| |
| |||||||
Log-Analyse und Auswertung: Windows 8 x64 - "TR/ATRAPS.Gen2" in C:\Program Files (x86)\Google\Desktop\...\80000032.@ und ...\80000064.@ und ...{80000000.@Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
07.08.2013, 11:17
| #1 |
| |  Windows 8 x64 - "TR/ATRAPS.Gen2" in C:\Program Files (x86)\Google\Desktop\...\80000032.@ und ...\80000064.@ und ...{80000000.@ Hallo liebes TB-Team, Ich bekomme seit mehreren Tagen alle paar Minuten von Avira Antivir die Meldung, dass sich der Virus oder das unerwünschte Programm "TR/ATRAPS.Gen2" in C:\Program Files (x86)\Google\Desktop\...\80000032.@ und ...\80000064.@ und ...\80000000.@ befindet. Ich habe es schon gefühlte hundertmal in den Quarantäneordner verschoben oder gelöscht aber die Meldungen verschwinden nicht. Dann habe ich Malwarebytes Anti-Malware installiert und einen vollständigen Scan ausgeführt und da wurde auch der gleiche Virus gefunden aber das Entfernen hat auch nicht geholfen selbst als ich dann nochmal Malwarebytes im abgesicherten Modus durchlaufen lies. Ich weiß nicht mehr weiter und hoffe ihr könnt mir helfen. Grüße, Erik Malwarebytes Anti-Malware Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.08.05.07 Windows 8 x64 NTFS Internet Explorer 10.0.9200.16635 Erik :: ERIKSSUPERPC [Administrator] 07.08.2013 08:31:47 MBAM-log-2013-08-07 (10-52-31).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 599805 Laufzeit: 2 Stunde(n), 20 Minute(n), 27 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 c:\program files (x86)\google\desktop\install\{5d8c7e1b-84db-b569-6354-df7b2d22ca64}\ \...\*ﯹ๛\{5d8c7e1b-84db-b569-6354-df7b2d22ca64}\u\000000cb.@ (Rootkit.0Access) -> Keine Aktion durchgeführt. (Ende) Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 10:56 on 07/08/2013 (Erik)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
HKCU:DAEMON Tools Lite -> Removed
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-08-2013
Ran by Erik (administrator) on 07-08-2013 10:58:42
Running from C:\Users\Erik\Downloads
Windows 8 Pro (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\WINDOWS\system32\atiesrxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\WINDOWS\system32\dashost.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
() C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe
() C:\WINDOWS\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Adobe Systems, Inc.) C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Adobe Systems, Inc.) C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKCU\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1475952 2013-01-10] (Samsung)
HKCU\...\Run: [KiesPDLR] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844144 2013-01-10] (Samsung)
HKCU\...\Run: [KiesAirMessage] - C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe [578560 2012-12-18] (Samsung Electronics)
HKCU\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844144 2013-01-10] (Samsung)
HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310128 2013-01-10] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [amd_dc_opt] - C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [ADSK DLMSession] - C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe [1632216 2012-07-23] (Autodesk, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [345144 2013-06-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [TkBellExe] - c:\program files (x86)\real\realplayer\Update\realsched.exe [295512 2013-07-11] (RealNetworks, Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2255184 2013-06-28] (LogMeIn Inc.)
Startup: C:\Users\Erik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: No Name - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No File
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 04 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 04 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\Erik\AppData\Roaming\Mozilla\Firefox\Profiles\4xzzp7q7.default
FF Homepage: hxxp://www.google.de/
FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @java.com/DTPlugin,version=10.9.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=1.138.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.1.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.3 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\WINDOWS\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npNxGameEU.dll (Nexon)
FF Plugin-x32: @real.com/nppl3260;version=16.0.2.32 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.2.32 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Erik\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\Erik\AppData\Roaming\Mozilla\Firefox\Profiles\4xzzp7q7.default\Extensions\ich@maltegoetz.de
FF Extension: 8 Ultimo - C:\Users\Erik\AppData\Roaming\Mozilla\Firefox\Profiles\4xzzp7q7.default\Extensions\{2b6788a0-0ccd-11e1-be50-0800200c9a66}
FF Extension: FT Evo - C:\Users\Erik\AppData\Roaming\Mozilla\Firefox\Profiles\4xzzp7q7.default\Extensions\{5c8c1470-d247-11e0-9572-0800200c9a66}
FF Extension: FT DeepDark - C:\Users\Erik\AppData\Roaming\Mozilla\Firefox\Profiles\4xzzp7q7.default\Extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66}
FF Extension: ffe_ff3aeroff4 - C:\Users\Erik\AppData\Roaming\Mozilla\Firefox\Profiles\4xzzp7q7.default\Extensions\ffe_ff3aeroff4@game-point.net.xpi
FF Extension: sendtophone - C:\Users\Erik\AppData\Roaming\Mozilla\Firefox\Profiles\4xzzp7q7.default\Extensions\sendtophone@martinezdelizarrondo.com.xpi
FF Extension: No Name - C:\Users\Erik\AppData\Roaming\Mozilla\Firefox\Profiles\4xzzp7q7.default\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
FF Extension: No Name - C:\Users\Erik\AppData\Roaming\Mozilla\Firefox\Profiles\4xzzp7q7.default\Extensions\{c7b3cf78-9cbc-47b9-ba47-bb84a56069dd}.xpi
FF Extension: No Name - C:\Users\Erik\AppData\Roaming\Mozilla\Firefox\Profiles\4xzzp7q7.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [{FCE04E1F-9378-4f39-96F6-5689A9159E45}] C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
==================== Services (Whitelisted) =================
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-01-09] (Adobe Systems)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-03-28] (Advanced Micro Devices, Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-06-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-06-20] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [811064 2013-06-20] (Avira Operations GmbH & Co. KG)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-03-21] ()
R2 mi-raysat_3dsmax2012_64; C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [86016 2011-02-22] ()
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-06-12] ()
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] ()
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [126976 2012-07-25] (Microsoft Corporation)
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [754584 2013-06-24] (Tunngle.net GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-29] (Microsoft Corporation)
U2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{5d8c7e1b-84db-b569-6354-df7b2d22ca64}\ \...\???\{5d8c7e1b-84db-b569-6354-df7b2d22ca64}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)
==================== Drivers (Whitelisted) ====================
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21600 2013-03-21] (Advanced Micro Devices, Inc.)
R2 AODDriver4.2; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [57472 2012-04-09] (Advanced Micro Devices)
R3 Apowersoft_AudioDevice; C:\Windows\system32\drivers\Apowersoft_AudioDevice.sys [31968 2012-10-08] (Wondershare)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [94208 2013-02-14] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-06-20] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [130016 2013-06-20] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-02-26] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [83672 2013-05-08] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283200 2012-11-22] (DT Soft Ltd)
S3 sthid; C:\Windows\System32\drivers\sthid.sys [20776 2013-01-28] (Splashtop Inc.)
S3 TabletFilter; C:\Windows\System32\drivers\TabletFilter.sys [7680 2012-08-15] (Windows (R) Win 7 DDK provider)
R3 tap0901t; C:\Windows\system32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
S3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42184 2013-02-12] (Anchorfree Inc.)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [89088 2012-07-26] (Microsoft Corporation)
S3 EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys [x]
S3 moufiltr; \SystemRoot\System32\drivers\moufiltr.sys [x]
S3 vhidmini; \SystemRoot\System32\drivers\walvhid.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-08-07 10:57 - 2013-08-07 10:57 - 01788943 _____ (Farbar) C:\Users\Erik\Downloads\FRST64.exe
2013-08-07 10:56 - 2013-08-07 10:56 - 00000540 _____ C:\Users\Erik\Downloads\defogger_disable.log
2013-08-07 10:56 - 2013-08-07 10:56 - 00000168 _____ C:\Users\Erik\defogger_reenable
2013-08-07 10:54 - 2013-08-07 10:54 - 00050477 _____ C:\Users\Erik\Downloads\Defogger.exe
2013-08-06 19:00 - 2013-08-06 19:00 - 00000000 ____D C:\Users\Erik\AppData\Local\Mozilla
2013-08-06 00:51 - 2013-08-06 00:51 - 00076358 _____ C:\Users\Erik\Downloads\Extras.Txt
2013-08-06 00:50 - 2013-08-06 18:39 - 00127712 _____ C:\Users\Erik\Downloads\OTL.Txt
2013-08-06 00:39 - 2013-08-06 00:39 - 00602112 _____ (OldTimer Tools) C:\Users\Erik\Downloads\OTL.exe
2013-08-05 21:27 - 2013-08-05 21:27 - 00000000 ____D C:\Users\Erik\AppData\Roaming\Malwarebytes
2013-08-05 21:26 - 2013-08-05 21:26 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Erik\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-05 21:26 - 2013-08-05 21:26 - 00001122 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-08-05 21:26 - 2013-08-05 21:26 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-05 21:26 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2013-08-05 20:07 - 2013-08-05 20:07 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2013-08-05 19:47 - 2013-08-05 19:59 - 00000000 ____D C:\Users\Erik\AppData\Roaming\SM2
2013-08-05 19:47 - 2013-08-05 19:47 - 00000992 _____ C:\Users\Erik\Desktop\ShaderMap 2 (DEMO).lnk
2013-08-05 19:47 - 2013-08-05 19:47 - 00000000 ____D C:\Program Files\ShaderMap 2 DEMO
2013-08-05 19:46 - 2013-08-05 19:46 - 28031616 _____ (Rendering Systems Inc. ) C:\Users\Erik\Downloads\ShaderMapDEMO_v2_0_72.exe
2013-08-05 19:36 - 2013-08-05 19:36 - 00000000 ____D C:\Users\Erik\AppData\Local\CrazyBump
2013-08-05 19:36 - 2013-08-05 19:36 - 00000000 ____D C:\ProgramData\CrazyBump
2013-08-05 19:36 - 2012-10-09 23:31 - 00000000 ____D C:\Users\Erik\Downloads\CrazyBump.1.2
2013-08-05 19:34 - 2013-08-05 19:34 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-05 19:30 - 2013-08-05 19:30 - 13399154 _____ C:\Users\Erik\Downloads\mbar-1.06.0.1004.zip
2013-08-05 19:01 - 2013-08-05 19:12 - 31620928 _____ C:\Users\Erik\Downloads\Crazy.Bump.1.2.rar
2013-08-05 18:08 - 2013-08-05 18:44 - 110100480 _____ C:\Users\Erik\Downloads\Burglar Busted.part3.rar
2013-08-05 17:15 - 2013-08-05 17:15 - 00000000 ____D C:\Users\Erik\Documents\AdobeStockPhotos
2013-08-05 13:58 - 2013-08-05 13:58 - 00001540 _____ C:\Users\Erik\AppData\Local\recently-used.xbel
2013-08-05 10:42 - 2013-08-05 11:18 - 110100480 _____ C:\Users\Erik\Downloads\Burglar Busted.part2.rar
2013-08-04 09:04 - 2013-05-14 13:33 - 00000000 ____D C:\Users\Erik\Downloads\CryENGINE_3_Cookbook
2013-07-31 23:28 - 2013-07-31 23:30 - 30765917 _____ C:\Users\Erik\Downloads\sortiermaschine version 3.7z
2013-07-31 15:03 - 2013-07-31 15:03 - 00040661 _____ C:\Users\Erik\Downloads\SEUS v10.0 Ultra Motion Blur.zip
2013-07-31 14:52 - 2013-07-31 14:52 - 00000000 ____D C:\Users\Erik\Downloads\N.E.R.D.-Fly_Or_Die-Retail-2004-Recycled_INT
2013-07-31 14:51 - 2013-07-31 14:53 - 41422160 _____ C:\Users\Erik\Downloads\64px BETA [mc1.5.1] HD MK WORKING.zip
2013-07-31 14:35 - 2013-07-31 14:35 - 00000000 ____D C:\Users\Erik\Downloads\Ultimate
2013-07-31 14:29 - 2013-07-31 14:29 - 00421779 _____ C:\Users\Erik\Downloads\ShadersMod-2.00-mc1.5.2-ofud3(2).zip
2013-07-31 14:25 - 2013-07-31 14:25 - 00374114 _____ C:\Users\Erik\Downloads\OptiFine_1.5.2_HD_D3.zip
2013-07-31 14:22 - 2013-07-31 15:06 - 00217600 _____ C:\Users\Erik\Downloads\jacob-1.17-M2-x64.dll
2013-07-31 14:22 - 2013-07-31 15:06 - 00176128 _____ C:\Users\Erik\Downloads\jacob-1.17-M2-x86.dll
2013-07-31 14:16 - 2013-07-31 14:20 - 00000000 ____D C:\Users\Erik\Downloads\Direwolf20_1_5
2013-07-30 13:24 - 2013-08-04 09:31 - 110100480 _____ C:\Users\Erik\Downloads\Burglar Busted.part1.rar
2013-07-30 13:08 - 2013-07-30 15:00 - 686623991 _____ C:\Users\Erik\Downloads\msgf.e02.maria.sd(1).wmv
2013-07-29 21:53 - 2013-07-29 21:53 - 00246411 _____ C:\Users\Erik\Downloads\ShadersMod-mc1.5.2-ofud3-1.46(1).zip
2013-07-29 21:51 - 2013-07-29 21:51 - 00041996 _____ C:\Users\Erik\Downloads\Sildurs shaders RC2.1 ATI high.zip
2013-07-29 21:15 - 2013-07-29 21:15 - 00295901 _____ C:\Users\Erik\Downloads\ShadersMod-mc1.5.2-ofud3-1.46.zip
2013-07-29 20:01 - 2013-07-29 20:01 - 00421779 _____ C:\Users\Erik\Downloads\ShadersMod-2.00-mc1.5.2-ofud3(1).zip
2013-07-29 20:01 - 2013-07-29 20:01 - 00035468 _____ C:\Users\Erik\Downloads\RudoPlays Shader(1).zip
2013-07-29 19:55 - 2013-07-29 19:55 - 00367332 _____ (hxxp://magiclauncher.com) C:\Users\Erik\Downloads\MagicLauncher_1.1.7.exe
2013-07-29 19:55 - 2013-07-29 19:55 - 00220205 _____ C:\Users\Erik\Downloads\ShadersMod.zip
2013-07-29 19:55 - 2013-07-29 19:55 - 00035468 _____ C:\Users\Erik\Downloads\RudoPlays Shader.zip
2013-07-29 19:48 - 2013-07-29 19:48 - 00421779 _____ C:\Users\Erik\Downloads\ShadersMod-2.00-mc1.5.2-ofud3.zip
2013-07-29 19:46 - 2013-07-29 19:46 - 00049056 _____ C:\Users\Erik\Downloads\SEUS v10 RC7 Ultra.zip
2013-07-29 19:37 - 2013-07-29 19:37 - 00366367 _____ C:\Users\Erik\Downloads\optifine_1.6.2.zip
2013-07-28 09:01 - 2013-07-28 09:02 - 00000000 ____D C:\Users\Erik\Downloads\Company of Heroes Patches
2013-07-28 08:59 - 2013-07-28 09:02 - 00000000 ____D C:\Users\Erik\Downloads\Video2Brain.Autodesk.3ds.Max.2013-Visualisierung.GERMAN-Substance
2013-07-25 20:39 - 2013-07-25 20:39 - 02033889 _____ C:\Users\Erik\Downloads\mcpatcher-4.1.1.exe
