Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: h**p://98uj8.de/s3brsn5ba66mgfzeinrum#ad 98uj8.de hat sich gestern mehrmals selbstständig geöffnet

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 01.08.2014, 14:24   #1
jrrrrr
 
h**p://98uj8.de/s3brsn5ba66mgfzeinrum#ad 98uj8.de hat sich gestern mehrmals selbstständig geöffnet - Standard

h**p://98uj8.de/s3brsn5ba66mgfzeinrum#ad 98uj8.de hat sich gestern mehrmals selbstständig geöffnet



Hallo,

und zwar habe ich das Problem, dass wie hier bei vielen anderen auch, sich gestern mehrmals die Seite h**p://98uj8.de/s3brsn5ba66mgfzeinrum#ad 98uj8.de in meinem Firefox Browser trotz NoSkript geöffnet hat.

Es wäre schön wenn ihr mir helfen könntet.

MfG

Alt 01.08.2014, 15:06   #2
M-K-D-B
/// TB-Ausbilder
 
h**p://98uj8.de/s3brsn5ba66mgfzeinrum#ad 98uj8.de hat sich gestern mehrmals selbstständig geöffnet - Standard

h**p://98uj8.de/s3brsn5ba66mgfzeinrum#ad 98uj8.de hat sich gestern mehrmals selbstständig geöffnet






Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.


Bitte beachte folgende Hinweise:
  • Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
  • Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
  • Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
    Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
  • Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
  • Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!


Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Danke für deine Mitarbeit!





Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 01.08.2014, 15:46   #3
jrrrrr
 
h**p://98uj8.de/s3brsn5ba66mgfzeinrum#ad 98uj8.de hat sich gestern mehrmals selbstständig geöffnet - Standard

h**p://98uj8.de/s3brsn5ba66mgfzeinrum#ad 98uj8.de hat sich gestern mehrmals selbstständig geöffnet



Hallo,
danke schon einmal für deine Hilfe. Hier sind die logs


FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-07-2014 02
Ran by SMC (administrator) on ENZO on 01-08-2014 15:39:02
Running from C:\Users\SMC\Desktop
Platform: Windows 8 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
(Spotify Ltd) C:\Users\SMC\AppData\Roaming\Spotify\spotify.exe
() C:\Users\SMC\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\SMC\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\SMC\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
() C:\Users\SMC\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Spotify Ltd) C:\Users\SMC\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
() C:\Users\SMC\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Mozilla Corporation) C:\Windows\Windows.old\Program Files (x86)\Mozilla Firefox\firefox.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe
() C:\Users\SMC\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\SMC\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Mozilla Corporation) C:\Windows\Windows.old\Program Files (x86)\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Ymir Entertainment) C:\Users\SMC\Desktop\Hardcore-RELOADED\bin\metin2client.bin
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Riot Gaymes\LeagueOfLegends\RADS\system\rads_user_kernel.exe
() C:\Riot Gaymes\LeagueOfLegends\RADS\projects\lol_launcher\releases\0.0.0.213\deploy\LoLLauncher.exe
() C:\Riot Gaymes\LeagueOfLegends\RADS\projects\lol_air_client\releases\0.0.1.101\deploy\LolClient.exe
(Ymir Entertainment) C:\Users\SMC\Desktop\Hardcore-RELOADED\bin\metin2client.bin
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [7468784 2013-02-28] (Logitech Inc.)
HKLM\...\Run: [ISCT Tray] => C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe [5860656 2014-02-21] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
HKU\S-1-5-21-4258935142-1642581507-3000048300-1001\...\Run: [Spotify] => C:\Users\SMC\AppData\Roaming\Spotify\Spotify.exe [6162488 2014-07-05] (Spotify Ltd)
HKU\S-1-5-21-4258935142-1642581507-3000048300-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-4258935142-1642581507-3000048300-1001\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\Overwolf.exe -silent
HKU\S-1-5-21-4258935142-1642581507-3000048300-1001\...\Run: [Spotify Web Helper] => C:\Users\SMC\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1178168 2014-07-05] (Spotify Ltd)
HKU\S-1-5-21-4258935142-1642581507-3000048300-1001\...\Run: [MKLOL] => C:\Program Files (x86)\MKJogo\MKLOL\MK.exe [1227976 2014-06-06] (MK)
HKU\S-1-5-21-4258935142-1642581507-3000048300-1001\...\MountPoints2: {a94fb9da-3d25-11e3-bed4-d43d7e948b8d} - "G:\Startme.exe" 

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = hxxp://www.yahoo.com/?yhs=10005&cid=&t=266639_2043_deu_0_0_0_1_
HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = hxxp://www.yahoo.com/?yhs=10005&cid=&t=266639_2043_deu_0_0_0_1_
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.com/?yhs=10005&cid=&t=266639_2043_deu_0_0_0_1_
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xA6A9F0C9DE8CCF01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = hxxp://www.yahoo.com/?yhs=10005&cid=&t=266639_2043_deu_0_0_0_1_
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yahoo.com/?yhs=10005&cid=&t=266639_2043_deu_0_0_0_1_
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.com/?yhs=10005&cid=&t=266639_2043_deu_0_0_0_1_
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = hxxp://www.yahoo.com/?yhs=10005&cid=&t=266639_2043_deu_0_0_0_1_
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=newnet&hsimp=yhs-looksafe&cid=&t=266639_2043_deu_0_0_0_1_&p={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=newnet&hsimp=yhs-looksafe&cid=&t=266639_2043_deu_0_0_0_1_&p={searchTerms}
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{06733ADE-BD3B-4581-BF2F-CFBABB54BC09}: [NameServer]208.69.150.252,208.69.150.250
Tcpip\..\Interfaces\{C02CAB3E-C922-4371-A1DD-E72CF76EF979}: [NameServer]208.69.150.252,208.69.150.250

FireFox:
========
FF ProfilePath: C:\Users\SMC\AppData\Roaming\Mozilla\Firefox\Profiles\1cc3vjnf.default
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Extension: NoScript - C:\Users\SMC\AppData\Roaming\Mozilla\Firefox\Profiles\1cc3vjnf.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-04-20]
FF Extension: Adblock Plus - C:\Users\SMC\AppData\Roaming\Mozilla\Firefox\Profiles\1cc3vjnf.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-08]
FF HKLM\...\Firefox\Extensions: [{1F30D846-4BEF-4246-B19E-7E503B0E6639}] - C:\Program Files\FBFlicker\Firefox
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: 卡巴斯基網址顧問 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-02-28]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: 虛擬鍵盤 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-02-28]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: 惡意網站攔截器 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-02-28]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-02-28]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-02-28]
FF HKLM-x32\...\Firefox\Extensions: [{1F30D846-4BEF-4246-B19E-7E503B0E6639}] - C:\Program Files\FBFlicker\Firefox

Chrome: 
=======
CHR Extension: (ProxFlow) - C:\Users\SMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2014-05-18]
CHR Extension: (Google Docs) - C:\Users\SMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-12]
CHR Extension: (Google Drive) - C:\Users\SMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-12]
CHR Extension: (Kaspersky Protection) - C:\Users\SMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa [2014-03-28]
CHR Extension: (YouTube) - C:\Users\SMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-12]
CHR Extension: (Adblock Plus) - C:\Users\SMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-03-12]
CHR Extension: (Google-Suche) - C:\Users\SMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-12]
CHR Extension: (Modul zur Link-Untersuchung) - C:\Users\SMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2014-03-12]
CHR Extension: (Sicherer Zahlungsverkehr) - C:\Users\SMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2014-03-12]
CHR Extension: (Modul zum Sperren von gefährlichen Webseiten) - C:\Users\SMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2014-03-12]
CHR Extension: (Virtual Keyboard) - C:\Users\SMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2014-03-12]
CHR Extension: (Google Wallet) - C:\Users\SMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-12]
CHR Extension: (Google Mail) - C:\Users\SMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-12]
CHR Extension: (Anti-Banner) - C:\Users\SMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2014-03-12]
CHR HKLM\...\Chrome\Extension: [kdmpheneajogfnlbplgmdbempjibfbok] - C:\Program Files\FBFlicker\source.crx [2014-03-12]
CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa [2014-03-12]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [kdmpheneajogfnlbplgmdbempjibfbok] - C:\Program Files\FBFlicker\source.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2013-10-17]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO)
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [209712 2014-02-21] ()
S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2014-06-04] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [215040 2013-09-24] (Advanced Micro Devices)
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [22216 2014-02-03] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [22728 2014-02-03] ()
R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [23936 2014-02-03] ()
R3 ISCT; C:\Windows\System32\drivers\ISCTD.sys [44744 2014-02-03] ()
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-02-28] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29792 2014-02-28] (Kaspersky Lab)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-03-25] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625760 2014-03-25] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2013-10-17] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [29280 2014-02-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [65120 2014-03-25] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [178272 2014-02-28] (Kaspersky Lab ZAO)
R3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [66800 2013-01-17] (Logitech Inc.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
R1 PStrip64; C:\Windows\System32\drivers\pstrip64.sys [13008 2006-09-30] ()
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [89088 2012-07-26] (Microsoft Corporation)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-01 15:39 - 2014-08-01 15:39 - 00020396 _____ () C:\Users\SMC\Desktop\FRST.txt
2014-08-01 02:56 - 2014-08-01 02:56 - 00000000 _____ () C:\Windows\WindowsUpdate.log
2014-08-01 02:23 - 2014-08-01 02:23 - 00027575 _____ () C:\Users\SMC\Downloads\Addition.txt
2014-08-01 02:22 - 2014-08-01 15:39 - 00000000 ____D () C:\FRST
2014-08-01 02:22 - 2014-08-01 02:23 - 00047895 _____ () C:\Users\SMC\Downloads\FRST.txt
2014-08-01 02:22 - 2014-08-01 02:22 - 02094080 _____ (Farbar) C:\Users\SMC\Desktop\FRST64.exe
2014-08-01 02:08 - 2014-08-01 02:10 - 00000282 _____ () C:\Windows\setupact.log
2014-08-01 02:08 - 2014-08-01 02:08 - 00014934 _____ () C:\Windows\PFRO.log
2014-08-01 02:08 - 2014-08-01 02:08 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-01 02:00 - 2014-08-01 02:11 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-01 02:00 - 2014-08-01 02:00 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-01 02:00 - 2014-08-01 02:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-01 02:00 - 2014-08-01 02:00 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-01 02:00 - 2014-08-01 02:00 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-08-01 02:00 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-01 02:00 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-01 02:00 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-01 01:59 - 2014-08-01 01:59 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\SMC\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-31 17:04 - 2014-07-31 17:04 - 00002768 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-07-31 17:04 - 2014-07-31 17:04 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-07-31 17:03 - 2014-07-31 17:04 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-31 17:03 - 2014-07-31 17:03 - 03738080 _____ (Piriform Ltd) C:\Users\SMC\Downloads\ccsetup416_slim.exe
2014-07-27 11:12 - 2014-07-27 11:12 - 00281248 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-24 14:40 - 2014-07-24 14:40 - 00000000 ____D () C:\Users\SMC\AppData\Roaming\mp3DirectCut
2014-07-24 14:39 - 2014-07-24 14:39 - 00308709 _____ () C:\Users\SMC\Downloads\mp3dc220 (1).exe
2014-07-24 14:39 - 2014-07-24 14:39 - 00001059 _____ () C:\Users\SMC\Desktop\mp3DirectCut.lnk
2014-07-24 14:39 - 2014-07-24 14:39 - 00000000 ____D () C:\Program Files (x86)\mp3DirectCut
2014-07-24 14:32 - 2014-07-24 14:32 - 00308709 _____ () C:\Users\SMC\Downloads\mp3DC220.exe
2014-07-22 15:12 - 2014-07-22 15:12 - 04179293 _____ (Lavalys, Inc. ) C:\Users\SMC\Downloads\everesthome220.exe
2014-07-21 18:33 - 2014-07-21 18:33 - 00004623 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-21 18:33 - 2014-07-21 18:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-20 18:35 - 2014-07-20 18:35 - 09318466 _____ () C:\Users\SMC\Downloads\IEM9_Shenzhen_Replaypack.zip
2014-07-16 12:32 - 2014-07-16 12:32 - 00000000 ____D () C:\ProgramData\Riot Games
2014-07-15 21:03 - 2014-07-15 21:03 - 00000211 _____ () C:\Users\SMC\Desktop\Call of Duty Modern Warfare 2 - Multiplayer.url
2014-07-15 21:03 - 2014-07-15 21:03 - 00000000 ____D () C:\Users\SMC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-07-10 14:27 - 2014-07-10 14:27 - 00000210 _____ () C:\Users\SMC\Documents\Enzo.txt
2014-07-10 14:26 - 2014-07-10 14:26 - 00000012 _____ () C:\Users\SMC\Documents\Metin2 Items.txt
2014-07-09 15:15 - 2013-12-25 04:22 - 00000000 ____D () C:\Users\SMC\Desktop\Hardcore-RELOADED
2014-07-09 15:03 - 2014-07-09 15:13 - 1330512925 _____ () C:\Users\SMC\Downloads\Hardcore-RELOADED_24_01.rar
2014-07-09 13:22 - 2014-07-09 13:22 - 00000566 _____ () C:\Users\Public\Desktop\Sirius MT2.lnk
2014-07-09 13:22 - 2014-07-09 13:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sirius MT2
2014-07-09 13:11 - 2014-07-09 13:11 - 00629760 _____ (SiriusMT2) C:\Users\SMC\Downloads\sirius.20.13.rev.win8.installer (1).exe
2014-07-09 13:10 - 2014-07-09 13:18 - 1543192939 _____ (Sirius MT2 ) C:\Users\SMC\Documents\sirius.20.13.rev.win8.client.exe
2014-07-09 13:10 - 2014-07-09 13:10 - 00629760 _____ (SiriusMT2) C:\Users\SMC\Downloads\sirius.20.13.rev.win8.installer.exe
2014-07-09 13:10 - 2014-06-19 04:12 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-09 13:10 - 2014-06-19 04:12 - 01366528 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-09 13:10 - 2014-06-19 04:12 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-07-09 13:10 - 2014-06-19 04:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-07-09 13:10 - 2014-06-19 04:12 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-09 13:10 - 2014-06-19 04:11 - 19277312 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-09 13:10 - 2014-06-19 04:11 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-09 13:10 - 2014-06-19 04:11 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-09 13:10 - 2014-06-19 04:10 - 15369728 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-09 13:10 - 2014-06-19 04:10 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-09 13:10 - 2014-06-19 04:10 - 02650624 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-09 13:10 - 2014-06-19 04:10 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-07-09 13:10 - 2014-06-19 04:10 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-09 13:10 - 2014-06-19 04:10 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-09 13:10 - 2014-06-19 04:10 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-09 13:10 - 2014-06-19 04:10 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-09 13:10 - 2014-06-19 04:10 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-07-09 13:10 - 2014-06-19 04:10 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-09 13:10 - 2014-06-19 04:10 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-09 13:10 - 2014-06-19 04:10 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-09 13:10 - 2014-06-19 04:09 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-09 13:10 - 2014-06-19 02:53 - 14368768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-09 13:10 - 2014-06-19 02:53 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-09 13:10 - 2014-06-19 02:53 - 01141760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-09 13:10 - 2014-06-19 02:53 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-09 13:10 - 2014-06-19 02:53 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-09 13:10 - 2014-06-19 02:53 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-09 13:10 - 2014-06-19 02:53 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-07-09 13:10 - 2014-06-19 02:52 - 13732352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-09 13:10 - 2014-06-19 02:52 - 02863616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-09 13:10 - 2014-06-19 02:52 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-09 13:10 - 2014-06-19 02:52 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-09 13:10 - 2014-06-19 02:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-07-09 13:10 - 2014-06-19 02:52 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-09 13:10 - 2014-06-19 02:52 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-09 13:10 - 2014-06-19 02:52 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-09 13:10 - 2014-06-19 02:52 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-07-09 13:10 - 2014-06-19 02:52 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-09 13:10 - 2014-06-19 02:52 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-09 13:10 - 2014-06-19 02:52 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-09 13:10 - 2014-06-19 02:33 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-09 13:10 - 2014-06-19 02:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-09 13:10 - 2014-06-19 00:05 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-07-09 13:10 - 2014-06-18 01:27 - 01440256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-09 13:10 - 2014-06-18 01:24 - 01557504 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-09 13:10 - 2014-06-11 06:18 - 04038144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-09 13:10 - 2014-06-06 16:06 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-09 13:10 - 2014-06-06 12:17 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-09 13:10 - 2014-06-03 00:33 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2014-07-09 13:10 - 2014-05-30 01:31 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2014-07-09 13:10 - 2014-05-30 01:03 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2014-07-09 13:10 - 2014-05-30 01:02 - 01281536 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-09 13:10 - 2014-05-30 01:02 - 00439808 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll
2014-07-09 13:10 - 2014-05-30 00:24 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-09 13:10 - 2014-05-03 08:34 - 06974808 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-07-09 13:10 - 2014-05-03 08:33 - 01824808 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-07-09 13:10 - 2014-05-03 06:51 - 01408976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-07-09 13:10 - 2014-05-02 00:37 - 01023488 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-07-09 13:10 - 2014-04-30 00:32 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\Robocopy.exe
2014-07-09 13:10 - 2014-04-30 00:32 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Robocopy.exe
2014-07-09 13:10 - 2014-04-24 01:51 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-07-09 13:10 - 2014-04-24 01:51 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-09 13:10 - 2014-04-24 01:38 - 00693760 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-07-09 13:10 - 2014-04-24 01:38 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-09 13:10 - 2014-02-08 06:34 - 00071168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys
2014-07-08 20:26 - 2013-09-09 19:20 - 00009216 _____ () C:\Users\SMC\Desktop\Debugger.exe
2014-07-08 20:18 - 2014-07-08 20:31 - 00000000 ____D () C:\Users\SMC\Desktop\Pandora2 Client
2014-07-08 19:58 - 2014-07-08 20:18 - 1015610130 _____ () C:\Users\SMC\Downloads\Pandora2.p23 (1).rar
2014-07-08 14:21 - 2014-07-08 14:21 - 00000000 ____D () C:\Users\SMC\Desktop\Dark-Mt2 2012
2014-07-08 14:20 - 2014-07-08 14:20 - 02029048 _____ () C:\Users\SMC\Downloads\winrar-x64-510d.exe
2014-07-08 14:20 - 2014-07-08 14:20 - 00000000 ____D () C:\Users\SMC\AppData\Roaming\WinRAR
2014-07-08 14:20 - 2014-07-08 14:20 - 00000000 ____D () C:\Users\SMC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-07-08 14:20 - 2014-07-08 14:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-07-08 14:20 - 2014-07-08 14:20 - 00000000 ____D () C:\Program Files\WinRAR
2014-07-08 14:14 - 2014-07-08 14:19 - 1011932113 _____ () C:\Users\SMC\Downloads\Dark-Mt2 2012.rar
2014-07-08 14:01 - 2014-07-08 14:01 - 00690176 _____ () C:\Users\SMC\Downloads\protection.dll
2014-07-05 09:48 - 2014-07-05 09:48 - 00001605 _____ () C:\Users\Public\Desktop\Play League of Legends.lnk
2014-07-05 09:48 - 2014-07-05 09:48 - 00000000 ____D () C:\Riot Gaymes
2014-07-05 09:48 - 2014-07-05 09:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2014-07-05 09:45 - 2014-07-05 09:45 - 34888568 _____ (Riot Games) C:\Users\SMC\Downloads\LeagueofLegends_EUW_Installer_06_12_13(3).exe
2014-07-04 12:21 - 2014-07-04 12:21 - 00000881 _____ () C:\Users\Public\Desktop\Metin2.lnk
2014-07-04 12:21 - 2014-07-04 12:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Metin2
2014-07-03 22:34 - 2014-07-31 14:21 - 00000000 ____D () C:\Users\SMC\Downloads\Gameforge Live
2014-07-03 22:34 - 2014-07-03 22:34 - 00000792 _____ () C:\Users\Public\Desktop\Gameforge Live.lnk
2014-07-03 22:34 - 2014-07-03 22:34 - 00000000 ____D () C:\Users\SMC\AppData\Local\Gameforge4d
2014-07-03 22:34 - 2014-07-03 22:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge Live
2014-07-03 22:33 - 2014-07-03 22:33 - 20166856 _____ (Gameforge ) C:\Users\SMC\Downloads\Metin2_GameforgeLiveSetup.exe
2014-07-03 17:18 - 2014-07-03 17:18 - 28127688 _____ (Riot Games) C:\Users\SMC\Downloads\LeagueofLegends_KR_Installer_08_27_13_2.exe
2014-07-03 17:14 - 2014-07-03 17:14 - 00005891 _____ () C:\Users\SMC\Downloads\LOL_OPGG_Observer_1363852550.bat
2014-07-02 22:19 - 2014-07-02 22:19 - 00000000 ____D () C:\Program Files (x86)\Screenshots
2014-07-02 20:25 - 2014-07-02 20:25 - 01346754 _____ () C:\Users\SMC\Downloads\ModernRcon_v08_Installer.exe
2014-07-02 20:25 - 2014-07-02 20:25 - 01346754 _____ () C:\Users\SMC\Downloads\ModernRcon_v08_Installer (1).exe
2014-07-02 20:25 - 2014-07-02 20:25 - 00001946 _____ () C:\Users\Administrator\Desktop\ModernRcon v0.8.lnk
2014-07-02 20:25 - 2014-07-02 20:25 - 00000000 ____D () C:\Users\SMC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ModernRcon
2014-07-02 20:25 - 2014-07-02 20:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ModernRcon
2014-07-02 20:25 - 2014-07-02 20:25 - 00000000 ____D () C:\Program Files (x86)\ModernRcon
2014-07-02 12:33 - 2014-07-02 12:33 - 00067071 _____ () C:\Users\SMC\Downloads\switchbot.zip
2014-07-02 11:57 - 2014-07-02 11:57 - 01368745 _____ () C:\Users\SMC\Downloads\Client4 (1).exe
2014-07-02 11:56 - 2014-07-02 11:57 - 01058200 _____ (Adobe) C:\Users\SMC\Downloads\install_flashplayer14x32au_mssd_aaa_aih(3).exe
2014-07-02 11:55 - 2014-07-02 11:56 - 01058200 _____ (Adobe) C:\Users\SMC\Downloads\install_flashplayer14x32au_mssd_aaa_aih(2).exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-01 15:39 - 2014-08-01 15:39 - 00020396 _____ () C:\Users\SMC\Desktop\FRST.txt
2014-08-01 15:39 - 2014-08-01 02:22 - 00000000 ____D () C:\FRST
2014-08-01 15:05 - 2014-03-02 03:24 - 00000000 ____D () C:\Users\SMC\AppData\Roaming\Skype
2014-08-01 15:00 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru
2014-08-01 14:44 - 2014-03-28 16:21 - 00001114 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-01 14:34 - 2014-03-05 18:36 - 00000000 ____D () C:\Users\SMC\AppData\Local\PMB Files
2014-08-01 14:17 - 2014-03-02 02:08 - 00000000 ____D () C:\Users\SMC\AppData\Roaming\Spotify
2014-08-01 14:00 - 2014-02-28 17:20 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-08-01 13:52 - 2014-03-02 02:10 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4258935142-1642581507-3000048300-1001
2014-08-01 13:41 - 2014-03-28 16:21 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-01 02:56 - 2014-08-01 02:56 - 00000000 _____ () C:\Windows\WindowsUpdate.log
2014-08-01 02:25 - 2014-03-15 01:11 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-08-01 02:24 - 2014-05-27 14:45 - 00000000 ____D () C:\Users\SMC\AppData\Local\PokerStars.EU
2014-08-01 02:24 - 2014-05-27 14:45 - 00000000 ____D () C:\Program Files (x86)\PokerStars.EU
2014-08-01 02:23 - 2014-08-01 02:23 - 00027575 _____ () C:\Users\SMC\Downloads\Addition.txt
2014-08-01 02:23 - 2014-08-01 02:22 - 00047895 _____ () C:\Users\SMC\Downloads\FRST.txt
2014-08-01 02:22 - 2014-08-01 02:22 - 02094080 _____ (Farbar) C:\Users\SMC\Desktop\FRST64.exe
2014-08-01 02:16 - 2012-07-26 12:27 - 00751892 _____ () C:\Windows\system32\perfh007.dat
2014-08-01 02:16 - 2012-07-26 12:27 - 00155620 _____ () C:\Windows\system32\perfc007.dat
2014-08-01 02:16 - 2012-07-26 09:28 - 01745416 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-01 02:11 - 2014-08-01 02:00 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-01 02:10 - 2014-08-01 02:08 - 00000282 _____ () C:\Windows\setupact.log
2014-08-01 02:10 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-01 02:08 - 2014-08-01 02:08 - 00014934 _____ () C:\Windows\PFRO.log
2014-08-01 02:08 - 2014-08-01 02:08 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-01 02:00 - 2014-08-01 02:00 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-01 02:00 - 2014-08-01 02:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-01 02:00 - 2014-08-01 02:00 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-01 02:00 - 2014-08-01 02:00 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-08-01 01:59 - 2014-08-01 01:59 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\SMC\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-31 23:59 - 2014-03-25 22:23 - 00103736 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-07-31 20:47 - 2014-03-07 17:09 - 00000000 ____D () C:\Users\SMC\AppData\Roaming\TS3Client
2014-07-31 18:01 - 2014-03-05 18:36 - 00000000 ____D () C:\ProgramData\PMB Files
2014-07-31 17:05 - 2014-03-06 21:27 - 00000000 ____D () C:\Windows\Minidump
2014-07-31 17:05 - 2014-02-28 16:43 - 00000000 ____D () C:\Windows\Panther
2014-07-31 17:04 - 2014-07-31 17:04 - 00002768 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-07-31 17:04 - 2014-07-31 17:04 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-07-31 17:04 - 2014-07-31 17:03 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-31 17:03 - 2014-07-31 17:03 - 03738080 _____ (Piriform Ltd) C:\Users\SMC\Downloads\ccsetup416_slim.exe
2014-07-31 14:21 - 2014-07-03 22:34 - 00000000 ____D () C:\Users\SMC\Downloads\Gameforge Live
2014-07-31 03:52 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-30 13:10 - 2014-03-29 19:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-30 09:54 - 2013-04-10 13:23 - 00000000 ____D () C:\Users\SMC\Documents\StarCraft II
2014-07-30 09:35 - 2014-03-02 02:09 - 00000000 ____D () C:\Users\SMC\AppData\Local\Spotify
2014-07-27 11:12 - 2014-07-27 11:12 - 00281248 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-26 18:25 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-07-24 14:40 - 2014-07-24 14:40 - 00000000 ____D () C:\Users\SMC\AppData\Roaming\mp3DirectCut
2014-07-24 14:39 - 2014-07-24 14:39 - 00308709 _____ () C:\Users\SMC\Downloads\mp3dc220 (1).exe
2014-07-24 14:39 - 2014-07-24 14:39 - 00001059 _____ () C:\Users\SMC\Desktop\mp3DirectCut.lnk
2014-07-24 14:39 - 2014-07-24 14:39 - 00000000 ____D () C:\Program Files (x86)\mp3DirectCut
2014-07-24 14:32 - 2014-07-24 14:32 - 00308709 _____ () C:\Users\SMC\Downloads\mp3DC220.exe
2014-07-22 15:12 - 2014-07-22 15:12 - 04179293 _____ (Lavalys, Inc. ) C:\Users\SMC\Downloads\everesthome220.exe
2014-07-21 18:33 - 2014-07-21 18:33 - 00004623 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-21 18:33 - 2014-07-21 18:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-21 18:33 - 2014-04-21 21:02 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-21 18:33 - 2014-03-08 00:17 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-20 18:35 - 2014-07-20 18:35 - 09318466 _____ () C:\Users\SMC\Downloads\IEM9_Shenzhen_Replaypack.zip
2014-07-18 21:16 - 2014-04-13 15:39 - 00000000 ____D () C:\Users\SMC\Steam
2014-07-16 12:32 - 2014-07-16 12:32 - 00000000 ____D () C:\ProgramData\Riot Games
2014-07-15 21:03 - 2014-07-15 21:03 - 00000211 _____ () C:\Users\SMC\Desktop\Call of Duty Modern Warfare 2 - Multiplayer.url
2014-07-15 21:03 - 2014-07-15 21:03 - 00000000 ____D () C:\Users\SMC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-07-15 01:03 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\rescache
2014-07-12 07:50 - 2012-07-26 12:29 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-12 07:50 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-12 07:50 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-12 07:50 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\WinStore
2014-07-11 03:02 - 2014-03-08 00:17 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-11 02:56 - 2014-03-08 00:17 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-11 02:56 - 2014-03-08 00:17 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-11 02:55 - 2014-03-08 00:17 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-10 14:27 - 2014-07-10 14:27 - 00000210 _____ () C:\Users\SMC\Documents\Enzo.txt
2014-07-10 14:26 - 2014-07-10 14:26 - 00000012 _____ () C:\Users\SMC\Documents\Metin2 Items.txt
2014-07-10 13:18 - 2012-07-26 09:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-07-10 13:17 - 2014-03-03 17:40 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-10 13:17 - 2014-03-03 17:40 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-10 13:17 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-07-09 15:13 - 2014-07-09 15:03 - 1330512925 _____ () C:\Users\SMC\Downloads\Hardcore-RELOADED_24_01.rar
2014-07-09 13:22 - 2014-07-09 13:22 - 00000566 _____ () C:\Users\Public\Desktop\Sirius MT2.lnk
2014-07-09 13:22 - 2014-07-09 13:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sirius MT2
2014-07-09 13:18 - 2014-07-09 13:10 - 1543192939 _____ (Sirius MT2 ) C:\Users\SMC\Documents\sirius.20.13.rev.win8.client.exe
2014-07-09 13:11 - 2014-07-09 13:11 - 00629760 _____ (SiriusMT2) C:\Users\SMC\Downloads\sirius.20.13.rev.win8.installer (1).exe
2014-07-09 13:10 - 2014-07-09 13:10 - 00629760 _____ (SiriusMT2) C:\Users\SMC\Downloads\sirius.20.13.rev.win8.installer.exe
2014-07-08 20:31 - 2014-07-08 20:18 - 00000000 ____D () C:\Users\SMC\Desktop\Pandora2 Client
2014-07-08 20:18 - 2014-07-08 19:58 - 1015610130 _____ () C:\Users\SMC\Downloads\Pandora2.p23 (1).rar
2014-07-08 14:21 - 2014-07-08 14:21 - 00000000 ____D () C:\Users\SMC\Desktop\Dark-Mt2 2012
2014-07-08 14:20 - 2014-07-08 14:20 - 02029048 _____ () C:\Users\SMC\Downloads\winrar-x64-510d.exe
2014-07-08 14:20 - 2014-07-08 14:20 - 00000000 ____D () C:\Users\SMC\AppData\Roaming\WinRAR
2014-07-08 14:20 - 2014-07-08 14:20 - 00000000 ____D () C:\Users\SMC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-07-08 14:20 - 2014-07-08 14:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-07-08 14:20 - 2014-07-08 14:20 - 00000000 ____D () C:\Program Files\WinRAR
2014-07-08 14:19 - 2014-07-08 14:14 - 1011932113 _____ () C:\Users\SMC\Downloads\Dark-Mt2 2012.rar
2014-07-08 14:01 - 2014-07-08 14:01 - 00690176 _____ () C:\Users\SMC\Downloads\protection.dll
2014-07-07 21:35 - 2014-03-05 15:18 - 00000000 ____D () C:\Program Files (x86)\OBS
2014-07-07 01:46 - 2014-06-21 09:57 - 00000000 ____D () C:\Users\SMC\AppData\Roaming\Apple Computer
2014-07-05 09:48 - 2014-07-05 09:48 - 00001605 _____ () C:\Users\Public\Desktop\Play League of Legends.lnk
2014-07-05 09:48 - 2014-07-05 09:48 - 00000000 ____D () C:\Riot Gaymes
2014-07-05 09:48 - 2014-07-05 09:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2014-07-05 09:48 - 2014-03-05 18:39 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin
2014-07-05 09:45 - 2014-07-05 09:45 - 34888568 _____ (Riot Games) C:\Users\SMC\Downloads\LeagueofLegends_EUW_Installer_06_12_13(3).exe
2014-07-04 12:21 - 2014-07-04 12:21 - 00000881 _____ () C:\Users\Public\Desktop\Metin2.lnk
2014-07-04 12:21 - 2014-07-04 12:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Metin2
2014-07-03 22:34 - 2014-07-03 22:34 - 00000792 _____ () C:\Users\Public\Desktop\Gameforge Live.lnk
2014-07-03 22:34 - 2014-07-03 22:34 - 00000000 ____D () C:\Users\SMC\AppData\Local\Gameforge4d
2014-07-03 22:34 - 2014-07-03 22:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge Live
2014-07-03 22:33 - 2014-07-03 22:33 - 20166856 _____ (Gameforge ) C:\Users\SMC\Downloads\Metin2_GameforgeLiveSetup.exe
2014-07-03 21:40 - 2013-04-30 16:24 - 00000000 ____D () C:\Users\SMC\Desktop\Alles
2014-07-03 17:19 - 2013-05-31 04:16 - 00000000 ____D () C:\Riot Games
2014-07-03 17:18 - 2014-07-03 17:18 - 28127688 _____ (Riot Games) C:\Users\SMC\Downloads\LeagueofLegends_KR_Installer_08_27_13_2.exe
2014-07-03 17:14 - 2014-07-03 17:14 - 00005891 _____ () C:\Users\SMC\Downloads\LOL_OPGG_Observer_1363852550.bat
2014-07-02 22:19 - 2014-07-02 22:19 - 00000000 ____D () C:\Program Files (x86)\Screenshots
2014-07-02 20:25 - 2014-07-02 20:25 - 01346754 _____ () C:\Users\SMC\Downloads\ModernRcon_v08_Installer.exe
2014-07-02 20:25 - 2014-07-02 20:25 - 01346754 _____ () C:\Users\SMC\Downloads\ModernRcon_v08_Installer (1).exe
2014-07-02 20:25 - 2014-07-02 20:25 - 00001946 _____ () C:\Users\Administrator\Desktop\ModernRcon v0.8.lnk
2014-07-02 20:25 - 2014-07-02 20:25 - 00000000 ____D () C:\Users\SMC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ModernRcon
2014-07-02 20:25 - 2014-07-02 20:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ModernRcon
2014-07-02 20:25 - 2014-07-02 20:25 - 00000000 ____D () C:\Program Files (x86)\ModernRcon
2014-07-02 12:33 - 2014-07-02 12:33 - 00067071 _____ () C:\Users\SMC\Downloads\switchbot.zip
2014-07-02 11:57 - 2014-07-02 11:57 - 01368745 _____ () C:\Users\SMC\Downloads\Client4 (1).exe
2014-07-02 11:57 - 2014-07-02 11:56 - 01058200 _____ (Adobe) C:\Users\SMC\Downloads\install_flashplayer14x32au_mssd_aaa_aih(3).exe
2014-07-02 11:56 - 2014-07-02 11:55 - 01058200 _____ (Adobe) C:\Users\SMC\Downloads\install_flashplayer14x32au_mssd_aaa_aih(2).exe

