Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: TR/ATRAPS.Gen2 und TR/Gendal.15360 gefunden, wie loswerden?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 05.08.2013, 21:04   #1
BlackBat
 
TR/ATRAPS.Gen2 und TR/Gendal.15360 gefunden, wie loswerden? - Standard

TR/ATRAPS.Gen2 und TR/Gendal.15360 gefunden, wie loswerden?



Hallo bin neu hier,
habe heute leider 2 unangenehme Gesellen mit Avira in meinem System gefunden.
Leider lassen sie sich nicht löschen.

Die beiden heißen

TR/ATRAPS.Gen2

und

TR/Gendal.15360


Wie werde ich diese Biester los ohne mein System neuaufzusetzen?
Wäre sehr dankbar wenn mir jemand helfen könnte

Alt 05.08.2013, 21:06   #2
schrauber
/// the machine
/// TB-Ausbilder
 

TR/ATRAPS.Gen2 und TR/Gendal.15360 gefunden, wie loswerden? - Standard

TR/ATRAPS.Gen2 und TR/Gendal.15360 gefunden, wie loswerden?



hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 06.08.2013, 00:00   #3
BlackBat
 
TR/ATRAPS.Gen2 und TR/Gendal.15360 gefunden, wie loswerden? - Standard

TR/ATRAPS.Gen2 und TR/Gendal.15360 gefunden, wie loswerden?



FRST.txt

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-08-2013
Ran by Administrator (administrator) on 05-08-2013 22:11:25
Running from C:\Users\Administrator\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(Check Point Software Technologies LTD) D:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Check Point Software Technologies) C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
(Avira Operations GmbH & Co. KG) D:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) D:\Program Files\Avira\AntiVir Desktop\avguard.exe
() D:\Program Files\CPUCooL\CooLSrv.exe
(Check Point Software Technologies) C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Avira Operations GmbH & Co. KG) D:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
() C:\Windows\vsnpstd3.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\LBTWiz.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Microsoft Corporation) D:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(Samsung Electronics Co., Ltd.) D:\Program Files\Samsung PC Studio\NPSAgent.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIGYE.EXE
(Dropbox, Inc.) C:\Users\Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) D:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
(FNet Co., Ltd.) C:\Program Files (x86)\XFastUsb\XFastUsb.exe
(Creative Technology Ltd) C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe
(Macrovision Europe Ltd.) C:\Users\ADMINI~1\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001
() C:\Windows\FixCamera.exe
() C:\Windows\tsnpstd3.exe
(Creative Labs) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe
(Check Point Software Technologies LTD) D:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
(Nullsoft, Inc.) D:\Program Files\Winamp\winampa.exe
(CyberLink Corporation.) D:\Program Files\CyberLink\InstantBurn\Win2K\IBurn.exe
(CyberLink) D:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) D:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
(cyberlink) C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
() C:\FightMouse Elite\Gaming 3.exe
(Avira Operations GmbH & Co. KG) D:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Mozilla Corporation) D:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Avira Operations GmbH & Co. KG) D:\program files\avira\antivir desktop\avcenter.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) D:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11101800 2010-07-28] (Realtek Semiconductor)
HKLM\...\Run: [RunDLLEntry] - C:\Windows\system32\AmbRunE.dll [17920 2009-02-26] (Creative Technology Ltd.)
HKLM\...\Run: [snpstd3] - C:\Windows\vsnpstd3.exe [835584 2007-05-10] ()
HKLM\...\Run: [ISW] - C:\Program Files\CheckPoint\ZAForceField\ForceField.exe [1125504 2011-11-03] (Check Point Software Technologies)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [XboxStat] - C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [855608 2007-09-26] (Microsoft Corporation)
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [2991856 2013-02-21] (Logitech, Inc.)
HKLM\...\Run: [Bluetooth Connection Assistant] - LBTWIZ.EXE -silent [x]
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKCU\...\Run: [AdobeBridge] -  [x]
HKCU\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-11-22] (Hewlett-Packard Company)
HKCU\...\Run: [OfficeSyncProcess] - D:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [719672 2012-01-20] (Microsoft Corporation)
HKCU\...\Run: [Facebook Update] - C:\Users\Administrator\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-12-02] (Facebook Inc.)
HKCU\...\Run: [AutoStartNPSAgent] - D:\Program Files\Samsung PC Studio\NPSAgent.exe [102400 2009-04-02] (Samsung Electronics Co., Ltd.)
HKCU\...\Run: [DAEMON Tools Lite] - D:\Program Files\DAEMON Tools Lite\DTLite.exe [3674320 2013-01-08] (DT Soft Ltd)
HKCU\...\Run: [EPSON PX720WD Series] - C:\Windows\TEMP\E_S51E.tmp [146 2013-06-24] ()
HKCU\...\Run: [Google Update*] -  [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
MountPoints2: I - I:\raf-risen2_sse.exe
MountPoints2: {94112685-a40c-11e1-81bd-002522bf3af4} - I:\autorun.exe
HKLM-x32\...\Run: [XFastUsb] - C:\Program Files (x86)\XFastUsb\XFastUsb.exe [4942336 2012-04-21] (FNet Co., Ltd.)
HKLM-x32\...\Run: [CTSyncService] - C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe [1233195 2009-07-08] (Creative Technology Ltd)
HKLM-x32\...\Run: [VolPanel] - C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe [241789 2009-05-04] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] - C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [FixCamera] - C:\Windows\FixCamera.exe [20480 2007-07-11] ()
HKLM-x32\...\Run: [snpstd3] - C:\Windows\vsnpstd3.exe [835584 2007-05-10] ()
HKLM-x32\...\Run: [tsnpstd3] - C:\Windows\tsnpstd3.exe [270336 2007-04-21] ()
HKLM-x32\...\Run: [ZoneAlarm] - D:\Program Files\CheckPoint\ZoneAlarm\zatray.exe [73360 2011-12-18] (Check Point Software Technologies LTD)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [WinampAgent] - D:\Program Files\Winamp\winampa.exe [74752 2011-12-09] (Nullsoft, Inc.)
HKLM-x32\...\Run: [BCSSync] - D:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [InstantBurn] - D:\PROGRA~1\CYBERL~1\INSTAN~1\Win2K\IBurn.exe [697640 2010-02-10] (CyberLink Corporation.)
HKLM-x32\...\Run: [CLMLServer] - D:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-11-02] (CyberLink)
HKLM-x32\...\Run: [RemoteControl9] - D:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2009-07-06] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] - C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2010-11-18] (cyberlink)
HKLM-x32\...\Run: [UpdatePSTShortCut] - D:\Program Files\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe [222504 2011-03-01] (CyberLink Corp.)
HKLM-x32\...\Run: [Gaming 3] - C:\FightMouse Elite\Gaming 3.exe [1273856 2010-06-09] ()
HKLM-x32\...\Run: [NPSStartup] -  [x]
HKLM-x32\...\Run: [avgnt] - D:\Program Files\Avira\AntiVir Desktop\avgnt.exe [345144 2013-06-27] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKU\BlackBat\...\Run: [ASRockXTU] -  [x]
HKU\BlackBat\...\Run: [zASRockInstantBoot] -  [x]
AppInit_DLLs:    [0 ] ()
AppInit_DLLs-x32:    [0 ] ()
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> D:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=ASRK
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=ASRK
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - D:\Program Files\Adobe\Creative Suite 5\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
Toolbar: HKLM-x32 - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - D:\Program Files\Adobe\Creative Suite 5\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
DPF: HKLM-x32 {4A85DBE0-BFB2-4119-8401-186A7C6EB653} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cab
DPF: HKLM-x32 {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab
DPF: HKLM-x32 {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL No File
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9 01 mswsock.dll File Not found ()
Winsock: Catalog9 02 mswsock.dll File Not found ()
Winsock: Catalog9 03 mswsock.dll File Not found ()
Winsock: Catalog9 04 mswsock.dll File Not found ()
Winsock: Catalog9 05 mswsock.dll File Not found ()
Winsock: Catalog9 06 mswsock.dll File Not found ()
Winsock: Catalog9 07 mswsock.dll File Not found ()
Winsock: Catalog9 08 mswsock.dll File Not found ()
Winsock: Catalog9 09 mswsock.dll File Not found ()
Winsock: Catalog9 10 mswsock.dll File Not found ()
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9-x64 01 mswsock.dll File Not found ()
Winsock: Catalog9-x64 02 mswsock.dll File Not found ()
Winsock: Catalog9-x64 03 mswsock.dll File Not found ()
Winsock: Catalog9-x64 04 mswsock.dll File Not found ()
Winsock: Catalog9-x64 05 mswsock.dll File Not found ()
Winsock: Catalog9-x64 06 mswsock.dll File Not found ()
Winsock: Catalog9-x64 07 mswsock.dll File Not found ()
Winsock: Catalog9-x64 08 mswsock.dll File Not found ()
Winsock: Catalog9-x64 09 mswsock.dll File Not found ()
Winsock: Catalog9-x64 10 mswsock.dll File Not found ()
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\w1ke9r6h.default
FF user.js: detected! => C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\w1ke9r6h.default\user.js
FF Homepage: google.de
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @checkpoint.com/FFApi - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - D:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - D:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.2 - D:\Program Files\VLC Player\npvlc.dll (VideoLAN)
FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.10 - C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.0.0.4 - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Administrator\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: ubisoft.com/uplaypc - G:\Program Files\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
FF Plugin HKCU: wacom.com/WacomTabletPlugin - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\w1ke9r6h.default\Extensions\ich@maltegoetz.de
FF Extension: firebug - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\w1ke9r6h.default\Extensions\firebug@software.joehewitt.com.xpi
FF Extension: No Name - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\w1ke9r6h.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
FF Extension: No Name - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\w1ke9r6h.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi
FF Extension: No Name - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\w1ke9r6h.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] C:\Program Files\CheckPoint\ZAForceField\TrustChecker
FF Extension: No Name - C:\Program Files\CheckPoint\ZAForceField\TrustChecker
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF Extension: ZoneAlarm Security Engine - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF HKLM-x32\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] D:\Program Files\Adobe\Creative Suite 5\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF Extension: Adobe Contribute Toolbar - D:\Program Files\Adobe\Creative Suite 5\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF StartMenuInternet: FIREFOX.EXE - D:\Program Files\Mozilla Firefox\firefox.exe

