Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: [Win7] Eingabeaufforderung/CMD schließt sich sodort nach dem Öfnen

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 09.04.2014, 13:46   #1
Herdringen
 
[Win7] Eingabeaufforderung/CMD schließt sich sodort nach dem Öfnen - Icon17

[Win7] Eingabeaufforderung/CMD schließt sich sodort nach dem Öfnen



Hallo Leute,

ich habe vor kurzen bei einer Instalation gemerkt das sie versucht CMD zu nutzen es aber nicht will, habe es dann manuel nochmal probiert klapte auch net. Darauf hin habe ich dann versuch was dagegn zu tuen mit einem Program namens " Malwarebytes Anti-Malware " hatt auch nen haufen beseitigt aber anscheinen nicht das Richtige hier das Archiv.

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org


Protection, 08.04.2014 21:02:41, SYSTEM, CHRISTOPHER-PC, Protection, Malware Protection, Starting, 
Protection, 08.04.2014 21:02:41, SYSTEM, CHRISTOPHER-PC, Protection, Malware Protection, Started, 
Protection, 08.04.2014 21:02:41, SYSTEM, CHRISTOPHER-PC, Protection, Malicious Website Protection, Starting, 
Update, 08.04.2014 21:02:44, SYSTEM, CHRISTOPHER-PC, Manual, Rootkit Database, 2014.2.20.1, 2014.3.27.1, 
Update, 08.04.2014 21:02:52, SYSTEM, CHRISTOPHER-PC, Manual, Malware Database, 2014.3.4.9, 2014.4.8.6, 
Protection, 08.04.2014 21:02:56, SYSTEM, CHRISTOPHER-PC, Protection, Malicious Website Protection, Started, 
Protection, 08.04.2014 21:02:56, SYSTEM, CHRISTOPHER-PC, Protection, Refresh, Starting, 
Protection, 08.04.2014 21:02:56, SYSTEM, CHRISTOPHER-PC, Protection, Malicious Website Protection, Stopping, 
Protection, 08.04.2014 21:02:56, SYSTEM, CHRISTOPHER-PC, Protection, Malicious Website Protection, Stopped, 
Protection, 08.04.2014 21:02:59, SYSTEM, CHRISTOPHER-PC, Protection, Refresh, Success, 
Protection, 08.04.2014 21:02:59, SYSTEM, CHRISTOPHER-PC, Protection, Malicious Website Protection, Starting, 
Protection, 08.04.2014 21:02:59, SYSTEM, CHRISTOPHER-PC, Protection, Malicious Website Protection, Started, 
Detection, 08.04.2014 21:20:20, SYSTEM, CHRISTOPHER-PC, Protection, Malicious Website Protection, IP, 77.78.226.254, 54955, Outbound, C:\Program Files (x86)\Skype\Phone\Skype.exe, 
Detection, 08.04.2014 21:20:20, SYSTEM, CHRISTOPHER-PC, Protection, Malicious Website Protection, IP, 77.78.226.254, 54955, Outbound, C:\Program Files (x86)\Skype\Phone\Skype.exe, 
Detection, 08.04.2014 21:20:21, SYSTEM, CHRISTOPHER-PC, Protection, Malicious Website Protection, IP, 77.78.226.254, 54957, Outbound, C:\Program Files (x86)\Skype\Phone\Skype.exe, 
Detection, 08.04.2014 21:20:21, SYSTEM, CHRISTOPHER-PC, Protection, Malicious Website Protection, IP, 77.78.226.254, 54958, Outbound, C:\Program Files (x86)\Skype\Phone\Skype.exe, 
Detection, 08.04.2014 21:20:21, SYSTEM, CHRISTOPHER-PC, Protection, Malicious Website Protection, IP, 77.78.226.254, 54959, Outbound, C:\Program Files (x86)\Skype\Phone\Skype.exe, 
Detection, 08.04.2014 21:32:13, SYSTEM, CHRISTOPHER-PC, Protection, Malicious Website Protection, IP, 37.1.193.194, 55455, Outbound, C:\Program Files (x86)\Skype\Phone\Skype.exe, 
Detection, 08.04.2014 21:32:14, SYSTEM, CHRISTOPHER-PC, Protection, Malicious Website Protection, IP, 37.1.193.194, 55455, Outbound, C:\Program Files (x86)\Skype\Phone\Skype.exe, 
Detection, 08.04.2014 21:32:14, SYSTEM, CHRISTOPHER-PC, Protection, Malicious Website Protection, IP, 37.1.193.194, 55458, Outbound, C:\Program Files (x86)\Skype\Phone\Skype.exe, 
Detection, 08.04.2014 21:32:14, SYSTEM, CHRISTOPHER-PC, Protection, Malicious Website Protection, IP, 37.1.193.194, 55459, Outbound, C:\Program Files (x86)\Skype\Phone\Skype.exe, 
Detection, 08.04.2014 21:32:14, SYSTEM, CHRISTOPHER-PC, Protection, Malicious Website Protection, IP, 37.1.193.194, 55460, Outbound, C:\Program Files (x86)\Skype\Phone\Skype.exe, 
Detection, 08.04.2014 22:13:09, SYSTEM, CHRISTOPHER-PC, Protection, Malicious Website Protection, IP, 37.1.193.194, 57039, Outbound, C:\Program Files (x86)\Skype\Phone\Skype.exe, 
Detection, 08.04.2014 22:13:09, SYSTEM, CHRISTOPHER-PC, Protection, Malicious Website Protection, IP, 37.1.193.194, 57039, Outbound, C:\Program Files (x86)\Skype\Phone\Skype.exe, 
Detection, 08.04.2014 22:13:10, SYSTEM, CHRISTOPHER-PC, Protection, Malicious Website Protection, IP, 37.1.193.194, 57040, Outbound, C:\Program Files (x86)\Skype\Phone\Skype.exe, 
Detection, 08.04.2014 22:13:10, SYSTEM, CHRISTOPHER-PC, Protection, Malicious Website Protection, IP, 37.1.193.194, 57041, Outbound, C:\Program Files (x86)\Skype\Phone\Skype.exe, 
Detection, 08.04.2014 22:13:11, SYSTEM, CHRISTOPHER-PC, Protection, Malicious Website Protection, IP, 37.1.193.194, 57042, Outbound, C:\Program Files (x86)\Skype\Phone\Skype.exe, 
Protection, 08.04.2014 22:19:36, SYSTEM, CHRISTOPHER-PC, Protection, Malware Protection, Starting, 
Protection, 08.04.2014 22:19:36, SYSTEM, CHRISTOPHER-PC, Protection, Malware Protection, Started, 
Protection, 08.04.2014 22:19:36, SYSTEM, CHRISTOPHER-PC, Protection, Malicious Website Protection, Starting, 
Protection, 08.04.2014 22:22:26, SYSTEM, CHRISTOPHER-PC, Protection, Malicious Website Protection, Started, 
Update, 08.04.2014 22:27:00, SYSTEM, CHRISTOPHER-PC, Scheduler, Malware Database, 2014.4.8.6, 2014.4.8.7, 
Protection, 08.04.2014 22:27:10, SYSTEM, CHRISTOPHER-PC, Protection, Refresh, Starting, 
Protection, 08.04.2014 22:27:10, SYSTEM, CHRISTOPHER-PC, Protection, Malicious Website Protection, Stopping, 
Protection, 08.04.2014 22:27:10, SYSTEM, CHRISTOPHER-PC, Protection, Malicious Website Protection, Stopped, 
Protection, 08.04.2014 22:27:13, SYSTEM, CHRISTOPHER-PC, Protection, Refresh, Success, 
Protection, 08.04.2014 22:27:13, SYSTEM, CHRISTOPHER-PC, Protection, Malicious Website Protection, Starting, 
Protection, 08.04.2014 22:27:13, SYSTEM, CHRISTOPHER-PC, Protection, Malicious Website Protection, Started, 

(end)
         
habs 2 ausgeführt hier der 2 teil

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org


Protection, 09.04.2014 12:52:41, SYSTEM, CHRISTOPHER-PC, Protection, Malware Protection, Starting, 
Protection, 09.04.2014 12:52:41, SYSTEM, CHRISTOPHER-PC, Protection, Malware Protection, Started, 
Protection, 09.04.2014 12:52:41, SYSTEM, CHRISTOPHER-PC, Protection, Malicious Website Protection, Starting, 
Protection, 09.04.2014 12:56:09, SYSTEM, CHRISTOPHER-PC, Protection, Malicious Website Protection, Started, 
Update, 09.04.2014 13:35:48, SYSTEM, CHRISTOPHER-PC, Scheduler, Malware Database, 2014.4.8.7, 2014.4.9.4, 
Protection, 09.04.2014 13:35:49, SYSTEM, CHRISTOPHER-PC, Protection, Refresh, Starting, 
Protection, 09.04.2014 13:35:49, SYSTEM, CHRISTOPHER-PC, Protection, Malicious Website Protection, Stopping, 
Protection, 09.04.2014 13:35:50, SYSTEM, CHRISTOPHER-PC, Protection, Malicious Website Protection, Stopped, 
Protection, 09.04.2014 13:35:52, SYSTEM, CHRISTOPHER-PC, Protection, Refresh, Success, 
Protection, 09.04.2014 13:35:52, SYSTEM, CHRISTOPHER-PC, Protection, Malicious Website Protection, Starting, 
Protection, 09.04.2014 13:35:53, SYSTEM, CHRISTOPHER-PC, Protection, Malicious Website Protection, Started, 

(end)
         
Hier noch die FRST dateien.

Frst

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 (ATTENTION: ====> FRST version is 27 days old and could be outdated)
Ran by Christopher (administrator) on CHRISTOPHER-PC on 09-04-2014 13:39:35
Running from F:\Dokumente
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Check Point Software Technologies) C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
(Check Point Software Technologies) C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Comfort Software Group) C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe
(Overwolf LTD) C:\Program Files (x86)\Overwolf\Overwolf.exe
(Spotify Ltd) C:\Users\Christopher\AppData\Roaming\Spotify\spotify.exe
(Spotify Ltd) C:\Users\Christopher\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Dropbox, Inc.) C:\Users\Christopher\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Disc Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTShellHlp.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
() C:\Users\Christopher\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\Christopher\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Christopher\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
() C:\Users\Christopher\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
() C:\Users\Christopher\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Overwolf LTD) C:\Program Files (x86)\Common Files\Overwolf\OverwolfHelper.exe
(Overwolf LTD) C:\Program Files (x86)\Common Files\Overwolf\OverwolfHelper64.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor)
HKLM\...\Run: [ISW] - C:\Program Files\CheckPoint\ZAForceField\ForceField.exe [1127592 2012-11-22] (Check Point Software Technologies)
HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2199840 2014-04-02] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\nvspcap64.dll [1225920 2014-04-02] (NVIDIA Corporation)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-03-26] (Intel Corporation)
HKLM-x32\...\Run: [ZoneAlarm] - C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [73832 2013-01-29] (Check Point Software Technologies LTD)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BlueStacks Agent] - C:\Program Files (x86)\BlueStacks\HD-Agent.exe [601928 2013-08-07] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3814736 2014-02-26] (LogMeIn Inc.)
HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] - rmdir /s /q "\SearchProtect"
HKU\S-1-5-21-1243158617-1119941495-1123096171-1001\...\Run: [Pando Media Booster] - null\Pando Networks\Media Booster\PMB.exe
HKU\S-1-5-21-1243158617-1119941495-1123096171-1001\...\Run: [EPSON421CF4 (Epson Stylus Office BX320FW)] - C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGIE.EXE [224768 2009-09-14] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1243158617-1119941495-1123096171-1001\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1821888 2014-02-25] (Valve Corporation)
HKU\S-1-5-21-1243158617-1119941495-1123096171-1001\...\Run: [Akamai NetSession Interface] - C:\Users\Christopher\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1243158617-1119941495-1123096171-1001\...\Run: [FreeAC] - C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe [1328976 2012-04-25] (Comfort Software Group)
HKU\S-1-5-21-1243158617-1119941495-1123096171-1001\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd)
HKU\S-1-5-21-1243158617-1119941495-1123096171-1001\...\Run: [Overwolf] - C:\Program Files (x86)\Overwolf\Overwolf.exe [37664 2014-03-05] (Overwolf LTD)
HKU\S-1-5-21-1243158617-1119941495-1123096171-1001\...\Run: [Spotify] - C:\Users\Christopher\AppData\Roaming\Spotify\Spotify.exe [6118400 2014-01-15] (Spotify Ltd)
HKU\S-1-5-21-1243158617-1119941495-1123096171-1001\...\Run: [Spotify Web Helper] - C:\Users\Christopher\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-01-15] (Spotify Ltd)
HKU\S-1-5-21-1243158617-1119941495-1123096171-1001\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20924576 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-1243158617-1119941495-1123096171-1001\...\RunOnce: [Application Restart #1] - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [859976 2014-03-15] (Google Inc.)
HKU\S-1-5-21-1243158617-1119941495-1123096171-1001\...\MountPoints2: {2ea83c97-8278-11e2-929a-d43d7e31e76d} - E:\Install.exe
HKU\S-1-5-21-1243158617-1119941495-1123096171-1001\...\MountPoints2: {7a21e395-925a-11e3-9600-d43d7e31e76d} - H:\Startme.exe
HKU\S-1-5-21-1243158617-1119941495-1123096171-1001\...\MountPoints2: {a0f83e86-4ae0-11e3-b0f7-d43d7e31e76d} - E:\Autorun.exe
HKU\S-1-5-21-1243158617-1119941495-1123096171-1001\...\Command Processor:  <===== ATTENTION!
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => "C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" File Not Found
Startup: C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Christopher\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google Chrome.lnk
ShortcutTarget: Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Startup: C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TeamSpeak 3 Client.lnk
ShortcutTarget: TeamSpeak 3 Client.lnk -> C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe (TeamSpeak Systems GmbH)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xAD16E1DFF315CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
Toolbar: HKLM-x32 - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 80.69.103.78 80.69.102.158

