholas\Desktop\Posten 2014-04-03 22:06 - 2014-04-05 11:05 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-03 22:05 - 2014-04-05 11:04 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-04-03 22:05 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-04-03 22:05 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-04-03 22:04 - 2014-04-03 22:05 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Nicholas\Downloads\mbam-setup-2.0.0.1000.exe 2014-03-31 22:13 - 2014-04-01 00:00 - 00000000 ____D () C:\Users\Nicholas\AppData\Roaming\Notepad++ 2014-03-31 22:13 - 2014-03-31 22:13 - 00000000 ____D () C:\Users\Nicholas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++ 2014-03-31 22:13 - 2014-03-31 22:13 - 00000000 ____D () C:\Program Files (x86)\Notepad++ 2014-03-31 22:11 - 2014-03-31 22:11 - 07624808 _____ () C:\Users\Nicholas\Downloads\npp.6.5.5.Installer.exe 2014-03-31 22:02 - 2014-04-01 00:17 - 00000000 ____D () C:\xampp 2014-03-31 18:53 - 2014-03-31 18:54 - 00041383 _____ () C:\Users\Nicholas\Downloads\Addition.txt 2014-03-31 18:51 - 2014-04-05 11:16 - 00000000 ____D () C:\FRST 2014-03-31 18:51 - 2014-03-31 18:54 - 00037838 _____ () C:\Users\Nicholas\Downloads\FRST.txt 2014-03-31 17:52 - 2014-03-31 17:58 - 121504360 _____ (BitNami) C:\Users\Nicholas\Downloads\xampp-win32-1.8.3-1-vc11-installer.exe 2014-03-27 16:24 - 2014-03-27 16:28 - 00000000 ____D () C:\Users\Nicholas\Documents\Kletterwald 2014-03-27 16:18 - 2014-03-27 16:24 - 00009536 _____ () C:\Users\Nicholas\Downloads\Arbeitszeiten April xxx.xlsx 2014-03-21 11:20 - 2014-03-21 11:20 - 00000448 _____ () C:\Windows\system32\.crusader 2014-03-18 21:32 - 2014-04-04 20:52 - 00073350 _____ () C:\Windows\DirectX.log 2014-03-17 18:43 - 2014-03-17 18:43 - 00000000 ____D () C:\Users\Nicholas\.thumbnails 2014-03-17 18:42 - 2014-03-17 18:42 - 00000000 ____D () C:\Program Files\Blender Foundation 2014-03-17 18:34 - 2014-03-17 18:41 - 52155552 _____ () C:\Users\Nicholas\Downloads\blender-2.69-windows64.exe 2014-03-17 15:26 - 2014-03-17 15:26 - 00000000 ____D () C:\Users\Nicholas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2014-03-14 23:40 - 2014-03-14 23:40 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-03-14 23:40 - 2014-03-14 23:40 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2014-03-14 19:25 - 2014-03-01 08:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-03-14 19:25 - 2014-03-01 07:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-03-14 19:25 - 2014-03-01 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-03-14 19:25 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-03-14 19:25 - 2014-03-01 06:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-03-14 19:25 - 2014-03-01 06:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-03-14 19:25 - 2014-03-01 06:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-03-14 19:25 - 2014-03-01 06:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-03-14 19:25 - 2014-03-01 06:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-03-14 19:25 - 2014-03-01 06:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-03-14 19:25 - 2014-03-01 06:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-03-14 19:25 - 2014-03-01 06:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-03-14 19:25 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-03-14 19:25 - 2014-03-01 06:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-03-14 19:25 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-03-14 19:25 - 2014-03-01 06:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-03-14 