Chrome: 
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Winamp Application Detector) - D:\Program Files\Mozilla Firefox\plugins\npwachk.dll (Nullsoft, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (WacomTabletPlugin) - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
CHR Plugin: ( Wacom Dynamic Link Library) - C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
CHR Plugin: (npFFApi) - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll ()
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Administrator\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll No File
CHR Plugin: (Microsoft Office 2010) - D:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - D:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (VLC Web Plugin) - D:\Program Files\VLC Player\npvlc.dll (VideoLAN)
CHR Extension: (Google Docs) - C:\Users\ADMINI~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\ADMINI~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\ADMINI~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\ADMINI~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Logitech SetPoint) - C:\Users\ADMINI~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd\6.52.74_0
CHR Extension: (Gmail) - C:\Users\ADMINI~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [edaibbiobngpbmeonadpbfafbkimjbdd] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx
CHR StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; D:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-06-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; D:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-06-27] (Avira Operations GmbH & Co. KG)
S2 CLKMSVC10_876CFF6A; D:\Program Files\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [240112 2010-11-18] (CyberLink)
R2 CPUCooLServer; D:\Program Files\CPUCooL\CooLSrv.exe [743936 2011-12-01] ()
R2 IswSvc; C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe [827520 2011-11-03] (Check Point Software Technologies)
S3 Microsoft SharePoint Workspace Audit Service; D:\Program Files\Microsoft Office\Office14\GROOVE.EXE [30785672 2012-09-20] (Microsoft Corporation)
S3 OpenVPNService; d:\Program Files\OpenVPN\bin\openvpnserv.exe [14848 2011-04-26] ()
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2013-01-16] ()
R2 vsmon; D:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe [2420616 2011-12-18] (Check Point Software Technologies LTD)
S2 Apache2.4; "D:\xampp\apache\bin\httpd.exe" -k runservice [x]
S2 mysql; D:\xampp\mysql\bin\mysqld.exe --defaults-file=d:\xampp\mysql\bin\my.ini mysql [x]
U2 etadpug*; "C:\Program Files (x86)\Google\Desktop\Install\{43092f94-2eac-e63a-5efd-57f4cddc50b7}\   \...\???\{43092f94-2eac-e63a-5efd-57f4cddc50b7}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-03-29] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-03-29] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-29] (Avira Operations GmbH & Co. KG)
R1 CLBStor; C:\Windows\System32\DRIVERS\CLBStor.sys [24560 2009-10-07] (Cyberlink Co.,Ltd.)
R2 CLBUDF; C:\Windows\System32\Drivers\CLBUDF.sys [376304 2009-10-07] (CyberLink Corporation.)
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-01-26] (DT Soft Ltd)
S3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [31808 2012-04-21] (FNet Co., Ltd.)
R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [15936 2012-04-21] (FNet Co., Ltd.)
R2 ISWKL; C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [33672 2011-11-03] (Check Point Software Technologies)
R1 ntiopnp; C:\Windows\System32\Drivers\ntiopnp.sys [19544 2010-11-11] ()
R3 SNPSTD3; C:\Windows\System32\DRIVERS\snpstd3.sys [10693120 2007-10-16] (Sonix Co. Ltd.)
S2 SVKP; C:\Windows\SysWow64\SVKP.sys [2368 2012-08-03] (AntiCracking)
R1 vmm; C:\Windows\system32\Treiber\vmm.sys [296816 2007-02-18] (Microsoft Corporation)
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [454232 2011-05-07] (Check Point Software Technologies LTD)
S2 SVKP; \??\C:\Windows\system32\SVKP.sys [x]
S3 TFsExDisk; \??\C:\Windows\System32\Drivers\TFsExDisk.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-05 22:09 - 2013-08-05 22:09 - 01788685 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
2013-08-04 19:58 - 2013-08-04 20:27 - 00000404 _____ C:\Users\Administrator\Desktop\water.html
2013-08-04 19:55 - 2013-08-05 00:15 - 00000000 ____D C:\Users\Administrator\Desktop\Neuer Ordner (2)
2013-08-04 13:50 - 2013-08-04 13:50 - 00001015 _____ C:\Users\Administrator\Desktop\Dropbox.lnk
2013-08-04 13:49 - 2013-08-04 13:49 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-08-04 13:48 - 2013-08-05 21:50 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Dropbox
2013-08-04 13:47 - 2013-08-04 13:48 - 32966136 _____ (Dropbox, Inc.) C:\Users\Administrator\Downloads\Dropbox 2.0.26.exe
2013-08-04 01:22 - 2013-08-04 01:22 - 10829132 _____ C:\Users\Administrator\Downloads\ArtStudio_1.3.3(1).exe
2013-08-04 01:22 - 2013-08-04 01:22 - 00000738 _____ C:\Users\Public\Desktop\Corner-A ArtStudio.lnk
2013-08-04 00:24 - 2013-08-04 00:24 - 00000000 ____D C:\Users\ADMINI~1\AppData\Local\Corner-A
2013-08-04 00:20 - 2013-08-04 00:22 - 00000000 ____D C:\Users\Administrator\Desktop\Neuer Ordner
2013-08-03 23:24 - 2013-08-03 23:24 - 10829132 _____ C:\Users\Administrator\Downloads\ArtStudio_1.3.3.exe
2013-08-03 23:22 - 2013-08-03 23:23 - 00994648 _____ (Conduit) C:\Users\Administrator\Downloads\bs_CornerA_ArtStudio.exe
2013-08-03 22:32 - 2013-08-03 22:32 - 09539072 _____ C:\Users\Administrator\Downloads\ArtStudio_Lite_1.1_build_2.msi
2013-08-03 22:31 - 2013-08-03 22:31 - 01330752 _____ C:\Users\Administrator\Downloads\artstudio-lite-11-build-2-Downloader.exe
2013-08-03 15:04 - 2013-08-03 15:04 - 29869936 _____ (Microsoft Corporation) C:\Users\Administrator\Downloads\Encoder_de.exe
2013-08-03 14:36 - 2013-08-03 14:36 - 00000000 ____D C:\Users\ADMINI~1\AppData\Local\wellwasser
2013-08-03 14:09 - 2013-08-03 15:12 - 00000000 ____D C:\Users\Administrator\Documents\wellwasser bluescreen
2013-08-03 14:09 - 2013-08-03 14:09 - 00000806 _____ C:\Users\Administrator\Desktop\wellwasser® bluescreen Einstellungen.lnk
2013-08-03 14:09 - 2013-08-03 14:09 - 00000791 _____ C:\Users\Administrator\Desktop\wellwasser® bluescreen starten.lnk
2013-08-03 14:09 - 2011-04-29 00:46 - 08699904 _____ (wellwasser®) C:\Windows\wellwasser® bluescreen.scr
2013-08-03 14:09 - 2011-04-16 13:35 - 00059392 _____ (wellwasser®) C:\Windows\wwBluescreenRender.dll
2013-08-03 14:09 - 2009-08-03 02:26 - 00020480 _____ (wellwasser®) C:\Windows\wwBluescreenConfig.exe
2013-08-03 14:09 - 2009-08-03 02:25 - 00024576 _____ (wellwasser®) C:\Windows\wwBluescreenRun.exe
2013-08-03 14:09 - 2006-07-22 02:40 - 00125712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vb6de.dll
2013-08-03 14:09 - 2004-03-09 03:00 - 00224016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tabctl32.ocx
2013-08-03 14:09 - 2004-03-09 00:00 - 00662288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscomct2.ocx