FireFox:
========
FF ProfilePath: C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\yyqeewho.default-1374085442957
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @live.heroesandgenerals.com/npretox - C:\Program Files (x86)\Heroes & Generals\live\npretox-1.0.6.1\npretoxlive-1.0.6.1.dll (Reto-Moto ApS)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - null\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Users\Christopher\Downloads\null\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: zonealarm.com - C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\yyqeewho.default-1374085442957\Extensions\ffxtlbr@zonealarm.com [2013-07-17]
FF Extension: QuickShare Widget - C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\yyqeewho.default-1374085442957\Extensions\{b48f059e-4c8e-437e-8341-3f67dab778bb} [2014-03-11]
FF Extension: BonanzaDeals - C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\yyqeewho.default-1374085442957\Extensions\{f9d03c26-0575-497e-821d-f7956d23e0ca}.xpi [2014-01-04]
FF HKLM\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\TrustChecker
FF Extension: No Name - C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2013-02-28]
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF Extension: ZoneAlarm Security Engine - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2013-02-28]

Chrome: 
=======
CHR HomePage: 
CHR Extension: (Angry Birds) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2014-01-15]
CHR Extension: (Google Drive) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-13]
CHR Extension: (YouTube) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-13]
CHR Extension: (GMX MailCheck) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\camnampocfohlcgbajligmemmabnljcm [2013-12-12]
CHR Extension: (Google-Suche) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-13]
CHR Extension: (Regentropfen(Non-Aero)) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpagcfbbmlebfnkeogkigellbgmfkjfg [2014-02-02]
CHR Extension: (Heroes & Generals) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbophcdhblbipoaacgchllkobdaolpge [2014-03-02]
CHR Extension: (New Tab Redirect) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\icpgjfneehieebagbmdbhnlpiopdcmna [2014-01-15]
CHR Extension: (Google Wallet) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-13]
CHR Extension: (Google Mail) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-13]

==================== Services (Whitelisted) =================

S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [393032 2013-08-07] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384840 2013-08-07] (BlueStack Systems, Inc.)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [93016 2014-04-08] (EasyAntiCheat Ltd)
R2 IswSvc; C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe [828072 2012-11-22] (Check Point Software Technologies)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165144 2012-03-29] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-02-26] (LogMeIn, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1617352 2014-04-02] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [20542408 2014-04-02] (NVIDIA Corporation)
S3 OverwolfUpdaterService; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [99616 2014-03-05] (Overwolf LTD)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2013-09-09] ()
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [2447888 2013-01-29] (Check Point Software Technologies LTD)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-21] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [70984 2013-08-07] (BlueStack Systems)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-11-11] (Disc Soft Ltd)
R2 ISWKL; C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [33712 2012-11-22] (Check Point Software Technologies)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [89432 2012-11-15] (Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [611160 2012-11-15] (Kaspersky Lab)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-09] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-21] (NVIDIA Corporation)
S1 StarOpen; C:\Windows\SysWow64\Drivers\StarOpen.sys [5632 2006-07-24] ()
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [450136 2012-12-13] (Check Point Software Technologies LTD)
S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\1.3\temp\FairplayKD.sys [X]
U0 KL1; 
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-09 13:39 - 2014-04-09 13:39 - 00000000 ____D () C:\FRST
2014-04-09 13:37 - 2014-04-09 13:37 - 00005186 _____ () C:\Users\Christopher\Desktop\archiv2.txt
2014-04-09 13:36 - 2014-04-09 13:36 - 00001211 _____ () C:\Users\Christopher\Desktop\Archiv.txt
2014-04-08 21:02 - 2014-04-09 13:35 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-08 21:02 - 2014-04-08 21:02 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-08 21:02 - 2014-04-08 21:02 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-08 21:02 - 2014-04-08 21:02 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-04-08 21:02 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-08 21:02 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-08 21:02 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-08 20:33 - 2014-04-08 20:39 - 00093016 _____ (EasyAntiCheat Ltd) C:\Windows\SysWOW64\EasyAntiCheat.exe
2014-04-08 20:22 - 2014-04-08 20:24 - 00000000 ____D () C:\Users\Christopher\AppData\Local\NVIDIA Corporation
2014-04-08 20:22 - 2014-04-02 15:28 - 01225920 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2014-04-08 20:22 - 2014-04-02 15:28 - 01081112 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2014-04-08 20:21 - 2014-03-21 21:43 - 00040392 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-04-08 20:21 - 2014-03-21 21:43 - 00037320 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2014-04-08 20:21 - 2014-03-21 21:43 - 00033568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-04-08 20:17 - 2014-04-08 20:17 - 00000222 _____ () C:\Users\Christopher\Desktop\Magicka Wizard Wars.url
2014-04-08 19:59 - 2014-04-08 20:24 - 00000000 ____D () C:\Users\Christopher\AppData\Local\NVIDIA
2014-04-08 19:55 - 2014-03-04 13:32 - 00599840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-04-04 22:05 - 2014-04-04 22:05 - 00001048 _____ () C:\Users\Christopher\Desktop\TERA.lnk
2014-04-04 17:24 - 2014-02-28 21:47 - 00000000 ____D () C:\Users\Christopher\Desktop\Minecraft Cracked
2014-03-30 17:11 - 2014-03-30 17:11 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf4c2a5dbd0a51.job
2014-03-29 20:58 - 2014-03-29 20:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-25 20:31 - 2014-03-26 00:04 - 00000015 _____ () C:\Users\Christopher\Desktop\Samp.txt
2014-03-25 17:24 - 2014-03-25 17:24 - 00001063 _____ () C:\Users\Christopher\Desktop\Notepad++.lnk
2014-03-25 17:24 - 2014-03-25 17:24 - 00000000 ____D () C:\Users\Christopher\AppData\Roaming\Notepad++
2014-03-25 17:24 - 2014-03-25 17:24 - 00000000 ____D () C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-03-25 17:24 - 2014-03-25 17:24 - 00000000 ____D () C:\Program Files (x86)\Notepad++
2014-03-25 17:12 - 2014-03-25 17:12 - 00001762 _____ () C:\Users\Christopher\Desktop\starbound_opengl - Verknüpfung.lnk
2014-03-25 17:08 - 2014-03-25 17:08 - 00002266 _____ () C:\Users\Christopher\Desktop\Starbound Update 7.1.lnk
2014-03-25 17:07 - 2011-03-30 20:35 - 00292184 ____N (Microsoft Corporation) C:\Users\Christopher\Desktop\dxwebsetup.exe
2014-03-25 17:04 - 2014-03-27 19:13 - 00000000 ____D () C:\Program Files (x86)\Starbound Update 7.1
2014-03-25 15:33 - 2014-04-09 13:23 - 00000000 ____D () C:\AdwCleaner
2014-03-21 16:09 - 2014-03-21 16:09 - 00000000 ____D () C:\Users\Christopher\AppData\Local\Skype
2014-03-21 16:08 - 2014-03-21 16:08 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-03-20 23:03 - 2014-03-20 23:03 - 15783992 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-03-20 23:03 - 2014-03-20 23:03 - 11589272 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-03-20 23:03 - 2014-03-20 23:03 - 09690424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-03-20 23:03 - 2014-03-20 23:03 - 00832936 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 31474976 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 25255256 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 23716640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 17755424 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 12708128 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-03-20 23:02 - 2014-03-20 23:02 - 11636176 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 09728064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 03143456 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 02958792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 02783008 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 02715264 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 02411976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 01885472 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433523.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 01516488 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433523.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 01515296 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 00892704 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 00877856 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 00863064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 00846168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 00484296 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 00409544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 00377688 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 00353504 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 00333600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 00197408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2014-03-20 23:02 - 2014-03-20 23:02 - 00174296 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 00148016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2014-03-20 21:36 - 2014-03-20 21:36 - 00000221 _____ () C:\Users\Christopher\Desktop\Men of War Assault Squad.url
2014-03-12 14:08 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-12 14:08 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-12 14:08 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-12 14:07 - 2014-03-01 08:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-12 14:07 - 2014-03-01 07:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-12 14:07 - 2014-03-01 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-12 14:07 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-12 14:07 - 2014-03-01 06:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-12 14:07 - 2014-03-01 06:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-12 14:07 - 2014-03-01 06:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-12 14:07 - 2014-03-01 06:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-12 14:07 - 2014-03-01 06:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-12 14:07 - 2014-03-01 06:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-12 14:07 - 2014-03-01 06:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-12 14:07 - 2014-03-01 06:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-12 14:07 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-12 14:07 - 2014-03-01 06:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-12 14:07 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-12 14:07 - 2014-03-01 06:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-12 14:07 - 2014-03-01 06:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-12 14:07 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-12 14:07 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-12 14:07 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-12 14:07 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-12 14:07 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-12 14:07 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-12 14:07 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-12 14:07 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-12 14:07 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-12 14:07 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-12 14:07 - 2014-03-01 05:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-12 14:07 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-12 14:07 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-12 14:07 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-12 14:07 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-12 14:07 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-12 14:07 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-12 14:07 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-12 14:07 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-12 14:07 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-12 14:07 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-12 14:07 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-12 14:07 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-12 14:07 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-12 14:07 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-12 14:07 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-12 14:07 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-12 14:07 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll

==================== One Month Modified Files and Folders =======

2014-04-09 13:39 - 2014-04-09 13:39 - 00000000 ____D () C:\FRST
2014-04-09 13:37 - 2014-04-09 13:37 - 00005186 _____ () C:\Users\Christopher\Desktop\archiv2.txt
2014-04-09 13:36 - 2014-04-09 13:36 - 00001211 _____ () C:\Users\Christopher\Desktop\Archiv.txt
2014-04-09 13:35 - 2014-04-08 21:02 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-09 13:29 - 2013-04-21 15:30 - 00000000 ____D () C:\Users\Christopher\AppData\Roaming\Skype
2014-04-09 13:23 - 2014-03-25 15:33 - 00000000 ____D () C:\AdwCleaner
2014-04-09 13:02 - 2013-10-06 11:37 - 01883092 _____ () C:\Windows\WindowsUpdate.log
2014-04-09 13:02 - 2013-03-02 10:28 - 00000000 ____D () C:\Users\Christopher\AppData\Roaming\TS3Client
2014-04-09 13:02 - 2009-07-14 06:45 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-09 13:02 - 2009-07-14 06:45 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-09 12:56 - 2013-11-30 23:14 - 00000000 ____D () C:\Users\Christopher\AppData\Roaming\Spotify
2014-04-09 12:54 - 2013-03-02 11:35 - 00000000 ____D () C:\Users\Christopher\AppData\Local\LogMeIn Hamachi
2014-04-09 12:53 - 2013-12-06 22:14 - 00013900 _____ () C:\Windows\setupact.log
2014-04-09 12:53 - 2013-09-20 13:07 - 00000000 ____D () C:\Users\Christopher\AppData\Local\Overwolf
2014-04-09 12:53 - 2013-06-04 18:39 - 00000000 ___RD () C:\Users\Christopher\Dropbox
2014-04-09 12:53 - 2013-06-04 18:33 - 00000000 ____D () C:\Users\Christopher\AppData\Roaming\Dropbox
2014-04-09 12:51 - 2013-03-17 19:09 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-04-09 12:50 - 2013-02-25 23:39 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-04-08 22:16 - 2013-12-09 17:08 - 00061954 _____ () C:\Windows\PFRO.log
2014-04-08 22:16 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Vss
2014-04-08 22:16 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\IME
2014-04-08 21:02 - 2014-04-08 21:02 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-08 21:02 - 2014-04-08 21:02 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-08 21:02 - 2014-04-08 21:02 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-04-08 20:39 - 2014-04-08 20:33 - 00093016 _____ (EasyAntiCheat Ltd) C:\Windows\SysWOW64\EasyAntiCheat.exe
2014-04-08 20:24 - 2014-04-08 20:22 - 00000000 ____D () C:\Users\Christopher\AppData\Local\NVIDIA Corporation
2014-04-08 20:24 - 2014-04-08 19:59 - 00000000 ____D () C:\Users\Christopher\AppData\Local\NVIDIA
2014-04-08 20:24 - 2013-02-25 23:39 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-04-08 20:22 - 2013-02-25 23:39 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-04-08 20:22 - 2013-02-25 23:38 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-04-08 20:17 - 2014-04-08 20:17 - 00000222 _____ () C:\Users\Christopher\Desktop\Magicka Wizard Wars.url
2014-04-08 20:17 - 2013-03-17 19:16 - 00000000 ____D () C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-04-07 20:32 - 2013-11-30 23:15 - 00000000 ____D () C:\Users\Christopher\AppData\Local\Spotify
2014-04-05 18:23 - 2013-09-03 11:13 - 00000000 ____D () C:\Program Files (x86)\Electronic Arts
2014-04-05 18:22 - 2013-09-07 19:13 - 00000000 ____D () C:\Users\Christopher\AppData\Roaming\Meine Der Herr der Ringe™, Aufstieg des Hexenkönigs™-Dateien
2014-04-05 18:20 - 2011-04-12 09:43 - 00781554 _____ () C:\Windows\system32\perfh007.dat
2014-04-05 18:20 - 2011-04-12 09:43 - 00179804 _____ () C:\Windows\system32\perfc007.dat
2014-04-05 18:20 - 2009-07-14 07:13 - 01830186 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-05 15:58 - 2013-08-23 13:47 - 00000000 ____D () C:\Users\Christopher\AppData\Roaming\.minecraft
2014-04-05 15:52 - 2014-03-02 14:40 - 00000000 ____D () C:\Program Files (x86)\Heroes & Generals
2014-04-04 22:06 - 2013-08-11 13:56 - 00000000 ____D () C:\Program Files (x86)\TERA
2014-04-04 22:05 - 2014-04-04 22:05 - 00001048 _____ () C:\Users\Christopher\Desktop\TERA.lnk
2014-04-04 22:04 - 2013-03-02 10:24 - 00000000 ____D () C:\Ubisoft
2014-04-04 22:04 - 2013-02-25 22:44 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-04-04 17:26 - 2013-08-23 13:47 - 00356864 _____ () C:\Users\Christopher\Desktop\Minecraft.exe
2014-04-04 17:10 - 2013-07-25 11:42 - 00000000 ____D () C:\Users\Christopher\AppData\Local\Akamai
2014-04-04 17:08 - 2013-02-28 22:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-03 09:51 - 2014-04-08 21:02 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-08 21:02 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-08 21:02 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-02 15:28 - 2014-04-08 20:22 - 01225920 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2014-04-02 15:28 - 2014-04-08 20:22 - 01081112 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2014-03-30 17:11 - 2014-03-30 17:11 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf4c2a5dbd0a51.job
2014-03-29 20:58 - 2014-03-29 20:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-29 14:51 - 2013-03-02 10:28 - 00000000 ____D () C:\Program Files (x86)\Ubisoft
2014-03-28 22:11 - 2013-12-12 20:39 - 00000000 ____D () C:\Users\Christopher\AppData\Local\Battle.net
2014-03-27 19:13 - 2014-03-25 17:04 - 00000000 ____D () C:\Program Files (x86)\Starbound Update 7.1
2014-03-26 17:43 - 2013-02-28 22:37 - 00000000 ____D () C:\Users\Christopher
2014-03-26 00:04 - 2014-03-25 20:31 - 00000015 _____ () C:\Users\Christopher\Desktop\Samp.txt
2014-03-25 17:24 - 2014-03-25 17:24 - 00001063 _____ () C:\Users\Christopher\Desktop\Notepad++.lnk
2014-03-25 17:24 - 2014-03-25 17:24 - 00000000 ____D () C:\Users\Christopher\AppData\Roaming\Notepad++
2014-03-25 17:24 - 2014-03-25 17:24 - 00000000 ____D () C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-03-25 17:24 - 2014-03-25 17:24 - 00000000 ____D () C:\Program Files (x86)\Notepad++
2014-03-25 17:12 - 2014-03-25 17:12 - 00001762 _____ () C:\Users\Christopher\Desktop\starbound_opengl - Verknüpfung.lnk
2014-03-25 17:08 - 2014-03-25 17:08 - 00002266 _____ () C:\Users\Christopher\Desktop\Starbound Update 7.1.lnk
2014-03-25 17:08 - 2013-02-28 23:21 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-03-25 17:08 - 2013-02-28 23:21 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-03-25 15:43 - 2013-10-13 01:54 - 00001442 _____ () C:\Users\Christopher\Desktop\Chrome-App-Übersicht.lnk
2014-03-25 15:37 - 2013-10-13 01:54 - 00000000 ____D () C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-03-25 15:37 - 2013-10-13 01:51 - 00001282 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-25 15:37 - 2013-02-28 22:57 - 00001053 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-03-25 15:37 - 2013-02-28 22:37 - 00001007 _____ () C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-25 15:37 - 2013-02-28 22:37 - 00000000 ___RD () C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-22 22:29 - 2013-12-12 20:39 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-03-21 21:43 - 2014-04-08 20:21 - 00040392 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-03-21 21:43 - 2014-04-08 20:21 - 00037320 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2014-03-21 21:43 - 2014-04-08 20:21 - 00033568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-03-21 16:09 - 2014-03-21 16:09 - 00000000 ____D () C:\Users\Christopher\AppData\Local\Skype
2014-03-21 16:08 - 2014-03-21 16:08 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-03-21 16:08 - 2013-04-21 15:30 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-21 16:08 - 2013-04-21 15:30 - 00000000 ____D () C:\ProgramData\Skype
2014-03-20 23:03 - 2014-03-20 23:03 - 15783992 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-03-20 23:03 - 2014-03-20 23:03 - 11589272 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-03-20 23:03 - 2014-03-20 23:03 - 09690424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-03-20 23:03 - 2014-03-20 23:03 - 00832936 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-03-20 23:03 - 2013-09-17 22:22 - 18302384 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-03-20 23:03 - 2013-09-17 22:22 - 00947808 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2014-03-20 23:03 - 2013-02-25 23:39 - 00062408 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2014-03-20 23:03 - 2013-02-25 23:39 - 00054216 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 31474976 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 25255256 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 23716640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 17755424 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 12708128 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-03-20 23:02 - 2014-03-20 23:02 - 11636176 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 09728064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 03143456 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 02958792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 02783008 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 02715264 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 02411976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 01885472 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433523.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 01516488 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433523.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 01515296 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 00892704 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 00877856 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 00863064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 00846168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 00484296 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 00409544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 00377688 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 00353504 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 00333600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 00197408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2014-03-20 23:02 - 2014-03-20 23:02 - 00174296 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 00148016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2014-03-20 23:02 - 2013-09-17 22:22 - 14709720 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-03-20 23:02 - 2013-09-17 22:22 - 03093280 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2014-03-20 23:02 - 2013-02-25 23:38 - 00024544 _____ () C:\Windows\system32\nvinfo.pb
2014-03-20 22:48 - 2013-05-28 16:35 - 00000000 ____D () C:\Users\Christopher\Documents\My Games
2014-03-20 22:47 - 2013-12-08 23:08 - 00070508 _____ () C:\Windows\DirectX.log
2014-03-20 21:36 - 2014-03-20 21:36 - 00000221 _____ () C:\Users\Christopher\Desktop\Men of War Assault Squad.url
2014-03-19 16:02 - 2013-09-20 13:08 - 00000000 ____D () C:\Program Files (x86)\Overwolf
2014-03-19 15:34 - 2013-08-16 01:13 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-19 15:32 - 2012-01-06 12:03 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-15 18:52 - 2014-01-16 21:46 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-03-15 12:01 - 2013-02-28 23:19 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-15 12:01 - 2013-02-28 23:19 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-15 12:01 - 2013-02-28 23:19 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-14 16:05 - 2009-07-14 06:45 - 00276968 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-14 16:04 - 2013-10-22 01:31 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-14 16:04 - 2013-10-22 01:31 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-13 17:24 - 2013-03-02 10:27 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client