19:25 - 2014-03-01 06:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-03-14 19:25 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-03-14 19:25 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-03-14 19:25 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-03-14 19:25 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-03-14 19:25 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-03-14 19:25 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-03-14 19:25 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-03-14 19:25 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-03-14 19:25 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-03-14 19:25 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-03-14 19:25 - 2014-03-01 05:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-03-14 19:25 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-03-14 19:25 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-03-14 19:25 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-03-14 19:25 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-03-14 19:25 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-03-14 19:25 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-03-14 19:25 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-03-14 19:25 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-03-14 19:25 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-03-14 19:25 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-03-14 19:25 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-03-14 19:25 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-03-14 19:25 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-03-14 19:25 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll 2014-03-14 19:25 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll 2014-03-14 19:25 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll 2014-03-14 19:22 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-03-14 19:22 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2014-03-14 19:21 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-03-14 19:21 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2014-03-10 15:09 - 2014-04-04 15:21 - 00002800 _____ () C:\Windows\setupact.log 2014-03-10 15:09 - 2014-04-03 22:30 - 00001300 _____ () C:\Windows\PFRO.log 2014-03-10 15:09 - 2014-03-10 15:09 - 00000000 _____ () C:\Windows\setuperr.log 2014-03-09 16:43 - 2014-03-09 16:43 - 00002778 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC 2014-03-09 16:43 - 2014-03-09 16:43 - 00000000 ____D () C:\Program Files\CCleaner 2014-03-09 13:11 - 2014-03-09 13:11 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk 2014-03-09 13:11 - 2014-03-09 13:11 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-03-09 13:11 - 2014-03-09 13:11 - 00000000 ____D () C:\Users\Nicholas\AppData\Local\Skype 2014-03-08 19:04 - 2014-04-04 15:49 - 00281688 _____ () C:\Windows\SysWOW64\PnkBstrB.exe 2014-03-08 19:04 - 2014-04-03 23:52 - 00281688 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0 2014-03-08 19:04 - 2014-04-03 23:37 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe 2014-03-08 18:30 - 2014-03-08 18:31 - 00714207 _____ () C:\Users\Nicholas\Downloads\pbsetup (2).zip 2014-03-08 18:11 - 2014-03-08 18:11 - 00000000 ____D () C:\ProgramData\Licenses 2014-03-08 18:11 - 2014-03-08 18:11 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster 2014-03-08 18:11 - 2009-03-24 13:52 - 00129872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSSTDFMT.DLL 2014-03-08 18:10 - 2014-03-08 18:10 - 04095448 _____ (BrightFort LLC ) C:\Users\Nicholas\Downloads\spywareblastersetup50.exe 2014-03-08 17:59 - 2014-03-15 16:44 - 00002177 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-03-08 16:30 - 2014-03-08 16:30 - 00001427 _____ () C:\Users\Nicholas\Desktop\Internet Explorer.lnk 2014-03-08 16:08 - 2014-04-03 23:18 - 00000000 ____D () C:\AdwCleaner 2014-03-08 10:25 - 2014-03-08 10:26 - 00001488 _____ () C:\DelFix.txt 2014-03-07 20:24 - 2014-03-07 20:24 - 00000000 ____D () C:\Program Files\HitmanPro 2014-03-07 20:23 - 2014-03-07 20:35 - 00000000 ____D () C:\ProgramData\HitmanPro 2014-03-07 20:16 - 2014-03-07 20:17 - 10820032 _____ (SurfRight B.V.) C:\Users\Nicholas\Downloads\HitmanPro_x64.exe 2014-03-07 16:49 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-03-07 16:46 - 2014-03-07 16:48 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Nicholas\Downloads\mbam-setup-1.75.0.1300.exe 2014-03-07 16:44 - 2014-03-07 16:45 - 04621127 _____ (Malwarebytes Corporation ) C:\Users\Nicholas\Downloads\Nicht bestätigt 111287.crdownload 2014-03-07 15:24 - 2014-04-03 17:37 - 00001912 _____ () C:\Windows\epplauncher.mif 2014-03-07 15:24 - 2014-04-03 17:37 - 00000000 ____D () C:\Program Files\Microsoft Security Client 2014-03-07 15:24 - 2014-04-03 17:37 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client 2014-03-07 15:23 - 2014-03-07 15:23 - 00003254 _____ () C:\Windows\System32\Tasks\{A9235925-6F65-472B-B7D2-8461164FAAC4} 2014-03-07 14:40 - 2014-03-07 14:40 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi 2014-03-06 22:24 - 2014-04-03 22:05 - 00000000 ____D () C:\Users\Nicholas\AppData\Roaming\Malwarebytes 2014-03-06 22:23 - 2014-04-03 22:05 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-03-06 18:24 - 2014-03-08 10:25 - 00000000 ____D () C:\Windows\ERUNT 2014-03-06 17:41 - 2014-03-06 17:41 - 00638531 _____ () C:\Users\Nicholas\Downloads\Pascal_Zeugnis.zip ==================== One Month Modified Files and Folders ======= 2014-04-05 11:16 - 2014-03-31 18:51 - 00000000 ____D () C:\FRST 2014-04-05 11:06 - 2014-04-05 11:06 - 00987442 _____ () C:\Users\Nicholas\Desktop\SecurityCheck.exe 2014-04-05 11:05 - 2014-04-03 22:08 - 00000000 ____D () C:\Users\Nicholas\Desktop\Posten 2014-04-05 11:05 - 2014-04-03 22:06 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-05 11:04 - 2014-04-05 11:04 - 00001108 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-04-05 11:04 - 2014-04-03 22:05 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-04-05 11:02 - 2013-09-30 19:04 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-04-05 10:46 - 2013-05-16 15:10 - 00001114 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-04-05 10:44 - 2013-05-16 14:07 - 02040800 _____ () C:\Windows\WindowsUpdate.log 2014-04-05 00:58 - 2014-04-04 15:39 - 00000000 ____D () C:\ProgramData\Origin 2014-04-05 00:58 - 2013-09-30 18:50 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-04-05 00:58 - 2013-05-16 16:12 - 00000000 ____D () C:\Users\Nicholas\AppData\Roaming\Skype 2014-04-05 00:55 - 2014-04-05 00:55 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-04-05 00:54 - 2014-04-05 00:54 - 02347384 _____ (ESET) C:\Users\Nicholas\Downloads\esetsmartinstaller_enu.exe 2014-04-04 20:58 - 2014-04-04 20:58 - 00001196 _____ () C:\Users\Public\Desktop\Dead Space.lnk 2014-04-04 20:54 - 2013-05-16 15:10 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-04-04 20:52 - 2014-03-18 21:32 - 00073350 _____ () C:\Windows\DirectX.log 2014-04-04 15:49 - 2014-03-08 19:04 - 00281688 _____ () C:\Windows\SysWOW64\PnkBstrB.exe 2014-04-04 15:49 - 