2013-08-03 14:09 - 2004-02-23 00:00 - 00002494 _____ C:\Windows\SysWOW64\tabctl32.dep
2013-08-03 14:09 - 2004-02-17 00:00 - 00002494 _____ C:\Windows\SysWOW64\mscomctl.dep
2013-08-03 14:09 - 2004-02-17 00:00 - 00002494 _____ C:\Windows\SysWOW64\mscomct2.dep
2013-08-03 14:09 - 2003-07-04 23:30 - 00086016 _____ (vbAccelerator) C:\Windows\SysWOW64\vbalARLB6.ocx
2013-08-03 14:09 - 2003-01-26 13:41 - 00040960 _____ (vbAccelerator) C:\Windows\SysWOW64\SSubTmr6.dll
2013-08-03 14:09 - 1998-12-03 16:11 - 00000331 _____ C:\Windows\SysWOW64\ccrpTmr6.dep
2013-08-03 14:09 - 1998-11-23 16:10 - 00090112 _____ (hxxp://www.mvps.org/vb) C:\Windows\SysWOW64\ccrpTmr6.dll
2013-08-02 20:36 - 2013-08-02 20:36 - 09043134 _____ (wellwasser®                                                 ) C:\Users\Administrator\Downloads\Wellwasser_setup.exe
2013-08-01 22:40 - 2013-08-01 22:42 - 167700807 _____ C:\Users\Administrator\Downloads\Rasen.zip
2013-07-29 21:18 - 2013-07-29 21:18 - 66702071 _____ C:\Users\Administrator\Downloads\allepinsel.abr
2013-07-29 21:17 - 2013-07-29 21:18 - 20162803 _____ C:\Users\Administrator\Downloads\SS_waterII.zip
2013-07-29 21:13 - 2013-07-29 21:13 - 13238778 _____ C:\Users\Administrator\Downloads\SS_water.zip
2013-07-26 17:30 - 2013-07-26 17:30 - 00500520 _____ C:\Users\Administrator\Downloads\CausticsGeneratorFree.exe
2013-07-26 17:30 - 2013-07-26 17:30 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Caustics Generator Free
2013-07-26 17:30 - 2013-07-26 17:30 - 00000000 ____D C:\Program Files\Caustics Generator Free
2013-07-18 21:17 - 2013-07-18 21:17 - 00000000 ____D C:\Users\Administrator\Documents\Telltale Games
2013-07-17 19:37 - 2013-07-17 19:37 - 00010709 _____ C:\Users\Administrator\Downloads\image.php
2013-07-13 17:47 - 2013-07-13 17:47 - 00000059 _____ C:\Users\Administrator\Desktop\dvdadresse.txt
2013-07-12 00:50 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-12 00:50 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-12 00:50 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-12 00:50 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-12 00:50 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-12 00:50 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-12 00:50 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-12 00:50 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-12 00:50 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-12 00:50 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-12 00:50 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-12 00:50 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-12 00:50 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-12 00:50 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-12 00:50 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-12 00:50 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-12 00:50 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-12 00:50 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-12 00:50 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-12 00:50 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-12 00:50 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-12 00:50 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-12 00:50 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-12 00:50 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-12 00:50 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-12 00:50 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-12 00:50 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-12 00:50 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-12 00:50 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-12 00:50 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-12 00:50 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-12 00:34 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-12 00:34 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-12 00:34 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-12 00:34 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-12 00:34 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-12 00:34 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-12 00:34 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-11 23:24 - 2013-07-11 23:29 - 565552823 _____ C:\Users\Administrator\Downloads\Gothic_Reloaded_Mod_-_Texturen_2013-07-11.7z
2013-07-11 21:33 - 2013-07-11 21:33 - 50967416 _____ C:\Users\Administrator\Desktop\space-mikroversum.tif
2013-07-11 19:49 - 2013-07-11 19:49 - 00111087 _____ C:\Users\Administrator\Downloads\ethnocentric.zip
2013-07-10 23:58 - 2013-07-18 18:42 - 00162828 _____ C:\Users\Administrator\Desktop\three-headed-monkey.ai
2013-07-09 23:11 - 2013-07-09 23:11 - 00092970 _____ C:\Users\Administrator\Downloads\gothic2_playerkit-2.6f.exe
2013-07-09 23:03 - 2013-07-09 23:03 - 00020039 _____ C:\Users\Administrator\Downloads\GothicZTEX.zip
2013-07-09 22:54 - 2013-07-09 22:55 - 00000132 _____ C:\Users\Administrator\AppData\Roaming\Adobe Targa Format CS5 Prefs
2013-07-09 21:25 - 2013-08-05 21:50 - 00000000 ____D C:\Users\ADMINI~1\AppData\Local\TSVNCache
2013-07-09 18:04 - 2013-07-09 22:56 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\TortoiseSVN
2013-07-09 18:01 - 2013-07-09 18:01 - 06574080 _____ C:\Users\Administrator\Downloads\LanguagePack_1.8.0.24401-x64-de.msi
2013-07-09 17:57 - 2013-07-09 17:57 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Subversion
2013-07-09 17:57 - 2013-07-09 17:57 - 00000000 ____D C:\Program Files\TortoiseSVN
2013-07-09 17:57 - 2013-07-09 17:57 - 00000000 ____D C:\Program Files\Common Files\TortoiseOverlays
2013-07-09 17:56 - 2013-07-09 17:56 - 19312640 _____ C:\Users\Administrator\Downloads\tortoisesvn-1.8.0.24401-x64-svn-1.8.0.msi
2013-07-09 17:55 - 2013-07-09 17:55 - 17719296 _____ C:\Users\Administrator\Downloads\TortoiseSVN-1.7.13.24257-x64-svn-1.7.10.msi
2013-07-08 22:14 - 2013-07-17 21:06 - 82489019 _____ C:\Users\Administrator\Desktop\Hum_Body_Naked_V4_C1.psd
2013-07-08 22:13 - 2013-07-08 22:13 - 20660464 _____ C:\Users\Administrator\Downloads\Hum_Body_Naked_V4_C1.rar
2013-07-08 20:35 - 2013-07-08 20:35 - 01572908 _____ C:\Users\Administrator\Downloads\HUM_HEAD_V15_C2.tga
2013-07-08 18:35 - 2001-02-16 12:57 - 00098348 _____ C:\Users\Administrator\Desktop\HUM_HEAD_V88_C1.tga
2013-07-08 18:35 - 2001-02-16 12:57 - 00098348 _____ C:\Users\Administrator\Desktop\HUM_HEAD_V82_C1.tga
2013-07-08 18:35 - 2001-02-16 12:57 - 00098348 _____ C:\Users\Administrator\Desktop\Hum_Head_V17_C0.tga
2013-07-08 18:33 - 2013-07-08 18:33 - 00099824 _____ C:\Users\Administrator\Downloads\ForBlackBAT.zip
2013-07-07 20:57 - 2013-07-07 20:57 - 00000000 ____D C:\ProgramData\Gothic Reloaded Mod
2013-07-07 20:55 - 2013-07-07 20:57 - 143398912 _____ (ThielHater) C:\Users\Administrator\Downloads\Gothic_Reloaded_Mod_-_Demo_v1.1.exe
121