Some content of TEMP:
====================
C:\Users\SMC\AppData\Local\Temp\_unps.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-28 15:17

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---


und hier die Addition.txt

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-07-2014 02
Ran by SMC at 2014-08-01 15:44:42
Running from C:\Users\SMC\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
AMD Accelerated Video Transcoding (Version: 13.20.100.31206 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2013.1206.1603.28764 - Ihr Firmenname) Hidden
AMD Catalyst Install Manager (HKLM\...\{308051DA-0048-7A07-FE8B-9B6EC119A9E8}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Wireless Display v3.0 (Version: 1.0.0.14 - Advanced Micro Devices, Inc.) Hidden
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Call of Duty(R) 4 - Modern Warfare(TM) (HKLM-x32\...\InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}) (Version: 1.7 - Activision)
Call of Duty(R) 4 - Modern Warfare(TM) (x32 Version: 1.00.0000 - Activision) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch (x32 Version:  - ) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch (x32 Version: 1.6 - Activision) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch (x32 Version:  - ) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch (x32 Version: 1.7 - Activision) Hidden
Call of Duty: Black Ops - Multiplayer (HKLM-x32\...\Steam App 42710) (Version:  - Treyarch)
Call of Duty: Black Ops (HKLM-x32\...\Steam App 42700) (Version:  - Treyarch)
Call of Duty: Black Ops II - Multiplayer (HKLM-x32\...\Steam App 202990) (Version:  - )
Call of Duty: Modern Warfare 2 - Multiplayer (HKLM-x32\...\Steam App 10190) (Version:  - Infinity Ward)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Gameforge Live 2.0.4 (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.4 - Gameforge)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Intel(R) Smart Connect Technology (HKLM\...\{9A37ADB3-3D8D-4EDF-8F6D-B8A66F18087B}) (Version: 5.0.10.2793 - Intel Corporation)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.650 - Oracle)
Java Auto Updater (x32 Version: 2.1.65.20 - Oracle, Inc.) Hidden
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Logitech Gaming Software (Version: 8.45.88 - Logitech Inc.) Hidden
Logitech Gaming Software 8.45 (HKLM\...\Logitech Gaming Software) (Version: 8.45.88 - Logitech Inc.)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Metin2 (HKLM-x32\...\Metin2_is1) (Version:  - Gameforge 4D GmbH)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
MKLOL (HKCU\...\MKLOL) (Version:  - )
ModernRcon v0.8 (HKLM-x32\...\ModernRcon v0.8) (Version:  - )
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
NARUTO SHIPPUDEN: Ultimate Ninja STORM 3 Full Burst (HKLM-x32\...\Steam App 234670) (Version:  - CyberConnect 2)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
PokerStars.eu (HKLM-x32\...\PokerStars.eu) (Version:  - PokerStars.eu)
PowerStrip 3 (remove only) (HKLM-x32\...\PowerStrip 3 (remove only)) (Version:  - )
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Spotify (HKCU\...\Spotify) (Version: 0.9.11.27.g2b1a638c - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.13 - TeamSpeak Systems GmbH)
The Elder Scrolls Online (HKLM-x32\...\The Elder Scrolls Online) (Version: 1.0.0.0 - Zenimax Online Studios)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WinRAR 5.10 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

01-08-2014 00:55:14 Geplanter Prüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {252AA413-5CC8-4601-B015-0467E52DE5ED} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)
Task: {3DA5B74C-69B8-4C99-B829-563C91686650} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2014-01-31] (Microsoft Corporation)
Task: {55BC207A-CAD9-40D3-873B-421211B5598F} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-07-10] (Microsoft Corporation)
Task: {5B4E08BC-17E9-4339-B7F2-FCCA21A732FB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-28] (Google Inc.)
Task: {65B0F6F9-5294-42AA-B5AB-918624A2A7BA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-28] (Google Inc.)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {C2A1CA5E-0B5F-4DC9-B9F4-9BB8F44A4BBA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-02-21 10:47 - 2014-02-21 10:47 - 00209712 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
2014-02-21 10:47 - 2014-02-21 10:47 - 00057648 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll
2014-02-21 10:47 - 2014-02-21 10:47 - 00057648 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTEncryptionCheck.dll
2014-02-21 10:47 - 2014-02-21 10:47 - 00037168 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTNetMon.dll
2014-03-25 22:23 - 2014-06-04 21:04 - 00066872 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-03-02 02:09 - 2014-07-05 08:17 - 00601144 _____ () C:\Users\SMC\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
2013-06-12 18:11 - 2014-07-05 09:48 - 01294336 _____ () C:\Riot Gaymes\LeagueOfLegends\RADS\system\rads_user_kernel.exe
2014-07-05 09:48 - 2014-07-16 12:32 - 05430776 _____ () C:\Riot Gaymes\LeagueOfLegends\RADS\projects\lol_launcher\releases\0.0.0.213\deploy\LoLLauncher.exe
2014-07-05 09:55 - 2014-07-05 09:55 - 00074752 _____ () C:\Riot Gaymes\LeagueOfLegends\RADS\projects\lol_air_client\releases\0.0.1.101\deploy\LolClient.exe
2013-06-17 13:35 - 2013-06-17 13:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll
2013-05-08 15:52 - 2013-05-08 15:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll
2014-03-02 02:09 - 2014-07-05 08:17 - 36966968 _____ () C:\Users\SMC\AppData\Roaming\Spotify\Data\libcef.dll
2014-07-02 11:55 - 2014-07-05 08:17 - 00867896 _____ () C:\Users\SMC\AppData\Roaming\Spotify\Data\ffmpegsumo.dll
2014-03-02 02:09 - 2014-07-05 08:17 - 00886840 _____ () C:\Users\SMC\AppData\Roaming\Spotify\Data\libglesv2.dll
2014-03-02 02:09 - 2014-07-05 08:17 - 00108600 _____ () C:\Users\SMC\AppData\Roaming\Spotify\Data\libegl.dll
2014-07-30 10:41 - 2014-07-30 10:41 - 03800688 _____ () C:\Windows\Windows.old\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-07-09 15:15 - 2013-11-30 23:47 - 00349696 _____ () C:\Users\SMC\Desktop\Hardcore-RELOADED\bin\mss32.dll
2014-07-09 15:16 - 2013-12-25 02:57 - 00202240 _____ () C:\Users\SMC\Desktop\Hardcore-RELOADED\bin\SpeedTreeRT.dll
2014-07-09 15:15 - 2012-03-02 15:14 - 00125952 _____ () C:\Users\SMC\Desktop\Hardcore-RELOADED\bin\miles\mssmp3.asi
2014-07-09 15:15 - 2012-03-02 15:14 - 00197120 _____ () C:\Users\SMC\Desktop\Hardcore-RELOADED\bin\miles\mssvoice.asi
2014-07-09 15:15 - 2012-03-02 15:14 - 00083456 _____ () C:\Users\SMC\Desktop\Hardcore-RELOADED\bin\miles\mssa3d.m3d
2014-07-09 15:15 - 2012-03-02 15:14 - 00070656 _____ () C:\Users\SMC\Desktop\Hardcore-RELOADED\bin\miles\mssds3d.m3d
2014-07-09 15:15 - 2012-03-02 15:14 - 00080896 _____ () C:\Users\SMC\Desktop\Hardcore-RELOADED\bin\miles\mssdx7.m3d
2014-07-09 15:15 - 2012-03-02 15:14 - 00103424 _____ () C:\Users\SMC\Desktop\Hardcore-RELOADED\bin\miles\msseax.m3d
2014-07-09 15:15 - 2012-03-02 15:14 - 00354816 _____ () C:\Users\SMC\Desktop\Hardcore-RELOADED\bin\miles\mssrsx.m3d
2014-07-09 15:15 - 2012-03-02 15:14 - 00067072 _____ () C:\Users\SMC\Desktop\Hardcore-RELOADED\bin\miles\msssoft.m3d
2014-07-09 15:15 - 2012-03-02 15:14 - 00093696 _____ () C:\Users\SMC\Desktop\Hardcore-RELOADED\bin\miles\mssdsp.flt
2014-07-19 11:46 - 2014-07-15 11:24 - 00718664 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libglesv2.dll
2014-07-19 11:46 - 2014-07-15 11:24 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libegl.dll
2014-07-19 11:46 - 2014-07-15 11:24 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll
2014-07-19 11:46 - 2014-07-15 11:24 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
2014-07-19 11:46 - 2014-07-15 11:24 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll
2014-07-05 09:49 - 2014-07-16 12:32 - 01640440 _____ () C:\Riot Gaymes\LeagueOfLegends\RADS\projects\lol_launcher\releases\0.0.0.213\deploy\RiotLauncher.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/29/2014 01:29:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: metin2client.bin, Version: 1.0.34083.0, Zeitstempel: 0x52d874d1
Name des fehlerhaften Moduls: metin2client.bin, Version: 1.0.34083.0, Zeitstempel: 0x52d874d1
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0015b36a
ID des fehlerhaften Prozesses: 0x26a4
Startzeit der fehlerhaften Anwendung: 0xmetin2client.bin0
Pfad der fehlerhaften Anwendung: metin2client.bin1
Pfad des fehlerhaften Moduls: metin2client.bin2
Berichtskennung: metin2client.bin3
Vollständiger Name des fehlerhaften Pakets: metin2client.bin4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: metin2client.bin5