2013-07-24 17:49 - 2013-07-24 17:49 - 00000000 ____D C:\Users\Erik\Documents\TheInnerWorld
2013-07-24 17:49 - 2013-07-24 17:49 - 00000000 ____D C:\Users\Erik\AppData\Roaming\com.studio-fizbin.InnerWorld
2013-07-21 17:53 - 2013-08-06 18:23 - 00000000 ____D C:\Users\Erik\AppData\Local\LogMeIn Hamachi
2013-07-21 17:51 - 2013-08-05 20:07 - 00000935 _____ C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
2013-07-21 17:46 - 2013-07-21 17:53 - 00000000 ____D C:\Users\Erik\Downloads\MindCrack_Server
2013-07-21 17:16 - 2013-07-21 17:16 - 00000000 _____ C:\Users\Erik\Downloads\server.log
2013-07-21 17:15 - 2013-07-21 17:15 - 00000000 ____D C:\Users\Erik\Downloads\MindCrack
2013-07-21 17:13 - 2013-07-21 17:16 - 00000000 ____D C:\Users\Erik\AppData\Roaming\ftblauncher
2013-07-21 17:12 - 2013-07-21 17:12 - 00512825 _____ () C:\Users\Erik\Downloads\FTB_Launcher.exe
2013-07-21 17:11 - 2013-07-21 17:11 - 00675988 _____ C:\Users\Erik\Desktop\Minecraft.exe
2013-07-19 22:25 - 2013-07-19 22:25 - 00000000 ____D C:\Users\Erik\AppData\Roaming\.mono
2013-07-19 22:25 - 2013-07-19 22:25 - 00000000 ____D C:\Users\Erik\AppData\Local\UWebKit
2013-07-19 13:16 - 2013-07-19 13:18 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-07-18 14:21 - 2013-08-04 08:25 - 00452400 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-07-16 21:22 - 2013-06-17 00:41 - 00997632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2013-07-16 21:22 - 2013-06-01 13:54 - 00194816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2013-07-16 21:22 - 2013-06-01 13:54 - 00125184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2013-07-16 21:22 - 2013-06-01 13:34 - 02391280 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2013-07-16 21:22 - 2013-06-01 13:33 - 02233600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2013-07-16 21:22 - 2013-06-01 13:29 - 00337152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2013-07-16 21:22 - 2013-06-01 13:29 - 00213248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UCX01000.SYS
2013-07-16 21:22 - 2013-06-01 13:26 - 06987008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2013-07-16 21:22 - 2013-06-01 13:26 - 00327936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2013-07-16 21:22 - 2013-06-01 12:24 - 02106176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2013-07-16 21:22 - 2013-06-01 11:25 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsGdiConverter.dll
2013-07-16 21:22 - 2013-06-01 11:25 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll
2013-07-16 21:22 - 2013-06-01 11:24 - 01453568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2013-07-16 21:22 - 2013-06-01 11:24 - 00850944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2013-07-16 21:22 - 2013-06-01 11:24 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mscms.dll
2013-07-16 21:22 - 2013-06-01 11:23 - 01842176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2013-07-16 21:22 - 2013-06-01 11:23 - 00680960 _____ (Microsoft Corporation) C:\WINDOWS\system32\vds.exe
2013-07-16 21:22 - 2013-06-01 11:22 - 00523264 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsGdiConverter.dll
2013-07-16 21:22 - 2013-06-01 11:22 - 00446976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2013-07-16 21:22 - 2013-06-01 11:22 - 00190976 _____ (Microsoft Corporation) C:\WINDOWS\system32\vdsutil.dll
2013-07-16 21:22 - 2013-06-01 11:22 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeParserTask.exe
2013-07-16 21:22 - 2013-06-01 11:21 - 00729600 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2013-07-16 21:22 - 2013-06-01 11:21 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2013-07-16 21:22 - 2013-06-01 11:20 - 02219520 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2013-07-16 21:22 - 2013-06-01 11:20 - 01527808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2013-07-16 21:22 - 2013-06-01 11:20 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2013-07-16 21:22 - 2013-06-01 11:20 - 00583168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mscms.dll
2013-07-16 21:22 - 2013-06-01 11:19 - 00785408 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2013-07-16 21:22 - 2013-06-01 11:19 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupManager.dll
2013-07-16 21:22 - 2013-06-01 05:08 - 00037632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthAvrcpTg.sys
2013-07-16 21:22 - 2013-05-25 00:09 - 01403296 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2013-07-16 21:22 - 2013-05-25 00:09 - 01271584 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2013-07-16 21:22 - 2013-05-25 00:09 - 01217352 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2013-07-16 21:22 - 2013-05-25 00:09 - 01093904 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2013-07-16 21:22 - 2013-05-20 02:08 - 00386642 _____ C:\WINDOWS\system32\ApnDatabase.xml
2013-07-11 14:08 - 2013-07-11 14:08 - 00000000 ____D C:\Users\Erik\AppData\Roaming\RealNetworks
2013-07-11 14:07 - 2013-07-11 14:07 - 00000000 ____D C:\ProgramData\RealNetworks
2013-07-11 14:07 - 2013-07-11 14:07 - 00000000 ____D C:\Program Files (x86)\RealNetworks
2013-07-10 09:43 - 2013-07-10 09:43 - 00000000 ____D C:\ProgramData\REVOLT
2013-07-10 09:34 - 2013-07-10 09:34 - 00001942 _____ C:\Users\Erik\Desktop\Play The Walking Dead nosTEAM.lnk
2013-07-10 09:30 - 2013-07-10 09:30 - 00000000 ____D C:\Users\Erik\Neuer Ordner
2013-07-10 09:13 - 2013-07-10 09:43 - 00000000 ____D C:\Users\Erik\Documents\Telltale Games
2013-07-10 07:42 - 2013-04-12 00:30 - 01421312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2013-07-10 07:42 - 2013-04-12 00:22 - 01838080 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2013-07-10 07:41 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2013-07-10 07:41 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2013-07-10 07:41 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2013-07-10 07:41 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2013-07-10 07:41 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2013-07-10 07:41 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2013-07-10 07:41 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2013-07-10 07:41 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2013-07-10 07:41 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2013-07-10 07:41 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2013-07-10 07:41 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2013-07-10 07:41 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2013-07-10 07:41 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2013-07-10 07:41 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2013-07-10 07:41 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2013-07-10 07:41 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2013-07-10 07:41 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2013-07-10 07:41 - 2013-06-01 11:25 - 00496640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2013-07-10 07:41 - 2013-06-01 11:21 - 00595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2013-07-10 07:41 - 2013-05-31 01:14 - 04036096 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2013-07-10 07:41 - 2013-05-04 08:59 - 02842112 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL
2013-07-10 07:41 - 2013-05-04 06:57 - 02620928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDECOD.DLL
2013-07-09 22:18 - 2013-07-09 22:18 - 00001442 _____ C:\Users\Erik\Downloads\BAHN_Fahrplan_20130713.ics
2013-07-08 18:19 - 2013-07-08 18:19 - 00489866 _____ C:\Users\Erik\Downloads\ReloadModVanilla 8.6.zip
160
==================== One Month Modified Files and Folders =======
2013-08-07 10:58 - 2013-08-07 10:58 - 00000000 ____D C:\FRST
2013-08-07 10:57 - 2013-08-07 10:57 - 01788943 _____ (Farbar) C:\Users\Erik\Downloads\FRST64.exe
2013-08-07 10:56 - 2013-08-07 10:56 - 00000540 _____ C:\Users\Erik\Downloads\defogger_disable.log
2013-08-07 10:56 - 2013-08-07 10:56 - 00000168 _____ C:\Users\Erik\defogger_reenable
2013-08-07 10:56 - 2012-09-04 12:20 - 00000000 ____D C:\Users\Erik
2013-08-07 10:54 - 2013-08-07 10:54 - 00050477 _____ C:\Users\Erik\Downloads\Defogger.exe
2013-08-07 09:02 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\system32\sru
2013-08-07 08:33 - 2012-09-04 12:29 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2757179658-3383392886-2677204389-1001
2013-08-07 08:31 - 2013-07-06 12:34 - 01570273 _____ C:\WINDOWS\WindowsUpdate.log
2013-08-06 19:00 - 2013-08-06 19:00 - 00000000 ____D C:\Users\Erik\AppData\Local\Mozilla
2013-08-06 18:59 - 2012-07-26 09:22 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-08-06 18:39 - 2013-08-06 00:50 - 00127712 _____ C:\Users\Erik\Downloads\OTL.Txt
2013-08-06 18:23 - 2013-07-21 17:53 - 00000000 ____D C:\Users\Erik\AppData\Local\LogMeIn Hamachi
2013-08-06 18:23 - 2013-03-06 09:25 - 00000000 ____D C:\Users\Erik\AppData\Roaming\TS3Client
2013-08-06 18:23 - 2012-10-12 21:30 - 00000000 ____D C:\Users\Erik\AppData\Roaming\Media Player Classic
2013-08-06 18:23 - 2012-09-12 14:02 - 00000000 ____D C:\Program Files (x86)\Steam
2013-08-06 18:23 - 2012-09-04 13:07 - 00000000 ____D C:\Users\Erik\AppData\Roaming\DAEMON Tools Lite
2013-08-06 16:25 - 2012-09-04 14:51 - 00000000 ____D C:\Users\Erik\AppData\Roaming\Skype
2013-08-06 13:18 - 2012-10-11 20:51 - 00000000 ____D C:\ProgramData\boost_interprocess
2013-08-06 12:55 - 2012-07-26 07:26 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2013-08-06 00:51 - 2013-08-06 00:51 - 00076358 _____ C:\Users\Erik\Downloads\Extras.Txt
2013-08-06 00:39 - 2013-08-06 00:39 - 00602112 _____ (OldTimer Tools) C:\Users\Erik\Downloads\OTL.exe
2013-08-05 21:27 - 2013-08-05 21:27 - 00000000 ____D C:\Users\Erik\AppData\Roaming\Malwarebytes
2013-08-05 21:26 - 2013-08-05 21:26 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Erik\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-05 21:26 - 2013-08-05 21:26 - 00001122 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-08-05 21:26 - 2013-08-05 21:26 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-05 21:13 - 2013-06-01 15:31 - 00000000 ____D C:\Users\Erik\Downloads\mbar
2013-08-05 20:07 - 2013-08-05 20:07 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2013-08-05 20:07 - 2013-07-21 17:51 - 00000935 _____ C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
2013-08-05 20:01 - 2012-11-20 18:10 - 00000000 ____D C:\Users\Erik\Documents\Windows
2013-08-05 19:59 - 2013-08-05 19:47 - 00000000 ____D C:\Users\Erik\AppData\Roaming\SM2
2013-08-05 19:47 - 2013-08-05 19:47 - 00000992 _____ C:\Users\Erik\Desktop\ShaderMap 2 (DEMO).lnk
2013-08-05 19:47 - 2013-08-05 19:47 - 00000000 ____D C:\Program Files\ShaderMap 2 DEMO
2013-08-05 19:46 - 2013-08-05 19:46 - 28031616 _____ (Rendering Systems Inc. ) C:\Users\Erik\Downloads\ShaderMapDEMO_v2_0_72.exe
2013-08-05 19:42 - 2013-01-16 04:16 - 00000000 ____D C:\Users\Erik\AppData\Local\licensecb
2013-08-05 19:42 - 2013-01-16 04:16 - 00000000 ____D C:\ProgramData\licensecb
2013-08-05 19:42 - 2012-09-04 13:40 - 00000000 ____D C:\WINDOWS\SysWOW64\directx
2013-08-05 19:41 - 2013-01-08 13:33 - 00000000 ____D C:\Users\Erik\Desktop\3D
2013-08-05 19:36 - 2013-08-05 19:36 - 00000000 ____D C:\Users\Erik\AppData\Local\CrazyBump
2013-08-05 19:36 - 2013-08-05 19:36 - 00000000 ____D C:\ProgramData\CrazyBump
2013-08-05 19:34 - 2013-08-05 19:34 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-05 19:30 - 2013-08-05 19:30 - 13399154 _____ C:\Users\Erik\Downloads\mbar-1.06.0.1004.zip
2013-08-05 19:12 - 2013-08-05 19:01 - 31620928 _____ C:\Users\Erik\Downloads\Crazy.Bump.1.2.rar
2013-08-05 18:51 - 2012-11-16 16:45 - 00000000 ____D C:\Users\Erik\AppData\Local\Google
2013-08-05 18:51 - 2012-11-16 16:45 - 00000000 ____D C:\Program Files (x86)\Google
2013-08-05 18:44 - 2013-08-05 18:08 - 110100480 _____ C:\Users\Erik\Downloads\Burglar Busted.part3.rar
2013-08-05 17:27 - 2012-09-04 12:21 - 00000000 ____D C:\Users\Erik\AppData\Local\VirtualStore
2013-08-05 17:16 - 2012-09-04 12:22 - 00000000 ____D C:\Users\Erik\AppData\Roaming\Adobe
2013-08-05 17:15 - 2013-08-05 17:15 - 00000000 ____D C:\Users\Erik\Documents\AdobeStockPhotos
2013-08-05 13:59 - 2012-10-29 16:45 - 00000000 ____D C:\Users\Erik\.gimp-2.8
2013-08-05 13:58 - 2013-08-05 13:58 - 00001540 _____ C:\Users\Erik\AppData\Local\recently-used.xbel
2013-08-05 11:18 - 2013-08-05 10:42 - 110100480 _____ C:\Users\Erik\Downloads\Burglar Busted.part2.rar
2013-08-04 09:31 - 2013-07-30 13:24 - 110100480 _____ C:\Users\Erik\Downloads\Burglar Busted.part1.rar
2013-08-04 08:30 - 2012-07-26 12:27 - 00751892 _____ C:\WINDOWS\system32\perfh007.dat
2013-08-04 08:30 - 2012-07-26 12:27 - 00155620 _____ C:\WINDOWS\system32\perfc007.dat
2013-08-04 08:30 - 2012-07-26 09:28 - 01745416 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-08-04 08:25 - 2013-07-18 14:21 - 00452400 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-08-01 13:08 - 2012-10-05 18:52 - 00000000 ____D C:\Users\Erik\AppData\Roaming\.minecraft
2013-07-31 23:34 - 2012-09-04 13:33 - 00774656 ___SH C:\Users\Erik\Downloads\Thumbs.db
2013-07-31 23:30 - 2013-07-31 23:28 - 30765917 _____ C:\Users\Erik\Downloads\sortiermaschine version 3.7z
2013-07-31 15:06 - 2013-07-31 14:22 - 00217600 _____ C:\Users\Erik\Downloads\jacob-1.17-M2-x64.dll
2013-07-31 15:06 - 2013-07-31 14:22 - 00176128 _____ C:\Users\Erik\Downloads\jacob-1.17-M2-x86.dll
2013-07-31 15:03 - 2013-07-31 15:03 - 00040661 _____ C:\Users\Erik\Downloads\SEUS v10.0 Ultra Motion Blur.zip
2013-07-31 14:53 - 2013-07-31 14:51 - 41422160 _____ C:\Users\Erik\Downloads\64px BETA [mc1.5.1] HD MK WORKING.zip
2013-07-31 14:52 - 2013-07-31 14:52 - 00000000 ____D C:\Users\Erik\Downloads\N.E.R.D.-Fly_Or_Die-Retail-2004-Recycled_INT
2013-07-31 14:35 - 2013-07-31 14:35 - 00000000 ____D C:\Users\Erik\Downloads\Ultimate
2013-07-31 14:29 - 2013-07-31 14:29 - 00421779 _____ C:\Users\Erik\Downloads\ShadersMod-2.00-mc1.5.2-ofud3(2).zip
2013-07-31 14:25 - 2013-07-31 14:25 - 00374114 _____ C:\Users\Erik\Downloads\OptiFine_1.5.2_HD_D3.zip
2013-07-31 14:20 - 2013-07-31 14:16 - 00000000 ____D C:\Users\Erik\Downloads\Direwolf20_1_5
2013-07-31 14:14 - 2013-03-06 09:25 - 00000000 ____D C:\Program Files (x86)\TeamSpeak 3 Client
