Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   compatibilityc... im Taskmanager! (https://www.trojaner-board.de/162640-compatibilityc-taskmanager.html)

Likay 10.01.2015 15:46
compatibilityc... im Taskmanager!
 
Hey Leute, ich habe da ein Problem.
Nach normaler Verwendung meines Computers stellte ich fest, dass die Leistung
immer schlechter wurde. Ruckeln bei Spielen, die normalerweise niemals auftreten wurden
festgestellt. Ich ging auf den Taskmanager und schaute nach, was es denn sein koennte.
Dann fiel mir auf, dass mehere (4 Stück) Prozesse offen sind, welche alle mit
"compatibilityc..." beginnen.
Ich gab es bei google ein und habe die Vermutung es sei der "compatibilitycheck"
Nun ich kann weder die Eigenschaften über den Taskmanager aufrufen, noch
den Prozess beenden.
Wenn ich den Prozess beenden will, welcher nebenbei gesagt über 300.000K zieht,
erscheint eine Textbox mit dem Inhalt:
"Dieser Vorgang konnte nicht beendet werden.
Zugriff verweigert"
Nun wüsste ich gerne, ob man da etwas machen kann, da mir die Sache etwas spanisch
vorkommt.

edit: Nun kam für etwa 5 Sekunden Musik, als ich im Lautstärkemixer nachschaute lief diese über "Name nicht verfügbar"
kurz darauf kam eine Werbung, welche dezent stockte aber ich vermute, es war eine Fußballwerbung.

Ich bedanke mich schonmal für jede einkommende Hilfe!

mfg
Boss

M-K-D-B 10.01.2015 15:59
:hallo:


Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.


Bitte beachte folgende Hinweise:
  • Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
  • Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
  • Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo. Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
  • Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
  • Bitte beachten: Download bei filepony.de: So ladet Ihr unsere Tools richtig!
  • Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!


Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:
So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke aauf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

Danke für deine Mitarbeit!




Zur ersten Analyse bitte FRST ausführen:

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


Likay 10.01.2015 16:25
FRST.txt hier:


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-01-2015
Ran by PhucTam (administrator) on PHUCTAM-PC on 10-01-2015 16:27:55
Running from C:\Users\PhucTam\Desktop
Loaded Profile: PhucTam (Available profiles: PhucTam)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-UpdaterService.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-Agent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(LogMeIn Inc.) C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
(Akamai Technologies, Inc.) C:\Users\PhucTam\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\PhucTam\AppData\Local\Akamai\netsession_win.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Hi-Rez Studios) C:\Program Files\Hi-Rez Studios\HiPatchService.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\System32\PnkBstrA.exe
() C:\Users\PhucTam\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(LogMeIn Inc.) C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
(Blizzard Entertainment) C:\Program Files\Battle.net\Battle.net.5383\Battle.net.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
() C:\Users\PhucTam\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\PhucTam\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\PhucTam\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3873704 2015-01-10] (AVAST Software)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2303256 2014-05-19] (Logitech, Inc.)
HKLM\...\Run: [BlueStacks Agent] => C:\Program Files\BlueStacks\HD-Agent.exe [843480 2014-10-07] (BlueStack Systems, Inc.)
HKLM\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [3838800 2014-12-13] (LogMeIn Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-3598937497-1326978013-658881309-1000\...\Run: [ValueAppsTrayIcon] => C:\Users\PhucTam\AppData\Local\ValueApps\ValueAppsTrayIcon.exe
HKU\S-1-5-21-3598937497-1326978013-658881309-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-3598937497-1326978013-658881309-1000\...\Run: [{38BC312C-B7A0-47AD-B591-81EDE177D2E6}] => "C:\Users\PhucTam\Downloads\AetherFlyffSetup.exe" /cmdloc "HKCU\Software\AetherNet AiTemp\{38BC312C-B7A0-47AD-B591-81EDE177D2E6}"
HKU\S-1-5-21-3598937497-1326978013-658881309-1000\...\Run: [Battle.net] => C:\Program Files\Battle.net\Battle.net Launcher.exe [2864688 2014-12-10] (Blizzard Entertainment)
HKU\S-1-5-21-3598937497-1326978013-658881309-1000\...\Run: [Akamai NetSession Interface] => C:\Users\PhucTam\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3598937497-1326978013-658881309-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-3598937497-1326978013-658881309-1000\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [632328 2014-10-14] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-3598937497-1326978013-658881309-1000\...\MountPoints2: E - E:\pushinst.exe
HKU\S-1-5-21-3598937497-1326978013-658881309-1000\...\MountPoints2: {97dc741c-d154-11e3-a87a-00040ece1c00} - E:\Setup.exe
HKU\S-1-5-21-3598937497-1326978013-658881309-1000\...\MountPoints2: {c283d74f-c011-11e3-a689-c1eb0a6a1d26} - F:\pushinst.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2014-04-13] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-3598937497-1326978013-658881309-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKU\S-1-5-21-3598937497-1326978013-658881309-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = https://de.yahoo.com?fr=hp-avast&type=avastbcl
SearchScopes: HKLM -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKLM -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3598937497-1326978013-658881309-1000 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-3598937497-1326978013-658881309-1000 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
BHO: No Name -> {45CB1A93-0DDB-63CA-8790-48CAF197C5AF} ->  No File
BHO: No Name -> {56ED58A2-ADBC-0E9D-3191-BC45AD894422} ->  No File
BHO: No Name -> {70638A6F-9506-0395-7ECB-54A01E74D3BB} ->  No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files\Battlelog Web Plugins\2.6.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll No File
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-3598937497-1326978013-658881309-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\PhucTam\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF HKLM\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-10-26]
FF HKU\S-1-5-21-3598937497-1326978013-658881309-1000\...\Firefox\Extensions: [{AFBBC1E8-F8FC-FEAA-B717-75C0969774E6}] - C:\Program Files\di7BlockAndSurf\175.xpi

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\PhucTam\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\PhucTam\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-21]
CHR Extension: (YouTube) - C:\Users\PhucTam\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-21]
CHR Extension: (Google-Suche) - C:\Users\PhucTam\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-21]
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\PhucTam\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2014-10-26]
CHR Extension: (AdBlock) - C:\Users\PhucTam\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-10-21]
CHR Extension: (SkypEmoticons) - C:\Users\PhucTam\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjbmgpncmobcaflfmcogianegpdnbkhk [2014-11-04]
CHR Extension: (Google Wallet) - C:\Users\PhucTam\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-21]
CHR Extension: (Google Mail) - C:\Users\PhucTam\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-21]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-10]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-29] (AVAST Software)
S2 BstHdAndroidSvc; C:\Program Files\BlueStacks\HD-Service.exe [409304 2014-10-07] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files\BlueStacks\HD-LogRotatorService.exe [388824 2014-10-07] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files\BlueStacks\HD-UpdaterService.exe [782040 2014-10-07] (BlueStack Systems, Inc.)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [915600 2014-12-13] (NVIDIA Corporation)
R2 Hamachi2Svc; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [1895760 2014-12-13] (LogMeIn Inc.)
R2 HiPatchService; C:\Program Files\Hi-Rez Studios\HiPatchService.exe [9216 2015-01-06] (Hi-Rez Studios) [File not signed]
R2 LMIGuardianSvc; C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe [411920 2014-12-02] (LogMeIn, Inc.)
S3 npggsvc; C:\Windows\system32\GameMon.des [3299328 2014-11-26] (INCA Internet Co., Ltd.)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18186896 2014-12-13] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files\Origin\OriginClientService.exe [1903472 2014-12-22] (Electronic Arts)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-12-23] ()
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [134664 2014-10-14] (Sandboxie Holdings, LLC)
S3 TunngleService; C:\Program Files\Tunngle\TnglCtrl.exe [758224 2013-11-06] (Tunngle.net GmbH)
R2 Verifies and fixes application compatibility issues; C:\Users\PhucTam\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe [87208 2015-01-08] ()
S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
S2 gupdate; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [X]
S2 ValueApps; C:\Users\PhucTam\AppData\Local\ValueApps\ValueApps.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-04-29] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-04-29] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-04-29] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-04-29] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [776976 2015-01-10] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [411552 2015-01-10] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [67776 2015-01-10] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180632 2014-04-29] ()
R2 BstHdDrv; C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys [112344 2014-10-07] (BlueStack Systems)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [243128 2014-05-02] (Disc Soft Ltd)
R3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [264704 2006-04-06] (AVM GmbH)
R3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R3 LEqdUsb; C:\Windows\System32\Drivers\LEqdUsb.Sys [42264 2014-03-19] (Logitech, Inc.)
R3 LHidEqd; C:\Windows\System32\Drivers\LHidEqd.Sys [10136 2014-03-19] (Logitech, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [18576 2014-12-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [32912 2014-11-22] (NVIDIA Corporation)
R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [22120 2014-06-13] (Saitek)
R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [45544 2014-06-13] (Saitek)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [161288 2014-10-14] (Sandboxie Holdings, LLC)
S3 scramby; C:\Windows\System32\drivers\scramby.sys [25896 2007-02-13] (RapidSolution Software AG)
S3 scramby_out; C:\Windows\System32\drivers\scramby_out.sys [23840 2007-08-08] (RapidSolution Software AG)
R3 SCREAMINGBDRIVER; C:\Windows\System32\drivers\ScreamingBAudio.sys [34896 2014-02-07] (Screaming Bee LLC)
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [27136 2009-09-16] (Tunngle.net)
S3 _hid_0738_1710; C:\Windows\System32\DRIVERS\_hid_0738_1710.sys [144576 2014-06-13] (Saitek)
S3 _usb_0738_1710; C:\Windows\System32\DRIVERS\_usb_0738_1710.sys [40640 2014-06-13] (Saitek)
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 XDva409; \??\C:\Windows\system32\XDva409.sys [X]
S3 XDva410; \??\C:\Windows\system32\XDva410.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-10 16:27 - 2015-01-10 16:29 - 00019883 _____ () C:\Users\PhucTam\Desktop\FRST.txt
2015-01-10 16:27 - 2015-01-10 16:27 - 01115648 _____ (Farbar) C:\Users\PhucTam\Desktop\FRST.exe
2015-01-10 16:27 - 2015-01-10 16:27 - 00000000 ____D () C:\FRST
2015-01-10 16:13 - 2015-01-10 16:14 - 02191360 _____ () C:\Users\PhucTam\Desktop\AdwCleaner_4.107.exe
2015-01-10 12:14 - 2015-01-10 16:22 - 00000674 _____ () C:\Windows\PFRO.log
2015-01-09 23:16 - 2015-01-09 23:16 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2015-01-09 23:16 - 2015-01-09 23:16 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Adobe
2015-01-09 23:16 - 2015-01-09 23:16 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2015-01-09 23:16 - 2015-01-09 23:16 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Adobe
2015-01-09 23:14 - 2015-01-10 11:57 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Compatibility Verifier
2015-01-09 23:14 - 2015-01-10 11:57 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Compatibility Verifier
2015-01-09 21:30 - 2015-01-10 16:27 - 00000000 ____D () C:\Users\PhucTam\AppData\Roaming\Compatibility Verifier
2015-01-09 06:51 - 2015-01-09 06:52 - 07563297 _____ () C:\Users\PhucTam\Downloads\DRB 32tel Finale __ Smoothie vs. MC Leon.mp4
2015-01-07 01:48 - 2015-01-07 01:48 - 00000003 _____ () C:\Windows\system32\HRUPPROG.TXT
2015-01-07 01:48 - 2015-01-07 01:48 - 00000003 _____ () C:\Windows\system32\HRUPPROG.EXIT
2015-01-05 16:53 - 2015-01-05 16:53 - 21574131 _____ () C:\Users\PhucTam\Downloads\Das Horn Music Video Featuring Hans Gretel.mp4
2015-01-05 15:59 - 2015-01-10 03:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
2015-01-05 15:59 - 2015-01-06 15:59 - 00002458 _____ () C:\Windows\Sandboxie.ini
2015-01-05 15:59 - 2015-01-05 15:59 - 00001067 _____ () C:\Users\PhucTam\Desktop\Sandboxed Web Browser.lnk
2015-01-05 15:58 - 2015-01-05 15:59 - 02734600 _____ (Sandboxie Holdings, LLC) C:\Users\PhucTam\Downloads\SandboxieInstall.exe
2015-01-03 18:33 - 2015-01-03 19:44 - 00007710 _____ () C:\Users\PhucTam\Desktop\protokoll nostale account.txt
2015-01-02 03:02 - 2015-01-02 03:07 - 64842875 _____ () C:\Users\PhucTam\Desktop\MCMBB vs Mairo Runde.mp4
2014-12-30 00:53 - 2015-01-02 03:54 - 00002371 _____ () C:\Users\PhucTam\Desktop\VS MAIRO.txt
2014-12-29 19:41 - 2014-12-29 19:41 - 00001888 _____ () C:\Users\Public\Desktop\NosTale.lnk
2014-12-29 19:41 - 2014-12-29 19:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nostale(DE)
2014-12-29 17:57 - 2014-12-29 17:58 - 20227296 _____ (Gameforge ) C:\Users\PhucTam\Downloads\NosTale_GameforgeLiveSetup (1).exe
2014-12-29 14:05 - 2014-12-29 17:01 - 00000509 _____ () C:\Users\PhucTam\Desktop\VS DEVASTATIONMUSIC.txt
2014-12-29 13:45 - 2014-12-29 13:45 - 20227296 _____ (Gameforge ) C:\Users\PhucTam\Downloads\NosTale_GameforgeLiveSetup.exe
2014-12-29 03:12 - 2014-12-29 03:12 - 00001896 _____ () C:\Users\Public\Desktop\AION Free-to-Play.lnk
2014-12-29 03:12 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2014-12-29 02:13 - 2014-12-29 02:13 - 00001906 _____ () C:\Users\PhucTam\Desktop\NosTale.lnk
2014-12-28 23:58 - 2014-12-28 23:59 - 36719898 _____ () C:\Users\PhucTam\Downloads\Das Beer Boot Music Video Featuring Hans Gretel.mp4
2014-12-28 21:57 - 2014-12-28 21:57 - 00000000 ____D () C:\Users\PhucTam\AppData\Local\SKIDROW
2014-12-28 21:55 - 2014-12-28 21:57 - 00000000 ____D () C:\Users\PhucTam\Desktop\TBOI
2014-12-28 20:09 - 2014-12-28 20:09 - 00000000 ____D () C:\Users\PhucTam\AppData\Roaming\Awesomium
2014-12-28 19:53 - 2015-01-10 03:23 - 00000000 ____D () C:\Program Files\Hi-Rez Studios
2014-12-28 19:53 - 2014-12-28 19:53 - 00001979 _____ () C:\Users\Public\Desktop\Hi-Rez Diagnostics and Support.lnk
2014-12-28 19:53 - 2014-12-28 19:53 - 00001970 _____ () C:\Users\Public\Desktop\Smite.lnk
2014-12-28 19:53 - 2014-12-28 19:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios
2014-12-28 19:53 - 2014-12-28 19:53 - 00000000 ____D () C:\ProgramData\Hi-Rez Studios
2014-12-28 19:50 - 2014-12-28 19:52 - 46655528 _____ (Hi-Rez Studios) C:\Users\PhucTam\Downloads\InstallSmite.exe
2014-12-26 22:31 - 2014-12-26 22:33 - 41035014 _____ () C:\Users\PhucTam\Desktop\famenpe.mp4
2014-12-26 18:14 - 2014-12-26 18:31 - 419038520 _____ () C:\Users\PhucTam\Downloads\JBB 2014 [KING FINALE 1_2] SpongeBOZZ vs. Gio (prod. by Digital Drama).mp4
2014-12-26 17:41 - 2014-12-26 18:05 - 227382692 _____ () C:\Users\PhucTam\Desktop\MC STEIN MEDLEY.mp4
2014-12-26 17:30 - 2014-12-26 17:31 - 34213196 _____ () C:\Users\PhucTam\Desktop\DARB 2014 [Halbfinale] Mc lp vs Kulster.mp4
2014-12-26 17:30 - 2014-12-26 17:30 - 03283634 _____ () C:\Users\PhucTam\Desktop\DARB 2014 [Qualifikation 8] MC LP Fan der Boss.mp4
2014-12-26 17:29 - 2014-12-26 17:29 - 03912066 _____ () C:\Users\PhucTam\Desktop\#26 Qualifikation von Smooth.mp4
2014-12-26 17:29 - 2014-12-26 17:29 - 01160576 _____ () C:\Users\PhucTam\Desktop\BLACK AND WHITE -  - QUALIFIKATION #37 - BARSBATTLECONTEST.mp4
2014-12-26 03:01 - 2014-12-26 03:01 - 00000000 ____D () C:\Program Files\Microsoft ASP.NET
2014-12-25 16:13 - 2014-12-25 16:13 - 00003085 _____ () C:\Users\PhucTam\Downloads\realm-of-the-mad-god-cursor-.zip
2014-12-25 13:27 - 2015-01-10 16:23 - 00006655 _____ () C:\Windows\setupact.log
2014-12-25 13:27 - 2014-12-25 13:27 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-25 00:23 - 2014-12-25 00:23 - 00001217 _____ () C:\Users\PhucTam\Desktop\Battle.net.lnk
2014-12-24 22:37 - 2014-11-22 11:46 - 00032912 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad32v.sys
2014-12-24 13:25 - 2014-12-24 13:25 - 00000000 ____D () C:\Users\PhucTam\AppData\Roaming\Apple Computer
2014-12-24 07:31 - 2014-12-24 07:31 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-12-24 07:31 - 2014-12-24 07:31 - 00000000 ____D () C:\Users\PhucTam\AppData\Local\Apple
2014-12-24 07:31 - 2014-12-24 07:31 - 00000000 ____D () C:\ProgramData\Apple
2014-12-24 07:31 - 2014-12-24 07:31 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-12-24 07:31 - 2014-12-24 07:31 - 00000000 ____D () C:\Program Files\Apple Software Update
2014-12-23 20:38 - 2014-12-23 20:38 - 380932972 _____ () C:\Users\PhucTam\Desktop\DOD Content Addon (Oct 2014).zip
2014-12-23 20:28 - 2014-12-23 20:28 - 132745923 _____ () C:\Users\PhucTam\Desktop\DOD Maps Addon (Oct 2014).zip
2014-12-23 20:27 - 2014-12-23 20:27 - 120899692 _____ () C:\Users\PhucTam\Desktop\CSS Maps Addon (Oct 2014).zip
2014-12-23 19:51 - 2014-12-23 19:52 - 721122808 _____ () C:\Users\PhucTam\Desktop\CSS Content Addon (Oct 2014).zip
2014-12-23 16:14 - 2014-12-23 16:14 - 00000000 __RHD () C:\Users\PhucTam\AppData\Roaming\SecuROM
2014-12-23 16:14 - 2014-12-23 16:14 - 00000000 ____D () C:\Users\Public\Documents\EA Games
2014-12-23 16:14 - 2014-12-23 16:14 - 00000000 ____D () C:\Users\PhucTam\Documents\EA Games
2014-12-23 15:58 - 2014-12-23 16:03 - 00348928 _____ () C:\Windows\system32\PnkBstrB.xtr
2014-12-23 15:58 - 2014-12-23 15:58 - 00000000 ____D () C:\Users\PhucTam\Documents\Battlefield 3
2014-12-23 15:58 - 2014-12-23 15:58 - 00000000 ____D () C:\Users\PhucTam\AppData\Local\PunkBuster
2014-12-23 15:58 - 2014-12-23 15:58 - 00000000 ____D () C:\Users\PhucTam\AppData\Local\ESN
2014-12-23 15:57 - 2014-12-23 15:57 - 00000000 ____D () C:\Program Files\Battlelog Web Plugins
2014-12-23 15:56 - 2014-12-23 15:56 - 00000000 ____D () C:\ProgramData\EA Core
2014-12-23 12:35 - 2014-12-23 12:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SimCity 2000 Special Edition
2014-12-23 12:33 - 2014-12-23 12:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Sims 2 Ultimate Collection
2014-12-23 10:22 - 2014-12-23 10:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3
2014-12-23 10:21 - 2014-12-23 16:03 - 00348928 _____ () C:\Windows\system32\PnkBstrB.exe
2014-12-23 10:21 - 2014-12-23 16:03 - 00139944 _____ () C:\Windows\system32\Drivers\PnkBstrK.sys
2014-12-23 10:21 - 2014-12-23 16:03 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe
2014-12-23 10:21 - 2014-12-23 15:58 - 00280904 _____ () C:\Windows\system32\PnkBstrB.ex0
2014-12-23 10:21 - 2014-12-23 10:21 - 00138056 _____ () C:\Users\PhucTam\AppData\Roaming\PnkBstrK.sys
2014-12-23 10:21 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2014-12-23 10:21 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2014-12-23 10:21 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2014-12-23 10:21 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2014-12-23 10:21 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2014-12-23 10:21 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2014-12-23 10:21 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2014-12-23 10:21 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2014-12-23 10:21 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2014-12-23 10:21 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2014-12-23 10:21 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2014-12-23 10:21 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2014-12-23 10:21 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2014-12-23 10:21 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2014-12-23 10:21 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2014-12-23 10:21 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2014-12-23 10:21 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2014-12-23 10:21 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2014-12-23 10:21 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2014-12-23 10:21 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2014-12-23 10:21 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2014-12-23 10:21 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2014-12-23 10:21 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2014-12-23 10:21 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2014-12-23 10:21 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2014-12-23 10:21 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2014-12-23 10:21 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2014-12-23 10:21 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2014-12-23 10:21 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2014-12-23 10:21 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2014-12-23 10:21 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2014-12-23 10:21 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2014-12-23 10:21 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2014-12-23 10:21 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2014-12-23 10:21 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2014-12-23 10:21 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2014-12-23 10:21 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2014-12-23 10:21 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2014-12-23 10:21 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2014-12-23 10:21 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2014-12-23 10:21 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2014-12-23 10:21 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2014-12-23 10:21 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2014-12-23 10:21 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2014-12-23 10:21 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2014-12-23 10:21 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2014-12-23 10:21 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2014-12-23 10:21 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2014-12-23 10:21 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2014-12-23 10:21 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2014-12-23 10:21 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2014-12-23 10:21 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2014-12-23 10:21 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2014-12-23 10:21 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2014-12-23 10:21 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2014-12-23 10:21 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2014-12-23 10:21 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2014-12-23 10:21 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2014-12-23 10:21 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2014-12-23 10:21 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2014-12-23 10:21 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2014-12-23 10:21 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2014-12-23 10:21 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2014-12-23 10:21 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2014-12-23 10:21 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2014-12-23 10:21 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2014-12-23 10:21 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2014-12-23 10:21 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2014-12-23 10:21 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2014-12-23 10:21 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2014-12-23 10:21 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2014-12-23 10:21 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2014-12-23 10:21 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2014-12-23 10:21 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2014-12-23 10:21 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2014-12-23 10:21 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2014-12-23 10:21 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2014-12-23 10:21 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2014-12-23 10:20 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2014-12-23 10:20 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2014-12-23 10:20 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2014-12-23 10:20 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2014-12-21 11:57 - 2014-12-21 11:57 - 00000000 ____D () C:\Users\PhucTam\Downloads\Smart Riot - Huma-Huma_data
2014-12-20 20:06 - 2009-07-13 14:39 - 49625595 _____ () C:\Users\PhucTam\Desktop\BP(D).ups
2014-12-20 20:05 - 2014-12-20 20:07 - 134217728 _____ () C:\Users\PhucTam\Desktop\3783 - Pokemon - Platin Edition (DE).nds
2014-12-18 06:04 - 2014-11-26 15:10 - 03299328 _____ (INCA Internet Co., Ltd.) C:\Windows\system32\GameMon.des
2014-12-18 06:03 - 2014-12-18 06:03 - 00000000 ____D () C:\Program Files\Common Files\INCA Shared
2014-12-18 06:03 - 2004-12-30 13:43 - 00004682 _____ (INCA Internet Co., Ltd.) C:\Windows\system32\npptNT2.sys
2014-12-18 06:03 - 2003-07-15 22:17 - 00005174 _____ () C:\Windows\system32\nppt9x.vxd
2014-12-18 05:37 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-15 14:26 - 2014-12-15 14:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-12-15 14:26 - 2014-12-15 14:26 - 00000000 ____D () C:\Program Files\LogMeIn Hamachi
2014-12-14 01:55 - 2014-12-14 01:56 - 20077203 _____ () C:\Users\PhucTam\Desktop\DARB 2014 [4tel 4_4] MC LP Fan der Boss vs BNB.mp4
2014-12-11 04:32 - 2014-12-11 04:32 - 00000000 ____D () C:\Windows\system32\appraiser

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-10 16:26 - 2014-04-09 18:17 - 01431255 _____ () C:\Windows\WindowsUpdate.log
2015-01-10 16:25 - 2014-04-09 19:44 - 00000000 ____D () C:\Users\PhucTam\AppData\Roaming\Skype
2015-01-10 16:24 - 2014-04-22 22:50 - 00001312 _____ () C:\Users\PhucTam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2015-01-10 16:24 - 2014-04-09 22:54 - 00000000 ____D () C:\Users\PhucTam\AppData\Local\Battle.net
2015-01-10 16:23 - 2014-04-27 16:24 - 00000000 ____D () C:\Users\PhucTam\AppData\Local\LogMeIn Hamachi
2015-01-10 16:23 - 2014-04-09 21:37 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-10 16:23 - 2014-04-09 19:29 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-10 16:23 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-10 16:20 - 2014-04-28 13:58 - 00000000 ____D () C:\AdwCleaner
2015-01-10 16:20 - 2014-04-09 19:39 - 00001236 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-10 16:20 - 2014-04-09 19:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-10 16:20 - 2014-04-09 18:52 - 00001152 _____ () C:\Users\PhucTam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-10 15:47 - 2014-04-09 19:29 - 00001100 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-10 13:38 - 2014-05-12 19:44 - 00000000 ____D () C:\Users\PhucTam\AppData\Roaming\TS3Client
2015-01-10 12:57 - 2014-12-01 23:45 - 00000000 ____D () C:\Users\PhucTam\Downloads\Gameforge Live
2015-01-10 12:30 - 2009-07-14 05:34 - 00020672 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-10 12:30 - 2009-07-14 05:34 - 00020672 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-10 12:11 - 2014-04-29 13:34 - 00002047 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2015-01-10 12:11 - 2014-04-29 13:32 - 00776976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2015-01-10 12:11 - 2014-04-29 13:32 - 00411552 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2015-01-10 12:11 - 2014-04-29 13:32 - 00067776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2015-01-10 03:26 - 2014-04-09 18:52 - 00000000 ____D () C:\Users\PhucTam
2015-01-10 03:23 - 2014-06-22 09:46 - 00000000 ____D () C:\Users\PhucTam\AppData\Local\Akamai
2015-01-10 03:23 - 2014-05-02 01:27 - 00000000 ____D () C:\ProgramData\ZalmanInstaller_5372
2015-01-10 03:23 - 2014-04-29 13:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2015-01-10 03:23 - 2014-04-19 16:55 - 00000000 ____D () C:\Users\PhucTam\Desktop\Cubeworld
2015-01-10 03:23 - 2014-04-09 22:54 - 00000000 ____D () C:\Users\PhucTam\AppData\Roaming\Battle.net
2015-01-10 03:23 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\wfp
2015-01-10 03:23 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\registration
2015-01-10 03:23 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\AppCompat
2015-01-10 03:03 - 2009-07-14 09:56 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-01-10 01:20 - 2014-05-02 01:48 - 00000000 ____D () C:\temp
2015-01-06 20:51 - 2014-04-10 12:26 - 00000000 ____D () C:\Program Files\Steam
2015-01-05 15:59 - 2014-12-04 17:01 - 00000000 ____D () C:\Program Files\Sandboxie
2015-01-02 06:12 - 2014-11-06 20:05 - 00000000 ____D () C:\Users\PhucTam\Desktop\Bilder, screens
2015-01-02 03:20 - 2014-04-22 05:24 - 00000000 ____D () C:\Users\PhucTam\AppData\Roaming\Audacity
2014-12-31 03:28 - 2014-04-09 18:24 - 01618592 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-29 18:02 - 2014-12-01 23:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge Live
2014-12-29 18:02 - 2014-07-15 07:31 - 00000000 ____D () C:\Program Files\GameforgeLive
2014-12-29 00:33 - 2014-04-10 22:02 - 00000000 ____D () C:\Users\PhucTam\Documents\My Games
2014-12-28 19:53 - 2014-04-17 01:29 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-12-26 18:00 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-12-26 16:53 - 2014-04-09 20:08 - 00000000 ____D () C:\Users\PhucTam\AppData\Roaming\.minecraft
2014-12-25 00:44 - 2014-04-10 03:58 - 00000000 ____D () C:\Windows\Minidump
2014-12-25 00:38 - 2014-09-11 23:29 - 00000000 ____D () C:\Users\Public\Documents\Mad Catz
2014-12-25 00:38 - 2014-05-10 11:15 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-12-25 00:25 - 2014-07-12 16:30 - 00000000 ____D () C:\Users\PhucTam\Desktop\Musik ~98%
2014-12-23 15:56 - 2014-05-29 11:09 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-12-23 12:35 - 2009-07-14 05:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-12-23 12:33 - 2014-05-29 11:17 - 00000000 ____D () C:\Program Files\Origin Games
2014-12-23 10:21 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2014-12-22 22:34 - 2014-05-29 11:09 - 00000000 ____D () C:\ProgramData\Origin
2014-12-22 22:34 - 2014-05-29 11:09 - 00000000 ____D () C:\Program Files\Origin
2014-12-22 22:33 - 2014-04-09 19:44 - 00000000 ___RD () C:\Program Files\Skype
2014-12-22 22:33 - 2014-04-09 19:44 - 00000000 ____D () C:\ProgramData\Skype
2014-12-22 13:01 - 2014-05-29 11:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2014-12-20 14:01 - 2014-10-26 01:06 - 00016400 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2014-12-18 06:37 - 2014-06-29 09:57 - 00000000 ____D () C:\download
2014-12-17 23:25 - 2014-04-09 18:52 - 00000000 ____D () C:\Users\PhucTam\AppData\Local\VirtualStore
2014-12-13 01:12 - 2014-09-20 13:42 - 02210040 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap.dll
2014-12-13 01:12 - 2014-09-20 13:42 - 01291464 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge.dll
2014-12-12 04:07 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2014-12-12 03:17 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-12-11 04:36 - 2014-04-09 22:54 - 00000000 ____D () C:\Program Files\Battle.net
2014-12-11 04:32 - 2014-05-07 02:00 - 00000000 ___SD () C:\Windows\system32\CompatTel

Files to move or delete:
====================
C:\Users\PhucTam\jagex_cl_runescape_LIVE.dat
C:\Users\PhucTam\random.dat


Some content of TEMP:
====================
C:\Users\PhucTam\AppData\Local\Temp\Quarantine.exe
C:\Users\PhucTam\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-04 19:43