2013-10-16 13:14 - 00281688 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr 2014-04-04 15:47 - 2013-04-08 20:06 - 00000000 ___RD () C:\Users\Nicholas\Desktop\Programme 2014-04-04 15:47 - 2012-06-29 00:15 - 00000000 ____D () C:\Users\Nicholas\Desktop\Müll 2014-04-04 15:45 - 2014-04-04 15:45 - 00001580 _____ () C:\Users\Nicholas\Desktop\Uplay.lnk 2014-04-04 15:45 - 2014-04-04 15:44 - 00000000 ____D () C:\Program Files (x86)\Origin Games 2014-04-04 15:44 - 2014-04-04 15:43 - 00000000 ____D () C:\Users\Nicholas\AppData\Roaming\Origin 2014-04-04 15:44 - 2014-04-04 15:43 - 00000000 ____D () C:\Users\Nicholas\AppData\Local\Origin 2014-04-04 15:43 - 2014-04-04 15:39 - 00000000 ____D () C:\Program Files (x86)\Origin 2014-04-04 15:39 - 2014-04-04 15:39 - 00000985 _____ () C:\Users\Public\Desktop\Origin.lnk 2014-04-04 15:38 - 2014-04-04 15:37 - 17009704 _____ (Electronic Arts, Inc.) C:\Users\Nicholas\Downloads\OriginThinSetup.exe 2014-04-04 15:29 - 2009-07-14 06:45 - 00016704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-04-04 15:29 - 2009-07-14 06:45 - 00016704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-04-04 15:27 - 2009-07-14 19:58 - 00699190 _____ () C:\Windows\system32\perfh007.dat 2014-04-04 15:27 - 2009-07-14 19:58 - 00149330 _____ () C:\Windows\system32\perfc007.dat 2014-04-04 15:27 - 2009-07-14 07:13 - 01619700 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-04 15:25 - 2014-04-04 15:25 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-04-04 15:22 - 2013-11-18 15:16 - 00000000 ____D () C:\Users\Nicholas\AppData\Local\LogMeIn Hamachi 2014-04-04 15:22 - 2013-09-09 20:09 - 00000000 ____D () C:\Users\Nicholas\AppData\Local\Overwolf 2014-04-04 15:22 - 2013-05-16 15:47 - 00000000 ___RD () C:\Users\Nicholas\Google Drive 2014-04-04 15:21 - 2014-03-10 15:09 - 00002800 _____ () C:\Windows\setupact.log 2014-04-04 15:21 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-03 23:52 - 2014-03-08 19:04 - 00281688 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0 2014-04-03 23:52 - 2013-10-16 13:14 - 00000000 ____D () C:\Users\Nicholas\AppData\Local\PunkBuster 2014-04-03 23:51 - 2013-06-04 14:06 - 00000000 ____D () C:\Users\Nicholas\Documents\my games 2014-04-03 23:37 - 2014-03-08 19:04 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe 2014-04-03 23:18 - 2014-03-08 16:08 - 00000000 ____D () C:\AdwCleaner 2014-04-03 22:30 - 2014-03-10 15:09 - 00001300 _____ () C:\Windows\PFRO.log 2014-04-03 22:27 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\L2Schemas 2014-04-03 22:05 - 2014-04-03 22:04 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Nicholas\Downloads\mbam-setup-2.0.0.1000.exe 2014-04-03 22:05 - 2014-03-06 22:24 - 00000000 ____D () C:\Users\Nicholas\AppData\Roaming\Malwarebytes 2014-04-03 22:05 - 2014-03-06 22:23 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-04-03 20:41 - 2013-05-16 15:10 - 00004110 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-04-03 20:41 - 2013-05-16 15:10 - 00003858 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-04-03 17:37 - 2014-03-07 15:24 - 00001912 _____ () C:\Windows\epplauncher.mif 2014-04-03 17:37 - 2014-03-07 15:24 - 00000000 ____D () C:\Program Files\Microsoft Security Client 2014-04-03 17:37 - 2014-03-07 15:24 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client 2014-04-03 09:51 - 2014-04-03 22:05 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-04-03 09:51 - 2014-04-03 22:05 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-04-03 09:50 - 2014-03-07 16:49 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-04-01 