2013-07-30 17:16 - 2012-09-06 20:23 - 00000000 ____D C:\Users\Erik\AppData\Local\Windows Live
2013-07-30 15:00 - 2013-07-30 13:08 - 686623991 _____ C:\Users\Erik\Downloads\msgf.e02.maria.sd(1).wmv
2013-07-30 13:20 - 2012-10-18 15:20 - 00000000 ____D C:\Program Files (x86)\JDownloader
2013-07-29 21:56 - 2013-01-15 21:58 - 00162816 ___SH C:\Users\Erik\Desktop\Thumbs.db
2013-07-29 21:53 - 2013-07-29 21:53 - 00246411 _____ C:\Users\Erik\Downloads\ShadersMod-mc1.5.2-ofud3-1.46(1).zip
2013-07-29 21:51 - 2013-07-29 21:51 - 00041996 _____ C:\Users\Erik\Downloads\Sildurs shaders RC2.1 ATI high.zip
2013-07-29 21:15 - 2013-07-29 21:15 - 00295901 _____ C:\Users\Erik\Downloads\ShadersMod-mc1.5.2-ofud3-1.46.zip
2013-07-29 20:01 - 2013-07-29 20:01 - 00421779 _____ C:\Users\Erik\Downloads\ShadersMod-2.00-mc1.5.2-ofud3(1).zip
2013-07-29 20:01 - 2013-07-29 20:01 - 00035468 _____ C:\Users\Erik\Downloads\RudoPlays Shader(1).zip
2013-07-29 19:55 - 2013-07-29 19:55 - 00367332 _____ (hxxp://magiclauncher.com) C:\Users\Erik\Downloads\MagicLauncher_1.1.7.exe
2013-07-29 19:55 - 2013-07-29 19:55 - 00220205 _____ C:\Users\Erik\Downloads\ShadersMod.zip
2013-07-29 19:55 - 2013-07-29 19:55 - 00035468 _____ C:\Users\Erik\Downloads\RudoPlays Shader.zip
2013-07-29 19:48 - 2013-07-29 19:48 - 00421779 _____ C:\Users\Erik\Downloads\ShadersMod-2.00-mc1.5.2-ofud3.zip
2013-07-29 19:46 - 2013-07-29 19:46 - 00049056 _____ C:\Users\Erik\Downloads\SEUS v10 RC7 Ultra.zip
2013-07-29 19:37 - 2013-07-29 19:37 - 00366367 _____ C:\Users\Erik\Downloads\optifine_1.6.2.zip
2013-07-29 13:02 - 2013-07-29 13:01 - 35741184 _____ C:\Users\Erik\Downloads\davina_04.mpg
2013-07-29 13:00 - 2013-07-29 12:59 - 42754932 _____ C:\Users\Erik\Downloads\davina_03.mpg
2013-07-29 12:52 - 2012-09-12 14:09 - 00000000 ____D C:\Users\Erik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2013-07-29 12:26 - 2012-09-04 13:58 - 00000000 ____D C:\Program Files (x86)\Origin
2013-07-28 09:02 - 2013-07-28 09:01 - 00000000 ____D C:\Users\Erik\Downloads\Company of Heroes Patches
2013-07-28 09:02 - 2013-07-28 08:59 - 00000000 ____D C:\Users\Erik\Downloads\Video2Brain.Autodesk.3ds.Max.2013-Visualisierung.GERMAN-Substance
2013-07-25 20:39 - 2013-07-25 20:39 - 02033889 _____ C:\Users\Erik\Downloads\mcpatcher-4.1.1.exe
2013-07-24 17:49 - 2013-07-24 17:49 - 00000000 ____D C:\Users\Erik\Documents\TheInnerWorld
2013-07-24 17:49 - 2013-07-24 17:49 - 00000000 ____D C:\Users\Erik\AppData\Roaming\com.studio-fizbin.InnerWorld
2013-07-22 20:40 - 2012-11-30 19:45 - 00291128 _____ C:\WINDOWS\SysWOW64\PnkBstrB.exe
2013-07-22 20:40 - 2012-11-05 19:23 - 00000000 ____D C:\Users\Erik\Documents\The War Z
2013-07-22 20:40 - 2012-09-05 16:07 - 00291128 _____ C:\WINDOWS\SysWOW64\PnkBstrB.xtr
2013-07-21 18:30 - 2012-11-01 16:14 - 00000000 ____D C:\Games
2013-07-21 17:53 - 2013-07-21 17:46 - 00000000 ____D C:\Users\Erik\Downloads\MindCrack_Server
2013-07-21 17:16 - 2013-07-21 17:16 - 00000000 _____ C:\Users\Erik\Downloads\server.log
2013-07-21 17:16 - 2013-07-21 17:13 - 00000000 ____D C:\Users\Erik\AppData\Roaming\ftblauncher
2013-07-21 17:15 - 2013-07-21 17:15 - 00000000 ____D C:\Users\Erik\Downloads\MindCrack
2013-07-21 17:12 - 2013-07-21 17:12 - 00512825 _____ () C:\Users\Erik\Downloads\FTB_Launcher.exe
2013-07-21 17:11 - 2013-07-21 17:11 - 00675988 _____ C:\Users\Erik\Desktop\Minecraft.exe
2013-07-20 23:02 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\AUInstallAgent
2013-07-19 22:25 - 2013-07-19 22:25 - 00000000 ____D C:\Users\Erik\AppData\Roaming\.mono
2013-07-19 22:25 - 2013-07-19 22:25 - 00000000 ____D C:\Users\Erik\AppData\Local\UWebKit
2013-07-19 21:50 - 2012-09-04 14:28 - 00291128 _____ C:\WINDOWS\SysWOW64\PnkBstrB.ex0
2013-07-19 13:18 - 2013-07-19 13:16 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-07-16 21:25 - 2012-07-26 02:38 - 00312832 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationApi.dll
2013-07-16 10:02 - 2012-10-27 20:39 - 00000000 ____D C:\Users\Erik\AppData\Local\Adobe
2013-07-15 20:38 - 2012-07-26 07:38 - 00000000 ____D C:\WINDOWS\system32\oobe
2013-07-14 19:28 - 2013-03-14 14:23 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-14 19:28 - 2013-03-14 14:23 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-13 00:21 - 2012-07-26 12:29 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-12 14:42 - 2013-06-28 16:03 - 00000000 ____D C:\Program Files (x86)\Company of Heroes 2
2013-07-11 14:08 - 2013-07-11 14:08 - 00000000 ____D C:\Users\Erik\AppData\Roaming\RealNetworks
2013-07-11 14:07 - 2013-07-11 14:07 - 00000000 ____D C:\ProgramData\RealNetworks
2013-07-11 14:07 - 2013-07-11 14:07 - 00000000 ____D C:\Program Files (x86)\RealNetworks
2013-07-11 14:07 - 2012-12-28 21:32 - 00201872 _____ (RealNetworks, Inc.) C:\WINDOWS\SysWOW64\rmoc3260.dll
2013-07-11 14:07 - 2012-12-28 21:31 - 00499712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp71.dll
2013-07-11 14:07 - 2012-12-28 21:31 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr71.dll
2013-07-11 14:07 - 2012-12-28 21:31 - 00272896 _____ (Progressive Networks) C:\WINDOWS\SysWOW64\pncrt.dll
2013-07-11 14:07 - 2012-12-28 21:31 - 00006656 _____ (RealNetworks, Inc.) C:\WINDOWS\SysWOW64\pndx5016.dll
2013-07-11 14:07 - 2012-12-28 21:31 - 00005632 _____ (RealNetworks, Inc.) C:\WINDOWS\SysWOW64\pndx5032.dll
2013-07-11 14:07 - 2012-09-10 08:54 - 00000000 ____D C:\Program Files (x86)\Real
2013-07-11 14:07 - 2012-09-10 08:53 - 00000000 ____D C:\ProgramData\Real
2013-07-10 20:27 - 2013-01-09 11:45 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-10 09:43 - 2013-07-10 09:43 - 00000000 ____D C:\ProgramData\REVOLT
2013-07-10 09:43 - 2013-07-10 09:13 - 00000000 ____D C:\Users\Erik\Documents\Telltale Games
2013-07-10 09:34 - 2013-07-10 09:34 - 00001942 _____ C:\Users\Erik\Desktop\Play The Walking Dead nosTEAM.lnk
2013-07-10 09:30 - 2013-07-10 09:30 - 00000000 ____D C:\Users\Erik\Neuer Ordner
2013-07-09 22:18 - 2013-07-09 22:18 - 00001442 _____ C:\Users\Erik\Downloads\BAHN_Fahrplan_20130713.ics
2013-07-08 18:19 - 2013-07-08 18:19 - 00489866 _____ C:\Users\Erik\Downloads\ReloadModVanilla 8.6.zip
ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini
ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini
Files to move or delete:
====================
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install\{5d8c7e1b-84db-b569-6354-df7b2d22ca64}
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-07-31 18:26
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-08-2013 Ran by Erik at 2013-08-07 10:59:29 Running from C:\Users\Erik\Downloads Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= 7-Zip 9.20 (x64 edition) (Version: 9.20.00.0) ACR version 0.001 (x32) Adobe AIR (x32 Version: 3.7.0.2090) Adobe Bridge 1.0 (x32 Version: 001.000.001) Adobe Common File Installer (x32 Version: 1.00.001) Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94) Adobe Help Center 1.0 (x32 Version: 1.0.1) Adobe Photoshop CS2 (x32 Version: 9.0) Adobe Reader XI (11.0.03) - Deutsch (x32 Version: 11.0.03) Adobe Shockwave Player 11.6 (x32 Version: 11.6.6.636) Adobe Stock Photos 1.0 (x32 Version: 1.0.1) Akamai NetSession Interface (HKCU) AMD Accelerated Video Transcoding (Version: 12.10.100.30328) AMD APP SDK Runtime (Version: 10.0.1124.2) AMD Catalyst Install Manager (Version: 8.0.911.0) AMD Fuel (Version: 2013.0328.2218.38225) AMD VISION Engine Control Center (x32 Version: 2013.0328.2218.38225) ANNO 2070 (x32 Version: 1.0.0.0) Arma 2 (x32) ARMA 2: British Armed Forces - Data cache removal (x32) Arma 2: British Armed Forces (x32) Arma 2: DayZ Mod (x32) Arma 2: Operation Arrowhead (x32) Arma 2: Operation Arrowhead Beta (x32) ARMA 2: Private Military Company - Data cache removal (x32) Arma 2: Private Military Company (x32) Assassin's Creed(R) III v1.02 (x32 Version: 1.02) Astroburn Lite (x32 Version: 1.7.0.0175) Auslogics Disk Defrag (x32 Version: 3.5) Autodesk 3ds Max 2012 64-bit - German (Version: 14.0) Autodesk Backburner 2012.0.0 (x32 Version: 2012.0.0) Autodesk Design Review 2013 (x32 Version: 13.0.0.82) Autodesk Download Manager (x32 Version: 2.0.2.0) Autodesk FBX Plug-in 2012.0 - 3ds Max 2012 64-bit Autodesk Material Library 2012 (x32 Version: 2.5.0.8) Autodesk Material Library 2013 (x32 Version: 3.0.13) Autodesk Material Library Base Resolution Image Library 2012 (x32 Version: 2.5.0.8) Autodesk Material Library Base Resolution Image Library 2013 (x32 Version: 3.0.13) Autodesk Material Library Low Resolution Image Library 2013 (x32 Version: 3.0.13) Autodesk Material Library Medium Resolution Image Library 2012 (x32 Version: 2.5.0.8) Autodesk Material Library Medium Resolution Image Library 2013 (x32 Version: 3.0.13) Autodesk Mudbox 2013 64-bit (Version: 7.0.0.602) Autodesk Revit 2013 (Version: 12.02.21203) Avira Free Antivirus (x32 Version: 13.0.0.3885) Bandicam (x32 Version: 1.8.4.283) Bandisoft MPEG-1 Decoder (x32) Battlefield 3™ (x32 Version: 1.4.0.0) Battlelog Web Plugins (x32 Version: 2.1.3) BattlEye for OA Uninstall (x32) BioShock: Infinite (x32 Version: 1.0) Catalyst Control Center - Branding (x32 Version: 1.00.0000) Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0328.2218.38225) Catalyst Control Center InstallProxy (x32 Version: 2013.0328.2218.38225) Catalyst Control Center Localization All (x32 Version: 2013.0328.2218.38225) CCC Help Chinese Standard (x32 Version: 2013.0328.2217.38225) CCC Help Chinese Traditional (x32 Version: 2013.0328.2217.38225) CCC Help Czech (x32 Version: 2013.0328.2217.38225) CCC Help Danish (x32 Version: 2013.0328.2217.38225) CCC Help Dutch (x32 Version: 2013.0328.2217.38225) CCC Help English (x32 Version: 2013.0328.2217.38225) CCC Help Finnish (x32 Version: 2013.0328.2217.38225) CCC Help French (x32 Version: 2013.0328.2217.38225) CCC Help German (x32 Version: 2013.0328.2217.38225) CCC Help Greek (x32 Version: 2013.0328.2217.38225) CCC Help Hungarian (x32 Version: 2013.0328.2217.38225) CCC Help Italian (x32 Version: 2013.0328.2217.38225) CCC Help Japanese (x32 Version: 2013.0328.2217.38225) CCC Help Korean (x32 Version: 2013.0328.2217.38225) CCC Help Norwegian (x32 Version: 2013.0328.2217.38225) CCC Help Polish (x32 Version: 2013.0328.2217.38225) CCC Help Portuguese (x32 Version: 2013.0328.2217.38225) CCC Help Russian (x32 Version: 2013.0328.2217.38225) CCC Help Spanish (x32 Version: 2013.0328.2217.38225) CCC Help Swedish (x32 Version: 2013.0328.2217.38225) CCC Help Thai (x32 Version: 2013.0328.2217.38225) CCC Help Turkish (x32 Version: 2013.0328.2217.38225) ccc-utility64 (Version: 2013.0328.2218.38225) CCleaner (Version: 3.22) Composite 2012 64-bit (Version: 7.0.0) Corel Graphics - Windows Shell Extension (x32 Version: 15.0.0.487) Corel Graphics - Windows Shell Extension (x32 Version: 15.0.487) CorelDRAW Graphics Suite X5 - Windows Shell Extension 64 Bit (Version: 15.0.487) Crazybump (remove only) (x32) CryEngine(R)2 Sandbox(TM)2 (x32 Version: 1.00.0000) Crysis 2(R) Mod SDK 1.1 (x32 Version: 1.1.0.0) Crysis 2(R) Mod SDK 1.1 (x32) Crysis(R) (x32 Version: 1.21.0000) Crysis® 2 (x32 Version: 1.0.0.0) Crysis®3 (x32 Version: 1.0.0.0) D3DX10 (x32 Version: 15.4.2368.0902) DAEMON Tools Lite (x32 Version: 4.46.1.0327) DayZ Commander (x32 Version: 0.92.69) Dead Island Riptide (c) Deep Silver version 1 (x32 Version: 1) dino2 (x32) Dishonored German (c) Bethesda version 1 (x32 Version: 1) Dual-Core Optimizer (x32 Version: 1.1.4.0169) ESN Sonar (x32 Version: 0.70.4) FAKEFACTORY Cinematic Mod V12 (x32 Version: V12.20FULL) FARO LS 1.1.408.2 (x32 Version: 4.8.2.25521) FARO LS 4.8.2.25521 (x32) Fotogalerie (x32 Version: 16.4.3505.0912) Fraps (remove only) (x32) Free Audio Dub version 1.7.9.908 (x32 Version: 1.7.9.908) GIMP 2.8.2 (Version: 2.8.2) Grand Theft Auto IV (x32 Version: 1.0.0013.131) GRID 2 Version 1.0 (x32 Version: 1.0) Half-Life 2 (x32) Half-Life 2: Episode One (x32) Half-Life 2: Episode Two (x32) Hawken (HKCU) Hotfix für Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789) (x32 Version: 1) Java 7 Update 25 (x32 Version: 7.0.250) Java 7 Update 9 (64-bit) (Version: 7.0.90) Java Auto Updater (x32 Version: 2.1.9.5) JDownloader 0.9 (x32 Version: 0.9) Kits Configuration Installer (x32 Version: 8.59.25584) LogMeIn Hamachi (x32 Version: 2.1.0.374) Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300) MechWarrior Online (HKCU Version: 1.2.0.0) MechWarrior Online (x32 Version: 1.2.0.0) Metro Last Light Update 1.0.0.2 (x32) Metro: Last Light (x32) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft Chart Controls for Microsoft .NET Framework 3.5 (x32 Version: 3.5.0.0) Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.5.92.0) Microsoft Games for Windows Marketplace (x32 Version: 3.5.50.0) Microsoft Office 2007 Service Pack 3 (SP3) (x32) Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000) Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014) Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32) Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Silverlight (Version: 5.1.20513.0) Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) Microsoft Visual C++ 2008 x64 ATL Runtime 9.0.30729 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 x64 CRT Runtime 9.0.30729 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 x64 MFC Runtime 9.0.30729 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 x64 OpenMP Runtime 9.0.30729 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 x86 ATL Runtime 9.0.30729 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 x86 CRT Runtime 9.0.30729 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 x86 MFC Runtime 9.0.30729 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 x86 OpenMP Runtime 9.0.30729 (x32 Version: 9.0.30729) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219) Microsoft Visual Studio Tools for Applications 2.0 - ENU (x32 Version: 9.0.30729) Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU (x32 Version: 9.0.30729) Microsoft Visual Studio Tools for Applications 2.0 Runtime (x32 Version: 9.0.30729) Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU (x32 Version: 9.0.30729) Movie Maker (x32 Version: 16.4.3505.0912) Mozilla Firefox 22.0 (x86 de) (x32 Version: 22.0) Mozilla Maintenance Service (x32 Version: 