==================== End Of Log ============================
--- --- ---



und Addition.txt
Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 10-01-2015
Ran by PhucTam at 2015-01-10 16:29:36
Running from C:\Users\PhucTam\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
AION Free-to-Play (HKLM\...\{82E73E8D-E1E7-45A4-A311-6D31492AA913}_is1) (Version:  - Gameforge)
Akamai NetSession Interface (HKU\S-1-5-21-3598937497-1326978013-658881309-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
ANNO 2070 (HKLM\...\{B48E264C-C8CD-4617-B0BE-46E977BAD694}) (Version: 1.0.0.0 - Ubisoft)
Apple Application Support (HKLM\...\{A83279FD-CA4B-4206-9535-90974DE76654}) (Version: 2.1.5 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.5 (HKLM\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2018 - Avast Software)
Battle.net (HKLM\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield 3™ (HKLM\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM\...\Battlelog Web Plugins) (Version: 2.6.2 - EA Digital Illusions CE AB)
BlueStacks Notification Center (HKLM\...\{152E0B21-19D5-4772-9EF8-8E76074B0C0A}) (Version: 0.9.4.4078 - BlueStack Systems, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version:  - Valve)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Diablo III (HKLM\...\Diablo III) (Version:  - Blizzard Entertainment)
FlyFF (HKLM\...\{B47D87A4-05B5-4AC3-B0D3-6543E1876D0E}_is1) (Version:  - Webzen)
Fotogalerie (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Fraps (remove only) (Version:  - ) Hidden
Gameforge Live 2.0.5 (HKLM\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.5 - Gameforge)
Garry's Mod (HKLM\...\Steam App 4000) (Version:  - Facepunch Studios)
Google Chrome (HKLM\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.)
Google Update Helper (Version: 1.3.23.9 - Google Inc.) Hidden
Hearthstone (HKLM\...\Hearthstone) (Version:  - Blizzard Entertainment)
Hi-Rez Studios Authenticate and Update Service (HKLM\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version:  - )
League of Legends (HKLM\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (Version: 3.0.1 - Riot Games ) Hidden
Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
LogMeIn Hamachi (HKLM\...\LogMeIn Hamachi) (Version: 2.2.0.291 - LogMeIn, Inc.)
LogMeIn Hamachi (Version: 2.2.0.291 - LogMeIn, Inc.) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
MorphVOX Pro (HKLM\...\{4bfc0d50-0417-46a0-ab1e-475fb1a90916}) (Version: 4.4.17.22603 - Screaming Bee)
MorphVOX Pro (Version: 4.4.17.22603 - Screaming Bee) Hidden
Movie Maker (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Nostale(DE) (HKLM\...\NosTale(DE)_is1) (Version:  - Gameforge 4D GmbH)
Notepad++ (HKLM\...\Notepad++) (Version: 6.5.5 - Notepad++ Team)
NVIDIA 3D Vision Controller-Treiber 332.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 332.17 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 332.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 332.17 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.5 - NVIDIA Corporation)
NVIDIA Grafiktreiber 332.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 332.17 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.29.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.29.0 - NVIDIA Corporation)
NVIDIA PhysX (HKLM\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
Origin (HKLM\...\Origin) (Version: 9.4.7.2799 - Electronic Arts, Inc.)
PunkBuster Services (HKLM\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
Realm of the Mad God (HKLM\...\Steam App 200210) (Version:  - Wild Shadow Studios)
Rogue Legacy (HKLM\...\Steam App 241600) (Version:  - Cellar Door Games)
Sandboxie 4.14 (32-bit) (HKLM\...\Sandboxie) (Version: 4.14 - Sandboxie Holdings, LLC)
Scribblenauts Unlimited (HKLM\...\Steam App 218680) (Version:  - 5th Cell Media)
Serious Sam: The Random Encounter (HKLM\...\Steam App 201480) (Version:  - Vlambeer)
SHIELD Streaming (Version: 3.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.18.9 - NVIDIA Corporation) Hidden
Shopping Helper Smartbar (HKLM\...\{7DD65DA0-AD4F-4974-AAC6-5834DD7F6841}) (Version: 11.43.63.16271 - ReSoft Ltd.) <==== ATTENTION
Shopping Helper Smartbar Engine (HKU\S-1-5-21-3598937497-1326978013-658881309-1000\...\{f18039c1-5302-454f-adb0-fa2f0f2086fd}) (Version: 11.43.63.16271 - ReSoft Ltd.) <==== ATTENTION
SimCity 2000 Special Edition (HKLM\...\{59D2C751-F7BE-4E9F-9C8C-1F16013802C7}) (Version: 2.0.0.1 - Electronic Arts)
Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Smite (HKLM\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}) (Version: 1.0.2477.0 - Hi-Rez Studios)
Sonic Generations (HKLM\...\Steam App 71340) (Version:  - Devil's Details)
Sony Vegas Pro Pre-Cracked By Exµs 11.0 (HKLM\...\Sony Vegas Pro Pre-Cracked By Exµs) (Version: 11.0 - TheMrExus)
Steam (HKLM\...\Steam) (Version:  - Valve Corporation)
System Requirements Lab CYRI (HKLM\...\{F3FCB08B-E752-444D-86A0-0634A4F3B23D}) (Version: 6.0.8.0 - Husdawg, LLC)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
Terraria (HKLM\...\Steam App 105600) (Version:  - Re-Logic)
The Binding of Isaac (HKLM\...\Steam App 113200) (Version:  - Edmund McMillen and Florian Himsl)
The Sims 2: Ultimate Collection (HKLM\...\{04450C18-F039-4B81-A621-70C3B0F523D5}) (Version: 1.0.0.0 - Electronic Arts)
Toribash (HKLM\...\Steam App 248570) (Version:  - Nabi Studios)
Tunngle beta (HKLM\...\Tunngle beta_is1) (Version:  - Tunngle.net GmbH)
Unity Web Player (HKU\S-1-5-21-3598937497-1326978013-658881309-1000\...\UnityWebPlayer) (Version: 4.5.1f3 - Unity Technologies ApS)
Uplay (HKLM\...\Uplay) (Version: 4.3 - Ubisoft)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
WinRAR 5.10 beta 2 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.2 - win.rar GmbH)
XSplit Broadcaster (HKLM\...\{19F00CA3-338D-497C-BA31-0507101F2BBB}) (Version: 1.3.1403.1202 - SplitmediaLabs)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3598937497-1326978013-658881309-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\PhucTam\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)

==================== Restore Points  =========================

03-01-2015 00:20:26 Windows Update
06-01-2015 10:33:02 Windows Update
09-01-2015 12:51:47 Windows Update
09-01-2015 21:31:01 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
09-01-2015 23:15:13 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
09-01-2015 23:36:05 avast! antivirus system restore point
10-01-2015 02:50:53 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
10-01-2015 03:05:40 avast! antivirus system restore point
10-01-2015 03:06:29 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
10-01-2015 03:07:48 Wiederherstellungsvorgang
10-01-2015 03:15:18 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
10-01-2015 03:18:14 Windows Update
10-01-2015 03:19:21 Wiederherstellungsvorgang
10-01-2015 03:24:30 avast! antivirus system restore point
10-01-2015 03:25:10 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
10-01-2015 11:39:41 avast! antivirus system restore point
10-01-2015 11:57:37 avast! antivirus system restore point
10-01-2015 12:10:30 avast! antivirus system restore point
10-01-2015 15:25:02 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {119D7A20-226E-4037-8ECC-B97D1AF95B36} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-04-29] (AVAST Software)
Task: {886A33FF-96DF-494D-BF10-F59DFD6DBF3E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: {BFA338DE-6156-494B-BC12-3A2580E5D8DA} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-04-17] (Piriform Ltd)
Task: {C27D9250-3A9E-4DDE-9092-B608B341A1C5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-04-09 21:36 - 2013-12-17 22:30 - 00107296 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2015-01-10 12:57 - 2015-01-10 12:57 - 02909696 _____ () C:\Program Files\AVAST Software\Avast\defs\15011000\algo.dll
2015-01-09 23:39 - 2014-04-29 13:32 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-12-23 10:21 - 2014-12-23 16:03 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe
2015-01-10 03:25 - 2015-01-08 20:58 - 00087208 _____ () C:\Users\PhucTam\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe
2014-04-09 19:39 - 2014-04-02 02:57 - 00065352 _____ () C:\Program Files\Google\Chrome\Application\34.0.1847.116\chrome_elf.dll
2014-04-09 19:39 - 2014-04-02 02:57 - 00674632 _____ () C:\Program Files\Google\Chrome\Application\34.0.1847.116\libglesv2.dll
2014-04-09 19:39 - 2014-04-02 02:57 - 00093000 _____ () C:\Program Files\Google\Chrome\Application\34.0.1847.116\libegl.dll
2014-04-09 19:39 - 2014-04-02 02:57 - 04081480 _____ () C:\Program Files\Google\Chrome\Application\34.0.1847.116\pdf.dll
2014-04-09 19:39 - 2014-04-02 02:58 - 00390472 _____ () C:\Program Files\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll
2014-04-09 19:39 - 2014-04-02 02:57 - 01647432 _____ () C:\Program Files\Google\Chrome\Application\34.0.1847.116\ffmpegsumo.dll
2014-12-10 19:35 - 2014-12-10 19:35 - 26065408 _____ () C:\Program Files\Battle.net\Battle.net.5383\libcef.dll
2014-12-10 19:35 - 2014-12-10 19:35 - 00739840 _____ () C:\Program Files\Battle.net\Battle.net.5383\libGLESv2.dll
2014-12-10 19:35 - 2014-12-10 19:35 - 00907776 _____ () C:\Program Files\Battle.net\Battle.net.5383\platforms\qwindows.dll
2014-12-10 19:35 - 2014-12-10 19:35 - 00130048 _____ () C:\Program Files\Battle.net\Battle.net.5383\libEGL.dll
2014-12-10 19:35 - 2014-12-10 19:35 - 00020992 _____ () C:\Program Files\Battle.net\Battle.net.5383\imageformats\qgif.dll
2014-12-10 19:35 - 2014-12-10 19:35 - 00021504 _____ () C:\Program Files\Battle.net\Battle.net.5383\imageformats\qico.dll
2014-12-10 19:35 - 2014-12-10 19:35 - 00205312 _____ () C:\Program Files\Battle.net\Battle.net.5383\imageformats\qjpeg.dll
2014-12-10 19:35 - 2014-12-10 19:35 - 00225792 _____ () C:\Program Files\Battle.net\Battle.net.5383\imageformats\qmng.dll
2014-12-10 19:35 - 2014-12-10 19:35 - 00015872 _____ () C:\Program Files\Battle.net\Battle.net.5383\imageformats\qsvg.dll
2014-12-10 19:35 - 2014-12-10 19:35 - 00312832 _____ () C:\Program Files\Battle.net\Battle.net.5383\imageformats\qtiff.dll
2014-04-09 22:57 - 2014-04-09 22:57 - 00020228 _____ () C:\ProgramData\Blizzard Entertainment\Battle.net\Cache\36\b2\36b27cd911b33c61730a8b82c8b2495fd16e8024fc3b2dde08861c77a852941c.auth
2014-04-09 22:57 - 2014-04-09 22:57 - 00065796 _____ () C:\ProgramData\Blizzard Entertainment\Battle.net\Cache\1e\29\1e2963a47513152acfd8a196d0e3e83ceaa24aaf0b520fb43a6a145cd26dab82.auth
2014-04-09 22:57 - 2014-04-09 22:57 - 00065796 _____ () C:\ProgramData\Blizzard Entertainment\Battle.net\Cache\8f\52\8f52906a2c85b416a595702251570f96d3522f39237603115f2f1ab24962043c.auth
2014-04-09 19:39 - 2014-04-02 02:58 - 13691720 _____ () C:\Program Files\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll
2015-01-10 03:25 - 2015-01-08 21:51 - 51252392 _____ () C:\Users\PhucTam\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
2015-01-10 03:25 - 2015-01-07 22:22 - 01360552 _____ () C:\Users\PhucTam\AppData\Roaming\Compatibility Verifier\libglesv2.dll
2015-01-10 03:25 - 2015-01-07 22:22 - 00214184 _____ () C:\Users\PhucTam\AppData\Roaming\Compatibility Verifier\libegl.dll
2015-01-10 03:25 - 2015-01-07 22:22 - 00985768 _____ () C:\Users\PhucTam\AppData\Roaming\Compatibility Verifier\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-3598937497-1326978013-658881309-500 - Administrator - Disabled)
Gast (S-1-5-21-3598937497-1326978013-658881309-501 - Limited - Disabled)
PhucTam (S-1-5-21-3598937497-1326978013-658881309-1000 - Administrator - Enabled) => C:\Users\PhucTam

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Ethernet-Controller
Description: Ethernet-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: USB (Universal Serial Bus)-Controller
Description: USB (Universal Serial Bus)-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/10/2015 04:23:42 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.IO.FileNotFoundException: Die Datei "C:\ProgramData\BlueStacks\Android\kernel.elf" konnte nicht gefunden werden.
Dateiname: "C:\ProgramData\BlueStacks\Android\kernel.elf"
  bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
  bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (01/10/2015 00:52:27 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (01/10/2015 00:22:43 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.IO.FileNotFoundException: Die Datei "C:\ProgramData\BlueStacks\Android\kernel.elf" konnte nicht gefunden werden.
Dateiname: "C:\ProgramData\BlueStacks\Android\kernel.elf"
  bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
  bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (01/10/2015 00:10:30 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
  Generatordaten werden gesammelt

Kontext:
  Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
  Generatorname: System Writer
  Generatorinstanz-ID: {f7c0b80f-f6ab-4462-97b1-9531a762658f}

Error: (01/10/2015 00:09:37 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.IO.FileNotFoundException: Die Datei "C:\ProgramData\BlueStacks\Android\kernel.elf" konnte nicht gefunden werden.
Dateiname: "C:\ProgramData\BlueStacks\Android\kernel.elf"
  bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
  bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (01/10/2015 00:03:57 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.IO.FileNotFoundException: Die Datei "C:\ProgramData\BlueStacks\Android\kernel.elf" konnte nicht gefunden werden.
Dateiname: "C:\ProgramData\BlueStacks\Android\kernel.elf"
  bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
  bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (01/10/2015 11:56:16 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.IO.FileNotFoundException: Die Datei "C:\ProgramData\BlueStacks\Android\kernel.elf" konnte nicht gefunden werden.
Dateiname: "C:\ProgramData\BlueStacks\Android\kernel.elf"
  bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
  bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (01/10/2015 11:39:40 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
  Generatordaten werden gesammelt

Kontext:
  Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
  Generatorname: System Writer
  Generatorinstanz-ID: {06d0aa59-1dd3-4a2c-970f-1f5f0172d30c}

Error: (01/10/2015 11:39:18 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.IO.FileNotFoundException: Die Datei "C:\ProgramData\BlueStacks\Android\kernel.elf" konnte nicht gefunden werden.
Dateiname: "C:\ProgramData\BlueStacks\Android\kernel.elf"
  bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
  bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (01/10/2015 03:24:33 AM) (Source: System Restore) (EventID: 8210) (User: )
Description: Unbekannter Fehler bei der Systemwiederherstellung: (Windows Update). Zusätzliche Informationen: 0xc0000022.


System errors:
=============
Error: (01/10/2015 04:25:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (01/10/2015 04:23:42 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler beendet:
%%1064

Error: (01/10/2015 04:23:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "ValueApps" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (01/10/2015 04:20:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (01/10/2015 04:20:29 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Hi-Rez Studios Authenticate and Update Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (01/10/2015 04:20:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (01/10/2015 04:20:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "BlueStacks Updater Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (01/10/2015 04:20:26 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Druckwarteschlange" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (01/10/2015 04:20:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "LogMeIn Hamachi Tunneling Engine" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (01/10/2015 04:20:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Streamer Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


Microsoft Office Sessions:
=========================
Error: (01/10/2015 04:23:42 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.IO.FileNotFoundException: Die Datei "C:\ProgramData\BlueStacks\Android\kernel.elf" konnte nicht gefunden werden.
Dateiname: "C:\ProgramData\BlueStacks\Android\kernel.elf"
  bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
  bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (01/10/2015 00:52:27 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\common files\Logishrd\sp6_uninstall\tools\64\AddBrowsers.exe

Error: (01/10/2015 00:22:43 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.IO.FileNotFoundException: Die Datei "C:\ProgramData\BlueStacks\Android\kernel.elf" konnte nicht gefunden werden.
Dateiname: "C:\ProgramData\BlueStacks\Android\kernel.elf"
  bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
  bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (01/10/2015 00:10:30 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Zugriff verweigert


Vorgang:
  Generatordaten werden gesammelt

Kontext:
  Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
  Generatorname: System Writer
  Generatorinstanz-ID: {f7c0b80f-f6ab-4462-97b1-9531a762658f}

Error: (01/10/2015 00:09:37 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.IO.FileNotFoundException: Die Datei "C:\ProgramData\BlueStacks\Android\kernel.elf" konnte nicht gefunden werden.
Dateiname: "C:\ProgramData\BlueStacks\Android\kernel.elf"
  bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
  bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (01/10/2015 00:03:57 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.IO.FileNotFoundException: Die Datei "C:\ProgramData\BlueStacks\Android\kernel.elf" konnte nicht gefunden werden.
Dateiname: "C:\ProgramData\BlueStacks\Android\kernel.elf"
  bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
  bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (01/10/2015 11:56:16 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.IO.FileNotFoundException: Die Datei "C:\ProgramData\BlueStacks\Android\kernel.elf" konnte nicht gefunden werden.
Dateiname: "C:\ProgramData\BlueStacks\Android\kernel.elf"
  bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
  bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (01/10/2015 11:39:40 AM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Zugriff verweigert


Vorgang:
  Generatordaten werden gesammelt

Kontext:
  Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
  Generatorname: System Writer
  Generatorinstanz-ID: {06d0aa59-1dd3-4a2c-970f-1f5f0172d30c}

Error: (01/10/2015 11:39:18 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.IO.FileNotFoundException: Die Datei "C:\ProgramData\BlueStacks\Android\kernel.elf" konnte nicht gefunden werden.
Dateiname: "C:\ProgramData\BlueStacks\Android\kernel.elf"
  bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
  bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (01/10/2015 03:24:33 AM) (Source: System Restore) (EventID: 8210) (User: )
Description: Windows Update0xc0000022


==================== Memory info ===========================

Processor: AMD FX(tm)-6300 Six-Core Processor
Percentage of memory in use: 60%
Total physical RAM: 3069.54 MB
Available physical RAM: 1205.94 MB
Total Pagefile: 9211.82 MB
Available Pagefile: 6597.77 MB
Total Virtual: 2047.88 MB
Available Virtual: 1893.47 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:719.99 GB) NTFS
Drive e: (DarkSiders.II) (CDROM) (Total:5.36 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 6628B7BD)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

==================== End Of Log ============================

M-K-D-B 10.01.2015 16:47
Servus,


wir beginnen so:



Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Likay 10.01.2015 17:34
hier die Logfile
Code:
ComboFix 15-01-08.01 - PhucTam 10.01.2015  17:00:37.1.6 - x86
Microsoft Windows 7 Ultimate  6.1.7601.1.1252.49.1031.18.3070.1590 [GMT 1:00]
ausgeführt von:: c:\users\PhucTam\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gjbmgpncmobcaflfmcogianegpdnbkhk
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gjbmgpncmobcaflfmcogianegpdnbkhk\1.0\background.html
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gjbmgpncmobcaflfmcogianegpdnbkhk\1.0\content.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gjbmgpncmobcaflfmcogianegpdnbkhk\1.0\IyHFMix5si.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gjbmgpncmobcaflfmcogianegpdnbkhk\1.0\lsdb.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gjbmgpncmobcaflfmcogianegpdnbkhk\1.0\manifest.json
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oilipfekkmncanaajkapbpancpelijih
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oilipfekkmncanaajkapbpancpelijih\206\background.html
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oilipfekkmncanaajkapbpancpelijih\206\content.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oilipfekkmncanaajkapbpancpelijih\206\K0caBXeQ0M.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oilipfekkmncanaajkapbpancpelijih\206\lsdb.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oilipfekkmncanaajkapbpancpelijih\206\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcbbpmjmoagpigonkidpcmhdbbhgfpie
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcbbpmjmoagpigonkidpcmhdbbhgfpie\1.0\background.html
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcbbpmjmoagpigonkidpcmhdbbhgfpie\1.0\content.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcbbpmjmoagpigonkidpcmhdbbhgfpie\1.0\fe41kgGXEGVO.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcbbpmjmoagpigonkidpcmhdbbhgfpie\1.0\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcbbpmjmoagpigonkidpcmhdbbhgfpie\1.0\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gjbmgpncmobcaflfmcogianegpdnbkhk
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gjbmgpncmobcaflfmcogianegpdnbkhk\1.0\background.html
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gjbmgpncmobcaflfmcogianegpdnbkhk\1.0\content.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gjbmgpncmobcaflfmcogianegpdnbkhk\1.0\IyHFMix5si.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gjbmgpncmobcaflfmcogianegpdnbkhk\1.0\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gjbmgpncmobcaflfmcogianegpdnbkhk\1.0\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hbeallnmpfjamdnakojgbfmlkdnkhjoj
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hbeallnmpfjamdnakojgbfmlkdnkhjoj\5.14\background.html
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hbeallnmpfjamdnakojgbfmlkdnkhjoj\5.14\content.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hbeallnmpfjamdnakojgbfmlkdnkhjoj\5.14\LB8mZM.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hbeallnmpfjamdnakojgbfmlkdnkhjoj\5.14\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hbeallnmpfjamdnakojgbfmlkdnkhjoj\5.14\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hggjmlhiolphdnjbgpbhhicihkpgbagk
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hggjmlhiolphdnjbgpbhhicihkpgbagk\2.2\background.html
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hggjmlhiolphdnjbgpbhhicihkpgbagk\2.2\content.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hggjmlhiolphdnjbgpbhhicihkpgbagk\2.2\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hggjmlhiolphdnjbgpbhhicihkpgbagk\2.2\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\laebfhpccpiljpoifpmkkcmafdgchggb
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\laebfhpccpiljpoifpmkkcmafdgchggb\5.14\background.html
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\laebfhpccpiljpoifpmkkcmafdgchggb\5.14\content.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\laebfhpccpiljpoifpmkkcmafdgchggb\5.14\E4aD.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\laebfhpccpiljpoifpmkkcmafdgchggb\5.14\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\laebfhpccpiljpoifpmkkcmafdgchggb\5.14\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oilipfekkmncanaajkapbpancpelijih
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oilipfekkmncanaajkapbpancpelijih\206\background.html
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oilipfekkmncanaajkapbpancpelijih\206\content.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oilipfekkmncanaajkapbpancpelijih\206\K0caBXeQ0M.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oilipfekkmncanaajkapbpancpelijih\206\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oilipfekkmncanaajkapbpancpelijih\206\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjbmgpncmobcaflfmcogianegpdnbkhk
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjbmgpncmobcaflfmcogianegpdnbkhk\1.0\background.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjbmgpncmobcaflfmcogianegpdnbkhk\1.0\content.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjbmgpncmobcaflfmcogianegpdnbkhk\1.0\IyHFMix5si.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjbmgpncmobcaflfmcogianegpdnbkhk\1.0\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjbmgpncmobcaflfmcogianegpdnbkhk\1.0\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilipfekkmncanaajkapbpancpelijih
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilipfekkmncanaajkapbpancpelijih\206\background.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilipfekkmncanaajkapbpancpelijih\206\content.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilipfekkmncanaajkapbpancpelijih\206\K0caBXeQ0M.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilipfekkmncanaajkapbpancpelijih\206\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilipfekkmncanaajkapbpancpelijih\206\manifest.json
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gjbmgpncmobcaflfmcogianegpdnbkhk
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gjbmgpncmobcaflfmcogianegpdnbkhk\1.0\background.html
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gjbmgpncmobcaflfmcogianegpdnbkhk\1.0\content.js
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gjbmgpncmobcaflfmcogianegpdnbkhk\1.0\IyHFMix5si.js
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gjbmgpncmobcaflfmcogianegpdnbkhk\1.0\lsdb.js
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gjbmgpncmobcaflfmcogianegpdnbkhk\1.0\manifest.json
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oilipfekkmncanaajkapbpancpelijih
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oilipfekkmncanaajkapbpancpelijih\206\background.html
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oilipfekkmncanaajkapbpancpelijih\206\content.js
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oilipfekkmncanaajkapbpancpelijih\206\K0caBXeQ0M.js
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oilipfekkmncanaajkapbpancpelijih\206\lsdb.js
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oilipfekkmncanaajkapbpancpelijih\206\manifest.json
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcbbpmjmoagpigonkidpcmhdbbhgfpie
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcbbpmjmoagpigonkidpcmhdbbhgfpie\1.0\background.html
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcbbpmjmoagpigonkidpcmhdbbhgfpie\1.0\content.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcbbpmjmoagpigonkidpcmhdbbhgfpie\1.0\fe41kgGXEGVO.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcbbpmjmoagpigonkidpcmhdbbhgfpie\1.0\lsdb.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcbbpmjmoagpigonkidpcmhdbbhgfpie\1.0\manifest.json
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gjbmgpncmobcaflfmcogianegpdnbkhk
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gjbmgpncmobcaflfmcogianegpdnbkhk\1.0\background.html
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gjbmgpncmobcaflfmcogianegpdnbkhk\1.0\content.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gjbmgpncmobcaflfmcogianegpdnbkhk\1.0\IyHFMix5si.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gjbmgpncmobcaflfmcogianegpdnbkhk\1.0\lsdb.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gjbmgpncmobcaflfmcogianegpdnbkhk\1.0\manifest.json
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hbeallnmpfjamdnakojgbfmlkdnkhjoj
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hbeallnmpfjamdnakojgbfmlkdnkhjoj\5.14\background.html
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hbeallnmpfjamdnakojgbfmlkdnkhjoj\5.14\content.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hbeallnmpfjamdnakojgbfmlkdnkhjoj\5.14\LB8mZM.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hbeallnmpfjamdnakojgbfmlkdnkhjoj\5.14\lsdb.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hbeallnmpfjamdnakojgbfmlkdnkhjoj\5.14\manifest.json
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hggjmlhiolphdnjbgpbhhicihkpgbagk
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hggjmlhiolphdnjbgpbhhicihkpgbagk\2.2\background.html
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hggjmlhiolphdnjbgpbhhicihkpgbagk\2.2\content.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hggjmlhiolphdnjbgpbhhicihkpgbagk\2.2\lsdb.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hggjmlhiolphdnjbgpbhhicihkpgbagk\2.2\manifest.json
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\laebfhpccpiljpoifpmkkcmafdgchggb
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\laebfhpccpiljpoifpmkkcmafdgchggb\5.14\background.html
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\laebfhpccpiljpoifpmkkcmafdgchggb\5.14\content.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\laebfhpccpiljpoifpmkkcmafdgchggb\5.14\E4aD.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\laebfhpccpiljpoifpmkkcmafdgchggb\5.14\lsdb.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\laebfhpccpiljpoifpmkkcmafdgchggb\5.14\manifest.json
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oilipfekkmncanaajkapbpancpelijih
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oilipfekkmncanaajkapbpancpelijih\206\background.html
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oilipfekkmncanaajkapbpancpelijih\206\content.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oilipfekkmncanaajkapbpancpelijih\206\K0caBXeQ0M.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oilipfekkmncanaajkapbpancpelijih\206\lsdb.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oilipfekkmncanaajkapbpancpelijih\206\manifest.json
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjbmgpncmobcaflfmcogianegpdnbkhk
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjbmgpncmobcaflfmcogianegpdnbkhk\1.0\background.html
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjbmgpncmobcaflfmcogianegpdnbkhk\1.0\content.js
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjbmgpncmobcaflfmcogianegpdnbkhk\1.0\IyHFMix5si.js
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjbmgpncmobcaflfmcogianegpdnbkhk\1.0\manifest.json
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilipfekkmncanaajkapbpancpelijih
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilipfekkmncanaajkapbpancpelijih\206\background.html
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilipfekkmncanaajkapbpancpelijih\206\content.js
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilipfekkmncanaajkapbpancpelijih\206\K0caBXeQ0M.js
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilipfekkmncanaajkapbpancpelijih\206\lsdb.js
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilipfekkmncanaajkapbpancpelijih\206\manifest.json
c:\users\PhucTam\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gjbmgpncmobcaflfmcogianegpdnbkhk
c:\users\PhucTam\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gjbmgpncmobcaflfmcogianegpdnbkhk\1.0\background.html
c:\users\PhucTam\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gjbmgpncmobcaflfmcogianegpdnbkhk\1.0\content.js
c:\users\PhucTam\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gjbmgpncmobcaflfmcogianegpdnbkhk\1.0\IyHFMix5si.js
c:\users\PhucTam\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gjbmgpncmobcaflfmcogianegpdnbkhk\1.0\lsdb.js
c:\users\PhucTam\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gjbmgpncmobcaflfmcogianegpdnbkhk\1.0\manifest.json
c:\users\PhucTam\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oilipfekkmncanaajkapbpancpelijih
c:\users\PhucTam\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oilipfekkmncanaajkapbpancpelijih\206\background.html
c:\users\PhucTam\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oilipfekkmncanaajkapbpancpelijih\206\content.js
c:\users\PhucTam\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oilipfekkmncanaajkapbpancpelijih\206\K0caBXeQ0M.js
c:\users\PhucTam\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oilipfekkmncanaajkapbpancpelijih\206\lsdb.js
c:\users\PhucTam\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oilipfekkmncanaajkapbpancpelijih\206\manifest.json
c:\users\PhucTam\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcbbpmjmoagpigonkidpcmhdbbhgfpie
c:\users\PhucTam\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcbbpmjmoagpigonkidpcmhdbbhgfpie\1.0\background.html
c:\users\PhucTam\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcbbpmjmoagpigonkidpcmhdbbhgfpie\1.0\content.js
c:\users\PhucTam\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcbbpmjmoagpigonkidpcmhdbbhgfpie\1.0\fe41kgGXEGVO.js
c:\users\PhucTam\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcbbpmjmoagpigonkidpcmhdbbhgfpie\1.0\lsdb.js
c:\users\PhucTam\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcbbpmjmoagpigonkidpcmhdbbhgfpie\1.0\manifest.json
c:\users\PhucTam\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gjbmgpncmobcaflfmcogianegpdnbkhk
c:\users\PhucTam\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gjbmgpncmobcaflfmcogianegpdnbkhk\1.0\background.html
c:\users\PhucTam\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gjbmgpncmobcaflfmcogianegpdnbkhk\1.0\content.js
c:\users\PhucTam\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gjbmgpncmobcaflfmcogianegpdnbkhk\1.0\IyHFMix5si.js
c:\users\PhucTam\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gjbmgpncmobcaflfmcogianegpdnbkhk\1.0\lsdb.js
c:\users\PhucTam\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gjbmgpncmobcaflfmcogianegpdnbkhk\1.0\manifest.json
c:\users\PhucTam\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hbeallnmpfjamdnakojgbfmlkdnkhjoj
c:\users\PhucTam\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hbeallnmpfjamdnakojgbfmlkdnkhjoj\5.14\background.html
c:\users\PhucTam\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hbeallnmpfjamdnakojgbfmlkdnkhjoj\5.14\content.js
c:\users\PhucTam\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hbeallnmpfjamdnakojgbfmlkdnkhjoj\5.14\LB8mZM.js
c:\users\PhucTam\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hbeallnmpfjamdnakojgbfmlkdnkhjoj\5.14\lsdb.js
c:\users\PhucTam\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hbeallnmpfjamdnakojgbfmlkdnkhjoj\5.14\manifest.json
c:\users\PhucTam\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hggjmlhiolphdnjbgpbhhicihkpgbagk
c:\users\PhucTam\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hggjmlhiolphdnjbgpbhhicihkpgbagk\2.2\background.html
c:\users\PhucTam\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hggjmlhiolphdnjbgpbhhicihkpgbagk\2.2\content.js
c:\users\PhucTam\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hggjmlhiolphdnjbgpbhhicihkpgbagk\2.2\lsdb.js
c:\users\PhucTam\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hggjmlhiolphdnjbgpbhhicihkpgbagk\2.2\manifest.json
c:\users\PhucTam\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hggjmlhiolphdnjbgpbhhicihkpgbagk\2.2\QytTpG.js
c:\users\PhucTam\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\laebfhpccpiljpoifpmkkcmafdgchggb
c:\users\PhucTam\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\laebfhpccpiljpoifpmkkcmafdgchggb\5.14\background.html
c:\users\PhucTam\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\laebfhpccpiljpoifpmkkcmafdgchggb\5.14\content.js
c:\users\PhucTam\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\laebfhpccpiljpoifpmkkcmafdgchggb\5.14\E4aD.js
c:\users\PhucTam\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\laebfhpccpiljpoifpmkkcmafdgchggb\5.14\lsdb.js
c:\users\PhucTam\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\laebfhpccpiljpoifpmkkcmafdgchggb\5.14\manifest.json
c:\users\PhucTam\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oilipfekkmncanaajkapbpancpelijih
c:\users\PhucTam\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oilipfekkmncanaajkapbpancpelijih\206\background.html
c:\users\PhucTam\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oilipfekkmncanaajkapbpancpelijih\206\content.js
c:\users\PhucTam\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oilipfekkmncanaajkapbpancpelijih\206\K0caBXeQ0M.js
c:\users\PhucTam\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oilipfekkmncanaajkapbpancpelijih\206\lsdb.js
c:\users\PhucTam\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oilipfekkmncanaajkapbpancpelijih\206\manifest.json
c:\users\PhucTam\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjbmgpncmobcaflfmcogianegpdnbkhk
c:\users\PhucTam\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjbmgpncmobcaflfmcogianegpdnbkhk\1.0\background.html
c:\users\PhucTam\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjbmgpncmobcaflfmcogianegpdnbkhk\1.0\content.js
c:\users\PhucTam\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjbmgpncmobcaflfmcogianegpdnbkhk\1.0\IyHFMix5si.js
c:\users\PhucTam\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjbmgpncmobcaflfmcogianegpdnbkhk\1.0\lsdb.js
c:\users\PhucTam\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjbmgpncmobcaflfmcogianegpdnbkhk\1.0\manifest.json
c:\users\PhucTam\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\windows\msdownld.tmp
.
.
(((((((((((((((((((((((  Dateien erstellt von 2014-12-10 bis 2015-01-10  ))))))))))))))))))))))))))))))
.
.
2015-01-10 15:27 . 2015-01-10 15:30        --------        d-----w-        C:\FRST
2015-01-10 02:28 . 2014-12-02 11:01        9054624        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{A5C61D45-C556-4F63-B218-62D39D7D51EF}\mpengine.dll
2015-01-09 22:14 . 2015-01-10 10:57        --------        d-----w-        c:\users\Default\AppData\Roaming\Compatibility Verifier
2015-01-09 22:14 . 2015-01-09 22:14        --------        d-----w-        c:\users\Default\AppData\Local\Programs
2015-01-09 20:30 . 2015-01-10 15:27        --------        d-----w-        c:\users\PhucTam\AppData\Roaming\Compatibility Verifier
2014-12-29 02:12 . 2007-04-04 17:53        81768        ----a-w-        c:\windows\system32\xinput1_3.dll
2014-12-28 20:57 . 2014-12-28 20:57        --------        d-----w-        c:\users\PhucTam\AppData\Local\SKIDROW
2014-12-28 19:09 . 2014-12-28 19:09        --------        d-----w-        c:\users\PhucTam\AppData\Roaming\Awesomium
2014-12-28 18:53 . 2014-12-28 18:53        --------        d-----w-        c:\programdata\Hi-Rez Studios
2014-12-28 18:53 . 2015-01-10 02:23        --------        d-----w-        c:\program files\Hi-Rez Studios
2014-12-26 02:01 . 2014-12-26 02:01        --------        d-----w-        c:\program files\Microsoft ASP.NET
2014-12-24 21:37 . 2014-11-22 10:46        32912        ----a-w-        c:\windows\system32\drivers\nvvad32v.sys
2014-12-24 12:25 . 2014-12-24 12:25        --------        d-----w-        c:\users\PhucTam\AppData\Roaming\Apple Computer
2014-12-24 06:31 . 2014-12-24 06:31        --------        d-----w-        c:\program files\Common Files\Apple
2014-12-24 06:31 . 2014-12-24 06:31        --------        d-----w-        c:\users\PhucTam\AppData\Local\Apple
2014-12-24 06:31 . 2014-12-24 06:31        --------        d-----w-        c:\program files\Apple Software Update
2014-12-24 06:31 . 2014-12-24 06:31        --------        d-----w-        c:\programdata\Apple
2014-12-23 15:14 . 2014-12-23 15:14        --------        d--h--r-        c:\users\PhucTam\AppData\Roaming\SecuROM
2014-12-23 14:58 . 2014-12-23 15:03        348928        ----a-w-        c:\windows\system32\PnkBstrB.xtr
2014-12-23 14:58 . 2014-12-23 14:58        --------        d-----w-        c:\users\PhucTam\AppData\Local\PunkBuster
2014-12-23 14:58 . 2014-12-23 14:58        --------        d-----w-        c:\users\PhucTam\AppData\Local\ESN
2014-12-23 14:57 . 2014-12-23 14:57        --------        d-----w-        c:\program files\Battlelog Web Plugins
2014-12-23 14:56 . 2014-12-23 14:56        --------        d-----w-        c:\programdata\EA Core
2014-12-23 14:56 . 2014-12-23 14:58        --------        d-----w-        c:\programdata\EA Logs
2014-12-23 09:22 . 2014-12-23 11:35        --------        d--h--w-        c:\program files\Common Files\EAInstaller
2014-12-23 09:20 . 2005-05-26 14:34        2297552        ----a-w-        c:\windows\system32\d3dx9_26.dll
2014-12-18 05:04 . 2014-11-26 14:10        3299328        ----a-w-        c:\windows\system32\GameMon.des
2014-12-18 05:03 . 2004-12-30 12:43        4682        ----a-w-        c:\windows\system32\npptNT2.sys
2014-12-18 05:03 . 2003-07-15 21:17        5174        ----a-w-        c:\windows\system32\nppt9x.vxd
2014-12-18 05:03 . 2014-12-18 05:03        --------        d-----w-        c:\program files\Common Files\INCA Shared
2014-12-18 04:37 . 2014-12-13 03:33        115712        ----a-w-        c:\windows\system32\ieUnatt.exe
2014-12-15 13:26 . 2014-12-15 13:26        --------        d-----w-        c:\program files\LogMeIn Hamachi
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-01-10 11:11 . 2014-04-29 12:32        67776        ----a-w-        c:\windows\system32\drivers\aswstm.sys
2015-01-10 11:11 . 2014-04-29 12:32        776976        ----a-w-        c:\windows\system32\drivers\aswsnx.sys
2015-01-10 11:11 . 2014-04-29 12:32        411552        ----a-w-        c:\windows\system32\drivers\aswsp.sys
2014-12-20 13:01 . 2014-10-26 00:06        16400        ----a-w-        c:\windows\system32\drivers\LNonPnP.sys
2014-12-13 00:12 . 2014-09-20 12:42        2210040        ----a-w-        c:\windows\system32\nvspcap.dll
2014-12-13 00:12 . 2014-09-20 12:42        1291464        ----a-w-        c:\windows\system32\nvspbridge.dll
2014-12-04 04:38 . 2014-12-10 11:49        337920        ----a-w-        c:\windows\system32\generaltel.dll
2014-12-04 04:38 . 2014-12-10 11:49        610304        ----a-w-        c:\windows\system32\invagent.dll
2014-12-04 04:38 . 2014-12-10 11:49        315392        ----a-w-        c:\windows\system32\devinv.dll
2014-12-04 04:38 . 2014-12-10 11:49        728576        ----a-w-        c:\windows\system32\appraiser.dll
2014-12-04 04:38 . 2014-12-10 11:49        159744        ----a-w-        c:\windows\system32\aepic.dll
2014-12-04 04:38 . 2014-12-10 11:49        202752        ----a-w-        c:\windows\system32\aepdu.dll
2014-12-04 04:34 . 2014-12-10 11:49        873984        ----a-w-        c:\windows\system32\aeinv.dll
2014-12-01 23:28 . 2014-12-10 11:49        1160872        ----a-w-        c:\windows\system32\aitstatic.exe
2014-11-26 03:42 . 2011-06-10 23:58        421040        ----a-w-        c:\windows\system32\msvcp100.dll
2014-11-24 13:04 . 2014-04-11 10:27        229000        ----a-w-        c:\windows\system32\MpSigStub.exe
2014-11-22 10:46 . 2014-04-09 20:37        32400        ----a-w-        c:\windows\system32\nvaudcap32v.dll
2014-11-22 02:20 . 2014-12-10 12:10        2724864        ----a-w-        c:\windows\system32\mshtml.tlb
2014-11-22 02:20 . 2014-12-10 12:10        4096        ----a-w-        c:\windows\system32\ieetwcollectorres.dll
2014-11-22 02:07 . 2014-12-10 12:10        501248        ----a-w-        c:\windows\system32\vbscript.dll
2014-11-22 02:07 . 2014-12-10 12:10        62464        ----a-w-        c:\windows\system32\iesetup.dll
2014-11-22 02:06 . 2014-12-10 12:10        47616        ----a-w-        c:\windows\system32\ieetwproxystub.dll
2014-11-22 02:05 . 2014-12-10 12:10        64000        ----a-w-        c:\windows\system32\MshtmlDac.dll
2014-11-22 01:55 . 2014-12-10 12:10        102912        ----a-w-        c:\windows\system32\ieetwcollector.exe
2014-11-22 01:54 . 2014-12-10 12:10        620032        ----a-w-        c:\windows\system32\jscript9diag.dll
2014-11-22 01:48 . 2014-12-10 12:10        667648        ----a-w-        c:\windows\system32\MsSpellCheckingFacility.exe
2014-11-22 01:40 . 2014-12-10 12:10        60416        ----a-w-        c:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-22 01:29 . 2014-12-10 12:10        4299264        ----a-w-        c:\windows\system32\jscript9.dll
2014-11-22 01:22 . 2014-12-10 12:10        2052096        ----a-w-        c:\windows\system32\inetcpl.cpl
2014-11-22 01:21 . 2014-12-10 12:10        1155072        ----a-w-        c:\windows\system32\mshtmlmedia.dll
2014-11-22 01:00 . 2014-12-10 12:10        1888256        ----a-w-        c:\windows\system32\wininet.dll
2014-11-11 02:44 . 2014-12-10 11:49        1230336        ----a-w-        c:\windows\system32\WindowsCodecs.dll
2014-11-11 02:44 . 2014-11-19 11:46        186880        ----a-w-        c:\windows\system32\pku2u.dll
2014-11-11 02:44 . 2014-11-19 11:46        550912        ----a-w-        c:\windows\system32\kerberos.dll
2014-11-11 01:32 . 2014-12-10 11:49        74752        ----a-w-        c:\windows\system32\drivers\tdx.sys
2014-11-08 02:45 . 2014-12-10 11:47        2048        ----a-w-        c:\windows\system32\tzres.dll
2014-10-31 22:51 . 2014-07-20 21:51        70144        ----a-w-        c:\windows\system32\tasks.dll
2014-10-30 01:45 . 2014-12-10 11:44        155136        ----a-w-        c:\windows\system32\charmap.exe
2014-10-25 01:32 . 2014-11-11 23:29        67584        ----a-w-        c:\windows\system32\packager.dll
2014-10-18 01:33 . 2014-11-11 23:29        571904        ----a-w-        c:\windows\system32\oleaut32.dll
2014-10-18 01:33 . 2014-12-10 22:19        3209728        ----a-w-        c:\windows\system32\mf.dll
2014-10-14 01:56 . 2014-11-11 23:29        136632        ----a-w-        c:\windows\system32\drivers\ksecpkg.sys
2014-10-14 01:50 . 2014-11-11 23:29        523776        ----a-w-        c:\windows\system32\termsrv.dll
2014-10-14 01:50 . 2014-11-11 23:29        2363904        ----a-w-        c:\windows\system32\msi.dll
2014-10-14 01:50 . 2014-11-11 23:29        1059840        ----a-w-        c:\windows\system32\lsasrv.dll
2014-10-14 01:47 . 2014-11-11 23:29        146432        ----a-w-        c:\windows\system32\msaudite.dll
2014-10-14 01:46 . 2014-11-11 23:29        681984        ----a-w-        c:\windows\system32\adtschema.dll
2014-04-09 18:27 . 2014-04-09 18:23        49940480        ----a-w-        c:\program files\GUTD6EE.tmp
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-04-29 12:32        260976        ----a-w-        c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2014-03-04 3696912]
"Akamai NetSession Interface"="c:\users\PhucTam\AppData\Local\Akamai\netsession_win.exe" [2014-10-29 4673432]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-12-11 30877280]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2014-10-14 632328]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"NvBackend"="c:\program files\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-12-13 2531472]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-01-10 3873704]
"ShadowPlay"="c:\windows\system32\nvspcap.dll" [2014-12-13 2210040]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2014-05-19 2303256]
"BlueStacks Agent"="c:\program files\BlueStacks\HD-Agent.exe" [2014-10-07 843480]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2014-12-13 3838800]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2014-04-13 280576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2014-03-24 22:50        64280        ----a-w-        c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2014-12-13 1895760]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2014-12-11 315496]
R2 ValueApps;ValueApps;c:\users\PhucTam\AppData\Local\ValueApps\ValueApps.exe [x]
R3 _hid_0738_1710;_hid_0738_1710;c:\windows\system32\DRIVERS\_hid_0738_1710.sys [2014-06-13 144576]
R3 _usb_0738_1710;_usb_0738_1710;c:\windows\system32\DRIVERS\_usb_0738_1710.sys [2014-06-13 40640]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-11-22 102912]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2014-11-26 3299328]
R3 Origin Client Service;Origin Client Service;c:\program files\Origin\OriginClientService.exe [2014-12-22 1903472]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 scramby_out;Scramby Output;c:\windows\system32\drivers\scramby_out.sys [2007-08-08 23840]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 TunngleService;TunngleService;c:\program files\Tunngle\TnglCtrl.exe [2013-11-06 758224]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 XDva409;XDva409;c:\windows\system32\XDva409.sys [x]
R3 XDva410;XDva410;c:\windows\system32\XDva410.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2015-01-10 776976]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2015-01-10 411552]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2014-05-02 243128]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-04-29 24184]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-04-29 67824]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2015-01-10 67776]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files\BlueStacks\HD-Hypervisor-x86.sys [2014-10-07 112344]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files\BlueStacks\HD-LogRotatorService.exe [2014-10-07 388824]
S2 BstHdUpdaterSvc;BlueStacks Updater Service;c:\program files\BlueStacks\HD-UpdaterService.exe [2014-10-07 782040]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-07-14 1390176]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-07-14 1767520]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2014-12-13 915600]
S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files\Hi-Rez Studios\HiPatchService.exe [2015-01-06 9216]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn Hamachi\LMIGuardianSvc.exe [2014-12-02 411920]
S2 NvNetworkService;NVIDIA Network Service;c:\program files\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-12-13 1701520]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-12-13 18186896]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-12-17 411936]
S2 Verifies and fixes application compatibility issues;Compatibility Verify;c:\users\PhucTam\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe [2015-01-08 87208]
S3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys [2006-04-05 264704]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\Drivers\LEqdUsb.Sys [2014-03-19 42264]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\Drivers\LHidEqd.Sys [2014-03-19 10136]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-12-13 18576]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad32v.sys [2014-11-22 32912]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2014-02-07 34896]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 27136]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-04-09 18:39        1077576        ----a-w-        c:\program files\Google\Chrome\Application\34.0.1847.116\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com
IE: {{c0e8ae32-0758-4c8d-ab71-23b361fe8964} - c:\users\PhucTam\AppData\Local\Temp\ie_script.htm
Trusted Zone: aeriagames.com
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{45CB1A93-0DDB-63CA-8790-48CAF197C5AF} - (no file)
BHO-{70638A6F-9506-0395-7ECB-54A01E74D3BB} - (no file)
HKCU-Run-ValueAppsTrayIcon - c:\users\PhucTam\AppData\Local\ValueApps\ValueAppsTrayIcon.exe
HKCU-Run-{38BC312C-B7A0-47AD-B591-81EDE177D2E6} - c:\users\PhucTam\Downloads\AetherFlyffSetup.exe
HKCU-Run-Battle.net - c:\program files\Battle.net\Battle.net
AddRemove-Sandboxie - c:\windows\Installer\SandboxieInstall32_VCRedist.exe
AddRemove-{B47D87A4-05B5-4AC3-B0D3-6543E1876D0E}_is1 - c:\program files\Webzen\FlyFF_EN\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3598937497-1326978013-658881309-1000\Software\SecuROM\License information*]
"datasecu"=hex:bd,39,ec,b0,a2,9b,53,cc,c4,82,b0,ca,ad,62,38,a6,e4,e5,02,6d,08,
  f1,9d,60,b0,0d,e5,76,2a,f9,43,b5,e1,6a,87,6a,36,ea,1a,9a,b8,7b,20,13,55,f0,\
"rkeysecu"=hex:38,92,5e,9f,5e,4c,ef,f0,a0,27,bf,a2,6a,6f,38,82
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Sandboxie\SbieSvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\conhost.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\windows\System32\rundll32.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Battle.net\Battle.net.5383\Battle.net.exe
c:\programdata\Battle.net\Agent\Agent.3634\Agent.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
c:\users\PhucTam\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
c:\users\PhucTam\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
c:\users\PhucTam\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
c:\users\PhucTam\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-01-10  17:16:40 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2015-01-10 16:16
.
Vor Suchlauf: 17 Verzeichnis(se), 775.065.968.640 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 776.292.827.136 Bytes frei
.
- - End Of File - - A102E450421FB761B5C998E4E0015B0B
A36C5E4F47E84449FF07ED3517B43A31