Files to move or delete:
====================
C:\Users\Christopher\AppData\Roaming\skype.ini
C:\ProgramData\0od37.bat
C:\ProgramData\0od37.pad
C:\ProgramData\0od37.reg
C:\ProgramData\8ejf2.bat
C:\ProgramData\8ejf2.pad
C:\ProgramData\8ejf2.reg
C:\ProgramData\ofbh.pad


Some content of TEMP:
====================
C:\Users\Christopher\AppData\Local\Temp\AutoRun.exe
C:\Users\Christopher\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Christopher\AppData\Local\Temp\EAInstall.dll
C:\Users\Christopher\AppData\Local\Temp\eauninstall.exe
C:\Users\Christopher\AppData\Local\Temp\runprog.exe
C:\Users\Christopher\AppData\Local\Temp\The Lord of the Rings, The Rise of the Witch-king_uninst.exe
C:\Users\Christopher\AppData\Local\Temp\xmlUpdater.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-06-14 17:39

==================== End Of Log ============================
         
--- --- ---


Addition

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Christopher at 2014-04-09 13:40:10
Running from F:\Dokumente
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ZoneAlarm Free Firewall Firewall (Enabled) {E6380B7E-D4B2-19F1-083E-56486607704B}

==================== Installed Programs ======================

7 Days to Die - Alpha version 0.9.1 (HKLM-x32\...\{967E55B4-6DDD-4A2F-BFC7-07F1E327971E}_is1) (Version: 0.9.1 - The Fun Pimps LLC)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.7.700.224 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.05) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.05 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
ArmA 2 Uninstall (HKLM-x32\...\ArmA 2) (Version:  - )
AS-Vokabeltrainer (HKLM-x32\...\AS-Vokabeltrainer) (Version:  - )
Banished (HKLM-x32\...\Steam App 242920) (Version:  - Shining Rock Software LLC)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BattlEye Uninstall (HKLM-x32\...\BattlEye for A2) (Version:  - )
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.7.17.916 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{7E6316CA-5ED0-4EF9-9920-A92115E286B7}) (Version: 0.7.17.916 - BlueStack Systems, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 3.28 - Piriform)
Clonk Endeavour 4.95.5 (HKLM-x32\...\Clonk Endeavour) (Version: 4.95.5 - RedWolf Design GmbH)
Company of Heroes 2 (HKLM-x32\...\Steam App 231430) (Version:  - Relic Entertainment)
Cossacks - Back To War (HKLM-x32\...\Cossacks : Back To War) (Version:  - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.48.1.0347 - Disc Soft Ltd)
DayZ (HKLM-x32\...\Steam App 221100) (Version:  - Bohemia Interactive)
Die Schlacht um Mittelerde™ II (HKLM-x32\...\{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}) (Version:  - )
DMUninstaller (HKLM-x32\...\DMUninstaller) (Version:  - ) <==== ATTENTION
Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
EPSON BX320FW Series Printer Uninstall (HKLM\...\EPSON BX320FW Series) (Version:  - SEIKO EPSON Corporation)
Evernote v. 5.1.1 (HKLM-x32\...\{19ABCFE2-7EED-11E3-B98A-00163E98E7D6}) (Version: 5.1.1.2334 - Evernote Corp.)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Free Alarm Clock 2.7.0 (HKLM-x32\...\{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1) (Version: 2.7 - Comfort Software Group)
Gameforge Live 1.9.0 "Legend" (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 1.9.0 - Gameforge)
GameRanger (HKCU\...\GameRanger) (Version:  - GameRanger Technologies)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
Ghost Recon Online (EU) (HKCU\...\d8be6c3f847d7d92) (Version: 1.34.3556.1 - Ubisoft)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
Grand Theft Auto San Andreas (HKLM-x32\...\{086BADF8-9B1F-4E89-B207-2EDA520972D6}) (Version: 1.00.00001 - Rockstar Games)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes & Generals (HKLM-x32\...\Heroes & Generals) (Version: 1.0.6.1 - Reto-Moto)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.10.1464 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.225 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.23.943.1 - Intel Corporation) Hidden
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.173 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.173 - LogMeIn, Inc.) Hidden
Magicka: Wizard Wars (HKLM-x32\...\Steam App 202090) (Version:  - Paradox North)
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Men of War: Assault Squad (HKLM-x32\...\Steam App 64000) (Version:  - Digitalmindsoft)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MTA:SA v1.3.2 (HKLM-x32\...\MTA:SA 1.3) (Version: v1.3.2 - Multi Theft Auto)
No More Room in Hell (HKLM-x32\...\Steam App 224260) (Version:  - No More Room in Hell Team)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.5 - Notepad++ Team)
NVIDIA 3D Vision Controller-Treiber 314.07 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 314.07 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 335.23 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.0 - NVIDIA Corporation)
NVIDIA Grafiktreiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.151.1095 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.1031 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA ShadowPlay 12.4.55 (Version: 12.4.55 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3523 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 335.23 (Version: 335.23 - NVIDIA Corporation) Hidden
NVIDIA Update 12.4.55 (Version: 12.4.55 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 12.4.55 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.22 (Version: 1.2.22 - NVIDIA Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 9.1.10.2728 - Electronic Arts, Inc.)
Overwolf (HKLM-x32\...\{FB83467F-D8EB-43E6-8B3D-860B045C1C52}) (Version: 0.51.325 - Overwolf)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.9 - Pando Networks Inc.)
PlanetSide 2 (HKCU\...\soe-PlanetSide 2 PSG) (Version: 1.0.3.183 - Sony Online Entertainment)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
QuickShare (HKLM-x32\...\{11D4FAA0-A577-4FA8-B24E-D24283D861D1}) (Version: 11.24.60.15709 - Linkury Inc.) <==== ATTENTION
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.53.216.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6657 - Realtek Semiconductor Corp.)
S.K.I.L.L. - Special Force 2 (HKLM-x32\...\Special Force 2 Beta_is1) (Version:  - )
SA-MP Colorpicker 1.1.0 (HKLM-x32\...\SA-MP Colorpicker) (Version: 1.1.0 - GTAvision.com)
SAMSUNG Mobile Composite Device Software (HKLM\...\SAMSUNG Mobile Composite Device) (Version:  - )
SAMSUNG Mobile Modem Driver Set (HKLM\...\SAMSUNG Mobile Modem) (Version:  - )
Samsung Mobile phone USB driver Drive Software (HKLM\...\Samsung Mobile phone USB driver Drive) (Version:  - )
SAMSUNG Mobile USB Modem 1.0 Software (HKLM\...\SAMSUNG Mobile USB Modem 1.0) (Version:  - )
SAMSUNG Mobile USB Modem Software (HKLM\...\SAMSUNG Mobile USB Modem) (Version:  - )
SHIELD Streaming (Version: 1.8.323 - NVIDIA Corporation) Hidden
SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 1.0.0.0 - Electronic Arts)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Smite (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}) (Version: 1.0.2070.0 - Hi-Rez Studios)
Spotify (HKCU\...\Spotify) (Version: 0.9.7.16.g4b197456 - Spotify AB)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.22298 - TeamViewer)
TERA (HKLM-x32\...\{A2F166A0-F031-4E27-A057-C69733219434}_is1) (Version: 7 - Gameforge Productions GmbH)
Total War: ROME II (HKLM-x32\...\Steam App 214950) (Version:  - Creative Assembly)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Update_for_BonanzaDeals (HKCU\...\Bonanza) (Version:  - Update_for_BonanzaDeals) <==== ATTENTION
WestwoodChat (HKLM-x32\...\{7CAE6A67-AF7B-4A6A-8705-8AFACA45BB60}) (Version: 1.0.0.0 - WestwoodChat)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1) (Version:  - Wargaming.net)
World of Warplanes (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C813EU}_is1) (Version:  - Wargaming.net)
WoT Statistics (HKLM-x32\...\WoT Statistics_is1) (Version: 2.0.6.63 - Nick Saaiman)
ZoneAlarm Antivirus (x32 Version: 11.0.000.057 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Firewall (x32 Version: 11.0.000.057 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Firewall (HKLM-x32\...\ZoneAlarm Free Firewall) (Version: 11.0.000.057 - Check Point)
ZoneAlarm Security (x32 Version: 11.0.000.057 - Check Point Software Technologies Ltd.) Hidden

==================== Restore Points  =========================

08-04-2014 12:33:38 Windows Update
08-04-2014 18:22:55 DirectX wurde installiert

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {507FEE5C-F4BD-4F49-B488-8337C046F7C3} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-02-25] (Piriform Ltd)
Task: {56046A02-AB8E-4E87-A639-ADDE2326EFC1} - System32\Tasks\{C968D213-2F1D-417B-B596-C19B0A1B6E25} => C:\Program Files (x86)\Riot Games\League of Legends\lol.launcher.exe
Task: {9D405C7D-A25A-4BA7-894E-7756B27E9C82} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-15] (Adobe Systems Incorporated)
Task: {C43FD6A8-62F7-41BA-A1A7-3C973A445770} - \AmiUpdXp No Task File
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf4c2a5dbd0a51.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\RunOW.job => C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe
Task: C:\Windows\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013.job => C:\Program Files (x86)\TuneUp Utilities 2014\OneClick.exe