22.0) MSVCRT (x32 Version: 15.4.2862.0708) MSVCRT110 (x32 Version: 16.4.1108.0727) MSVCRT110_amd64 (Version: 16.4.1109.0912) MyFreeCodec (HKCU) NVIDIA Photoshop Plug-ins (x32 Version: 8.50) NVIDIA PhysX (x32 Version: 9.10.0222) Origin (x32 Version: 9.0.2.2065) Photo Gallery (x32 Version: 16.4.3505.0912) PunkBuster Services (x32 Version: 0.993) RealDownloader (x32 Version: 1.3.2) RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0) RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0) RealPlayer (x32 Version: 16.0.2) Realtek High Definition Audio Driver (x32 Version: 6.0.1.6662) RealUpgrade 1.1 (x32 Version: 1.1.0) Revit 2013 Language Pack - Deutsch (Version: 12.02.21203) Revit Extensions for Autodesk Revit 2013 (Version: 1.0.0.0) Samsung Kies (x32 Version: 2.3.3.12085_7) SAMSUNG USB Driver for Mobile Phones (Version: 1.5.16.0) Screen Recording Suite V2.5.0 (x32 Version: 2.5.0) Secure Download Manager (x32 Version: 3.1.01) ShaderMap Demo 2.0.72 Skype™ 6.1 (x32 Version: 6.1.129) Source SDK Base 2007 (x32) Steam (x32 Version: 1.0.0.0) swMSM (x32 Version: 12.0.0.1) TeamSpeak 3 Client (x32 Version: 3.0.10.1) The War Z version alpha (x32 Version: alpha) Tunngle beta (x32) Unity Web Player (HKCU Version: ) Update for 2007 Microsoft Office System (KB967642) (x32) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32) Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (x32) Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition (x32) Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (x32) Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32) Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32) Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817563) 32-Bit Edition (x32) Update für Microsoft Office Excel 2007 Help (KB963678) (x32) Update für Microsoft Office Outlook 2007 Help (KB963677) (x32) Update für Microsoft Office Powerpoint 2007 Help (KB963669) (x32) Update für Microsoft Office Word 2007 Help (KB963665) (x32) Uplay (x32 Version: 2.0) us Mod Manager (Version: 0.44.2) VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0) Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (x32 Version: 9.0.30729.177) Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (x32 Version: 9.0.30729.177) win8codecs (x32 Version: 1.1.9) Windows Driver Kit (x32 Version: 8.59.25584) Windows Live Communications Platform (x32 Version: 16.4.3505.0912) Windows Live Essentials (x32 Version: 16.4.3505.0912) Windows Live Installer (x32 Version: 16.4.3505.0912) Windows Live Photo Common (x32 Version: 16.4.3505.0912) Windows Live PIMT Platform (x32 Version: 16.4.3505.0912) Windows Live SOXE (x32 Version: 16.4.3505.0912) Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912) Windows Live UX Platform (x32 Version: 16.4.3505.0912) Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912) Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8) World Machine 2.2 Professional Edition (x32) World of Tanks (x32) ==================== Restore Points ========================= 30-07-2013 20:53:46 Geplanter Prüfpunkt 05-08-2013 17:59:05 Malwarebytes Anti-Rootkit Restore Point ==================== Hosts content: ========================== 2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {0BD28CA9-243C-4C93-9A60-BA9171CD57BE} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task Task: {10D85952-E3F6-47A1-96CF-5E1C2D874EA6} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => C:\Windows\system32\srtasks.exe [2012-07-26] (Microsoft Corporation) Task: {13A2AC02-B682-48CC-9155-2E2673580117} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 Critical Task: {17644F17-DC4C-4AC8-9444-7AAA52EB5CDC} - System32\Tasks\Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation) Task: {1DB7C2F1-876C-4F24-AD17-8428211113F9} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\ProcessMemoryDiagnosticEvents Task: {1EEA64D8-3D22-4CAB-BDB1-F6BA8217989F} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2757179658-3383392886-2677204389-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-04-16] (RealNetworks, Inc.) Task: {214B24F4-FEB4-4C59-AF1F-70136065199C} - System32\Tasks\Microsoft\Windows\Shell\IndexerAutomaticMaintenance Task: {217B12B1-B779-47D4-8CF5-4A1D5B6B0829} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2757179658-3383392886-2677204389-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.) Task: {23700E5C-0E77-499D-908A-415D5C6252F4} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Group Policy Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => C:\Windows\System32\rundll32.exe [2012-07-26] (Microsoft Corporation) Task: {27773A2D-7A11-435C-8DEE-70B43F9AD77C} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2757179658-3383392886-2677204389-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.) Task: {2C6B9EA8-7F5A-4ABA-BF96-8D352D02A743} - System32\Tasks\Microsoft\Windows\Device Setup\Metadata Refresh Task: {2E030FA7-3D7C-4E1D-8CFE-56ADB26FD402} - System32\Tasks\Microsoft\Windows\PI\Sqm-Tasks Task: {3054485A-F517-4E95-9977-4DD827B1E9B3} - System32\Tasks\Microsoft\Windows\WS\Badge Update Task: {34A45613-15DF-47B9-A1CE-2A542E862EC4} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe No File Task: {378401BA-A703-444A-A79C-3C47AD2DC5B6} - System32\Tasks\Microsoft\Windows\TaskScheduler\Maintenance Configurator Task: {3AE164E7-30CD-40BC-9422-3EC7A5618965} - System32\Tasks\Microsoft\Windows\WS\WSTask Task: {3C490ABD-D849-41AF-9AC4-87DD759B0996} - System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem Task: {4073C1B3-6E16-4AA8-B7F3-C6A6D35D5071} - System32\Tasks\Microsoft\Windows\TPM\Tpm-Maintenance Task: {44B3F1B8-5943-4072-8D8C-A9484676AC44} - System32\Tasks\Microsoft\Windows\Live\Roaming\SynchronizeWithStorage Task: {480CD28E-486D-48A1-A4BE-49B156ADB403} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2757179658-3383392886-2677204389-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2013-04-16] (RealNetworks, Inc.) Task: {483A8F5C-5D26-44B5-B49E-AF6741D1BBEB} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\Windows\System32\MbaeParserTask.exe [2013-06-01] (Microsoft Corporation) Task: {49EE0515-8A6B-4BCE-BEC8-E9D0AB3FE15A} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUScheduledInstall Task: {4B952129-9AE9-41A3-BE2B-8AD2E06F66B6} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskLogon Task: {5755E746-D7ED-4C20-A472-66C11834CDE4} - System32\Tasks\Microsoft\Windows\TaskScheduler\Manual Maintenance Task: {59BD9AAF-4767-4562-9843-9B03A7DC7F97} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUSessionConnect Task: {5BA669B2-5953-4F81-B129-3027410D181B} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2757179658-3383392886-2677204389-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-04-16] (RealNetworks, Inc.) Task: {5C4EFB77-EFA6-45DF-A373-D795C0725BFF} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Reboot Required Task: {627441F3-8526-4B62-BF9A-1A3EA414E71A} - System32\Tasks\Microsoft\Windows\SpacePort\SpaceAgentTask => C:\Windows\system32\SpaceAgent.exe [2012-07-26] (Microsoft Corporation) Task: {6A5CA02B-F153-48A3-8267-036CC43E46C5} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUFirmwareInstall Task: {6E9DE125-5583-4031-B572-FEE48F25CFFF} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyMonitor => C:\Windows\System32\wpcmon.exe [2012-09-20] (Microsoft Corporation) Task: {6FDDEA7C-6310-428D-AEB2-54FFC72811EF} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 Task: {74096F94-B654-4DB0-96F5-3C3408B92FE3} - System32\Tasks\Microsoft\Windows\PI\Secure-Boot-Update Task: {7D9A9A1C-499C-40A6-8F8A-5BCC4CC9A87C} - System32\Tasks\Microsoft\Windows\TaskScheduler\Regular Maintenance Task: {84545077-8DEC-4C82-B726-DF862040B80C} - System32\Tasks\Microsoft\Windows\Servicing\StartComponentCleanup Task: {845CB020-68B5-4C6B-9876-7BEC7B3E27AC} - System32\Tasks\Microsoft\Windows\TaskScheduler\Idle Maintenance Task: {87354DAA-66DF-4B41-9346-15958D96E1D2} - System32\Tasks\Microsoft\Windows\FileHistory\File History (maintenance mode) Task: {921A1D4E-32FB-46D7-B6C0-6F467884074D} - System32\Tasks\Microsoft\Windows\WS\Sync Licenses Task: {9479EF8E-11D4-41B3-9783-CC65070D592D} - System32\Tasks\Microsoft\Windows\Time Synchronization\ForceSynchronizeTime Task: {94DCF254-64FB-4C4E-8E12-5F4055C10C2A} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 Task: {989A7C6D-BE82-4C3C-AF96-6116039E336B} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\RunFullMemoryDiagnostic Task: {9B386DED-B4E9-4A08-9BE5-B896FC2557EA} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe No File Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => C:\Windows\System32\rundll32.exe [2012-07-26] (Microsoft Corporation) Task: {A800277E-E202-4492-AD38-3312641CBC04} - System32\Tasks\Microsoft\Windows\Live\Roaming\MaintenanceTask Task: {A982A72C-AB00-41D1-B64B-D832B0BC8CC1} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start => C:\WINDOWS\system32\sc.exe [2012-07-26] (Microsoft Corporation) Task: {AB62FA47-2C99-44B1-A5D0-D4161423BE43} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyRefresh Task: {AC6259DE-AC59-459E-849E-6ADFFD1ADE63} - System32\Tasks\Microsoft\Windows\Shell\CreateObjectTask Task: {AEB0B5BD-B9E5-458A-898A-E559BD9EB51B} - System32\Tasks\Microsoft\Windows\SettingSync\BackgroundUploadTask Task: {AF549BD8-337C-4BF7-8681-36A182E30507} - System32\Tasks\Microsoft\Windows\Chkdsk\ProactiveScan Task: {BC76AEF7-2CF0-4EB6-B65B-A8803E0B5E12} - System32\Tasks\Microsoft\Windows\AppID\SmartScreenSpecific Task: {C1ACCD1E-4385-4FB2-B5E4-7F2A57A626A2} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan Task: {C463FD1E-31C7-4C20-AB65-08E514CA152D} - System32\Tasks\Microsoft\Windows\IME\SQM data sender Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation) Task: {CD1054FF-8005-4904-8B9C-436EAB1E2021} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskNetwork Task: {CE28F53A-13DA-44C9-98A3-26F667A2879A} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe No File Task: {D72CB21B-69AD-4534-9678-B029A6B615D9} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2757179658-3383392886-2677204389-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.) Task: {DBCF6E1B-CE0A-441E-B7A5-219C8BE50C65} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 Critical Task: {DECE5921-598D-454B-9A04-B2DE95EFC1B3} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan for Crash Recovery Task: {E4DFE66F-E089-4CC3-A70F-957223D565F4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask Task: {E8DAA09B-DF2A-4951-9134-6FA9587793F9} - System32\Tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers => C:\Windows\System32\drvinst.exe [2012-09-20] (Microsoft Corporation) Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation) Task: {ED0C1F69-C3A2-41EA-B8C3-3F0D83A1F6C0} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM Task: {FBD9E0C3-7DA3-46AB-BBD8-721CF7BD6A6D} - System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2757179658-3383392886-2677204389-1001 Task: {FDD9C989-DB59-4168-A069-EEBFA780AD62} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2757179658-3383392886-2677204389-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.) Task: {FECBE75A-7252-4B6A-8917-B338A1E9AF26} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-08-22] (Piriform Ltd) Task: {FFE3FD50-646E-4A64-913B-23C4187E6025} - System32\Tasks\Microsoft\Windows\File Classification Infrastructure\Property Definition Sync ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (08/07/2013 10:58:59 AM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: svchost.exe, Version: 6.2.9200.16420, Zeitstempel: 0x505a96c3 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0xfffffa80 ID des fehlerhaften Prozesses: 0x8bb4 Startzeit der fehlerhaften Anwendung: 0xsvchost.exe0 Pfad der fehlerhaften Anwendung: svchost.exe1 Pfad des fehlerhaften Moduls: svchost.exe2 Berichtskennung: svchost.exe3 Vollständiger Name des fehlerhaften Pakets: svchost.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: svchost.exe5 Error: (08/07/2013 10:57:59 AM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: svchost.exe, Version: 6.2.9200.16420, Zeitstempel: 0x505a96c3 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0xfffffa80 ID des fehlerhaften Prozesses: 0x7ffc Startzeit der fehlerhaften Anwendung: 0xsvchost.exe0 Pfad der fehlerhaften Anwendung: svchost.exe1 Pfad des fehlerhaften Moduls: svchost.exe2 Berichtskennung: svchost.exe3 Vollständiger Name des fehlerhaften Pakets: svchost.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: svchost.exe5 Error: (08/07/2013 10:56:58 AM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: svchost.exe, Version: 6.2.9200.16420, Zeitstempel: 0x505a96c3 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0xfffffa80 ID des fehlerhaften Prozesses: 0x8844 Startzeit der fehlerhaften Anwendung: 0xsvchost.exe0 Pfad der fehlerhaften Anwendung: svchost.exe1 Pfad des fehlerhaften Moduls: svchost.exe2 Berichtskennung: svchost.exe3 Vollständiger Name des fehlerhaften Pakets: svchost.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: svchost.exe5 Error: (08/07/2013 10:55:58 AM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: svchost.exe, Version: 6.2.9200.16420, Zeitstempel: 0x505a96c3 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0xfffffa80 ID des fehlerhaften Prozesses: 0x8458 Startzeit der fehlerhaften Anwendung: 0xsvchost.exe0 Pfad der fehlerhaften Anwendung: svchost.exe1 Pfad des fehlerhaften Moduls: svchost.exe2 Berichtskennung: svchost.exe3 Vollständiger Name des fehlerhaften Pakets: svchost.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: svchost.exe5 Error: (08/07/2013 10:54:58 AM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: svchost.exe, Version: 6.2.9200.16420, Zeitstempel: 0x505a96c3 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0xfffffa80 ID des fehlerhaften Prozesses: 0x858c Startzeit der fehlerhaften Anwendung: 0xsvchost.exe0 Pfad der fehlerhaften Anwendung: svchost.exe1 Pfad des fehlerhaften Moduls: svchost.exe2 Berichtskennung: svchost.exe3 Vollständiger Name des fehlerhaften Pakets: svchost.