==================== One Month Modified Files and Folders =======

2013-08-05 22:09 - 2013-08-05 22:09 - 01788685 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
2013-08-05 21:57 - 2009-07-14 06:45 - 00021872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-05 21:57 - 2009-07-14 06:45 - 00021872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-05 21:56 - 2013-05-01 11:30 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Skype
2013-08-05 21:55 - 2012-05-10 21:35 - 00000000 ____D C:\Users\Administrator\Documents\Outlook-Dateien
2013-08-05 21:50 - 2013-08-04 13:48 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Dropbox
2013-08-05 21:50 - 2013-07-09 21:25 - 00000000 ____D C:\Users\ADMINI~1\AppData\Local\TSVNCache
2013-08-05 21:50 - 2012-12-02 01:45 - 00000960 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3459245019-1856421615-1668137085-500UA.job
2013-08-05 21:49 - 2013-03-10 12:54 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-05 21:49 - 2013-01-19 13:18 - 00000000 ____D C:\ProgramData\NVIDIA
2013-08-05 21:49 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-05 21:49 - 2009-07-14 06:51 - 00029306 _____ C:\Windows\setupact.log
2013-08-05 21:48 - 2012-04-21 17:13 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\ICQ
2013-08-05 21:48 - 2012-04-21 14:01 - 01538505 _____ C:\Windows\WindowsUpdate.log
2013-08-05 21:43 - 2012-08-19 23:32 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-05 21:17 - 2012-05-08 23:18 - 00000000 ____D C:\Users\ADMINI~1\AppData\Local\CrashDumps
2013-08-05 21:16 - 2013-03-10 12:54 - 00001124 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-05 20:49 - 2013-03-10 12:54 - 00000000 ____D C:\Users\ADMINI~1\AppData\Local\Google
2013-08-05 20:49 - 2013-03-10 12:54 - 00000000 ____D C:\Program Files (x86)\Google
2013-08-05 00:15 - 2013-08-04 19:55 - 00000000 ____D C:\Users\Administrator\Desktop\Neuer Ordner (2)
2013-08-04 20:27 - 2013-08-04 19:58 - 00000404 _____ C:\Users\Administrator\Desktop\water.html
2013-08-04 19:15 - 2013-05-17 15:23 - 00000000 ____D C:\ProgramData\Logitech
2013-08-04 13:50 - 2013-08-04 13:50 - 00001015 _____ C:\Users\Administrator\Desktop\Dropbox.lnk
2013-08-04 13:49 - 2013-08-04 13:49 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-08-04 13:49 - 2012-04-21 15:01 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-08-04 13:48 - 2013-08-04 13:47 - 32966136 _____ (Dropbox, Inc.) C:\Users\Administrator\Downloads\Dropbox 2.0.26.exe
2013-08-04 13:43 - 2012-04-21 20:24 - 00000132 _____ C:\Users\Administrator\AppData\Roaming\Adobe PNG Format CS5 Prefs
2013-08-04 12:39 - 2010-11-21 05:47 - 00560294 _____ C:\Windows\PFRO.log
2013-08-04 01:22 - 2013-08-04 01:22 - 10829132 _____ C:\Users\Administrator\Downloads\ArtStudio_1.3.3(1).exe
2013-08-04 01:22 - 2013-08-04 01:22 - 00000738 _____ C:\Users\Public\Desktop\Corner-A ArtStudio.lnk
2013-08-04 00:50 - 2012-12-02 01:45 - 00000938 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3459245019-1856421615-1668137085-500Core.job
2013-08-04 00:24 - 2013-08-04 00:24 - 00000000 ____D C:\Users\ADMINI~1\AppData\Local\Corner-A
2013-08-04 00:22 - 2013-08-04 00:20 - 00000000 ____D C:\Users\Administrator\Desktop\Neuer Ordner
2013-08-03 23:24 - 2013-08-03 23:24 - 10829132 _____ C:\Users\Administrator\Downloads\ArtStudio_1.3.3.exe
2013-08-03 23:24 - 2013-03-08 22:11 - 00000000 _____ C:\END
2013-08-03 23:23 - 2013-08-03 23:22 - 00994648 _____ (Conduit) C:\Users\Administrator\Downloads\bs_CornerA_ArtStudio.exe
2013-08-03 22:32 - 2013-08-03 22:32 - 09539072 _____ C:\Users\Administrator\Downloads\ArtStudio_Lite_1.1_build_2.msi
2013-08-03 22:31 - 2013-08-03 22:31 - 01330752 _____ C:\Users\Administrator\Downloads\artstudio-lite-11-build-2-Downloader.exe
2013-08-03 15:12 - 2013-08-03 14:09 - 00000000 ____D C:\Users\Administrator\Documents\wellwasser bluescreen
2013-08-03 15:04 - 2013-08-03 15:04 - 29869936 _____ (Microsoft Corporation) C:\Users\Administrator\Downloads\Encoder_de.exe
2013-08-03 14:36 - 2013-08-03 14:36 - 00000000 ____D C:\Users\ADMINI~1\AppData\Local\wellwasser
2013-08-03 14:09 - 2013-08-03 14:09 - 00000806 _____ C:\Users\Administrator\Desktop\wellwasser® bluescreen Einstellungen.lnk
2013-08-03 14:09 - 2013-08-03 14:09 - 00000791 _____ C:\Users\Administrator\Desktop\wellwasser® bluescreen starten.lnk
2013-08-02 20:36 - 2013-08-02 20:36 - 09043134 _____ (wellwasser®                                                 ) C:\Users\Administrator\Downloads\Wellwasser_setup.exe
2013-08-02 15:59 - 2013-05-01 11:30 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-08-02 15:59 - 2013-05-01 11:30 - 00000000 ____D C:\ProgramData\Skype
2013-08-01 22:42 - 2013-08-01 22:40 - 167700807 _____ C:\Users\Administrator\Downloads\Rasen.zip
2013-07-31 00:12 - 2012-04-23 19:31 - 05553521 _____ C:\Users\Administrator\Desktop\2420601492941_51837.mp4
2013-07-31 00:12 - 2012-04-22 01:19 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Winamp