Error: (07/29/2014 01:29:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: metin2client.bin, Version: 1.0.34083.0, Zeitstempel: 0x52d874d1
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc00001a5
Fehleroffset: 0x690b3b1e
ID des fehlerhaften Prozesses: 0x26a4
Startzeit der fehlerhaften Anwendung: 0xmetin2client.bin0
Pfad der fehlerhaften Anwendung: metin2client.bin1
Pfad des fehlerhaften Moduls: metin2client.bin2
Berichtskennung: metin2client.bin3
Vollständiger Name des fehlerhaften Pakets: metin2client.bin4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: metin2client.bin5

Error: (07/29/2014 01:29:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: metin2client.bin, Version: 1.0.34083.0, Zeitstempel: 0x52d874d1
Name des fehlerhaften Moduls: metin2client.bin, Version: 1.0.34083.0, Zeitstempel: 0x52d874d1
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0015b36a
ID des fehlerhaften Prozesses: 0x26a4
Startzeit der fehlerhaften Anwendung: 0xmetin2client.bin0
Pfad der fehlerhaften Anwendung: metin2client.bin1
Pfad des fehlerhaften Moduls: metin2client.bin2
Berichtskennung: metin2client.bin3
Vollständiger Name des fehlerhaften Pakets: metin2client.bin4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: metin2client.bin5

Error: (07/28/2014 02:11:41 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm opera.exe, Version 20.0.1387.77 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1b68

Startzeit: 01cfaa5d0abd8b05

Endzeit: 1

Anwendungspfad: C:\Program Files (x86)\Opera\20.0.1387.77\opera.exe

Berichts-ID: 52b51d68-1650-11e4-be8c-d43d7e948b8d

Vollständiger Name des fehlerhaften Pakets: 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (07/28/2014 01:25:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm opera.exe, Version 20.0.1387.77 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 2368

Startzeit: 01cfaa56a5a8597b

Endzeit: 2

Anwendungspfad: C:\Program Files (x86)\Opera\20.0.1387.77\opera.exe

Berichts-ID: e75c118b-1649-11e4-be8c-d43d7e948b8d

Vollständiger Name des fehlerhaften Pakets: 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (07/26/2014 06:25:54 PM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description: ATI EEU maximum number of session has been surpassed

Error: (07/26/2014 06:25:54 PM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description: ATI EEU maximum number of session has been surpassed

Error: (07/26/2014 06:25:54 PM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description: ATI EEU maximum number of session has been surpassed

Error: (07/26/2014 06:25:53 PM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description: ATI EEU maximum number of session has been surpassed

Error: (07/26/2014 00:25:50 PM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description: ATI EEU maximum number of session has been surpassed


System errors:
=============
Error: (08/01/2014 02:10:49 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎01.‎08.‎2014 um 02:08:46 unerwartet heruntergefahren.

Error: (08/01/2014 02:10:44 AM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 29) (User: NT-AUTORITÄT)
Description: 32212256845801641824787408

Error: (07/31/2014 04:49:13 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (07/28/2014 11:28:05 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎27.‎07.‎2014 um 22:32:59 unerwartet heruntergefahren.

Error: (07/26/2014 03:38:05 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 10. Der Windows-SChannel-Fehlerstatus lautet: 10.

Error: (07/22/2014 03:13:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Lavalys EVEREST Kernel Driver" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%577

Error: (07/22/2014 03:13:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Lavalys EVEREST Kernel Driver" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%577

Error: (07/21/2014 10:04:41 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40. Der Windows-SChannel-Fehlerstatus lautet: 107.

Error: (07/21/2014 10:04:41 PM) (Source: Schannel) (EventID: 4106) (User: NT-AUTORITÄT)
Description: Eine SSL 3.0-Verbindungsanforderung wurde von einer Remoteclientanwendung übermittelt, jedoch werden keine der Verschlüsselungssammlungen, die von der Clientanwendung unterstützt werden, vom Server unterstützt. Fehler bei der SSL-Verbindungsanforderung.

Error: (07/18/2014 09:13:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053


Microsoft Office Sessions:
=========================
Error: (07/29/2014 01:29:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: metin2client.bin1.0.34083.052d874d1metin2client.bin1.0.34083.052d874d1c00000050015b36a26a401cfab20364de832C:\Users\SMC\Desktop\Hardcore-RELOADED\bin\metin2client.binC:\Users\SMC\Desktop\Hardcore-RELOADED\bin\metin2client.bin9969ee23-1713-11e4-be8c-d43d7e948b8d

Error: (07/29/2014 01:29:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: metin2client.bin1.0.34083.052d874d1unknown0.0.0.000000000c00001a5690b3b1e26a401cfab20364de832C:\Users\SMC\Desktop\Hardcore-RELOADED\bin\metin2client.binunknown987aaa59-1713-11e4-be8c-d43d7e948b8d

Error: (07/29/2014 01:29:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: metin2client.bin1.0.34083.052d874d1metin2client.bin1.0.34083.052d874d1c00000050015b36a26a401cfab20364de832C:\Users\SMC\Desktop\Hardcore-RELOADED\bin\metin2client.binC:\Users\SMC\Desktop\Hardcore-RELOADED\bin\metin2client.bin97a13c42-1713-11e4-be8c-d43d7e948b8d

Error: (07/28/2014 02:11:41 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: opera.exe20.0.1387.771b6801cfaa5d0abd8b051C:\Program Files (x86)\Opera\20.0.1387.77\opera.exe52b51d68-1650-11e4-be8c-d43d7e948b8d

Error: (07/28/2014 01:25:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: opera.exe20.0.1387.77236801cfaa56a5a8597b2C:\Program Files (x86)\Opera\20.0.1387.77\opera.exee75c118b-1649-11e4-be8c-d43d7e948b8d

Error: (07/26/2014 06:25:54 PM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description: 

Error: (07/26/2014 06:25:54 PM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description: 

Error: (07/26/2014 06:25:54 PM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description: 

Error: (07/26/2014 06:25:53 PM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description: 

Error: (07/26/2014 00:25:50 PM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description: 


CodeIntegrity Errors:
===================================
  Date: 2014-07-22 15:13:19.498
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\SMC\AppData\Local\Temp\EverestDriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-07-22 15:13:19.452
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64 because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info =========================== 

Percentage of memory in use: 51%
Total physical RAM: 8138.93 MB
Available physical RAM: 3942.35 MB
Total Pagefile: 9418.93 MB
Available Pagefile: 3378 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.54 GB) (Free:56.18 GB) NTFS
Drive d: (System-reserviert) (Fixed) (Total:0.34 GB) (Free:0.11 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: () (Fixed) (Total:931.17 GB) (Free:823.74 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: E26C42F5)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=233 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: E38E2228)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
MfG
__________________

Alt 01.08.2014, 20:52   #4
M-K-D-B
/// TB-Ausbilder
 
h**p://98uj8.de/s3brsn5ba66mgfzeinrum#ad 98uj8.de hat sich gestern mehrmals selbstständig geöffnet - Standard

h**p://98uj8.de/s3brsn5ba66mgfzeinrum#ad 98uj8.de hat sich gestern mehrmals selbstständig geöffnet



Servus,


seit wann (Datum, Uhrzeit) hast du das Problem genau?




Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Alt 01.08.2014, 21:28   #5
jrrrrr
 
h**p://98uj8.de/s3brsn5ba66mgfzeinrum#ad 98uj8.de hat sich gestern mehrmals selbstständig geöffnet - Standard

h**p://98uj8.de/s3brsn5ba66mgfzeinrum#ad 98uj8.de hat sich gestern mehrmals selbstständig geöffnet



Hey. Heute früh so zwischen 0-1:30 Uhr.



So hier ist die Logfile
Code:
ATTFilter
ComboFix 14-08-02.01 - SMC 01.08.2014  21:21:35.1.4 - x64
Microsoft Windows 8  6.2.9200.0.1252.49.1031.18.8139.4929 [GMT 2:00]
ausgeführt von:: c:\users\SMC\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security *Disabled* {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
SP: Kaspersky Internet Security *Disabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-07-01 bis 2014-08-01  ))))))))))))))))))))))))))))))
.
.
2014-08-01 00:22 . 2014-08-01 13:45	--------	d-----w-	C:\FRST
2014-08-01 00:00 . 2014-08-01 00:11	122584	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-08-01 00:00 . 2014-08-01 00:00	--------	d-----w-	c:\program files (x86)\ Malwarebytes Anti-Malware 
2014-08-01 00:00 . 2014-08-01 00:00	--------	d-----w-	c:\programdata\Malwarebytes
2014-08-01 00:00 . 2014-05-12 05:26	64216	----a-w-	c:\windows\system32\drivers\mwac.sys
2014-08-01 00:00 . 2014-05-12 05:26	91352	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2014-08-01 00:00 . 2014-05-12 05:25	25816	----a-w-	c:\windows\system32\drivers\mbam.sys
2014-07-31 15:03 . 2014-07-31 15:04	--------	d-----w-	c:\program files\CCleaner
2014-07-24 12:40 . 2014-07-24 12:40	--------	d-----w-	c:\users\SMC\AppData\Roaming\mp3DirectCut
2014-07-24 12:39 . 2014-07-24 12:39	--------	d-----w-	c:\program files (x86)\mp3DirectCut
2014-07-21 16:33 . 2014-07-21 16:33	--------	d-----w-	c:\program files (x86)\Common Files\Java
2014-07-16 10:32 . 2014-07-16 10:32	--------	d-----w-	c:\programdata\Riot Games
2014-07-08 12:20 . 2014-07-08 12:20	--------	d-----w-	c:\program files\WinRAR
2014-07-05 07:48 . 2014-07-05 07:48	--------	d-----w-	C:\Riot Gaymes
2014-07-03 20:34 . 2014-07-03 20:34	--------	d-----w-	c:\users\SMC\AppData\Local\Gameforge4d
2014-07-03 20:33 . 2014-07-03 20:33	--------	d-----w-	c:\users\SMC\AppData\Local\Programs
2014-07-02 20:19 . 2014-07-02 20:19	--------	d-----w-	c:\program files (x86)\Screenshots
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-01 17:47 . 2014-03-25 20:23	103736	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2014-07-11 01:02 . 2014-03-07 22:17	98216	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-07-10 11:17 . 2014-03-03 15:40	96441528	----a-w-	c:\windows\system32\MRT.exe
2014-06-27 15:28 . 2014-03-02 00:13	18960	----a-w-	c:\windows\system32\drivers\LNonPnP.sys
2014-06-26 20:53 . 2012-07-26 08:14	703968	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-06-26 20:53 . 2012-07-26 08:14	105440	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-06-04 19:04 . 2014-03-25 20:23	66872	----a-w-	c:\windows\SysWow64\PnkBstrA.exe
2014-05-29 05:32 . 2014-05-29 05:32	80384	----a-w-	c:\windows\system32\RazerCoinstaller.dll
2012-07-26 03:08	400384	--sha-w-	c:\windows\Windows.old\Program Files\Windows Mail\WinMail.exe
2012-07-26 03:21	395776	--sha-w-	c:\windows\Windows.old\Program Files (x86)\Windows Mail\WinMail.exe
2012-07-26 03:08	400384	--sha-w-	c:\windows\Windows.old\Windows\WinSxS\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.2.9200.16384_none_4a21d4ecd97968f2\WinMail.exe
2012-07-26 03:21	395776	--sha-w-	c:\windows\Windows.old\Windows\WinSxS\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.2.9200.16384_none_ee033969211bf7bc\WinMail.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify"="c:\users\SMC\AppData\Roaming\Spotify\Spotify.exe" [2014-07-05 6162488]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-05-08 21444224]
"Spotify Web Helper"="c:\users\SMC\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-07-05 1178168]
"MKLOL"="c:\program files (x86)\MKJogo\MKLOL\MK.exe" [2014-06-06 1227976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2013-12-06 766208]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-11 256896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R0 klelam;klelam;c:\windows\system32\DRIVERS\klelam.sys;c:\windows\SYSNATIVE\DRIVERS\klelam.sys [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 amdkmafd;AMD Audio Bus Lower Filter;c:\windows\System32\drivers\amdkmafd.sys;c:\windows\SYSNATIVE\drivers\amdkmafd.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 WSDScan;WSD-Scanunterstützung;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
R3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
R3 xusb22;Treiberdienst 22 für Xbox 360 Wireless Receiver;c:\windows\System32\drivers\xusb22.sys;c:\windows\SYSNATIVE\drivers\xusb22.sys [x]
R4 klflt;klflt;c:\windows\system32\DRIVERS\klflt.sys;c:\windows\SYSNATIVE\DRIVERS\klflt.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S1 klpd;klpd;c:\windows\system32\DRIVERS\klpd.sys;c:\windows\SYSNATIVE\DRIVERS\klpd.sys [x]
S1 klwfp;klwfp;c:\windows\system32\DRIVERS\klwfp.sys;c:\windows\SYSNATIVE\DRIVERS\klwfp.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
S1 PStrip64;PStrip64;c:\windows\system32\drivers\pstrip64.sys;c:\windows\SYSNATIVE\drivers\pstrip64.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 ISCTAgent;Intel(R) Smart Connect Technology Agent;c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe ;c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe  [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW86.sys;c:\windows\SYSNATIVE\drivers\AtihdW86.sys [x]
S3 ikbevent;Intel Upper keyboard Class Filter Driver;c:\windows\system32\DRIVERS\ikbevent.sys;c:\windows\SYSNATIVE\DRIVERS\ikbevent.sys [x]
S3 imsevent;Intel Upper Mouse Class Filter Driver;c:\windows\system32\DRIVERS\imsevent.sys;c:\windows\SYSNATIVE\DRIVERS\imsevent.sys [x]
S3 INETMON;INETMON;c:\windows\System32\Drivers\INETMON.sys;c:\windows\SYSNATIVE\Drivers\INETMON.sys [x]
S3 ISCT;Intel(R) Smart Connect Technology Device Driver;c:\windows\System32\drivers\ISCTD.sys;c:\windows\SYSNATIVE\drivers\ISCTD.sys [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys;c:\windows\SYSNATIVE\DRIVERS\LGSHidFilt.Sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
S3 RTL8168;Realtek 8168 NT-Treiber;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-07-19 09:45	1104200	----a-w-	c:\program files (x86)\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-08-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-03-28 14:21]
.
2014-08-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-03-28 14:21]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2013-02-28 7468784]
"ISCT Tray"="c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe" [2014-02-21 5860656]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = hxxp://www.yahoo.com/?yhs=10005&cid=&t=266639_2043_deu_0_0_0_1_
uStart Page = hxxp://www.yahoo.com/?yhs=10005&cid=&t=266639_2043_deu_0_0_0_1_
mDefault_Page_URL = hxxp://www.yahoo.com/?yhs=10005&cid=&t=266639_2043_deu_0_0_0_1_
mStart Page = hxxp://www.yahoo.com/?yhs=10005&cid=&t=266639_2043_deu_0_0_0_1_
mLocal Page = hxxp://www.yahoo.com/?yhs=10005&cid=&t=266639_2043_deu_0_0_0_1_
IE: Zu Anti-Banner hinzufügen - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ie_banner_deny.htm
TCP: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{06733ADE-BD3B-4581-BF2F-CFBABB54BC09}: NameServer = 208.69.150.252,208.69.150.250
TCP: Interfaces\{C02CAB3E-C922-4371-A1DD-E72CF76EF979}: NameServer = 208.69.150.252,208.69.150.250
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-Overwolf - c:\program files (x86)\Overwolf\Overwolf.exe
AddRemove-PokerStars.eu - c:\program files (x86)\PokerStars.EU\PokerStarsUninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Zeit der Fertigstellung: 2014-08-01  21:26:46
ComboFix-quarantined-files.txt  2014-08-01 19:26
.
Vor Suchlauf: 13 Verzeichnis(se), 60.035.108.864 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 59.886.768.128 Bytes frei
.
- - End Of File - - 0D0C0C00D8AE463B44837D8FF34E9F31
A36C5E4F47E84449FF07ED3517B43A31
         
Mfg


Alt 01.08.2014, 21:57   #6
M-K-D-B
/// TB-Ausbilder
 
h**p://98uj8.de/s3brsn5ba66mgfzeinrum#ad 98uj8.de hat sich gestern mehrmals selbstständig geöffnet - Standard

h**p://98uj8.de/s3brsn5ba66mgfzeinrum#ad 98uj8.de hat sich gestern mehrmals selbstständig geöffnet



Servus,



was hast du zu dieser Zeit am Rechner genau gemacht?
Bitte alles beschreiben
.




Schritt 1
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).





Schritt 2
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.







Schritt 3
Bitte deaktiviere dein Anti-Viren-Programm, da es das Ergebnis beeinflussen oder ggf. die Bereinigung stören kann.
Bitte lade dir zoek.exe von hier: http://hijackthis.nl/smeenk/ und speichere die Datei auf deinem Desktop.
  • Starte Zoek.exe mit einem Doppelklick.
  • Achtung: Das folgende Skript wurde nur für diesen speziellen Fall geschrieben und könnte andere Computer beschädigen.
  • Kopiere den Text der folgenden Box in das Skriptfenster von zoek:
    Code:
    ATTFilter
    iedefaults;
    resetIEproxy;
    FFdefaults;
    CHRdefaults;
    emptyclsid;
    autoclean;
             
  • Nun klicke auf "Run script" und sei geduldig bis das Skript durchgelaufen ist.
  • Wenn das Tool fertig ist, wird sich Notepad mit der Logdatei öffnen (ggf. erst nach einem Neustart). Das Log befindet sich aber auch noch unter c:\ .
  • Bitte poste mir das ZOEK-Log (möglichst in CODE-Tags - #-Symbol im Antwortfenster klicken).





Schritt 4
  • Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
  • FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.






Bitte poste mit deiner nächsten Antwort
  • die Logdatei von AdwCleaner,
  • die Logdatei von MBAM,
  • die Logdatei von Zoek,
  • die beiden neuen Logdateien von FRST.
__________________
--> h**p://98uj8.de/s3brsn5ba66mgfzeinrum#ad 98uj8.de hat sich gestern mehrmals selbstständig geöffnet

Alt 01.08.2014, 23:09   #7
jrrrrr
 
h**p://98uj8.de/s3brsn5ba66mgfzeinrum#ad 98uj8.de hat sich gestern mehrmals selbstständig geöffnet - Standard

h**p://98uj8.de/s3brsn5ba66mgfzeinrum#ad 98uj8.de hat sich gestern mehrmals selbstständig geöffnet



Hey,

soweit ich mich erinnern kann hatte ich zu der Zeit lediglich ein Youtube Video geschaut, einen Twitch stream und Reddit offen und ein MMORPG. Als es passiert ist war der Tab auf youtube bei dem Video.