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: svchost.exe5 Error: (08/07/2013 10:53:57 AM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: svchost.exe, Version: 6.2.9200.16420, Zeitstempel: 0x505a96c3 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0xfffffa80 ID des fehlerhaften Prozesses: 0x7d78 Startzeit der fehlerhaften Anwendung: 0xsvchost.exe0 Pfad der fehlerhaften Anwendung: svchost.exe1 Pfad des fehlerhaften Moduls: svchost.exe2 Berichtskennung: svchost.exe3 Vollständiger Name des fehlerhaften Pakets: svchost.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: svchost.exe5 Error: (08/07/2013 10:52:57 AM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: svchost.exe, Version: 6.2.9200.16420, Zeitstempel: 0x505a96c3 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0xfffffa80 ID des fehlerhaften Prozesses: 0x8430 Startzeit der fehlerhaften Anwendung: 0xsvchost.exe0 Pfad der fehlerhaften Anwendung: svchost.exe1 Pfad des fehlerhaften Moduls: svchost.exe2 Berichtskennung: svchost.exe3 Vollständiger Name des fehlerhaften Pakets: svchost.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: svchost.exe5 Error: (08/07/2013 10:51:56 AM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: svchost.exe, Version: 6.2.9200.16420, Zeitstempel: 0x505a96c3 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0xfffffa80 ID des fehlerhaften Prozesses: 0x6ba8 Startzeit der fehlerhaften Anwendung: 0xsvchost.exe0 Pfad der fehlerhaften Anwendung: svchost.exe1 Pfad des fehlerhaften Moduls: svchost.exe2 Berichtskennung: svchost.exe3 Vollständiger Name des fehlerhaften Pakets: svchost.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: svchost.exe5 Error: (08/07/2013 10:50:55 AM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: svchost.exe, Version: 6.2.9200.16420, Zeitstempel: 0x505a96c3 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0xfffffa80 ID des fehlerhaften Prozesses: 0x88a4 Startzeit der fehlerhaften Anwendung: 0xsvchost.exe0 Pfad der fehlerhaften Anwendung: svchost.exe1 Pfad des fehlerhaften Moduls: svchost.exe2 Berichtskennung: svchost.exe3 Vollständiger Name des fehlerhaften Pakets: svchost.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: svchost.exe5 Error: (08/07/2013 10:49:55 AM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: svchost.exe, Version: 6.2.9200.16420, Zeitstempel: 0x505a96c3 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0xfffffa80 ID des fehlerhaften Prozesses: 0x8db4 Startzeit der fehlerhaften Anwendung: 0xsvchost.exe0 Pfad der fehlerhaften Anwendung: svchost.exe1 Pfad des fehlerhaften Moduls: svchost.exe2 Berichtskennung: svchost.exe3 Vollständiger Name des fehlerhaften Pakets: svchost.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: svchost.exe5 System errors: ============= Error: (08/06/2013 06:59:50 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts. Error: (08/06/2013 06:59:50 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Windows Search" wurde mit dem folgenden dienstspezifischen Fehler beendet: %%2147749126 Error: (08/06/2013 06:58:51 PM) (Source: EventLog) (User: ) Description: Das System wurde zuvor am 06.08.2013 um 18:51:06 unerwartet heruntergefahren. Error: (08/06/2013 06:10:20 PM) (Source: DCOM) (User: ERIKSSUPERPC) Description: 1084ShellHWDetectionNicht verfügbar{DD522ACC-F821-461A-A407-50B198B896DC} Error: (08/06/2013 06:08:42 PM) (Source: DCOM) (User: ERIKSSUPERPC) Description: 1084ShellHWDetectionNicht verfügbar{DD522ACC-F821-461A-A407-50B198B896DC} Error: (08/06/2013 06:01:46 PM) (Source: DCOM) (User: ERIKSSUPERPC) Description: 1084ShellHWDetectionNicht verfügbar{DD522ACC-F821-461A-A407-50B198B896DC} Error: (08/06/2013 05:51:46 PM) (Source: DCOM) (User: ERIKSSUPERPC) Description: 1084ShellHWDetectionNicht verfügbar{DD522ACC-F821-461A-A407-50B198B896DC} Error: (08/06/2013 05:41:46 PM) (Source: DCOM) (User: ERIKSSUPERPC) Description: 1084ShellHWDetectionNicht verfügbar{DD522ACC-F821-461A-A407-50B198B896DC} Error: (08/06/2013 05:31:46 PM) (Source: DCOM) (User: ERIKSSUPERPC) Description: 1084ShellHWDetectionNicht verfügbar{DD522ACC-F821-461A-A407-50B198B896DC} Error: (08/06/2013 05:21:46 PM) (Source: DCOM) (User: ERIKSSUPERPC) Description: 1084ShellHWDetectionNicht verfügbar{DD522ACC-F821-461A-A407-50B198B896DC} Microsoft Office Sessions: ========================= ==================== Memory info =========================== Percentage of memory in use: 39% Total physical RAM: 8190.49 MB Available physical RAM: 4974.79 MB Total Pagefile: 21190.49 MB Available Pagefile: 10869 MB Total Virtual: 8192 MB Available Virtual: 8191.77 MB ==================== Drives ================================ Drive c: (Programme) (Fixed) (Total:465.66 GB) (Free:107.42 GB) NTFS (Disk=1 Partition=2) Drive f: (Games/Musik/Videos) (Fixed) (Total:931.51 GB) (Free:175.93 GB) NTFS (Disk=0 Partition=1) ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 932 GB) (Disk ID: 66205247) No partition Table on disk 0. ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 49FDC235) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-08-07 11:35:06
Windows 6.2.9200 x64 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T1L0-3 SAMSUNG_HD502HI rev.1AG01118 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Erik\AppData\Local\Temp\fxdyiuoc.sys
---- User code sections - GMER 2.1 ----
.text C:\WINDOWS\system32\atiesrxx.exe[876] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fa3d13177a 4 bytes [13, 3D, FA, 07]
.text C:\WINDOWS\system32\atiesrxx.exe[876] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fa3d131782 4 bytes [13, 3D, FA, 07]
.text C:\WINDOWS\Explorer.EXE[22500] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fa39811532 4 bytes [81, 39, FA, 07]
.text C:\WINDOWS\Explorer.EXE[22500] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fa3981153a 4 bytes [81, 39, FA, 07]
.text C:\WINDOWS\Explorer.EXE[22500] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fa3981165a 4 bytes [81, 39, FA, 07]
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[29620] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fa39811532 4 bytes [81, 39, FA, 07]
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[29620] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fa3981153a 4 bytes [81, 39, FA, 07]
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[29620] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fa3981165a 4 bytes [81, 39, FA, 07]
---- Threads - GMER 2.1 ----
Thread C:\WINDOWS\system32\services.exe [600:2224] 0000002bc6651de4
Thread C:\WINDOWS\system32\services.exe [600:2808] 0000002beee01808
Thread C:\WINDOWS\system32\services.exe [600:2812] 0000002bef294c70
Thread C:\WINDOWS\system32\services.exe [600:2816] 0000002bef294550
Thread C:\WINDOWS\system32\services.exe [600:2820] 0000002bef298e60
Thread C:\WINDOWS\system32\csrss.exe [16784:17620] fffff960009685e8
Thread C:\WINDOWS\system32\csrss.exe [16784:30184] fffff960009685e8
Thread C:\WINDOWS\system32\csrss.exe [16784:25236] fffff960009685e8
---- Processes - GMER 2.1 ----
Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\WINDOWS\system32\svchost.exe [1012] (Microsoft Windows Sockets 2.0-Dienstanbieter/Microsoft Corporation SIGNED)(2012-11-15 15:29:34) 000007fa3c3f0000
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed 742232893
Reg HKLM\SYSTEM\CurrentControlSet\Services\
Reg HKLM\SYSTEM\CurrentControlSet\Services\@Parameters\0\x202e\x2764 956
---- EOF - GMER 2.1 ----
|
|
07.08.2013, 11:25
| #2 | |
| /// the machine /// TB-Ausbilder    | Windows 8 x64 - "TR/ATRAPS.Gen2" in C:\Program Files (x86)\Google\Desktop\...\80000032.@ und ...\80000064.@ und ...{80000000.@ hi,
__________________Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ |
|
07.08.2013, 13:24
| #3 |
| | Windows 8 x64 - "TR/ATRAPS.Gen2" in C:\Program Files (x86)\Google\Desktop\...\80000032.@ und ...\80000064.@ und ...{80000000.@ Combofix Logfile:
__________________Code:
ATTFilter ComboFix 13-08-07.01 - Erik 07.08.2013 14:09:45.2.6 - x64
Microsoft Windows 8 Pro 6.2.9200.0.1252.49.1031.18.8190.6598 [GMT 2:00]
ausgeführt von:: c:\users\Erik\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Erik\AppData\Roaming\Microsoft\~DFKb1849f4.tmp
c:\users\Erik\AppData\Roaming\Microsoft\1eaadjc.dll
c:\users\Erik\AppData\Roaming\Microsoft\bass.dll
c:\users\Erik\AppData\Roaming\Microsoft\engine_vx.dll
c:\users\Erik\AppData\Roaming\Microsoft\qwadjb.dll
c:\users\Erik\AppData\Roaming\Microsoft\Windows\Recent\Thumbs.db
c:\users\Erik\msdata
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\SysWow64\frapsvid.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-07-07 bis 2013-08-07 ))))))))))))))))))))))))))))))
.
.
2013-08-07 12:19 . 2013-08-07 12:19 -------- d-----w- c:\users\Erik\AppData\Local\temp
2013-08-07 12:19 . 2013-08-07 12:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-08-07 08:58 . 2013-08-07 08:58 -------- d-----w- C:\FRST
2013-08-06 17:00 . 2013-08-06 17:00 -------- d-----w- c:\users\Erik\AppData\Local\Mozilla
2013-08-05 19:27 . 2013-08-05 19:27 -------- d-----w- c:\users\Erik\AppData\Roaming\Malwarebytes
2013-08-05 19:26 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-08-05 19:26 . 2013-08-05 19:26 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-08-05 18:07 . 2013-08-05 18:07 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2013-08-05 17:47 . 2013-08-05 17:59 -------- d-----w- c:\users\Erik\AppData\Roaming\SM2
2013-08-05 17:47 . 2013-08-05 17:47 -------- d-----w- c:\program files\ShaderMap 2 DEMO
2013-08-05 17:36 . 2013-08-05 17:36 -------- d-----w- c:\programdata\CrazyBump
2013-08-05 17:36 . 2013-08-05 17:36 -------- d-----w- c:\users\Erik\AppData\Local\CrazyBump
2013-08-05 17:34 . 2013-08-05 17:34 -------- d-----w- c:\programdata\Malwarebytes
2013-07-24 15:49 . 2013-07-24 15:49 -------- d-----w- c:\users\Erik\AppData\Roaming\com.studio-fizbin.InnerWorld
2013-07-21 15:53 . 2013-08-06 16:23 -------- d-----w- c:\users\Erik\AppData\Local\LogMeIn Hamachi
2013-07-21 15:13 . 2013-07-21 15:16 -------- d-----w- c:\users\Erik\AppData\Roaming\ftblauncher
2013-07-19 20:25 . 2013-07-19 20:25 -------- d-----w- c:\users\Erik\AppData\Roaming\.mono
2013-07-19 20:25 . 2013-07-19 20:25 -------- d-----w- c:\users\Erik\AppData\Local\UWebKit
2013-07-19 11:16 . 2013-07-19 11:18 -------- d-----w- c:\windows\system32\MRT
2013-07-11 13:03 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4E41C4BC-7682-4674-9C5C-9278A25C03CF}\mpengine.dll
2013-07-11 12:08 . 2013-07-11 12:08 -------- d-----w- c:\users\Erik\AppData\Roaming\RealNetworks
2013-07-11 12:07 . 2013-07-11 12:07 -------- d-----w- c:\program files (x86)\RealNetworks
2013-07-11 12:07 . 2013-07-11 12:07 -------- d-----w- c:\programdata\RealNetworks
2013-07-11 12:07 . 2013-07-11 12:07 -------- d-----w- c:\program files (x86)\Common Files\xing shared
2013-07-10 07:43 . 2013-07-10 07:43 -------- d-----w- c:\programdata\REVOLT
2013-07-10 07:30 . 2013-07-10 07:30 -------- d-----w- c:\users\Erik\Neuer Ordner
2013-07-10 05:42 . 2013-04-11 22:30 1421312 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-07-10 05:42 . 2013-04-11 22:22 1838080 ----a-w- c:\windows\system32\DWrite.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-22 18:40 . 2012-11-30 17:45 291128 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2013-07-22 18:40 . 2012-09-05 14:07 291128 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2013-07-19 19:50 . 2012-09-04 12:28 291128 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2013-07-16 19:25 . 2012-07-26 00:38 312832 ----a-w- c:\windows\system32\LocationApi.dll
2013-07-11 12:07 . 2012-12-28 19:31 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2013-07-11 12:07 . 2012-12-28 19:31 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2013-06-27 22:04 . 2012-07-26 08:14 78200 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-27 22:04 . 2012-07-26 08:14 693112 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-26 19:06 . 2013-06-26 19:06 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-26 19:06 . 2012-09-05 22:13 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-06-26 19:06 . 2012-09-05 22:13 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-06-23 22:57 . 2012-11-15 15:34 78277128 ----a-w- c:\windows\system32\MRT.exe
2013-06-12 17:50 . 2012-11-30 17:45 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2013-06-09 01:44 . 2013-03-13 10:34 17536 ----a-w- c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2013-06-06 20:29 . 2013-06-06 20:29 235 ----a-w- c:\windows\SysWow64\nxEuUninstall.bat
2013-06-06 20:29 . 2013-06-06 20:29 446464 ----a-w- c:\windows\NEXON_EU_DownloaderUpdater.exe
2013-05-30 23:24 . 2013-06-17 11:02 1257472 ----a-w- c:\windows\system32\kernel32.dll
2013-05-23 23:01 . 2013-06-17 11:02 1300992 ----a-w- c:\windows\system32\gdi32.dll
2013-05-23 22:27 . 2013-06-17 11:02 1022464 ----a-w- c:\windows\SysWow64\gdi32.dll
2013-05-15 22:37 . 2013-06-12 05:43 44032 ----a-w- c:\windows\SysWow64\UXInit.dll
2013-05-15 22:35 . 2013-06-12 05:43 53760 ----a-w- c:\windows\system32\UXInit.dll
2013-05-15 22:35 . 2013-07-05 12:19 144384 ----a-w- c:\windows\system32\tssdisai.dll
2013-05-15 02:25 . 2013-06-17 11:02 888320 ----a-w- c:\windows\system32\autochk.exe
2013-05-15 02:25 . 2013-06-17 11:02 542208 ----a-w- c:\windows\system32\untfs.dll
2013-05-15 02:24 . 2013-06-17 11:02 793088 ----a-w- c:\windows\SysWow64\autochk.exe
2013-05-15 02:24 . 2013-06-17 11:02 482816 ----a-w- c:\windows\SysWow64\untfs.dll
2013-05-14 13:14 . 2013-06-12 05:43 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-05-14 09:23 . 2013-06-12 05:43 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2013-01-10 1475952]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2013-01-10 844144]
"KiesAirMessage"="c:\program files (x86)\Samsung\Kies\KiesAirMessage.exe" [2012-12-18 578560]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2013-01-10 310128]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"ADSK DLMSession"="c:\program files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe" [2012-07-23 1632216]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-03-28 642656]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2013-07-11 295512]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2013-06-28 2255184]
.