2013-07-31 00:04 - 2012-06-30 17:42 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\vlc
2013-07-29 21:18 - 2013-07-29 21:18 - 66702071 _____ C:\Users\Administrator\Downloads\allepinsel.abr
2013-07-29 21:18 - 2013-07-29 21:17 - 20162803 _____ C:\Users\Administrator\Downloads\SS_waterII.zip
2013-07-29 21:13 - 2013-07-29 21:13 - 13238778 _____ C:\Users\Administrator\Downloads\SS_water.zip
2013-07-26 17:30 - 2013-07-26 17:30 - 00500520 _____ C:\Users\Administrator\Downloads\CausticsGeneratorFree.exe
2013-07-26 17:30 - 2013-07-26 17:30 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Caustics Generator Free
2013-07-26 17:30 - 2013-07-26 17:30 - 00000000 ____D C:\Program Files\Caustics Generator Free
2013-07-18 21:17 - 2013-07-18 21:17 - 00000000 ____D C:\Users\Administrator\Documents\Telltale Games
2013-07-18 18:42 - 2013-07-10 23:58 - 00162828 _____ C:\Users\Administrator\Desktop\three-headed-monkey.ai
2013-07-17 21:06 - 2013-07-08 22:14 - 82489019 _____ C:\Users\Administrator\Desktop\Hum_Body_Naked_V4_C1.psd
2013-07-17 19:37 - 2013-07-17 19:37 - 00010709 _____ C:\Users\Administrator\Downloads\image.php
2013-07-13 17:47 - 2013-07-13 17:47 - 00000059 _____ C:\Users\Administrator\Desktop\dvdadresse.txt
2013-07-13 13:11 - 2013-03-10 12:54 - 00004120 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-13 13:11 - 2013-03-10 12:54 - 00003868 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-12 19:22 - 2013-04-17 22:15 - 00000488 _____ C:\Windows\wiso.ini
2013-07-12 19:22 - 2012-04-21 14:13 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-07-12 18:45 - 2012-08-19 23:32 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-07-12 18:45 - 2012-04-21 18:55 - 00000000 ____D C:\Users\ADMINI~1\AppData\Local\Adobe
2013-07-12 18:45 - 2012-04-21 18:01 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-12 18:45 - 2012-04-21 18:01 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-12 18:38 - 2009-07-14 06:45 - 12083544 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-12 18:33 - 2012-12-09 14:46 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-12 18:33 - 2012-12-09 14:46 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-12 18:33 - 2011-04-12 09:55 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-12 18:33 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-12 18:33 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-12 00:54 - 2012-05-10 21:24 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-12 00:53 - 2011-04-12 09:43 - 00702060 _____ C:\Windows\system32\perfh007.dat
2013-07-12 00:53 - 2011-04-12 09:43 - 00149896 _____ C:\Windows\system32\perfc007.dat
2013-07-12 00:53 - 2009-07-14 07:13 - 01647016 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-12 00:50 - 2012-04-21 15:37 - 78185248 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-07-11 23:29 - 2013-07-11 23:24 - 565552823 _____ C:\Users\Administrator\Downloads\Gothic_Reloaded_Mod_-_Texturen_2013-07-11.7z
2013-07-11 21:33 - 2013-07-11 21:33 - 50967416 _____ C:\Users\Administrator\Desktop\space-mikroversum.tif
2013-07-11 21:16 - 2012-04-21 15:17 - 00172520 _____ C:\Users\ADMINI~1\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-11 19:49 - 2013-07-11 19:49 - 00111087 _____ C:\Users\Administrator\Downloads\ethnocentric.zip
2013-07-09 23:11 - 2013-07-09 23:11 - 00092970 _____ C:\Users\Administrator\Downloads\gothic2_playerkit-2.6f.exe
2013-07-09 23:03 - 2013-07-09 23:03 - 00020039 _____ C:\Users\Administrator\Downloads\GothicZTEX.zip
2013-07-09 22:56 - 2013-07-09 18:04 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\TortoiseSVN
2013-07-09 22:55 - 2013-07-09 22:54 - 00000132 _____ C:\Users\Administrator\AppData\Roaming\Adobe Targa Format CS5 Prefs
2013-07-09 18:01 - 2013-07-09 18:01 - 06574080 _____ C:\Users\Administrator\Downloads\LanguagePack_1.8.0.24401-x64-de.msi
2013-07-09 17:57 - 2013-07-09 17:57 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Subversion
2013-07-09 17:57 - 2013-07-09 17:57 - 00000000 ____D C:\Program Files\TortoiseSVN
2013-07-09 17:57 - 2013-07-09 17:57 - 00000000 ____D C:\Program Files\Common Files\TortoiseOverlays
2013-07-09 17:56 - 2013-07-09 17:56 - 19312640 _____ C:\Users\Administrator\Downloads\tortoisesvn-1.8.0.24401-x64-svn-1.8.0.msi
2013-07-09 17:55 - 2013-07-09 17:55 - 17719296 _____ C:\Users\Administrator\Downloads\TortoiseSVN-1.7.13.24257-x64-svn-1.7.10.msi
2013-07-08 22:13 - 2013-07-08 22:13 - 20660464 _____ C:\Users\Administrator\Downloads\Hum_Body_Naked_V4_C1.rar
2013-07-08 20:35 - 2013-07-08 20:35 - 01572908 _____ C:\Users\Administrator\Downloads\HUM_HEAD_V15_C2.tga
2013-07-08 18:33 - 2013-07-08 18:33 - 00099824 _____ C:\Users\Administrator\Downloads\ForBlackBAT.zip
2013-07-07 20:57 - 2013-07-07 20:57 - 00000000 ____D C:\ProgramData\Gothic Reloaded Mod
2013-07-07 20:57 - 2013-07-07 20:55 - 143398912 _____ (ThielHater) C:\Users\Administrator\Downloads\Gothic_Reloaded_Mod_-_Demo_v1.1.exe