==================== Loaded Modules (whitelisted) =============

2013-02-25 23:39 - 2014-03-04 15:05 - 00116056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-06-18 17:24 - 2012-06-18 17:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll
2013-11-30 23:15 - 2014-01-15 16:05 - 00603648 _____ () C:\Users\Christopher\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
2013-08-17 22:12 - 2013-09-09 15:49 - 00075136 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-03-05 20:30 - 2014-03-05 20:30 - 00025600 _____ () C:\Program Files (x86)\Overwolf\CoreAudioApi.dll
2013-09-20 13:09 - 2014-03-05 20:29 - 00016160 _____ () C:\Users\Christopher\AppData\Local\Overwolf\Apps\Contracts\ODK.AddIns.V2.Contract.dll
2013-09-20 13:09 - 2014-03-05 20:29 - 00016672 _____ () C:\Users\Christopher\AppData\Local\Overwolf\Apps\AddInViews\ODK.AddIns.V2.AddInView.dll
2013-09-20 13:10 - 2013-09-20 13:10 - 00876544 _____ () C:\Users\Christopher\AppData\Local\Overwolf\Apps\AddIns\KillingFactory_and_BareL_Dota_2_Timers_2.0.0\ODK.AddIns.ThirdParty.KillingFactory_and_BareL_Dota_2_Timers.dll
2013-09-20 13:09 - 2014-03-05 20:29 - 00018208 _____ () C:\Users\Christopher\AppData\Local\Overwolf\Apps\AddInSideAdapters\ODK.AddIns.V2.AddInSideAdapter.dll
2013-09-20 13:09 - 2014-03-05 20:28 - 00019232 _____ () C:\Users\Christopher\AppData\Local\Overwolf\Apps\HostSideAdapters\ODK.AddIns.V2.HostSideAdapter.dll
2014-03-05 20:29 - 2014-03-05 20:29 - 00607232 _____ () C:\Program Files (x86)\Overwolf\client_c_api_win32.dll
2013-11-30 23:15 - 2014-01-15 16:06 - 36967424 _____ () C:\Users\Christopher\AppData\Roaming\Spotify\Data\libcef.dll
2013-10-19 01:55 - 2013-10-19 01:55 - 25100288 _____ () C:\Users\Christopher\AppData\Roaming\Dropbox\bin\libcef.dll
2013-12-20 13:14 - 2013-12-20 13:14 - 00433664 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
2013-12-20 13:14 - 2013-12-20 13:14 - 00315392 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
2014-03-15 12:04 - 2014-03-15 02:50 - 00051016 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll
2014-03-15 12:04 - 2014-03-15 02:50 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libglesv2.dll
2014-03-15 12:04 - 2014-03-15 02:50 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libegl.dll
2014-03-15 12:04 - 2014-03-15 02:50 - 04061000 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll
2014-03-15 12:04 - 2014-03-15 02:50 - 00394568 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
2014-03-15 12:04 - 2014-03-15 02:50 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll
2013-11-30 23:15 - 2014-01-15 16:05 - 00887808 _____ () C:\Users\Christopher\AppData\Roaming\Spotify\Data\libglesv2.dll
2013-11-30 23:15 - 2014-01-15 16:05 - 00109568 _____ () C:\Users\Christopher\AppData\Roaming\Spotify\Data\libegl.dll
2014-03-15 12:04 - 2014-03-15 02:50 - 13637448 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll
2013-02-25 23:36 - 2012-03-29 07:18 - 01198872 ____R () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\Users\Christopher\Anwendungsdaten:NT
AlternateDataStreams: C:\Users\Christopher\AppData\Roaming:NT

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"

==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/09/2014 00:56:30 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/09/2014 00:56:23 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (04/09/2014 00:54:34 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/09/2014 00:54:11 PM) (Source: BstHdAndroidSvc) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (04/08/2014 10:22:27 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (04/08/2014 10:21:21 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/08/2014 10:20:59 PM) (Source: BstHdAndroidSvc) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (04/08/2014 08:40:38 PM) (Source: MsiInstaller) (User: Christopher-PC)
Description: Produkt: NVIDIA PhysX -- Fehler 1316. Beim Lesen der Datei C:\Program Files (x86)\Steam\steamapps\common\MagickaWizardWars\_CommonRedist\PhysX\9.12.1031\PhysX_9.12.1031_SystemSoftware.msi ist ein Netzwerkfehler aufgetreten

Error: (04/08/2014 08:33:21 PM) (Source: MsiInstaller) (User: Christopher-PC)
Description: Produkt: NVIDIA PhysX -- Fehler 1316. Beim Lesen der Datei C:\Program Files (x86)\Steam\steamapps\common\MagickaWizardWars\_CommonRedist\PhysX\9.12.1031\PhysX_9.12.1031_SystemSoftware.msi ist ein Netzwerkfehler aufgetreten

Error: (04/08/2014 08:33:13 PM) (Source: MsiInstaller) (User: Christopher-PC)
Description: Produkt: NVIDIA PhysX -- Fehler 1316. Beim Lesen der Datei C:\Program Files (x86)\Steam\steamapps\common\MagickaWizardWars\_CommonRedist\PhysX\9.12.1031\PhysX_9.12.1031_SystemSoftware.msi ist ein Netzwerkfehler aufgetreten


System errors:
=============
Error: (04/09/2014 00:58:55 PM) (Source: DCOM) (User: )
Description: {B77C4C36-0154-4C52-AB49-FAA03837E47F}

Error: (04/09/2014 00:57:18 PM) (Source: Service Control Manager) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows-Verwaltungsinstrumentation" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: 
%%1056

Error: (04/09/2014 00:57:18 PM) (Source: Service Control Manager) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Benutzerprofildienst" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: 
%%1056

Error: (04/09/2014 00:57:18 PM) (Source: Service Control Manager) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Multimediaklassenplaner" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: 
%%1056

Error: (04/09/2014 00:57:12 PM) (Source: Service Control Manager) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: 
%%1056

Error: (04/09/2014 00:56:28 PM) (Source: Service Control Manager) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Server" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: 
%%1056

Error: (04/09/2014 00:55:12 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
StarOpen

Error: (04/09/2014 00:55:12 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (04/09/2014 00:55:12 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Designs" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (04/09/2014 00:55:12 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Shellhardwareerkennung" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.


Microsoft Office Sessions:
=========================
Error: (04/09/2014 00:56:30 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/09/2014 00:56:23 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (04/09/2014 00:54:34 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/09/2014 00:54:11 PM) (Source: BstHdAndroidSvc)(User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (04/08/2014 10:22:27 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (04/08/2014 10:21:21 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/08/2014 10:20:59 PM) (Source: BstHdAndroidSvc)(User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (04/08/2014 08:40:38 PM) (Source: MsiInstaller)(User: Christopher-PC)
Description: Produkt: NVIDIA PhysX -- Fehler 1316. Beim Lesen der Datei C:\Program Files (x86)\Steam\steamapps\common\MagickaWizardWars\_CommonRedist\PhysX\9.12.1031\PhysX_9.12.1031_SystemSoftware.msi ist ein Netzwerkfehler aufgetreten(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (04/08/2014 08:33:21 PM) (Source: MsiInstaller)(User: Christopher-PC)
Description: Produkt: NVIDIA PhysX -- Fehler 1316. Beim Lesen der Datei C:\Program Files (x86)\Steam\steamapps\common\MagickaWizardWars\_CommonRedist\PhysX\9.12.1031\PhysX_9.12.1031_SystemSoftware.msi ist ein Netzwerkfehler aufgetreten(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (04/08/2014 08:33:13 PM) (Source: MsiInstaller)(User: Christopher-PC)
Description: Produkt: NVIDIA PhysX -- Fehler 1316. Beim Lesen der Datei C:\Program Files (x86)\Steam\steamapps\common\MagickaWizardWars\_CommonRedist\PhysX\9.12.1031\PhysX_9.12.1031_SystemSoftware.msi ist ein Netzwerkfehler aufgetreten(NULL)(NULL)(NULL)(NULL)(NULL)


==================== Memory info =========================== 

Percentage of memory in use: 44%
Total physical RAM: 8136.91 MB
Available physical RAM: 4533.34 MB
Total Pagefile: 16272.01 MB
Available Pagefile: 11917.96 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:365.66 GB) (Free:12.58 GB) NTFS
Drive e: (LOTRBFME2) (CDROM) (Total:5.68 GB) (Free:0 GB) UDF
Drive f: (Daten) (Fixed) (Total:100 GB) (Free:3.54 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: D2F94CF8)

Partition: GPT Partition Type.

==================== End Of Log ============================
         
Hoffe schrecke mit dieser Informations Flut keinen ab aber an alle die sich hier durchwühlen schonmal ein fettes DANKE
Falls was fehlen sollte einfach sagen werde es wen möglich nachreichen.

Geändert von Herdringen (09.04.2014 um 13:48 Uhr) Grund: Was vergessen

Alt 09.04.2014, 14:25   #2
schrauber
/// the machine
/// TB-Ausbilder
 

[Win7] Eingabeaufforderung/CMD schließt sich sodort nach dem Öfnen - Standard

[Win7] Eingabeaufforderung/CMD schließt sich sodort nach dem Öfnen



hi,

Revo Uninstaller - Download - Filepony
Damit alles deinstallieren was Du in der Additional.txt findest mit dem Zusatz <== ATTENTION

Mit Revo auch Moderat die Reste entfernen lassen.




Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________

__________________

Alt 09.04.2014, 15:46   #3
Herdringen
 
[Win7] Eingabeaufforderung/CMD schließt sich sodort nach dem Öfnen - Standard

[Win7] Eingabeaufforderung/CMD schließt sich sodort nach dem Öfnen



So habe versucht alles so auszuführen wie du gesagt hast doch "Junkware Removal Tool" startet nicht es öfnet kurz CMD und das wars
aber hier erstmal die Textdateien
mbam
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 09.04.2014
Suchlauf-Zeit: 15:24:20
Logdatei: mbam.txt
Administrator: Nein

Version: 2.00.1.1004
Malware Datenbank: v2014.04.09.04
Rootkit Datenbank: v2014.03.27.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Chameleon: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Christopher

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 280874
Verstrichene Zeit: 22 Min, 12 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Shuriken: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)


(end)
         
und die von ADWcleaner
Code:
ATTFilter
# AdwCleaner v3.023 - Bericht erstellt am 09/04/2014 um 15:29:56
# Aktualisiert 01/04/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Christopher - CHRISTOPHER-PC
# Gestartet von : F:\Dokumente\adwcleaner3023.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

[!] Ordner Gelöscht : C:\Users\Christopher\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar
Ordner Gelöscht : C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\icpgjfneehieebagbmdbhnlpiopdcmna

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16521


-\\ Mozilla Firefox v28.0 (de)

[ Datei : C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\yyqeewho.default-1374085442957\prefs.js ]

Zeile gelöscht : user_pref("extensions.helperbar.BackPageActive", true);
Zeile gelöscht : user_pref("extensions.helperbar.DockingPositionDown", false);
Zeile gelöscht : user_pref("extensions.helperbar.SmartbarDisabled", false);
Zeile gelöscht : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
Zeile gelöscht : user_pref("extensions.helperbar.Visibility", false);
Zeile gelöscht : user_pref("extensions.helperbar.keepAliveLastevent", "1395934643");
Zeile gelöscht : user_pref("extensions.helperbar.lastExternalJsUpdate", "1396069634459");

-\\ Google Chrome v33.0.1750.154

[ Datei : C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [70035 octets] - [25/03/2014 15:33:47]
AdwCleaner[R1].txt - [1867 octets] - [09/04/2014 13:21:28]
AdwCleaner[R2].txt - [1925 octets] - [09/04/2014 13:23:19]
AdwCleaner[R3].txt - [1985 octets] - [09/04/2014 15:28:51]
AdwCleaner[S0].txt - [63153 octets] - [25/03/2014 15:36:52]
AdwCleaner[S1].txt - [1912 octets] - [09/04/2014 15:29:56]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1972 octets] ##########
         
FRST Logfile:


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 (ATTENTION: ====> FRST version is 27 days old and could be outdated)
Ran by Christopher (administrator) on CHRISTOPHER-PC on 09-04-2014 15:41:07
Running from F:\Dokumente
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Check Point Software Technologies) C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Comfort Software Group) C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Spotify Ltd) C:\Users\Christopher\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Dropbox, Inc.) C:\Users\Christopher\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Disc Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTShellHlp.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\DllHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(Check Point Software Technologies) C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor)
HKLM\...\Run: [ISW] - C:\Program Files\CheckPoint\ZAForceField\ForceField.exe [1127592 2012-11-22] (Check Point Software Technologies)
HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2199840 2014-04-02] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\nvspcap64.dll [1225920 2014-04-02] (NVIDIA Corporation)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-03-26] (Intel Corporation)
HKLM-x32\...\Run: [ZoneAlarm] - C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [73832 2013-01-29] (Check Point Software Technologies LTD)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BlueStacks Agent] - C:\Program Files (x86)\BlueStacks\HD-Agent.exe [601928 2013-08-07] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3814736 2014-02-26] (LogMeIn Inc.)
HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] - rmdir /s /q "\SearchProtect"
HKU\S-1-5-21-1243158617-1119941495-1123096171-1001\...\Run: [Pando Media Booster] - null\Pando Networks\Media Booster\PMB.exe
HKU\S-1-5-21-1243158617-1119941495-1123096171-1001\...\Run: [EPSON421CF4 (Epson Stylus Office BX320FW)] - C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGIE.EXE [224768 2009-09-14] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1243158617-1119941495-1123096171-1001\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1821888 2014-02-25] (Valve Corporation)
HKU\S-1-5-21-1243158617-1119941495-1123096171-1001\...\Run: [Akamai NetSession Interface] - C:\Users\Christopher\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1243158617-1119941495-1123096171-1001\...\Run: [FreeAC] - C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe [1328976 2012-04-25] (Comfort Software Group)
HKU\S-1-5-21-1243158617-1119941495-1123096171-1001\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd)
HKU\S-1-5-21-1243158617-1119941495-1123096171-1001\...\Run: [Overwolf] - C:\Program Files (x86)\Overwolf\Overwolf.exe [37664 2014-03-05] (Overwolf LTD)
HKU\S-1-5-21-1243158617-1119941495-1123096171-1001\...\Run: [Spotify] - C:\Users\Christopher\AppData\Roaming\Spotify\Spotify.exe [6118400 2014-01-15] (Spotify Ltd)
HKU\S-1-5-21-1243158617-1119941495-1123096171-1001\...\Run: [Spotify Web Helper] - C:\Users\Christopher\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-01-15] (Spotify Ltd)
HKU\S-1-5-21-1243158617-1119941495-1123096171-1001\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20924576 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-1243158617-1119941495-1123096171-1001\...\RunOnce: [Application Restart #1] - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [859976 2014-03-15] (Google Inc.)
HKU\S-1-5-21-1243158617-1119941495-1123096171-1001\...\MountPoints2: {2ea83c97-8278-11e2-929a-d43d7e31e76d} - E:\Install.exe
HKU\S-1-5-21-1243158617-1119941495-1123096171-1001\...\MountPoints2: {7a21e395-925a-11e3-9600-d43d7e31e76d} - H:\Startme.exe
HKU\S-1-5-21-1243158617-1119941495-1123096171-1001\...\MountPoints2: {a0f83e86-4ae0-11e3-b0f7-d43d7e31e76d} - E:\Autorun.exe
HKU\S-1-5-21-1243158617-1119941495-1123096171-1001\...\Command Processor:  <===== ATTENTION!
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => "C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" File Not Found
Startup: C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Christopher\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google Chrome.lnk
ShortcutTarget: Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Startup: C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TeamSpeak 3 Client.lnk
ShortcutTarget: TeamSpeak 3 Client.lnk -> C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe (TeamSpeak Systems GmbH)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xAD16E1DFF315CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
Toolbar: HKLM-x32 - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\yyqeewho.default-1374085442957
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @live.heroesandgenerals.com/npretox - C:\Program Files (x86)\Heroes & Generals\live\npretox-1.0.6.1\npretoxlive-1.0.6.1.dll (Reto-Moto ApS)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - null\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Users\Christopher\Downloads\null\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: zonealarm.com - C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\yyqeewho.default-1374085442957\Extensions\ffxtlbr@zonealarm.com [2013-07-17]
FF Extension: QuickShare Widget - C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\yyqeewho.default-1374085442957\Extensions\{b48f059e-4c8e-437e-8341-3f67dab778bb} [2014-03-11]
FF Extension: BonanzaDeals - C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\yyqeewho.default-1374085442957\Extensions\{f9d03c26-0575-497e-821d-f7956d23e0ca}.xpi [2014-01-04]
FF HKLM\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\TrustChecker
FF Extension: No Name - C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2013-02-28]
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF Extension: ZoneAlarm Security Engine - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2013-02-28]