c:\users\Erik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"PromptOnSecureDesktop"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
R2 mi-raysat_3dsmax2012_64;mental ray 3.9 Satellite for Autodesk 3ds Max 2012 64-bit - German 64-bit;c:\program files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe;c:\program files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [x]
R3 amdkmafd;AMD Audio Bus Lower Filter;c:\windows\System32\drivers\amdkmafd.sys;c:\windows\SYSNATIVE\drivers\amdkmafd.sys [x]
R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\System32\drivers\point64.sys;c:\windows\SYSNATIVE\drivers\point64.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 sthid;Splashtop Virtual Hid;c:\windows\System32\drivers\sthid.sys;c:\windows\SYSNATIVE\drivers\sthid.sys [x]
R3 TabletFilter;Tablet Driver;c:\windows\System32\drivers\TabletFilter.sys;c:\windows\SYSNATIVE\drivers\TabletFilter.sys [x]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
R3 Te.Service;Te.Service;c:\program files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe;c:\program files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [x]
R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe;c:\program files (x86)\Tunngle\TnglCtrl.exe [x]
R3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
R3 xusb22;Treiberdienst 22 für Xbox 360 Wireless Receiver;c:\windows\System32\drivers\xusb22.sys;c:\windows\SYSNATIVE\drivers\xusb22.sys [x]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\System32\drivers\dtsoftbus01.sys;c:\windows\SYSNATIVE\drivers\dtsoftbus01.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
S3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys;c:\windows\SYSNATIVE\drivers\Apowersoft_AudioDevice.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW86.sys;c:\windows\SYSNATIVE\drivers\AtihdW86.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\System32\drivers\dc3d.sys;c:\windows\SYSNATIVE\drivers\dc3d.sys [x]
S3 RTL8168;Realtek 8168 NT-Treiber;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys;c:\windows\SYSNATIVE\DRIVERS\tap0901t.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2012-12-18 19:08 215264 ----a-w- c:\program files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-06-11 12503184]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Erik\AppData\Roaming\Mozilla\Firefox\Profiles\4xzzp7q7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - ExtSQL: 2013-07-11 14:07; {FCE04E1F-9378-4f39-96F6-5689A9159E45}; c:\programdata\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2757179658-3383392886-2677204389-1001CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:5c,5d,59,58,52,91,8d,71,86,96,0c,e3,13,47,63,ff,ea,51,45,00,e6,36,76,
b5,81,2e,69,c0,4b,0f,10,d0,23,9e,65,37,de,b9,8f,74,11,85,33,f1,55,10,78,13,\
"??"=hex:65,34,23,f1,ac,3e,ae,99,14,20,f8,2a,53,ca,02,2f
.
[HKEY_USERS\S-1-5-21-2757179658-3383392886-2677204389-1001CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\SecuROM\License information*]
"datasecu"=hex:6f,c0,65,b6,2c,59,4d,3d,6b,dd,85,94,5b,aa,59,95,87,3c,7c,68,b2,
22,94,2d,9a,6a,55,53,53,c0,f7,f7,49,22,84,89,1f,df,43,dc,7b,ae,eb,3b,b7,93,\
"rkeysecu"=hex:82,c3,15,4f,bb,1d,3b,7f,84,f5,53,93,76,d6,d1,ff
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Zeit der Fertigstellung: 2013-08-07 14:22:33
ComboFix-quarantined-files.txt 2013-08-07 12:22
.
Vor Suchlauf: 7 Verzeichnis(se), 115.841.683.456 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 115.430.551.552 Bytes frei
.
- - End Of File - - 794ABB1CCDC484A1DE86FB2E1CFA35A2
8CEE196473CB7D9C8D19B01CCD723C4F Danke für die schnelle Antwort! |
|
07.08.2013, 19:39
| #4 |
| /// the machine /// TB-Ausbilder | Windows 8 x64 - "TR/ATRAPS.Gen2" in C:\Program Files (x86)\Google\Desktop\...\80000032.@ und ...\80000064.@ und ...{80000000.@ Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
09.08.2013, 12:11
| #5 |
| | Windows 8 x64 - "TR/ATRAPS.Gen2" in C:\Program Files (x86)\Google\Desktop\...\80000032.@ und ...\80000064.@ und ...{80000000.@ Avira Antivir erkennt jetzt nichts mehr. Hoffe der Virus ist jetzt verschwunden. Allerdings habe ich jetzt das Problem, dass die Windowsfirewall keine meiner installierten Spiele eventuell auch andere Programme durchlässt. Habe das bis jetzt erst mit Minecraft getestet. Und nochmals danke für die super Hilfe. Hier die Logs. Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.08.08.04 Windows 8 x64 NTFS Internet Explorer 10.0.9200.16635 Erik :: ERIKSSUPERPC [Administrator] 08.08.2013 14:15:12 mbam-log-2013-08-08 (14-15-12).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 221822 Laufzeit: 5 Minute(n), 24 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter # AdwCleaner v2.306 - Datei am 08/08/2013 um 15:30:35 erstellt
# Aktualisiert am 19/07/2013 von Xplode
# Betriebssystem : Windows 8 Pro (64 bits)
# Benutzer : Erik - ERIKSSUPERPC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Erik\Downloads\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gefunden : C:\Users\Erik\AppData\Roaming\Mozilla\Firefox\Profiles\4xzzp7q7.default\foxydeal.sqlite
Ordner Gefunden : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Ordner Gefunden : C:\ProgramData\boost_interprocess
Ordner Gefunden : C:\Users\Erik\AppData\LocalLow\boost_interprocess
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\APN PIP
Schlüssel Gefunden : HKCU\Software\InstallCore
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gefunden : HKLM\Software\systweak
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16537
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v22.0 (de)
Datei : C:\Users\Erik\AppData\Roaming\Mozilla\Firefox\Profiles\4xzzp7q7.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [1950 octets] - [08/08/2013 15:30:35]
########## EOF - C:\AdwCleaner[R1].txt - [2010 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.3.8 (08.07.2013:4)
OS: Windows 8 Pro x64
Ran by Erik on 08.08.2013 at 15:37:03,17
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\trolltech
Successfully deleted: [Registry Key] "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2757179658-3383392886-2677204389-1001\Software\SweetIM"
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Program Files (x86)\splashtop"
~~~ FireFox
Emptied folder: C:\Users\Erik\AppData\Roaming\mozilla\firefox\profiles\4xzzp7q7.default\minidumps [230 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08.08.2013 at 15:39:40,66
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-08-2013
Ran by Erik (administrator) on 09-08-2013 12:55:47
Running from C:\Users\Erik\Downloads
Windows 8 Pro (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\WINDOWS\system32\atiesrxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\WINDOWS\system32\dashost.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
() C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe
() C:\WINDOWS\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(AMD) C:\WINDOWS\system32\atieclxx.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKCU\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1475952 2013-01-10] (Samsung)
HKCU\...\Run: [KiesPDLR] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844144 2013-01-10] (Samsung)
HKCU\...\Run: [KiesAirMessage] - C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe [578560 2012-12-18] (Samsung Electronics)
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310128 2013-01-10] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [amd_dc_opt] - C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [ADSK DLMSession] - C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe [1632216 2012-07-23] (Autodesk, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [TkBellExe] - c:\program files (x86)\real\realplayer\Update\realsched.exe [295512 2013-07-11] (RealNetworks, Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2255184 2013-06-28] (LogMeIn Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [345144 2013-08-07] (Avira Operations GmbH & Co. KG)
Startup: C:\Users\Erik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 04 %SystemRoot%\System32\mswsock.dll [289280] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 04 %SystemRoot%\System32\mswsock.dll [355328] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\Erik\AppData\Roaming\Mozilla\Firefox\Profiles\4xzzp7q7.default
FF Homepage: hxxp://www.google.de/
FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @java.com/DTPlugin,version=10.9.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=1.138.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.1.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.3 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\WINDOWS\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npNxGameEU.dll (Nexon)
FF Plugin-x32: @real.com/nppl3260;version=16.0.2.32 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.2.32 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Erik\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\Erik\AppData\Roaming\Mozilla\Firefox\Profiles\4xzzp7q7.default\Extensions\ich@maltegoetz.de
FF Extension: 8 Ultimo - C:\Users\Erik\AppData\Roaming\Mozilla\Firefox\Profiles\4xzzp7q7.default\Extensions\{2b6788a0-0ccd-11e1-be50-0800200c9a66}
FF Extension: FT Evo - C:\Users\Erik\AppData\Roaming\Mozilla\Firefox\Profiles\4xzzp7q7.default\Extensions\{5c8c1470-d247-11e0-9572-0800200c9a66}
FF Extension: FT DeepDark - C:\Users\Erik\AppData\Roaming\Mozilla\Firefox\Profiles\4xzzp7q7.default\Extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66}
FF Extension: ffe_ff3aeroff4 - C:\Users\Erik\AppData\Roaming\Mozilla\Firefox\Profiles\4xzzp7q7.default\Extensions\ffe_ff3aeroff4@game-point.net.xpi
FF Extension: sendtophone - C:\Users\Erik\AppData\Roaming\Mozilla\Firefox\Profiles\4xzzp7q7.default\Extensions\sendtophone@martinezdelizarrondo.com.xpi
FF Extension: No Name - C:\Users\Erik\AppData\Roaming\Mozilla\Firefox\Profiles\4xzzp7q7.default\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
FF Extension: No Name - C:\Users\Erik\AppData\Roaming\Mozilla\Firefox\Profiles\4xzzp7q7.default\Extensions\{c7b3cf78-9cbc-47b9-ba47-bb84a56069dd}.xpi
FF Extension: No Name - C:\Users\Erik\AppData\Roaming\Mozilla\Firefox\Profiles\4xzzp7q7.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [{FCE04E1F-9378-4f39-96F6-5689A9159E45}] C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
==================== Services (Whitelisted) =================
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-01-09] (Adobe Systems)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-03-28] (Advanced Micro Devices, Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-08-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-08-07] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [811064 2013-08-07] (Avira Operations GmbH & Co. KG)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-03-21] ()
R2 mi-raysat_3dsmax2012_64; C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [86016 2011-02-22] ()
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-06-12] ()
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] ()
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [126976 2012-07-25] (Microsoft Corporation)
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [754584 2013-06-24] (Tunngle.net GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-29] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21600 2013-03-21] (Advanced Micro Devices, Inc.)
R2 AODDriver4.2; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [57472 2012-04-09] (Advanced Micro Devices)
R3 Apowersoft_AudioDevice; C:\Windows\system32\drivers\Apowersoft_AudioDevice.sys [31968 2012-10-08] (Wondershare)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [94208 2013-02-14] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-08-07] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [130016 2013-08-07] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-08-07] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283200 2012-11-22] (DT Soft Ltd)
S3 sthid; C:\Windows\System32\drivers\sthid.sys [20776 2013-01-28] (Splashtop Inc.)