Hier die Logfiles

AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v3.001 - Report created 01/09/2013 at 02:03:44
# Updated 24/08/2013 by Xplode
# Operating System : Windows 8  (64 bits)
# Username : SMC - ENZO
# Running from : C:\Users\SMC\Desktop\adwcleaner3001.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\SMC\AppData\Roaming\Mozilla\Firefox\Profiles\ah0thgjj.default\jetpack

***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660


-\\ Mozilla Firefox v23.0.1 (de)

[ File : C:\Users\SMC\AppData\Roaming\Mozilla\Firefox\Profiles\ah0thgjj.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [2106 octets] - [01/09/2013 01:53:58]
AdwCleaner[R1].txt - [950 octets] - [01/09/2013 02:01:52]
AdwCleaner[S0].txt - [2006 octets] - [01/09/2013 01:59:00]
AdwCleaner[S1].txt - [876 octets] - [01/09/2013 02:03:44]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [935 octets] ##########
         
--- --- ---
AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v3.302 - Bericht erstellt am 01/08/2014 um 22:35:39
# Aktualisiert 30/07/2014 von Xplode
# Betriebssystem : Windows 8  (64 bits)
# Benutzername : SMC - ENZO
# Gestartet von : C:\Users\SMC\Desktop\adwcleaner_3.302.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{1F30D846-4BEF-4246-B19E-7E503B0E6639}]
Wert Gelöscht : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{1F30D846-4BEF-4246-B19E-7E503B0E6639}]

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.17028


-\\ Mozilla Firefox v31.0 (x86 de)

[ Datei : C:\Users\SMC\AppData\Roaming\Mozilla\Firefox\Profiles\1cc3vjnf.default\prefs.js ]


-\\ Google Chrome v36.0.1985.125

[ Datei : C:\Users\SMC\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [3679 octets] - [01/09/2013 01:53:58]
AdwCleaner[R1].txt - [2923 octets] - [01/09/2013 02:01:52]
AdwCleaner[R2].txt - [1191 octets] - [01/09/2013 02:05:59]
AdwCleaner[R3].txt - [1130 octets] - [01/09/2013 03:01:38]
AdwCleaner[R4].txt - [1801 octets] - [24/09/2013 20:03:07]
AdwCleaner[R5].txt - [1454 octets] - [24/09/2013 20:07:01]
AdwCleaner[R6].txt - [1574 octets] - [24/09/2013 20:10:17]
AdwCleaner[R7].txt - [1583 octets] - [24/09/2013 20:20:16]
AdwCleaner[R8].txt - [1868 octets] - [28/09/2013 15:26:41]
AdwCleaner[S0].txt - [3580 octets] - [01/09/2013 01:59:00]
AdwCleaner[S1].txt - [2604 octets] - [01/09/2013 02:03:44]
AdwCleaner[S2].txt - [1864 octets] - [24/09/2013 20:04:28]
AdwCleaner[S3].txt - [1517 octets] - [24/09/2013 20:08:04]
AdwCleaner[S4].txt - [1429 octets] - [24/09/2013 20:16:02]
AdwCleaner[S5].txt - [1931 octets] - [28/09/2013 15:27:09]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2904 octets] ##########
         
--- --- ---

MBAM logfile:

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Scan Date: 01.08.2014
Scan Time: 22:39:27
Logfile: mbam.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.08.01.05
Rootkit Database: v2014.07.17.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8
CPU: x64
File System: NTFS
User: SMC

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 329228
Time Elapsed: 4 min, 30 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)
         
Zoek logfiles:

Code:
ATTFilter
Zoek.exe v5.0.0.0 Updated 31-07-2014
Tool run by SMC on 01.08.2014 at 22:47:52,30.
Microsoft Windows 8 6.2.9200  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\SMC\Desktop\zoek.exe [Scan all users] [Script inserted] 

==== System Restore Info ======================

01.08.2014 22:48:19 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-4258935142-1642581507-3000048300-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\SMC\AppData\Roaming\Mozilla\Firefox\Profiles\1cc3vjnf.default\prefs.js:
user_pref("browser.startup.homepage", "hxxp://www.google.de/");

Added to C:\Users\SMC\AppData\Roaming\Mozilla\Firefox\Profiles\1cc3vjnf.default\prefs.js:

ProfilePath: C:\Users\SMC\AppData\Roaming\Mozilla\Firefox\Profiles\1cc3vjnf.default

user.js not found
---- FireFox user.js and prefs.js backups ---- 

prefs__2254_.backup

==== Deleting Files \ Folders ======================

C:\PROGRA~3\Package Cache deleted
C:\Users\SMC\Searches deleted
C:\Windows\SysWow64\AI_RecycleBin deleted
C:\Users\SMC\AppData\Roaming\Mozilla\Firefox\Profiles\1cc3vjnf.default\jetpack deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"online_banking@kaspersky.com"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com" [30.07.2014 11:55]

==== Firefox Extensions ======================

ProfilePath: C:\Users\SMC\AppData\Roaming\Mozilla\Firefox\Profiles\1cc3vjnf.default
- Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
- NoScript - %ProfilePath%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\SMC\AppData\Roaming\Mozilla\Firefox\Profiles\1cc3vjnf.default
4390CCD3790F8D9C427C0C29590C62D7	- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll -	Shockwave Flash


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
blbkdnmdcafmfhinpmnlhhddbepgkeaa - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa[]
dchlnpcodkpfdpacogkljefecpegganj - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx[17.10.2013 16:49]
hakdifolhalapjijoafobooafbilfakh - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx[17.10.2013 16:50]
hghkgaeecgjhjkannahfamoehjmkjail - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx[17.10.2013 16:50]
jagncdcchgajhfhijbbhecadmaiegcmh - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx[25.03.2014 22:15]
kdmpheneajogfnlbplgmdbempjibfbok - C:\Program Files\FBFlicker\source.crx[]
pjldcfjmnllhmgjclecdnfampinooman - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx[17.10.2013 16:49]


==== Chrome Fix ======================

C:\Users\SMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.yahoo.com/?yhs=10005&cid=&t=266639_2043_deu_0_0_0_1_"
"Local Page"="hxxp://www.yahoo.com/?yhs=10005&cid=&t=266639_2043_deu_0_0_0_1_"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="hxxp://www.yahoo.com/?yhs=10005&cid=&t=266639_2043_deu_0_0_0_1_"
"Start Page"="hxxp://www.yahoo.com/?yhs=10005&cid=&t=266639_2043_deu_0_0_0_1_"
"Local Page"="hxxp://www.yahoo.com/?yhs=10005&cid=&t=266639_2043_deu_0_0_0_1_"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="hxxp://www.yahoo.com/?yhs=10005&cid=&t=266639_2043_deu_0_0_0_1_"
"Start Page"="hxxp://www.yahoo.com/?yhs=10005&cid=&t=266639_2043_deu_0_0_0_1_"
"Local Page"="hxxp://www.yahoo.com/?yhs=10005&cid=&t=266639_2043_deu_0_0_0_1_"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
"Local Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
"Local Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="hxxp://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

==== Reset Google Chrome ======================

C:\Users\SMC\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\SMC\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\kdmpheneajogfnlbplgmdbempjibfbok deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\kdmpheneajogfnlbplgmdbempjibfbok deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\SMC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\SMC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EAYQR09X will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\SMC\AppData\Local\Mozilla\Firefox\Profiles\1cc3vjnf.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\SMC\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=90 folders=94 14229410 bytes)

==== Empty Temp Folders ======================

C:\Users\Administrator\AppData\Local\temp emptied successfully
C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Users\SMC\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\SMC\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\SMC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EAYQR09X" not found

==== EOF on 01.08.2014 at 22:57:53,62 ======================
         


FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-07-2014 02
Ran by SMC (administrator) on ENZO on 01-08-2014 22:58:58
Running from C:\Users\SMC\Desktop
Platform: Windows 8 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
(Spotify Ltd) C:\Users\SMC\AppData\Roaming\Spotify\spotify.exe
() C:\Users\SMC\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\SMC\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\SMC\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\SMC\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
() C:\Users\SMC\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Spotify Ltd) C:\Users\SMC\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Windows\Windows.old\Program Files (x86)\Mozilla Firefox\firefox.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\wmi64.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [7468784 2013-02-28] (Logitech Inc.)
HKLM\...\Run: [ISCT Tray] => C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe [5860656 2014-02-21] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
HKU\S-1-5-21-4258935142-1642581507-3000048300-1001\...\Run: [Spotify] => C:\Users\SMC\AppData\Roaming\Spotify\Spotify.exe [6162488 2014-07-05] (Spotify Ltd)
HKU\S-1-5-21-4258935142-1642581507-3000048300-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-4258935142-1642581507-3000048300-1001\...\Run: [Spotify Web Helper] => C:\Users\SMC\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1178168 2014-07-05] (Spotify Ltd)
HKU\S-1-5-21-4258935142-1642581507-3000048300-1001\...\Run: [MKLOL] => C:\Program Files (x86)\MKJogo\MKLOL\MK.exe [1227976 2014-06-06] (MK)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xA6A9F0C9DE8CCF01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{06733ADE-BD3B-4581-BF2F-CFBABB54BC09}: [NameServer]208.69.150.252,208.69.150.250
Tcpip\..\Interfaces\{C02CAB3E-C922-4371-A1DD-E72CF76EF979}: [NameServer]208.69.150.252,208.69.150.250

FireFox:
========
FF ProfilePath: C:\Users\SMC\AppData\Roaming\Mozilla\Firefox\Profiles\1cc3vjnf.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Extension: NoScript - C:\Users\SMC\AppData\Roaming\Mozilla\Firefox\Profiles\1cc3vjnf.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-04-20]
FF Extension: Adblock Plus - C:\Users\SMC\AppData\Roaming\Mozilla\Firefox\Profiles\1cc3vjnf.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-08]
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: 卡巴斯基網址顧問 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-02-28]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: 虛擬鍵盤 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-02-28]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: 惡意網站攔截器 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-02-28]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-02-28]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-02-28]