M-K-D-B 11.01.2015 13:08
gut, so geht es weiter:




Schritt 1
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).





Schritt 2
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.







Schritt 3

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.







Schritt 4
  • Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
  • FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.






Bitte poste mit deiner nächsten Antwort
  • die Logdatei von AdwCleaner,
  • die Logdatei von MBAM,
  • die Logdatei von JRT,
  • die beiden neuen Logdateien von FRST.

Likay 11.01.2015 19:35
AdwCleaner:
Code:
# AdwCleaner v4.107 - Bericht erstellt am 11/01/2015 um 18:31:35
# Aktualisiert 07/01/2015 von Xplode
# Database : 2014-12-21.4 [Local]
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (32 bits)
# Benutzername : PhucTam - PHUCTAM-PC
# Gestartet von : C:\Users\PhucTam\Desktop\AdwCleaner_4.107.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Google Chrome v34.0.1847.116

[C:\Users\PhucTam\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3325585&octid=EB_ORIGINAL_CTID&ISID=M5EF15620-18B5-44BA-A22F-D0215438B06A&SearchSource=58&CUI=&UM=5&UP=SP34BD8D72-4674-41E3-BC57-41F1AAFB7661&q={searchTerms}&SSPV=
[C:\Users\PhucTam\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3325585&octid=EB_ORIGINAL_CTID&ISID=M5EF15620-18B5-44BA-A22F-D0215438B06A&SearchSource=58&CUI=&UM=5&UP=SP34BD8D72-4674-41E3-BC57-41F1AAFB7661&q={searchTerms}&SSPV=
[C:\Users\PhucTam\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.buenosearch.com/?q={searchTerms}&babsrc=SP_ss&mntrId=705B00FF7220ECC3&affID=128750&tt=240414_41&tsp=5235
[C:\Users\PhucTam\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1410089220&from=irs&uid=ST1000DM003-1CH162_Z1D7K813XXXXZ1D7K813&q={searchTerms}
[C:\Users\PhucTam\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1410089220&from=irs&uid=ST1000DM003-1CH162_Z1D7K813XXXXZ1D7K813&q={searchTerms}
[C:\Users\PhucTam\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://websearch.searc-hall.info/?l=1&q={searchTerms}&pid=1387&r=2014/11/04&hid=17219196511734920795&lg=EN&cc=DE&unqvl=65
[C:\Users\PhucTam\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://search.delta-homes.com/web/?type=ds&ts=1418365265&from=wpm12123&uid=ST1000DM003-1CH162_Z1D7K813XXXXZ1D7K813&q={searchTerms}

-\\ Comodo Dragon v

[C:\Users\PhucTam\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3325585&octid=EB_ORIGINAL_CTID&ISID=M5EF15620-18B5-44BA-A22F-D0215438B06A&SearchSource=58&CUI=&UM=5&UP=SP34BD8D72-4674-41E3-BC57-41F1AAFB7661&q={searchTerms}&SSPV=
[C:\Users\PhucTam\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3325585&octid=EB_ORIGINAL_CTID&ISID=M5EF15620-18B5-44BA-A22F-D0215438B06A&SearchSource=58&CUI=&UM=5&UP=SP34BD8D72-4674-41E3-BC57-41F1AAFB7661&q={searchTerms}&SSPV=
[C:\Users\PhucTam\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.buenosearch.com/?q={searchTerms}&babsrc=SP_ss&mntrId=705B00FF7220ECC3&affID=128750&tt=240414_41&tsp=5235
[C:\Users\PhucTam\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1410089220&from=irs&uid=ST1000DM003-1CH162_Z1D7K813XXXXZ1D7K813&q={searchTerms}
[C:\Users\PhucTam\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1410089220&from=irs&uid=ST1000DM003-1CH162_Z1D7K813XXXXZ1D7K813&q={searchTerms}
[C:\Users\PhucTam\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://websearch.searc-hall.info/?l=1&q={searchTerms}&pid=1387&r=2014/11/04&hid=17219196511734920795&lg=EN&cc=DE&unqvl=65
[C:\Users\PhucTam\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://search.delta-homes.com/web/?type=ds&ts=1418365265&from=wpm12123&uid=ST1000DM003-1CH162_Z1D7K813XXXXZ1D7K813&q={searchTerms}

*************************

AdwCleaner[R0].txt - [21920 octets] - [28/04/2014 13:58:05]
AdwCleaner[R1].txt - [19404 octets] - [10/01/2015 16:15:03]
AdwCleaner[R2].txt - [2842 octets] - [11/01/2015 18:29:41]
AdwCleaner[S0].txt - [19211 octets] - [28/04/2014 13:58:31]
AdwCleaner[S1].txt - [18776 octets] - [10/01/2015 16:19:31]
AdwCleaner[S2].txt - [4556 octets] - [11/01/2015 18:31:35]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [4616 octets] ##########
MBAM:
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 11.01.2015
Suchlauf-Zeit: 18:44:32
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2014.11.20.06
Rootkit Datenbank: v2014.11.18.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x86
Dateisystem: NTFS
Benutzer: PhucTam

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 333853
Verstrichene Zeit: 15 Min, 20 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 4
PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, In Quarantäne, [bd49e559bcc0ec4a367a18a3a35f17e9],
PUP.Optional.AdPeak.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{10AD2C61-0898-4348-8600-14A342F22AC3}, In Quarantäne, [9e68b6886d0f1521114e48768e749769],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantäne, [0402043a413b42f4f311764a7e84619f],
PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}, In Quarantäne, [7e88a39b3448171f322f4868bd477f81],

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 4
PUP.Optional.AdPeak.A, C:\temp, In Quarantäne, [11f59ea078042b0b857894c3fb08ea16],
PUP.Optional.FreeWorldApp.A, C:\ProgramData\FreeWorldApp, In Quarantäne, [a75f9ca2ef8d85b1dacb64d0689b21df],
PUP.Optional.FreeWorldApp.A, C:\ProgramData\FreeWorldApp\GS_Booster, In Quarantäne, [a75f9ca2ef8d85b1dacb64d0689b21df],
PUP.Optional.FreeWorldApp.A, C:\ProgramData\FreeWorldApp\Setup, In Quarantäne, [a75f9ca2ef8d85b1dacb64d0689b21df],

Dateien: 8
PUP.Optional.InstalleRex.A, C:\ProgramData\InstallMate\{F6304B96-0189-48C3-AA28-49AB2DD36960}\Custom.dll, In Quarantäne, [ba4cd569c7b5c86ee38cf74cce3242be],
PUP.Optional.SnapDo.A, C:\Windows\Installer\26efdee.msi, In Quarantäne, [29dd1925e99395a14bf7cbd348b97090],
PUP.Optional.SmartBar, C:\Windows\Installer\26efdf3.msi, In Quarantäne, [fe0809358cf03303b2a0ec716997c937],
PUP.Optional.AdPeak.A, C:\temp\lsp2.log, In Quarantäne, [11f59ea078042b0b857894c3fb08ea16],
PUP.Optional.AdPeak.A, C:\temp\InstallFilter32.msi, In Quarantäne, [11f59ea078042b0b857894c3fb08ea16],
PUP.Optional.AdPeak.A, C:\temp\output.txt, In Quarantäne, [11f59ea078042b0b857894c3fb08ea16],
PUP.Optional.AdPeak.A, C:\temp\t.txt, In Quarantäne, [11f59ea078042b0b857894c3fb08ea16],
PUP.Optional.Conduit.A, C:\Users\PhucTam\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_app.mam.vaccint.com_0.localstorage, In Quarantäne, [4bbbfd41df9dcb6b691b2d312fd47090],

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)
JRT:
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Ultimate x86
Ran by PhucTam on 11.01.2015 at 19:16:13,73
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Windows\system32\ai_recyclebin"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 11.01.2015 at 19:20:16,28
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-01-2015
Ran by PhucTam (administrator) on PHUCTAM-PC on 11-01-2015 19:21:10
Running from C:\Users\PhucTam\Desktop
Loaded Profile: PhucTam (Available profiles: PhucTam)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-UpdaterService.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Hi-Rez Studios) C:\Program Files\Hi-Rez Studios\HiPatchService.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\System32\PnkBstrA.exe
() C:\Users\PhucTam\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(LogMeIn Inc.) C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
(LogMeIn Inc.) C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-Agent.exe
(Akamai Technologies, Inc.) C:\Users\PhucTam\AppData\Local\Akamai\netsession_win.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Akamai Technologies, Inc.) C:\Users\PhucTam\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
() C:\Users\PhucTam\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\PhucTam\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\PhucTam\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\PhucTam\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\PhucTam\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\PhucTam\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\PhucTam\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\PhucTam\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
(Adobe Systems, Inc.) C:\Users\PhucTam\Desktop\flashplayer_14_sa.exe
(Beepa P/L) C:\Fraps\fraps.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2015-01-11] (AVAST Software)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2303256 2014-05-19] (Logitech, Inc.)
HKLM\...\Run: [BlueStacks Agent] => C:\Program Files\BlueStacks\HD-Agent.exe [843480 2014-10-07] (BlueStack Systems, Inc.)
HKLM\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [3838800 2014-12-13] (LogMeIn Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-3598937497-1326978013-658881309-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-3598937497-1326978013-658881309-1000\...\Run: [Akamai NetSession Interface] => C:\Users\PhucTam\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3598937497-1326978013-658881309-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-3598937497-1326978013-658881309-1000\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [632328 2014-10-14] (Sandboxie Holdings, LLC)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2014-04-13] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3598937497-1326978013-658881309-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3598937497-1326978013-658881309-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3598937497-1326978013-658881309-1000 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-3598937497-1326978013-658881309-1000 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files\Battlelog Web Plugins\2.6.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll No File
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-3598937497-1326978013-658881309-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\PhucTam\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF HKLM\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-10-26]
FF HKU\S-1-5-21-3598937497-1326978013-658881309-1000\...\Firefox\Extensions: [{AFBBC1E8-F8FC-FEAA-B717-75C0969774E6}] - C:\Program Files\di7BlockAndSurf\175.xpi