Chrome: 
=======
CHR HomePage: 
CHR Extension: (Angry Birds) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2014-01-15]
CHR Extension: (Google Drive) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-13]
CHR Extension: (YouTube) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-13]
CHR Extension: (GMX MailCheck) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\camnampocfohlcgbajligmemmabnljcm [2013-12-12]
CHR Extension: (Google-Suche) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-13]
CHR Extension: (Regentropfen(Non-Aero)) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpagcfbbmlebfnkeogkigellbgmfkjfg [2014-02-02]
CHR Extension: (Heroes & Generals) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbophcdhblbipoaacgchllkobdaolpge [2014-03-02]
CHR Extension: (Google Wallet) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-13]
CHR Extension: (Google Mail) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-13]

==================== Services (Whitelisted) =================

S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [393032 2013-08-07] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384840 2013-08-07] (BlueStack Systems, Inc.)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [93016 2014-04-08] (EasyAntiCheat Ltd)
R2 IswSvc; C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe [828072 2012-11-22] (Check Point Software Technologies)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165144 2012-03-29] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-02-26] (LogMeIn, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1617352 2014-04-02] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [20542408 2014-04-02] (NVIDIA Corporation)
S3 OverwolfUpdaterService; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [99616 2014-03-05] (Overwolf LTD)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2013-09-09] ()
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [2447888 2013-01-29] (Check Point Software Technologies LTD)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-21] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [70984 2013-08-07] (BlueStack Systems)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-11-11] (Disc Soft Ltd)
R2 ISWKL; C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [33712 2012-11-22] (Check Point Software Technologies)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [89432 2012-11-15] (Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [611160 2012-11-15] (Kaspersky Lab)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-09] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-21] (NVIDIA Corporation)
S1 StarOpen; C:\Windows\SysWow64\Drivers\StarOpen.sys [5632 2006-07-24] ()
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [450136 2012-12-13] (Check Point Software Technologies LTD)
S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\1.3\temp\FairplayKD.sys [X]
U0 KL1; 
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-09 15:26 - 2014-04-09 15:26 - 00001155 _____ () C:\Users\Christopher\Desktop\mbam.txt
2014-04-09 15:05 - 2014-04-09 15:05 - 00000000 ____D () C:\Users\Christopher\Desktop\Sicherheit
2014-04-09 14:59 - 2014-04-09 14:59 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-09 14:59 - 2014-04-09 14:59 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-04-09 14:59 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-09 14:59 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-09 14:59 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-09 14:38 - 2014-04-09 14:38 - 00001268 _____ () C:\Users\Christopher\Desktop\Revo Uninstaller.lnk
2014-04-09 14:38 - 2014-04-09 14:38 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-04-09 13:39 - 2014-04-09 15:41 - 00000000 ____D () C:\FRST
2014-04-09 13:37 - 2014-04-09 13:37 - 00005186 _____ () C:\Users\Christopher\Desktop\archiv2.txt
2014-04-09 13:36 - 2014-04-09 13:36 - 00001211 _____ () C:\Users\Christopher\Desktop\Archiv.txt
2014-04-08 21:02 - 2014-04-09 15:39 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-08 21:02 - 2014-04-08 21:02 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-08 20:33 - 2014-04-08 20:39 - 00093016 _____ (EasyAntiCheat Ltd) C:\Windows\SysWOW64\EasyAntiCheat.exe
2014-04-08 20:22 - 2014-04-08 20:24 - 00000000 ____D () C:\Users\Christopher\AppData\Local\NVIDIA Corporation
2014-04-08 20:22 - 2014-04-02 15:28 - 01225920 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2014-04-08 20:22 - 2014-04-02 15:28 - 01081112 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2014-04-08 20:21 - 2014-03-21 21:43 - 00040392 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-04-08 20:21 - 2014-03-21 21:43 - 00037320 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2014-04-08 20:21 - 2014-03-21 21:43 - 00033568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-04-08 20:17 - 2014-04-08 20:17 - 00000222 _____ () C:\Users\Christopher\Desktop\Magicka Wizard Wars.url
2014-04-08 19:59 - 2014-04-08 20:24 - 00000000 ____D () C:\Users\Christopher\AppData\Local\NVIDIA
2014-04-08 19:55 - 2014-03-04 13:32 - 00599840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-04-04 22:05 - 2014-04-04 22:05 - 00001048 _____ () C:\Users\Christopher\Desktop\TERA.lnk
2014-04-04 17:24 - 2014-02-28 21:47 - 00000000 ____D () C:\Users\Christopher\Desktop\Minecraft Cracked
2014-03-30 17:11 - 2014-03-30 17:11 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf4c2a5dbd0a51.job
2014-03-29 20:58 - 2014-03-29 20:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-25 20:31 - 2014-03-26 00:04 - 00000015 _____ () C:\Users\Christopher\Desktop\Samp.txt
2014-03-25 17:24 - 2014-03-25 17:24 - 00001063 _____ () C:\Users\Christopher\Desktop\Notepad++.lnk
2014-03-25 17:24 - 2014-03-25 17:24 - 00000000 ____D () C:\Users\Christopher\AppData\Roaming\Notepad++
2014-03-25 17:24 - 2014-03-25 17:24 - 00000000 ____D () C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-03-25 17:24 - 2014-03-25 17:24 - 00000000 ____D () C:\Program Files (x86)\Notepad++
2014-03-25 17:12 - 2014-03-25 17:12 - 00001762 _____ () C:\Users\Christopher\Desktop\starbound_opengl - Verknüpfung.lnk
2014-03-25 17:08 - 2014-03-25 17:08 - 00002266 _____ () C:\Users\Christopher\Desktop\Starbound Update 7.1.lnk
2014-03-25 17:07 - 2011-03-30 20:35 - 00292184 ____N (Microsoft Corporation) C:\Users\Christopher\Desktop\dxwebsetup.exe
2014-03-25 17:04 - 2014-03-27 19:13 - 00000000 ____D () C:\Program Files (x86)\Starbound Update 7.1
2014-03-25 15:33 - 2014-04-09 15:30 - 00000000 ____D () C:\AdwCleaner
2014-03-21 16:09 - 2014-03-21 16:09 - 00000000 ____D () C:\Users\Christopher\AppData\Local\Skype
2014-03-21 16:08 - 2014-03-21 16:08 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-03-20 23:03 - 2014-03-20 23:03 - 15783992 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-03-20 23:03 - 2014-03-20 23:03 - 11589272 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-03-20 23:03 - 2014-03-20 23:03 - 09690424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-03-20 23:03 - 2014-03-20 23:03 - 00832936 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 31474976 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 25255256 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 23716640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 17755424 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 12708128 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-03-20 23:02 - 2014-03-20 23:02 - 11636176 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 09728064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 03143456 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 02958792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 02783008 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 02715264 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 02411976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 01885472 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433523.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 01516488 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433523.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 01515296 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 00892704 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 00877856 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 00863064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 00846168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 00484296 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 00409544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 00377688 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 00353504 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 00333600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 00197408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2014-03-20 23:02 - 2014-03-20 23:02 - 00174296 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 00148016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2014-03-20 21:36 - 2014-03-20 21:36 - 00000221 _____ () C:\Users\Christopher\Desktop\Men of War Assault Squad.url
2014-03-12 14:08 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-12 14:08 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-12 14:08 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-12 14:07 - 2014-03-01 08:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-12 14:07 - 2014-03-01 07:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-12 14:07 - 2014-03-01 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-12 14:07 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-12 14:07 - 2014-03-01 06:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-12 14:07 - 2014-03-01 06:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-12 14:07 - 2014-03-01 06:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-12 14:07 - 2014-03-01 06:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-12 14:07 - 2014-03-01 06:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-12 14:07 - 2014-03-01 06:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-12 14:07 - 2014-03-01 06:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-12 14:07 - 2014-03-01 06:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-12 14:07 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-12 14:07 - 2014-03-01 06:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-12 14:07 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-12 14:07 - 2014-03-01 06:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-12 14:07 - 2014-03-01 06:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-12 14:07 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-12 14:07 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-12 14:07 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-12 14:07 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-12 14:07 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-12 14:07 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-12 14:07 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-12 14:07 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-12 14:07 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-12 14:07 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-12 14:07 - 2014-03-01 05:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-12 14:07 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-12 14:07 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-12 14:07 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-12 14:07 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-12 14:07 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-12 14:07 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-12 14:07 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-12 14:07 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-12 14:07 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-12 14:07 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-12 14:07 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-12 14:07 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-12 14:07 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-12 14:07 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-12 14:07 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-12 14:07 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-12 14:07 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll

==================== One Month Modified Files and Folders =======

2014-04-09 15:41 - 2014-04-09 13:39 - 00000000 ____D () C:\FRST
2014-04-09 15:39 - 2014-04-08 21:02 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-09 15:39 - 2013-10-06 11:37 - 01898364 _____ () C:\Windows\WindowsUpdate.log
2014-04-09 15:39 - 2013-03-17 19:09 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-04-09 15:38 - 2013-11-30 23:14 - 00000000 ____D () C:\Users\Christopher\AppData\Roaming\Spotify
2014-04-09 15:37 - 2013-09-20 13:07 - 00000000 ____D () C:\Users\Christopher\AppData\Local\Overwolf
2014-04-09 15:37 - 2013-03-02 10:28 - 00000000 ____D () C:\Users\Christopher\AppData\Roaming\TS3Client
2014-04-09 15:36 - 2013-03-02 11:35 - 00000000 ____D () C:\Users\Christopher\AppData\Local\LogMeIn Hamachi
2014-04-09 15:35 - 2013-06-04 18:39 - 00000000 ___RD () C:\Users\Christopher\Dropbox
2014-04-09 15:35 - 2013-06-04 18:33 - 00000000 ____D () C:\Users\Christopher\AppData\Roaming\Dropbox
2014-04-09 15:35 - 2013-04-21 15:30 - 00000000 ____D () C:\Users\Christopher\AppData\Roaming\Skype
2014-04-09 15:34 - 2013-12-06 22:14 - 00014068 _____ () C:\Windows\setupact.log
2014-04-09 15:31 - 2013-12-09 17:08 - 00062336 _____ () C:\Windows\PFRO.log
2014-04-09 15:31 - 2013-02-25 23:39 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-04-09 15:30 - 2014-03-25 15:33 - 00000000 ____D () C:\AdwCleaner
2014-04-09 15:26 - 2014-04-09 15:26 - 00001155 _____ () C:\Users\Christopher\Desktop\mbam.txt
2014-04-09 15:05 - 2014-04-09 15:05 - 00000000 ____D () C:\Users\Christopher\Desktop\Sicherheit
2014-04-09 14:59 - 2014-04-09 14:59 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-09 14:59 - 2014-04-09 14:59 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-04-09 14:52 - 2014-01-07 02:34 - 00000000 ____D () C:\Users\Christopher\AppData\Roaming\Bonanza
2014-04-09 14:38 - 2014-04-09 14:38 - 00001268 _____ () C:\Users\Christopher\Desktop\Revo Uninstaller.lnk
2014-04-09 14:38 - 2014-04-09 14:38 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-04-09 13:37 - 2014-04-09 13:37 - 00005186 _____ () C:\Users\Christopher\Desktop\archiv2.txt
2014-04-09 13:36 - 2014-04-09 13:36 - 00001211 _____ () C:\Users\Christopher\Desktop\Archiv.txt
2014-04-09 13:02 - 2009-07-14 06:45 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-09 13:02 - 2009-07-14 06:45 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-08 22:16 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Vss
2014-04-08 22:16 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\IME
2014-04-08 21:02 - 2014-04-08 21:02 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-08 20:39 - 2014-04-08 20:33 - 00093016 _____ (EasyAntiCheat Ltd) C:\Windows\SysWOW64\EasyAntiCheat.exe
2014-04-08 20:24 - 2014-04-08 20:22 - 00000000 ____D () C:\Users\Christopher\AppData\Local\NVIDIA Corporation
2014-04-08 20:24 - 2014-04-08 19:59 - 00000000 ____D () C:\Users\Christopher\AppData\Local\NVIDIA
2014-04-08 20:24 - 2013-02-25 23:39 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-04-08 20:22 - 2013-02-25 23:39 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-04-08 20:22 - 2013-02-25 23:38 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-04-08 20:17 - 2014-04-08 20:17 - 00000222 _____ () C:\Users\Christopher\Desktop\Magicka Wizard Wars.url
2014-04-08 20:17 - 2013-03-17 19:16 - 00000000 ____D () C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-04-07 20:32 - 2013-11-30 23:15 - 00000000 ____D () C:\Users\Christopher\AppData\Local\Spotify
2014-04-05 18:23 - 2013-09-03 11:13 - 00000000 ____D () C:\Program Files (x86)\Electronic Arts
2014-04-05 18:22 - 2013-09-07 19:13 - 00000000 ____D () C:\Users\Christopher\AppData\Roaming\Meine Der Herr der Ringe™, Aufstieg des Hexenkönigs™-Dateien
2014-04-05 18:20 - 2011-04-12 09:43 - 00781554 _____ () C:\Windows\system32\perfh007.dat
2014-04-05 18:20 - 2011-04-12 09:43 - 00179804 _____ () C:\Windows\system32\perfc007.dat
2014-04-05 18:20 - 2009-07-14 07:13 - 01830186 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-05 15:58 - 2013-08-23 13:47 - 00000000 ____D () C:\Users\Christopher\AppData\Roaming\.minecraft
2014-04-05 15:52 - 2014-03-02 14:40 - 00000000 ____D () C:\Program Files (x86)\Heroes & Generals
2014-04-04 22:06 - 2013-08-11 13:56 - 00000000 ____D () C:\Program Files (x86)\TERA
2014-04-04 22:05 - 2014-04-04 22:05 - 00001048 _____ () C:\Users\Christopher\Desktop\TERA.lnk
2014-04-04 22:04 - 2013-03-02 10:24 - 00000000 ____D () C:\Ubisoft
2014-04-04 22:04 - 2013-02-25 22:44 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-04-04 17:26 - 2013-08-23 13:47 - 00356864 _____ () C:\Users\Christopher\Desktop\Minecraft.exe
2014-04-04 17:10 - 2013-07-25 11:42 - 00000000 ____D () C:\Users\Christopher\AppData\Local\Akamai
2014-04-04 17:08 - 2013-02-28 22:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-03 09:51 - 2014-04-09 14:59 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-09 14:59 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-09 14:59 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-02 15:28 - 2014-04-08 20:22 - 01225920 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2014-04-02 15:28 - 2014-04-08 20:22 - 01081112 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2014-03-30 17:11 - 2014-03-30 17:11 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf4c2a5dbd0a51.job
2014-03-29 20:58 - 2014-03-29 20:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-29 14:51 - 2013-03-02 10:28 - 00000000 ____D () C:\Program Files (x86)\Ubisoft
2014-03-28 22:11 - 2013-12-12 20:39 - 00000000 ____D () C:\Users\Christopher\AppData\Local\Battle.net
2014-03-27 19:13 - 2014-03-25 17:04 - 00000000 ____D () C:\Program Files (x86)\Starbound Update 7.1
2014-03-26 17:43 - 2013-02-28 22:37 - 00000000 ____D () C:\Users\Christopher
2014-03-26 00:04 - 2014-03-25 20:31 - 00000015 _____ () C:\Users\Christopher\Desktop\Samp.txt
2014-03-25 17:24 - 2014-03-25 17:24 - 00001063 _____ () C:\Users\Christopher\Desktop\Notepad++.lnk
2014-03-25 17:24 - 2014-03-25 17:24 - 00000000 ____D () C:\Users\Christopher\AppData\Roaming\Notepad++
2014-03-25 17:24 - 2014-03-25 17:24 - 00000000 ____D () C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-03-25 17:24 - 2014-03-25 17:24 - 00000000 ____D () C:\Program Files (x86)\Notepad++
2014-03-25 17:12 - 2014-03-25 17:12 - 00001762 _____ () C:\Users\Christopher\Desktop\starbound_opengl - Verknüpfung.lnk
2014-03-25 17:08 - 2014-03-25 17:08 - 00002266 _____ () C:\Users\Christopher\Desktop\Starbound Update 7.1.lnk
2014-03-25 17:08 - 2013-02-28 23:21 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-03-25 17:08 - 2013-02-28 23:21 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-03-25 15:43 - 2013-10-13 01:54 - 00001442 _____ () C:\Users\Christopher\Desktop\Chrome-App-Übersicht.lnk
2014-03-25 15:37 - 2013-10-13 01:54 - 00000000 ____D () C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-03-25 15:37 - 2013-10-13 01:51 - 00001282 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-25 15:37 - 2013-02-28 22:57 - 00001053 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-03-25 15:37 - 2013-02-28 22:37 - 00001007 _____ () C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-25 15:37 - 2013-02-28 22:37 - 00000000 ___RD () C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-22 22:29 - 2013-12-12 20:39 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-03-21 21:43 - 2014-04-08 20:21 - 00040392 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-03-21 21:43 - 2014-04-08 20:21 - 00037320 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2014-03-21 21:43 - 2014-04-08 20:21 - 00033568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-03-21 16:09 - 2014-03-21 16:09 - 00000000 ____D () C:\Users\Christopher\AppData\Local\Skype
2014-03-21 16:08 - 2014-03-21 16:08 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-03-21 16:08 - 2013-04-21 15:30 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-21 16:08 - 2013-04-21 15:30 - 00000000 ____D () C:\ProgramData\Skype
2014-03-20 23:03 - 2014-03-20 23:03 - 15783992 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-03-20 23:03 - 2014-03-20 23:03 - 11589272 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-03-20 23:03 - 2014-03-20 23:03 - 09690424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-03-20 23:03 - 2014-03-20 23:03 - 00832936 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-03-20 23:03 - 2013-09-17 22:22 - 18302384 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-03-20 23:03 - 2013-09-17 22:22 - 00947808 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2014-03-20 23:03 - 2013-02-25 23:39 - 00062408 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2014-03-20 23:03 - 2013-02-25 23:39 - 00054216 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 31474976 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 25255256 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 23716640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 17755424 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 12708128 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-03-20 23:02 - 2014-03-20 23:02 - 11636176 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 09728064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 03143456 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 02958792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 02783008 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 02715264 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 02411976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 01885472 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433523.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 01516488 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433523.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 01515296 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 00892704 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 00877856 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 00863064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 00846168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 00484296 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 00409544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 00377688 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 00353504 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 00333600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 00197408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2014-03-20 23:02 - 2014-03-20 23:02 - 00174296 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 00148016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2014-03-20 23:02 - 2013-09-17 22:22 - 14709720 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-03-20 23:02 - 2013-09-17 22:22 - 03093280 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2014-03-20 23:02 - 2013-02-25 23:38 - 00024544 _____ () C:\Windows\system32\nvinfo.pb
2014-03-20 22:48 - 2013-05-28 16:35 - 00000000 ____D () C:\Users\Christopher\Documents\My Games
2014-03-20 22:47 - 2013-12-08 23:08 - 00070508 _____ () C:\Windows\DirectX.log
2014-03-20 21:36 - 2014-03-20 21:36 - 00000221 _____ () C:\Users\Christopher\Desktop\Men of War Assault Squad.url
2014-03-19 16:02 - 2013-09-20 13:08 - 00000000 ____D () C:\Program Files (x86)\Overwolf
2014-03-19 15:34 - 2013-08-16 01:13 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-19 15:32 - 2012-01-06 12:03 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-15 18:52 - 2014-01-16 21:46 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-03-15 12:01 - 2013-02-28 23:19 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-15 12:01 - 2013-02-28 23:19 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-15 12:01 - 2013-02-28 23:19 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-14 16:05 - 2009-07-14 06:45 - 00276968 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-14 16:04 - 2013-10-22 01:31 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-14 16:04 - 2013-10-22 01:31 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-13 17:24 - 2013-03-02 10:27 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client

Files to move or delete:
====================
C:\Users\Christopher\AppData\Roaming\skype.ini
C:\ProgramData\0od37.bat
C:\ProgramData\0od37.pad
C:\ProgramData\0od37.reg
C:\ProgramData\8ejf2.bat
C:\ProgramData\8ejf2.pad
C:\ProgramData\8ejf2.reg
C:\ProgramData\ofbh.pad


Some content of TEMP:
====================
C:\Users\Christopher\AppData\Local\Temp\AutoRun.exe
C:\Users\Christopher\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Christopher\AppData\Local\Temp\EAInstall.dll
C:\Users\Christopher\AppData\Local\Temp\eauninstall.exe
C:\Users\Christopher\AppData\Local\Temp\Quarantine.exe
C:\Users\Christopher\AppData\Local\Temp\runprog.exe
C:\Users\Christopher\AppData\Local\Temp\The Lord of the Rings, The Rise of the Witch-king_uninst.exe
C:\Users\Christopher\AppData\Local\Temp\xmlUpdater.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-06-14 17:39

==================== End Of Log ============================
         
--- --- ---

--- --- ---

Eine "Addition.txt" datei wurde nicht erstellt
__________________

Geändert von Herdringen (09.04.2014 um 15:50 Uhr) Grund: Fehler entdeckt

Alt 10.04.2014, 10:33   #4
schrauber
/// the machine
/// TB-Ausbilder
 

[Win7] Eingabeaufforderung/CMD schließt sich sodort nach dem Öfnen - Standard

[Win7] Eingabeaufforderung/CMD schließt sich sodort nach dem Öfnen




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 10.04.2014, 19:43   #5
Herdringen
 
[Win7] Eingabeaufforderung/CMD schließt sich sodort nach dem Öfnen - Standard

[Win7] Eingabeaufforderung/CMD schließt sich sodort nach dem Öfnen



hallo "SecurityCheck" läst sich ebenfals nicht ausführen, es öfnet kurz Cmd schließt sofort wieder und das war dann die letzte regung von Produkt. Hier sind wieder die Text dateien. Und zu deiner Frage ob ich noch probleme haba ja es CMD schließt sich immer noch.

die log.txt
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=35face06dd476a49afd29650f6a04054
# engine=17832
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-04-10 04:45:44
# local_time=2014-04-10 06:45:44 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 98094 148778194 0 0
# compatibility_mode=9217 16776893 100 13 23060398 37667412 0 0
# scanned=358852
# found=6
# cleaned=0
# scan_time=12440
sh=2AE65B3436787DADDED7F4F508B1BACE1CFE10F7 ft=0 fh=0000000000000000 vn="Win32/Reveton.M trojan" ac=I fn="C:\ProgramData\0od37.bat"
sh=DCA05A439481650EF0F54DEC259BB7BABA2A0E08 ft=0 fh=0000000000000000 vn="Win32/Reveton.M trojan" ac=I fn="C:\ProgramData\8ejf2.bat"
sh=E9F27D87ABD3036BDDB6B47D9C21C85CA4AFB3B2 ft=0 fh=0000000000000000 vn="Win32/Reveton.M trojan" ac=I fn="C:\ProgramData\sdaksda.txt"
sh=2AE65B3436787DADDED7F4F508B1BACE1CFE10F7 ft=0 fh=0000000000000000 vn="Win32/Reveton.M trojan" ac=I fn="C:\Users\All Users\0od37.bat"
sh=DCA05A439481650EF0F54DEC259BB7BABA2A0E08 ft=0 fh=0000000000000000 vn="Win32/Reveton.M trojan" ac=I fn="C:\Users\All Users\8ejf2.bat"
sh=E9F27D87ABD3036BDDB6B47D9C21C85CA4AFB3B2 ft=0 fh=0000000000000000 vn="Win32/Reveton.M trojan" ac=I fn="C:\Users\All Users\sdaksda.txt"
         


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 (ATTENTION: ====> FRST version is 28 days old and could be outdated)
Ran by Christopher (administrator) on CHRISTOPHER-PC on 10-04-2014 19:39:21
Running from F:\Dokumente
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Check Point Software Technologies) C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Comfort Software Group) C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe
(Overwolf LTD) C:\Program Files (x86)\Overwolf\Overwolf.exe
(Dropbox, Inc.) C:\Users\Christopher\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Disc Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTShellHlp.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Overwolf LTD) C:\Program Files (x86)\Common Files\Overwolf\OverwolfHelper.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Overwolf LTD) C:\Program Files (x86)\Common Files\Overwolf\OverwolfHelper64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Spotify Ltd) C:\Users\Christopher\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(Check Point Software Technologies) C:\Program Files\CheckPoint\ZAForceField\ForceField.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor)
HKLM\...\Run: [ISW] - C:\Program Files\CheckPoint\ZAForceField\ForceField.exe [1127592 2012-11-22] (Check Point Software Technologies)
HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2199840 2014-04-02] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\nvspcap64.dll [1225920 2014-04-02] (NVIDIA Corporation)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-03-26] (Intel Corporation)
HKLM-x32\...\Run: [ZoneAlarm] - C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [73832 2013-01-29] (Check Point Software Technologies LTD)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BlueStacks Agent] - C:\Program Files (x86)\BlueStacks\HD-Agent.exe [601928 2013-08-07] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3814736 2014-02-26] (LogMeIn Inc.)
HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] - rmdir /s /q "\SearchProtect"
HKU\S-1-5-21-1243158617-1119941495-1123096171-1001\...\Run: [Pando Media Booster] - null\Pando Networks\Media Booster\PMB.exe
HKU\S-1-5-21-1243158617-1119941495-1123096171-1001\...\Run: [EPSON421CF4 (Epson Stylus Office BX320FW)] - C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGIE.EXE [224768 2009-09-14] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1243158617-1119941495-1123096171-1001\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1821888 2014-02-25] (Valve Corporation)
HKU\S-1-5-21-1243158617-1119941495-1123096171-1001\...\Run: [Akamai NetSession Interface] - C:\Users\Christopher\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1243158617-1119941495-1123096171-1001\...\Run: [FreeAC] - C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe [1328976 2012-04-25] (Comfort Software Group)
HKU\S-1-5-21-1243158617-1119941495-1123096171-1001\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd)
HKU\S-1-5-21-1243158617-1119941495-1123096171-1001\...\Run: [Overwolf] - C:\Program Files (x86)\Overwolf\Overwolf.exe [37664 2014-03-05] (Overwolf LTD)
HKU\S-1-5-21-1243158617-1119941495-1123096171-1001\...\Run: [Spotify] - C:\Users\Christopher\AppData\Roaming\Spotify\Spotify.exe [6087224 2014-04-10] (Spotify Ltd)
HKU\S-1-5-21-1243158617-1119941495-1123096171-1001\...\Run: [Spotify Web Helper] - C:\Users\Christopher\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000 2014-04-10] (Spotify Ltd)
HKU\S-1-5-21-1243158617-1119941495-1123096171-1001\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20924576 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-1243158617-1119941495-1123096171-1001\...\RunOnce: [Application Restart #1] - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [859976 2014-03-15] (Google Inc.)
HKU\S-1-5-21-1243158617-1119941495-1123096171-1001\...\MountPoints2: {2ea83c97-8278-11e2-929a-d43d7e31e76d} - E:\Install.exe
HKU\S-1-5-21-1243158617-1119941495-1123096171-1001\...\MountPoints2: {7a21e395-925a-11e3-9600-d43d7e31e76d} - H:\Startme.exe
HKU\S-1-5-21-1243158617-1119941495-1123096171-1001\...\MountPoints2: {a0f83e86-4ae0-11e3-b0f7-d43d7e31e76d} - E:\Autorun.exe
HKU\S-1-5-21-1243158617-1119941495-1123096171-1001\...\Command Processor:  <===== ATTENTION!
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => "C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" File Not Found
Startup: C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Christopher\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google Chrome.lnk
ShortcutTarget: Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Startup: C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TeamSpeak 3 Client.lnk
ShortcutTarget: TeamSpeak 3 Client.lnk -> C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe (TeamSpeak Systems GmbH)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xAD16E1DFF315CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
Toolbar: HKLM-x32 - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 80.69.103.78 80.69.102.158