Chrome: 
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (ProxFlow) - C:\Users\SMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2014-05-18]
CHR Extension: (Google Docs) - C:\Users\SMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-12]
CHR Extension: (Google Drive) - C:\Users\SMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-12]
CHR Extension: (YouTube) - C:\Users\SMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-12]
CHR Extension: (Last updated at $time$ on $date$) - C:\Users\SMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-03-12]
CHR Extension: (Google Search) - C:\Users\SMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-12]
CHR Extension: (Kaspersky URL Advisor) - C:\Users\SMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2014-03-12]
CHR Extension: (Safe Money) - C:\Users\SMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2014-03-12]
CHR Extension: (Dangerous Websites Blocker) - C:\Users\SMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2014-03-12]
CHR Extension: (Virtual Keyboard) - C:\Users\SMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2014-03-12]
CHR Extension: (Google Wallet) - C:\Users\SMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-12]
CHR Extension: (Gmail) - C:\Users\SMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-12]
CHR Extension: (Anti-Banner) - C:\Users\SMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2014-03-12]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2013-10-17]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO)
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [209712 2014-02-21] ()
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2014-06-04] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [29696 2012-09-20] (Microsoft Corporation)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [215040 2013-09-24] (Advanced Micro Devices)
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [22216 2014-02-03] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [22728 2014-02-03] ()
R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [23936 2014-02-03] ()
R3 ISCT; C:\Windows\System32\drivers\ISCTD.sys [44744 2014-02-03] ()
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-02-28] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29792 2014-02-28] (Kaspersky Lab)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-03-25] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625760 2014-03-25] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2013-10-17] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [29280 2014-02-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [65120 2014-03-25] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [178272 2014-02-28] (Kaspersky Lab ZAO)
R3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [66800 2013-01-17] (Logitech Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-01] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
R1 PStrip64; C:\Windows\System32\drivers\pstrip64.sys [13008 2006-09-30] ()
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [89088 2012-07-26] (Microsoft Corporation)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-01 22:56 - 2014-08-01 22:47 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-08-01 22:48 - 2014-08-01 22:57 - 00009189 _____ () C:\zoek-results.log
2014-08-01 22:47 - 2014-08-01 22:55 - 00000000 ____D () C:\zoek_backup
2014-08-01 22:46 - 2014-08-01 22:46 - 01287168 _____ () C:\Users\SMC\Desktop\zoek.exe
2014-08-01 22:36 - 2014-08-01 22:58 - 00000000 ____D () C:\Users\SMC\Desktop\Neuer Ordner (2)
2014-08-01 22:35 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-01 22:33 - 2014-08-01 22:33 - 01361309 _____ () C:\Users\SMC\Desktop\adwcleaner_3.302.exe
2014-08-01 21:26 - 2014-08-01 21:26 - 00011861 _____ () C:\ComboFix.txt
2014-08-01 21:20 - 2014-08-01 21:18 - 05566482 ____R (Swearware) C:\Users\SMC\Desktop\ComboFix.exe
2014-08-01 21:20 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-08-01 21:20 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-08-01 21:20 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-08-01 21:20 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-08-01 21:20 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-08-01 21:20 - 2000-08-31 02:00 - 00212480 _____ (SteelWerX) C:\Windows\SWXCACLS.exe
2014-08-01 21:20 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-08-01 21:20 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-08-01 21:20 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-08-01 21:19 - 2014-08-01 21:26 - 00000000 ____D () C:\Qoobox
2014-08-01 21:18 - 2014-08-01 21:25 - 00000000 ____D () C:\Windows\erdnt
2014-08-01 21:18 - 2014-08-01 21:18 - 05566482 ____R (Swearware) C:\Users\SMC\Downloads\ComboFix.exe
2014-08-01 15:44 - 2014-08-01 15:45 - 00028663 _____ () C:\Users\SMC\Desktop\Addition.txt
2014-08-01 15:39 - 2014-08-01 22:59 - 00017972 _____ () C:\Users\SMC\Desktop\FRST.txt
2014-08-01 02:56 - 2014-08-01 22:57 - 00041244 _____ () C:\Windows\WindowsUpdate.log
2014-08-01 02:23 - 2014-08-01 02:23 - 00027575 _____ () C:\Users\SMC\Downloads\Addition.txt
2014-08-01 02:22 - 2014-08-01 22:58 - 00000000 ____D () C:\FRST
2014-08-01 02:22 - 2014-08-01 02:23 - 00047895 _____ () C:\Users\SMC\Downloads\FRST.txt
2014-08-01 02:22 - 2014-08-01 02:22 - 02094080 _____ (Farbar) C:\Users\SMC\Desktop\FRST64.exe
2014-08-01 02:08 - 2014-08-01 22:57 - 00016242 _____ () C:\Windows\PFRO.log
2014-08-01 02:08 - 2014-08-01 22:57 - 00000564 _____ () C:\Windows\setupact.log
2014-08-01 02:08 - 2014-08-01 02:08 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-01 02:00 - 2014-08-01 22:57 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-01 02:00 - 2014-08-01 02:00 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-01 02:00 - 2014-08-01 02:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-01 02:00 - 2014-08-01 02:00 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-01 02:00 - 2014-08-01 02:00 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-08-01 02:00 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-01 02:00 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-01 02:00 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-01 01:59 - 2014-08-01 01:59 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\SMC\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-31 17:04 - 2014-07-31 17:04 - 00002768 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-07-31 17:04 - 2014-07-31 17:04 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-07-31 17:03 - 2014-07-31 17:04 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-31 17:03 - 2014-07-31 17:03 - 03738080 _____ (Piriform Ltd) C:\Users\SMC\Downloads\ccsetup416_slim.exe
2014-07-27 11:12 - 2014-07-27 11:12 - 00281248 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-24 14:40 - 2014-07-24 14:40 - 00000000 ____D () C:\Users\SMC\AppData\Roaming\mp3DirectCut
2014-07-24 14:39 - 2014-07-24 14:39 - 00308709 _____ () C:\Users\SMC\Downloads\mp3dc220 (1).exe
2014-07-24 14:39 - 2014-07-24 14:39 - 00001059 _____ () C:\Users\SMC\Desktop\mp3DirectCut.lnk
2014-07-24 14:39 - 2014-07-24 14:39 - 00000000 ____D () C:\Program Files (x86)\mp3DirectCut
2014-07-24 14:32 - 2014-07-24 14:32 - 00308709 _____ () C:\Users\SMC\Downloads\mp3DC220.exe
2014-07-22 15:12 - 2014-07-22 15:12 - 04179293 _____ (Lavalys, Inc. ) C:\Users\SMC\Downloads\everesthome220.exe
2014-07-21 18:33 - 2014-07-21 18:33 - 00004623 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-21 18:33 - 2014-07-21 18:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-20 18:35 - 2014-07-20 18:35 - 09318466 _____ () C:\Users\SMC\Downloads\IEM9_Shenzhen_Replaypack.zip
2014-07-16 12:32 - 2014-07-16 12:32 - 00000000 ____D () C:\ProgramData\Riot Games
2014-07-15 21:03 - 2014-07-15 21:03 - 00000211 _____ () C:\Users\SMC\Desktop\Call of Duty Modern Warfare 2 - Multiplayer.url
2014-07-15 21:03 - 2014-07-15 21:03 - 00000000 ____D () C:\Users\SMC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-07-10 14:27 - 2014-07-10 14:27 - 00000210 _____ () C:\Users\SMC\Documents\Enzo.txt
2014-07-10 14:26 - 2014-07-10 14:26 - 00000012 _____ () C:\Users\SMC\Documents\Metin2 Items.txt
2014-07-09 15:15 - 2013-12-25 04:22 - 00000000 ____D () C:\Users\SMC\Desktop\Hardcore-RELOADED
2014-07-09 15:03 - 2014-07-09 15:13 - 1330512925 _____ () C:\Users\SMC\Downloads\Hardcore-RELOADED_24_01.rar
2014-07-09 13:22 - 2014-07-09 13:22 - 00000566 _____ () C:\Users\Public\Desktop\Sirius MT2.lnk
2014-07-09 13:22 - 2014-07-09 13:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sirius MT2
2014-07-09 13:11 - 2014-07-09 13:11 - 00629760 _____ (SiriusMT2) C:\Users\SMC\Downloads\sirius.20.13.rev.win8.installer (1).exe
2014-07-09 13:10 - 2014-07-09 13:18 - 1543192939 _____ (Sirius MT2 ) C:\Users\SMC\Documents\sirius.20.13.rev.win8.client.exe
2014-07-09 13:10 - 2014-07-09 13:10 - 00629760 _____ (SiriusMT2) C:\Users\SMC\Downloads\sirius.20.13.rev.win8.installer.exe
2014-07-09 13:10 - 2014-06-19 04:12 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-09 13:10 - 2014-06-19 04:12 - 01366528 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-09 13:10 - 2014-06-19 04:12 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-07-09 13:10 - 2014-06-19 04:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-07-09 13:10 - 2014-06-19 04:12 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-09 13:10 - 2014-06-19 04:11 - 19277312 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-09 13:10 - 2014-06-19 04:11 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-09 13:10 - 2014-06-19 04:11 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-09 13:10 - 2014-06-19 04:10 - 15369728 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-09 13:10 - 2014-06-19 04:10 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-09 13:10 - 2014-06-19 04:10 - 02650624 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-09 13:10 - 2014-06-19 04:10 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-07-09 13:10 - 2014-06-19 04:10 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-09 13:10 - 2014-06-19 04:10 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-09 13:10 - 2014-06-19 04:10 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-09 13:10 - 2014-06-19 04:10 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-09 13:10 - 2014-06-19 04:10 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-07-09 13:10 - 2014-06-19 04:10 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-09 13:10 - 2014-06-19 04:10 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-09 13:10 - 2014-06-19 04:10 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-09 13:10 - 2014-06-19 04:09 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-09 13:10 - 2014-06-19 02:53 - 14368768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-09 13:10 - 2014-06-19 02:53 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-09 13:10 - 2014-06-19 02:53 - 01141760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-09 13:10 - 2014-06-19 02:53 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-09 13:10 - 2014-06-19 02:53 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-09 13:10 - 2014-06-19 02:53 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-09 13:10 - 2014-06-19 02:53 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-07-09 13:10 - 2014-06-19 02:52 - 13732352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-09 13:10 - 2014-06-19 02:52 - 02863616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-09 13:10 - 2014-06-19 02:52 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-09 13:10 - 2014-06-19 02:52 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-09 13:10 - 2014-06-19 02:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-07-09 13:10 - 2014-06-19 02:52 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-09 13:10 - 2014-06-19 02:52 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-09 13:10 - 2014-06-19 02:52 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-09 13:10 - 2014-06-19 02:52 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-07-09 13:10 - 2014-06-19 02:52 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-09 13:10 - 2014-06-19 02:52 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-09 13:10 - 2014-06-19 02:52 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-09 13:10 - 2014-06-19 02:33 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-09 13:10 - 2014-06-19 02:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-09 13:10 - 2014-06-19 00:05 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-07-09 13:10 - 2014-06-18 01:27 - 01440256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-09 13:10 - 2014-06-18 01:24 - 01557504 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-09 13:10 - 2014-06-11 06:18 - 04038144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-09 13:10 - 2014-06-06 16:06 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-09 13:10 - 2014-06-06 12:17 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-09 13:10 - 2014-06-03 00:33 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2014-07-09 13:10 - 2014-05-30 01:31 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2014-07-09 13:10 - 2014-05-30 01:03 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2014-07-09 13:10 - 2014-05-30 01:02 - 01281536 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-09 13:10 - 2014-05-30 01:02 - 00439808 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll
2014-07-09 13:10 - 2014-05-30 00:24 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-09 13:10 - 2014-05-03 08:34 - 06974808 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-07-09 13:10 - 2014-05-03 08:33 - 01824808 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-07-09 13:10 - 2014-05-03 06:51 - 01408976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-07-09 13:10 - 2014-05-02 00:37 - 01023488 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-07-09 13:10 - 2014-04-30 00:32 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\Robocopy.exe
2014-07-09 13:10 - 2014-04-30 00:32 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Robocopy.exe
2014-07-09 13:10 - 2014-04-24 01:51 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-07-09 13:10 - 2014-04-24 01:51 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-09 13:10 - 2014-04-24 01:38 - 00693760 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-07-09 13:10 - 2014-04-24 01:38 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-09 13:10 - 2014-02-08 06:34 - 00071168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys
2014-07-08 20:26 - 2013-09-09 19:20 - 00009216 _____ () C:\Users\SMC\Desktop\Debugger.exe
2014-07-08 20:18 - 2014-07-08 20:31 - 00000000 ____D () C:\Users\SMC\Desktop\Pandora2 Client
2014-07-08 19:58 - 2014-07-08 20:18 - 1015610130 _____ () C:\Users\SMC\Downloads\Pandora2.p23 (1).rar
2014-07-08 14:21 - 2014-07-08 14:21 - 00000000 ____D () C:\Users\SMC\Desktop\Dark-Mt2 2012
2014-07-08 14:20 - 2014-07-08 14:20 - 02029048 _____ () C:\Users\SMC\Downloads\winrar-x64-510d.exe
2014-07-08 14:20 - 2014-07-08 14:20 - 00000000 ____D () C:\Users\SMC\AppData\Roaming\WinRAR
2014-07-08 14:20 - 2014-07-08 14:20 - 00000000 ____D () C:\Users\SMC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-07-08 14:20 - 2014-07-08 14:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-07-08 14:20 - 2014-07-08 14:20 - 00000000 ____D () C:\Program Files\WinRAR
2014-07-08 14:14 - 2014-07-08 14:19 - 1011932113 _____ () C:\Users\SMC\Downloads\Dark-Mt2 2012.rar
2014-07-08 14:01 - 2014-07-08 14:01 - 00690176 _____ () C:\Users\SMC\Downloads\protection.dll
2014-07-05 09:48 - 2014-07-05 09:48 - 00001605 _____ () C:\Users\Public\Desktop\Play League of Legends.lnk
2014-07-05 09:48 - 2014-07-05 09:48 - 00000000 ____D () C:\Riot Gaymes
2014-07-05 09:48 - 2014-07-05 09:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2014-07-05 09:45 - 2014-07-05 09:45 - 34888568 _____ (Riot Games) C:\Users\SMC\Downloads\LeagueofLegends_EUW_Installer_06_12_13(3).exe
2014-07-04 12:21 - 2014-07-04 12:21 - 00000881 _____ () C:\Users\Public\Desktop\Metin2.lnk
2014-07-04 12:21 - 2014-07-04 12:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Metin2
2014-07-03 22:34 - 2014-07-31 14:21 - 00000000 ____D () C:\Users\SMC\Downloads\Gameforge Live
2014-07-03 22:34 - 2014-07-03 22:34 - 00000792 _____ () C:\Users\Public\Desktop\Gameforge Live.lnk
2014-07-03 22:34 - 2014-07-03 22:34 - 00000000 ____D () C:\Users\SMC\AppData\Local\Gameforge4d
2014-07-03 22:34 - 2014-07-03 22:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge Live
2014-07-03 22:33 - 2014-07-03 22:33 - 20166856 _____ (Gameforge ) C:\Users\SMC\Downloads\Metin2_GameforgeLiveSetup.exe
2014-07-03 17:18 - 2014-07-03 17:18 - 28127688 _____ (Riot Games) C:\Users\SMC\Downloads\LeagueofLegends_KR_Installer_08_27_13_2.exe
2014-07-03 17:14 - 2014-07-03 17:14 - 00005891 _____ () C:\Users\SMC\Downloads\LOL_OPGG_Observer_1363852550.bat
2014-07-02 22:19 - 2014-07-02 22:19 - 00000000 ____D () C:\Program Files (x86)\Screenshots
2014-07-02 20:25 - 2014-07-02 20:25 - 01346754 _____ () C:\Users\SMC\Downloads\ModernRcon_v08_Installer.exe
2014-07-02 20:25 - 2014-07-02 20:25 - 01346754 _____ () C:\Users\SMC\Downloads\ModernRcon_v08_Installer (1).exe
2014-07-02 20:25 - 2014-07-02 20:25 - 00001946 _____ () C:\Users\Administrator\Desktop\ModernRcon v0.8.lnk
2014-07-02 20:25 - 2014-07-02 20:25 - 00000000 ____D () C:\Users\SMC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ModernRcon
2014-07-02 20:25 - 2014-07-02 20:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ModernRcon
2014-07-02 20:25 - 2014-07-02 20:25 - 00000000 ____D () C:\Program Files (x86)\ModernRcon
2014-07-02 12:33 - 2014-07-02 12:33 - 00067071 _____ () C:\Users\SMC\Downloads\switchbot.zip
2014-07-02 11:57 - 2014-07-02 11:57 - 01368745 _____ () C:\Users\SMC\Downloads\Client4 (1).exe
2014-07-02 11:56 - 2014-07-02 11:57 - 01058200 _____ (Adobe) C:\Users\SMC\Downloads\install_flashplayer14x32au_mssd_aaa_aih(3).exe
2014-07-02 11:55 - 2014-07-02 11:56 - 01058200 _____ (Adobe) C:\Users\SMC\Downloads\install_flashplayer14x32au_mssd_aaa_aih(2).exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-01 22:59 - 2014-08-01 15:39 - 00017972 _____ () C:\Users\SMC\Desktop\FRST.txt
2014-08-01 22:58 - 2014-08-01 22:36 - 00000000 ____D () C:\Users\SMC\Desktop\Neuer Ordner (2)
2014-08-01 22:58 - 2014-08-01 02:22 - 00000000 ____D () C:\FRST
2014-08-01 22:58 - 2014-03-02 03:24 - 00000000 ____D () C:\Users\SMC\AppData\Roaming\Skype
2014-08-01 22:58 - 2014-03-02 02:08 - 00000000 ____D () C:\Users\SMC\AppData\Roaming\Spotify
2014-08-01 22:57 - 2014-08-01 22:48 - 00009189 _____ () C:\zoek-results.log
2014-08-01 22:57 - 2014-08-01 02:56 - 00041244 _____ () C:\Windows\WindowsUpdate.log
2014-08-01 22:57 - 2014-08-01 02:08 - 00016242 _____ () C:\Windows\PFRO.log
2014-08-01 22:57 - 2014-08-01 02:08 - 00000564 _____ () C:\Windows\setupact.log
2014-08-01 22:57 - 2014-08-01 02:00 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-01 22:57 - 2014-03-28 16:21 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-01 22:57 - 2014-02-28 17:20 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-08-01 22:57 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-01 22:55 - 2014-08-01 22:47 - 00000000 ____D () C:\zoek_backup
2014-08-01 22:55 - 2014-02-28 16:50 - 00000000 ____D () C:\Users\SMC
2014-08-01 22:47 - 2014-08-01 22:56 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-08-01 22:46 - 2014-08-01 22:46 - 01287168 _____ () C:\Users\SMC\Desktop\zoek.exe
2014-08-01 22:44 - 2014-03-28 16:21 - 00001114 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-01 22:44 - 2014-03-07 17:09 - 00000000 ____D () C:\Users\SMC\AppData\Roaming\TS3Client
2014-08-01 22:42 - 2012-07-26 12:27 - 00751892 _____ () C:\Windows\system32\perfh007.dat
2014-08-01 22:42 - 2012-07-26 12:27 - 00155620 _____ () C:\Windows\system32\perfc007.dat
2014-08-01 22:42 - 2012-07-26 09:28 - 01745416 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-01 22:41 - 2014-03-02 02:10 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4258935142-1642581507-3000048300-1001
2014-08-01 22:36 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-08-01 22:35 - 2013-09-01 01:53 - 00000000 ____D () C:\AdwCleaner
2014-08-01 22:33 - 2014-08-01 22:33 - 01361309 _____ () C:\Users\SMC\Desktop\adwcleaner_3.302.exe
2014-08-01 22:28 - 2014-04-13 15:39 - 00000000 ____D () C:\Users\SMC\Steam
2014-08-01 22:00 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru
2014-08-01 21:26 - 2014-08-01 21:26 - 00011861 _____ () C:\ComboFix.txt
2014-08-01 21:26 - 2014-08-01 21:19 - 00000000 ____D () C:\Qoobox
2014-08-01 21:26 - 2012-07-26 07:37 - 00000000 __RHD () C:\Users\Default
2014-08-01 21:25 - 2014-08-01 21:18 - 00000000 ____D () C:\Windows\erdnt
2014-08-01 21:25 - 2012-07-26 07:26 - 00000215 _____ () C:\Windows\system.ini
2014-08-01 21:18 - 2014-08-01 21:20 - 05566482 ____R (Swearware) C:\Users\SMC\Desktop\ComboFix.exe
2014-08-01 21:18 - 2014-08-01 21:18 - 05566482 ____R (Swearware) C:\Users\SMC\Downloads\ComboFix.exe
2014-08-01 19:47 - 2014-03-25 22:23 - 00103736 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-08-01 15:45 - 2014-08-01 15:44 - 00028663 _____ () C:\Users\SMC\Desktop\Addition.txt
2014-08-01 14:34 - 2014-03-05 18:36 - 00000000 ____D () C:\Users\SMC\AppData\Local\PMB Files
2014-08-01 02:25 - 2014-03-15 01:11 - 00000000 ____D () C:\Users\SMC\AppData\Local\Opera Software
2014-08-01 02:25 - 2014-03-15 01:11 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-08-01 02:24 - 2014-05-27 14:45 - 00000000 ____D () C:\Users\SMC\AppData\Local\PokerStars.EU
2014-08-01 02:24 - 2014-05-27 14:45 - 00000000 ____D () C:\Program Files (x86)\PokerStars.EU
2014-08-01 02:23 - 2014-08-01 02:23 - 00027575 _____ () C:\Users\SMC\Downloads\Addition.txt
2014-08-01 02:23 - 2014-08-01 02:22 - 00047895 _____ () C:\Users\SMC\Downloads\FRST.txt
2014-08-01 02:22 - 2014-08-01 02:22 - 02094080 _____ (Farbar) C:\Users\SMC\Desktop\FRST64.exe
2014-08-01 02:08 - 2014-08-01 02:08 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-01 02:00 - 2014-08-01 02:00 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-01 02:00 - 2014-08-01 02:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-01 02:00 - 2014-08-01 02:00 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-01 02:00 - 2014-08-01 02:00 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-08-01 01:59 - 2014-08-01 01:59 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\SMC\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-31 18:01 - 2014-03-05 18:36 - 00000000 ____D () C:\ProgramData\PMB Files
2014-07-31 17:05 - 2014-03-06 21:27 - 00000000 ____D () C:\Windows\Minidump
2014-07-31 17:05 - 2014-02-28 16:43 - 00000000 ____D () C:\Windows\Panther
2014-07-31 17:04 - 2014-07-31 17:04 - 00002768 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-07-31 17:04 - 2014-07-31 17:04 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-07-31 17:04 - 2014-07-31 17:03 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-31 17:03 - 2014-07-31 17:03 - 03738080 _____ (Piriform Ltd) C:\Users\SMC\Downloads\ccsetup416_slim.exe
2014-07-31 14:21 - 2014-07-03 22:34 - 00000000 ____D () C:\Users\SMC\Downloads\Gameforge Live
2014-07-31 03:52 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-30 13:10 - 2014-03-29 19:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-30 09:54 - 2013-04-10 13:23 - 00000000 ____D () C:\Users\SMC\Documents\StarCraft II
2014-07-30 09:35 - 2014-03-02 02:09 - 00000000 ____D () C:\Users\SMC\AppData\Local\Spotify
2014-07-27 11:12 - 2014-07-27 11:12 - 00281248 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-26 18:25 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-07-24 14:40 - 2014-07-24 14:40 - 00000000 ____D () C:\Users\SMC\AppData\Roaming\mp3DirectCut
2014-07-24 14:39 - 2014-07-24 14:39 - 00308709 _____ () C:\Users\SMC\Downloads\mp3dc220 (1).exe
2014-07-24 14:39 - 2014-07-24 14:39 - 00001059 _____ () C:\Users\SMC\Desktop\mp3DirectCut.lnk
2014-07-24 14:39 - 2014-07-24 14:39 - 00000000 ____D () C:\Program Files (x86)\mp3DirectCut
2014-07-24 14:32 - 2014-07-24 14:32 - 00308709 _____ () C:\Users\SMC\Downloads\mp3DC220.exe
2014-07-22 15:12 - 2014-07-22 15:12 - 04179293 _____ (Lavalys, Inc. ) C:\Users\SMC\Downloads\everesthome220.exe
2014-07-21 18:33 - 2014-07-21 18:33 - 00004623 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-21 18:33 - 2014-07-21 18:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-21 18:33 - 2014-04-21 21:02 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-21 18:33 - 2014-03-08 00:17 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-20 18:35 - 2014-07-20 18:35 - 09318466 _____ () C:\Users\SMC\Downloads\IEM9_Shenzhen_Replaypack.zip
2014-07-16 12:32 - 2014-07-16 12:32 - 00000000 ____D () C:\ProgramData\Riot Games
2014-07-15 21:03 - 2014-07-15 21:03 - 00000211 _____ () C:\Users\SMC\Desktop\Call of Duty Modern Warfare 2 - Multiplayer.url
2014-07-15 21:03 - 2014-07-15 21:03 - 00000000 ____D () C:\Users\SMC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-07-15 01:03 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\rescache
2014-07-12 07:50 - 2012-07-26 12:29 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-12 07:50 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-12 07:50 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-12 07:50 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\WinStore
2014-07-11 03:02 - 2014-03-08 00:17 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-11 02:56 - 2014-03-08 00:17 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-11 02:56 - 2014-03-08 00:17 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-11 02:55 - 2014-03-08 00:17 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-10 14:27 - 2014-07-10 14:27 - 00000210 _____ () C:\Users\SMC\Documents\Enzo.txt
2014-07-10 14:26 - 2014-07-10 14:26 - 00000012 _____ () C:\Users\SMC\Documents\Metin2 Items.txt
2014-07-10 13:18 - 2012-07-26 09:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-07-10 13:17 - 2014-03-03 17:40 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-10 13:17 - 2014-03-03 17:40 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-10 13:17 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-07-09 15:13 - 2014-07-09 15:03 - 1330512925 _____ () C:\Users\SMC\Downloads\Hardcore-RELOADED_24_01.rar
2014-07-09 13:22 - 2014-07-09 13:22 - 00000566 _____ () C:\Users\Public\Desktop\Sirius MT2.lnk
2014-07-09 13:22 - 2014-07-09 13:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sirius MT2
2014-07-09 13:18 - 2014-07-09 13:10 - 1543192939 _____ (Sirius MT2 ) C:\Users\SMC\Documents\sirius.20.13.rev.win8.client.exe
2014-07-09 13:11 - 2014-07-09 13:11 - 00629760 _____ (SiriusMT2) C:\Users\SMC\Downloads\sirius.20.13.rev.win8.installer (1).exe
2014-07-09 13:10 - 2014-07-09 13:10 - 00629760 _____ (SiriusMT2) C:\Users\SMC\Downloads\sirius.20.13.rev.win8.installer.exe
2014-07-08 20:31 - 2014-07-08 20:18 - 00000000 ____D () C:\Users\SMC\Desktop\Pandora2 Client
2014-07-08 20:18 - 2014-07-08 19:58 - 1015610130 _____ () C:\Users\SMC\Downloads\Pandora2.p23 (1).rar
2014-07-08 14:21 - 2014-07-08 14:21 - 00000000 ____D () C:\Users\SMC\Desktop\Dark-Mt2 2012
2014-07-08 14:20 - 2014-07-08 14:20 - 02029048 _____ () C:\Users\SMC\Downloads\winrar-x64-510d.exe
2014-07-08 14:20 - 2014-07-08 14:20 - 00000000 ____D () C:\Users\SMC\AppData\Roaming\WinRAR
2014-07-08 14:20 - 2014-07-08 14:20 - 00000000 ____D () C:\Users\SMC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-07-08 14:20 - 2014-07-08 14:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-07-08 14:20 - 2014-07-08 14:20 - 00000000 ____D () C:\Program Files\WinRAR
2014-07-08 14:19 - 2014-07-08 14:14 - 1011932113 _____ () C:\Users\SMC\Downloads\Dark-Mt2 2012.rar
2014-07-08 14:01 - 2014-07-08 14:01 - 00690176 _____ () C:\Users\SMC\Downloads\protection.dll
2014-07-07 21:35 - 2014-03-05 15:18 - 00000000 ____D () C:\Program Files (x86)\OBS
2014-07-07 01:46 - 2014-06-21 09:57 - 00000000 ____D () C:\Users\SMC\AppData\Roaming\Apple Computer
2014-07-05 09:48 - 2014-07-05 09:48 - 00001605 _____ () C:\Users\Public\Desktop\Play League of Legends.lnk
2014-07-05 09:48 - 2014-07-05 09:48 - 00000000 ____D () C:\Riot Gaymes
2014-07-05 09:48 - 2014-07-05 09:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2014-07-05 09:45 - 2014-07-05 09:45 - 34888568 _____ (Riot Games) C:\Users\SMC\Downloads\LeagueofLegends_EUW_Installer_06_12_13(3).exe
2014-07-04 12:21 - 2014-07-04 12:21 - 00000881 _____ () C:\Users\Public\Desktop\Metin2.lnk
2014-07-04 12:21 - 2014-07-04 12:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Metin2
2014-07-03 22:34 - 2014-07-03 22:34 - 00000792 _____ () C:\Users\Public\Desktop\Gameforge Live.lnk
2014-07-03 22:34 - 2014-07-03 22:34 - 00000000 ____D () C:\Users\SMC\AppData\Local\Gameforge4d
2014-07-03 22:34 - 2014-07-03 22:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge Live
2014-07-03 22:33 - 2014-07-03 22:33 - 20166856 _____ (Gameforge ) C:\Users\SMC\Downloads\Metin2_GameforgeLiveSetup.exe
2014-07-03 21:40 - 2013-04-30 16:24 - 00000000 ____D () C:\Users\SMC\Desktop\Alles
2014-07-03 17:19 - 2013-05-31 04:16 - 00000000 ____D () C:\Riot Games
2014-07-03 17:18 - 2014-07-03 17:18 - 28127688 _____ (Riot Games) C:\Users\SMC\Downloads\LeagueofLegends_KR_Installer_08_27_13_2.exe
2014-07-03 17:14 - 2014-07-03 17:14 - 00005891 _____ () C:\Users\SMC\Downloads\LOL_OPGG_Observer_1363852550.bat
2014-07-02 22:19 - 2014-07-02 22:19 - 00000000 ____D () C:\Program Files (x86)\Screenshots
2014-07-02 20:25 - 2014-07-02 20:25 - 01346754 _____ () C:\Users\SMC\Downloads\ModernRcon_v08_Installer.exe
2014-07-02 20:25 - 2014-07-02 20:25 - 01346754 _____ () C:\Users\SMC\Downloads\ModernRcon_v08_Installer (1).exe
2014-07-02 20:25 - 2014-07-02 20:25 - 00001946 _____ () C:\Users\Administrator\Desktop\ModernRcon v0.8.lnk
2014-07-02 20:25 - 2014-07-02 20:25 - 00000000 ____D () C:\Users\SMC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ModernRcon
2014-07-02 20:25 - 2014-07-02 20:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ModernRcon
2014-07-02 20:25 - 2014-07-02 20:25 - 00000000 ____D () C:\Program Files (x86)\ModernRcon
2014-07-02 12:33 - 2014-07-02 12:33 - 00067071 _____ () C:\Users\SMC\Downloads\switchbot.zip
2014-07-02 11:57 - 2014-07-02 11:57 - 01368745 _____ () C:\Users\SMC\Downloads\Client4 (1).exe
2014-07-02 11:57 - 2014-07-02 11:56 - 01058200 _____ (Adobe) C:\Users\SMC\Downloads\install_flashplayer14x32au_mssd_aaa_aih(3).exe
2014-07-02 11:56 - 2014-07-02 11:55 - 01058200 _____ (Adobe) C:\Users\SMC\Downloads\install_flashplayer14x32au_mssd_aaa_aih(2).exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-28 15:17

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---



Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-07-2014 02
Ran by SMC at 2014-08-01 22:59:14
Running from C:\Users\SMC\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
AMD Accelerated Video Transcoding (Version: 13.20.100.31206 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2013.1206.1603.28764 - Ihr Firmenname) Hidden
AMD Catalyst Install Manager (HKLM\...\{308051DA-0048-7A07-FE8B-9B6EC119A9E8}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Wireless Display v3.0 (Version: 1.0.0.14 - Advanced Micro Devices, Inc.) Hidden
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Call of Duty(R) 4 - Modern Warfare(TM) (HKLM-x32\...\InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}) (Version: 1.7 - Activision)
Call of Duty(R) 4 - Modern Warfare(TM) (x32 Version: 1.00.0000 - Activision) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch (x32 Version:  - ) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch (x32 Version: 1.6 - Activision) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch (x32 Version:  - ) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch (x32 Version: 1.7 - Activision) Hidden
Call of Duty: Black Ops - Multiplayer (HKLM-x32\...\Steam App 42710) (Version:  - Treyarch)
Call of Duty: Black Ops (HKLM-x32\...\Steam App 42700) (Version:  - Treyarch)
Call of Duty: Black Ops II - Multiplayer (HKLM-x32\...\Steam App 202990) (Version:  - )
Call of Duty: Modern Warfare 2 - Multiplayer (HKLM-x32\...\Steam App 10190) (Version:  - Infinity Ward)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Gameforge Live 2.0.4 (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.4 - Gameforge)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Intel(R) Smart Connect Technology (HKLM\...\{9A37ADB3-3D8D-4EDF-8F6D-B8A66F18087B}) (Version: 5.0.10.2793 - Intel Corporation)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.650 - Oracle)
Java Auto Updater (x32 Version: 2.1.65.20 - Oracle, Inc.) Hidden
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Logitech Gaming Software (Version: 8.45.88 - Logitech Inc.) Hidden
Logitech Gaming Software 8.45 (HKLM\...\Logitech Gaming Software) (Version: 8.45.88 - Logitech Inc.)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Metin2 (HKLM-x32\...\Metin2_is1) (Version:  - Gameforge 4D GmbH)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
MKLOL (HKCU\...\MKLOL) (Version:  - )
ModernRcon v0.8 (HKLM-x32\...\ModernRcon v0.8) (Version:  - )
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
NARUTO SHIPPUDEN: Ultimate Ninja STORM 3 Full Burst (HKLM-x32\...\Steam App 234670) (Version:  - CyberConnect 2)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
PokerStars.eu (HKLM-x32\...\PokerStars.eu) (Version:  - PokerStars.eu)
PowerStrip 3 (remove only) (HKLM-x32\...\PowerStrip 3 (remove only)) (Version:  - )
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Spotify (HKCU\...\Spotify) (Version: 0.9.11.27.g2b1a638c - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.13 - TeamSpeak Systems GmbH)
The Elder Scrolls Online (HKLM-x32\...\The Elder Scrolls Online) (Version: 1.0.0.0 - Zenimax Online Studios)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WinRAR 5.10 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