22:48 - 2013-09-09 20:09 - 00000000 ____D () C:\Users\Nicholas\AppData\Roaming\TS3Client 2014-04-01 14:10 - 2013-05-16 16:16 - 00000000 ____D () C:\Users\Nicholas\AppData\Roaming\Winamp 2014-04-01 00:18 - 2014-01-25 14:27 - 00000000 ____D () C:\ProgramData\CanonIJPLM 2014-04-01 00:17 - 2014-03-31 22:02 - 00000000 ____D () C:\xampp 2014-04-01 00:00 - 2014-03-31 22:13 - 00000000 ____D () C:\Users\Nicholas\AppData\Roaming\Notepad++ 2014-03-31 22:13 - 2014-03-31 22:13 - 00000000 ____D () C:\Users\Nicholas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++ 2014-03-31 22:13 - 2014-03-31 22:13 - 00000000 ____D () C:\Program Files (x86)\Notepad++ 2014-03-31 22:11 - 2014-03-31 22:11 - 07624808 _____ () C:\Users\Nicholas\Downloads\npp.6.5.5.Installer.exe 2014-03-31 18:54 - 2014-03-31 18:53 - 00041383 _____ () C:\Users\Nicholas\Downloads\Addition.txt 2014-03-31 18:54 - 2014-03-31 18:51 - 00037838 _____ () C:\Users\Nicholas\Downloads\FRST.txt 2014-03-31 17:58 - 2014-03-31 17:52 - 121504360 _____ (BitNami) C:\Users\Nicholas\Downloads\xampp-win32-1.8.3-1-vc11-installer.exe 2014-03-27 16:28 - 2014-03-27 16:24 - 00000000 ____D () C:\Users\Nicholas\Documents\Kletterwald 2014-03-27 16:24 - 2014-03-27 16:18 - 00009536 _____ () C:\Users\Nicholas\Downloads\Arbeitszeiten April xxx.xlsx 2014-03-27 13:31 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-03-21 11:25 - 2013-09-09 20:12 - 00000000 ____D () C:\Program Files (x86)\Overwolf 2014-03-21 11:20 - 2014-03-21 11:20 - 00000448 _____ () C:\Windows\system32\.crusader 2014-03-19 23:48 - 2013-08-14 23:38 - 00000000 ____D () C:\Windows\system32\MRT 2014-03-19 23:46 - 2013-05-16 23:22 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-03-18 19:40 - 2012-02-05 23:19 - 00000000 ___RD () C:\Users\Nicholas\Desktop\Games 2014-03-17 18:43 - 2014-03-17 18:43 - 00000000 ____D () C:\Users\Nicholas\.thumbnails 2014-03-17 18:43 - 2013-05-16 14:38 - 00000000 ____D () C:\Users\Nicholas 2014-03-17 18:42 - 2014-03-17 18:42 - 00000000 ____D () C:\Program Files\Blender Foundation 2014-03-17 18:41 - 2014-03-17 18:34 - 52155552 _____ () C:\Users\Nicholas\Downloads\blender-2.69-windows64.exe 2014-03-17 15:26 - 2014-03-17 15:26 - 00000000 ____D () C:\Users\Nicholas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2014-03-17 15:11 - 2013-09-09 20:08 - 00000000 ____D () C:\Users\Nicholas\AppData\Local\TeamSpeak 3 Client 2014-03-15 16:44 - 2014-03-08 17:59 - 00002177 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-03-15 11:28 - 2009-07-14 06:45 - 00417008 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-03-14 23:43 - 2013-05-16 17:45 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-03-14 23:40 - 2014-03-14 23:40 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-03-14 23:40 - 2014-03-14 23:40 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2014-03-11 21:05 - 2013-09-30 19:04 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-03-11 21:05 - 2013-09-30 19:04 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-03-11 21:05 - 2013-09-30 19:04 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-03-11 09:52 - 2013-09-27 10:53 - 00133928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\NisDrvWFP.sys 2014-03-10 15:09 - 2014-03-10 15:09 - 00000000 _____ () C:\Windows\setuperr.log 2014-03-09 16:46 - 2013-05-16 15:00 - 00000000 ____D () C:\Windows\Panther 2014-03-09 16:43 - 2014-03-09 16:43 - 00002778 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC 2014-03-09 16:43 - 2014-03-09 16:43 - 00000000 ____D () C:\Program Files\CCleaner 2014-03-09 