FireFox:
========
FF ProfilePath: C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\yyqeewho.default-1374085442957
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @live.heroesandgenerals.com/npretox - C:\Program Files (x86)\Heroes & Generals\live\npretox-1.0.6.1\npretoxlive-1.0.6.1.dll (Reto-Moto ApS)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - null\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Users\Christopher\Downloads\null\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: zonealarm.com - C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\yyqeewho.default-1374085442957\Extensions\ffxtlbr@zonealarm.com [2013-07-17]
FF Extension: QuickShare Widget - C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\yyqeewho.default-1374085442957\Extensions\{b48f059e-4c8e-437e-8341-3f67dab778bb} [2014-03-11]
FF Extension: BonanzaDeals - C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\yyqeewho.default-1374085442957\Extensions\{f9d03c26-0575-497e-821d-f7956d23e0ca}.xpi [2014-01-04]
FF HKLM\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\TrustChecker
FF Extension: No Name - C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2013-02-28]
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF Extension: ZoneAlarm Security Engine - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2013-02-28]

Chrome: 
=======
CHR HomePage: 
CHR Extension: (Angry Birds) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2014-01-15]
CHR Extension: (Google Drive) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-13]
CHR Extension: (YouTube) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-13]
CHR Extension: (GMX MailCheck) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\camnampocfohlcgbajligmemmabnljcm [2013-12-12]
CHR Extension: (Google-Suche) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-13]
CHR Extension: (Regentropfen(Non-Aero)) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpagcfbbmlebfnkeogkigellbgmfkjfg [2014-02-02]
CHR Extension: (Heroes & Generals) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbophcdhblbipoaacgchllkobdaolpge [2014-03-02]
CHR Extension: (Google Wallet) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-13]
CHR Extension: (Google Mail) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-13]

==================== Services (Whitelisted) =================

S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [393032 2013-08-07] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384840 2013-08-07] (BlueStack Systems, Inc.)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [93016 2014-04-08] (EasyAntiCheat Ltd)
R2 IswSvc; C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe [828072 2012-11-22] (Check Point Software Technologies)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165144 2012-03-29] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-02-26] (LogMeIn, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1617352 2014-04-02] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [20542408 2014-04-02] (NVIDIA Corporation)
S3 OverwolfUpdaterService; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [99616 2014-03-05] (Overwolf LTD)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2013-09-09] ()
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [2447888 2013-01-29] (Check Point Software Technologies LTD)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-21] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [70984 2013-08-07] (BlueStack Systems)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-11-11] (Disc Soft Ltd)
R2 ISWKL; C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [33712 2012-11-22] (Check Point Software Technologies)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [89432 2012-11-15] (Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [611160 2012-11-15] (Kaspersky Lab)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-10] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-21] (NVIDIA Corporation)
S1 StarOpen; C:\Windows\SysWow64\Drivers\StarOpen.sys [5632 2006-07-24] ()
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [450136 2012-12-13] (Check Point Software Technologies LTD)
S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\1.3\temp\FairplayKD.sys [X]
U0 KL1; 
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-09 15:26 - 2014-04-09 15:26 - 00001155 _____ () C:\Users\Christopher\Desktop\mbam.txt
2014-04-09 15:05 - 2014-04-10 19:35 - 00000000 ____D () C:\Users\Christopher\Desktop\Sicherheit
2014-04-09 14:59 - 2014-04-09 14:59 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-09 14:59 - 2014-04-09 14:59 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-04-09 14:59 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-09 14:59 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-09 14:59 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-09 14:38 - 2014-04-09 14:38 - 00001268 _____ () C:\Users\Christopher\Desktop\Revo Uninstaller.lnk
2014-04-09 14:38 - 2014-04-09 14:38 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-04-09 13:39 - 2014-04-10 19:39 - 00000000 ____D () C:\FRST
2014-04-09 13:37 - 2014-04-09 13:37 - 00005186 _____ () C:\Users\Christopher\Desktop\archiv2.txt
2014-04-09 13:36 - 2014-04-09 13:36 - 00001211 _____ () C:\Users\Christopher\Desktop\Archiv.txt
2014-04-08 21:02 - 2014-04-10 19:17 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-08 21:02 - 2014-04-08 21:02 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-08 20:33 - 2014-04-08 20:39 - 00093016 _____ (EasyAntiCheat Ltd) C:\Windows\SysWOW64\EasyAntiCheat.exe
2014-04-08 20:22 - 2014-04-08 20:24 - 00000000 ____D () C:\Users\Christopher\AppData\Local\NVIDIA Corporation
2014-04-08 20:22 - 2014-04-02 15:28 - 01225920 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2014-04-08 20:22 - 2014-04-02 15:28 - 01081112 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2014-04-08 20:21 - 2014-03-21 21:43 - 00040392 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-04-08 20:21 - 2014-03-21 21:43 - 00037320 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2014-04-08 20:21 - 2014-03-21 21:43 - 00033568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-04-08 20:17 - 2014-04-08 20:17 - 00000222 _____ () C:\Users\Christopher\Desktop\Magicka Wizard Wars.url
2014-04-08 19:59 - 2014-04-08 20:24 - 00000000 ____D () C:\Users\Christopher\AppData\Local\NVIDIA
2014-04-08 19:55 - 2014-03-04 13:32 - 00599840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-04-04 22:05 - 2014-04-04 22:05 - 00001048 _____ () C:\Users\Christopher\Desktop\TERA.lnk
2014-04-04 17:24 - 2014-02-28 21:47 - 00000000 ____D () C:\Users\Christopher\Desktop\Minecraft Cracked
2014-03-30 17:11 - 2014-03-30 17:11 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf4c2a5dbd0a51.job
2014-03-29 20:58 - 2014-03-29 20:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-25 20:31 - 2014-03-26 00:04 - 00000015 _____ () C:\Users\Christopher\Desktop\Samp.txt
2014-03-25 17:24 - 2014-03-25 17:24 - 00001063 _____ () C:\Users\Christopher\Desktop\Notepad++.lnk
2014-03-25 17:24 - 2014-03-25 17:24 - 00000000 ____D () C:\Users\Christopher\AppData\Roaming\Notepad++
2014-03-25 17:24 - 2014-03-25 17:24 - 00000000 ____D () C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-03-25 17:24 - 2014-03-25 17:24 - 00000000 ____D () C:\Program Files (x86)\Notepad++
2014-03-25 17:12 - 2014-03-25 17:12 - 00001762 _____ () C:\Users\Christopher\Desktop\starbound_opengl - Verknüpfung.lnk
2014-03-25 17:08 - 2014-03-25 17:08 - 00002266 _____ () C:\Users\Christopher\Desktop\Starbound Update 7.1.lnk
2014-03-25 17:07 - 2011-03-30 20:35 - 00292184 ____N (Microsoft Corporation) C:\Users\Christopher\Desktop\dxwebsetup.exe
2014-03-25 17:04 - 2014-03-27 19:13 - 00000000 ____D () C:\Program Files (x86)\Starbound Update 7.1
2014-03-25 15:33 - 2014-04-09 15:30 - 00000000 ____D () C:\AdwCleaner
2014-03-21 16:09 - 2014-03-21 16:09 - 00000000 ____D () C:\Users\Christopher\AppData\Local\Skype
2014-03-21 16:08 - 2014-03-21 16:08 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-03-20 23:03 - 2014-03-20 23:03 - 15783992 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-03-20 23:03 - 2014-03-20 23:03 - 11589272 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-03-20 23:03 - 2014-03-20 23:03 - 09690424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-03-20 23:03 - 2014-03-20 23:03 - 00832936 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 31474976 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 25255256 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 23716640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 17755424 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 12708128 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-03-20 23:02 - 2014-03-20 23:02 - 11636176 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 09728064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 03143456 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 02958792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 02783008 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 02715264 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 02411976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 01885472 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433523.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 01516488 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433523.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 01515296 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 00892704 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 00877856 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 00863064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 00846168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 00484296 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 00409544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 00377688 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 00353504 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 00333600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 00197408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2014-03-20 23:02 - 2014-03-20 23:02 - 00174296 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 00148016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2014-03-20 21:36 - 2014-03-20 21:36 - 00000221 _____ () C:\Users\Christopher\Desktop\Men of War Assault Squad.url
2014-03-12 14:08 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-12 14:08 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-12 14:08 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-12 14:07 - 2014-03-01 08:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-12 14:07 - 2014-03-01 07:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-12 14:07 - 2014-03-01 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-12 14:07 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-12 14:07 - 2014-03-01 06:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-12 14:07 - 2014-03-01 06:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-12 14:07 - 2014-03-01 06:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-12 14:07 - 2014-03-01 06:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-12 14:07 - 2014-03-01 06:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-12 14:07 - 2014-03-01 06:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-12 14:07 - 2014-03-01 06:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-12 14:07 - 2014-03-01 06:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-12 14:07 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-12 14:07 - 2014-03-01 06:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-12 14:07 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-12 14:07 - 2014-03-01 06:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-12 14:07 - 2014-03-01 06:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-12 14:07 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-12 14:07 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-12 14:07 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-12 14:07 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-12 14:07 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-12 14:07 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-12 14:07 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-12 14:07 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-12 14:07 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-12 14:07 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-12 14:07 - 2014-03-01 05:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-12 14:07 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-12 14:07 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-12 14:07 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-12 14:07 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-12 14:07 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-12 14:07 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-12 14:07 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-12 14:07 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-12 14:07 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-12 14:07 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-12 14:07 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-12 14:07 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-12 14:07 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-12 14:07 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-12 14:07 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-12 14:07 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-12 14:07 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll

==================== One Month Modified Files and Folders =======

2014-04-10 19:40 - 2013-04-21 15:30 - 00000000 ____D () C:\Users\Christopher\AppData\Roaming\Skype
2014-04-10 19:39 - 2014-04-09 13:39 - 00000000 ____D () C:\FRST
2014-04-10 19:39 - 2013-03-17 19:09 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-04-10 19:35 - 2014-04-09 15:05 - 00000000 ____D () C:\Users\Christopher\Desktop\Sicherheit
2014-04-10 19:17 - 2014-04-08 21:02 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-10 17:17 - 2013-10-06 11:37 - 01962176 _____ () C:\Windows\WindowsUpdate.log
2014-04-10 16:35 - 2013-11-30 23:14 - 00000000 ____D () C:\Users\Christopher\AppData\Roaming\Spotify
2014-04-10 16:32 - 2013-11-30 23:15 - 00000000 ____D () C:\Users\Christopher\AppData\Local\Spotify
2014-04-10 15:24 - 2013-03-02 11:35 - 00000000 ____D () C:\Users\Christopher\AppData\Local\LogMeIn Hamachi
2014-04-10 15:20 - 2013-08-16 01:13 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-10 15:20 - 2012-01-06 12:03 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-10 15:20 - 2009-07-14 06:45 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-10 15:20 - 2009-07-14 06:45 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-10 15:17 - 2013-03-02 10:28 - 00000000 ____D () C:\Users\Christopher\AppData\Roaming\TS3Client
2014-04-10 15:17 - 2011-04-12 09:43 - 00781554 _____ () C:\Windows\system32\perfh007.dat
2014-04-10 15:17 - 2011-04-12 09:43 - 00179804 _____ () C:\Windows\system32\perfc007.dat
2014-04-10 15:17 - 2009-07-14 07:13 - 01830186 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-10 15:11 - 2013-12-06 22:14 - 00014292 _____ () C:\Windows\setupact.log
2014-04-10 15:11 - 2013-09-20 13:07 - 00000000 ____D () C:\Users\Christopher\AppData\Local\Overwolf
2014-04-10 15:11 - 2013-06-04 18:39 - 00000000 ___RD () C:\Users\Christopher\Dropbox
2014-04-10 15:11 - 2013-06-04 18:33 - 00000000 ____D () C:\Users\Christopher\AppData\Roaming\Dropbox
2014-04-10 15:08 - 2013-02-25 23:39 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-04-09 15:31 - 2013-12-09 17:08 - 00062336 _____ () C:\Windows\PFRO.log
2014-04-09 15:30 - 2014-03-25 15:33 - 00000000 ____D () C:\AdwCleaner
2014-04-09 15:26 - 2014-04-09 15:26 - 00001155 _____ () C:\Users\Christopher\Desktop\mbam.txt
2014-04-09 14:59 - 2014-04-09 14:59 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-09 14:59 - 2014-04-09 14:59 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-04-09 14:52 - 2014-01-07 02:34 - 00000000 ____D () C:\Users\Christopher\AppData\Roaming\Bonanza
2014-04-09 14:38 - 2014-04-09 14:38 - 00001268 _____ () C:\Users\Christopher\Desktop\Revo Uninstaller.lnk
2014-04-09 14:38 - 2014-04-09 14:38 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-04-09 13:37 - 2014-04-09 13:37 - 00005186 _____ () C:\Users\Christopher\Desktop\archiv2.txt
2014-04-09 13:36 - 2014-04-09 13:36 - 00001211 _____ () C:\Users\Christopher\Desktop\Archiv.txt
2014-04-08 22:16 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Vss
2014-04-08 22:16 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\IME
2014-04-08 21:02 - 2014-04-08 21:02 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-08 20:39 - 2014-04-08 20:33 - 00093016 _____ (EasyAntiCheat Ltd) C:\Windows\SysWOW64\EasyAntiCheat.exe
2014-04-08 20:24 - 2014-04-08 20:22 - 00000000 ____D () C:\Users\Christopher\AppData\Local\NVIDIA Corporation
2014-04-08 20:24 - 2014-04-08 19:59 - 00000000 ____D () C:\Users\Christopher\AppData\Local\NVIDIA
2014-04-08 20:24 - 2013-02-25 23:39 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-04-08 20:22 - 2013-02-25 23:39 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-04-08 20:22 - 2013-02-25 23:38 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-04-08 20:17 - 2014-04-08 20:17 - 00000222 _____ () C:\Users\Christopher\Desktop\Magicka Wizard Wars.url
2014-04-08 20:17 - 2013-03-17 19:16 - 00000000 ____D () C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-04-05 18:23 - 2013-09-03 11:13 - 00000000 ____D () C:\Program Files (x86)\Electronic Arts
2014-04-05 18:22 - 2013-09-07 19:13 - 00000000 ____D () C:\Users\Christopher\AppData\Roaming\Meine Der Herr der Ringe™, Aufstieg des Hexenkönigs™-Dateien
2014-04-05 15:58 - 2013-08-23 13:47 - 00000000 ____D () C:\Users\Christopher\AppData\Roaming\.minecraft
2014-04-05 15:52 - 2014-03-02 14:40 - 00000000 ____D () C:\Program Files (x86)\Heroes & Generals
2014-04-04 22:06 - 2013-08-11 13:56 - 00000000 ____D () C:\Program Files (x86)\TERA
2014-04-04 22:05 - 2014-04-04 22:05 - 00001048 _____ () C:\Users\Christopher\Desktop\TERA.lnk
2014-04-04 22:04 - 2013-03-02 10:24 - 00000000 ____D () C:\Ubisoft
2014-04-04 22:04 - 2013-02-25 22:44 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-04-04 17:26 - 2013-08-23 13:47 - 00356864 _____ () C:\Users\Christopher\Desktop\Minecraft.exe
2014-04-04 17:10 - 2013-07-25 11:42 - 00000000 ____D () C:\Users\Christopher\AppData\Local\Akamai
2014-04-04 17:08 - 2013-02-28 22:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-03 09:51 - 2014-04-09 14:59 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-09 14:59 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-09 14:59 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-02 15:28 - 2014-04-08 20:22 - 01225920 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2014-04-02 15:28 - 2014-04-08 20:22 - 01081112 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2014-03-30 17:11 - 2014-03-30 17:11 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf4c2a5dbd0a51.job
2014-03-29 20:58 - 2014-03-29 20:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-29 14:51 - 2013-03-02 10:28 - 00000000 ____D () C:\Program Files (x86)\Ubisoft
2014-03-28 22:11 - 2013-12-12 20:39 - 00000000 ____D () C:\Users\Christopher\AppData\Local\Battle.net
2014-03-27 19:13 - 2014-03-25 17:04 - 00000000 ____D () C:\Program Files (x86)\Starbound Update 7.1
2014-03-26 17:43 - 2013-02-28 22:37 - 00000000 ____D () C:\Users\Christopher
2014-03-26 00:04 - 2014-03-25 20:31 - 00000015 _____ () C:\Users\Christopher\Desktop\Samp.txt
2014-03-25 17:24 - 2014-03-25 17:24 - 00001063 _____ () C:\Users\Christopher\Desktop\Notepad++.lnk
2014-03-25 17:24 - 2014-03-25 17:24 - 00000000 ____D () C:\Users\Christopher\AppData\Roaming\Notepad++
2014-03-25 17:24 - 2014-03-25 17:24 - 00000000 ____D () C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-03-25 17:24 - 2014-03-25 17:24 - 00000000 ____D () C:\Program Files (x86)\Notepad++
2014-03-25 17:12 - 2014-03-25 17:12 - 00001762 _____ () C:\Users\Christopher\Desktop\starbound_opengl - Verknüpfung.lnk
2014-03-25 17:08 - 2014-03-25 17:08 - 00002266 _____ () C:\Users\Christopher\Desktop\Starbound Update 7.1.lnk
2014-03-25 17:08 - 2013-02-28 23:21 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-03-25 17:08 - 2013-02-28 23:21 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-03-25 15:43 - 2013-10-13 01:54 - 00001442 _____ () C:\Users\Christopher\Desktop\Chrome-App-Übersicht.lnk
2014-03-25 15:37 - 2013-10-13 01:54 - 00000000 ____D () C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-03-25 15:37 - 2013-10-13 01:51 - 00001282 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-25 15:37 - 2013-02-28 22:57 - 00001053 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-03-25 15:37 - 2013-02-28 22:37 - 00001007 _____ () C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-25 15:37 - 2013-02-28 22:37 - 00000000 ___RD () C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-22 22:29 - 2013-12-12 20:39 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-03-21 21:43 - 2014-04-08 20:21 - 00040392 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-03-21 21:43 - 2014-04-08 20:21 - 00037320 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2014-03-21 21:43 - 2014-04-08 20:21 - 00033568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-03-21 16:09 - 2014-03-21 16:09 - 00000000 ____D () C:\Users\Christopher\AppData\Local\Skype
2014-03-21 16:08 - 2014-03-21 16:08 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-03-21 16:08 - 2013-04-21 15:30 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-21 16:08 - 2013-04-21 15:30 - 00000000 ____D () C:\ProgramData\Skype
2014-03-20 23:03 - 2014-03-20 23:03 - 15783992 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-03-20 23:03 - 2014-03-20 23:03 - 11589272 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-03-20 23:03 - 2014-03-20 23:03 - 09690424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-03-20 23:03 - 2014-03-20 23:03 - 00832936 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-03-20 23:03 - 2013-09-17 22:22 - 18302384 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-03-20 23:03 - 2013-09-17 22:22 - 00947808 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2014-03-20 23:03 - 2013-02-25 23:39 - 00062408 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2014-03-20 23:03 - 2013-02-25 23:39 - 00054216 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 31474976 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 25255256 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 23716640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 17755424 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 12708128 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-03-20 23:02 - 2014-03-20 23:02 - 11636176 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 09728064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 03143456 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 02958792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 02783008 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 02715264 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 02411976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 01885472 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433523.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 01516488 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433523.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 01515296 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 00892704 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 00877856 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 00863064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 00846168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 00484296 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 00409544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 00377688 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 00353504 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 00333600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 00197408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2014-03-20 23:02 - 2014-03-20 23:02 - 00174296 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 00148016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-03-20 23:02 - 2014-03-20 23:02 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2014-03-20 23:02 - 2013-09-17 22:22 - 14709720 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-03-20 23:02 - 2013-09-17 22:22 - 03093280 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2014-03-20 23:02 - 2013-02-25 23:38 - 00024544 _____ () C:\Windows\system32\nvinfo.pb
2014-03-20 22:48 - 2013-05-28 16:35 - 00000000 ____D () C:\Users\Christopher\Documents\My Games
2014-03-20 22:47 - 2013-12-08 23:08 - 00070508 _____ () C:\Windows\DirectX.log
2014-03-20 21:36 - 2014-03-20 21:36 - 00000221 _____ () C:\Users\Christopher\Desktop\Men of War Assault Squad.url
2014-03-19 16:02 - 2013-09-20 13:08 - 00000000 ____D () C:\Program Files (x86)\Overwolf
2014-03-15 18:52 - 2014-01-16 21:46 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-03-15 12:01 - 2013-02-28 23:19 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-15 12:01 - 2013-02-28 23:19 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-15 12:01 - 2013-02-28 23:19 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-14 16:05 - 2009-07-14 06:45 - 00276968 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-14 16:04 - 2013-10-22 01:31 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-14 16:04 - 2013-10-22 01:31 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-13 17:24 - 2013-03-02 10:27 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client

Files to move or delete:
====================
C:\Users\Christopher\AppData\Roaming\skype.ini
C:\ProgramData\0od37.bat
C:\ProgramData\0od37.pad
C:\ProgramData\0od37.reg
C:\ProgramData\8ejf2.bat
C:\ProgramData\8ejf2.pad
C:\ProgramData\8ejf2.reg
C:\ProgramData\ofbh.pad


Some content of TEMP:
====================
C:\Users\Christopher\AppData\Local\Temp\AutoRun.exe
C:\Users\Christopher\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Christopher\AppData\Local\Temp\EAInstall.dll
C:\Users\Christopher\AppData\Local\Temp\eauninstall.exe
C:\Users\Christopher\AppData\Local\Temp\Quarantine.exe
C:\Users\Christopher\AppData\Local\Temp\runprog.exe
C:\Users\Christopher\AppData\Local\Temp\The Lord of the Rings, The Rise of the Witch-king_uninst.exe
C:\Users\Christopher\AppData\Local\Temp\xmlUpdater.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-06-14 17:39

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---


Alt 11.04.2014, 08:00   #6
schrauber
/// the machine
/// TB-Ausbilder
 

[Win7] Eingabeaufforderung/CMD schließt sich sodort nach dem Öfnen - Standard

[Win7] Eingabeaufforderung/CMD schließt sich sodort nach dem Öfnen



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
C:\ProgramData\0od37.bat
C:\ProgramData\8ejf2.bat
C:\ProgramData\sdaksda.txt
HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] - rmdir /s /q "\SearchProtect"
HKU\S-1-5-21-1243158617-1119941495-1123096171-1001\...\Command Processor:  <===== ATTENTION!
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => "C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" File Not Found
C:\Users\Christopher\AppData\Roaming\skype.ini
C:\ProgramData\0od37.bat
C:\ProgramData\0od37.pad
C:\ProgramData\0od37.reg
C:\ProgramData\8ejf2.bat
C:\ProgramData\8ejf2.pad
C:\ProgramData\8ejf2.reg
C:\ProgramData\ofbh.pad
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.






Fertig

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
--> [Win7] Eingabeaufforderung/CMD schließt sich sodort nach dem Öfnen

Alt 12.04.2014, 14:27   #7
Herdringen
 
[Win7] Eingabeaufforderung/CMD schließt sich sodort nach dem Öfnen - Daumen hoch

[Win7] Eingabeaufforderung/CMD schließt sich sodort nach dem Öfnen



Danke Schrauber vielen danke alle Probleme sind gelöst und das Einwandfrei
warst echt ne super Hilfe danke nochmal

Alt 13.04.2014, 17:50   #8
schrauber
/// the machine
/// TB-Ausbilder
 

[Win7] Eingabeaufforderung/CMD schließt sich sodort nach dem Öfnen - Standard

[Win7] Eingabeaufforderung/CMD schließt sich sodort nach dem Öfnen



Gern Geschehen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu [Win7] Eingabeaufforderung/CMD schließt sich sodort nach dem Öfnen
akamai, antivirus, avira, bluestacks, browser, cmd offnet nicht, desktop, eingabeaufforderung, error, failed, fehler, flash player, google, home, homepage, iexplore.exe, installation, kaspersky, linkury, mozilla, msiinstaller, object, outbound, realtek, refresh, registry, rootkit, scan, security, software, spotify web helper, system, teamspeak



Ähnliche Themen: [Win7] Eingabeaufforderung/CMD schließt sich sodort nach dem Öfnen


  1. WIN7: PUA/Installmonetizer installiert sich nach dem Löschen immer wieder selbst
    Log-Analyse und Auswertung - 25.07.2015 (12)
  2. Mozilla schließt sich einfach nach einer gewissen Zeit
    Alles rund um Windows - 08.05.2015 (5)
  3. Windows 7: Firefox schließt sich von alleine und kann erst nach Neustart wieder gestartet werden
    Log-Analyse und Auswertung - 06.05.2015 (10)
  4. Win7: werde regelmäßig auf Desktop geschmissen, Programm öffnet und schließt sich kurz in Programmleiste
    Log-Analyse und Auswertung - 25.02.2015 (62)
  5. Win7 - aktives Fenster de-selektiert sich nach ein paar Sekunden
    Log-Analyse und Auswertung - 19.04.2014 (28)
  6. cmd.exe bzw. Eingabeaufforderung öffnet sich nicht/nur kurz!
    Plagegeister aller Art und deren Bekämpfung - 11.02.2014 (11)
  7. Win7 64bit hängt sich nach neuinstallation auf
    Alles rund um Windows - 10.12.2013 (1)
  8. Avast hat Bedrohung gemeldet - Eingabeaufforderung öffnet sich von allein, Computer startet neu
    Log-Analyse und Auswertung - 29.10.2013 (3)
  9. Win7 lässt sich nach automatischen Updates nicht mehr starten
    Log-Analyse und Auswertung - 16.08.2013 (5)
  10. alte Programme lassen sich nach Upgrade von XP auf Win7 prof. nicht löschen
    Alles rund um Windows - 31.08.2012 (2)
  11. Ordner schließt sich nach dem öffnen automatisch!!
    Alles rund um Windows - 02.07.2009 (9)
  12. firefox schließt sich sofort wieder nach den start
    Log-Analyse und Auswertung - 27.04.2009 (0)
  13. Taskmanager schließt sich sofort nach dem öffnen
    Plagegeister aller Art und deren Bekämpfung - 16.01.2009 (3)
  14. Firefox schließt sich direkt nach öffnen wieder
    Plagegeister aller Art und deren Bekämpfung - 15.09.2008 (7)
  15. Nach Windows Update Internet Explorer schließt sich nach dem öffen kann es sein ?
    Log-Analyse und Auswertung - 15.12.2007 (3)
  16. Hilfe - Eingabeaufforderung öffnet sich selbst
    Plagegeister aller Art und deren Bekämpfung - 11.02.2007 (10)
  17. Internet Explorer 6.0 schließt sich wieder sofort nach dem öffnen Trojaner ??
    Log-Analyse und Auswertung - 28.04.2006 (3)

Zum Thema [Win7] Eingabeaufforderung/CMD schließt sich sodort nach dem Öfnen - Hallo Leute, ich habe vor kurzen bei einer Instalation gemerkt das sie versucht CMD zu nutzen es aber nicht will, habe es dann manuel nochmal probiert klapte auch net. Darauf - [Win7] Eingabeaufforderung/CMD schließt sich sodort nach dem Öfnen...
Archiv
Du betrachtest: [Win7] Eingabeaufforderung/CMD schließt sich sodort nach dem Öfnen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.