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

Files to move or delete:
====================
ZeroAccess:
C:\Users\Administrator\AppData\Local\Google\Desktop\Install\{43092f94-2eac-e63a-5efd-57f4cddc50b7}
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install\{43092f94-2eac-e63a-5efd-57f4cddc50b7}

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender


LastRegBack: 2013-08-02 16:22

==================== End Of Log ============================
         
--- --- ---

--- --- ---

Addition
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-08-2013
Ran by Administrator at 2013-08-05 22:12:00
Running from C:\Users\Administrator\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

   
Acrobat.com (x32 Version: 0.0.0)
Acrobat.com (x32 Version: 1.1.377)
Adobe After Effects CS5 Third Party Content (x32 Version: 10)
Adobe After Effects CS5 Third Party Royalty Content (x32 Version: 10)
Adobe AIR (x32 Version: 2.7.1.19610)
Adobe Community Help (x32 Version: 3.0.0)
Adobe Community Help (x32 Version: 3.0.0.400)
Adobe Creative Suite 5 Master Collection (x32 Version: 5.0)
Adobe Download Assistant (x32 Version: 1.2.3)
Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94)
Adobe Media Encoder CS5 Dolby X64 (x32 Version: 5.0)
Adobe Media Encoder CS5 PCI X64 (x32 Version: 5.0)
Adobe Media Player (x32 Version: 1.8)
Adobe Reader X (10.1.7) - Deutsch (x32 Version: 10.1.7)
Adobe Soundbooth CS5 Codecs (x32 Version: 3.0)
Adobe Soundbooth CS5 Royalty Codecs (x32 Version: 3.0)
Age of Empires II: HD Edition (x32)
Age of Empires® III: Complete Collection (x32)
Apophysis 2.0 (x32 Version: )
Apple Application Support (x32 Version: 2.3)
Apple Software Update (x32 Version: 2.1.3.127)
ASRock App Charger v1.0.4
ASRock eXtreme Tuner v0.1.27 (x32)
ASRock InstantBoot v1.26 (x32)
Assassin's Creed (R) III (x32 Version: 1.01)
Avira Free Antivirus (x32 Version: 13.0.0.3885)
Beyond Divinity (x32)
Black & White® 2 (x32 Version: 1.00.0000)
Caustics Generator Free (Version: 3.7)
ContentMod2.6 (x32)
Corner-A ArtStudio (x32 Version: 1.3.3)
CPUCooL (remove only) (x32)
Cultures2 - Die Tore Asgards (x32)
CyberLink BD_3D Advisor 2.0 (x32)
CyberLink Blu-ray Disc Suite (x32 Version: 7.0.3721)
CyberLink InstantBurn (x32 Version: 5.0.6210)
CyberLink LabelPrint (x32 Version: 2.5.3418)
CyberLink MediaShow (x32 Version: 5.0.1423)
CyberLink Power2Go (x32 Version: 6.1.3802)
CyberLink PowerBackup (x32 Version: 2.5.6023)
CyberLink PowerDVD 9 (x32 Version: 9.0.3518.52)
CyberLink PowerProducer (x32 Version: 5.0.2.2429)
DAEMON Tools Lite (x32 Version: 4.46.1.0328)
Dark Project: Der Meisterdieb Director's Cut (x32)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
Die Siedler II - Die nächste Generation (x32)
Dishonored (x32 Version: 1.0)
Divine Divinity (x32)
Divinity II: Developer's Cut (x32)
DmC Devil May Cry (x32)
Dropbox (HKCU Version: 2.0.26)
Druckerdeinstallation für EPSON PX720WD Series
EPSON Scan (x32)
eReg (x32 Version: 1.20.138.34)
Escape From Monkey Island (x32 Version: 1.0)
Etron USB3.0 Host Controller (x32 Version: 0.96)
Facebook Video Calling 1.2.0.287 (x32 Version: 1.2.287)
FightMouse Elite (x32)
FlashFXP v4.2 (x32 Version: 4.2.5.1813)
FlatOut2 (x32 Version: 1.2)
Fractron 9000 (x32)
Free YouTube to MP3 Converter version 3.11.20.423 (x32 Version: 3.11.20.423)
Galador (x32)
Google Chrome (x32 Version: 28.0.1500.95)
Google Update Helper (x32 Version: 1.3.21.153)
Gothic (x32)
Gothic 2 Gold (x32 Version: 1.0.0)
Gothic 3 (x32 Version: 1.0.0)
Gothic Reloaded Mod (x32 Version: Demo)
Guybrush Hair Patch version 1.5 (x32 Version: 1.5)
Hama Black Force Pad (x32 Version: 2007.01.01)
Hama Webcam AC-150 (x32 Version: Hama Webcam AC-150)
Harveys Neue Augen (x32 Version: 1.1)
Hedgewars (x32 Version: 0.9.18)
ICQ7.7 (x32 Version: 7.7)
ImageMagick 6.8.3-8 Q16 (64-bit) (2013-03-01) (Version: 6.8.3)
Indeo® Software (x32)
Intel(R) Management Engine Components (x32 Version: 7.0.0.1144)
Lara Croft and the Guardian of Light (x32)
LightScribe System Software (x32 Version: 1.18.20.1)
Logitech SetPoint 6.52 (Version: 6.52.74)
Magicka (x32)
Metro 2033 (x32)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (x32 Version: 2.0.48.0)
Microsoft Office 2010 Service Pack 1 (SP1) (x32)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Virtual PC 2007 (Version: 6.0.156.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (x32 Version: 11.0.51106.1)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (x32 Version: 11.0.51106.1)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 (Version: 11.0.51106)
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 (Version: 11.0.51106)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (x32 Version: 11.0.51106)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (x32 Version: 11.0.51106)
Microsoft Xbox 360 Accessories 1.1 (Version: 1.10.123.0)
Microsoft XNA Framework Redistributable 3.1 (x32 Version: 3.1.10527.0)
Microsoft XNA Framework Redistributable 4.0 (x32 Version: 4.0.20823.0)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
Monkey Island™ Special Edition Collection (x32 Version: 1.0.0.0)
Mozilla Firefox 22.0 (x86 de) (x32 Version: 22.0)
Mozilla Maintenance Service (x32 Version: 22.0)
MSVCRT (x32 Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
NVIDIA 3D Vision Controller-Treiber 314.07 (Version: 314.07)
NVIDIA 3D Vision Treiber 314.07 (Version: 314.07)
NVIDIA Grafiktreiber 314.07 (Version: 314.07)
NVIDIA HD-Audiotreiber 1.3.23.1 (Version: 1.3.23.1)
NVIDIA Install Application (Version: 2.1002.109.706)
NVIDIA PhysX (x32 Version: 9.12.1031)
NVIDIA PhysX-Systemsoftware 9.12.1031 (Version: 9.12.1031)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1407)
NVIDIA Systemsteuerung 314.07 (Version: 314.07)
NVIDIA Update 1.12.12 (Version: 1.12.12)
NVIDIA Update Components (Version: 1.12.12)
OpenVPN 2.2.0 (x32 Version: 2.2.0)
Overlord (x32 Version: 1.00.0606)
PC Connectivity Solution (x32 Version: 8.15.0.0)
PDF Settings CS5 (x32 Version: 10.0)
Portal (x32)
Portal 2 (x32)
Portal 2 Publishing Tool (x32)
Project64 1.6 (x32 Version: 1.6)
PunkBuster Services (x32 Version: 0.991)
PxMergeModule (x32 Version: 1.00.0000)
Questpaket 4 Update 2 Deinstallation (x32 Version: 4.2.0.0)
QuickTime (x32 Version: 7.73.80.64)
Rayman (HKCU)
Rayman Origins (x32 Version: 1.02)
rayman2 (x32)
Rayman3 (x32 Version: 1.00.0000)
Realtek Ethernet Controller Driver For Windows 7 (x32 Version: 7.23.623.2010)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6167)
Risen 2: Dark Waters - Stahlbarts Schatz Edition (x32 Version: 1.0.1168)
Roll (x32)
SAMSUNG Mobile Composite Device Software
Samsung Mobile Modem Device Software
SAMSUNG Mobile Modem Driver Set
Samsung Mobile phone USB driver Drive Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung New PC Studio (x32 Version: 1.00.0000)
SAMSUNG USB Mobile Device Software
SamsungConnectivityCableDriver (x32 Version: 6.83.6.2.1)
Serious Sam 2 (x32)
Serious Sam 3: BFE (x32)
Serious Sam Classic: The First Encounter (x32)
Serious Sam Classic: The Second Encounter (x32)
Serious Sam Double D (x32)
Serious Sam HD: The First Encounter (x32)
Serious Sam HD: The Second Encounter (x32)
Serious Sam: The Random Encounter (x32)
Skype™ 6.6 (x32 Version: 6.6.106)
Sound Blaster X-Fi MB (x32 Version: 1.0)
Steam (x32 Version: 1.0.0.0)
Stronghold (x32)
Stronghold Crusader (x32)
Super Meat Boy (x32)
The Dark Eye: Chains of Satinav (x32)
The Longest Journey (x32)
The Walking Dead (x32)
Tomb Raider (x32)
Tomb Raider: Anniversary 1.0 (x32)
TortoiseSVN 1.8.0.24401 (64 bit) (Version: 1.8.24401)
Trine 1.08 (x32)
Trine 2 (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update for Microsoft Office 2010 (KB2553065) (x32)
Update for Microsoft Office 2010 (KB2553092) (x32)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2566458) (x32)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition (x32)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32)
Uplay (x32 Version: 2.0)
us Mod Manager (Version: 0.16.4)
VC 9.0 Runtime (x32 Version: 1.0.0)
Visionaire 3.6 (x32 Version: v3.6)
VLC media player 2.0.2 (x32 Version: 2.0.2)
Wacom Tablett (Version: 6.2.0w5)
WebTablet FB Plugin (x32 Version: 2.0.0.4)
WebTablet IE Plugin (x32 Version: 1.1.0.12)
WebTablet Netscape Plugin (x32 Version: 1.1.0.10)
wellwasser® bluescreen 1.7.1 (x32)
Winamp (x32 Version: 5.623 )
Winamp Erkennungs-Plug-in (HKCU Version: 1.0.0.1)
Windows Live Anmelde-Assistent (x32 Version: 5.000.818.5)
Windows Live Call (x32 Version: 14.0.8117.0416)
Windows Live Communications Platform (x32 Version: 14.0.8117.416)
Windows Live Essentials (x32 Version: 14.0.8117.0416)
Windows Live Essentials (x32 Version: 14.0.8117.416)
Windows Live Messenger (x32 Version: 14.0.8117.0416)
Windows Live-Uploadtool (x32 Version: 14.0.8014.1029)
Windows-Treiberpaket - Nokia pccsmcfd  (10/12/2007 6.85.4.0) (Version: 10/12/2007 6.85.4.0)
WinRAR 4.11 (64-Bit) (Version: 4.11.0)
XAMPP 1.8.1 (x32)
XFastUsb (x32)
ZoneAlarm Firewall (x32 Version: 10.1.079.000)
ZoneAlarm Free (x32 Version: 10.1.065.000)
ZoneAlarm Security (x32 Version: 10.1.079.000)
ZoneAlarm Toolbar