13:11 - 2014-03-09 13:11 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk 2014-03-09 13:11 - 2014-03-09 13:11 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-03-09 13:11 - 2014-03-09 13:11 - 00000000 ____D () C:\Users\Nicholas\AppData\Local\Skype 2014-03-09 13:11 - 2013-05-16 16:12 - 00000000 ____D () C:\ProgramData\Skype 2014-03-08 18:31 - 2014-03-08 18:30 - 00714207 _____ () C:\Users\Nicholas\Downloads\pbsetup (2).zip 2014-03-08 18:11 - 2014-03-08 18:11 - 00000000 ____D () C:\ProgramData\Licenses 2014-03-08 18:11 - 2014-03-08 18:11 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster 2014-03-08 18:10 - 2014-03-08 18:10 - 04095448 _____ (BrightFort LLC ) C:\Users\Nicholas\Downloads\spywareblastersetup50.exe 2014-03-08 17:59 - 2013-05-16 15:10 - 00000000 ____D () C:\Users\Nicholas\AppData\Local\Google 2014-03-08 17:59 - 2013-05-16 15:10 - 00000000 ____D () C:\Program Files (x86)\Google 2014-03-08 16:53 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy 2014-03-08 16:30 - 2014-03-08 16:30 - 00001427 _____ () C:\Users\Nicholas\Desktop\Internet Explorer.lnk 2014-03-08 10:26 - 2014-03-08 10:25 - 00001488 _____ () C:\DelFix.txt 2014-03-08 10:25 - 2014-03-06 18:24 - 00000000 ____D () C:\Windows\ERUNT 2014-03-08 04:06 - 2013-10-16 23:42 - 01593044 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-03-07 20:35 - 2014-03-07 20:23 - 00000000 ____D () C:\ProgramData\HitmanPro 2014-03-07 20:24 - 2014-03-07 20:24 - 00000000 ____D () C:\Program Files\HitmanPro 2014-03-07 20:17 - 2014-03-07 20:16 - 10820032 _____ (SurfRight B.V.) C:\Users\Nicholas\Downloads\HitmanPro_x64.exe 2014-03-07 17:04 - 2013-05-16 15:43 - 00000000 _____ () C:\Windows\SysWOW64\config.nt 2014-03-07 17:04 - 2013-05-16 15:42 - 00000000 ____D () C:\ProgramData\AVAST Software 2014-03-07 17:04 - 2013-05-16 15:42 - 00000000 ____D () C:\Program Files\AVAST Software 2014-03-07 16:54 - 2014-02-21 18:00 - 18223998 _____ () C:\Windows\system32\SavingsBullFilterService.log 2014-03-07 16:48 - 2014-03-07 16:46 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Nicholas\Downloads\mbam-setup-1.75.0.1300.exe 2014-03-07 16:45 - 2014-03-07 16:44 - 04621127 _____ (Malwarebytes Corporation ) C:\Users\Nicholas\Downloads\Nicht bestätigt 111287.crdownload 2014-03-07 15:23 - 2014-03-07 15:23 - 00003254 _____ () C:\Windows\System32\Tasks\{A9235925-6F65-472B-B7D2-8461164FAAC4} 2014-03-07 14:40 - 2014-03-07 14:40 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi 2014-03-07 14:40 - 2013-11-18 15:16 - 00000928 _____ () C:\Users\Public\Desktop\LogMeIn Hamachi.lnk 2014-03-07 14:35 - 2013-10-16 13:14 - 00000000 ____D () C:\Users\Nicholas\Documents\BFBC2 2014-03-07 14:35 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration 2014-03-07 14:35 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat 2014-03-07 14:31 - 2013-04-08 17:23 - 00000000 __RHD () C:\MSOCache 2014-03-06 17:41 - 2014-03-06 17:41 - 00638531 _____ () C:\Users\Nicholas\Downloads\Pascal_Zeugnis.zip Some content of TEMP: ==================== C:\Users\Nicholas\AppData\Local\Temp\Foxit Reader Updater.exe C:\Users\Nicholas\AppData\Local\Temp\Quarantine.exe C:\Users\Nicholas\AppData\Local\Temp\xmlUpdater.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-03-31 14:24 ==================== End Of Log ============================ Der seltsame Downloadbutton auf chip ist leider immer noch nicht weg...  LG NicNic |
|
06.04.2014, 07:46
| #8 |
| /// the machine /// TB-Ausbilder | Chip Downloadbutton sieht anders aus in allen Browsern, auf mehreren Rechnern im Netz?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