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\PhucTam\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\PhucTam\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-21]
CHR Extension: (YouTube) - C:\Users\PhucTam\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-21]
CHR Extension: (Google-Suche) - C:\Users\PhucTam\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-21]
CHR Extension: (Google Wallet) - C:\Users\PhucTam\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-10]
CHR Extension: (Google Mail) - C:\Users\PhucTam\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-21]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-10]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-29] (AVAST Software)
S2 BstHdAndroidSvc; C:\Program Files\BlueStacks\HD-Service.exe [409304 2014-10-07] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files\BlueStacks\HD-LogRotatorService.exe [388824 2014-10-07] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files\BlueStacks\HD-UpdaterService.exe [782040 2014-10-07] (BlueStack Systems, Inc.)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [915600 2014-12-13] (NVIDIA Corporation)
R2 Hamachi2Svc; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [1895760 2014-12-13] (LogMeIn Inc.)
R2 HiPatchService; C:\Program Files\Hi-Rez Studios\HiPatchService.exe [9216 2015-01-06] (Hi-Rez Studios) [File not signed]
R2 LMIGuardianSvc; C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe [411920 2014-12-02] (LogMeIn, Inc.)
S3 npggsvc; C:\Windows\system32\GameMon.des [3299328 2014-11-26] (INCA Internet Co., Ltd.)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18186896 2014-12-13] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files\Origin\OriginClientService.exe [1903472 2014-12-22] (Electronic Arts)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-12-23] ()
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [134664 2014-10-14] (Sandboxie Holdings, LLC)
S3 TunngleService; C:\Program Files\Tunngle\TnglCtrl.exe [758224 2013-11-06] (Tunngle.net GmbH)
R2 Verifies and fixes application compatibility issues; C:\Users\PhucTam\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe [87208 2015-01-08] ()
S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
S2 gupdate; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [X]
S2 ValueApps; C:\Users\PhucTam\AppData\Local\ValueApps\ValueApps.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-04-29] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-04-29] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-04-29] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-04-29] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [777488 2015-01-11] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [411680 2015-01-11] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [68312 2015-01-11] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180632 2014-04-29] ()
R2 BstHdDrv; C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys [112344 2014-10-07] (BlueStack Systems)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [243128 2014-05-02] (Disc Soft Ltd)
R3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [264704 2006-04-06] (AVM GmbH)
R3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R3 LEqdUsb; C:\Windows\System32\Drivers\LEqdUsb.Sys [42264 2014-03-19] (Logitech, Inc.)
R3 LHidEqd; C:\Windows\System32\Drivers\LHidEqd.Sys [10136 2014-03-19] (Logitech, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [18576 2014-12-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [32912 2014-11-22] (NVIDIA Corporation)
R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [22120 2014-06-13] (Saitek)
R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [45544 2014-06-13] (Saitek)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [161288 2014-10-14] (Sandboxie Holdings, LLC)
S3 scramby; C:\Windows\System32\drivers\scramby.sys [25896 2007-02-13] (RapidSolution Software AG)
S3 scramby_out; C:\Windows\System32\drivers\scramby_out.sys [23840 2007-08-08] (RapidSolution Software AG)
R3 SCREAMINGBDRIVER; C:\Windows\System32\drivers\ScreamingBAudio.sys [34896 2014-02-07] (Screaming Bee LLC)
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [27136 2009-09-16] (Tunngle.net)
S3 _hid_0738_1710; C:\Windows\System32\DRIVERS\_hid_0738_1710.sys [144576 2014-06-13] (Saitek)
S3 _usb_0738_1710; C:\Windows\System32\DRIVERS\_usb_0738_1710.sys [40640 2014-06-13] (Saitek)
S3 catchme; \??\C:\Users\PhucTam\AppData\Local\Temp\catchme.sys [X]
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 XDva409; \??\C:\Windows\system32\XDva409.sys [X]
S3 XDva410; \??\C:\Windows\system32\XDva410.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-11 19:20 - 2015-01-11 19:20 - 00000693 _____ () C:\Users\PhucTam\Desktop\JRT.txt
2015-01-11 19:16 - 2015-01-11 19:16 - 00000000 ____D () C:\Windows\ERUNT
2015-01-11 19:14 - 2015-01-11 19:15 - 01707939 _____ (Thisisu) C:\Users\PhucTam\Downloads\JRT.exe
2015-01-11 19:06 - 2015-01-11 19:06 - 00003280 _____ () C:\Users\PhucTam\Desktop\mbam.txt
2015-01-11 18:42 - 2015-01-11 19:05 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-11 18:42 - 2015-01-11 18:42 - 00001060 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-11 18:42 - 2015-01-11 18:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-11 18:42 - 2015-01-11 18:42 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-11 18:42 - 2015-01-11 18:42 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-01-11 18:42 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-11 18:42 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-11 18:42 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-11 18:38 - 2015-01-11 18:40 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\PhucTam\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-11 00:39 - 2015-01-11 08:54 - 00000000 ____D () C:\Users\PhucTam\Desktop\bugfile
2015-01-11 00:22 - 2015-01-11 00:23 - 02052608 _____ (Entwell) C:\Users\PhucTam\Desktop\NostaleX.dat
2015-01-11 00:22 - 2015-01-11 00:23 - 01993728 _____ (Entwell) C:\Users\PhucTam\Desktop\Nostale.dat
2015-01-11 00:22 - 2015-01-11 00:23 - 00000010 _____ () C:\Users\PhucTam\Desktop\Update.dat
2015-01-11 00:22 - 2015-01-11 00:23 - 00000000 ____D () C:\Users\PhucTam\Desktop\NostaleData
2015-01-11 00:22 - 2015-01-11 00:22 - 01256960 _____ (ETW) C:\Users\PhucTam\Desktop\Nostale.exe.bak
2015-01-11 00:17 - 2011-06-06 18:35 - 01248768 _____ (ETW) C:\Users\PhucTam\Desktop\Nostale.exe
2015-01-11 00:08 - 2015-01-11 00:08 - 00001025 _____ () C:\Users\Public\Desktop\Gameforge Live.lnk
2015-01-11 00:08 - 2015-01-11 00:08 - 00000000 ____D () C:\Users\PhucTam\AppData\Local\Gameforge4d
2015-01-11 00:00 - 2015-01-11 00:06 - 20227296 _____ (Gameforge ) C:\Users\PhucTam\Downloads\NosTale_GameforgeLiveSetup (2).exe
2015-01-10 17:16 - 2015-01-10 17:16 - 00041280 _____ () C:\ComboFix.txt
2015-01-10 16:58 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-01-10 16:58 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-01-10 16:58 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-01-10 16:58 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-01-10 16:58 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-01-10 16:58 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-01-10 16:58 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-01-10 16:58 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-01-10 16:56 - 2015-01-10 17:16 - 00000000 ____D () C:\Qoobox
2015-01-10 16:55 - 2015-01-10 17:15 - 00000000 ____D () C:\Windows\erdnt
2015-01-10 16:54 - 2015-01-10 16:55 - 05609736 ____R (Swearware) C:\Users\PhucTam\Desktop\ComboFix.exe
2015-01-10 16:29 - 2015-01-10 16:30 - 00031238 _____ () C:\Users\PhucTam\Desktop\Addition.txt
2015-01-10 16:27 - 2015-01-11 19:22 - 00018518 _____ () C:\Users\PhucTam\Desktop\FRST.txt
2015-01-10 16:27 - 2015-01-11 19:21 - 00000000 ____D () C:\FRST
2015-01-10 16:27 - 2015-01-10 16:27 - 01115648 _____ (Farbar) C:\Users\PhucTam\Desktop\FRST.exe
2015-01-10 16:13 - 2015-01-10 16:14 - 02191360 _____ () C:\Users\PhucTam\Desktop\AdwCleaner_4.107.exe
2015-01-10 12:14 - 2015-01-11 19:02 - 00004450 _____ () C:\Windows\PFRO.log
2015-01-09 23:16 - 2015-01-09 23:16 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2015-01-09 23:16 - 2015-01-09 23:16 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Adobe
2015-01-09 23:16 - 2015-01-09 23:16 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2015-01-09 23:16 - 2015-01-09 23:16 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Adobe
2015-01-09 23:14 - 2015-01-10 11:57 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Compatibility Verifier
2015-01-09 23:14 - 2015-01-10 11:57 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Compatibility Verifier
2015-01-09 21:30 - 2015-01-11 19:07 - 00000000 ____D () C:\Users\PhucTam\AppData\Roaming\Compatibility Verifier
2015-01-09 06:51 - 2015-01-09 06:52 - 07563297 _____ () C:\Users\PhucTam\Downloads\DRB 32tel Finale __ Smoothie vs. MC Leon.mp4
2015-01-07 01:48 - 2015-01-07 01:48 - 00000003 _____ () C:\Windows\system32\HRUPPROG.TXT
2015-01-07 01:48 - 2015-01-07 01:48 - 00000003 _____ () C:\Windows\system32\HRUPPROG.EXIT
2015-01-05 16:53 - 2015-01-05 16:53 - 21574131 _____ () C:\Users\PhucTam\Downloads\Das Horn Music Video Featuring Hans Gretel.mp4
2015-01-05 15:59 - 2015-01-10 17:27 - 00002506 _____ () C:\Windows\Sandboxie.ini
2015-01-05 15:59 - 2015-01-10 03:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
2015-01-05 15:59 - 2015-01-05 15:59 - 00001067 _____ () C:\Users\PhucTam\Desktop\Sandboxed Web Browser.lnk
2015-01-05 15:58 - 2015-01-05 15:59 - 02734600 _____ (Sandboxie Holdings, LLC) C:\Users\PhucTam\Downloads\SandboxieInstall.exe
2015-01-03 18:33 - 2015-01-03 19:44 - 00007710 _____ () C:\Users\PhucTam\Desktop\protokoll nostale account.txt
2015-01-02 03:02 - 2015-01-02 03:07 - 64842875 _____ () C:\Users\PhucTam\Desktop\MCMBB vs Mairo Runde.mp4
2014-12-30 00:53 - 2015-01-02 03:54 - 00002371 _____ () C:\Users\PhucTam\Desktop\VS MAIRO.txt
2014-12-29 19:41 - 2014-12-29 19:41 - 00001888 _____ () C:\Users\PhucTam\Desktop\NosTale.lnk
2014-12-29 19:41 - 2014-12-29 19:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nostale(DE)
2014-12-29 17:57 - 2014-12-29 17:58 - 20227296 _____ (Gameforge ) C:\Users\PhucTam\Downloads\NosTale_GameforgeLiveSetup (1).exe
2014-12-29 14:05 - 2014-12-29 17:01 - 00000509 _____ () C:\Users\PhucTam\Desktop\VS DEVASTATIONMUSIC.txt
2014-12-29 13:45 - 2014-12-29 13:45 - 20227296 _____ (Gameforge ) C:\Users\PhucTam\Downloads\NosTale_GameforgeLiveSetup.exe
2014-12-29 03:12 - 2014-12-29 03:12 - 00001896 _____ () C:\Users\Public\Desktop\AION Free-to-Play.lnk
2014-12-29 03:12 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2014-12-28 23:58 - 2014-12-28 23:59 - 36719898 _____ () C:\Users\PhucTam\Downloads\Das Beer Boot Music Video Featuring Hans Gretel.mp4
2014-12-28 21:57 - 2014-12-28 21:57 - 00000000 ____D () C:\Users\PhucTam\AppData\Local\SKIDROW
2014-12-28 21:55 - 2014-12-28 21:57 - 00000000 ____D () C:\Users\PhucTam\Desktop\TBOI
2014-12-28 20:09 - 2014-12-28 20:09 - 00000000 ____D () C:\Users\PhucTam\AppData\Roaming\Awesomium
2014-12-28 19:53 - 2015-01-10 03:23 - 00000000 ____D () C:\Program Files\Hi-Rez Studios
2014-12-28 19:53 - 2014-12-28 19:53 - 00001979 _____ () C:\Users\Public\Desktop\Hi-Rez Diagnostics and Support.lnk
2014-12-28 19:53 - 2014-12-28 19:53 - 00001970 _____ () C:\Users\Public\Desktop\Smite.lnk
2014-12-28 19:53 - 2014-12-28 19:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios
2014-12-28 19:53 - 2014-12-28 19:53 - 00000000 ____D () C:\ProgramData\Hi-Rez Studios
2014-12-28 19:50 - 2014-12-28 19:52 - 46655528 _____ (Hi-Rez Studios) C:\Users\PhucTam\Downloads\InstallSmite.exe
2014-12-26 22:31 - 2014-12-26 22:33 - 41035014 _____ () C:\Users\PhucTam\Desktop\famenpe.mp4
2014-12-26 18:14 - 2014-12-26 18:31 - 419038520 _____ () C:\Users\PhucTam\Downloads\JBB 2014 [KING FINALE 1_2] SpongeBOZZ vs. Gio (prod. by Digital Drama).mp4
2014-12-26 17:41 - 2014-12-26 18:05 - 227382692 _____ () C:\Users\PhucTam\Desktop\MC STEIN MEDLEY.mp4
2014-12-26 17:30 - 2014-12-26 17:31 - 34213196 _____ () C:\Users\PhucTam\Desktop\DARB 2014 [Halbfinale] Mc lp vs Kulster.mp4
2014-12-26 17:30 - 2014-12-26 17:30 - 03283634 _____ () C:\Users\PhucTam\Desktop\DARB 2014 [Qualifikation 8] MC LP Fan der Boss.mp4
2014-12-26 17:29 - 2014-12-26 17:29 - 03912066 _____ () C:\Users\PhucTam\Desktop\#26 Qualifikation von Smooth.mp4
2014-12-26 17:29 - 2014-12-26 17:29 - 01160576 _____ () C:\Users\PhucTam\Desktop\BLACK AND WHITE -  - QUALIFIKATION #37 - BARSBATTLECONTEST.mp4
2014-12-26 03:01 - 2014-12-26 03:01 - 00000000 ____D () C:\Program Files\Microsoft ASP.NET
2014-12-25 16:13 - 2014-12-25 16:13 - 00003085 _____ () C:\Users\PhucTam\Downloads\realm-of-the-mad-god-cursor-.zip
2014-12-25 13:27 - 2015-01-11 19:02 - 00008223 _____ () C:\Windows\setupact.log
2014-12-25 13:27 - 2014-12-25 13:27 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-25 00:23 - 2014-12-25 00:23 - 00001217 _____ () C:\Users\PhucTam\Desktop\Battle.net.lnk
2014-12-24 22:37 - 2014-11-22 11:46 - 00032912 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad32v.sys
2014-12-24 13:25 - 2014-12-24 13:25 - 00000000 ____D () C:\Users\PhucTam\AppData\Roaming\Apple Computer
2014-12-24 07:31 - 2014-12-24 07:31 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-12-24 07:31 - 2014-12-24 07:31 - 00000000 ____D () C:\Users\PhucTam\AppData\Local\Apple
2014-12-24 07:31 - 2014-12-24 07:31 - 00000000 ____D () C:\ProgramData\Apple
2014-12-24 07:31 - 2014-12-24 07:31 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-12-24 07:31 - 2014-12-24 07:31 - 00000000 ____D () C:\Program Files\Apple Software Update
2014-12-23 20:38 - 2014-12-23 20:38 - 380932972 _____ () C:\Users\PhucTam\Desktop\DOD Content Addon (Oct 2014).zip
2014-12-23 20:28 - 2014-12-23 20:28 - 132745923 _____ () C:\Users\PhucTam\Desktop\DOD Maps Addon (Oct 2014).zip
2014-12-23 20:27 - 2014-12-23 20:27 - 120899692 _____ () C:\Users\PhucTam\Desktop\CSS Maps Addon (Oct 2014).zip
2014-12-23 19:51 - 2014-12-23 19:52 - 721122808 _____ () C:\Users\PhucTam\Desktop\CSS Content Addon (Oct 2014).zip
2014-12-23 16:14 - 2014-12-23 16:14 - 00000000 __RHD () C:\Users\PhucTam\AppData\Roaming\SecuROM
2014-12-23 16:14 - 2014-12-23 16:14 - 00000000 ____D () C:\Users\Public\Documents\EA Games
2014-12-23 16:14 - 2014-12-23 16:14 - 00000000 ____D () C:\Users\PhucTam\Documents\EA Games
2014-12-23 15:58 - 2014-12-23 16:03 - 00348928 _____ () C:\Windows\system32\PnkBstrB.xtr
2014-12-23 15:58 - 2014-12-23 15:58 - 00000000 ____D () C:\Users\PhucTam\Documents\Battlefield 3
2014-12-23 15:58 - 2014-12-23 15:58 - 00000000 ____D () C:\Users\PhucTam\AppData\Local\PunkBuster
2014-12-23 15:58 - 2014-12-23 15:58 - 00000000 ____D () C:\Users\PhucTam\AppData\Local\ESN
2014-12-23 15:57 - 2014-12-23 15:57 - 00000000 ____D () C:\Program Files\Battlelog Web Plugins
2014-12-23 15:56 - 2014-12-23 15:56 - 00000000 ____D () C:\ProgramData\EA Core
2014-12-23 12:35 - 2014-12-23 12:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SimCity 2000 Special Edition
2014-12-23 12:33 - 2014-12-23 12:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Sims 2 Ultimate Collection
2014-12-23 10:22 - 2014-12-23 10:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3
2014-12-23 10:21 - 2014-12-23 16:03 - 00348928 _____ () C:\Windows\system32\PnkBstrB.exe
2014-12-23 10:21 - 2014-12-23 16:03 - 00139944 _____ () C:\Windows\system32\Drivers\PnkBstrK.sys
2014-12-23 10:21 - 2014-12-23 16:03 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe
2014-12-23 10:21 - 2014-12-23 15:58 - 00280904 _____ () C:\Windows\system32\PnkBstrB.ex0
2014-12-23 10:21 - 2014-12-23 10:21 - 00138056 _____ () C:\Users\PhucTam\AppData\Roaming\PnkBstrK.sys
2014-12-23 10:21 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2014-12-23 10:21 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2014-12-23 10:21 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2014-12-23 10:21 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2014-12-23 10:21 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2014-12-23 10:21 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2014-12-23 10:21 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2014-12-23 10:21 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2014-12-23 10:21 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2014-12-23 10:21 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2014-12-23 10:21 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2014-12-23 10:21 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2014-12-23 10:21 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2014-12-23 10:21 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2014-12-23 10:21 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2014-12-23 10:21 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2014-12-23 10:21 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2014-12-23 10:21 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2014-12-23 10:21 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2014-12-23 10:21 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2014-12-23 10:21 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2014-12-23 10:21 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2014-12-23 10:21 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2014-12-23 10:21 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2014-12-23 10:21 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2014-12-23 10:21 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2014-12-23 10:21 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2014-12-23 10:21 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2014-12-23 10:21 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2014-12-23 10:21 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2014-12-23 10:21 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2014-12-23 10:21 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2014-12-23 10:21 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2014-12-23 10:21 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2014-12-23 10:21 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2014-12-23 10:21 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2014-12-23 10:21 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2014-12-23 10:21 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2014-12-23 10:21 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2014-12-23 10:21 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2014-12-23 10:21 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2014-12-23 10:21 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2014-12-23 10:21 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2014-12-23 10:21 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2014-12-23 10:21 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2014-12-23 10:21 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2014-12-23 10:21 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2014-12-23 10:21 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2014-12-23 10:21 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2014-12-23 10:21 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2014-12-23 10:21 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2014-12-23 10:21 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2014-12-23 10:21 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2014-12-23 10:21 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2014-12-23 10:21 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2014-12-23 10:21 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2014-12-23 10:21 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2014-12-23 10:21 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2014-12-23 10:21 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2014-12-23 10:21 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2014-12-23 10:21 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2014-12-23 10:21 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2014-12-23 10:21 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2014-12-23 10:21 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2014-12-23 10:21 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2014-12-23 10:21 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2014-12-23 10:21 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2014-12-23 10:21 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2014-12-23 10:21 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2014-12-23 10:21 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2014-12-23 10:21 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2014-12-23 10:21 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2014-12-23 10:21 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2014-12-23 10:21 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2014-12-23 10:21 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2014-12-23 10:21 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2014-12-23 10:21 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2014-12-23 10:21 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2014-12-23 10:20 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2014-12-23 10:20 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2014-12-23 10:20 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2014-12-23 10:20 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2014-12-21 11:57 - 2014-12-21 11:57 - 00000000 ____D () C:\Users\PhucTam\Downloads\Smart Riot - Huma-Huma_data
2014-12-20 20:06 - 2009-07-13 14:39 - 49625595 _____ () C:\Users\PhucTam\Desktop\BP(D).ups
2014-12-20 20:05 - 2014-12-20 20:07 - 134217728 _____ () C:\Users\PhucTam\Desktop\3783 - Pokemon - Platin Edition (DE).nds
2014-12-18 06:04 - 2014-11-26 15:10 - 03299328 _____ (INCA Internet Co., Ltd.) C:\Windows\system32\GameMon.des
2014-12-18 06:03 - 2014-12-18 06:03 - 00000000 ____D () C:\Program Files\Common Files\INCA Shared
2014-12-18 06:03 - 2004-12-30 13:43 - 00004682 _____ (INCA Internet Co., Ltd.) C:\Windows\system32\npptNT2.sys
2014-12-18 06:03 - 2003-07-15 22:17 - 00005174 _____ () C:\Windows\system32\nppt9x.vxd
2014-12-18 05:37 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-15 14:26 - 2014-12-15 14:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-12-15 14:26 - 2014-12-15 14:26 - 00000000 ____D () C:\Program Files\LogMeIn Hamachi
2014-12-14 01:55 - 2014-12-14 01:56 - 20077203 _____ () C:\Users\PhucTam\Desktop\DARB 2014 [4tel 4_4] MC LP Fan der Boss vs BNB.mp4

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-11 19:14 - 2014-04-09 19:44 - 00000000 ____D () C:\Users\PhucTam\AppData\Roaming\Skype
2015-01-11 19:10 - 2009-07-14 05:34 - 00020672 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-11 19:10 - 2009-07-14 05:34 - 00020672 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-11 19:06 - 2014-04-09 18:17 - 01558712 _____ () C:\Windows\WindowsUpdate.log
2015-01-11 19:03 - 2014-04-27 16:24 - 00000000 ____D () C:\Users\PhucTam\AppData\Local\LogMeIn Hamachi
2015-01-11 19:02 - 2014-04-09 21:37 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-11 19:02 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-11 18:31 - 2014-04-28 13:58 - 00000000 ____D () C:\AdwCleaner
2015-01-11 18:18 - 2014-05-12 19:44 - 00000000 ____D () C:\Users\PhucTam\AppData\Roaming\TS3Client
2015-01-11 17:26 - 2014-12-01 23:45 - 00000000 ____D () C:\Users\PhucTam\Downloads\Gameforge Live
2015-01-11 08:53 - 2014-04-29 13:32 - 00777488 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2015-01-11 08:53 - 2014-04-29 13:32 - 00411680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2015-01-11 08:53 - 2014-04-29 13:32 - 00068312 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2015-01-11 00:08 - 2014-12-01 23:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge Live
2015-01-11 00:08 - 2014-07-15 07:31 - 00000000 ____D () C:\Program Files\GameforgeLive
2015-01-10 17:24 - 2014-04-09 22:54 - 00000000 ____D () C:\Users\PhucTam\AppData\Local\Battle.net
2015-01-10 17:16 - 2009-07-14 03:37 - 00000000 __RHD () C:\Users\Default
2015-01-10 17:16 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public
2015-01-10 17:12 - 2009-07-14 03:04 - 00000215 _____ () C:\Windows\system.ini
2015-01-10 16:24 - 2014-04-22 22:50 - 00001312 _____ () C:\Users\PhucTam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2015-01-10 16:20 - 2014-04-09 19:39 - 00001236 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-10 16:20 - 2014-04-09 19:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-10 16:20 - 2014-04-09 18:52 - 00001152 _____ () C:\Users\PhucTam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-10 12:11 - 2014-04-29 13:34 - 00002047 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2015-01-10 12:11 - 2014-04-29 13:32 - 00776976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.1420962827284
2015-01-10 12:11 - 2014-04-29 13:32 - 00411552 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.1420962827284
2015-01-10 03:26 - 2014-04-09 18:52 - 00000000 ____D () C:\Users\PhucTam
2015-01-10 03:23 - 2014-06-22 09:46 - 00000000 ____D () C:\Users\PhucTam\AppData\Local\Akamai
2015-01-10 03:23 - 2014-05-02 01:27 - 00000000 ____D () C:\ProgramData\ZalmanInstaller_5372
2015-01-10 03:23 - 2014-04-29 13:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2015-01-10 03:23 - 2014-04-19 16:55 - 00000000 ____D () C:\Users\PhucTam\Desktop\Cubeworld
2015-01-10 03:23 - 2014-04-09 22:54 - 00000000 ____D () C:\Users\PhucTam\AppData\Roaming\Battle.net
2015-01-10 03:23 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\wfp
2015-01-10 03:23 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\registration
2015-01-10 03:23 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\AppCompat
2015-01-10 03:03 - 2009-07-14 09:56 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-01-06 20:51 - 2014-04-10 12:26 - 00000000 ____D () C:\Program Files\Steam
2015-01-06 04:36 - 2014-04-11 11:27 - 00249488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-05 15:59 - 2014-12-04 17:01 - 00000000 ____D () C:\Program Files\Sandboxie
2015-01-02 06:12 - 2014-11-06 20:05 - 00000000 ____D () C:\Users\PhucTam\Desktop\Bilder, screens
2015-01-02 03:20 - 2014-04-22 05:24 - 00000000 ____D () C:\Users\PhucTam\AppData\Roaming\Audacity
2014-12-31 03:28 - 2014-04-09 18:24 - 01618592 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-29 00:33 - 2014-04-10 22:02 - 00000000 ____D () C:\Users\PhucTam\Documents\My Games
2014-12-28 19:53 - 2014-04-17 01:29 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-12-26 18:00 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-12-26 16:53 - 2014-04-09 20:08 - 00000000 ____D () C:\Users\PhucTam\AppData\Roaming\.minecraft
2014-12-25 00:44 - 2014-04-10 03:58 - 00000000 ____D () C:\Windows\Minidump
2014-12-25 00:38 - 2014-09-11 23:29 - 00000000 ____D () C:\Users\Public\Documents\Mad Catz
2014-12-25 00:38 - 2014-05-10 11:15 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-12-25 00:25 - 2014-07-12 16:30 - 00000000 ____D () C:\Users\PhucTam\Desktop\Musik ~98%
2014-12-23 15:56 - 2014-05-29 11:09 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-12-23 12:35 - 2009-07-14 05:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-12-23 12:33 - 2014-05-29 11:17 - 00000000 ____D () C:\Program Files\Origin Games
2014-12-23 10:21 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2014-12-22 22:34 - 2014-05-29 11:09 - 00000000 ____D () C:\ProgramData\Origin
2014-12-22 22:34 - 2014-05-29 11:09 - 00000000 ____D () C:\Program Files\Origin
2014-12-22 22:33 - 2014-04-09 19:44 - 00000000 ___RD () C:\Program Files\Skype
2014-12-22 22:33 - 2014-04-09 19:44 - 00000000 ____D () C:\ProgramData\Skype
2014-12-22 13:01 - 2014-05-29 11:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2014-12-20 14:01 - 2014-10-26 01:06 - 00016400 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2014-12-18 06:37 - 2014-06-29 09:57 - 00000000 ____D () C:\download
2014-12-17 23:25 - 2014-04-09 18:52 - 00000000 ____D () C:\Users\PhucTam\AppData\Local\VirtualStore
2014-12-13 01:12 - 2014-09-20 13:42 - 02210040 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap.dll
2014-12-13 01:12 - 2014-09-20 13:42 - 01291464 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge.dll
2014-12-12 04:07 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2014-12-12 03:17 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE

Files to move or delete:
====================
C:\Users\PhucTam\jagex_cl_runescape_LIVE.dat
C:\Users\PhucTam\random.dat


Some content of TEMP:
====================
C:\Users\PhucTam\AppData\Local\Temp\Quarantine.exe
C:\Users\PhucTam\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-04 19:43

==================== End Of Log ============================
--- --- ---

Addition:
Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 10-01-2015
Ran by PhucTam at 2015-01-11 19:23:28
Running from C:\Users\PhucTam\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
AION Free-to-Play (HKLM\...\{82E73E8D-E1E7-45A4-A311-6D31492AA913}_is1) (Version:  - Gameforge)
Akamai NetSession Interface (HKU\S-1-5-21-3598937497-1326978013-658881309-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
ANNO 2070 (HKLM\...\{B48E264C-C8CD-4617-B0BE-46E977BAD694}) (Version: 1.0.0.0 - Ubisoft)
Apple Application Support (HKLM\...\{A83279FD-CA4B-4206-9535-90974DE76654}) (Version: 2.1.5 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.5 (HKLM\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2018 - Avast Software)
Battle.net (HKLM\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield 3™ (HKLM\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM\...\Battlelog Web Plugins) (Version: 2.6.2 - EA Digital Illusions CE AB)
BlueStacks Notification Center (HKLM\...\{152E0B21-19D5-4772-9EF8-8E76074B0C0A}) (Version: 0.9.4.4078 - BlueStack Systems, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version:  - Valve)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Diablo III (HKLM\...\Diablo III) (Version:  - Blizzard Entertainment)
Fotogalerie (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Fraps (remove only) (Version:  - ) Hidden
Gameforge Live 2.0.5 (HKLM\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.5 - Gameforge)
Garry's Mod (HKLM\...\Steam App 4000) (Version:  - Facepunch Studios)
Google Chrome (HKLM\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.)
Google Update Helper (Version: 1.3.23.9 - Google Inc.) Hidden
Hearthstone (HKLM\...\Hearthstone) (Version:  - Blizzard Entertainment)
Hi-Rez Studios Authenticate and Update Service (HKLM\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version:  - )
League of Legends (HKLM\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (Version: 3.0.1 - Riot Games ) Hidden
Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
LogMeIn Hamachi (HKLM\...\LogMeIn Hamachi) (Version: 2.2.0.291 - LogMeIn, Inc.)
LogMeIn Hamachi (Version: 2.2.0.291 - LogMeIn, Inc.) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
MorphVOX Pro (HKLM\...\{4bfc0d50-0417-46a0-ab1e-475fb1a90916}) (Version: 4.4.17.22603 - Screaming Bee)
MorphVOX Pro (Version: 4.4.17.22603 - Screaming Bee) Hidden
Movie Maker (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Nostale(DE) (HKLM\...\NosTale(DE)_is1) (Version:  - Gameforge 4D GmbH)
Notepad++ (HKLM\...\Notepad++) (Version: 6.5.5 - Notepad++ Team)
NVIDIA 3D Vision Controller-Treiber 332.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 332.17 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 332.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 332.17 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.5 - NVIDIA Corporation)
NVIDIA Grafiktreiber 332.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 332.17 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.29.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.29.0 - NVIDIA Corporation)
NVIDIA PhysX (HKLM\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
Origin (HKLM\...\Origin) (Version: 9.4.7.2799 - Electronic Arts, Inc.)
PunkBuster Services (HKLM\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
Realm of the Mad God (HKLM\...\Steam App 200210) (Version:  - Wild Shadow Studios)
Rogue Legacy (HKLM\...\Steam App 241600) (Version:  - Cellar Door Games)
Scribblenauts Unlimited (HKLM\...\Steam App 218680) (Version:  - 5th Cell Media)
Serious Sam: The Random Encounter (HKLM\...\Steam App 201480) (Version:  - Vlambeer)
SHIELD Streaming (Version: 3.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.18.9 - NVIDIA Corporation) Hidden
Shopping Helper Smartbar (HKLM\...\{7DD65DA0-AD4F-4974-AAC6-5834DD7F6841}) (Version: 11.43.63.16271 - ReSoft Ltd.) <==== ATTENTION
Shopping Helper Smartbar Engine (HKU\S-1-5-21-3598937497-1326978013-658881309-1000\...\{f18039c1-5302-454f-adb0-fa2f0f2086fd}) (Version: 11.43.63.16271 - ReSoft Ltd.) <==== ATTENTION
SimCity 2000 Special Edition (HKLM\...\{59D2C751-F7BE-4E9F-9C8C-1F16013802C7}) (Version: 2.0.0.1 - Electronic Arts)
Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Smite (HKLM\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}) (Version: 1.0.2477.0 - Hi-Rez Studios)
Sonic Generations (HKLM\...\Steam App 71340) (Version:  - Devil's Details)
Sony Vegas Pro Pre-Cracked By Exµs 11.0 (HKLM\...\Sony Vegas Pro Pre-Cracked By Exµs) (Version: 11.0 - TheMrExus)
Steam (HKLM\...\Steam) (Version:  - Valve Corporation)
System Requirements Lab CYRI (HKLM\...\{F3FCB08B-E752-444D-86A0-0634A4F3B23D}) (Version: 6.0.8.0 - Husdawg, LLC)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
Terraria (HKLM\...\Steam App 105600) (Version:  - Re-Logic)
The Binding of Isaac (HKLM\...\Steam App 113200) (Version:  - Edmund McMillen and Florian Himsl)
The Sims 2: Ultimate Collection (HKLM\...\{04450C18-F039-4B81-A621-70C3B0F523D5}) (Version: 1.0.0.0 - Electronic Arts)
Toribash (HKLM\...\Steam App 248570) (Version:  - Nabi Studios)
Tunngle beta (HKLM\...\Tunngle beta_is1) (Version:  - Tunngle.net GmbH)
Unity Web Player (HKU\S-1-5-21-3598937497-1326978013-658881309-1000\...\UnityWebPlayer) (Version: 4.5.1f3 - Unity Technologies ApS)
Uplay (HKLM\...\Uplay) (Version: 4.3 - Ubisoft)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
WinRAR 5.10 beta 2 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.2 - win.rar GmbH)
XSplit Broadcaster (HKLM\...\{19F00CA3-338D-497C-BA31-0507101F2BBB}) (Version: 1.3.1403.1202 - SplitmediaLabs)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3598937497-1326978013-658881309-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\PhucTam\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)

==================== Restore Points  =========================

03-01-2015 00:20:26 Windows Update
06-01-2015 10:33:02 Windows Update
09-01-2015 12:51:47 Windows Update
09-01-2015 21:31:01 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
09-01-2015 23:15:13 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
09-01-2015 23:36:05 avast! antivirus system restore point
10-01-2015 02:50:53 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
10-01-2015 03:05:40 avast! antivirus system restore point
10-01-2015 03:06:29 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
10-01-2015 03:07:48 Wiederherstellungsvorgang
10-01-2015 03:15:18 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
10-01-2015 03:18:14 Windows Update
10-01-2015 03:19:21 Wiederherstellungsvorgang
10-01-2015 03:24:30 avast! antivirus system restore point
10-01-2015 03:25:10 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
10-01-2015 11:39:41 avast! antivirus system restore point
10-01-2015 11:57:37 avast! antivirus system restore point
10-01-2015 12:10:30 avast! antivirus system restore point
10-01-2015 15:25:02 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
10-01-2015 17:31:54 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2015-01-10 17:12 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {119D7A20-226E-4037-8ECC-B97D1AF95B36} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-04-29] (AVAST Software)
Task: {BFA338DE-6156-494B-BC12-3A2580E5D8DA} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-04-17] (Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Loaded Modules (whitelisted) =============

2014-04-09 21:36 - 2013-12-17 22:30 - 00107296 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2015-01-11 18:34 - 2015-01-11 18:34 - 02909696 _____ () C:\Program Files\AVAST Software\Avast\defs\15011101\algo.dll
2014-12-23 10:21 - 2014-12-23 16:03 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe
2015-01-10 03:25 - 2015-01-08 20:58 - 00087208 _____ () C:\Users\PhucTam\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe
2015-01-09 23:39 - 2014-04-29 13:32 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-01-03 12:03 - 2014-01-03 12:03 - 07816192 _____ () C:\Program Files\SplitmediaLabs\XSplit\avcodec-54.dll
2014-01-03 12:03 - 2014-01-03 12:03 - 00188416 _____ () C:\Program Files\SplitmediaLabs\XSplit\avutil-52.dll
2014-01-03 12:03 - 2014-01-03 12:03 - 01425920 _____ () C:\Program Files\SplitmediaLabs\XSplit\avformat-54.dll
2014-01-03 12:03 - 2014-01-03 12:03 - 00336896 _____ () C:\Program Files\SplitmediaLabs\XSplit\swscale-2.dll
2014-01-03 12:03 - 2014-01-03 12:03 - 00096256 _____ () C:\Program Files\SplitmediaLabs\XSplit\swresample-0.dll
2015-01-10 03:25 - 2015-01-08 21:51 - 51252392 _____ () C:\Users\PhucTam\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
2015-01-10 03:25 - 2015-01-07 22:22 - 01360552 _____ () C:\Users\PhucTam\AppData\Roaming\Compatibility Verifier\libglesv2.dll
2015-01-10 03:25 - 2015-01-07 22:22 - 00214184 _____ () C:\Users\PhucTam\AppData\Roaming\Compatibility Verifier\libegl.dll
2015-01-10 03:25 - 2015-01-07 22:22 - 00985768 _____ () C:\Users\PhucTam\AppData\Roaming\Compatibility Verifier\ffmpegsumo.dll
2015-01-10 03:25 - 2015-01-07 22:22 - 16827048 _____ () C:\Users\PhucTam\AppData\Roaming\Compatibility Verifier\NPSWF32_15_0_0_189.dll
2014-04-09 19:39 - 2014-04-02 02:57 - 00065352 _____ () C:\Program Files\Google\Chrome\Application\34.0.1847.116\chrome_elf.dll
2014-04-09 19:39 - 2014-04-02 02:57 - 00674632 _____ () C:\Program Files\Google\Chrome\Application\34.0.1847.116\libglesv2.dll
2014-04-09 19:39 - 2014-04-02 02:57 - 00093000 _____ () C:\Program Files\Google\Chrome\Application\34.0.1847.116\libegl.dll
2014-04-09 19:39 - 2014-04-02 02:57 - 04081480 _____ () C:\Program Files\Google\Chrome\Application\34.0.1847.116\pdf.dll
2014-04-09 19:39 - 2014-04-02 02:58 - 00390472 _____ () C:\Program Files\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll
2014-04-09 19:39 - 2014-04-02 02:57 - 01647432 _____ () C:\Program Files\Google\Chrome\Application\34.0.1847.116\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-3598937497-1326978013-658881309-500 - Administrator - Disabled)
Gast (S-1-5-21-3598937497-1326978013-658881309-501 - Limited - Disabled)
PhucTam (S-1-5-21-3598937497-1326978013-658881309-1000 - Administrator - Enabled) => C:\Users\PhucTam

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Ethernet-Controller
Description: Ethernet-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: USB (Universal Serial Bus)-Controller
Description: USB (Universal Serial Bus)-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: AMD FX(tm)-6300 Six-Core Processor
Percentage of memory in use: 69%
Total physical RAM: 3069.54 MB
Available physical RAM: 942.24 MB
Total Pagefile: 9211.82 MB
Available Pagefile: 6342.27 MB
Total Virtual: 2047.88 MB
Available Virtual: 1914.32 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:713.17 GB) NTFS
Drive e: (DarkSiders.II) (CDROM) (Total:5.36 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 6628B7BD)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

==================== End Of Log ============================

M-K-D-B 12.01.2015 17:14
Servus,



die Datenbank von AdwCleaner ist veraltet.
Bitte vergewissere dich, dass du Internetzugang hast und führe AdwCleaner nochmal aus. Das Programm updated seine Datenbank automatisch.
Führe dann wieder einen Suchlauf aus und lass alle Funde löschen und poste die Logdatei nach dem Neustart oder lade das Programm neu herunter:

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).





Anschließend bitte nochmal FRST wie beschrieben ausführen.