==================== Restore Points  =========================


==================== Hosts content: ==========================

2009-07-14 04:34 - 2012-04-21 18:54 - 00000887 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
127.0.0.1       activate.adobe.com


==================== Scheduled Tasks (whitelisted) =============

Task: {029D44EB-3D53-4AF1-A3E4-363C2821295E} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3459245019-1856421615-1668137085-500Core => C:\Users\Administrator\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-02] (Facebook Inc.)
Task: {0CB5C46F-A0B7-4A4E-897D-70C93468EF51} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-12] (Adobe Systems Incorporated)
Task: {575E0D90-CE83-4E79-AA0C-80BF883A2B4F} - System32\Tasks\AdobeAAMUpdater-1.0-BlackBat-PC-Administrator => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {7398B38B-E943-426E-B2DE-C33AFE21CDBA} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] ()
Task: {81C07308-0222-4E0C-83D0-6379DD69A6CF} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3459245019-1856421615-1668137085-500UA => C:\Users\Administrator\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-02] (Facebook Inc.)
Task: {A5DA8FE0-DD00-42E7-89BE-52E51511AF06} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {CDE5F9EE-20A0-40D3-965B-28A08180B311} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation)
Task: {F9C4B045-487F-49DB-BCD7-1C99F9DE1022} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-10] (Google Inc.)
Task: {FD52A8BC-1ECC-408E-861F-021779E19F36} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-10] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3459245019-1856421615-1668137085-500Core.job => C:\Users\Administrator\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3459245019-1856421615-1668137085-500UA.job => C:\Users\Administrator\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/05/2013 09:51:07 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/05/2013 09:17:35 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d672ee4
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec4aa8e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000058c98
ID des fehlerhaften Prozesses: 0x20d8
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3

Error: (08/05/2013 09:17:00 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d672ee4
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec4aa8e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000058c98
ID des fehlerhaften Prozesses: 0x498
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3

Error: (08/05/2013 06:08:39 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/04/2013 07:16:45 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/04/2013 00:41:22 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/03/2013 11:28:05 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Corner_a_artstudio_1_3_crack_by_ViKiNG.exe, Version: 0.0.0.0, Zeitstempel: 0x51fd6f4e
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0x80000002
Fehleroffset: 0x7731d7d8
ID des fehlerhaften Prozesses: 0x1624
Startzeit der fehlerhaften Anwendung: 0xCorner_a_artstudio_1_3_crack_by_ViKiNG.exe0
Pfad der fehlerhaften Anwendung: Corner_a_artstudio_1_3_crack_by_ViKiNG.exe1
Pfad des fehlerhaften Moduls: Corner_a_artstudio_1_3_crack_by_ViKiNG.exe2
Berichtskennung: Corner_a_artstudio_1_3_crack_by_ViKiNG.exe3

Error: (08/03/2013 10:26:17 PM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {77a39e53-a414-436b-9db0-7cf1bb108089}

Error: (08/03/2013 00:15:49 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/02/2013 03:56:14 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (08/05/2013 09:52:01 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (08/05/2013 09:52:01 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (08/05/2013 09:50:10 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%-2147024891

Error: (08/05/2013 09:50:10 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet: 
%%-2147024891

Error: (08/05/2013 09:49:40 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "SVKP" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (08/05/2013 09:49:39 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "IPsec-Richtlinien-Agent" ist von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.

Error: (08/05/2013 09:49:39 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "mysql" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (08/05/2013 09:49:36 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.