10.04.2014, 14:48
| #9 |
| | Chip Downloadbutton sieht anders aus Ja, genau und das seltsame an der Sache ist auch noch, dass manchmal der normale Downloadbutton von Chip angezeigt wird, bei dem dann der Download auch ganz normal funktioniert und eben der gefälschte Button, bei dem ich auf eine andere weitere Chipseite verlinkt werde. Dort steht dann die Anweisung, wie ich das heruntergeladene Programm installiere, während dessen läuft auch schon der Download. Normaler Weise muss nach dem ersten Klick auf Download noch ein weiteres mal auf Download geklickt werden. Das ist dann hier eben nicht der Fall mit dem gefälschten Downloadbutton. LG NicNic |
|
11.04.2014, 06:46
| #10 |
| /// the machine /// TB-Ausbilder | Chip Downloadbutton sieht anders aus Es ist wirklich auf mehreren Rechnern im Netz so? Wenn ja Router auf Werkseinstellungen zurücksetzen.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
11.04.2014, 16:02
| #11 |
| | Chip Downloadbutton sieht anders aus Ja, bei mir und bei meinem Vater auf dem PC. OK, also bedeutet das, dass der Virus auf der Fritzbox ist? Wenn ja, wie kann das sein? Denn alle Sicherheitsupdates wurden gemacht...was könnte ich eventuell verbessern an der Fritzbox, damit sowas nicht mehr passiert? LG NicNic |
|
13.04.2014, 16:28
| #12 |
| /// the machine /// TB-Ausbilder | Chip Downloadbutton sieht anders aus Möglich. Vielleicht war das schon vor dem Update so, und das Update ändert das nicht mehr. Erst mal versuchen und melden ob es geklappt hat.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
17.04.2014, 10:37
| #13 |
| | Chip Downloadbutton sieht anders aus Ich denke nun, dass es wohl eher nicht an der Fritzbox liegt, mein Downloadbutton sieht jetzt schon wieder anders aus. Jedoch habe ich es einfach getestet etwas zu installieren, da ich iwo im Internet gelesen habe, dass Chip einfach nur den Download erleichtern wollte. Es hat dann auch einwandfrei funktioniert. Habe meinen Rechner bei einem Bekannten im Netz angeschlossen und danach war bei ihm auch dieser neue Downloadbutton, welcher auch der Auslöser war, für meinen Download von der Chip-Seite(von dem ich oben gesprochen habe). Leider haben wir nicht vorher geprüft, ob dieser neue Button schon vorher auf dem Rechner meines Bekannten war. Jedenfalls zweifel ich nun, ob es sich hierbei tatsächlich um einen Virus handelt, nach dem alles so einwandfrei funktioniert hat... Das einzige, was mir aufgefallen ist, war dass beim ESET-Scan, den ich hier auch gepostet habe, mir einen Datei als verdächtig angezeigt wurde, nämlich SavingsBull(.dll). Leider weiß ich nicht mehr, ob es wirklich eine .dll war, da bin ich mir nicht mehr sicher. Auf jeden Fall habe ich diese Datei schon mehr mals entfernt, als ich den Virus hatte und er schlich sich immer wieder ein. Ob er jetzt noch da ist weiß ich nicht mehr. Vielleicht kannst du ja mit einer SavingsBull.dll was anfangen... Gruß Nic Nic |
|
18.04.2014, 09:47
| #14 |
| /// the machine /// TB-Ausbilder | Chip Downloadbutton sieht anders aus Das einzige was ich dir sagen ist dass der Button bei mir immer noch so aussieht wie immer. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\Windows\Installer\122245d.msi
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Chip Downloadbutton sieht anders aus |
| anti, antworten, anzeige, anzeigen, blau, browser, chip, chip.de, cleaner, explorer, fritzbox, gesucht, google, internet, internet explorer, javascript, kleine, link, malware, maus, neu, nicht mehr, problem, rechner, sicherheitslücke, standard |