Likay 12.01.2015 19:09
AdwCleaner:
Code:
# AdwCleaner v4.107 - Bericht erstellt am 12/01/2015 um 19:03:17
# Aktualisiert 07/01/2015 von Xplode
# Database : 2015-01-11.2 [Live]
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (32 bits)
# Benutzername : PhucTam - PHUCTAM-PC
# Gestartet von : C:\Users\PhucTam\Desktop\AdwCleaner_4.107.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

[!] Ordner Gelöscht : C:\Users\PhucTam\AppData\Roaming\Compatibility Verifier
Ordner Gelöscht : C:\Users\PhucTam\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
Ordner Gelöscht : C:\Users\PhucTam\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZipper
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZipper
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinZipper

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Google Chrome v34.0.1847.116

[C:\Users\PhucTam\AppData\Local\Google\Chrome\User Data\Default\preferences] - Gelöscht [Extension] : apdfllckaahabafndbhieahigkjlhalf
[C:\Users\PhucTam\AppData\Local\Google\Chrome\User Data\Default\preferences] - Gelöscht [Extension] : pjkljhegncpnkpknbcohdijeoejaedia

-\\ Comodo Dragon v


*************************

AdwCleaner[R0].txt - [21920 octets] - [28/04/2014 13:58:05]
AdwCleaner[R1].txt - [19404 octets] - [10/01/2015 16:15:03]
AdwCleaner[R2].txt - [2842 octets] - [11/01/2015 18:29:41]
AdwCleaner[R3].txt - [2038 octets] - [12/01/2015 19:00:45]
AdwCleaner[S0].txt - [19211 octets] - [28/04/2014 13:58:31]
AdwCleaner[S1].txt - [18776 octets] - [10/01/2015 16:19:31]
AdwCleaner[S2].txt - [4696 octets] - [11/01/2015 18:31:35]
AdwCleaner[S3].txt - [1963 octets] - [12/01/2015 19:03:17]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [2023 octets] ##########
FRST:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-01-2015
Ran by PhucTam (administrator) on PHUCTAM-PC on 12-01-2015 19:05:32
Running from C:\Users\PhucTam\Desktop
Loaded Profile: PhucTam (Available profiles: PhucTam)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-UpdaterService.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Hi-Rez Studios) C:\Program Files\Hi-Rez Studios\HiPatchService.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\System32\PnkBstrA.exe
(Skype Technologies) C:\Program Files\Skype\Updater\Updater.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(LogMeIn Inc.) C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
(LogMeIn Inc.) C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-Agent.exe
(Akamai Technologies, Inc.) C:\Users\PhucTam\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\PhucTam\AppData\Local\Akamai\netsession_win.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2015-01-11] (AVAST Software)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2303256 2014-05-19] (Logitech, Inc.)
HKLM\...\Run: [BlueStacks Agent] => C:\Program Files\BlueStacks\HD-Agent.exe [843480 2014-10-07] (BlueStack Systems, Inc.)
HKLM\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [3838800 2014-12-13] (LogMeIn Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-3598937497-1326978013-658881309-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-3598937497-1326978013-658881309-1000\...\Run: [Akamai NetSession Interface] => C:\Users\PhucTam\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3598937497-1326978013-658881309-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-3598937497-1326978013-658881309-1000\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [632328 2014-10-14] (Sandboxie Holdings, LLC)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2014-04-13] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3598937497-1326978013-658881309-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3598937497-1326978013-658881309-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3598937497-1326978013-658881309-1000 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-3598937497-1326978013-658881309-1000 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files\Battlelog Web Plugins\2.6.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll No File
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-3598937497-1326978013-658881309-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\PhucTam\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF HKLM\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-10-26]
FF HKU\S-1-5-21-3598937497-1326978013-658881309-1000\...\Firefox\Extensions: [{AFBBC1E8-F8FC-FEAA-B717-75C0969774E6}] - C:\Program Files\di7BlockAndSurf\175.xpi

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\PhucTam\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\PhucTam\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-21]
CHR Extension: (Google-Suche) - C:\Users\PhucTam\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-21]
CHR Extension: (Google Wallet) - C:\Users\PhucTam\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-10]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-10]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-29] (AVAST Software)
S2 BstHdAndroidSvc; C:\Program Files\BlueStacks\HD-Service.exe [409304 2014-10-07] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files\BlueStacks\HD-LogRotatorService.exe [388824 2014-10-07] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files\BlueStacks\HD-UpdaterService.exe [782040 2014-10-07] (BlueStack Systems, Inc.)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [915600 2014-12-13] (NVIDIA Corporation)
R2 Hamachi2Svc; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [1895760 2014-12-13] (LogMeIn Inc.)
R2 HiPatchService; C:\Program Files\Hi-Rez Studios\HiPatchService.exe [9216 2015-01-06] (Hi-Rez Studios) [File not signed]
R2 LMIGuardianSvc; C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe [411920 2014-12-02] (LogMeIn, Inc.)
S3 npggsvc; C:\Windows\system32\GameMon.des [3299328 2014-11-26] (INCA Internet Co., Ltd.)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18186896 2014-12-13] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files\Origin\OriginClientService.exe [1903472 2014-12-22] (Electronic Arts)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-12-23] ()
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [134664 2014-10-14] (Sandboxie Holdings, LLC)
S3 TunngleService; C:\Program Files\Tunngle\TnglCtrl.exe [758224 2013-11-06] (Tunngle.net GmbH)
S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
S2 gupdate; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [X]
S2 ValueApps; C:\Users\PhucTam\AppData\Local\ValueApps\ValueApps.exe [X]
S2 Verifies and fixes application compatibility issues; C:\Users\PhucTam\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-04-29] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-04-29] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-04-29] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-04-29] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [777488 2015-01-11] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [411680 2015-01-11] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [68312 2015-01-11] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180632 2014-04-29] ()
R2 BstHdDrv; C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys [112344 2014-10-07] (BlueStack Systems)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [243128 2014-05-02] (Disc Soft Ltd)
R3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [264704 2006-04-06] (AVM GmbH)
R3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R3 LEqdUsb; C:\Windows\System32\Drivers\LEqdUsb.Sys [42264 2014-03-19] (Logitech, Inc.)
R3 LHidEqd; C:\Windows\System32\Drivers\LHidEqd.Sys [10136 2014-03-19] (Logitech, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [18576 2014-12-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [32912 2014-11-22] (NVIDIA Corporation)
R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [22120 2014-06-13] (Saitek)
R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [45544 2014-06-13] (Saitek)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [161288 2014-10-14] (Sandboxie Holdings, LLC)
S3 scramby; C:\Windows\System32\drivers\scramby.sys [25896 2007-02-13] (RapidSolution Software AG)
S3 scramby_out; C:\Windows\System32\drivers\scramby_out.sys [23840 2007-08-08] (RapidSolution Software AG)
R3 SCREAMINGBDRIVER; C:\Windows\System32\drivers\ScreamingBAudio.sys [34896 2014-02-07] (Screaming Bee LLC)
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [27136 2009-09-16] (Tunngle.net)
S3 _hid_0738_1710; C:\Windows\System32\DRIVERS\_hid_0738_1710.sys [144576 2014-06-13] (Saitek)
S3 _usb_0738_1710; C:\Windows\System32\DRIVERS\_usb_0738_1710.sys [40640 2014-06-13] (Saitek)
S3 catchme; \??\C:\Users\PhucTam\AppData\Local\Temp\catchme.sys [X]
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 XDva409; \??\C:\Windows\system32\XDva409.sys [X]
S3 XDva410; \??\C:\Windows\system32\XDva410.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-11 19:20 - 2015-01-11 19:20 - 00000693 _____ () C:\Users\PhucTam\Desktop\JRT.txt
2015-01-11 19:16 - 2015-01-11 19:16 - 00000000 ____D () C:\Windows\ERUNT
2015-01-11 19:14 - 2015-01-11 19:15 - 01707939 _____ (Thisisu) C:\Users\PhucTam\Downloads\JRT.exe
2015-01-11 19:06 - 2015-01-11 19:06 - 00003280 _____ () C:\Users\PhucTam\Desktop\mbam.txt
2015-01-11 18:42 - 2015-01-11 19:05 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-11 18:42 - 2015-01-11 18:42 - 00001060 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-11 18:42 - 2015-01-11 18:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-11 18:42 - 2015-01-11 18:42 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-11 18:42 - 2015-01-11 18:42 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-01-11 18:42 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-11 18:42 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-11 18:42 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-11 18:38 - 2015-01-11 18:40 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\PhucTam\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-11 00:39 - 2015-01-12 19:05 - 00000000 ____D () C:\Users\PhucTam\Desktop\bugfile
2015-01-11 00:22 - 2015-01-11 00:23 - 02052608 _____ (Entwell) C:\Users\PhucTam\Desktop\NostaleX.dat
2015-01-11 00:22 - 2015-01-11 00:23 - 01993728 _____ (Entwell) C:\Users\PhucTam\Desktop\Nostale.dat
2015-01-11 00:22 - 2015-01-11 00:23 - 00000010 _____ () C:\Users\PhucTam\Desktop\Update.dat
2015-01-11 00:22 - 2015-01-11 00:23 - 00000000 ____D () C:\Users\PhucTam\Desktop\NostaleData
2015-01-11 00:22 - 2015-01-11 00:22 - 01256960 _____ (ETW) C:\Users\PhucTam\Desktop\Nostale.exe.bak
2015-01-11 00:17 - 2011-06-06 18:35 - 01248768 _____ (ETW) C:\Users\PhucTam\Desktop\Nostale.exe
2015-01-11 00:08 - 2015-01-11 00:08 - 00001025 _____ () C:\Users\Public\Desktop\Gameforge Live.lnk
2015-01-11 00:08 - 2015-01-11 00:08 - 00000000 ____D () C:\Users\PhucTam\AppData\Local\Gameforge4d
2015-01-11 00:00 - 2015-01-11 00:06 - 20227296 _____ (Gameforge ) C:\Users\PhucTam\Downloads\NosTale_GameforgeLiveSetup (2).exe
2015-01-10 17:16 - 2015-01-10 17:16 - 00041280 _____ () C:\ComboFix.txt
2015-01-10 16:58 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-01-10 16:58 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-01-10 16:58 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-01-10 16:58 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-01-10 16:58 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-01-10 16:58 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-01-10 16:58 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-01-10 16:58 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-01-10 16:56 - 2015-01-10 17:16 - 00000000 ____D () C:\Qoobox
2015-01-10 16:55 - 2015-01-10 17:15 - 00000000 ____D () C:\Windows\erdnt
2015-01-10 16:54 - 2015-01-10 16:55 - 05609736 ____R (Swearware) C:\Users\PhucTam\Desktop\ComboFix.exe
2015-01-10 16:29 - 2015-01-11 19:24 - 00018561 _____ () C:\Users\PhucTam\Desktop\Addition.txt
2015-01-10 16:27 - 2015-01-12 19:05 - 00017133 _____ () C:\Users\PhucTam\Desktop\FRST.txt
2015-01-10 16:27 - 2015-01-12 19:05 - 00000000 ____D () C:\FRST
2015-01-10 16:27 - 2015-01-10 16:27 - 01115648 _____ (Farbar) C:\Users\PhucTam\Desktop\FRST.exe
2015-01-10 16:13 - 2015-01-10 16:14 - 02191360 _____ () C:\Users\PhucTam\Desktop\AdwCleaner_4.107.exe
2015-01-10 12:14 - 2015-01-12 19:04 - 00005114 _____ () C:\Windows\PFRO.log
2015-01-09 23:16 - 2015-01-09 23:16 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2015-01-09 23:16 - 2015-01-09 23:16 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Adobe
2015-01-09 23:16 - 2015-01-09 23:16 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2015-01-09 23:16 - 2015-01-09 23:16 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Adobe
2015-01-09 23:14 - 2015-01-10 11:57 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Compatibility Verifier
2015-01-09 23:14 - 2015-01-10 11:57 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Compatibility Verifier
2015-01-09 06:51 - 2015-01-09 06:52 - 07563297 _____ () C:\Users\PhucTam\Downloads\DRB 32tel Finale __ Smoothie vs. MC Leon.mp4
2015-01-07 01:48 - 2015-01-07 01:48 - 00000003 _____ () C:\Windows\system32\HRUPPROG.TXT
2015-01-07 01:48 - 2015-01-07 01:48 - 00000003 _____ () C:\Windows\system32\HRUPPROG.EXIT
2015-01-05 16:53 - 2015-01-05 16:53 - 21574131 _____ () C:\Users\PhucTam\Downloads\Das Horn Music Video Featuring Hans Gretel.mp4
2015-01-05 15:59 - 2015-01-10 17:27 - 00002506 _____ () C:\Windows\Sandboxie.ini
2015-01-05 15:59 - 2015-01-10 03:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
2015-01-05 15:59 - 2015-01-05 15:59 - 00001067 _____ () C:\Users\PhucTam\Desktop\Sandboxed Web Browser.lnk
2015-01-05 15:58 - 2015-01-05 15:59 - 02734600 _____ (Sandboxie Holdings, LLC) C:\Users\PhucTam\Downloads\SandboxieInstall.exe
2015-01-03 18:33 - 2015-01-03 19:44 - 00007710 _____ () C:\Users\PhucTam\Desktop\protokoll nostale account.txt
2015-01-02 03:02 - 2015-01-02 03:07 - 64842875 _____ () C:\Users\PhucTam\Desktop\MCMBB vs Mairo Runde.mp4
2014-12-30 00:53 - 2015-01-02 03:54 - 00002371 _____ () C:\Users\PhucTam\Desktop\VS MAIRO.txt
2014-12-29 19:41 - 2014-12-29 19:41 - 00001888 _____ () C:\Users\PhucTam\Desktop\NosTale.lnk
2014-12-29 19:41 - 2014-12-29 19:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nostale(DE)
2014-12-29 17:57 - 2014-12-29 17:58 - 20227296 _____ (Gameforge ) C:\Users\PhucTam\Downloads\NosTale_GameforgeLiveSetup (1).exe
2014-12-29 14:05 - 2014-12-29 17:01 - 00000509 _____ () C:\Users\PhucTam\Desktop\VS DEVASTATIONMUSIC.txt
2014-12-29 13:45 - 2014-12-29 13:45 - 20227296 _____ (Gameforge ) C:\Users\PhucTam\Downloads\NosTale_GameforgeLiveSetup.exe
2014-12-29 03:12 - 2014-12-29 03:12 - 00001896 _____ () C:\Users\Public\Desktop\AION Free-to-Play.lnk
2014-12-29 03:12 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2014-12-28 23:58 - 2014-12-28 23:59 - 36719898 _____ () C:\Users\PhucTam\Downloads\Das Beer Boot Music Video Featuring Hans Gretel.mp4
2014-12-28 21:57 - 2014-12-28 21:57 - 00000000 ____D () C:\Users\PhucTam\AppData\Local\SKIDROW
2014-12-28 21:55 - 2014-12-28 21:57 - 00000000 ____D () C:\Users\PhucTam\Desktop\TBOI
2014-12-28 20:09 - 2014-12-28 20:09 - 00000000 ____D () C:\Users\PhucTam\AppData\Roaming\Awesomium
2014-12-28 19:53 - 2015-01-10 03:23 - 00000000 ____D () C:\Program Files\Hi-Rez Studios
2014-12-28 19:53 - 2014-12-28 19:53 - 00001979 _____ () C:\Users\Public\Desktop\Hi-Rez Diagnostics and Support.lnk
2014-12-28 19:53 - 2014-12-28 19:53 - 00001970 _____ () C:\Users\Public\Desktop\Smite.lnk
2014-12-28 19:53 - 2014-12-28 19:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios
2014-12-28 19:53 - 2014-12-28 19:53 - 00000000 ____D () C:\ProgramData\Hi-Rez Studios
2014-12-28 19:50 - 2014-12-28 19:52 - 46655528 _____ (Hi-Rez Studios) C:\Users\PhucTam\Downloads\InstallSmite.exe
2014-12-26 22:31 - 2014-12-26 22:33 - 41035014 _____ () C:\Users\PhucTam\Desktop\famenpe.mp4
2014-12-26 18:14 - 2014-12-26 18:31 - 419038520 _____ () C:\Users\PhucTam\Downloads\JBB 2014 [KING FINALE 1_2] SpongeBOZZ vs. Gio (prod. by Digital Drama).mp4
2014-12-26 17:41 - 2014-12-26 18:05 - 227382692 _____ () C:\Users\PhucTam\Desktop\MC STEIN MEDLEY.mp4
2014-12-26 17:30 - 2014-12-26 17:31 - 34213196 _____ () C:\Users\PhucTam\Desktop\DARB 2014 [Halbfinale] Mc lp vs Kulster.mp4
2014-12-26 17:30 - 2014-12-26 17:30 - 03283634 _____ () C:\Users\PhucTam\Desktop\DARB 2014 [Qualifikation 8] MC LP Fan der Boss.mp4
2014-12-26 17:29 - 2014-12-26 17:29 - 03912066 _____ () C:\Users\PhucTam\Desktop\#26 Qualifikation von Smooth.mp4
2014-12-26 17:29 - 2014-12-26 17:29 - 01160576 _____ () C:\Users\PhucTam\Desktop\BLACK AND WHITE -  - QUALIFIKATION #37 - BARSBATTLECONTEST.mp4
2014-12-26 03:01 - 2014-12-26 03:01 - 00000000 ____D () C:\Program Files\Microsoft ASP.NET
2014-12-25 16:13 - 2014-12-25 16:13 - 00003085 _____ () C:\Users\PhucTam\Downloads\realm-of-the-mad-god-cursor-.zip
2014-12-25 13:27 - 2015-01-12 19:04 - 00008895 _____ () C:\Windows\setupact.log
2014-12-25 13:27 - 2014-12-25 13:27 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-25 00:23 - 2014-12-25 00:23 - 00001217 _____ () C:\Users\PhucTam\Desktop\Battle.net.lnk
2014-12-24 22:37 - 2014-11-22 11:46 - 00032912 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad32v.sys
2014-12-24 13:25 - 2014-12-24 13:25 - 00000000 ____D () C:\Users\PhucTam\AppData\Roaming\Apple Computer
2014-12-24 07:31 - 2014-12-24 07:31 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-12-24 07:31 - 2014-12-24 07:31 - 00000000 ____D () C:\Users\PhucTam\AppData\Local\Apple
2014-12-24 07:31 - 2014-12-24 07:31 - 00000000 ____D () C:\ProgramData\Apple
2014-12-24 07:31 - 2014-12-24 07:31 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-12-24 07:31 - 2014-12-24 07:31 - 00000000 ____D () C:\Program Files\Apple Software Update
2014-12-23 20:38 - 2014-12-23 20:38 - 380932972 _____ () C:\Users\PhucTam\Desktop\DOD Content Addon (Oct 2014).zip
2014-12-23 20:28 - 2014-12-23 20:28 - 132745923 _____ () C:\Users\PhucTam\Desktop\DOD Maps Addon (Oct 2014).zip
2014-12-23 20:27 - 2014-12-23 20:27 - 120899692 _____ () C:\Users\PhucTam\Desktop\CSS Maps Addon (Oct 2014).zip
2014-12-23 19:51 - 2014-12-23 19:52 - 721122808 _____ () C:\Users\PhucTam\Desktop\CSS Content Addon (Oct 2014).zip
2014-12-23 16:14 - 2014-12-23 16:14 - 00000000 __RHD () C:\Users\PhucTam\AppData\Roaming\SecuROM
2014-12-23 16:14 - 2014-12-23 16:14 - 00000000 ____D () C:\Users\Public\Documents\EA Games
2014-12-23 16:14 - 2014-12-23 16:14 - 00000000 ____D () C:\Users\PhucTam\Documents\EA Games
2014-12-23 15:58 - 2014-12-23 16:03 - 00348928 _____ () C:\Windows\system32\PnkBstrB.xtr
2014-12-23 15:58 - 2014-12-23 15:58 - 00000000 ____D () C:\Users\PhucTam\Documents\Battlefield 3
2014-12-23 15:58 - 2014-12-23 15:58 - 00000000 ____D () C:\Users\PhucTam\AppData\Local\PunkBuster
2014-12-23 15:58 - 2014-12-23 15:58 - 00000000 ____D () C:\Users\PhucTam\AppData\Local\ESN
2014-12-23 15:57 - 2014-12-23 15:57 - 00000000 ____D () C:\Program Files\Battlelog Web Plugins
2014-12-23 15:56 - 2014-12-23 15:56 - 00000000 ____D () C:\ProgramData\EA Core
2014-12-23 12:35 - 2014-12-23 12:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SimCity 2000 Special Edition
2014-12-23 12:33 - 2014-12-23 12:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Sims 2 Ultimate Collection
2014-12-23 10:22 - 2014-12-23 10:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3
2014-12-23 10:21 - 2014-12-23 16:03 - 00348928 _____ () C:\Windows\system32\PnkBstrB.exe
2014-12-23 10:21 - 2014-12-23 16:03 - 00139944 _____ () C:\Windows\system32\Drivers\PnkBstrK.sys
2014-12-23 10:21 - 2014-12-23 16:03 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe
2014-12-23 10:21 - 2014-12-23 15:58 - 00280904 _____ () C:\Windows\system32\PnkBstrB.ex0
2014-12-23 10:21 - 2014-12-23 10:21 - 00138056 _____ () C:\Users\PhucTam\AppData\Roaming\PnkBstrK.sys
2014-12-23 10:21 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2014-12-23 10:21 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2014-12-23 10:21 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2014-12-23 10:21 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2014-12-23 10:21 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2014-12-23 10:21 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2014-12-23 10:21 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2014-12-23 10:21 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2014-12-23 10:21 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2014-12-23 10:21 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2014-12-23 10:21 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2014-12-23 10:21 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2014-12-23 10:21 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2014-12-23 10:21 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2014-12-23 10:21 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2014-12-23 10:21 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2014-12-23 10:21 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2014-12-23 10:21 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2014-12-23 10:21 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2014-12-23 10:21 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2014-12-23 10:21 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2014-12-23 10:21 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2014-12-23 10:21 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2014-12-23 10:21 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2014-12-23 10:21 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2014-12-23 10:21 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2014-12-23 10:21 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2014-12-23 10:21 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2014-12-23 10:21 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2014-12-23 10:21 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2014-12-23 10:21 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2014-12-23 10:21 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2014-12-23 10:21 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2014-12-23 10:21 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2014-12-23 10:21 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2014-12-23 10:21 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2014-12-23 10:21 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2014-12-23 10:21 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2014-12-23 10:21 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2014-12-23 10:21 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2014-12-23 10:21 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2014-12-23 10:21 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2014-12-23 10:21 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2014-12-23 10:21 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2014-12-23 10:21 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2014-12-23 10:21 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2014-12-23 10:21 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2014-12-23 10:21 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2014-12-23 10:21 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2014-12-23 10:21 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2014-12-23 10:21 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2014-12-23 10:21 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2014-12-23 10:21 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2014-12-23 10:21 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2014-12-23 10:21 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2014-12-23 10:21 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2014-12-23 10:21 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2014-12-23 10:21 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2014-12-23 10:21 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2014-12-23 10:21 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2014-12-23 10:21 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2014-12-23 10:21 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2014-12-23 10:21 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2014-12-23 10:21 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2014-12-23 10:21 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2014-12-23 10:21 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2014-12-23 10:21 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2014-12-23 10:21 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2014-12-23 10:21 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2014-12-23 10:21 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2014-12-23 10:21 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2014-12-23 10:21 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2014-12-23 10:21 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2014-12-23 10:21 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2014-12-23 10:21 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2014-12-23 10:21 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2014-12-23 10:21 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2014-12-23 10:21 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2014-12-23 10:20 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2014-12-23 10:20 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2014-12-23 10:20 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2014-12-23 10:20 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2014-12-21 11:57 - 2014-12-21 11:57 - 00000000 ____D () C:\Users\PhucTam\Downloads\Smart Riot - Huma-Huma_data
2014-12-20 20:06 - 2009-07-13 14:39 - 49625595 _____ () C:\Users\PhucTam\Desktop\BP(D).ups
2014-12-20 20:05 - 2014-12-20 20:07 - 134217728 _____ () C:\Users\PhucTam\Desktop\3783 - Pokemon - Platin Edition (DE).nds
2014-12-18 06:04 - 2014-11-26 15:10 - 03299328 _____ (INCA Internet Co., Ltd.) C:\Windows\system32\GameMon.des
2014-12-18 06:03 - 2014-12-18 06:03 - 00000000 ____D () C:\Program Files\Common Files\INCA Shared
2014-12-18 06:03 - 2004-12-30 13:43 - 00004682 _____ (INCA Internet Co., Ltd.) C:\Windows\system32\npptNT2.sys
2014-12-18 06:03 - 2003-07-15 22:17 - 00005174 _____ () C:\Windows\system32\nppt9x.vxd
2014-12-18 05:37 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-15 14:26 - 2014-12-15 14:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-12-15 14:26 - 2014-12-15 14:26 - 00000000 ____D () C:\Program Files\LogMeIn Hamachi
2014-12-14 01:55 - 2014-12-14 01:56 - 20077203 _____ () C:\Users\PhucTam\Desktop\DARB 2014 [4tel 4_4] MC LP Fan der Boss vs BNB.mp4

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-12 19:06 - 2014-12-01 23:45 - 00000000 ____D () C:\Users\PhucTam\Downloads\Gameforge Live
2015-01-12 19:05 - 2014-04-27 16:24 - 00000000 ____D () C:\Users\PhucTam\AppData\Local\LogMeIn Hamachi
2015-01-12 19:05 - 2014-04-09 19:44 - 00000000 ____D () C:\Users\PhucTam\AppData\Roaming\Skype
2015-01-12 19:04 - 2014-04-09 21:37 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-12 19:04 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-12 19:03 - 2014-04-28 13:58 - 00000000 ____D () C:\AdwCleaner
2015-01-12 19:03 - 2014-04-09 18:17 - 01605193 _____ () C:\Windows\WindowsUpdate.log
2015-01-12 13:47 - 2014-05-12 19:44 - 00000000 ____D () C:\Users\PhucTam\AppData\Roaming\TS3Client
2015-01-12 12:40 - 2009-07-14 05:34 - 00020672 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-12 12:40 - 2009-07-14 05:34 - 00020672 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-12 03:13 - 2014-04-09 22:54 - 00000000 ____D () C:\Users\PhucTam\AppData\Local\Battle.net
2015-01-11 08:53 - 2014-04-29 13:32 - 00777488 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2015-01-11 08:53 - 2014-04-29 13:32 - 00411680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2015-01-11 08:53 - 2014-04-29 13:32 - 00068312 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2015-01-11 00:08 - 2014-12-01 23:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge Live
2015-01-11 00:08 - 2014-07-15 07:31 - 00000000 ____D () C:\Program Files\GameforgeLive
2015-01-10 17:16 - 2009-07-14 03:37 - 00000000 __RHD () C:\Users\Default
2015-01-10 17:16 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public
2015-01-10 17:12 - 2009-07-14 03:04 - 00000215 _____ () C:\Windows\system.ini
2015-01-10 16:24 - 2014-04-22 22:50 - 00001312 _____ () C:\Users\PhucTam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2015-01-10 16:20 - 2014-04-09 19:39 - 00001236 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-10 16:20 - 2014-04-09 19:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-10 16:20 - 2014-04-09 18:52 - 00001152 _____ () C:\Users\PhucTam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-10 12:11 - 2014-04-29 13:34 - 00002047 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2015-01-10 12:11 - 2014-04-29 13:32 - 00776976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.1420962827284
2015-01-10 12:11 - 2014-04-29 13:32 - 00411552 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.1420962827284
2015-01-10 03:26 - 2014-04-09 18:52 - 00000000 ____D () C:\Users\PhucTam
2015-01-10 03:23 - 2014-06-22 09:46 - 00000000 ____D () C:\Users\PhucTam\AppData\Local\Akamai
2015-01-10 03:23 - 2014-05-02 01:27 - 00000000 ____D () C:\ProgramData\ZalmanInstaller_5372
2015-01-10 03:23 - 2014-04-29 13:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2015-01-10 03:23 - 2014-04-19 16:55 - 00000000 ____D () C:\Users\PhucTam\Desktop\Cubeworld
2015-01-10 03:23 - 2014-04-09 22:54 - 00000000 ____D () C:\Users\PhucTam\AppData\Roaming\Battle.net
2015-01-10 03:23 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\wfp
2015-01-10 03:23 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\registration
2015-01-10 03:23 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\AppCompat
2015-01-10 03:03 - 2009-07-14 09:56 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-01-06 20:51 - 2014-04-10 12:26 - 00000000 ____D () C:\Program Files\Steam
2015-01-06 04:36 - 2014-04-11 11:27 - 00249488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-05 15:59 - 2014-12-04 17:01 - 00000000 ____D () C:\Program Files\Sandboxie
2015-01-02 06:12 - 2014-11-06 20:05 - 00000000 ____D () C:\Users\PhucTam\Desktop\Bilder, screens
2015-01-02 03:20 - 2014-04-22 05:24 - 00000000 ____D () C:\Users\PhucTam\AppData\Roaming\Audacity
2014-12-31 03:28 - 2014-04-09 18:24 - 01618592 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-29 00:33 - 2014-04-10 22:02 - 00000000 ____D () C:\Users\PhucTam\Documents\My Games
2014-12-28 19:53 - 2014-04-17 01:29 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-12-26 18:00 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-12-26 16:53 - 2014-04-09 20:08 - 00000000 ____D () C:\Users\PhucTam\AppData\Roaming\.minecraft
2014-12-25 00:44 - 2014-04-10 03:58 - 00000000 ____D () C:\Windows\Minidump
2014-12-25 00:38 - 2014-09-11 23:29 - 00000000 ____D () C:\Users\Public\Documents\Mad Catz
2014-12-25 00:38 - 2014-05-10 11:15 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-12-25 00:25 - 2014-07-12 16:30 - 00000000 ____D () C:\Users\PhucTam\Desktop\Musik ~98%
2014-12-23 15:56 - 2014-05-29 11:09 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-12-23 12:35 - 2009-07-14 05:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-12-23 12:33 - 2014-05-29 11:17 - 00000000 ____D () C:\Program Files\Origin Games
2014-12-23 10:21 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2014-12-22 22:34 - 2014-05-29 11:09 - 00000000 ____D () C:\ProgramData\Origin
2014-12-22 22:34 - 2014-05-29 11:09 - 00000000 ____D () C:\Program Files\Origin
2014-12-22 22:33 - 2014-04-09 19:44 - 00000000 ___RD () C:\Program Files\Skype
2014-12-22 22:33 - 2014-04-09 19:44 - 00000000 ____D () C:\ProgramData\Skype
2014-12-22 13:01 - 2014-05-29 11:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2014-12-20 14:01 - 2014-10-26 01:06 - 00016400 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2014-12-18 06:37 - 2014-06-29 09:57 - 00000000 ____D () C:\download
2014-12-17 23:25 - 2014-04-09 18:52 - 00000000 ____D () C:\Users\PhucTam\AppData\Local\VirtualStore
2014-12-13 01:12 - 2014-09-20 13:42 - 02210040 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap.dll
2014-12-13 01:12 - 2014-09-20 13:42 - 01291464 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge.dll

Files to move or delete:
====================
C:\Users\PhucTam\jagex_cl_runescape_LIVE.dat
C:\Users\PhucTam\random.dat


Some content of TEMP:
====================
C:\Users\PhucTam\AppData\Local\Temp\Quarantine.exe
C:\Users\PhucTam\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-04 19:43

==================== End Of Log ============================
--- --- ---

M-K-D-B 12.01.2015 19:32
Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Code:
start
CloseProcesses:
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3598937497-1326978013-658881309-1000 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
FF HKU\S-1-5-21-3598937497-1326978013-658881309-1000\...\Firefox\Extensions: [{AFBBC1E8-F8FC-FEAA-B717-75C0969774E6}] - C:\Program Files\di7BlockAndSurf\175.xpi
C:\Program Files\di7BlockAndSurf
S2 Verifies and fixes application compatibility issues; C:\Users\PhucTam\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
C:\Program Files\Enigma Software Group
S3 XDva409; \??\C:\Windows\system32\XDva409.sys [X]
S3 XDva410; \??\C:\Windows\system32\XDva410.sys [X]
C:\Users\Default User\AppData\Roaming\Compatibility Verifier
C:\Users\Default\AppData\Roaming\Compatibility Verifier
C:\Users\PhucTam\jagex_cl_runescape_LIVE.dat
C:\Users\PhucTam\random.dat
EmptyTemp:
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.







Schritt 2
Lade dir die passende Version von SystemLook vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop:
SystemLook (32 bit) | SystemLook (64 bit)
  • Doppelklicke auf die SystemLook.exe, um das Tool zu starten.
  • Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:

    Code:
    :folderfind
    *BlockAndSurf*
    *Compatibility Verifier*

    :regfind
    BlockAndSurf
    Compatibility Verifier
  • Klicke nun auf den Button Look, um den Scan zu starten.
  • Der Suchlauf kann einige Zeit dauern.
  • Wenn der Suchlauf beendet ist, wird sich dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
  • Die Ergebnisse werden auch auf dem Desktop als SystemLook.txt gespeichert.







Schritt 3
  • Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
  • FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.




Bitte poste mit deiner nächsten Antwort
  • die Logdatei des FRST-Fix,
  • die Logdatei von SystemLook,
  • die beiden neuen Logdateien von FRST.

Likay 12.01.2015 20:05
FRST-fix:
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 10-01-2015
Ran by PhucTam at 2015-01-12 19:45:11 Run:1
Running from C:\Users\PhucTam\Desktop
Loaded Profile: PhucTam (Available profiles: PhucTam)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
CloseProcesses:
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3598937497-1326978013-658881309-1000 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
FF HKU\S-1-5-21-3598937497-1326978013-658881309-1000\...\Firefox\Extensions: [{AFBBC1E8-F8FC-FEAA-B717-75C0969774E6}] - C:\Program Files\di7BlockAndSurf\175.xpi
C:\Program Files\di7BlockAndSurf
S2 Verifies and fixes application compatibility issues; C:\Users\PhucTam\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
C:\Program Files\Enigma Software Group
S3 XDva409; \??\C:\Windows\system32\XDva409.sys [X]
S3 XDva410; \??\C:\Windows\system32\XDva410.sys [X]
C:\Users\Default User\AppData\Roaming\Compatibility Verifier
C:\Users\Default\AppData\Roaming\Compatibility Verifier
C:\Users\PhucTam\jagex_cl_runescape_LIVE.dat
C:\Users\PhucTam\random.dat
EmptyTemp:
end
       
*****************

Processes closed successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}" => Key deleted successfully.
HKCR\CLSID\{9CB96984-43C3-4D44-90EF-01466EFCF7BB} => Key not found.
"HKU\S-1-5-21-3598937497-1326978013-658881309-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}" => Key deleted successfully.
HKCR\CLSID\{9CB96984-43C3-4D44-90EF-01466EFCF7BB} => Key not found.
HKU\S-1-5-21-3598937497-1326978013-658881309-1000\Software\Mozilla\Firefox\Extensions\\{AFBBC1E8-F8FC-FEAA-B717-75C0969774E6} => value deleted successfully.
"C:\Program Files\di7BlockAndSurf" => File/Directory not found.
Verifies and fixes application compatibility issues => Service deleted successfully.
esgiguard => Service deleted successfully.
C:\Program Files\Enigma Software Group => Moved successfully.
XDva409 => Service deleted successfully.
XDva410 => Service deleted successfully.
C:\Users\Default User\AppData\Roaming\Compatibility Verifier => Moved successfully.
"C:\Users\Default\AppData\Roaming\Compatibility Verifier" => File/Directory not found.
C:\Users\PhucTam\jagex_cl_runescape_LIVE.dat => Moved successfully.
C:\Users\PhucTam\random.dat => Moved successfully.
EmptyTemp: => Removed 7.9 GB temporary data.


The system needed a reboot.