01-08-2014 00:55:14 Geplanter Prüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {252AA413-5CC8-4601-B015-0467E52DE5ED} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)
Task: {3DA5B74C-69B8-4C99-B829-563C91686650} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2014-01-31] (Microsoft Corporation)
Task: {55BC207A-CAD9-40D3-873B-421211B5598F} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-07-10] (Microsoft Corporation)
Task: {5B4E08BC-17E9-4339-B7F2-FCCA21A732FB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-28] (Google Inc.)
Task: {65B0F6F9-5294-42AA-B5AB-918624A2A7BA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-28] (Google Inc.)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {C2A1CA5E-0B5F-4DC9-B9F4-9BB8F44A4BBA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-02-21 10:47 - 2014-02-21 10:47 - 00209712 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
2014-02-21 10:47 - 2014-02-21 10:47 - 00057648 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll
2014-02-21 10:47 - 2014-02-21 10:47 - 00057648 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTEncryptionCheck.dll
2014-02-21 10:47 - 2014-02-21 10:47 - 00037168 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTNetMon.dll
2014-03-25 22:23 - 2014-06-04 21:04 - 00066872 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-03-02 02:09 - 2014-07-05 08:17 - 00601144 _____ () C:\Users\SMC\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
2013-06-17 13:35 - 2013-06-17 13:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll
2013-05-08 15:52 - 2013-05-08 15:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll
2014-03-02 02:09 - 2014-07-05 08:17 - 36966968 _____ () C:\Users\SMC\AppData\Roaming\Spotify\Data\libcef.dll
2014-07-02 11:55 - 2014-07-05 08:17 - 00867896 _____ () C:\Users\SMC\AppData\Roaming\Spotify\Data\ffmpegsumo.dll
2014-03-02 02:09 - 2014-07-05 08:17 - 00886840 _____ () C:\Users\SMC\AppData\Roaming\Spotify\Data\libglesv2.dll
2014-03-02 02:09 - 2014-07-05 08:17 - 00108600 _____ () C:\Users\SMC\AppData\Roaming\Spotify\Data\libegl.dll
2014-07-30 10:41 - 2014-07-30 10:41 - 03800688 _____ () C:\Windows\Windows.old\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/01/2014 09:20:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 31.0.0.5310, Zeitstempel: 0x53c75e91
Name des fehlerhaften Moduls: mozalloc.dll, Version: 31.0.0.5310, Zeitstempel: 0x53c72e91
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000141b
ID des fehlerhaften Prozesses: 0x11e8
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Vollständiger Name des fehlerhaften Pakets: plugin-container.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: plugin-container.exe5

Error: (07/29/2014 01:29:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: metin2client.bin, Version: 1.0.34083.0, Zeitstempel: 0x52d874d1
Name des fehlerhaften Moduls: metin2client.bin, Version: 1.0.34083.0, Zeitstempel: 0x52d874d1
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0015b36a
ID des fehlerhaften Prozesses: 0x26a4
Startzeit der fehlerhaften Anwendung: 0xmetin2client.bin0
Pfad der fehlerhaften Anwendung: metin2client.bin1
Pfad des fehlerhaften Moduls: metin2client.bin2
Berichtskennung: metin2client.bin3
Vollständiger Name des fehlerhaften Pakets: metin2client.bin4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: metin2client.bin5

Error: (07/29/2014 01:29:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: metin2client.bin, Version: 1.0.34083.0, Zeitstempel: 0x52d874d1
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc00001a5
Fehleroffset: 0x690b3b1e
ID des fehlerhaften Prozesses: 0x26a4
Startzeit der fehlerhaften Anwendung: 0xmetin2client.bin0
Pfad der fehlerhaften Anwendung: metin2client.bin1
Pfad des fehlerhaften Moduls: metin2client.bin2
Berichtskennung: metin2client.bin3
Vollständiger Name des fehlerhaften Pakets: metin2client.bin4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: metin2client.bin5

Error: (07/29/2014 01:29:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: metin2client.bin, Version: 1.0.34083.0, Zeitstempel: 0x52d874d1
Name des fehlerhaften Moduls: metin2client.bin, Version: 1.0.34083.0, Zeitstempel: 0x52d874d1
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0015b36a
ID des fehlerhaften Prozesses: 0x26a4
Startzeit der fehlerhaften Anwendung: 0xmetin2client.bin0
Pfad der fehlerhaften Anwendung: metin2client.bin1
Pfad des fehlerhaften Moduls: metin2client.bin2
Berichtskennung: metin2client.bin3
Vollständiger Name des fehlerhaften Pakets: metin2client.bin4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: metin2client.bin5

Error: (07/28/2014 02:11:41 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm opera.exe, Version 20.0.1387.77 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1b68

Startzeit: 01cfaa5d0abd8b05

Endzeit: 1

Anwendungspfad: C:\Program Files (x86)\Opera\20.0.1387.77\opera.exe

Berichts-ID: 52b51d68-1650-11e4-be8c-d43d7e948b8d

Vollständiger Name des fehlerhaften Pakets: 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (07/28/2014 01:25:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm opera.exe, Version 20.0.1387.77 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 2368

Startzeit: 01cfaa56a5a8597b

Endzeit: 2

Anwendungspfad: C:\Program Files (x86)\Opera\20.0.1387.77\opera.exe

Berichts-ID: e75c118b-1649-11e4-be8c-d43d7e948b8d

Vollständiger Name des fehlerhaften Pakets: 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (07/26/2014 06:25:54 PM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description: ATI EEU maximum number of session has been surpassed

Error: (07/26/2014 06:25:54 PM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description: ATI EEU maximum number of session has been surpassed

Error: (07/26/2014 06:25:54 PM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description: ATI EEU maximum number of session has been surpassed

Error: (07/26/2014 06:25:53 PM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description: ATI EEU maximum number of session has been surpassed


System errors:
=============
Error: (08/01/2014 10:54:58 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (08/01/2014 10:54:58 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (08/01/2014 10:54:58 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (08/01/2014 10:54:58 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (08/01/2014 10:54:57 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (08/01/2014 09:25:31 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (08/01/2014 09:23:06 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (08/01/2014 02:10:49 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎01.‎08.‎2014 um 02:08:46 unerwartet heruntergefahren.

Error: (08/01/2014 02:10:44 AM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 29) (User: NT-AUTORITÄT)
Description: 32212256845801641824787408

Error: (07/31/2014 04:49:13 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.


Microsoft Office Sessions:
=========================
Error: (08/01/2014 09:20:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe31.0.0.531053c75e91mozalloc.dll31.0.0.531053c72e91800000030000141b11e801cfad7db011f2fcC:\Windows\Windows.old\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Windows\Windows.old\Program Files (x86)\Mozilla Firefox\mozalloc.dllf5f4ff41-19b0-11e4-be8f-d43d7e948b8d

Error: (07/29/2014 01:29:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: metin2client.bin1.0.34083.052d874d1metin2client.bin1.0.34083.052d874d1c00000050015b36a26a401cfab20364de832C:\Users\SMC\Desktop\Hardcore-RELOADED\bin\metin2client.binC:\Users\SMC\Desktop\Hardcore-RELOADED\bin\metin2client.bin9969ee23-1713-11e4-be8c-d43d7e948b8d

Error: (07/29/2014 01:29:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: metin2client.bin1.0.34083.052d874d1unknown0.0.0.000000000c00001a5690b3b1e26a401cfab20364de832C:\Users\SMC\Desktop\Hardcore-RELOADED\bin\metin2client.binunknown987aaa59-1713-11e4-be8c-d43d7e948b8d

Error: (07/29/2014 01:29:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: metin2client.bin1.0.34083.052d874d1metin2client.bin1.0.34083.052d874d1c00000050015b36a26a401cfab20364de832C:\Users\SMC\Desktop\Hardcore-RELOADED\bin\metin2client.binC:\Users\SMC\Desktop\Hardcore-RELOADED\bin\metin2client.bin97a13c42-1713-11e4-be8c-d43d7e948b8d

Error: (07/28/2014 02:11:41 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: opera.exe20.0.1387.771b6801cfaa5d0abd8b051C:\Program Files (x86)\Opera\20.0.1387.77\opera.exe52b51d68-1650-11e4-be8c-d43d7e948b8d

Error: (07/28/2014 01:25:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: opera.exe20.0.1387.77236801cfaa56a5a8597b2C:\Program Files (x86)\Opera\20.0.1387.77\opera.exee75c118b-1649-11e4-be8c-d43d7e948b8d

Error: (07/26/2014 06:25:54 PM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description: 

Error: (07/26/2014 06:25:54 PM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description: 

Error: (07/26/2014 06:25:54 PM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description: 

Error: (07/26/2014 06:25:53 PM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description: 


CodeIntegrity Errors:
===================================
  Date: 2014-07-22 15:13:19.498
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\SMC\AppData\Local\Temp\EverestDriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-07-22 15:13:19.452
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64 because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info =========================== 

Percentage of memory in use: 25%
Total physical RAM: 8138.93 MB
Available physical RAM: 6073.46 MB
Total Pagefile: 9482.93 MB
Available Pagefile: 6993.73 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.54 GB) (Free:56.35 GB) NTFS
Drive d: (System-reserviert) (Fixed) (Total:0.34 GB) (Free:0.11 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: () (Fixed) (Total:931.17 GB) (Free:823.51 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: E26C42F5)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=233 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: E38E2228)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

MfG und danke für die super Hilfe bisher.

Alt 02.08.2014, 12:03   #8
M-K-D-B
/// TB-Ausbilder
 
h**p://98uj8.de/s3brsn5ba66mgfzeinrum#ad 98uj8.de hat sich gestern mehrmals selbstständig geöffnet - Standard

h**p://98uj8.de/s3brsn5ba66mgfzeinrum#ad 98uj8.de hat sich gestern mehrmals selbstständig geöffnet



Servus,


Bitte setze deine Brower wie folgt zurück:
IE :::
Setze folgendermassen den Internet Explorer zurück:
  • Öffne den Internet Explorer und gehe zu Extras -> Internetoptionen.
  • Klicke in der Registerkarte Erweitert unter "Internet Explorer-Einstellungen zurücksetzen" auf Zurücksetzen...
  • Klicke im Dialogfeld "Internet Explorer-Einstellungen zurücksetzen" zum Bestätigen auf Zurücksetzen.
(Hier findest du die bebilderte Anleitung.)

FF :::
setze bitte Firefox wie folgt zurück und sag mir, ob die Buttons dann wieder normal sind oder nicht:
Firefox zurücksetzen

CHR:::
Setze Google Chrome nach dieser Anleitung zurück.





Hast du jetzt immer noch Probleme mit der Adresse?
__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Alt 03.08.2014, 18:57   #9
jrrrrr
 
h**p://98uj8.de/s3brsn5ba66mgfzeinrum#ad 98uj8.de hat sich gestern mehrmals selbstständig geöffnet - Standard

h**p://98uj8.de/s3brsn5ba66mgfzeinrum#ad 98uj8.de hat sich gestern mehrmals selbstständig geöffnet



Hey,

ich habe das alles nun gemacht, leider weiß ich nicht was du mit buttons meinst.

Kurz bevor ich es jedoch gemacht habe hat sich bei meinem firefox eine andere Seite geöffnet. Ich werde nun schauen ob es noch einmal passiert und melde mich dann.

Danke !

Alt 04.08.2014, 10:24   #10
M-K-D-B
/// TB-Ausbilder
 
h**p://98uj8.de/s3brsn5ba66mgfzeinrum#ad 98uj8.de hat sich gestern mehrmals selbstständig geöffnet - Standard

h**p://98uj8.de/s3brsn5ba66mgfzeinrum#ad 98uj8.de hat sich gestern mehrmals selbstständig geöffnet



Servus,



ok, danke.

Gib mir in 1-2 Tagen Bescheid, damit wir dann ggf. schon abschließen können.
__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Alt 04.08.2014, 18:07   #11
jrrrrr
 
h**p://98uj8.de/s3brsn5ba66mgfzeinrum#ad 98uj8.de hat sich gestern mehrmals selbstständig geöffnet - Standard

h**p://98uj8.de/s3brsn5ba66mgfzeinrum#ad 98uj8.de hat sich gestern mehrmals selbstständig geöffnet



Hey,

also gerade eben ist es wieder passiert das sich die Seite h**p://98uj8.de/s3brsn5ba66mgfzeinrum#ad 98uj8.de ca 100 mal in Firefox geöffnet hat, und sich danach der Mozilla Absturzmelder geöffnet hat .
Langsam werde ich ein wenig ratlos was das sein könnte, ich werde jetzt nochmal alles durchscannen und dann wenn gefordert die Logs posten.

mfg

Alt 05.08.2014, 10:55   #12
M-K-D-B
/// TB-Ausbilder
 
h**p://98uj8.de/s3brsn5ba66mgfzeinrum#ad 98uj8.de hat sich gestern mehrmals selbstständig geöffnet - Standard

h**p://98uj8.de/s3brsn5ba66mgfzeinrum#ad 98uj8.de hat sich gestern mehrmals selbstständig geöffnet



Servus,



alles klar, melde dich wieder.
__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Alt 05.08.2014, 22:51   #13
jrrrrr
 
h**p://98uj8.de/s3brsn5ba66mgfzeinrum#ad 98uj8.de hat sich gestern mehrmals selbstständig geöffnet - Standard

h**p://98uj8.de/s3brsn5ba66mgfzeinrum#ad 98uj8.de hat sich gestern mehrmals selbstständig geöffnet



Hey,

okey hier sind die Logs:


FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-07-2014 02
Ran by SMC (administrator) on ENZO on 04-08-2014 18:13:23
Running from C:\Users\SMC\Desktop
Platform: Windows 8 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
(Spotify Ltd) C:\Users\SMC\AppData\Roaming\Spotify\spotify.exe
() C:\Users\SMC\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\SMC\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\SMC\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Spotify Ltd) C:\Users\SMC\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
() C:\Users\SMC\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Blizzard Entertainment, Inc.) E:\Program Files (x86)\StarCraft II\Versions\Base28667\SC2.exe
(Ymir Entertainment) C:\Users\SMC\Desktop\Hardcore-RELOADED\bin\metin2client.bin
() C:\Users\SMC\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\SMC\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Mozilla Corporation) C:\Windows\Windows.old\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Windows\Windows.old\Program Files (x86)\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [7468784 2013-02-28] (Logitech Inc.)
HKLM\...\Run: [ISCT Tray] => C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe [5860656 2014-02-21] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
HKU\S-1-5-21-4258935142-1642581507-3000048300-1001\...\Run: [Spotify] => C:\Users\SMC\AppData\Roaming\Spotify\Spotify.exe [6162488 2014-07-05] (Spotify Ltd)
HKU\S-1-5-21-4258935142-1642581507-3000048300-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-4258935142-1642581507-3000048300-1001\...\Run: [Spotify Web Helper] => C:\Users\SMC\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1178168 2014-07-05] (Spotify Ltd)
HKU\S-1-5-21-4258935142-1642581507-3000048300-1001\...\Run: [MKLOL] => C:\Program Files (x86)\MKJogo\MKLOL\MK.exe [1227976 2014-06-06] (MK)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{06733ADE-BD3B-4581-BF2F-CFBABB54BC09}: [NameServer]208.69.150.252,208.69.150.250
Tcpip\..\Interfaces\{C02CAB3E-C922-4371-A1DD-E72CF76EF979}: [NameServer]208.69.150.252,208.69.150.250

FireFox:
========
FF ProfilePath: C:\Users\SMC\AppData\Roaming\Mozilla\Firefox\Profiles\cqb5t4zu.default-1407084708848
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Extension: NoScript - C:\Users\SMC\AppData\Roaming\Mozilla\Firefox\Profiles\cqb5t4zu.default-1407084708848\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-08-03]
FF Extension: Adblock Plus - C:\Users\SMC\AppData\Roaming\Mozilla\Firefox\Profiles\cqb5t4zu.default-1407084708848\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-08-03]
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: 卡巴斯基網址顧問 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-02-28]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: 虛擬鍵盤 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-02-28]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: 惡意網站攔截器 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-02-28]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-02-28]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-02-28]