Error: (08/05/2013 09:49:35 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Apache2.4" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (08/05/2013 09:49:34 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: 
%%1060


Microsoft Office Sessions:
=========================
Error: (08/05/2013 09:51:07 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/05/2013 09:17:35 PM) (Source: Application Error)(User: )
Description: Explorer.EXE6.1.7601.175674d672ee4ntdll.dll6.1.7601.177254ec4aa8ec00000050000000000058c9820d801ce9210616f74a2C:\Windows\Explorer.EXEC:\Windows\SYSTEM32\ntdll.dllaeffd3ca-fe03-11e2-8eee-002522bf3af4

Error: (08/05/2013 09:17:00 PM) (Source: Application Error)(User: )
Description: Explorer.EXE6.1.7601.175674d672ee4ntdll.dll6.1.7601.177254ec4aa8ec00000050000000000058c9849801ce91f5d23da0fbC:\Windows\Explorer.EXEC:\Windows\SYSTEM32\ntdll.dll99c4f236-fe03-11e2-8eee-002522bf3af4

Error: (08/05/2013 06:08:39 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/04/2013 07:16:45 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/04/2013 00:41:22 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/03/2013 11:28:05 PM) (Source: Application Error)(User: )
Description: Corner_a_artstudio_1_3_crack_by_ViKiNG.exe0.0.0.051fd6f4eunknown0.0.0.000000000800000027731d7d8162401ce909053ee16d7C:\Users\Administrator\Desktop\Corner_a_artstudio_1_3_crack_by_ViKiNG.exeunknown94d4ce03-fc83-11e2-aada-002522bf3af4

Error: (08/03/2013 10:26:17 PM) (Source: VSS)(User: )
Description: 0x80070005, Zugriff verweigert


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {77a39e53-a414-436b-9db0-7cf1bb108089}

Error: (08/03/2013 00:15:49 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/02/2013 03:56:14 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2013-08-05 22:06:16.496
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-04 19:28:24.563
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-04 14:51:55.725
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-04 14:39:37.886
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-04 14:14:46.616
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-04 14:03:47.050
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-04 13:47:14.221
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-04 13:14:44.853
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-04 13:09:42.767
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-04 12:56:10.012
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 18%
Total physical RAM: 16366.69 MB
Available physical RAM: 13367.2 MB
Total Pagefile: 24556.87 MB
Available Pagefile: 21328.9 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:60 GB) (Free:16.39 GB) NTFS (Disk=0 Partition=1)
Drive d: (Programme) (Fixed) (Total:250 GB) (Free:234.19 GB) NTFS (Disk=0 Partition=2)
Drive e: (Arbeitsdateien) (Fixed) (Total:155.75 GB) (Free:77.52 GB) NTFS (Disk=0 Partition=3)
Drive g: (Games) (Fixed) (Total:232.88 GB) (Free:63.85 GB) NTFS (Disk=1 Partition=1) ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: A1CCA1CC)
Partition 1: (Not Active) - (Size=60 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=406 GB) - (Type=OF Extended)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 74BC26AE)
Partition 1: (Active) - (Size=233 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
Hat sich erledigt, werde das System neuinstallieren und endlich mal auf win 8 updaten.
__________________

Alt 06.08.2013, 16:23   #4
schrauber
/// the machine
/// TB-Ausbilder
 

TR/ATRAPS.Gen2 und TR/Gendal.15360 gefunden, wie loswerden? - Standard

TR/ATRAPS.Gen2 und TR/Gendal.15360 gefunden, wie loswerden?



Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!
Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu TR/ATRAPS.Gen2 und TR/Gendal.15360 gefunden, wie loswerden?
avira, biester, dankbar, desktop, files, gefunde, geselle, google, heute, loswerden, neu, program, runter, system, tr/atraps.gen, tr/atraps.gen2, tr/gendal.15360, unangenehme



Ähnliche Themen: TR/ATRAPS.Gen2 und TR/Gendal.15360 gefunden, wie loswerden?


  1. TR/ATRAPS.Gen/Gen2 von Avira gefunden
    Plagegeister aller Art und deren Bekämpfung - 06.10.2013 (21)
  2. werde TR/Gendal.15360 nicht los
    Plagegeister aller Art und deren Bekämpfung - 16.09.2013 (17)
  3. TR/ATRAPS.Gen2 und W32/Patched.UC gefunden
    Plagegeister aller Art und deren Bekämpfung - 31.05.2013 (10)
  4. Avira meldet W32/Patched.UC, TR/ATRAPS.Gen2, TR/Gendal.15360, JAVA/Joegek.KY, BDS/ZAccess.AY, EXP/CVE-2012-1723
    Log-Analyse und Auswertung - 27.05.2013 (9)
  5. TR/ATRAPS.Gen2 und W32/Patched.UC gefunden
    Plagegeister aller Art und deren Bekämpfung - 13.05.2013 (19)
  6. Trojaner: tr/atraps.gen2, tr/atraps.gen, tr/atraps.gen3, tr/atraps.gen4, tr/atraps.gen5, tr/atraps.gen7 und services.exe virus
    Plagegeister aller Art und deren Bekämpfung - 11.01.2013 (29)
  7. TR/ATRAPS.Gen & TR/ATRAPS.Gen2 durch Avira gefunden
    Plagegeister aller Art und deren Bekämpfung - 10.11.2012 (3)
  8. TR/ATRAPS.Gen2 gefunden
    Log-Analyse und Auswertung - 24.10.2012 (10)
  9. TR/ATRAPS.Gen2 gefunden
    Plagegeister aller Art und deren Bekämpfung - 03.10.2012 (20)
  10. atraps.gen2 + atraps.gen sind meine neuen und ungebetenen Gäste die ich loswerden möchte!
    Plagegeister aller Art und deren Bekämpfung - 14.08.2012 (1)
  11. TR/ATRAPS.Gen2 von Avira gefunden
    Log-Analyse und Auswertung - 13.07.2012 (3)
  12. TR/ATRAPS.Gen , TR/ATRAPS.Gen2 und Live Security Platinum gefunden
    Plagegeister aller Art und deren Bekämpfung - 12.07.2012 (3)
  13. Virus gefunden: TR/ATRAPS.Gen, TR/ATRAPS.Gen2
    Plagegeister aller Art und deren Bekämpfung - 12.07.2012 (1)
  14. TR/ATRAPS.Gen/Gen2 gefunden
    Log-Analyse und Auswertung - 03.07.2012 (25)
  15. TR/Small.FI, TR/ATRAPS.Gen und TR/ATRAPS.Gen2 gefunden, aber nach Systemwiederherstellung weg?
    Plagegeister aller Art und deren Bekämpfung - 25.06.2012 (4)
  16. antivir hat tr/atraps.gen2 gefunden - was tun?
    Plagegeister aller Art und deren Bekämpfung - 07.03.2012 (17)
  17. TR/ATRAPS.Gen2 gefunden.
    Plagegeister aller Art und deren Bekämpfung - 22.01.2012 (18)

Zum Thema TR/ATRAPS.Gen2 und TR/Gendal.15360 gefunden, wie loswerden? - Hallo bin neu hier, habe heute leider 2 unangenehme Gesellen mit Avira in meinem System gefunden. Leider lassen sie sich nicht löschen. Die beiden heißen TR/ATRAPS.Gen2 und TR/Gendal.15360 Wie werde - TR/ATRAPS.Gen2 und TR/Gendal.15360 gefunden, wie loswerden?...
Archiv
Du betrachtest: TR/ATRAPS.Gen2 und TR/Gendal.15360 gefunden, wie loswerden? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.