==== End of Fixlog 19:46:44 ====
Systemlook:
Code:
SystemLook 30.07.11 by jpshortstuff
Log created at 19:56 on 12/01/2015 by PhucTam
Administrator - Elevation successful

========== folderfind ==========

Searching for "*BlockAndSurf*"
C:\AdwCleaner\Quarantine\C\Program Files\di7BlockAndSurf        d------        [15:19 10/01/2015]

Searching for "*Compatibility Verifier*"
C:\AdwCleaner\Quarantine\C\Users\PhucTam\AppData\Roaming\Compatibility Verifier        d------        [18:03 12/01/2015]
C:\FRST\Quarantine\C\Users\Default User\AppData\Roaming\Compatibility Verifier        d------        [22:14 09/01/2015]

========== regfind ==========

Searching for "BlockAndSurf"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E47CB8BF-4B75-BD95-037F-7D4A18505C12}\1.0\0\win32]
@="C:\Program Files\di7BlockAndSurf\175.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E47CB8BF-4B75-BD95-037F-7D4A18505C12}\1.0\HELPDIR]
@="C:\Program Files\di7BlockAndSurf"

Searching for "Compatibility Verifier"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\31278497_0]
@="{0.0.0.00000000}.{b19c8ee4-c529-4352-ae25-087a9ef91cc7}|\Device\HarddiskVolume2\Users\PhucTam\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\31278497_0]
@="{0.0.0.00000000}.{b19c8ee4-c529-4352-ae25-087a9ef91cc7}|\Device\HarddiskVolume2\Users\PhucTam\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\bc7a4f9f_0]
@="{0.0.0.00000000}.{8abb120b-5c8d-40cd-b6f4-b608bc91819b}|\Device\HarddiskVolume2\Users\PhucTam\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-3598937497-1326978013-658881309-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\31278497_0]
@="{0.0.0.00000000}.{b19c8ee4-c529-4352-ae25-087a9ef91cc7}|\Device\HarddiskVolume2\Users\PhucTam\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\31278497_0]
@="{0.0.0.00000000}.{b19c8ee4-c529-4352-ae25-087a9ef91cc7}|\Device\HarddiskVolume2\Users\PhucTam\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\bc7a4f9f_0]
@="{0.0.0.00000000}.{8abb120b-5c8d-40cd-b6f4-b608bc91819b}|\Device\HarddiskVolume2\Users\PhucTam\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe%b{00000000-0000-0000-0000-000000000000}"

-= EOF =-
FRST:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-01-2015
Ran by PhucTam (administrator) on PHUCTAM-PC on 12-01-2015 20:01:04
Running from C:\Users\PhucTam\Desktop
Loaded Profile: PhucTam (Available profiles: PhucTam)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-LogRotatorService.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-Agent.exe
(LogMeIn Inc.) C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-UpdaterService.exe
(Akamai Technologies, Inc.) C:\Users\PhucTam\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\PhucTam\AppData\Local\Akamai\netsession_win.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Hi-Rez Studios) C:\Program Files\Hi-Rez Studios\HiPatchService.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\System32\PnkBstrA.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(LogMeIn Inc.) C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
() C:\Users\PhucTam\Downloads\SystemLook.exe
() C:\Program Files\GameforgeLive\gfl_client.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(ETW) C:\Program Files\GameforgeLive\Games\DEU_deu\NosTale\Nostale.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2015-01-11] (AVAST Software)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2303256 2014-05-19] (Logitech, Inc.)
HKLM\...\Run: [BlueStacks Agent] => C:\Program Files\BlueStacks\HD-Agent.exe [843480 2014-10-07] (BlueStack Systems, Inc.)
HKLM\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [3838800 2014-12-13] (LogMeIn Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-3598937497-1326978013-658881309-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-3598937497-1326978013-658881309-1000\...\Run: [Akamai NetSession Interface] => C:\Users\PhucTam\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3598937497-1326978013-658881309-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-3598937497-1326978013-658881309-1000\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [632328 2014-10-14] (Sandboxie Holdings, LLC)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2014-04-13] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3598937497-1326978013-658881309-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3598937497-1326978013-658881309-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3598937497-1326978013-658881309-1000 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files\Battlelog Web Plugins\2.6.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll No File
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-3598937497-1326978013-658881309-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\PhucTam\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF HKLM\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-10-26]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\PhucTam\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\PhucTam\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-21]
CHR Extension: (Google-Suche) - C:\Users\PhucTam\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-21]
CHR Extension: (Google Wallet) - C:\Users\PhucTam\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-10]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-10]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-29] (AVAST Software)
S2 BstHdAndroidSvc; C:\Program Files\BlueStacks\HD-Service.exe [409304 2014-10-07] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files\BlueStacks\HD-LogRotatorService.exe [388824 2014-10-07] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files\BlueStacks\HD-UpdaterService.exe [782040 2014-10-07] (BlueStack Systems, Inc.)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [915600 2014-12-13] (NVIDIA Corporation)
R2 Hamachi2Svc; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [1895760 2014-12-13] (LogMeIn Inc.)
R2 HiPatchService; C:\Program Files\Hi-Rez Studios\HiPatchService.exe [9216 2015-01-06] (Hi-Rez Studios) [File not signed]
R2 LMIGuardianSvc; C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe [411920 2014-12-02] (LogMeIn, Inc.)
S3 npggsvc; C:\Windows\system32\GameMon.des [3299328 2014-11-26] (INCA Internet Co., Ltd.)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18186896 2014-12-13] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files\Origin\OriginClientService.exe [1903472 2014-12-22] (Electronic Arts)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-12-23] ()
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [134664 2014-10-14] (Sandboxie Holdings, LLC)
S3 TunngleService; C:\Program Files\Tunngle\TnglCtrl.exe [758224 2013-11-06] (Tunngle.net GmbH)
S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
S2 gupdate; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [X]
S2 ValueApps; C:\Users\PhucTam\AppData\Local\ValueApps\ValueApps.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-04-29] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-04-29] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-04-29] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-04-29] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [777488 2015-01-11] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [411680 2015-01-11] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [68312 2015-01-11] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180632 2014-04-29] ()
R2 BstHdDrv; C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys [112344 2014-10-07] (BlueStack Systems)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [243128 2014-05-02] (Disc Soft Ltd)
R3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [264704 2006-04-06] (AVM GmbH)
R3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R3 LEqdUsb; C:\Windows\System32\Drivers\LEqdUsb.Sys [42264 2014-03-19] (Logitech, Inc.)
R3 LHidEqd; C:\Windows\System32\Drivers\LHidEqd.Sys [10136 2014-03-19] (Logitech, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [18576 2014-12-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [32912 2014-11-22] (NVIDIA Corporation)
R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [22120 2014-06-13] (Saitek)
R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [45544 2014-06-13] (Saitek)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [161288 2014-10-14] (Sandboxie Holdings, LLC)
S3 scramby; C:\Windows\System32\drivers\scramby.sys [25896 2007-02-13] (RapidSolution Software AG)
S3 scramby_out; C:\Windows\System32\drivers\scramby_out.sys [23840 2007-08-08] (RapidSolution Software AG)
R3 SCREAMINGBDRIVER; C:\Windows\System32\drivers\ScreamingBAudio.sys [34896 2014-02-07] (Screaming Bee LLC)
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [27136 2009-09-16] (Tunngle.net)
S3 _hid_0738_1710; C:\Windows\System32\DRIVERS\_hid_0738_1710.sys [144576 2014-06-13] (Saitek)
S3 _usb_0738_1710; C:\Windows\System32\DRIVERS\_usb_0738_1710.sys [40640 2014-06-13] (Saitek)
S3 catchme; \??\C:\Users\PhucTam\AppData\Local\Temp\catchme.sys [X]
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-12 19:56 - 2015-01-12 20:00 - 00005742 _____ () C:\Users\PhucTam\Downloads\SystemLook.txt
2015-01-12 19:55 - 2015-01-12 19:55 - 00139264 _____ () C:\Users\PhucTam\Downloads\SystemLook.exe
2015-01-11 19:20 - 2015-01-11 19:20 - 00000693 _____ () C:\Users\PhucTam\Desktop\JRT.txt
2015-01-11 19:16 - 2015-01-11 19:16 - 00000000 ____D () C:\Windows\ERUNT
2015-01-11 19:14 - 2015-01-11 19:15 - 01707939 _____ (Thisisu) C:\Users\PhucTam\Downloads\JRT.exe
2015-01-11 19:06 - 2015-01-11 19:06 - 00003280 _____ () C:\Users\PhucTam\Desktop\mbam.txt
2015-01-11 18:42 - 2015-01-11 19:05 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-11 18:42 - 2015-01-11 18:42 - 00001060 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-11 18:42 - 2015-01-11 18:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-11 18:42 - 2015-01-11 18:42 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-11 18:42 - 2015-01-11 18:42 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-01-11 18:42 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-11 18:42 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-11 18:42 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-11 18:38 - 2015-01-11 18:40 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\PhucTam\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-11 00:39 - 2015-01-12 19:05 - 00000000 ____D () C:\Users\PhucTam\Desktop\bugfile
2015-01-11 00:22 - 2015-01-11 00:23 - 00000000 ____D () C:\Users\PhucTam\Desktop\NostaleData
2015-01-11 00:08 - 2015-01-11 00:08 - 00001025 _____ () C:\Users\Public\Desktop\Gameforge Live.lnk
2015-01-11 00:08 - 2015-01-11 00:08 - 00000000 ____D () C:\Users\PhucTam\AppData\Local\Gameforge4d
2015-01-11 00:00 - 2015-01-11 00:06 - 20227296 _____ (Gameforge ) C:\Users\PhucTam\Downloads\NosTale_GameforgeLiveSetup (2).exe
2015-01-10 17:16 - 2015-01-10 17:16 - 00041280 _____ () C:\ComboFix.txt
2015-01-10 16:58 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-01-10 16:58 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-01-10 16:58 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-01-10 16:58 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-01-10 16:58 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-01-10 16:58 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-01-10 16:58 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-01-10 16:58 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-01-10 16:56 - 2015-01-10 17:16 - 00000000 ____D () C:\Qoobox
2015-01-10 16:55 - 2015-01-10 17:15 - 00000000 ____D () C:\Windows\erdnt
2015-01-10 16:54 - 2015-01-10 16:55 - 05609736 ____R (Swearware) C:\Users\PhucTam\Desktop\ComboFix.exe
2015-01-10 16:29 - 2015-01-11 19:24 - 00018561 _____ () C:\Users\PhucTam\Desktop\Addition.txt
2015-01-10 16:27 - 2015-01-12 20:01 - 00016681 _____ () C:\Users\PhucTam\Desktop\FRST.txt
2015-01-10 16:27 - 2015-01-12 20:01 - 00000000 ____D () C:\FRST
2015-01-10 16:27 - 2015-01-10 16:27 - 01115648 _____ (Farbar) C:\Users\PhucTam\Desktop\FRST.exe
2015-01-10 16:13 - 2015-01-10 16:14 - 02191360 _____ () C:\Users\PhucTam\Desktop\AdwCleaner_4.107.exe
2015-01-10 12:14 - 2015-01-12 19:04 - 00005114 _____ () C:\Windows\PFRO.log
2015-01-09 23:16 - 2015-01-09 23:16 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2015-01-09 23:16 - 2015-01-09 23:16 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Adobe
2015-01-09 23:16 - 2015-01-09 23:16 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2015-01-09 23:16 - 2015-01-09 23:16 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Adobe
2015-01-09 06:51 - 2015-01-09 06:52 - 07563297 _____ () C:\Users\PhucTam\Downloads\DRB 32tel Finale __ Smoothie vs. MC Leon.mp4
2015-01-07 01:48 - 2015-01-07 01:48 - 00000003 _____ () C:\Windows\system32\HRUPPROG.TXT
2015-01-07 01:48 - 2015-01-07 01:48 - 00000003 _____ () C:\Windows\system32\HRUPPROG.EXIT
2015-01-05 16:53 - 2015-01-05 16:53 - 21574131 _____ () C:\Users\PhucTam\Downloads\Das Horn Music Video Featuring Hans Gretel.mp4
2015-01-05 15:59 - 2015-01-10 17:27 - 00002506 _____ () C:\Windows\Sandboxie.ini
2015-01-05 15:59 - 2015-01-10 03:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
2015-01-05 15:59 - 2015-01-05 15:59 - 00001067 _____ () C:\Users\PhucTam\Desktop\Sandboxed Web Browser.lnk
2015-01-05 15:58 - 2015-01-05 15:59 - 02734600 _____ (Sandboxie Holdings, LLC) C:\Users\PhucTam\Downloads\SandboxieInstall.exe
2015-01-03 18:33 - 2015-01-03 19:44 - 00007710 _____ () C:\Users\PhucTam\Desktop\protokoll nostale account.txt
2015-01-02 03:02 - 2015-01-02 03:07 - 64842875 _____ () C:\Users\PhucTam\Desktop\MCMBB vs Mairo Runde.mp4
2014-12-30 00:53 - 2015-01-02 03:54 - 00002371 _____ () C:\Users\PhucTam\Desktop\VS MAIRO.txt
2014-12-29 19:41 - 2014-12-29 19:41 - 00001888 _____ () C:\Users\PhucTam\Desktop\NosTale.lnk
2014-12-29 19:41 - 2014-12-29 19:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nostale(DE)
2014-12-29 17:57 - 2014-12-29 17:58 - 20227296 _____ (Gameforge ) C:\Users\PhucTam\Downloads\NosTale_GameforgeLiveSetup (1).exe
2014-12-29 14:05 - 2014-12-29 17:01 - 00000509 _____ () C:\Users\PhucTam\Desktop\VS DEVASTATIONMUSIC.txt
2014-12-29 13:45 - 2014-12-29 13:45 - 20227296 _____ (Gameforge ) C:\Users\PhucTam\Downloads\NosTale_GameforgeLiveSetup.exe
2014-12-29 03:12 - 2014-12-29 03:12 - 00001896 _____ () C:\Users\Public\Desktop\AION Free-to-Play.lnk
2014-12-29 03:12 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2014-12-28 23:58 - 2014-12-28 23:59 - 36719898 _____ () C:\Users\PhucTam\Downloads\Das Beer Boot Music Video Featuring Hans Gretel.mp4
2014-12-28 21:57 - 2014-12-28 21:57 - 00000000 ____D () C:\Users\PhucTam\AppData\Local\SKIDROW
2014-12-28 21:55 - 2014-12-28 21:57 - 00000000 ____D () C:\Users\PhucTam\Desktop\TBOI
2014-12-28 20:09 - 2014-12-28 20:09 - 00000000 ____D () C:\Users\PhucTam\AppData\Roaming\Awesomium
2014-12-28 19:53 - 2015-01-10 03:23 - 00000000 ____D () C:\Program Files\Hi-Rez Studios
2014-12-28 19:53 - 2014-12-28 19:53 - 00001979 _____ () C:\Users\Public\Desktop\Hi-Rez Diagnostics and Support.lnk
2014-12-28 19:53 - 2014-12-28 19:53 - 00001970 _____ () C:\Users\Public\Desktop\Smite.lnk
2014-12-28 19:53 - 2014-12-28 19:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios
2014-12-28 19:53 - 2014-12-28 19:53 - 00000000 ____D () C:\ProgramData\Hi-Rez Studios
2014-12-28 19:50 - 2014-12-28 19:52 - 46655528 _____ (Hi-Rez Studios) C:\Users\PhucTam\Downloads\InstallSmite.exe
2014-12-26 22:31 - 2014-12-26 22:33 - 41035014 _____ () C:\Users\PhucTam\Desktop\famenpe.mp4
2014-12-26 18:14 - 2014-12-26 18:31 - 419038520 _____ () C:\Users\PhucTam\Downloads\JBB 2014 [KING FINALE 1_2] SpongeBOZZ vs. Gio (prod. by Digital Drama).mp4
2014-12-26 17:41 - 2014-12-26 18:05 - 227382692 _____ () C:\Users\PhucTam\Desktop\MC STEIN MEDLEY.mp4
2014-12-26 17:30 - 2014-12-26 17:31 - 34213196 _____ () C:\Users\PhucTam\Desktop\DARB 2014 [Halbfinale] Mc lp vs Kulster.mp4
2014-12-26 17:30 - 2014-12-26 17:30 - 03283634 _____ () C:\Users\PhucTam\Desktop\DARB 2014 [Qualifikation 8] MC LP Fan der Boss.mp4
2014-12-26 17:29 - 2014-12-26 17:29 - 03912066 _____ () C:\Users\PhucTam\Desktop\#26 Qualifikation von Smooth.mp4
2014-12-26 17:29 - 2014-12-26 17:29 - 01160576 _____ () C:\Users\PhucTam\Desktop\BLACK AND WHITE -  - QUALIFIKATION #37 - BARSBATTLECONTEST.mp4
2014-12-26 03:01 - 2014-12-26 03:01 - 00000000 ____D () C:\Program Files\Microsoft ASP.NET
2014-12-25 16:13 - 2014-12-25 16:13 - 00003085 _____ () C:\Users\PhucTam\Downloads\realm-of-the-mad-god-cursor-.zip
2014-12-25 13:27 - 2015-01-12 19:49 - 00009063 _____ () C:\Windows\setupact.log
2014-12-25 13:27 - 2014-12-25 13:27 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-25 00:23 - 2014-12-25 00:23 - 00001217 _____ () C:\Users\PhucTam\Desktop\Battle.net.lnk
2014-12-24 22:37 - 2014-11-22 11:46 - 00032912 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad32v.sys
2014-12-24 13:25 - 2014-12-24 13:25 - 00000000 ____D () C:\Users\PhucTam\AppData\Roaming\Apple Computer
2014-12-24 07:31 - 2014-12-24 07:31 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-12-24 07:31 - 2014-12-24 07:31 - 00000000 ____D () C:\Users\PhucTam\AppData\Local\Apple
2014-12-24 07:31 - 2014-12-24 07:31 - 00000000 ____D () C:\ProgramData\Apple
2014-12-24 07:31 - 2014-12-24 07:31 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-12-24 07:31 - 2014-12-24 07:31 - 00000000 ____D () C:\Program Files\Apple Software Update
2014-12-23 20:38 - 2014-12-23 20:38 - 380932972 _____ () C:\Users\PhucTam\Desktop\DOD Content Addon (Oct 2014).zip
2014-12-23 20:28 - 2014-12-23 20:28 - 132745923 _____ () C:\Users\PhucTam\Desktop\DOD Maps Addon (Oct 2014).zip
2014-12-23 20:27 - 2014-12-23 20:27 - 120899692 _____ () C:\Users\PhucTam\Desktop\CSS Maps Addon (Oct 2014).zip
2014-12-23 19:51 - 2014-12-23 19:52 - 721122808 _____ () C:\Users\PhucTam\Desktop\CSS Content Addon (Oct 2014).zip
2014-12-23 16:14 - 2014-12-23 16:14 - 00000000 __RHD () C:\Users\PhucTam\AppData\Roaming\SecuROM
2014-12-23 16:14 - 2014-12-23 16:14 - 00000000 ____D () C:\Users\Public\Documents\EA Games
2014-12-23 16:14 - 2014-12-23 16:14 - 00000000 ____D () C:\Users\PhucTam\Documents\EA Games
2014-12-23 15:58 - 2014-12-23 16:03 - 00348928 _____ () C:\Windows\system32\PnkBstrB.xtr
2014-12-23 15:58 - 2014-12-23 15:58 - 00000000 ____D () C:\Users\PhucTam\Documents\Battlefield 3
2014-12-23 15:58 - 2014-12-23 15:58 - 00000000 ____D () C:\Users\PhucTam\AppData\Local\PunkBuster
2014-12-23 15:58 - 2014-12-23 15:58 - 00000000 ____D () C:\Users\PhucTam\AppData\Local\ESN
2014-12-23 15:57 - 2014-12-23 15:57 - 00000000 ____D () C:\Program Files\Battlelog Web Plugins
2014-12-23 15:56 - 2014-12-23 15:56 - 00000000 ____D () C:\ProgramData\EA Core
2014-12-23 12:35 - 2014-12-23 12:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SimCity 2000 Special Edition
2014-12-23 12:33 - 2014-12-23 12:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Sims 2 Ultimate Collection
2014-12-23 10:22 - 2014-12-23 10:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3
2014-12-23 10:21 - 2014-12-23 16:03 - 00348928 _____ () C:\Windows\system32\PnkBstrB.exe
2014-12-23 10:21 - 2014-12-23 16:03 - 00139944 _____ () C:\Windows\system32\Drivers\PnkBstrK.sys
2014-12-23 10:21 - 2014-12-23 16:03 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe
2014-12-23 10:21 - 2014-12-23 15:58 - 00280904 _____ () C:\Windows\system32\PnkBstrB.ex0
2014-12-23 10:21 - 2014-12-23 10:21 - 00138056 _____ () C:\Users\PhucTam\AppData\Roaming\PnkBstrK.sys
2014-12-23 10:21 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2014-12-23 10:21 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2014-12-23 10:21 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2014-12-23 10:21 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2014-12-23 10:21 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2014-12-23 10:21 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2014-12-23 10:21 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2014-12-23 10:21 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2014-12-23 10:21 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2014-12-23 10:21 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2014-12-23 10:21 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2014-12-23 10:21 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2014-12-23 10:21 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2014-12-23 10:21 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2014-12-23 10:21 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2014-12-23 10:21 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2014-12-23 10:21 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2014-12-23 10:21 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2014-12-23 10:21 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2014-12-23 10:21 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2014-12-23 10:21 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2014-12-23 10:21 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2014-12-23 10:21 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2014-12-23 10:21 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2014-12-23 10:21 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2014-12-23 10:21 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2014-12-23 10:21 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2014-12-23 10:21 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2014-12-23 10:21 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2014-12-23 10:21 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2014-12-23 10:21 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2014-12-23 10:21 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2014-12-23 10:21 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2014-12-23 10:21 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2014-12-23 10:21 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2014-12-23 10:21 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2014-12-23 10:21 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2014-12-23 10:21 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2014-12-23 10:21 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2014-12-23 10:21 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2014-12-23 10:21 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2014-12-23 10:21 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2014-12-23 10:21 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2014-12-23 10:21 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2014-12-23 10:21 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2014-12-23 10:21 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2014-12-23 10:21 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2014-12-23 10:21 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2014-12-23 10:21 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2014-12-23 10:21 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2014-12-23 10:21 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2014-12-23 10:21 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2014-12-23 10:21 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2014-12-23 10:21 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2014-12-23 10:21 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2014-12-23 10:21 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2014-12-23 10:21 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2014-12-23 10:21 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2014-12-23 10:21 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2014-12-23 10:21 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2014-12-23 10:21 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2014-12-23 10:21 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2014-12-23 10:21 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2014-12-23 10:21 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2014-12-23 10:21 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2014-12-23 10:21 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2014-12-23 10:21 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2014-12-23 10:21 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2014-12-23 10:21 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2014-12-23 10:21 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2014-12-23 10:21 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2014-12-23 10:21 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2014-12-23 10:21 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2014-12-23 10:21 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2014-12-23 10:21 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2014-12-23 10:21 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2014-12-23 10:21 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2014-12-23 10:21 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2014-12-23 10:20 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2014-12-23 10:20 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2014-12-23 10:20 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2014-12-23 10:20 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2014-12-21 11:57 - 2014-12-21 11:57 - 00000000 ____D () C:\Users\PhucTam\Downloads\Smart Riot - Huma-Huma_data
2014-12-20 20:06 - 2009-07-13 14:39 - 49625595 _____ () C:\Users\PhucTam\Desktop\BP(D).ups
2014-12-20 20:05 - 2014-12-20 20:07 - 134217728 _____ () C:\Users\PhucTam\Desktop\3783 - Pokemon - Platin Edition (DE).nds
2014-12-18 06:04 - 2014-11-26 15:10 - 03299328 _____ (INCA Internet Co., Ltd.) C:\Windows\system32\GameMon.des
2014-12-18 06:03 - 2014-12-18 06:03 - 00000000 ____D () C:\Program Files\Common Files\INCA Shared
2014-12-18 06:03 - 2004-12-30 13:43 - 00004682 _____ (INCA Internet Co., Ltd.) C:\Windows\system32\npptNT2.sys
2014-12-18 06:03 - 2003-07-15 22:17 - 00005174 _____ () C:\Windows\system32\nppt9x.vxd
2014-12-18 05:37 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-15 14:26 - 2014-12-15 14:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-12-15 14:26 - 2014-12-15 14:26 - 00000000 ____D () C:\Program Files\LogMeIn Hamachi
2014-12-14 01:55 - 2014-12-14 01:56 - 20077203 _____ () C:\Users\PhucTam\Desktop\DARB 2014 [4tel 4_4] MC LP Fan der Boss vs BNB.mp4

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-12 20:01 - 2014-04-09 19:44 - 00000000 ____D () C:\Users\PhucTam\AppData\Roaming\Skype
2015-01-12 19:57 - 2009-07-14 05:34 - 00020672 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-12 19:57 - 2009-07-14 05:34 - 00020672 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-12 19:56 - 2014-12-01 23:45 - 00000000 ____D () C:\Users\PhucTam\Downloads\Gameforge Live
2015-01-12 19:53 - 2014-04-09 18:17 - 01630363 _____ () C:\Windows\WindowsUpdate.log
2015-01-12 19:50 - 2014-04-27 16:24 - 00000000 ____D () C:\Users\PhucTam\AppData\Local\LogMeIn Hamachi
2015-01-12 19:49 - 2014-04-22 22:29 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2015-01-12 19:49 - 2014-04-09 21:37 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-12 19:49 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-12 19:45 - 2014-04-09 18:52 - 00000000 ____D () C:\Users\PhucTam
2015-01-12 19:45 - 2009-07-14 03:37 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-01-12 19:03 - 2014-04-28 13:58 - 00000000 ____D () C:\AdwCleaner
2015-01-12 13:47 - 2014-05-12 19:44 - 00000000 ____D () C:\Users\PhucTam\AppData\Roaming\TS3Client
2015-01-12 03:13 - 2014-04-09 22:54 - 00000000 ____D () C:\Users\PhucTam\AppData\Local\Battle.net
2015-01-11 08:53 - 2014-04-29 13:32 - 00777488 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2015-01-11 08:53 - 2014-04-29 13:32 - 00411680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2015-01-11 08:53 - 2014-04-29 13:32 - 00068312 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2015-01-11 00:08 - 2014-12-01 23:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge Live
2015-01-11 00:08 - 2014-07-15 07:31 - 00000000 ____D () C:\Program Files\GameforgeLive
2015-01-10 17:16 - 2009-07-14 03:37 - 00000000 __RHD () C:\Users\Default
2015-01-10 17:16 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public
2015-01-10 17:12 - 2009-07-14 03:04 - 00000215 _____ () C:\Windows\system.ini
2015-01-10 16:24 - 2014-04-22 22:50 - 00001312 _____ () C:\Users\PhucTam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2015-01-10 16:20 - 2014-04-09 19:39 - 00001236 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-10 16:20 - 2014-04-09 19:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-10 16:20 - 2014-04-09 18:52 - 00001152 _____ () C:\Users\PhucTam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-10 12:11 - 2014-04-29 13:34 - 00002047 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2015-01-10 12:11 - 2014-04-29 13:32 - 00776976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.1420962827284
2015-01-10 12:11 - 2014-04-29 13:32 - 00411552 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.1420962827284
2015-01-10 03:23 - 2014-06-22 09:46 - 00000000 ____D () C:\Users\PhucTam\AppData\Local\Akamai
2015-01-10 03:23 - 2014-05-02 01:27 - 00000000 ____D () C:\ProgramData\ZalmanInstaller_5372
2015-01-10 03:23 - 2014-04-29 13:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2015-01-10 03:23 - 2014-04-19 16:55 - 00000000 ____D () C:\Users\PhucTam\Desktop\Cubeworld
2015-01-10 03:23 - 2014-04-09 22:54 - 00000000 ____D () C:\Users\PhucTam\AppData\Roaming\Battle.net
2015-01-10 03:23 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\wfp
2015-01-10 03:23 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\registration
2015-01-10 03:23 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\AppCompat
2015-01-10 03:03 - 2009-07-14 09:56 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-01-06 20:51 - 2014-04-10 12:26 - 00000000 ____D () C:\Program Files\Steam
2015-01-06 04:36 - 2014-04-11 11:27 - 00249488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-05 15:59 - 2014-12-04 17:01 - 00000000 ____D () C:\Program Files\Sandboxie
2015-01-02 06:12 - 2014-11-06 20:05 - 00000000 ____D () C:\Users\PhucTam\Desktop\Bilder, screens
2015-01-02 03:20 - 2014-04-22 05:24 - 00000000 ____D () C:\Users\PhucTam\AppData\Roaming\Audacity
2014-12-31 03:28 - 2014-04-09 18:24 - 01618592 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-29 00:33 - 2014-04-10 22:02 - 00000000 ____D () C:\Users\PhucTam\Documents\My Games
2014-12-28 19:53 - 2014-04-17 01:29 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-12-26 18:00 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-12-26 16:53 - 2014-04-09 20:08 - 00000000 ____D () C:\Users\PhucTam\AppData\Roaming\.minecraft
2014-12-25 00:44 - 2014-04-10 03:58 - 00000000 ____D () C:\Windows\Minidump
2014-12-25 00:38 - 2014-09-11 23:29 - 00000000 ____D () C:\Users\Public\Documents\Mad Catz
2014-12-25 00:38 - 2014-05-10 11:15 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-12-25 00:25 - 2014-07-12 16:30 - 00000000 ____D () C:\Users\PhucTam\Desktop\Musik ~98%
2014-12-23 15:56 - 2014-05-29 11:09 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-12-23 12:35 - 2009-07-14 05:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-12-23 12:33 - 2014-05-29 11:17 - 00000000 ____D () C:\Program Files\Origin Games
2014-12-23 10:21 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2014-12-22 22:34 - 2014-05-29 11:09 - 00000000 ____D () C:\ProgramData\Origin
2014-12-22 22:34 - 2014-05-29 11:09 - 00000000 ____D () C:\Program Files\Origin
2014-12-22 22:33 - 2014-04-09 19:44 - 00000000 ___RD () C:\Program Files\Skype
2014-12-22 22:33 - 2014-04-09 19:44 - 00000000 ____D () C:\ProgramData\Skype
2014-12-22 13:01 - 2014-05-29 11:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2014-12-20 14:01 - 2014-10-26 01:06 - 00016400 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2014-12-18 06:37 - 2014-06-29 09:57 - 00000000 ____D () C:\download
2014-12-17 23:25 - 2014-04-09 18:52 - 00000000 ____D () C:\Users\PhucTam\AppData\Local\VirtualStore
2014-12-13 01:12 - 2014-09-20 13:42 - 02210040 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap.dll
2014-12-13 01:12 - 2014-09-20 13:42 - 01291464 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-04 19:43