Chrome: 
=======
CHR Extension: (Google Docs) - C:\Users\SMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-12]
CHR Extension: (Google Drive) - C:\Users\SMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-12]
CHR Extension: (YouTube) - C:\Users\SMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-12]
CHR Extension: (Adblock Plus) - C:\Users\SMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-08-03]
CHR Extension: (Google-Suche) - C:\Users\SMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-12]
CHR Extension: (Modul zur Link-Untersuchung) - C:\Users\SMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2014-03-12]
CHR Extension: (Sicherer Zahlungsverkehr) - C:\Users\SMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2014-03-12]
CHR Extension: (Modul zum Sperren von gefährlichen Webseiten) - C:\Users\SMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2014-03-12]
CHR Extension: (Virtual Keyboard) - C:\Users\SMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2014-03-12]
CHR Extension: (Google Wallet) - C:\Users\SMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-12]
CHR Extension: (Google Mail) - C:\Users\SMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-12]
CHR Extension: (Anti-Banner) - C:\Users\SMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2014-03-12]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2013-10-17]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO)
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [209712 2014-02-21] ()
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2014-06-04] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [29696 2012-09-20] (Microsoft Corporation)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [215040 2013-09-24] (Advanced Micro Devices)
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [22216 2014-02-03] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [22728 2014-02-03] ()
R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [23936 2014-02-03] ()
R3 ISCT; C:\Windows\System32\drivers\ISCTD.sys [44744 2014-02-03] ()
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-02-28] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29792 2014-02-28] (Kaspersky Lab)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-03-25] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625760 2014-03-25] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2013-10-17] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [29280 2014-02-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [65120 2014-03-25] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [178272 2014-02-28] (Kaspersky Lab ZAO)
R3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [66800 2013-01-17] (Logitech Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-04] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
R1 PStrip64; C:\Windows\System32\drivers\pstrip64.sys [13008 2006-09-30] ()
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [89088 2012-07-26] (Microsoft Corporation)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-03 18:51 - 2014-08-03 18:51 - 00000000 ____D () C:\Users\SMC\Desktop\Alte Firefox-Daten
2014-08-01 23:04 - 2014-08-01 23:04 - 00001037 _____ () C:\Users\SMC\Desktop\mbam.txt
2014-08-01 22:59 - 2014-08-01 22:59 - 00044988 _____ () C:\Users\SMC\Desktop\Shortcut.txt
2014-08-01 22:56 - 2014-08-01 22:47 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-08-01 22:48 - 2014-08-01 22:57 - 00009189 _____ () C:\zoek-results.log
2014-08-01 22:47 - 2014-08-01 22:55 - 00000000 ____D () C:\zoek_backup
2014-08-01 22:46 - 2014-08-01 22:46 - 01287168 _____ () C:\Users\SMC\Desktop\zoek.exe
2014-08-01 22:36 - 2014-08-01 22:58 - 00000000 ____D () C:\Users\SMC\Desktop\Neuer Ordner (2)
2014-08-01 22:35 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-01 22:33 - 2014-08-01 22:33 - 01361309 _____ () C:\Users\SMC\Desktop\adwcleaner_3.302.exe
2014-08-01 21:26 - 2014-08-01 21:26 - 00011861 _____ () C:\ComboFix.txt
2014-08-01 21:20 - 2014-08-01 21:18 - 05566482 ____R (Swearware) C:\Users\SMC\Desktop\ComboFix.exe
2014-08-01 21:20 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-08-01 21:20 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-08-01 21:20 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-08-01 21:20 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-08-01 21:20 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-08-01 21:20 - 2000-08-31 02:00 - 00212480 _____ (SteelWerX) C:\Windows\SWXCACLS.exe
2014-08-01 21:20 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-08-01 21:20 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-08-01 21:20 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-08-01 21:19 - 2014-08-01 21:26 - 00000000 ____D () C:\Qoobox
2014-08-01 21:18 - 2014-08-01 21:25 - 00000000 ____D () C:\Windows\erdnt
2014-08-01 21:18 - 2014-08-01 21:18 - 05566482 ____R (Swearware) C:\Users\SMC\Downloads\ComboFix.exe
2014-08-01 15:44 - 2014-08-01 22:59 - 00027379 _____ () C:\Users\SMC\Desktop\Addition.txt
2014-08-01 15:39 - 2014-08-04 18:13 - 00017752 _____ () C:\Users\SMC\Desktop\FRST.txt
2014-08-01 02:56 - 2014-08-01 23:17 - 00042173 _____ () C:\Windows\WindowsUpdate.log
2014-08-01 02:23 - 2014-08-01 02:23 - 00027575 _____ () C:\Users\SMC\Downloads\Addition.txt
2014-08-01 02:22 - 2014-08-04 18:13 - 00000000 ____D () C:\FRST
2014-08-01 02:22 - 2014-08-01 02:23 - 00047895 _____ () C:\Users\SMC\Downloads\FRST.txt
2014-08-01 02:22 - 2014-08-01 02:22 - 02094080 _____ (Farbar) C:\Users\SMC\Desktop\FRST64.exe
2014-08-01 02:08 - 2014-08-01 22:57 - 00016242 _____ () C:\Windows\PFRO.log
2014-08-01 02:08 - 2014-08-01 22:57 - 00000564 _____ () C:\Windows\setupact.log
2014-08-01 02:08 - 2014-08-01 02:08 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-01 02:00 - 2014-08-04 17:10 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-01 02:00 - 2014-08-01 02:00 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-01 02:00 - 2014-08-01 02:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-01 02:00 - 2014-08-01 02:00 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-01 02:00 - 2014-08-01 02:00 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-08-01 02:00 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-01 02:00 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-01 02:00 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-01 01:59 - 2014-08-01 01:59 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\SMC\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-31 17:04 - 2014-07-31 17:04 - 00002768 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-07-31 17:04 - 2014-07-31 17:04 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-07-31 17:03 - 2014-07-31 17:04 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-31 17:03 - 2014-07-31 17:03 - 03738080 _____ (Piriform Ltd) C:\Users\SMC\Downloads\ccsetup416_slim.exe
2014-07-27 11:12 - 2014-07-27 11:12 - 00281248 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-24 14:40 - 2014-07-24 14:40 - 00000000 ____D () C:\Users\SMC\AppData\Roaming\mp3DirectCut
2014-07-24 14:39 - 2014-07-24 14:39 - 00308709 _____ () C:\Users\SMC\Downloads\mp3dc220 (1).exe
2014-07-24 14:39 - 2014-07-24 14:39 - 00001059 _____ () C:\Users\SMC\Desktop\mp3DirectCut.lnk
2014-07-24 14:39 - 2014-07-24 14:39 - 00000000 ____D () C:\Program Files (x86)\mp3DirectCut
2014-07-24 14:32 - 2014-07-24 14:32 - 00308709 _____ () C:\Users\SMC\Downloads\mp3DC220.exe
2014-07-22 15:12 - 2014-07-22 15:12 - 04179293 _____ (Lavalys, Inc. ) C:\Users\SMC\Downloads\everesthome220.exe
2014-07-21 18:33 - 2014-07-21 18:33 - 00004623 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-21 18:33 - 2014-07-21 18:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-20 18:35 - 2014-07-20 18:35 - 09318466 _____ () C:\Users\SMC\Downloads\IEM9_Shenzhen_Replaypack.zip
2014-07-16 12:32 - 2014-07-16 12:32 - 00000000 ____D () C:\ProgramData\Riot Games
2014-07-15 21:03 - 2014-07-15 21:03 - 00000211 _____ () C:\Users\SMC\Desktop\Call of Duty Modern Warfare 2 - Multiplayer.url
2014-07-15 21:03 - 2014-07-15 21:03 - 00000000 ____D () C:\Users\SMC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-07-10 14:27 - 2014-07-10 14:27 - 00000210 _____ () C:\Users\SMC\Documents\Enzo.txt
2014-07-10 14:26 - 2014-07-10 14:26 - 00000012 _____ () C:\Users\SMC\Documents\Metin2 Items.txt
2014-07-09 15:15 - 2013-12-25 04:22 - 00000000 ____D () C:\Users\SMC\Desktop\Hardcore-RELOADED
2014-07-09 15:03 - 2014-07-09 15:13 - 1330512925 _____ () C:\Users\SMC\Downloads\Hardcore-RELOADED_24_01.rar
2014-07-09 13:22 - 2014-07-09 13:22 - 00000566 _____ () C:\Users\Public\Desktop\Sirius MT2.lnk
2014-07-09 13:22 - 2014-07-09 13:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sirius MT2
2014-07-09 13:11 - 2014-07-09 13:11 - 00629760 _____ (SiriusMT2) C:\Users\SMC\Downloads\sirius.20.13.rev.win8.installer (1).exe
2014-07-09 13:10 - 2014-07-09 13:18 - 1543192939 _____ (Sirius MT2 ) C:\Users\SMC\Documents\sirius.20.13.rev.win8.client.exe
2014-07-09 13:10 - 2014-07-09 13:10 - 00629760 _____ (SiriusMT2) C:\Users\SMC\Downloads\sirius.20.13.rev.win8.installer.exe
2014-07-09 13:10 - 2014-06-19 04:12 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-09 13:10 - 2014-06-19 04:12 - 01366528 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-09 13:10 - 2014-06-19 04:12 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-07-09 13:10 - 2014-06-19 04:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-07-09 13:10 - 2014-06-19 04:12 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-09 13:10 - 2014-06-19 04:11 - 19277312 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-09 13:10 - 2014-06-19 04:11 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-09 13:10 - 2014-06-19 04:11 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-09 13:10 - 2014-06-19 04:10 - 15369728 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-09 13:10 - 2014-06-19 04:10 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-09 13:10 - 2014-06-19 04:10 - 02650624 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-09 13:10 - 2014-06-19 04:10 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-07-09 13:10 - 2014-06-19 04:10 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-09 13:10 - 2014-06-19 04:10 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-09 13:10 - 2014-06-19 04:10 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-09 13:10 - 2014-06-19 04:10 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-09 13:10 - 2014-06-19 04:10 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-07-09 13:10 - 2014-06-19 04:10 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-09 13:10 - 2014-06-19 04:10 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-09 13:10 - 2014-06-19 04:10 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-09 13:10 - 2014-06-19 04:09 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-09 13:10 - 2014-06-19 02:53 - 14368768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-09 13:10 - 2014-06-19 02:53 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-09 13:10 - 2014-06-19 02:53 - 01141760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-09 13:10 - 2014-06-19 02:53 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-09 13:10 - 2014-06-19 02:53 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-09 13:10 - 2014-06-19 02:53 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-09 13:10 - 2014-06-19 02:53 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-07-09 13:10 - 2014-06-19 02:52 - 13732352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-09 13:10 - 2014-06-19 02:52 - 02863616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-09 13:10 - 2014-06-19 02:52 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-09 13:10 - 2014-06-19 02:52 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-09 13:10 - 2014-06-19 02:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-07-09 13:10 - 2014-06-19 02:52 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-09 13:10 - 2014-06-19 02:52 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-09 13:10 - 2014-06-19 02:52 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-09 13:10 - 2014-06-19 02:52 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-07-09 13:10 - 2014-06-19 02:52 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-09 13:10 - 2014-06-19 02:52 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-09 13:10 - 2014-06-19 02:52 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-09 13:10 - 2014-06-19 02:33 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-09 13:10 - 2014-06-19 02:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-09 13:10 - 2014-06-19 00:05 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-07-09 13:10 - 2014-06-18 01:27 - 01440256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-09 13:10 - 2014-06-18 01:24 - 01557504 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-09 13:10 - 2014-06-11 06:18 - 04038144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-09 13:10 - 2014-06-06 16:06 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-09 13:10 - 2014-06-06 12:17 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-09 13:10 - 2014-06-03 00:33 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2014-07-09 13:10 - 2014-05-30 01:31 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2014-07-09 13:10 - 2014-05-30 01:03 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2014-07-09 13:10 - 2014-05-30 01:02 - 01281536 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-09 13:10 - 2014-05-30 01:02 - 00439808 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll
2014-07-09 13:10 - 2014-05-30 00:24 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-09 13:10 - 2014-05-03 08:34 - 06974808 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-07-09 13:10 - 2014-05-03 08:33 - 01824808 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-07-09 13:10 - 2014-05-03 06:51 - 01408976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-07-09 13:10 - 2014-05-02 00:37 - 01023488 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-07-09 13:10 - 2014-04-30 00:32 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\Robocopy.exe
2014-07-09 13:10 - 2014-04-30 00:32 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Robocopy.exe
2014-07-09 13:10 - 2014-04-24 01:51 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-07-09 13:10 - 2014-04-24 01:51 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-09 13:10 - 2014-04-24 01:38 - 00693760 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-07-09 13:10 - 2014-04-24 01:38 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-09 13:10 - 2014-02-08 06:34 - 00071168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys
2014-07-08 20:26 - 2013-09-09 19:20 - 00009216 _____ () C:\Users\SMC\Desktop\Debugger.exe
2014-07-08 20:18 - 2014-07-08 20:31 - 00000000 ____D () C:\Users\SMC\Desktop\Pandora2 Client
2014-07-08 19:58 - 2014-07-08 20:18 - 1015610130 _____ () C:\Users\SMC\Downloads\Pandora2.p23 (1).rar
2014-07-08 14:21 - 2014-07-08 14:21 - 00000000 ____D () C:\Users\SMC\Desktop\Dark-Mt2 2012
2014-07-08 14:20 - 2014-07-08 14:20 - 02029048 _____ () C:\Users\SMC\Downloads\winrar-x64-510d.exe
2014-07-08 14:20 - 2014-07-08 14:20 - 00000000 ____D () C:\Users\SMC\AppData\Roaming\WinRAR
2014-07-08 14:20 - 2014-07-08 14:20 - 00000000 ____D () C:\Users\SMC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-07-08 14:20 - 2014-07-08 14:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-07-08 14:20 - 2014-07-08 14:20 - 00000000 ____D () C:\Program Files\WinRAR
2014-07-08 14:14 - 2014-07-08 14:19 - 1011932113 _____ () C:\Users\SMC\Downloads\Dark-Mt2 2012.rar
2014-07-08 14:01 - 2014-07-08 14:01 - 00690176 _____ () C:\Users\SMC\Downloads\protection.dll
2014-07-05 09:48 - 2014-07-05 09:48 - 00001605 _____ () C:\Users\Public\Desktop\Play League of Legends.lnk
2014-07-05 09:48 - 2014-07-05 09:48 - 00000000 ____D () C:\Riot Gaymes
2014-07-05 09:48 - 2014-07-05 09:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2014-07-05 09:45 - 2014-07-05 09:45 - 34888568 _____ (Riot Games) C:\Users\SMC\Downloads\LeagueofLegends_EUW_Installer_06_12_13(3).exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-04 18:13 - 2014-08-01 15:39 - 00017752 _____ () C:\Users\SMC\Desktop\FRST.txt
2014-08-04 18:13 - 2014-08-01 02:22 - 00000000 ____D () C:\FRST
2014-08-04 18:02 - 2014-03-02 03:24 - 00000000 ____D () C:\Users\SMC\AppData\Roaming\Skype
2014-08-04 17:52 - 2014-02-28 17:20 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-08-04 17:44 - 2014-03-28 16:21 - 00001114 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-04 17:40 - 2014-03-02 02:08 - 00000000 ____D () C:\Users\SMC\AppData\Roaming\Spotify
2014-08-04 17:10 - 2014-08-01 02:00 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-04 17:06 - 2014-03-02 02:10 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4258935142-1642581507-3000048300-1001
2014-08-04 17:00 - 2014-03-28 16:21 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-04 17:00 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru
2014-08-04 16:32 - 2014-03-07 17:09 - 00000000 ____D () C:\Users\SMC\AppData\Roaming\TS3Client
2014-08-04 14:54 - 2014-03-05 18:36 - 00000000 ____D () C:\Users\SMC\AppData\Local\PMB Files
2014-08-03 18:51 - 2014-08-03 18:51 - 00000000 ____D () C:\Users\SMC\Desktop\Alte Firefox-Daten
2014-08-03 16:30 - 2014-04-13 15:39 - 00000000 ____D () C:\Users\SMC\Steam
2014-08-03 15:31 - 2014-03-25 22:23 - 00103736 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-08-03 15:00 - 2014-07-03 22:34 - 00000000 ____D () C:\Users\SMC\Downloads\Gameforge Live
2014-08-01 23:38 - 2014-02-28 16:50 - 00000000 ____D () C:\Users\SMC
2014-08-01 23:17 - 2014-08-01 02:56 - 00042173 _____ () C:\Windows\WindowsUpdate.log
2014-08-01 23:04 - 2014-08-01 23:04 - 00001037 _____ () C:\Users\SMC\Desktop\mbam.txt
2014-08-01 23:01 - 2012-07-26 12:27 - 00751892 _____ () C:\Windows\system32\perfh007.dat
2014-08-01 23:01 - 2012-07-26 12:27 - 00155620 _____ () C:\Windows\system32\perfc007.dat
2014-08-01 23:01 - 2012-07-26 09:28 - 01745416 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-01 22:59 - 2014-08-01 22:59 - 00044988 _____ () C:\Users\SMC\Desktop\Shortcut.txt
2014-08-01 22:59 - 2014-08-01 15:44 - 00027379 _____ () C:\Users\SMC\Desktop\Addition.txt
2014-08-01 22:58 - 2014-08-01 22:36 - 00000000 ____D () C:\Users\SMC\Desktop\Neuer Ordner (2)
2014-08-01 22:57 - 2014-08-01 22:48 - 00009189 _____ () C:\zoek-results.log
2014-08-01 22:57 - 2014-08-01 02:08 - 00016242 _____ () C:\Windows\PFRO.log
2014-08-01 22:57 - 2014-08-01 02:08 - 00000564 _____ () C:\Windows\setupact.log
2014-08-01 22:57 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-01 22:55 - 2014-08-01 22:47 - 00000000 ____D () C:\zoek_backup
2014-08-01 22:47 - 2014-08-01 22:56 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-08-01 22:46 - 2014-08-01 22:46 - 01287168 _____ () C:\Users\SMC\Desktop\zoek.exe
2014-08-01 22:36 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-08-01 22:35 - 2013-09-01 01:53 - 00000000 ____D () C:\AdwCleaner
2014-08-01 22:33 - 2014-08-01 22:33 - 01361309 _____ () C:\Users\SMC\Desktop\adwcleaner_3.302.exe
2014-08-01 21:26 - 2014-08-01 21:26 - 00011861 _____ () C:\ComboFix.txt
2014-08-01 21:26 - 2014-08-01 21:19 - 00000000 ____D () C:\Qoobox
2014-08-01 21:26 - 2012-07-26 07:37 - 00000000 __RHD () C:\Users\Default
2014-08-01 21:25 - 2014-08-01 21:18 - 00000000 ____D () C:\Windows\erdnt
2014-08-01 21:25 - 2012-07-26 07:26 - 00000215 _____ () C:\Windows\system.ini
2014-08-01 21:18 - 2014-08-01 21:20 - 05566482 ____R (Swearware) C:\Users\SMC\Desktop\ComboFix.exe
2014-08-01 21:18 - 2014-08-01 21:18 - 05566482 ____R (Swearware) C:\Users\SMC\Downloads\ComboFix.exe
2014-08-01 02:25 - 2014-03-15 01:11 - 00000000 ____D () C:\Users\SMC\AppData\Local\Opera Software
2014-08-01 02:25 - 2014-03-15 01:11 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-08-01 02:24 - 2014-05-27 14:45 - 00000000 ____D () C:\Users\SMC\AppData\Local\PokerStars.EU
2014-08-01 02:24 - 2014-05-27 14:45 - 00000000 ____D () C:\Program Files (x86)\PokerStars.EU
2014-08-01 02:23 - 2014-08-01 02:23 - 00027575 _____ () C:\Users\SMC\Downloads\Addition.txt
2014-08-01 02:23 - 2014-08-01 02:22 - 00047895 _____ () C:\Users\SMC\Downloads\FRST.txt
2014-08-01 02:22 - 2014-08-01 02:22 - 02094080 _____ (Farbar) C:\Users\SMC\Desktop\FRST64.exe
2014-08-01 02:08 - 2014-08-01 02:08 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-01 02:00 - 2014-08-01 02:00 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-01 02:00 - 2014-08-01 02:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-01 02:00 - 2014-08-01 02:00 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-01 02:00 - 2014-08-01 02:00 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-08-01 01:59 - 2014-08-01 01:59 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\SMC\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-31 18:01 - 2014-03-05 18:36 - 00000000 ____D () C:\ProgramData\PMB Files
2014-07-31 17:05 - 2014-03-06 21:27 - 00000000 ____D () C:\Windows\Minidump
2014-07-31 17:05 - 2014-02-28 16:43 - 00000000 ____D () C:\Windows\Panther
2014-07-31 17:04 - 2014-07-31 17:04 - 00002768 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-07-31 17:04 - 2014-07-31 17:04 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-07-31 17:04 - 2014-07-31 17:03 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-31 17:03 - 2014-07-31 17:03 - 03738080 _____ (Piriform Ltd) C:\Users\SMC\Downloads\ccsetup416_slim.exe
2014-07-31 03:52 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-30 13:10 - 2014-03-29 19:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-30 09:54 - 2013-04-10 13:23 - 00000000 ____D () C:\Users\SMC\Documents\StarCraft II
2014-07-30 09:35 - 2014-03-02 02:09 - 00000000 ____D () C:\Users\SMC\AppData\Local\Spotify
2014-07-27 11:12 - 2014-07-27 11:12 - 00281248 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-26 18:25 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-07-24 14:40 - 2014-07-24 14:40 - 00000000 ____D () C:\Users\SMC\AppData\Roaming\mp3DirectCut
2014-07-24 14:39 - 2014-07-24 14:39 - 00308709 _____ () C:\Users\SMC\Downloads\mp3dc220 (1).exe
2014-07-24 14:39 - 2014-07-24 14:39 - 00001059 _____ () C:\Users\SMC\Desktop\mp3DirectCut.lnk
2014-07-24 14:39 - 2014-07-24 14:39 - 00000000 ____D () C:\Program Files (x86)\mp3DirectCut
2014-07-24 14:32 - 2014-07-24 14:32 - 00308709 _____ () C:\Users\SMC\Downloads\mp3DC220.exe
2014-07-22 15:12 - 2014-07-22 15:12 - 04179293 _____ (Lavalys, Inc. ) C:\Users\SMC\Downloads\everesthome220.exe
2014-07-21 18:33 - 2014-07-21 18:33 - 00004623 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-21 18:33 - 2014-07-21 18:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-21 18:33 - 2014-04-21 21:02 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-21 18:33 - 2014-03-08 00:17 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-20 18:35 - 2014-07-20 18:35 - 09318466 _____ () C:\Users\SMC\Downloads\IEM9_Shenzhen_Replaypack.zip
2014-07-16 12:32 - 2014-07-16 12:32 - 00000000 ____D () C:\ProgramData\Riot Games
2014-07-15 21:03 - 2014-07-15 21:03 - 00000211 _____ () C:\Users\SMC\Desktop\Call of Duty Modern Warfare 2 - Multiplayer.url
2014-07-15 21:03 - 2014-07-15 21:03 - 00000000 ____D () C:\Users\SMC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-07-15 01:03 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\rescache
2014-07-12 07:50 - 2012-07-26 12:29 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-12 07:50 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-12 07:50 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-12 07:50 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\WinStore
2014-07-11 03:02 - 2014-03-08 00:17 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-11 02:56 - 2014-03-08 00:17 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-11 02:56 - 2014-03-08 00:17 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-11 02:55 - 2014-03-08 00:17 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-10 14:27 - 2014-07-10 14:27 - 00000210 _____ () C:\Users\SMC\Documents\Enzo.txt
2014-07-10 14:26 - 2014-07-10 14:26 - 00000012 _____ () C:\Users\SMC\Documents\Metin2 Items.txt
2014-07-10 13:18 - 2012-07-26 09:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-07-10 13:17 - 2014-03-03 17:40 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-10 13:17 - 2014-03-03 17:40 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-10 13:17 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-07-09 15:13 - 2014-07-09 15:03 - 1330512925 _____ () C:\Users\SMC\Downloads\Hardcore-RELOADED_24_01.rar
2014-07-09 13:22 - 2014-07-09 13:22 - 00000566 _____ () C:\Users\Public\Desktop\Sirius MT2.lnk
2014-07-09 13:22 - 2014-07-09 13:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sirius MT2
2014-07-09 13:18 - 2014-07-09 13:10 - 1543192939 _____ (Sirius MT2 ) C:\Users\SMC\Documents\sirius.20.13.rev.win8.client.exe
2014-07-09 13:11 - 2014-07-09 13:11 - 00629760 _____ (SiriusMT2) C:\Users\SMC\Downloads\sirius.20.13.rev.win8.installer (1).exe
2014-07-09 13:10 - 2014-07-09 13:10 - 00629760 _____ (SiriusMT2) C:\Users\SMC\Downloads\sirius.20.13.rev.win8.installer.exe
2014-07-08 20:31 - 2014-07-08 20:18 - 00000000 ____D () C:\Users\SMC\Desktop\Pandora2 Client
2014-07-08 20:18 - 2014-07-08 19:58 - 1015610130 _____ () C:\Users\SMC\Downloads\Pandora2.p23 (1).rar
2014-07-08 14:21 - 2014-07-08 14:21 - 00000000 ____D () C:\Users\SMC\Desktop\Dark-Mt2 2012
2014-07-08 14:20 - 2014-07-08 14:20 - 02029048 _____ () C:\Users\SMC\Downloads\winrar-x64-510d.exe
2014-07-08 14:20 - 2014-07-08 14:20 - 00000000 ____D () C:\Users\SMC\AppData\Roaming\WinRAR
2014-07-08 14:20 - 2014-07-08 14:20 - 00000000 ____D () C:\Users\SMC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-07-08 14:20 - 2014-07-08 14:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-07-08 14:20 - 2014-07-08 14:20 - 00000000 ____D () C:\Program Files\WinRAR
2014-07-08 14:19 - 2014-07-08 14:14 - 1011932113 _____ () C:\Users\SMC\Downloads\Dark-Mt2 2012.rar
2014-07-08 14:01 - 2014-07-08 14:01 - 00690176 _____ () C:\Users\SMC\Downloads\protection.dll
2014-07-07 21:35 - 2014-03-05 15:18 - 00000000 ____D () C:\Program Files (x86)\OBS
2014-07-07 01:46 - 2014-06-21 09:57 - 00000000 ____D () C:\Users\SMC\AppData\Roaming\Apple Computer
2014-07-05 09:48 - 2014-07-05 09:48 - 00001605 _____ () C:\Users\Public\Desktop\Play League of Legends.lnk
2014-07-05 09:48 - 2014-07-05 09:48 - 00000000 ____D () C:\Riot Gaymes
2014-07-05 09:48 - 2014-07-05 09:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2014-07-05 09:45 - 2014-07-05 09:45 - 34888568 _____ (Riot Games) C:\Users\SMC\Downloads\LeagueofLegends_EUW_Installer_06_12_13(3).exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-28 15:17