S3 TabletFilter; C:\Windows\System32\drivers\TabletFilter.sys [7680 2012-08-15] (Windows (R) Win 7 DDK provider)
R3 tap0901t; C:\Windows\system32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
S3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42184 2013-02-12] (Anchorfree Inc.)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [89088 2012-07-26] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys [x]
S3 moufiltr; \SystemRoot\System32\drivers\moufiltr.sys [x]
S3 vhidmini; \SystemRoot\System32\drivers\walvhid.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-08-09 00:32 - 2013-08-09 00:32 - 00000000 ____D C:\ProgramData\boost_interprocess
2013-08-08 19:45 - 2013-08-08 19:45 - 00000349 _____ C:\Users\Erik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows-Firewall.lnk
2013-08-08 15:39 - 2013-08-08 15:39 - 00001230 _____ C:\Users\Erik\Desktop\JRT.txt
2013-08-08 15:36 - 2013-08-08 15:36 - 00957230 _____ (Oleg N. Scherbakov) C:\Users\Erik\Downloads\JRT.exe
2013-08-08 15:36 - 2013-08-08 15:36 - 00000000 ____D C:\WINDOWS\ERUNT
2013-08-08 15:30 - 2013-08-08 15:30 - 00002075 _____ C:\Users\Erik\Desktop\AdwCleaner[R1].txt
2013-08-08 14:26 - 2013-08-08 14:26 - 00666633 _____ C:\Users\Erik\Downloads\adwcleaner.exe
2013-08-08 14:15 - 2013-08-08 14:15 - 00000000 ____D C:\Users\Erik\Desktop\Neuer Ordner
2013-08-08 07:06 - 2013-08-08 07:06 - 00000000 ____D C:\Users\Erik\AppData\Roaming\Avira
2013-08-08 07:02 - 2013-08-08 07:01 - 00083672 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2013-08-07 16:34 - 2013-08-07 16:34 - 00000000 ____D C:\ProgramData\Avira
2013-08-07 16:34 - 2013-08-07 16:34 - 00000000 ____D C:\Program Files (x86)\Avira
2013-08-07 16:34 - 2013-08-07 16:32 - 00130016 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2013-08-07 16:34 - 2013-08-07 16:32 - 00100712 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2013-08-07 16:34 - 2013-08-07 16:32 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys
2013-08-07 16:30 - 2013-08-07 16:30 - 02092792 _____ C:\Users\Erik\Downloads\avira_free_antivirus.exe
2013-08-07 14:04 - 2013-08-08 15:33 - 00002344 _____ C:\WINDOWS\PFRO.log
2013-08-07 12:41 - 2013-08-07 14:22 - 00000000 ____D C:\Qoobox
2013-08-07 12:41 - 2013-08-07 14:20 - 00000000 ____D C:\WINDOWS\erdnt
2013-08-07 12:41 - 2011-06-26 08:45 - 00256000 _____ C:\WINDOWS\PEV.exe
2013-08-07 12:41 - 2010-11-07 19:20 - 00208896 _____ C:\WINDOWS\MBR.exe
2013-08-07 12:41 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2013-08-07 12:41 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2013-08-07 12:41 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2013-08-07 12:41 - 2000-08-31 02:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2013-08-07 12:41 - 2000-08-31 02:00 - 00098816 _____ C:\WINDOWS\sed.exe
2013-08-07 12:41 - 2000-08-31 02:00 - 00080412 _____ C:\WINDOWS\grep.exe
2013-08-07 12:41 - 2000-08-31 02:00 - 00068096 _____ C:\WINDOWS\zip.exe
2013-08-07 12:33 - 2013-08-07 12:33 - 02059296 _____ C:\Users\Erik\Downloads\SSbump_Generator_5_3_Bugfix.zip
2013-08-07 11:13 - 2013-08-07 11:13 - 00377856 _____ C:\Users\Erik\Downloads\gmer_2.1.19163.exe
2013-08-07 10:59 - 2013-08-07 11:00 - 00033579 _____ C:\Users\Erik\Downloads\Addition.txt
2013-08-07 10:57 - 2013-08-07 10:57 - 01788943 _____ (Farbar) C:\Users\Erik\Downloads\FRST64.exe
2013-08-07 10:56 - 2013-08-07 10:56 - 00000540 _____ C:\Users\Erik\Downloads\defogger_disable.log
2013-08-07 10:56 - 2013-08-07 10:56 - 00000168 _____ C:\Users\Erik\defogger_reenable
2013-08-07 10:54 - 2013-08-07 10:54 - 00050477 _____ C:\Users\Erik\Downloads\Defogger.exe
2013-08-06 19:00 - 2013-08-06 19:00 - 00000000 ____D C:\Users\Erik\AppData\Local\Mozilla
2013-08-06 00:51 - 2013-08-06 00:51 - 00076358 _____ C:\Users\Erik\Downloads\Extras.Txt
2013-08-06 00:50 - 2013-08-06 18:39 - 00127712 _____ C:\Users\Erik\Downloads\OTL.Txt
2013-08-06 00:39 - 2013-08-06 00:39 - 00602112 _____ (OldTimer Tools) C:\Users\Erik\Downloads\OTL.exe
2013-08-05 21:27 - 2013-08-05 21:27 - 00000000 ____D C:\Users\Erik\AppData\Roaming\Malwarebytes
2013-08-05 21:26 - 2013-08-05 21:26 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Erik\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-05 21:26 - 2013-08-05 21:26 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-05 21:26 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2013-08-05 20:07 - 2013-08-05 20:07 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2013-08-05 19:47 - 2013-08-05 19:59 - 00000000 ____D C:\Users\Erik\AppData\Roaming\SM2
2013-08-05 19:47 - 2013-08-05 19:47 - 00000992 _____ C:\Users\Erik\Desktop\ShaderMap 2 (DEMO).lnk
2013-08-05 19:47 - 2013-08-05 19:47 - 00000000 ____D C:\Program Files\ShaderMap 2 DEMO
2013-08-05 19:46 - 2013-08-05 19:46 - 28031616 _____ (Rendering Systems Inc. ) C:\Users\Erik\Downloads\ShaderMapDEMO_v2_0_72.exe
2013-08-05 19:36 - 2013-08-05 19:36 - 00000000 ____D C:\Users\Erik\AppData\Local\CrazyBump
2013-08-05 19:36 - 2013-08-05 19:36 - 00000000 ____D C:\ProgramData\CrazyBump
2013-08-05 19:36 - 2012-10-09 23:31 - 00000000 ____D C:\Users\Erik\Downloads\CrazyBump.1.2
2013-08-05 19:34 - 2013-08-05 19:34 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-05 19:30 - 2013-08-05 19:30 - 13399154 _____ C:\Users\Erik\Downloads\mbar-1.06.0.1004.zip
2013-08-05 19:01 - 2013-08-05 19:12 - 31620928 _____ C:\Users\Erik\Downloads\Crazy.Bump.1.2.rar
2013-08-05 18:08 - 2013-08-05 18:44 - 110100480 _____ C:\Users\Erik\Downloads\Burglar Busted.part3.rar
2013-08-05 17:15 - 2013-08-05 17:15 - 00000000 ____D C:\Users\Erik\Documents\AdobeStockPhotos
2013-08-05 13:58 - 2013-08-05 13:58 - 00001540 _____ C:\Users\Erik\AppData\Local\recently-used.xbel
2013-08-05 10:42 - 2013-08-05 11:18 - 110100480 _____ C:\Users\Erik\Downloads\Burglar Busted.part2.rar
2013-08-04 09:04 - 2013-05-14 13:33 - 00000000 ____D C:\Users\Erik\Downloads\CryENGINE_3_Cookbook
2013-07-31 23:28 - 2013-07-31 23:30 - 30765917 _____ C:\Users\Erik\Downloads\sortiermaschine version 3.7z
2013-07-31 15:03 - 2013-07-31 15:03 - 00040661 _____ C:\Users\Erik\Downloads\SEUS v10.0 Ultra Motion Blur.zip
2013-07-31 14:52 - 2013-07-31 14:52 - 00000000 ____D C:\Users\Erik\Downloads\N.E.R.D.-Fly_Or_Die-Retail-2004-Recycled_INT
2013-07-31 14:51 - 2013-07-31 14:53 - 41422160 _____ C:\Users\Erik\Downloads\64px BETA [mc1.5.1] HD MK WORKING.zip
2013-07-31 14:35 - 2013-07-31 14:35 - 00000000 ____D C:\Users\Erik\Downloads\Ultimate
2013-07-31 14:29 - 2013-07-31 14:29 - 00421779 _____ C:\Users\Erik\Downloads\ShadersMod-2.00-mc1.5.2-ofud3(2).zip
2013-07-31 14:25 - 2013-07-31 14:25 - 00374114 _____ C:\Users\Erik\Downloads\OptiFine_1.5.2_HD_D3.zip
2013-07-31 14:22 - 2013-07-31 15:06 - 00217600 _____ C:\Users\Erik\Downloads\jacob-1.17-M2-x64.dll
2013-07-31 14:22 - 2013-07-31 15:06 - 00176128 _____ C:\Users\Erik\Downloads\jacob-1.17-M2-x86.dll
2013-07-31 14:16 - 2013-07-31 14:20 - 00000000 ____D C:\Users\Erik\Downloads\Direwolf20_1_5
2013-07-30 13:24 - 2013-08-04 09:31 - 110100480 _____ C:\Users\Erik\Downloads\Burglar Busted.part1.rar
2013-07-30 13:08 - 2013-07-30 15:00 - 686623991 _____ C:\Users\Erik\Downloads\msgf.e02.maria.sd(1).wmv
2013-07-29 21:53 - 2013-07-29 21:53 - 00246411 _____ C:\Users\Erik\Downloads\ShadersMod-mc1.5.2-ofud3-1.46(1).zip
2013-07-29 21:51 - 2013-07-29 21:51 - 00041996 _____ C:\Users\Erik\Downloads\Sildurs shaders RC2.1 ATI high.zip
2013-07-29 21:15 - 2013-07-29 21:15 - 00295901 _____ C:\Users\Erik\Downloads\ShadersMod-mc1.5.2-ofud3-1.46.zip
2013-07-29 20:01 - 2013-07-29 20:01 - 00421779 _____ C:\Users\Erik\Downloads\ShadersMod-2.00-mc1.5.2-ofud3(1).zip
2013-07-29 20:01 - 2013-07-29 20:01 - 00035468 _____ C:\Users\Erik\Downloads\RudoPlays Shader(1).zip
2013-07-29 19:55 - 2013-07-29 19:55 - 00367332 _____ (hxxp://magiclauncher.com) C:\Users\Erik\Downloads\MagicLauncher_1.1.7.exe
2013-07-29 19:55 - 2013-07-29 19:55 - 00220205 _____ C:\Users\Erik\Downloads\ShadersMod.zip
2013-07-29 19:55 - 2013-07-29 19:55 - 00035468 _____ C:\Users\Erik\Downloads\RudoPlays Shader.zip
2013-07-29 19:48 - 2013-07-29 19:48 - 00421779 _____ C:\Users\Erik\Downloads\ShadersMod-2.00-mc1.5.2-ofud3.zip
2013-07-29 19:46 - 2013-07-29 19:46 - 00049056 _____ C:\Users\Erik\Downloads\SEUS v10 RC7 Ultra.zip
2013-07-29 19:37 - 2013-07-29 19:37 - 00366367 _____ C:\Users\Erik\Downloads\optifine_1.6.2.zip
2013-07-29 13:01 - 2013-07-29 13:02 - 35741184 _____ C:\Users\Erik\Downloads\davina_04.mpg
2013-07-29 12:59 - 2013-07-29 13:00 - 42754932 _____ C:\Users\Erik\Downloads\davina_03.mpg
2013-07-28 09:01 - 2013-07-28 09:02 - 00000000 ____D C:\Users\Erik\Downloads\Company of Heroes Patches
2013-07-28 08:59 - 2013-07-28 09:02 - 00000000 ____D C:\Users\Erik\Downloads\Video2Brain.Autodesk.3ds.Max.2013-Visualisierung.GERMAN-Substance
2013-07-25 20:39 - 2013-07-25 20:39 - 02033889 _____ C:\Users\Erik\Downloads\mcpatcher-4.1.1.exe
2013-07-24 17:49 - 2013-07-24 17:49 - 00000000 ____D C:\Users\Erik\Documents\TheInnerWorld
2013-07-24 17:49 - 2013-07-24 17:49 - 00000000 ____D C:\Users\Erik\AppData\Roaming\com.studio-fizbin.InnerWorld
2013-07-21 17:53 - 2013-08-06 18:23 - 00000000 ____D C:\Users\Erik\AppData\Local\LogMeIn Hamachi
2013-07-21 17:51 - 2013-08-05 20:07 - 00000935 _____ C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
2013-07-21 17:46 - 2013-07-21 17:53 - 00000000 ____D C:\Users\Erik\Downloads\MindCrack_Server
2013-07-21 17:16 - 2013-07-21 17:16 - 00000000 _____ C:\Users\Erik\Downloads\server.log
2013-07-21 17:15 - 2013-07-21 17:15 - 00000000 ____D C:\Users\Erik\Downloads\MindCrack
2013-07-21 17:13 - 2013-07-21 17:16 - 00000000 ____D C:\Users\Erik\AppData\Roaming\ftblauncher
2013-07-21 17:12 - 2013-07-21 17:12 - 00512825 _____ () C:\Users\Erik\Downloads\FTB_Launcher.exe
2013-07-21 17:11 - 2013-07-21 17:11 - 00675988 _____ C:\Users\Erik\Desktop\Minecraft.exe
2013-07-19 22:25 - 2013-07-19 22:25 - 00000000 ____D C:\Users\Erik\AppData\Roaming\.mono
2013-07-19 22:25 - 2013-07-19 22:25 - 00000000 ____D C:\Users\Erik\AppData\Local\UWebKit
2013-07-19 13:16 - 2013-07-19 13:18 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-07-18 14:21 - 2013-08-04 08:25 - 00452400 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-07-16 21:22 - 2013-06-17 00:41 - 00997632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2013-07-16 21:22 - 2013-06-01 13:54 - 00194816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2013-07-16 21:22 - 2013-06-01 13:54 - 00125184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2013-07-16 21:22 - 2013-06-01 13:34 - 02391280 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2013-07-16 21:22 - 2013-06-01 13:33 - 02233600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2013-07-16 21:22 - 2013-06-01 13:29 - 00337152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2013-07-16 21:22 - 2013-06-01 13:29 - 00213248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UCX01000.SYS
2013-07-16 21:22 - 2013-06-01 13:26 - 06987008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2013-07-16 21:22 - 2013-06-01 13:26 - 00327936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2013-07-16 21:22 - 2013-06-01 12:24 - 02106176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2013-07-16 21:22 - 2013-06-01 11:25 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsGdiConverter.dll
2013-07-16 21:22 - 2013-06-01 11:25 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll
2013-07-16 21:22 - 2013-06-01 11:24 - 01453568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2013-07-16 21:22 - 2013-06-01 11:24 - 00850944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2013-07-16 21:22 - 2013-06-01 11:24 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mscms.dll
2013-07-16 21:22 - 2013-06-01 11:23 - 01842176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2013-07-16 21:22 - 2013-06-01 11:23 - 00680960 _____ (Microsoft Corporation) C:\WINDOWS\system32\vds.exe
2013-07-16 21:22 - 2013-06-01 11:22 - 00523264 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsGdiConverter.dll
2013-07-16 21:22 - 2013-06-01 11:22 - 00446976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2013-07-16 21:22 - 2013-06-01 11:22 - 00190976 _____ (Microsoft Corporation) C:\WINDOWS\system32\vdsutil.dll
2013-07-16 21:22 - 2013-06-01 11:22 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeParserTask.exe
2013-07-16 21:22 - 2013-06-01 11:21 - 00729600 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2013-07-16 21:22 - 2013-06-01 11:21 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2013-07-16 21:22 - 2013-06-01 11:20 - 02219520 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2013-07-16 21:22 - 2013-06-01 11:20 - 01527808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2013-07-16 21:22 - 2013-06-01 11:20 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2013-07-16 21:22 - 2013-06-01 11:20 - 00583168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mscms.dll
2013-07-16 21:22 - 2013-06-01 11:19 - 00785408 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2013-07-16 21:22 - 2013-06-01 11:19 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupManager.dll
2013-07-16 21:22 - 2013-06-01 05:08 - 00037632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthAvrcpTg.sys
2013-07-16 21:22 - 2013-05-25 00:09 - 01403296 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2013-07-16 21:22 - 2013-05-25 00:09 - 01271584 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2013-07-16 21:22 - 2013-05-25 00:09 - 01217352 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2013-07-16 21:22 - 2013-05-25 00:09 - 01093904 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2013-07-16 21:22 - 2013-05-20 02:08 - 00386642 _____ C:\WINDOWS\system32\ApnDatabase.xml
2013-07-12 14:39 - 2013-07-12 14:40 - 09104183 _____ C:\Users\Erik\Downloads\coh2-mp-crack-v3.0.0.9704(1).rar
2013-07-11 14:08 - 2013-07-11 14:08 - 00000000 ____D C:\Users\Erik\AppData\Roaming\RealNetworks
2013-07-11 14:07 - 2013-07-11 14:07 - 00000000 ____D C:\ProgramData\RealNetworks