==================== End Of Log ============================
--- --- ---

--- --- ---

Addition:
Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 10-01-2015
Ran by PhucTam at 2015-01-12 20:02:11
Running from C:\Users\PhucTam\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
AION Free-to-Play (HKLM\...\{82E73E8D-E1E7-45A4-A311-6D31492AA913}_is1) (Version:  - Gameforge)
Akamai NetSession Interface (HKU\S-1-5-21-3598937497-1326978013-658881309-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
ANNO 2070 (HKLM\...\{B48E264C-C8CD-4617-B0BE-46E977BAD694}) (Version: 1.0.0.0 - Ubisoft)
Apple Application Support (HKLM\...\{A83279FD-CA4B-4206-9535-90974DE76654}) (Version: 2.1.5 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.5 (HKLM\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2018 - Avast Software)
Battle.net (HKLM\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield 3™ (HKLM\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM\...\Battlelog Web Plugins) (Version: 2.6.2 - EA Digital Illusions CE AB)
BlueStacks Notification Center (HKLM\...\{152E0B21-19D5-4772-9EF8-8E76074B0C0A}) (Version: 0.9.4.4078 - BlueStack Systems, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version:  - Valve)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Diablo III (HKLM\...\Diablo III) (Version:  - Blizzard Entertainment)
Fotogalerie (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Fraps (remove only) (Version:  - ) Hidden
Gameforge Live 2.0.5 (HKLM\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.5 - Gameforge)
Garry's Mod (HKLM\...\Steam App 4000) (Version:  - Facepunch Studios)
Google Chrome (HKLM\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.)
Google Update Helper (Version: 1.3.23.9 - Google Inc.) Hidden
Hearthstone (HKLM\...\Hearthstone) (Version:  - Blizzard Entertainment)
Hi-Rez Studios Authenticate and Update Service (HKLM\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version:  - )
League of Legends (HKLM\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (Version: 3.0.1 - Riot Games ) Hidden
Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
LogMeIn Hamachi (HKLM\...\LogMeIn Hamachi) (Version: 2.2.0.291 - LogMeIn, Inc.)
LogMeIn Hamachi (Version: 2.2.0.291 - LogMeIn, Inc.) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
MorphVOX Pro (HKLM\...\{4bfc0d50-0417-46a0-ab1e-475fb1a90916}) (Version: 4.4.17.22603 - Screaming Bee)
MorphVOX Pro (Version: 4.4.17.22603 - Screaming Bee) Hidden
Movie Maker (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Nostale(DE) (HKLM\...\NosTale(DE)_is1) (Version:  - Gameforge 4D GmbH)
Notepad++ (HKLM\...\Notepad++) (Version: 6.5.5 - Notepad++ Team)
NVIDIA 3D Vision Controller-Treiber 332.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 332.17 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 332.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 332.17 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.5 - NVIDIA Corporation)
NVIDIA Grafiktreiber 332.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 332.17 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.29.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.29.0 - NVIDIA Corporation)
NVIDIA PhysX (HKLM\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
Origin (HKLM\...\Origin) (Version: 9.4.7.2799 - Electronic Arts, Inc.)
PunkBuster Services (HKLM\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
Realm of the Mad God (HKLM\...\Steam App 200210) (Version:  - Wild Shadow Studios)
Rogue Legacy (HKLM\...\Steam App 241600) (Version:  - Cellar Door Games)
Scribblenauts Unlimited (HKLM\...\Steam App 218680) (Version:  - 5th Cell Media)
Serious Sam: The Random Encounter (HKLM\...\Steam App 201480) (Version:  - Vlambeer)
SHIELD Streaming (Version: 3.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.18.9 - NVIDIA Corporation) Hidden
Shopping Helper Smartbar (HKLM\...\{7DD65DA0-AD4F-4974-AAC6-5834DD7F6841}) (Version: 11.43.63.16271 - ReSoft Ltd.) <==== ATTENTION
Shopping Helper Smartbar Engine (HKU\S-1-5-21-3598937497-1326978013-658881309-1000\...\{f18039c1-5302-454f-adb0-fa2f0f2086fd}) (Version: 11.43.63.16271 - ReSoft Ltd.) <==== ATTENTION
SimCity 2000 Special Edition (HKLM\...\{59D2C751-F7BE-4E9F-9C8C-1F16013802C7}) (Version: 2.0.0.1 - Electronic Arts)
Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Smite (HKLM\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}) (Version: 1.0.2477.0 - Hi-Rez Studios)
Sonic Generations (HKLM\...\Steam App 71340) (Version:  - Devil's Details)
Sony Vegas Pro Pre-Cracked By Exµs 11.0 (HKLM\...\Sony Vegas Pro Pre-Cracked By Exµs) (Version: 11.0 - TheMrExus)
Steam (HKLM\...\Steam) (Version:  - Valve Corporation)
System Requirements Lab CYRI (HKLM\...\{F3FCB08B-E752-444D-86A0-0634A4F3B23D}) (Version: 6.0.8.0 - Husdawg, LLC)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
Terraria (HKLM\...\Steam App 105600) (Version:  - Re-Logic)
The Binding of Isaac (HKLM\...\Steam App 113200) (Version:  - Edmund McMillen and Florian Himsl)
The Sims 2: Ultimate Collection (HKLM\...\{04450C18-F039-4B81-A621-70C3B0F523D5}) (Version: 1.0.0.0 - Electronic Arts)
Toribash (HKLM\...\Steam App 248570) (Version:  - Nabi Studios)
Tunngle beta (HKLM\...\Tunngle beta_is1) (Version:  - Tunngle.net GmbH)
Unity Web Player (HKU\S-1-5-21-3598937497-1326978013-658881309-1000\...\UnityWebPlayer) (Version: 4.5.1f3 - Unity Technologies ApS)
Uplay (HKLM\...\Uplay) (Version: 4.3 - Ubisoft)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
WinRAR 5.10 beta 2 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.2 - win.rar GmbH)
XSplit Broadcaster (HKLM\...\{19F00CA3-338D-497C-BA31-0507101F2BBB}) (Version: 1.3.1403.1202 - SplitmediaLabs)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3598937497-1326978013-658881309-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\PhucTam\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)

==================== Restore Points  =========================

03-01-2015 00:20:26 Windows Update
06-01-2015 10:33:02 Windows Update
09-01-2015 12:51:47 Windows Update
09-01-2015 21:31:01 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
09-01-2015 23:15:13 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
09-01-2015 23:36:05 avast! antivirus system restore point
10-01-2015 02:50:53 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
10-01-2015 03:05:40 avast! antivirus system restore point
10-01-2015 03:06:29 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
10-01-2015 03:07:48 Wiederherstellungsvorgang
10-01-2015 03:15:18 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
10-01-2015 03:18:14 Windows Update
10-01-2015 03:19:21 Wiederherstellungsvorgang
10-01-2015 03:24:30 avast! antivirus system restore point
10-01-2015 03:25:10 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
10-01-2015 11:39:41 avast! antivirus system restore point
10-01-2015 11:57:37 avast! antivirus system restore point
10-01-2015 12:10:30 avast! antivirus system restore point
10-01-2015 15:25:02 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
10-01-2015 17:31:54 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2015-01-10 17:12 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {119D7A20-226E-4037-8ECC-B97D1AF95B36} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-04-29] (AVAST Software)
Task: {BFA338DE-6156-494B-BC12-3A2580E5D8DA} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-04-17] (Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Loaded Modules (whitelisted) =============

2014-04-09 21:36 - 2013-12-17 22:30 - 00107296 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2015-01-12 12:34 - 2015-01-12 12:34 - 02909696 _____ () C:\Program Files\AVAST Software\Avast\defs\15011200\algo.dll
2015-01-12 19:59 - 2015-01-12 19:59 - 02909696 _____ () C:\Program Files\AVAST Software\Avast\defs\15011201\algo.dll
2015-01-09 23:39 - 2014-04-29 13:32 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-12-23 10:21 - 2014-12-23 16:03 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe
2014-04-09 19:39 - 2014-04-02 02:57 - 00065352 _____ () C:\Program Files\Google\Chrome\Application\34.0.1847.116\chrome_elf.dll
2014-04-09 19:39 - 2014-04-02 02:57 - 00674632 _____ () C:\Program Files\Google\Chrome\Application\34.0.1847.116\libglesv2.dll
2014-04-09 19:39 - 2014-04-02 02:57 - 00093000 _____ () C:\Program Files\Google\Chrome\Application\34.0.1847.116\libegl.dll
2014-04-09 19:39 - 2014-04-02 02:57 - 04081480 _____ () C:\Program Files\Google\Chrome\Application\34.0.1847.116\pdf.dll
2014-04-09 19:39 - 2014-04-02 02:58 - 00390472 _____ () C:\Program Files\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll
2014-04-09 19:39 - 2014-04-02 02:57 - 01647432 _____ () C:\Program Files\Google\Chrome\Application\34.0.1847.116\ffmpegsumo.dll
2015-01-12 19:55 - 2015-01-12 19:55 - 00139264 _____ () C:\Users\PhucTam\Downloads\SystemLook.exe
2015-01-11 00:07 - 2014-08-07 14:02 - 03034496 _____ () C:\Program Files\GameforgeLive\gfl_client.exe
2015-01-11 00:07 - 2014-02-13 14:32 - 00088064 _____ () C:\Program Files\GameforgeLive\libgcc_s_sjlj-1.dll
2015-01-11 00:07 - 2014-02-13 14:32 - 00863744 _____ () C:\Program Files\GameforgeLive\libstdc++-6.dll
2015-01-11 00:07 - 2014-02-13 14:33 - 01765301 _____ () C:\Program Files\GameforgeLive\libgcrypt-11.dll
2015-01-11 00:07 - 2014-02-13 14:33 - 00126959 _____ () C:\Program Files\GameforgeLive\libgpg-error-0.dll
2015-01-11 00:07 - 2014-02-14 14:55 - 00530432 _____ () C:\Program Files\GameforgeLive\log4qt.dll
2015-01-11 00:07 - 2014-02-14 14:54 - 00141312 _____ () C:\Program Files\GameforgeLive\qjson.dll
2015-01-11 00:07 - 2014-02-14 15:19 - 05686669 _____ () C:\Program Files\GameforgeLive\libtorrent.dll
2015-01-11 00:07 - 2014-02-14 13:32 - 00097659 _____ () C:\Program Files\GameforgeLive\libboost_system-mgw47-mt-1_53.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-3598937497-1326978013-658881309-500 - Administrator - Disabled)
Gast (S-1-5-21-3598937497-1326978013-658881309-501 - Limited - Disabled)
PhucTam (S-1-5-21-3598937497-1326978013-658881309-1000 - Administrator - Enabled) => C:\Users\PhucTam

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Ethernet-Controller
Description: Ethernet-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: USB (Universal Serial Bus)-Controller
Description: USB (Universal Serial Bus)-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/12/2015 07:50:02 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.IO.FileNotFoundException: Die Datei "C:\ProgramData\BlueStacks\Android\kernel.elf" konnte nicht gefunden werden.
Dateiname: "C:\ProgramData\BlueStacks\Android\kernel.elf"
  bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
  bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (01/12/2015 07:04:57 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.IO.FileNotFoundException: Die Datei "C:\ProgramData\BlueStacks\Android\kernel.elf" konnte nicht gefunden werden.
Dateiname: "C:\ProgramData\BlueStacks\Android\kernel.elf"
  bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
  bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (01/12/2015 05:47:32 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (01/12/2015 00:33:43 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.IO.FileNotFoundException: Die Datei "C:\ProgramData\BlueStacks\Android\kernel.elf" konnte nicht gefunden werden.
Dateiname: "C:\ProgramData\BlueStacks\Android\kernel.elf"
  bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
  bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (01/12/2015 04:58:45 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.IO.FileNotFoundException: Die Datei "C:\ProgramData\BlueStacks\Android\kernel.elf" konnte nicht gefunden werden.
Dateiname: "C:\ProgramData\BlueStacks\Android\kernel.elf"
  bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
  bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (01/12/2015 02:58:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x54af4124
Name des fehlerhaften Moduls: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x54af4124
Ausnahmecode: 0x80000003
Fehleroffset: 0x0022ecf0
ID des fehlerhaften Prozesses: 0x1d94
Startzeit der fehlerhaften Anwendung: 0xcompatibilitycheck.exe0
Pfad der fehlerhaften Anwendung: compatibilitycheck.exe1
Pfad des fehlerhaften Moduls: compatibilitycheck.exe2
Berichtskennung: compatibilitycheck.exe3

Error: (01/12/2015 02:58:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x54af4124
Name des fehlerhaften Moduls: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x54af4124
Ausnahmecode: 0x80000003
Fehleroffset: 0x0022ecf0
ID des fehlerhaften Prozesses: 0x12ec
Startzeit der fehlerhaften Anwendung: 0xcompatibilitycheck.exe0
Pfad der fehlerhaften Anwendung: compatibilitycheck.exe1
Pfad des fehlerhaften Moduls: compatibilitycheck.exe2
Berichtskennung: compatibilitycheck.exe3

Error: (01/12/2015 02:54:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x54af4124
Name des fehlerhaften Moduls: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x54af4124
Ausnahmecode: 0x80000003
Fehleroffset: 0x0022ecf0
ID des fehlerhaften Prozesses: 0x1d1c
Startzeit der fehlerhaften Anwendung: 0xcompatibilitycheck.exe0
Pfad der fehlerhaften Anwendung: compatibilitycheck.exe1
Pfad des fehlerhaften Moduls: compatibilitycheck.exe2
Berichtskennung: compatibilitycheck.exe3

Error: (01/11/2015 09:23:16 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.IO.FileNotFoundException: Die Datei "C:\ProgramData\BlueStacks\Android\kernel.elf" konnte nicht gefunden werden.
Dateiname: "C:\ProgramData\BlueStacks\Android\kernel.elf"
  bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
  bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (01/11/2015 09:03:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: explorer.exe, Version: 6.1.7601.17567, Zeitstempel: 0x4d6727a7
Name des fehlerhaften Moduls: SHELL32.dll, Version: 6.1.7601.18517, Zeitstempel: 0x53aa285b
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0026d04a
ID des fehlerhaften Prozesses: 0x1f54
Startzeit der fehlerhaften Anwendung: 0xexplorer.exe0
Pfad der fehlerhaften Anwendung: explorer.exe1
Pfad des fehlerhaften Moduls: explorer.exe2
Berichtskennung: explorer.exe3


System errors:
=============
Error: (01/12/2015 08:01:13 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.0.14
registriert werden. Der Computer mit IP-Adresse 192.168.0.10 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (01/12/2015 07:52:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (01/12/2015 07:50:25 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.0.14
registriert werden. Der Computer mit IP-Adresse 192.168.0.10 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (01/12/2015 07:50:02 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler beendet:
%%1064

Error: (01/12/2015 07:49:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "ValueApps" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (01/12/2015 07:45:42 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056

Error: (01/12/2015 07:45:41 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Media Player-Netzwerkfreigabedienst" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056

Error: (01/12/2015 07:45:41 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (01/12/2015 07:45:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Hi-Rez Studios Authenticate and Update Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (01/12/2015 07:45:12 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.


Microsoft Office Sessions:
=========================
Error: (01/12/2015 07:50:02 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.IO.FileNotFoundException: Die Datei "C:\ProgramData\BlueStacks\Android\kernel.elf" konnte nicht gefunden werden.
Dateiname: "C:\ProgramData\BlueStacks\Android\kernel.elf"
  bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
  bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (01/12/2015 07:04:57 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.IO.FileNotFoundException: Die Datei "C:\ProgramData\BlueStacks\Android\kernel.elf" konnte nicht gefunden werden.
Dateiname: "C:\ProgramData\BlueStacks\Android\kernel.elf"
  bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
  bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (01/12/2015 05:47:32 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\common files\Logishrd\sp6_uninstall\tools\64\AddBrowsers.exe

Error: (01/12/2015 00:33:43 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.IO.FileNotFoundException: Die Datei "C:\ProgramData\BlueStacks\Android\kernel.elf" konnte nicht gefunden werden.
Dateiname: "C:\ProgramData\BlueStacks\Android\kernel.elf"
  bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
  bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (01/12/2015 04:58:45 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.IO.FileNotFoundException: Die Datei "C:\ProgramData\BlueStacks\Android\kernel.elf" konnte nicht gefunden werden.
Dateiname: "C:\ProgramData\BlueStacks\Android\kernel.elf"
  bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
  bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (01/12/2015 02:58:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: compatibilitycheck.exe0.0.0.054af4124compatibilitycheck.exe0.0.0.054af4124800000030022ecf01d9401d02e0b3a18eb19C:\Users\PhucTam\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exeC:\Users\PhucTam\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe7c974403-99fe-11e4-9d34-00040ece5155

Error: (01/12/2015 02:58:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: compatibilitycheck.exe0.0.0.054af4124compatibilitycheck.exe0.0.0.054af4124800000030022ecf012ec01d02ddd4b3f6c47C:\Users\PhucTam\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exeC:\Users\PhucTam\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe7bf70a0a-99fe-11e4-9d34-00040ece5155

Error: (01/12/2015 02:54:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: compatibilitycheck.exe0.0.0.054af4124compatibilitycheck.exe0.0.0.054af4124800000030022ecf01d1c01d02e0abce92fd8C:\Users\PhucTam\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exeC:\Users\PhucTam\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe00205427-99fe-11e4-9d34-00040ece5155

Error: (01/11/2015 09:23:16 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.IO.FileNotFoundException: Die Datei "C:\ProgramData\BlueStacks\Android\kernel.elf" konnte nicht gefunden werden.
Dateiname: "C:\ProgramData\BlueStacks\Android\kernel.elf"
  bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
  bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (01/11/2015 09:03:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: explorer.exe6.1.7601.175674d6727a7SHELL32.dll6.1.7601.1851753aa285bc00000050026d04a1f5401d02dcada1b4e1eC:\Windows\explorer.exeC:\Windows\system32\SHELL32.dllf5d2cee4-99cc-11e4-bb20-00040ece5155


==================== Memory info ===========================

Processor: AMD FX(tm)-6300 Six-Core Processor
Percentage of memory in use: 68%
Total physical RAM: 3069.54 MB
Available physical RAM: 968.43 MB
Total Pagefile: 9211.82 MB
Available Pagefile: 6554.13 MB
Total Virtual: 2047.88 MB
Available Virtual: 1908.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:710.74 GB) NTFS
Drive e: (DarkSiders.II) (CDROM) (Total:5.36 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 6628B7BD)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

==================== End Of Log ============================

M-K-D-B 12.01.2015 21:22
Wir entfernen die letzten Reste und kontrollieren nochmal alles. ESET kann länger (> 2 h) dauern.
Im Anschluss entfernen wir alle verwendeten Tools und ich gebe dir noch ein paar Tipps mit auf den Weg.




Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Code:
start
CloseProcesses:
S2 ValueApps; C:\Users\PhucTam\AppData\Local\ValueApps\ValueApps.exe [X]
EmptyTemp:
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.






Schritt 2
Downloade dir die passende Version von HitmanPro auf deinen Desktop: HitmanPro - 32 Bit | HitmanPro - 64 Bit.
  • Starte die HitmanPro.exe
  • Klicke auf
  • Entferne den Haken bei
  • Klicke auf
    und
  • Akzeptiere die Lizenzbedingungen und klicke auf
  • Klicke auf

    und auf
  • Wenn der Scan beendet wurde, nichts löschen lassen etc. sondern wähle unten links auf der Button-Leiste
    und speichere die Logdatei auf Deinem Desktop.
  • Schließe HitmanPro und poste mir das Log.

 






Schritt 3

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset






Schritt 4
Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.






Bitte poste mit deiner nächsten Antwort
  • die Logdatei des FRST-Fix,
  • die Logdatei von HitmanPro,
  • die Logdatei von ESET,
  • die Logdatei von SecurityCheck.

Likay 13.01.2015 13:55
das hier wird nach und nach erweitert, da dies doch etwas aufwendiger als das vorherige ist

Fixlog:
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 10-01-2015
Ran by PhucTam at 2015-01-13 13:50:13 Run:2
Running from C:\Users\PhucTam\Desktop
Loaded Profile: PhucTam (Available profiles: PhucTam)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
CloseProcesses:
S2 ValueApps; C:\Users\PhucTam\AppData\Local\ValueApps\ValueApps.exe [X]
EmptyTemp:
end
*****************

Processes closed successfully.
ValueApps => Service deleted successfully.
EmptyTemp: => Removed 371.8 MB temporary data.


The system needed a reboot.

==== End of Fixlog 13:50:24 ====

M-K-D-B 13.01.2015 14:36
alles klar, ich warte auf die weiteren Logdateien. :)

Likay 13.01.2015 16:33
HitmanPro habe ich leider keine Logs, weil ich den SChritt übersehen habe :(
alles wurde geloescht, außer FRST.exe, die auch Verdächtig als Einstufung hatte