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---

--- --- ---



Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-07-2014 02
Ran by SMC at 2014-08-04 18:13:42
Running from C:\Users\SMC\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
AMD Accelerated Video Transcoding (Version: 13.20.100.31206 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2013.1206.1603.28764 - Ihr Firmenname) Hidden
AMD Catalyst Install Manager (HKLM\...\{308051DA-0048-7A07-FE8B-9B6EC119A9E8}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Wireless Display v3.0 (Version: 1.0.0.14 - Advanced Micro Devices, Inc.) Hidden
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Call of Duty(R) 4 - Modern Warfare(TM) (HKLM-x32\...\InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}) (Version: 1.7 - Activision)
Call of Duty(R) 4 - Modern Warfare(TM) (x32 Version: 1.00.0000 - Activision) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch (x32 Version:  - ) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch (x32 Version: 1.6 - Activision) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch (x32 Version:  - ) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch (x32 Version: 1.7 - Activision) Hidden
Call of Duty: Black Ops - Multiplayer (HKLM-x32\...\Steam App 42710) (Version:  - Treyarch)
Call of Duty: Black Ops (HKLM-x32\...\Steam App 42700) (Version:  - Treyarch)
Call of Duty: Black Ops II - Multiplayer (HKLM-x32\...\Steam App 202990) (Version:  - )
Call of Duty: Modern Warfare 2 - Multiplayer (HKLM-x32\...\Steam App 10190) (Version:  - Infinity Ward)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Gameforge Live 2.0.4 (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.4 - Gameforge)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Intel(R) Smart Connect Technology (HKLM\...\{9A37ADB3-3D8D-4EDF-8F6D-B8A66F18087B}) (Version: 5.0.10.2793 - Intel Corporation)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.650 - Oracle)
Java Auto Updater (x32 Version: 2.1.65.20 - Oracle, Inc.) Hidden
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Logitech Gaming Software (Version: 8.45.88 - Logitech Inc.) Hidden
Logitech Gaming Software 8.45 (HKLM\...\Logitech Gaming Software) (Version: 8.45.88 - Logitech Inc.)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Metin2 (HKLM-x32\...\Metin2_is1) (Version:  - Gameforge 4D GmbH)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
MKLOL (HKCU\...\MKLOL) (Version:  - )
ModernRcon v0.8 (HKLM-x32\...\ModernRcon v0.8) (Version:  - )
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
NARUTO SHIPPUDEN: Ultimate Ninja STORM 3 Full Burst (HKLM-x32\...\Steam App 234670) (Version:  - CyberConnect 2)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
PokerStars.eu (HKLM-x32\...\PokerStars.eu) (Version:  - PokerStars.eu)
PowerStrip 3 (remove only) (HKLM-x32\...\PowerStrip 3 (remove only)) (Version:  - )
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Spotify (HKCU\...\Spotify) (Version: 0.9.11.27.g2b1a638c - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.13 - TeamSpeak Systems GmbH)
The Elder Scrolls Online (HKLM-x32\...\The Elder Scrolls Online) (Version: 1.0.0.0 - Zenimax Online Studios)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WinRAR 5.10 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

01-08-2014 00:55:14 Geplanter Prüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {252AA413-5CC8-4601-B015-0467E52DE5ED} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)
Task: {3DA5B74C-69B8-4C99-B829-563C91686650} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2014-01-31] (Microsoft Corporation)
Task: {5B4E08BC-17E9-4339-B7F2-FCCA21A732FB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-28] (Google Inc.)
Task: {65B0F6F9-5294-42AA-B5AB-918624A2A7BA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-28] (Google Inc.)
Task: {8305B651-6154-4653-8BAD-FDF0AB551187} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-07-10] (Microsoft Corporation)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {C2A1CA5E-0B5F-4DC9-B9F4-9BB8F44A4BBA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-02-21 10:47 - 2014-02-21 10:47 - 00209712 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
2014-02-21 10:47 - 2014-02-21 10:47 - 00057648 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll
2014-02-21 10:47 - 2014-02-21 10:47 - 00057648 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTEncryptionCheck.dll
2014-02-21 10:47 - 2014-02-21 10:47 - 00037168 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTNetMon.dll
2014-03-25 22:23 - 2014-06-04 21:04 - 00066872 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-03-02 02:09 - 2014-07-05 08:17 - 00601144 _____ () C:\Users\SMC\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
2013-06-17 13:35 - 2013-06-17 13:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll
2013-05-08 15:52 - 2013-05-08 15:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll
2014-03-02 02:09 - 2014-07-05 08:17 - 36966968 _____ () C:\Users\SMC\AppData\Roaming\Spotify\Data\libcef.dll
2014-07-02 11:55 - 2014-07-05 08:17 - 00867896 _____ () C:\Users\SMC\AppData\Roaming\Spotify\Data\ffmpegsumo.dll
2014-03-02 02:09 - 2014-07-05 08:17 - 00886840 _____ () C:\Users\SMC\AppData\Roaming\Spotify\Data\libglesv2.dll
2014-03-02 02:09 - 2014-07-05 08:17 - 00108600 _____ () C:\Users\SMC\AppData\Roaming\Spotify\Data\libegl.dll
2014-07-09 15:15 - 2013-11-30 23:47 - 00349696 _____ () C:\Users\SMC\Desktop\Hardcore-RELOADED\bin\mss32.dll
2014-07-09 15:16 - 2013-12-25 02:57 - 00202240 _____ () C:\Users\SMC\Desktop\Hardcore-RELOADED\bin\SpeedTreeRT.dll
2014-07-09 15:15 - 2012-03-02 15:14 - 00125952 _____ () C:\Users\SMC\Desktop\Hardcore-RELOADED\bin\miles\mssmp3.asi
2014-07-09 15:15 - 2012-03-02 15:14 - 00197120 _____ () C:\Users\SMC\Desktop\Hardcore-RELOADED\bin\miles\mssvoice.asi
2014-07-09 15:15 - 2012-03-02 15:14 - 00083456 _____ () C:\Users\SMC\Desktop\Hardcore-RELOADED\bin\miles\mssa3d.m3d
2014-07-09 15:15 - 2012-03-02 15:14 - 00070656 _____ () C:\Users\SMC\Desktop\Hardcore-RELOADED\bin\miles\mssds3d.m3d
2014-07-09 15:15 - 2012-03-02 15:14 - 00080896 _____ () C:\Users\SMC\Desktop\Hardcore-RELOADED\bin\miles\mssdx7.m3d
2014-07-09 15:15 - 2012-03-02 15:14 - 00103424 _____ () C:\Users\SMC\Desktop\Hardcore-RELOADED\bin\miles\msseax.m3d
2014-07-09 15:15 - 2012-03-02 15:14 - 00354816 _____ () C:\Users\SMC\Desktop\Hardcore-RELOADED\bin\miles\mssrsx.m3d
2014-07-09 15:15 - 2012-03-02 15:14 - 00067072 _____ () C:\Users\SMC\Desktop\Hardcore-RELOADED\bin\miles\msssoft.m3d
2014-07-09 15:15 - 2012-03-02 15:14 - 00093696 _____ () C:\Users\SMC\Desktop\Hardcore-RELOADED\bin\miles\mssdsp.flt
2014-07-30 10:41 - 2014-07-30 10:41 - 03800688 _____ () C:\Windows\Windows.old\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/01/2014 09:20:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 31.0.0.5310, Zeitstempel: 0x53c75e91
Name des fehlerhaften Moduls: mozalloc.dll, Version: 31.0.0.5310, Zeitstempel: 0x53c72e91
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000141b
ID des fehlerhaften Prozesses: 0x11e8
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Vollständiger Name des fehlerhaften Pakets: plugin-container.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: plugin-container.exe5

Error: (07/29/2014 01:29:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: metin2client.bin, Version: 1.0.34083.0, Zeitstempel: 0x52d874d1
Name des fehlerhaften Moduls: metin2client.bin, Version: 1.0.34083.0, Zeitstempel: 0x52d874d1
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0015b36a
ID des fehlerhaften Prozesses: 0x26a4
Startzeit der fehlerhaften Anwendung: 0xmetin2client.bin0
Pfad der fehlerhaften Anwendung: metin2client.bin1
Pfad des fehlerhaften Moduls: metin2client.bin2
Berichtskennung: metin2client.bin3
Vollständiger Name des fehlerhaften Pakets: metin2client.bin4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: metin2client.bin5

Error: (07/29/2014 01:29:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: metin2client.bin, Version: 1.0.34083.0, Zeitstempel: 0x52d874d1
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc00001a5
Fehleroffset: 0x690b3b1e
ID des fehlerhaften Prozesses: 0x26a4
Startzeit der fehlerhaften Anwendung: 0xmetin2client.bin0
Pfad der fehlerhaften Anwendung: metin2client.bin1
Pfad des fehlerhaften Moduls: metin2client.bin2
Berichtskennung: metin2client.bin3
Vollständiger Name des fehlerhaften Pakets: metin2client.bin4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: metin2client.bin5

Error: (07/29/2014 01:29:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: metin2client.bin, Version: 1.0.34083.0, Zeitstempel: 0x52d874d1
Name des fehlerhaften Moduls: metin2client.bin, Version: 1.0.34083.0, Zeitstempel: 0x52d874d1
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0015b36a
ID des fehlerhaften Prozesses: 0x26a4
Startzeit der fehlerhaften Anwendung: 0xmetin2client.bin0
Pfad der fehlerhaften Anwendung: metin2client.bin1
Pfad des fehlerhaften Moduls: metin2client.bin2
Berichtskennung: metin2client.bin3
Vollständiger Name des fehlerhaften Pakets: metin2client.bin4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: metin2client.bin5

Error: (07/28/2014 02:11:41 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm opera.exe, Version 20.0.1387.77 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1b68

Startzeit: 01cfaa5d0abd8b05

Endzeit: 1

Anwendungspfad: C:\Program Files (x86)\Opera\20.0.1387.77\opera.exe

Berichts-ID: 52b51d68-1650-11e4-be8c-d43d7e948b8d

Vollständiger Name des fehlerhaften Pakets: 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (07/28/2014 01:25:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm opera.exe, Version 20.0.1387.77 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 2368

Startzeit: 01cfaa56a5a8597b

Endzeit: 2

Anwendungspfad: C:\Program Files (x86)\Opera\20.0.1387.77\opera.exe

Berichts-ID: e75c118b-1649-11e4-be8c-d43d7e948b8d

Vollständiger Name des fehlerhaften Pakets: 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (07/26/2014 06:25:54 PM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description: ATI EEU maximum number of session has been surpassed

Error: (07/26/2014 06:25:54 PM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description: ATI EEU maximum number of session has been surpassed

Error: (07/26/2014 06:25:54 PM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description: ATI EEU maximum number of session has been surpassed

Error: (07/26/2014 06:25:53 PM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description: ATI EEU maximum number of session has been surpassed


System errors:
=============
Error: (08/04/2014 01:32:40 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40. Der Windows-SChannel-Fehlerstatus lautet: 107.

Error: (08/04/2014 01:32:40 PM) (Source: Schannel) (EventID: 4106) (User: NT-AUTORITÄT)
Description: Eine SSL 3.0-Verbindungsanforderung wurde von einer Remoteclientanwendung übermittelt, jedoch werden keine der Verschlüsselungssammlungen, die von der Clientanwendung unterstützt werden, vom Server unterstützt. Fehler bei der SSL-Verbindungsanforderung.

Error: (08/01/2014 10:54:58 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (08/01/2014 10:54:58 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (08/01/2014 10:54:58 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (08/01/2014 10:54:58 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (08/01/2014 10:54:57 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (08/01/2014 09:25:31 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (08/01/2014 09:23:06 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (08/01/2014 02:10:49 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎01.‎08.‎2014 um 02:08:46 unerwartet heruntergefahren.


Microsoft Office Sessions:
=========================
Error: (08/01/2014 09:20:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe31.0.0.531053c75e91mozalloc.dll31.0.0.531053c72e91800000030000141b11e801cfad7db011f2fcC:\Windows\Windows.old\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Windows\Windows.old\Program Files (x86)\Mozilla Firefox\mozalloc.dllf5f4ff41-19b0-11e4-be8f-d43d7e948b8d

Error: (07/29/2014 01:29:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: metin2client.bin1.0.34083.052d874d1metin2client.bin1.0.34083.052d874d1c00000050015b36a26a401cfab20364de832C:\Users\SMC\Desktop\Hardcore-RELOADED\bin\metin2client.binC:\Users\SMC\Desktop\Hardcore-RELOADED\bin\metin2client.bin9969ee23-1713-11e4-be8c-d43d7e948b8d

Error: (07/29/2014 01:29:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: metin2client.bin1.0.34083.052d874d1unknown0.0.0.000000000c00001a5690b3b1e26a401cfab20364de832C:\Users\SMC\Desktop\Hardcore-RELOADED\bin\metin2client.binunknown987aaa59-1713-11e4-be8c-d43d7e948b8d

Error: (07/29/2014 01:29:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: metin2client.bin1.0.34083.052d874d1metin2client.bin1.0.34083.052d874d1c00000050015b36a26a401cfab20364de832C:\Users\SMC\Desktop\Hardcore-RELOADED\bin\metin2client.binC:\Users\SMC\Desktop\Hardcore-RELOADED\bin\metin2client.bin97a13c42-1713-11e4-be8c-d43d7e948b8d

Error: (07/28/2014 02:11:41 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: opera.exe20.0.1387.771b6801cfaa5d0abd8b051C:\Program Files (x86)\Opera\20.0.1387.77\opera.exe52b51d68-1650-11e4-be8c-d43d7e948b8d

Error: (07/28/2014 01:25:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: opera.exe20.0.1387.77236801cfaa56a5a8597b2C:\Program Files (x86)\Opera\20.0.1387.77\opera.exee75c118b-1649-11e4-be8c-d43d7e948b8d

Error: (07/26/2014 06:25:54 PM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description: 

Error: (07/26/2014 06:25:54 PM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description: 

Error: (07/26/2014 06:25:54 PM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description: 

Error: (07/26/2014 06:25:53 PM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description: 


CodeIntegrity Errors:
===================================
  Date: 2014-07-22 15:13:19.498
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\SMC\AppData\Local\Temp\EverestDriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-07-22 15:13:19.452
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64 because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info =========================== 

Percentage of memory in use: 52%
Total physical RAM: 8138.93 MB
Available physical RAM: 3844.12 MB
Total Pagefile: 9607.35 MB
Available Pagefile: 4146.02 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.54 GB) (Free:56.18 GB) NTFS
Drive d: (System-reserviert) (Fixed) (Total:0.34 GB) (Free:0.11 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: () (Fixed) (Total:931.17 GB) (Free:823.51 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: E26C42F5)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=233 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: E38E2228)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         


MBAM-Log:

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Scan Date: 05.08.2014
Scan Time: 18:10:37
Logfile: ss.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.08.05.06
Rootkit Database: v2014.08.04.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8
CPU: x64
File System: NTFS
User: SMC

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 331591
Time Elapsed: 4 min, 38 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)
         
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Scan Date: 05.08.2014
Scan Time: 18:10:37
Logfile: ss.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.08.05.06
Rootkit Database: v2014.08.04.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8
CPU: x64
File System: NTFS
User: SMC

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 331591
Time Elapsed: 4 min, 38 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)
         

und dann habe ich noch ein JRT Scan gemacht woraufhin er etwas bei meinem Firefox bereinigt hat und mir einen Ordner mit den alten Firefox Daten erstellt hat.

Hier ist ebenfalls der JRT-Log, falls dies der falsche ist entschuldige ich mich schonmal:

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 8 x64
Ran by SMC on 04.08.2014 at 18:27:16,20
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04.08.2014 at 18:30:07,49
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
MfG

Alt 06.08.2014, 10:19   #14
M-K-D-B
/// TB-Ausbilder
 
h**p://98uj8.de/s3brsn5ba66mgfzeinrum#ad 98uj8.de hat sich gestern mehrmals selbstständig geöffnet - Standard

h**p://98uj8.de/s3brsn5ba66mgfzeinrum#ad 98uj8.de hat sich gestern mehrmals selbstständig geöffnet



Servus,


hast du diese DNS-Einträge gesetzt?
Zitat:
Tcpip\..\Interfaces\{06733ADE-BD3B-4581-BF2F-CFBABB54BC09}: [NameServer]208.69.150.252,208.69.150.250
Tcpip\..\Interfaces\{C02CAB3E-C922-4371-A1DD-E72CF76EF979}: [NameServer]208.69.150.252,208.69.150.250
Die IPs zeigen in die USA.
__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Alt 06.08.2014, 14:58   #15
jrrrrr
 
h**p://98uj8.de/s3brsn5ba66mgfzeinrum#ad 98uj8.de hat sich gestern mehrmals selbstständig geöffnet - Standard

h**p://98uj8.de/s3brsn5ba66mgfzeinrum#ad 98uj8.de hat sich gestern mehrmals selbstständig geöffnet



Hey,

nicht das ich wüsste. Also ich kann mich definitiv nicht erinnern sowas gemacht zu haben, wüsste auch nicht wie das gehen soll.

Mfg

Antwort

Themen zu h**p://98uj8.de/s3brsn5ba66mgfzeinrum#ad 98uj8.de hat sich gestern mehrmals selbstständig geöffnet
andere, anderen, browser, firefox, gestern, mehrmals, problem, rum, schön, seite, selbstständig, trotz



Ähnliche Themen: h**p://98uj8.de/s3brsn5ba66mgfzeinrum#ad 98uj8.de hat sich gestern mehrmals selbstständig geöffnet


  1. http://98uj8.de/s3brsn5ba66mgfzeinrum#noad Öffnet mehrere Seiten im Firefox
    Plagegeister aller Art und deren Bekämpfung - 07.08.2014 (9)
  2. Browser öffnet 98uj8.de/s3brsn5ba66mgfzeinrum#noad
    Plagegeister aller Art und deren Bekämpfung - 06.08.2014 (12)
  3. Webseite http://www.98uj8.de/s3brsn5ba66mgfzeinrum#noad öffnet sich von alleine
    Log-Analyse und Auswertung - 06.08.2014 (9)
  4. http://98uj8.de/s3brsn5ba66mgfzeinrum öffnet sich x mal
    Plagegeister aller Art und deren Bekämpfung - 06.08.2014 (18)
  5. http://98uj8.de/s3brsn5ba66mgfzeinrum#noad öffnet sich im Sekundentakt
    Log-Analyse und Auswertung - 05.08.2014 (5)
  6. http://98uj8.de/s3brsn5ba66mgfzeinrum#noad Öffnet sich mehrmals im Browser. :(
    Plagegeister aller Art und deren Bekämpfung - 05.08.2014 (18)
  7. Mein Computer hat eigenmächtig die Seite http://98uj8.de/s3brsn5ba66mgfzeinrum#noad aufgerufen
    Plagegeister aller Art und deren Bekämpfung - 05.08.2014 (17)
  8. http://98uj8.de/s3brsn5ba66mgfzeinrum#noad öfnet sich hintereinander
    Plagegeister aller Art und deren Bekämpfung - 04.08.2014 (9)
  9. h**p://98uj8.de/s3brsn5ba66mgfzeinrum#ad 98uj8.de öffnet sich selbstständig
    Plagegeister aller Art und deren Bekämpfung - 04.08.2014 (17)
  10. PC (Win7) hat eigenmächtig Internetseite h**p://98uj8.de/s3brsn5ba66mgfzeinrum#ad geöffnet in Google Chrome
    Plagegeister aller Art und deren Bekämpfung - 04.08.2014 (4)
  11. http://98uj8.de/s3brsn5ba66mgfzeinrum#noad öffnet sich Mehrfach
    Plagegeister aller Art und deren Bekämpfung - 03.08.2014 (14)
  12. http://98uj8.de/s3brsn5ba66mgfzeinrum#noad öffnete sich selbstständig ca 30x
    Plagegeister aller Art und deren Bekämpfung - 02.08.2014 (4)
  13. Google Chrome öffnet 98uj8.de/s3brsn5ba66mgfzeinrum#noad selbstständig
    Plagegeister aller Art und deren Bekämpfung - 02.08.2014 (1)
  14. Google Chrome öffnet eigenständig; h**p://98uj8.de/s3brsn5ba66mgfzeinrum#ad
    Plagegeister aller Art und deren Bekämpfung - 01.08.2014 (3)
  15. Windows 7 Trojaner : h**p://98uj8.de/s3brsn5ba66mgfzeinrum#noad
    Plagegeister aller Art und deren Bekämpfung - 01.08.2014 (5)
  16. Windows 7: Firefox öffnet http://98uj8.de/s3brsn5ba66mgfzeinrum#noad
    Plagegeister aller Art und deren Bekämpfung - 01.08.2014 (2)
  17. PC hat eigenmächtig Internetseite h**p://98uj8.de/s3brsn5ba66mgfzeinrum#ad geöffnet
    Plagegeister aller Art und deren Bekämpfung - 21.06.2014 (15)

Zum Thema h**p://98uj8.de/s3brsn5ba66mgfzeinrum#ad 98uj8.de hat sich gestern mehrmals selbstständig geöffnet - Hallo, und zwar habe ich das Problem, dass wie hier bei vielen anderen auch, sich gestern mehrmals die Seite h**p://98uj8.de/s3brsn5ba66mgfzeinrum#ad 98uj8.de in meinem Firefox Browser trotz NoSkript geöffnet hat. Es - h**p://98uj8.de/s3brsn5ba66mgfzeinrum#ad 98uj8.de hat sich gestern mehrmals selbstständig geöffnet...
Archiv
Du betrachtest: h**p://98uj8.de/s3brsn5ba66mgfzeinrum#ad 98uj8.de hat sich gestern mehrmals selbstständig geöffnet auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.