ESET:
Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=47934cd8227b2b4db320b4e34ce38d17
# engine=21944
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-01-13 03:06:42
# local_time=2015-01-13 04:06:42 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 100 95 195097 22386905 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 32570 172792793 0 0
# scanned=197288
# found=235
# cleaned=0
# scan_time=5085
sh=321FFA63BC10C82EBF9D52BBC8DFAD1635A7D88D ft=1 fh=6345b32e772ed437 vn="Win32/AdWare.Adpeak.F Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\002\yewimmxqbs32.exe.vir"
sh=A8D1EF4F7E29C577A4B9F19F578990EC2094FC60 ft=1 fh=c71c00113bf4a93a vn="Variante von Win32/AdWare.AddLyrics.BH Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\di7BlockAndSurf\175.dll.vir"
sh=F08F6CC02F1CF9E77D7AC84D6F30FCB71B8305FF ft=1 fh=c71c0011106a0927 vn="Variante von Win32/AdWare.AddLyrics.BB Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\di7BlockAndSurf\O0BlockAndSurfZJ175.dll.vir"
sh=6BFEACE66FAFEC061DBCBB6CE1293FDFB13543D0 ft=1 fh=c71c0011b0eea399 vn="Variante von Win32/Adware.AddLyrics.CL Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\di7BlockAndSurf\R2BlockAndSurfy72.exe.vir"
sh=29A22C6B0EFB212BF73C9F787BD4252FB8B65B06 ft=1 fh=f36b54ab57d080b3 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\LPT\Smartbar.Resources.HistoryAndStatsWrapper.dll.vir"
sh=55A920DDE8213071BDF2B3102576B779508D180A ft=1 fh=88d47ad422f07b87 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\LPT\sppsm.dll.vir"
sh=226323E500D641425C4209F52CD2722F2CE408A0 ft=1 fh=eaeb977324ab8858 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\LPT\spusm.dll.vir"
sh=37703B3CFC8731E02C802496A698EB572B31B702 ft=1 fh=d1edc0fb9743c5e0 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\LPT\srbs.dll.vir"
sh=19CAD3930C1C2AC434A1BB7DE8167E9C733B0FD7 ft=1 fh=41463cf6dfa3ec6c vn="Variante von MSIL/Toolbar.Linkury.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\LPT\srbu.dll.vir"
sh=7D02B85A048C85BFDDB26C061696E1838B3689EF ft=1 fh=3bb292d6033375a6 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\LPT\srpt.dll.vir"
sh=31D0B125962639ACC9DF9F39782A3207099DD924 ft=1 fh=ca95fc211bc2fbc3 vn="Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Mysearchdial\1.8.29.0\mysearchdialApp.dll.vir"
sh=6857BD88EA938B705EFC3FD46D5C91D2C1B3EDE9 ft=1 fh=a2f65d85debd6839 vn="Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Mysearchdial\1.8.29.0\mysearchdialEng.dll.vir"
sh=7ABB587B2A0D80E1EC4B2F1E8BB0E2C194FBB4A0 ft=1 fh=9074270edfd38722 vn="Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Mysearchdial\1.8.29.0\mysearchdialsrv.exe.vir"
sh=3407FB00757C71D9CB28AEC2EC7855FF5D3A6609 ft=1 fh=67364266c19decdd vn="Variante von Win32/Toolbar.Montiera.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Mysearchdial\1.8.29.0\mysearchdialTlbr.dll.vir"
sh=89DC63472DE94DF3F12DBAE15B7EBE6C04263369 ft=1 fh=7fb9e45e0079471d vn="Variante von Win32/Toolbar.Escort.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Mysearchdial\1.8.29.0\bh\mysearchdial.dll.vir"
sh=9ABE489AF3684ABB96AB39F112768F69C83D0F8E ft=1 fh=f7fcd12f54d4e5cc vn="Win32/SpeedingUpMyPC.O Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Optimizer Pro\OptimizerPro.exe.vir"
sh=2FB6E17B5B1771AF9BBE670D80BC29672A764471 ft=1 fh=45f0ba0365790147 vn="Variante von Win32/SProtector.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Optimizer Pro\OptProCrash.dll.vir"
sh=0DBD0B657BE45FA9D4340407997201B2A6068152 ft=1 fh=9cbe529653db9d6a vn="Variante von Win32/SProtector.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Optimizer Pro\OptProCrashSvc.dll.vir"
sh=2F367F244D08950211E4C05FB8EF8E0959BB773A ft=1 fh=20d3e0bbdedcd685 vn="Variante von Win32/AdWare.SpeedingUpMyPC.D Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Optimizer Pro\OptProLauncher.exe.vir"
sh=CC2F7F7CC08641092233423CF3F8B4391722D3F4 ft=1 fh=ac319602da2fe806 vn="Win32/Adware.SpeedingUpMyPC.V Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Optimizer Pro\OptProReminder.exe.vir"
sh=E5DB01AF8C7541396D4C619A55B7B664281A5375 ft=1 fh=97edb4dad52fbf6e vn="Variante von Win32/Adware.SpeedingUpMyPC.C Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Optimizer Pro\OptProSmartScan.exe.vir"
sh=8D5CADF10BD0671F1CA3BEE8B0FA4F6A50A01682 ft=1 fh=38162f748e056840 vn="Variante von Win64/Adware.MultiPlug.E Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SkypEmoticons\gT.x64.dll.vir"
sh=53F226B3D1D3828304E40C6C7A50667ADF23B42A ft=1 fh=e1ea10a5e9416a5c vn="Win32/Thinknice.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\DpInterface32.dll.vir"
sh=0CB68F399D491465198E3E86F1D2923A211614E7 ft=1 fh=021f675753f993f2 vn="Win64/Thinknice.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\DpInterface64.dll.vir"
sh=72971E4B87542575A876B36FB87879B416F4EC88 ft=1 fh=eb8c71c588367618 vn="Variante von Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\DpInterfacef32.dll.vir"
sh=86EA851108D635D9ED47C01E86899845DFDA3EC7 ft=1 fh=90733a3b10b3e858 vn="Variante von Win32/Thinknice.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\HpUI.exe.vir"
sh=A8E3A9E6972C6F8B253EA0E1837AEEBF0A07B187 ft=1 fh=e2a5b168a3934371 vn="Variante von Win32/Thinknice.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\RSHP.exe.vir"
sh=30E2FB1C671B2808D2E80518D793575965AF2416 ft=1 fh=d06e6f3f3f60e357 vn="Variante von Win32/Thinknice.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\SearchProtect32.dll.vir"
sh=AC11914CC02E023E2EF06A80DEE1701419A5473A ft=1 fh=4cb2d0bd10147652 vn="Win64/Thinknice.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\SearchProtect64.dll.vir"
sh=B733C40B96BCA6CC139230D0F7C4E51CEC12CF35 ft=1 fh=08ea3c71e6c55c1b vn="Win32/Thinknice.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\SpAPPSv32.dll.vir"
sh=D6F9F256C03B81C01D6CFF28D2D966F59F786AC3 ft=1 fh=3a3e287aa52ff7e5 vn="Variante von Win64/Thinknice.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\SpAPPSv64.dll.vir"
sh=36F969E522FD53A189312D946C430EFD02D5A982 ft=1 fh=5d022c015afe1524 vn="Variante von Win32/ELEX.AV evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\SupIePluginServiceUpdate.exe.vir"
sh=4139F95644E13A650D4827C943BCC9F2F0F6AA93 ft=1 fh=3b96e1736604b8bc vn="Win32/Thinknice.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\uninstall.exe.vir"
sh=79C9BD304C93AB8FD0544108656A899993DB14EF ft=1 fh=e6f80544d6e8089f vn="Variante von Win32/Thinknice.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\WindowsSupportDll32.dll.vir"
sh=96B85214CD9E4FF85AC6144E7EF3DDF9E0F215E6 ft=1 fh=098a6735f96a550a vn="Variante von Win32/Thinknice.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\WindowsSupportDll64.dll.vir"
sh=66AE7020991466E365531E01821D1721FF10F7A9 ft=1 fh=2b6131bebc979372 vn="Win32/ELEX.BF evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\WinZipper\TrayDownloader.exe.vir"
sh=36D9F4A3B13AFC47D1E28A81CF00AC38B82C54E0 ft=1 fh=ee02773919a25ace vn="Variante von Win32/ELEX.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\WinZipper\winzipersvc.exe.vir"
sh=0BFE90FAB6F10C0104F69A06184B63F7FBDBFD93 ft=1 fh=c71c0011f25c11fd vn="Variante von Win32/AdWare.MultiPlug.T Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\CostMin\l8f6S.exe.vir"
sh=A3CA60F5F808B66C9A8F3081E135CF845C512D53 ft=1 fh=c71c00113363d678 vn="Variante von Win32/AdWare.MultiPlug.N Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Hauppy2Savee\aKFzkTi.dll.vir"
sh=95D8C7F2851240F836D46EBD0DCB0BBAE3C9C3C8 ft=1 fh=c39b2415a29978f2 vn="Variante von Win32/ELEX.AV evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\IePluginService\PluginService.exe.vir"
sh=2C72C2967E07E465C85E06D7DE9F53AE59FD524C ft=1 fh=818637f81cd0ffe9 vn="Variante von Win32/ELEX.AV evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\IePluginServices\PluginService.exe.vir"
sh=95DBB41D9379F67837AD5FE00BB6AEDEE08CBCE4 ft=1 fh=c71c00118358bd10 vn="Variante von Win32/AdWare.MultiPlug.Y Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Save, nett\ngea.exe.vir"
sh=95DBB41D9379F67837AD5FE00BB6AEDEE08CBCE4 ft=1 fh=c71c00118358bd10 vn="Variante von Win32/AdWare.MultiPlug.Y Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\suave neet\z81.exe.vir"
sh=F0DB92E27FF763CDC3002BB2B7320F9F3478224F ft=1 fh=c71c0011edb12146 vn="Variante von Win32/ELEX.BH evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe.vir"
sh=8C9C40D70CF3E131C41B8D5C52BCBBF86FB72DDE ft=1 fh=c71c001104d308c4 vn="Variante von Win32/ELEX.BD evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\WindowsMangerProtect\update\update.exe.vir"
sh=9A189D6EAB28C6F9C20AEEFA3E7134916E38C65B ft=1 fh=c71c0011b919b825 vn="Variante von Win32/ELEX.AE evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\WPM\wprotectmanager.exe.vir"
sh=95DBB41D9379F67837AD5FE00BB6AEDEE08CBCE4 ft=1 fh=c71c00118358bd10 vn="Variante von Win32/AdWare.MultiPlug.Y Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\YoutubeAdblocker\GDPHQnwSuEb.exe.vir"
sh=E6FE15C55F5B1B336047948A68E5805BBF99B9A2 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dcbbpmjmoagpigonkidpcmhdbbhgfpie\1.0\content.js.vir"
sh=FA7E5D2203FE828A8ED9EA598CDD6E87EE1A9845 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dcbbpmjmoagpigonkidpcmhdbbhgfpie\1.0\fe41kgGXEGVO.js.vir"
sh=DFD89E057B64D4828D4CA81411C574758FC8A2FC ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\gjbmgpncmobcaflfmcogianegpdnbkhk\1.0\IyHFMix5si.js.vir"
sh=1CC260AF30EB3CDFDE218B39CDB55831635BA690 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\gjbmgpncmobcaflfmcogianegpdnbkhk\1.0\lsdb.js.vir"
sh=E6FE15C55F5B1B336047948A68E5805BBF99B9A2 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hbeallnmpfjamdnakojgbfmlkdnkhjoj\5.14\content.js.vir"
sh=EB73D1A0B711F4AF11B0BFCCFD4752521DA9DF29 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hbeallnmpfjamdnakojgbfmlkdnkhjoj\5.14\LB8mZM.js.vir"
sh=63F05A609F0F1E82F24DFDF7317F1996BED6B7A0 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\laebfhpccpiljpoifpmkkcmafdgchggb\5.14\content.js.vir"
sh=9C70427E9DD4EDDBC6FE142A95E86AA77CBCAE32 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\laebfhpccpiljpoifpmkkcmafdgchggb\5.14\E4aD.js.vir"
sh=E6FE15C55F5B1B336047948A68E5805BBF99B9A2 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\oilipfekkmncanaajkapbpancpelijih\206\content.js.vir"
sh=9A420652396B2E01339EF647E6B48295E355617A ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\oilipfekkmncanaajkapbpancpelijih\206\K0caBXeQ0M.js.vir"
sh=E6FE15C55F5B1B336047948A68E5805BBF99B9A2 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcbbpmjmoagpigonkidpcmhdbbhgfpie\1.0\content.js.vir"
sh=FA7E5D2203FE828A8ED9EA598CDD6E87EE1A9845 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcbbpmjmoagpigonkidpcmhdbbhgfpie\1.0\fe41kgGXEGVO.js.vir"
sh=E6FE15C55F5B1B336047948A68E5805BBF99B9A2 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hbeallnmpfjamdnakojgbfmlkdnkhjoj\5.14\content.js.vir"
sh=EB73D1A0B711F4AF11B0BFCCFD4752521DA9DF29 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hbeallnmpfjamdnakojgbfmlkdnkhjoj\5.14\LB8mZM.js.vir"
sh=63F05A609F0F1E82F24DFDF7317F1996BED6B7A0 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\laebfhpccpiljpoifpmkkcmafdgchggb\5.14\content.js.vir"
sh=9C70427E9DD4EDDBC6FE142A95E86AA77CBCAE32 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\laebfhpccpiljpoifpmkkcmafdgchggb\5.14\E4aD.js.vir"
sh=E6FE15C55F5B1B336047948A68E5805BBF99B9A2 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcbbpmjmoagpigonkidpcmhdbbhgfpie\1.0\content.js.vir"
sh=FA7E5D2203FE828A8ED9EA598CDD6E87EE1A9845 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcbbpmjmoagpigonkidpcmhdbbhgfpie\1.0\fe41kgGXEGVO.js.vir"
sh=E6FE15C55F5B1B336047948A68E5805BBF99B9A2 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbeallnmpfjamdnakojgbfmlkdnkhjoj\5.14\content.js.vir"
sh=EB73D1A0B711F4AF11B0BFCCFD4752521DA9DF29 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbeallnmpfjamdnakojgbfmlkdnkhjoj\5.14\LB8mZM.js.vir"
sh=63F05A609F0F1E82F24DFDF7317F1996BED6B7A0 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\laebfhpccpiljpoifpmkkcmafdgchggb\5.14\content.js.vir"
sh=9C70427E9DD4EDDBC6FE142A95E86AA77CBCAE32 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\laebfhpccpiljpoifpmkkcmafdgchggb\5.14\E4aD.js.vir"
sh=E6FE15C55F5B1B336047948A68E5805BBF99B9A2 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\dcbbpmjmoagpigonkidpcmhdbbhgfpie\1.0\content.js.vir"
sh=FA7E5D2203FE828A8ED9EA598CDD6E87EE1A9845 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\dcbbpmjmoagpigonkidpcmhdbbhgfpie\1.0\fe41kgGXEGVO.js.vir"
sh=DFD89E057B64D4828D4CA81411C574758FC8A2FC ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\gjbmgpncmobcaflfmcogianegpdnbkhk\1.0\IyHFMix5si.js.vir"
sh=1CC260AF30EB3CDFDE218B39CDB55831635BA690 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\gjbmgpncmobcaflfmcogianegpdnbkhk\1.0\lsdb.js.vir"
sh=E6FE15C55F5B1B336047948A68E5805BBF99B9A2 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\hbeallnmpfjamdnakojgbfmlkdnkhjoj\5.14\content.js.vir"
sh=EB73D1A0B711F4AF11B0BFCCFD4752521DA9DF29 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\hbeallnmpfjamdnakojgbfmlkdnkhjoj\5.14\LB8mZM.js.vir"
sh=63F05A609F0F1E82F24DFDF7317F1996BED6B7A0 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\laebfhpccpiljpoifpmkkcmafdgchggb\5.14\content.js.vir"
sh=9C70427E9DD4EDDBC6FE142A95E86AA77CBCAE32 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\laebfhpccpiljpoifpmkkcmafdgchggb\5.14\E4aD.js.vir"
sh=E6FE15C55F5B1B336047948A68E5805BBF99B9A2 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\oilipfekkmncanaajkapbpancpelijih\206\content.js.vir"
sh=9A420652396B2E01339EF647E6B48295E355617A ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\oilipfekkmncanaajkapbpancpelijih\206\K0caBXeQ0M.js.vir"
sh=E6FE15C55F5B1B336047948A68E5805BBF99B9A2 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dcbbpmjmoagpigonkidpcmhdbbhgfpie\1.0\content.js.vir"
sh=FA7E5D2203FE828A8ED9EA598CDD6E87EE1A9845 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dcbbpmjmoagpigonkidpcmhdbbhgfpie\1.0\fe41kgGXEGVO.js.vir"
sh=DFD89E057B64D4828D4CA81411C574758FC8A2FC ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\gjbmgpncmobcaflfmcogianegpdnbkhk\1.0\IyHFMix5si.js.vir"
sh=1CC260AF30EB3CDFDE218B39CDB55831635BA690 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\gjbmgpncmobcaflfmcogianegpdnbkhk\1.0\lsdb.js.vir"
sh=E6FE15C55F5B1B336047948A68E5805BBF99B9A2 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hbeallnmpfjamdnakojgbfmlkdnkhjoj\5.14\content.js.vir"
sh=EB73D1A0B711F4AF11B0BFCCFD4752521DA9DF29 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hbeallnmpfjamdnakojgbfmlkdnkhjoj\5.14\LB8mZM.js.vir"
sh=63F05A609F0F1E82F24DFDF7317F1996BED6B7A0 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\laebfhpccpiljpoifpmkkcmafdgchggb\5.14\content.js.vir"
sh=9C70427E9DD4EDDBC6FE142A95E86AA77CBCAE32 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\laebfhpccpiljpoifpmkkcmafdgchggb\5.14\E4aD.js.vir"
sh=E6FE15C55F5B1B336047948A68E5805BBF99B9A2 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\oilipfekkmncanaajkapbpancpelijih\206\content.js.vir"
sh=9A420652396B2E01339EF647E6B48295E355617A ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\oilipfekkmncanaajkapbpancpelijih\206\K0caBXeQ0M.js.vir"
sh=E6FE15C55F5B1B336047948A68E5805BBF99B9A2 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcbbpmjmoagpigonkidpcmhdbbhgfpie\1.0\content.js.vir"
sh=FA7E5D2203FE828A8ED9EA598CDD6E87EE1A9845 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcbbpmjmoagpigonkidpcmhdbbhgfpie\1.0\fe41kgGXEGVO.js.vir"
sh=E6FE15C55F5B1B336047948A68E5805BBF99B9A2 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hbeallnmpfjamdnakojgbfmlkdnkhjoj\5.14\content.js.vir"
sh=EB73D1A0B711F4AF11B0BFCCFD4752521DA9DF29 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hbeallnmpfjamdnakojgbfmlkdnkhjoj\5.14\LB8mZM.js.vir"
sh=63F05A609F0F1E82F24DFDF7317F1996BED6B7A0 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\laebfhpccpiljpoifpmkkcmafdgchggb\5.14\content.js.vir"
sh=9C70427E9DD4EDDBC6FE142A95E86AA77CBCAE32 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\laebfhpccpiljpoifpmkkcmafdgchggb\5.14\E4aD.js.vir"
sh=E6FE15C55F5B1B336047948A68E5805BBF99B9A2 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcbbpmjmoagpigonkidpcmhdbbhgfpie\1.0\content.js.vir"
sh=FA7E5D2203FE828A8ED9EA598CDD6E87EE1A9845 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcbbpmjmoagpigonkidpcmhdbbhgfpie\1.0\fe41kgGXEGVO.js.vir"
sh=E6FE15C55F5B1B336047948A68E5805BBF99B9A2 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbeallnmpfjamdnakojgbfmlkdnkhjoj\5.14\content.js.vir"
sh=EB73D1A0B711F4AF11B0BFCCFD4752521DA9DF29 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbeallnmpfjamdnakojgbfmlkdnkhjoj\5.14\LB8mZM.js.vir"
sh=63F05A609F0F1E82F24DFDF7317F1996BED6B7A0 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\laebfhpccpiljpoifpmkkcmafdgchggb\5.14\content.js.vir"
sh=9C70427E9DD4EDDBC6FE142A95E86AA77CBCAE32 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\laebfhpccpiljpoifpmkkcmafdgchggb\5.14\E4aD.js.vir"
sh=E6FE15C55F5B1B336047948A68E5805BBF99B9A2 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\torch\User Data\Default\Extensions\dcbbpmjmoagpigonkidpcmhdbbhgfpie\1.0\content.js.vir"
sh=FA7E5D2203FE828A8ED9EA598CDD6E87EE1A9845 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\torch\User Data\Default\Extensions\dcbbpmjmoagpigonkidpcmhdbbhgfpie\1.0\fe41kgGXEGVO.js.vir"
sh=DFD89E057B64D4828D4CA81411C574758FC8A2FC ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\torch\User Data\Default\Extensions\gjbmgpncmobcaflfmcogianegpdnbkhk\1.0\IyHFMix5si.js.vir"
sh=1CC260AF30EB3CDFDE218B39CDB55831635BA690 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\torch\User Data\Default\Extensions\gjbmgpncmobcaflfmcogianegpdnbkhk\1.0\lsdb.js.vir"
sh=E6FE15C55F5B1B336047948A68E5805BBF99B9A2 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\torch\User Data\Default\Extensions\hbeallnmpfjamdnakojgbfmlkdnkhjoj\5.14\content.js.vir"
sh=EB73D1A0B711F4AF11B0BFCCFD4752521DA9DF29 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\torch\User Data\Default\Extensions\hbeallnmpfjamdnakojgbfmlkdnkhjoj\5.14\LB8mZM.js.vir"
sh=63F05A609F0F1E82F24DFDF7317F1996BED6B7A0 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\torch\User Data\Default\Extensions\laebfhpccpiljpoifpmkkcmafdgchggb\5.14\content.js.vir"
sh=9C70427E9DD4EDDBC6FE142A95E86AA77CBCAE32 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\torch\User Data\Default\Extensions\laebfhpccpiljpoifpmkkcmafdgchggb\5.14\E4aD.js.vir"
sh=E6FE15C55F5B1B336047948A68E5805BBF99B9A2 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\torch\User Data\Default\Extensions\oilipfekkmncanaajkapbpancpelijih\206\content.js.vir"
sh=9A420652396B2E01339EF647E6B48295E355617A ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\torch\User Data\Default\Extensions\oilipfekkmncanaajkapbpancpelijih\206\K0caBXeQ0M.js.vir"
sh=E6FE15C55F5B1B336047948A68E5805BBF99B9A2 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\PhucTam\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dcbbpmjmoagpigonkidpcmhdbbhgfpie\1.0\content.js.vir"
sh=FA7E5D2203FE828A8ED9EA598CDD6E87EE1A9845 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\PhucTam\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dcbbpmjmoagpigonkidpcmhdbbhgfpie\1.0\fe41kgGXEGVO.js.vir"
sh=DFD89E057B64D4828D4CA81411C574758FC8A2FC ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\PhucTam\AppData\Local\Chromatic Browser\User Data\Default\Extensions\gjbmgpncmobcaflfmcogianegpdnbkhk\1.0\IyHFMix5si.js.vir"
sh=1CC260AF30EB3CDFDE218B39CDB55831635BA690 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\PhucTam\AppData\Local\Chromatic Browser\User Data\Default\Extensions\gjbmgpncmobcaflfmcogianegpdnbkhk\1.0\lsdb.js.vir"
sh=E6FE15C55F5B1B336047948A68E5805BBF99B9A2 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\PhucTam\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hbeallnmpfjamdnakojgbfmlkdnkhjoj\5.14\content.js.vir"
sh=EB73D1A0B711F4AF11B0BFCCFD4752521DA9DF29 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\PhucTam\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hbeallnmpfjamdnakojgbfmlkdnkhjoj\5.14\LB8mZM.js.vir"
sh=63F05A609F0F1E82F24DFDF7317F1996BED6B7A0 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\PhucTam\AppData\Local\Chromatic Browser\User Data\Default\Extensions\laebfhpccpiljpoifpmkkcmafdgchggb\5.14\content.js.vir"
sh=9C70427E9DD4EDDBC6FE142A95E86AA77CBCAE32 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\PhucTam\AppData\Local\Chromatic Browser\User Data\Default\Extensions\laebfhpccpiljpoifpmkkcmafdgchggb\5.14\E4aD.js.vir"
sh=E6FE15C55F5B1B336047948A68E5805BBF99B9A2 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\PhucTam\AppData\Local\Chromatic Browser\User Data\Default\Extensions\oilipfekkmncanaajkapbpancpelijih\206\content.js.vir"
sh=9A420652396B2E01339EF647E6B48295E355617A ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\PhucTam\AppData\Local\Chromatic Browser\User Data\Default\Extensions\oilipfekkmncanaajkapbpancpelijih\206\K0caBXeQ0M.js.vir"
sh=E6FE15C55F5B1B336047948A68E5805BBF99B9A2 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\PhucTam\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcbbpmjmoagpigonkidpcmhdbbhgfpie\1.0\content.js.vir"
sh=FA7E5D2203FE828A8ED9EA598CDD6E87EE1A9845 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\PhucTam\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcbbpmjmoagpigonkidpcmhdbbhgfpie\1.0\fe41kgGXEGVO.js.vir"
sh=E6FE15C55F5B1B336047948A68E5805BBF99B9A2 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\PhucTam\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hbeallnmpfjamdnakojgbfmlkdnkhjoj\5.14\content.js.vir"
sh=EB73D1A0B711F4AF11B0BFCCFD4752521DA9DF29 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\PhucTam\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hbeallnmpfjamdnakojgbfmlkdnkhjoj\5.14\LB8mZM.js.vir"
sh=63F05A609F0F1E82F24DFDF7317F1996BED6B7A0 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\PhucTam\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\laebfhpccpiljpoifpmkkcmafdgchggb\5.14\content.js.vir"
sh=9C70427E9DD4EDDBC6FE142A95E86AA77CBCAE32 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\PhucTam\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\laebfhpccpiljpoifpmkkcmafdgchggb\5.14\E4aD.js.vir"
sh=29A22C6B0EFB212BF73C9F787BD4252FB8B65B06 ft=1 fh=f36b54ab57d080b3 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\PhucTam\AppData\Local\LPT\Smartbar.Resources.HistoryAndStatsWrapper.dll.vir"
sh=55A920DDE8213071BDF2B3102576B779508D180A ft=1 fh=88d47ad422f07b87 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\PhucTam\AppData\Local\LPT\sppsm.dll.vir"
sh=226323E500D641425C4209F52CD2722F2CE408A0 ft=1 fh=eaeb977324ab8858 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\PhucTam\AppData\Local\LPT\spusm.dll.vir"
sh=37703B3CFC8731E02C802496A698EB572B31B702 ft=1 fh=d1edc0fb9743c5e0 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\PhucTam\AppData\Local\LPT\srbs.dll.vir"
sh=19CAD3930C1C2AC434A1BB7DE8167E9C733B0FD7 ft=1 fh=41463cf6dfa3ec6c vn="Variante von MSIL/Toolbar.Linkury.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\PhucTam\AppData\Local\LPT\srbu.dll.vir"
sh=7D02B85A048C85BFDDB26C061696E1838B3689EF ft=1 fh=3bb292d6033375a6 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\PhucTam\AppData\Local\LPT\srpt.dll.vir"
sh=868524C1CE69BE7C29300966FFC8706F03EB0270 ft=1 fh=8e7eac0d6d54c1f1 vn="Variante von MSIL/Toolbar.Linkury.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\PhucTam\AppData\Local\Smartbar\Application\Smartbar.exe.vir"
sh=BBEA242CC77F3C1F3734442F0C800E05B22D7152 ft=1 fh=fb3ba2c9167114af vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\PhucTam\AppData\Local\Smartbar\Application\Smartbar.GUI.Controls.dll.vir"
sh=AC80821257BA5F6E99BE8375597F06C21CD33AF3 ft=1 fh=2ef19f151d6452ff vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\PhucTam\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Core.dll.vir"
sh=1286BE3317251A3A4DEDD8794BA3035511E160E2 ft=1 fh=cb94be3fc97323f0 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\PhucTam\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.ChromeLocalPlugin.dll.vir"
sh=C11018C059C513F8A2B0E75C4CAA3A1DF1AA7FBA ft=1 fh=4069e6978f0e55ba vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\PhucTam\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.FireFoxLocalPlugin.dll.vir"
sh=C26590A395CB7AF0C18F3E06887126A5966C9E51 ft=1 fh=5cff4e441f48be70 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\PhucTam\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.InternetExplorerLocalPlugin.dll.vir"
sh=29A22C6B0EFB212BF73C9F787BD4252FB8B65B06 ft=1 fh=f36b54ab57d080b3 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\PhucTam\AppData\Local\Smartbar\Application\Smartbar.Resources.HistoryAndStatsWrapper.dll.vir"
sh=B46481FE2BAADD9E3A6566CA150158B295C39C99 ft=1 fh=ae16a76de18bad79 vn="Variante von MSIL/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\PhucTam\AppData\Local\Smartbar\Application\SmartbarInternetExplorerExtension.dll.vir"
sh=B46481FE2BAADD9E3A6566CA150158B295C39C99 ft=1 fh=ae16a76de18bad79 vn="Variante von MSIL/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\PhucTam\AppData\Local\Smartbar\Application\SmartbarInternetExplorerExtension2.dll.vir"
sh=67F6D6F084DB7012825A196A4D487B6A2731A2C7 ft=1 fh=307d32fcd242a31e vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\PhucTam\AppData\Local\Smartbar\Application\smta.dll.vir"
sh=16DA45A2DC2FFE0B7A121066311CFA5F8DD8C5AD ft=1 fh=1a75664674080c47 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\PhucTam\AppData\Local\Smartbar\Application\smtu.dll.vir"
sh=EB67C2E89E52025F3D2B2CF0074BC4BADF1D954F ft=1 fh=fb626be00482d04d vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\PhucTam\AppData\Local\Smartbar\Application\spbe.dll.vir"
sh=0B04ACC6D1BA7870C8344F37B5A014EC0AA10F2E ft=1 fh=87b4e1a598455c6e vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\PhucTam\AppData\Local\Smartbar\Application\spbl.dll.vir"
sh=55A920DDE8213071BDF2B3102576B779508D180A ft=1 fh=88d47ad422f07b87 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\PhucTam\AppData\Local\Smartbar\Application\sppsm.dll.vir"
sh=226323E500D641425C4209F52CD2722F2CE408A0 ft=1 fh=eaeb977324ab8858 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\PhucTam\AppData\Local\Smartbar\Application\spusm.dll.vir"
sh=7307C4DE629E391EF71310DC344D91D7F5418032 ft=1 fh=c2d6c9a6490cc567 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\PhucTam\AppData\Local\Smartbar\Application\srau.dll.vir"
sh=37703B3CFC8731E02C802496A698EB572B31B702 ft=1 fh=d1edc0fb9743c5e0 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\PhucTam\AppData\Local\Smartbar\Application\srbs.dll.vir"
sh=19CAD3930C1C2AC434A1BB7DE8167E9C733B0FD7 ft=1 fh=41463cf6dfa3ec6c vn="Variante von MSIL/Toolbar.Linkury.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\PhucTam\AppData\Local\Smartbar\Application\srbu.dll.vir"
sh=7F09497F908DEBC06B17EF029878CEDCDD12860D ft=1 fh=77b66252dba872a6 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\PhucTam\AppData\Local\Smartbar\Application\srpu.dll.vir"
sh=566BBC6EA3BF5B83980E83F3AD2EAF2976B397E3 ft=1 fh=2fb580f020d2233f vn="Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\PhucTam\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl\GoogleChromeRemotePlugin.dll.vir"
sh=EB67DFB46B5446B8718914DD9ED57F6BE0B58806 ft=1 fh=57acb2ee72838ec2 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\PhucTam\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_23.dll.vir"
sh=DEFD57BDA7758FEA7920340A3088AE3A79B40529 ft=1 fh=ae1e9cd28e06bdc9 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\PhucTam\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_24.dll.vir"
sh=C778E5E119A965952E29D1216A055A263F653155 ft=1 fh=2924f4772f758b94 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\PhucTam\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_25.dll.vir"
sh=7156BD27311CFA3FECB282FABAB0990F6E76EE7F ft=1 fh=ff5ca7f501cec009 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\PhucTam\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_26.dll.vir"
sh=70CBF3C62290F9AE19CBED273B032D0262555565 ft=1 fh=c58c54be43328cac vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\PhucTam\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_27.dll.vir"
sh=1622BA167CF685631AD3E588C13C1630A9DD98D1 ft=1 fh=86cd7b0c364799f9 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\PhucTam\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_28.dll.vir"
sh=16068B8977B4DC562AE782D91BC009472667E331 ft=1 fh=c3b5a87b7d152749 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\PhucTam\AppData\Local\Temp\OCS\ocs_v71a.exe.vir"
sh=E6FE15C55F5B1B336047948A68E5805BBF99B9A2 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\PhucTam\AppData\Local\torch\User Data\Default\Extensions\dcbbpmjmoagpigonkidpcmhdbbhgfpie\1.0\content.js.vir"
sh=FA7E5D2203FE828A8ED9EA598CDD6E87EE1A9845 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\PhucTam\AppData\Local\torch\User Data\Default\Extensions\dcbbpmjmoagpigonkidpcmhdbbhgfpie\1.0\fe41kgGXEGVO.js.vir"
sh=DFD89E057B64D4828D4CA81411C574758FC8A2FC ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\PhucTam\AppData\Local\torch\User Data\Default\Extensions\gjbmgpncmobcaflfmcogianegpdnbkhk\1.0\IyHFMix5si.js.vir"
sh=1CC260AF30EB3CDFDE218B39CDB55831635BA690 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\PhucTam\AppData\Local\torch\User Data\Default\Extensions\gjbmgpncmobcaflfmcogianegpdnbkhk\1.0\lsdb.js.vir"
sh=E6FE15C55F5B1B336047948A68E5805BBF99B9A2 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\PhucTam\AppData\Local\torch\User Data\Default\Extensions\hbeallnmpfjamdnakojgbfmlkdnkhjoj\5.14\content.js.vir"
sh=EB73D1A0B711F4AF11B0BFCCFD4752521DA9DF29 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\PhucTam\AppData\Local\torch\User Data\Default\Extensions\hbeallnmpfjamdnakojgbfmlkdnkhjoj\5.14\LB8mZM.js.vir"
sh=63F05A609F0F1E82F24DFDF7317F1996BED6B7A0 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\PhucTam\AppData\Local\torch\User Data\Default\Extensions\laebfhpccpiljpoifpmkkcmafdgchggb\5.14\content.js.vir"
sh=9C70427E9DD4EDDBC6FE142A95E86AA77CBCAE32 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\PhucTam\AppData\Local\torch\User Data\Default\Extensions\laebfhpccpiljpoifpmkkcmafdgchggb\5.14\E4aD.js.vir"
sh=E6FE15C55F5B1B336047948A68E5805BBF99B9A2 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\PhucTam\AppData\Local\torch\User Data\Default\Extensions\oilipfekkmncanaajkapbpancpelijih\206\content.js.vir"
sh=9A420652396B2E01339EF647E6B48295E355617A ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\PhucTam\AppData\Local\torch\User Data\Default\Extensions\oilipfekkmncanaajkapbpancpelijih\206\K0caBXeQ0M.js.vir"
sh=14821B88A4F5905F54152419DED4E1D677DAA224 ft=1 fh=b32872aa606c7f13 vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\PhucTam\AppData\Local\ValueApps\Uninstall.exe.vir"
sh=9F82BB5DC8D4EC6B8B2BB47CB6C329B8AF1C14CE ft=1 fh=c92ed1f3ca58c043 vn="Win32/InstallCore.AZ evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\PhucTam\AppData\Roaming\1H1Q\Adobe Flash Player Packages\uninstaller.exe.vir"
sh=1F1F560C29DB6A61B05212EEA0E3C68DE0B9D61E ft=1 fh=0901d8467018be74 vn="Variante von Win32/Techsnab.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\PhucTam\AppData\Roaming\GetPrivate\gp_upd.exe.vir"
sh=CEA3FEE48758FEDE936CDBDD7F4B55FC5FF17186 ft=1 fh=2a7d5b3c5917660c vn="Variante von Win32/DealPly.S evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\PhucTam\AppData\Roaming\Mysearchdial\UpdateProc\UpdateTask.exe.vir"
sh=C4420C6E94B8CAACCB3811384280D8A93CB0A37D ft=1 fh=25f111c507a31a21 vn="Win32/Toolbar.Conduit.R evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\PhucTam\AppData\Roaming\OpenCandy\32AD187359E744E985FF17EF6241DC22\sp-downloader.exe.vir"
sh=A2BB9B8E5445619CC285B641C4C737AB1D18C60A ft=1 fh=25760e51f12536ed vn="Win32/Installium.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\PhucTam\AppData\Roaming\OpenCandy\950708FBB5464BC6AECA30E07068386D\Installium_p1v0.exe.vir"
sh=A15C9536148CE02615132AE1DB1A6BF8F873A726 ft=1 fh=41c25fe63c7f6257 vn="Win32/Installium.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\PhucTam\AppData\Roaming\OpenCandy\950708FBB5464BC6AECA30E07068386D\search_protect_global.exe.vir"
sh=9E77E1D2FD7B77B0FD8A71A70C35DD5A16836CF3 ft=1 fh=b241df9fafd25e77 vn="Win32/Systweak.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\PhucTam\AppData\Roaming\Systweak\ssd\SSDPTstub.exe.vir"
sh=31178B28FECEFA25D755FDA60EE7D4CD19BB62F8 ft=1 fh=df247d35c433dd44 vn="Win32/VOPackage.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\PhucTam\AppData\Roaming\VOPackage\VOPackage.exe.vir"
sh=6FA33E5768F1E40A7CAA358C9A03356D7002119A ft=1 fh=35739b1b5e17d626 vn="Variante von Win32/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\roboot.exe.vir"
sh=E4CF376DF44724A1ECF32D28CF38A8E0C7682E54 ft=1 fh=d95eee5e647657f0 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\ValueApps.dll.vir"
sh=9907ADEE06FC425AC7AB3794507288D32D56CEF5 ft=1 fh=e6b1675478691000 vn="Variante von Win32/OutBrowse.BA evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\THQ\Darksiders II\Darksiders 2 Crack Patch.exe"
sh=DFD89E057B64D4828D4CA81411C574758FC8A2FC ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gjbmgpncmobcaflfmcogianegpdnbkhk\1.0\IyHFMix5si.js.vir"
sh=1CC260AF30EB3CDFDE218B39CDB55831635BA690 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gjbmgpncmobcaflfmcogianegpdnbkhk\1.0\lsdb.js.vir"
sh=E6FE15C55F5B1B336047948A68E5805BBF99B9A2 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oilipfekkmncanaajkapbpancpelijih\206\content.js.vir"
sh=9A420652396B2E01339EF647E6B48295E355617A ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oilipfekkmncanaajkapbpancpelijih\206\K0caBXeQ0M.js.vir"
sh=DFD89E057B64D4828D4CA81411C574758FC8A2FC ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjbmgpncmobcaflfmcogianegpdnbkhk\1.0\IyHFMix5si.js.vir"
sh=1CC260AF30EB3CDFDE218B39CDB55831635BA690 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjbmgpncmobcaflfmcogianegpdnbkhk\1.0\lsdb.js.vir"
sh=E6FE15C55F5B1B336047948A68E5805BBF99B9A2 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilipfekkmncanaajkapbpancpelijih\206\content.js.vir"
sh=9A420652396B2E01339EF647E6B48295E355617A ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilipfekkmncanaajkapbpancpelijih\206\K0caBXeQ0M.js.vir"
sh=E6FE15C55F5B1B336047948A68E5805BBF99B9A2 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcbbpmjmoagpigonkidpcmhdbbhgfpie\1.0\content.js.vir"
sh=FA7E5D2203FE828A8ED9EA598CDD6E87EE1A9845 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcbbpmjmoagpigonkidpcmhdbbhgfpie\1.0\fe41kgGXEGVO.js.vir"
sh=DFD89E057B64D4828D4CA81411C574758FC8A2FC ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gjbmgpncmobcaflfmcogianegpdnbkhk\1.0\IyHFMix5si.js.vir"
sh=1CC260AF30EB3CDFDE218B39CDB55831635BA690 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gjbmgpncmobcaflfmcogianegpdnbkhk\1.0\lsdb.js.vir"
sh=E6FE15C55F5B1B336047948A68E5805BBF99B9A2 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hbeallnmpfjamdnakojgbfmlkdnkhjoj\5.14\content.js.vir"
sh=EB73D1A0B711F4AF11B0BFCCFD4752521DA9DF29 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hbeallnmpfjamdnakojgbfmlkdnkhjoj\5.14\LB8mZM.js.vir"
sh=63F05A609F0F1E82F24DFDF7317F1996BED6B7A0 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\laebfhpccpiljpoifpmkkcmafdgchggb\5.14\content.js.vir"
sh=9C70427E9DD4EDDBC6FE142A95E86AA77CBCAE32 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\laebfhpccpiljpoifpmkkcmafdgchggb\5.14\E4aD.js.vir"
sh=E6FE15C55F5B1B336047948A68E5805BBF99B9A2 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oilipfekkmncanaajkapbpancpelijih\206\content.js.vir"
sh=9A420652396B2E01339EF647E6B48295E355617A ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oilipfekkmncanaajkapbpancpelijih\206\K0caBXeQ0M.js.vir"
sh=DFD89E057B64D4828D4CA81411C574758FC8A2FC ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gjbmgpncmobcaflfmcogianegpdnbkhk\1.0\IyHFMix5si.js.vir"
sh=1CC260AF30EB3CDFDE218B39CDB55831635BA690 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gjbmgpncmobcaflfmcogianegpdnbkhk\1.0\lsdb.js.vir"
sh=E6FE15C55F5B1B336047948A68E5805BBF99B9A2 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oilipfekkmncanaajkapbpancpelijih\206\content.js.vir"
sh=9A420652396B2E01339EF647E6B48295E355617A ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oilipfekkmncanaajkapbpancpelijih\206\K0caBXeQ0M.js.vir"
sh=DFD89E057B64D4828D4CA81411C574758FC8A2FC ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjbmgpncmobcaflfmcogianegpdnbkhk\1.0\IyHFMix5si.js.vir"
sh=A156F055172BC9F798588BC57CE17D1485ED7813 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjbmgpncmobcaflfmcogianegpdnbkhk\1.0\_lsdb_.js.zip"
sh=E6FE15C55F5B1B336047948A68E5805BBF99B9A2 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilipfekkmncanaajkapbpancpelijih\206\content.js.vir"
sh=9A420652396B2E01339EF647E6B48295E355617A ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilipfekkmncanaajkapbpancpelijih\206\K0caBXeQ0M.js.vir"
sh=E6FE15C55F5B1B336047948A68E5805BBF99B9A2 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcbbpmjmoagpigonkidpcmhdbbhgfpie\1.0\content.js.vir"
sh=FA7E5D2203FE828A8ED9EA598CDD6E87EE1A9845 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcbbpmjmoagpigonkidpcmhdbbhgfpie\1.0\fe41kgGXEGVO.js.vir"
sh=DFD89E057B64D4828D4CA81411C574758FC8A2FC ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gjbmgpncmobcaflfmcogianegpdnbkhk\1.0\IyHFMix5si.js.vir"
sh=1CC260AF30EB3CDFDE218B39CDB55831635BA690 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gjbmgpncmobcaflfmcogianegpdnbkhk\1.0\lsdb.js.vir"
sh=E6FE15C55F5B1B336047948A68E5805BBF99B9A2 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hbeallnmpfjamdnakojgbfmlkdnkhjoj\5.14\content.js.vir"
sh=EB73D1A0B711F4AF11B0BFCCFD4752521DA9DF29 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hbeallnmpfjamdnakojgbfmlkdnkhjoj\5.14\LB8mZM.js.vir"
sh=63F05A609F0F1E82F24DFDF7317F1996BED6B7A0 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\laebfhpccpiljpoifpmkkcmafdgchggb\5.14\content.js.vir"
sh=9C70427E9DD4EDDBC6FE142A95E86AA77CBCAE32 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\laebfhpccpiljpoifpmkkcmafdgchggb\5.14\E4aD.js.vir"
sh=E6FE15C55F5B1B336047948A68E5805BBF99B9A2 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oilipfekkmncanaajkapbpancpelijih\206\content.js.vir"
sh=9A420652396B2E01339EF647E6B48295E355617A ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oilipfekkmncanaajkapbpancpelijih\206\K0caBXeQ0M.js.vir"
sh=DFD89E057B64D4828D4CA81411C574758FC8A2FC ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\PhucTam\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gjbmgpncmobcaflfmcogianegpdnbkhk\1.0\IyHFMix5si.js.vir"
sh=1CC260AF30EB3CDFDE218B39CDB55831635BA690 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\PhucTam\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gjbmgpncmobcaflfmcogianegpdnbkhk\1.0\lsdb.js.vir"
sh=E6FE15C55F5B1B336047948A68E5805BBF99B9A2 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\PhucTam\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oilipfekkmncanaajkapbpancpelijih\206\content.js.vir"
sh=9A420652396B2E01339EF647E6B48295E355617A ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\PhucTam\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oilipfekkmncanaajkapbpancpelijih\206\K0caBXeQ0M.js.vir"
sh=DFD89E057B64D4828D4CA81411C574758FC8A2FC ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\PhucTam\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjbmgpncmobcaflfmcogianegpdnbkhk\1.0\IyHFMix5si.js.vir"
sh=1CC260AF30EB3CDFDE218B39CDB55831635BA690 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\PhucTam\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjbmgpncmobcaflfmcogianegpdnbkhk\1.0\lsdb.js.vir"
sh=E6FE15C55F5B1B336047948A68E5805BBF99B9A2 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\PhucTam\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcbbpmjmoagpigonkidpcmhdbbhgfpie\1.0\content.js.vir"
sh=FA7E5D2203FE828A8ED9EA598CDD6E87EE1A9845 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\PhucTam\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcbbpmjmoagpigonkidpcmhdbbhgfpie\1.0\fe41kgGXEGVO.js.vir"
sh=DFD89E057B64D4828D4CA81411C574758FC8A2FC ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\PhucTam\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gjbmgpncmobcaflfmcogianegpdnbkhk\1.0\IyHFMix5si.js.vir"
sh=1CC260AF30EB3CDFDE218B39CDB55831635BA690 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\PhucTam\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gjbmgpncmobcaflfmcogianegpdnbkhk\1.0\lsdb.js.vir"
sh=E6FE15C55F5B1B336047948A68E5805BBF99B9A2 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\PhucTam\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hbeallnmpfjamdnakojgbfmlkdnkhjoj\5.14\content.js.vir"
sh=EB73D1A0B711F4AF11B0BFCCFD4752521DA9DF29 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\PhucTam\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hbeallnmpfjamdnakojgbfmlkdnkhjoj\5.14\LB8mZM.js.vir"
sh=80EC1BB667CD0BD98F7907812141631B161D84C6 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\PhucTam\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hggjmlhiolphdnjbgpbhhicihkpgbagk\2.2\QytTpG.js.vir"
sh=63F05A609F0F1E82F24DFDF7317F1996BED6B7A0 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\PhucTam\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\laebfhpccpiljpoifpmkkcmafdgchggb\5.14\content.js.vir"
sh=9C70427E9DD4EDDBC6FE142A95E86AA77CBCAE32 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\PhucTam\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\laebfhpccpiljpoifpmkkcmafdgchggb\5.14\E4aD.js.vir"
sh=E6FE15C55F5B1B336047948A68E5805BBF99B9A2 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\PhucTam\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oilipfekkmncanaajkapbpancpelijih\206\content.js.vir"
sh=9A420652396B2E01339EF647E6B48295E355617A ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\PhucTam\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oilipfekkmncanaajkapbpancpelijih\206\K0caBXeQ0M.js.vir"
und zu guter letzt SecurityCheck:
Code:
Results of screen317's Security Check version 0.99.93 
 Windows 7 Service Pack 1 x86 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
avast! Antivirus 
 Antivirus out of date! 
`````````Anti-malware/Other Utilities Check:`````````
 CCleaner   
 Java 7 Update 51 
 Java version 32-bit out of Date!
  Adobe Flash Player        14.0.0.145 Flash Player out of Date! 
 Google Chrome 34.0.1847.116 Google Chrome out of date! 
````````Process Check: objlist.exe by Laurent```````` 
 AVAST Software Avast AvastSvc.exe 
 AVAST Software Avast avastui.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````
so
schade um HitmanPro, ich koennte das nochmal durchlaufen lassen, würde es dir was bringen?


Alle Zeitangaben in WEZ +1. Es ist jetzt 17:35 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131