2013-07-11 14:07 - 2013-07-11 14:07 - 00000000 ____D C:\Program Files (x86)\RealNetworks
2013-07-10 09:43 - 2013-07-10 09:43 - 00000000 ____D C:\ProgramData\REVOLT
2013-07-10 09:34 - 2013-07-10 09:34 - 00001942 _____ C:\Users\Erik\Desktop\Play The Walking Dead nosTEAM.lnk
2013-07-10 09:30 - 2013-07-10 09:30 - 00000000 ____D C:\Users\Erik\Neuer Ordner
2013-07-10 09:13 - 2013-07-10 09:43 - 00000000 ____D C:\Users\Erik\Documents\Telltale Games
2013-07-10 07:42 - 2013-04-12 00:30 - 01421312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2013-07-10 07:42 - 2013-04-12 00:22 - 01838080 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2013-07-10 07:41 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2013-07-10 07:41 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2013-07-10 07:41 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2013-07-10 07:41 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2013-07-10 07:41 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2013-07-10 07:41 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2013-07-10 07:41 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2013-07-10 07:41 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2013-07-10 07:41 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2013-07-10 07:41 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2013-07-10 07:41 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2013-07-10 07:41 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2013-07-10 07:41 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2013-07-10 07:41 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2013-07-10 07:41 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2013-07-10 07:41 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2013-07-10 07:41 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2013-07-10 07:41 - 2013-06-01 11:25 - 00496640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2013-07-10 07:41 - 2013-06-01 11:21 - 00595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2013-07-10 07:41 - 2013-05-31 01:14 - 04036096 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2013-07-10 07:41 - 2013-05-04 08:59 - 02842112 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL
2013-07-10 07:41 - 2013-05-04 06:57 - 02620928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDECOD.DLL
191
==================== One Month Modified Files and Folders =======
2013-08-09 12:55 - 2013-08-09 12:55 - 00000000 ____D C:\FRST
2013-08-09 12:52 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\system32\sru
2013-08-09 02:08 - 2012-10-05 18:52 - 00000000 ____D C:\Users\Erik\AppData\Roaming\.minecraft
2013-08-09 00:58 - 2013-07-06 12:34 - 01769043 _____ C:\WINDOWS\WindowsUpdate.log
2013-08-09 00:32 - 2013-08-09 00:32 - 00000000 ____D C:\ProgramData\boost_interprocess
2013-08-08 19:48 - 2012-09-04 12:29 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2757179658-3383392886-2677204389-1001
2013-08-08 19:45 - 2013-08-08 19:45 - 00000349 _____ C:\Users\Erik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows-Firewall.lnk
2013-08-08 19:43 - 2012-09-04 14:51 - 00000000 ____D C:\Users\Erik\AppData\Roaming\Skype
2013-08-08 19:39 - 2013-01-08 13:33 - 00000000 ____D C:\Users\Erik\Desktop\3D
2013-08-08 15:39 - 2013-08-08 15:39 - 00001230 _____ C:\Users\Erik\Desktop\JRT.txt
2013-08-08 15:36 - 2013-08-08 15:36 - 00957230 _____ (Oleg N. Scherbakov) C:\Users\Erik\Downloads\JRT.exe
2013-08-08 15:36 - 2013-08-08 15:36 - 00000000 ____D C:\WINDOWS\ERUNT
2013-08-08 15:33 - 2013-08-07 14:04 - 00002344 _____ C:\WINDOWS\PFRO.log
2013-08-08 15:33 - 2012-07-26 09:22 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-08-08 15:32 - 2012-07-26 07:26 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2013-08-08 15:30 - 2013-08-08 15:30 - 00002075 _____ C:\Users\Erik\Desktop\AdwCleaner[R1].txt
2013-08-08 14:26 - 2013-08-08 14:26 - 00666633 _____ C:\Users\Erik\Downloads\adwcleaner.exe
2013-08-08 14:15 - 2013-08-08 14:15 - 00000000 ____D C:\Users\Erik\Desktop\Neuer Ordner
2013-08-08 07:06 - 2013-08-08 07:06 - 00000000 ____D C:\Users\Erik\AppData\Roaming\Avira
2013-08-08 07:01 - 2013-08-08 07:02 - 00083672 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2013-08-07 16:34 - 2013-08-07 16:34 - 00000000 ____D C:\ProgramData\Avira
2013-08-07 16:34 - 2013-08-07 16:34 - 00000000 ____D C:\Program Files (x86)\Avira
2013-08-07 16:32 - 2013-08-07 16:34 - 00130016 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2013-08-07 16:32 - 2013-08-07 16:34 - 00100712 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2013-08-07 16:32 - 2013-08-07 16:34 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys
2013-08-07 16:30 - 2013-08-07 16:30 - 02092792 _____ C:\Users\Erik\Downloads\avira_free_antivirus.exe
2013-08-07 14:22 - 2013-08-07 12:41 - 00000000 ____D C:\Qoobox
2013-08-07 14:22 - 2012-07-26 07:37 - 00000000 __RHD C:\Users\Default
2013-08-07 14:20 - 2013-08-07 12:41 - 00000000 ____D C:\WINDOWS\erdnt
2013-08-07 14:19 - 2012-09-04 12:20 - 00000000 ____D C:\Users\Erik
2013-08-07 14:19 - 2012-07-26 07:26 - 00000215 _____ C:\WINDOWS\system.ini
2013-08-07 12:33 - 2013-08-07 12:33 - 02059296 _____ C:\Users\Erik\Downloads\SSbump_Generator_5_3_Bugfix.zip
2013-08-07 11:13 - 2013-08-07 11:13 - 00377856 _____ C:\Users\Erik\Downloads\gmer_2.1.19163.exe
2013-08-07 11:00 - 2013-08-07 10:59 - 00033579 _____ C:\Users\Erik\Downloads\Addition.txt
2013-08-07 10:57 - 2013-08-07 10:57 - 01788943 _____ (Farbar) C:\Users\Erik\Downloads\FRST64.exe
2013-08-07 10:56 - 2013-08-07 10:56 - 00000540 _____ C:\Users\Erik\Downloads\defogger_disable.log
2013-08-07 10:56 - 2013-08-07 10:56 - 00000168 _____ C:\Users\Erik\defogger_reenable
2013-08-07 10:54 - 2013-08-07 10:54 - 00050477 _____ C:\Users\Erik\Downloads\Defogger.exe
2013-08-06 19:00 - 2013-08-06 19:00 - 00000000 ____D C:\Users\Erik\AppData\Local\Mozilla
2013-08-06 18:39 - 2013-08-06 00:50 - 00127712 _____ C:\Users\Erik\Downloads\OTL.Txt
2013-08-06 18:23 - 2013-07-21 17:53 - 00000000 ____D C:\Users\Erik\AppData\Local\LogMeIn Hamachi
2013-08-06 18:23 - 2013-03-06 09:25 - 00000000 ____D C:\Users\Erik\AppData\Roaming\TS3Client
2013-08-06 18:23 - 2012-10-12 21:30 - 00000000 ____D C:\Users\Erik\AppData\Roaming\Media Player Classic
2013-08-06 18:23 - 2012-09-12 14:02 - 00000000 ____D C:\Program Files (x86)\Steam
2013-08-06 18:23 - 2012-09-04 13:07 - 00000000 ____D C:\Users\Erik\AppData\Roaming\DAEMON Tools Lite
2013-08-06 00:51 - 2013-08-06 00:51 - 00076358 _____ C:\Users\Erik\Downloads\Extras.Txt
2013-08-06 00:39 - 2013-08-06 00:39 - 00602112 _____ (OldTimer Tools) C:\Users\Erik\Downloads\OTL.exe
2013-08-05 21:27 - 2013-08-05 21:27 - 00000000 ____D C:\Users\Erik\AppData\Roaming\Malwarebytes
2013-08-05 21:26 - 2013-08-05 21:26 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Erik\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-05 21:26 - 2013-08-05 21:26 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-05 21:13 - 2013-06-01 15:31 - 00000000 ____D C:\Users\Erik\Downloads\mbar
2013-08-05 20:07 - 2013-08-05 20:07 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2013-08-05 20:07 - 2013-07-21 17:51 - 00000935 _____ C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
2013-08-05 20:01 - 2012-11-20 18:10 - 00000000 ____D C:\Users\Erik\Documents\Windows
2013-08-05 19:59 - 2013-08-05 19:47 - 00000000 ____D C:\Users\Erik\AppData\Roaming\SM2
2013-08-05 19:47 - 2013-08-05 19:47 - 00000992 _____ C:\Users\Erik\Desktop\ShaderMap 2 (DEMO).lnk
2013-08-05 19:47 - 2013-08-05 19:47 - 00000000 ____D C:\Program Files\ShaderMap 2 DEMO
2013-08-05 19:46 - 2013-08-05 19:46 - 28031616 _____ (Rendering Systems Inc. ) C:\Users\Erik\Downloads\ShaderMapDEMO_v2_0_72.exe
2013-08-05 19:42 - 2013-01-16 04:16 - 00000000 ____D C:\Users\Erik\AppData\Local\licensecb
2013-08-05 19:42 - 2013-01-16 04:16 - 00000000 ____D C:\ProgramData\licensecb
2013-08-05 19:42 - 2012-09-04 13:40 - 00000000 ____D C:\WINDOWS\SysWOW64\directx
2013-08-05 19:36 - 2013-08-05 19:36 - 00000000 ____D C:\Users\Erik\AppData\Local\CrazyBump
2013-08-05 19:36 - 2013-08-05 19:36 - 00000000 ____D C:\ProgramData\CrazyBump
2013-08-05 19:34 - 2013-08-05 19:34 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-05 19:30 - 2013-08-05 19:30 - 13399154 _____ C:\Users\Erik\Downloads\mbar-1.06.0.1004.zip
2013-08-05 19:12 - 2013-08-05 19:01 - 31620928 _____ C:\Users\Erik\Downloads\Crazy.Bump.1.2.rar
2013-08-05 18:51 - 2012-11-16 16:45 - 00000000 ____D C:\Users\Erik\AppData\Local\Google
2013-08-05 18:51 - 2012-11-16 16:45 - 00000000 ____D C:\Program Files (x86)\Google
2013-08-05 18:44 - 2013-08-05 18:08 - 110100480 _____ C:\Users\Erik\Downloads\Burglar Busted.part3.rar
2013-08-05 17:27 - 2012-09-04 12:21 - 00000000 ____D C:\Users\Erik\AppData\Local\VirtualStore
2013-08-05 17:16 - 2012-09-04 12:22 - 00000000 ____D C:\Users\Erik\AppData\Roaming\Adobe
2013-08-05 17:15 - 2013-08-05 17:15 - 00000000 ____D C:\Users\Erik\Documents\AdobeStockPhotos
2013-08-05 13:59 - 2012-10-29 16:45 - 00000000 ____D C:\Users\Erik\.gimp-2.8
2013-08-05 13:58 - 2013-08-05 13:58 - 00001540 _____ C:\Users\Erik\AppData\Local\recently-used.xbel
2013-08-05 11:18 - 2013-08-05 10:42 - 110100480 _____ C:\Users\Erik\Downloads\Burglar Busted.part2.rar
2013-08-04 09:31 - 2013-07-30 13:24 - 110100480 _____ C:\Users\Erik\Downloads\Burglar Busted.part1.rar
2013-08-04 08:30 - 2012-07-26 12:27 - 00751892 _____ C:\WINDOWS\system32\perfh007.dat
2013-08-04 08:30 - 2012-07-26 12:27 - 00155620 _____ C:\WINDOWS\system32\perfc007.dat
2013-08-04 08:30 - 2012-07-26 09:28 - 01745416 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-08-04 08:25 - 2013-07-18 14:21 - 00452400 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-07-31 23:34 - 2012-09-04 13:33 - 00774656 ___SH C:\Users\Erik\Downloads\Thumbs.db
2013-07-31 23:30 - 2013-07-31 23:28 - 30765917 _____ C:\Users\Erik\Downloads\sortiermaschine version 3.7z
2013-07-31 15:06 - 2013-07-31 14:22 - 00217600 _____ C:\Users\Erik\Downloads\jacob-1.17-M2-x64.dll
2013-07-31 15:06 - 2013-07-31 14:22 - 00176128 _____ C:\Users\Erik\Downloads\jacob-1.17-M2-x86.dll
2013-07-31 15:03 - 2013-07-31 15:03 - 00040661 _____ C:\Users\Erik\Downloads\SEUS v10.0 Ultra Motion Blur.zip
2013-07-31 14:53 - 2013-07-31 14:51 - 41422160 _____ C:\Users\Erik\Downloads\64px BETA [mc1.5.1] HD MK WORKING.zip
2013-07-31 14:52 - 2013-07-31 14:52 - 00000000 ____D C:\Users\Erik\Downloads\N.E.R.D.-Fly_Or_Die-Retail-2004-Recycled_INT
2013-07-31 14:35 - 2013-07-31 14:35 - 00000000 ____D C:\Users\Erik\Downloads\Ultimate
2013-07-31 14:29 - 2013-07-31 14:29 - 00421779 _____ C:\Users\Erik\Downloads\ShadersMod-2.00-mc1.5.2-ofud3(2).zip
2013-07-31 14:25 - 2013-07-31 14:25 - 00374114 _____ C:\Users\Erik\Downloads\OptiFine_1.5.2_HD_D3.zip
2013-07-31 14:20 - 2013-07-31 14:16 - 00000000 ____D C:\Users\Erik\Downloads\Direwolf20_1_5
2013-07-31 14:14 - 2013-03-06 09:25 - 00000000 ____D C:\Program Files (x86)\TeamSpeak 3 Client
2013-07-30 17:16 - 2012-09-06 20:23 - 00000000 ____D C:\Users\Erik\AppData\Local\Windows Live
2013-07-30 15:00 - 2013-07-30 13:08 - 686623991 _____ C:\Users\Erik\Downloads\msgf.e02.maria.sd(1).wmv
2013-07-30 13:20 - 2012-10-18 15:20 - 00000000 ____D C:\Program Files (x86)\JDownloader
2013-07-29 21:56 - 2013-01-15 21:58 - 00162816 ___SH C:\Users\Erik\Desktop\Thumbs.db
2013-07-29 21:53 - 2013-07-29 21:53 - 00246411 _____ C:\Users\Erik\Downloads\ShadersMod-mc1.5.2-ofud3-1.46(1).zip
2013-07-29 21:51 - 2013-07-29 21:51 - 00041996 _____ C:\Users\Erik\Downloads\Sildurs shaders RC2.1 ATI high.zip
2013-07-29 21:15 - 2013-07-29 21:15 - 00295901 _____ C:\Users\Erik\Downloads\ShadersMod-mc1.5.2-ofud3-1.46.zip
2013-07-29 20:01 - 2013-07-29 20:01 - 00421779 _____ C:\Users\Erik\Downloads\ShadersMod-2.00-mc1.5.2-ofud3(1).zip
2013-07-29 20:01 - 2013-07-29 20:01 - 00035468 _____ C:\Users\Erik\Downloads\RudoPlays Shader(1).zip
2013-07-29 19:55 - 2013-07-29 19:55 - 00367332 _____ (hxxp://magiclauncher.com) C:\Users\Erik\Downloads\MagicLauncher_1.1.7.exe
2013-07-29 19:55 - 2013-07-29 19:55 - 00220205 _____ C:\Users\Erik\Downloads\ShadersMod.zip
2013-07-29 19:55 - 2013-07-29 19:55 - 00035468 _____ C:\Users\Erik\Downloads\RudoPlays Shader.zip
2013-07-29 19:48 - 2013-07-29 19:48 - 00421779 _____ C:\Users\Erik\Downloads\ShadersMod-2.00-mc1.5.2-ofud3.zip
2013-07-29 19:46 - 2013-07-29 19:46 - 00049056 _____ C:\Users\Erik\Downloads\SEUS v10 RC7 Ultra.zip
2013-07-29 19:37 - 2013-07-29 19:37 - 00366367 _____ C:\Users\Erik\Downloads\optifine_1.6.2.zip
2013-07-29 13:02 - 2013-07-29 13:01 - 35741184 _____ C:\Users\Erik\Downloads\davina_04.mpg
2013-07-29 13:00 - 2013-07-29 12:59 - 42754932 _____ C:\Users\Erik\Downloads\davina_03.mpg
2013-07-29 12:52 - 2012-09-12 14:09 - 00000000 ____D C:\Users\Erik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2013-07-29 12:26 - 2012-09-04 13:58 - 00000000 ____D C:\Program Files (x86)\Origin
2013-07-28 09:02 - 2013-07-28 09:01 - 00000000 ____D C:\Users\Erik\Downloads\Company of Heroes Patches
2013-07-28 09:02 - 2013-07-28 08:59 - 00000000 ____D C:\Users\Erik\Downloads\Video2Brain.Autodesk.3ds.Max.2013-Visualisierung.GERMAN-Substance
2013-07-25 20:39 - 2013-07-25 20:39 - 02033889 _____ C:\Users\Erik\Downloads\mcpatcher-4.1.1.exe
2013-07-24 17:49 - 2013-07-24 17:49 - 00000000 ____D C:\Users\Erik\Documents\TheInnerWorld
2013-07-24 17:49 - 2013-07-24 17:49 - 00000000 ____D C:\Users\Erik\AppData\Roaming\com.studio-fizbin.InnerWorld
2013-07-22 20:40 - 2012-11-30 19:45 - 00291128 _____ C:\WINDOWS\SysWOW64\PnkBstrB.exe
2013-07-22 20:40 - 2012-11-05 19:23 - 00000000 ____D C:\Users\Erik\Documents\The War Z
2013-07-22 20:40 - 2012-09-05 16:07 - 00291128 _____ C:\WINDOWS\SysWOW64\PnkBstrB.xtr
2013-07-21 18:30 - 2012-11-01 16:14 - 00000000 ____D C:\Games
2013-07-21 17:53 - 2013-07-21 17:46 - 00000000 ____D C:\Users\Erik\Downloads\MindCrack_Server
2013-07-21 17:16 - 2013-07-21 17:16 - 00000000 _____ C:\Users\Erik\Downloads\server.log
2013-07-21 17:16 - 2013-07-21 17:13 - 00000000 ____D C:\Users\Erik\AppData\Roaming\ftblauncher
2013-07-21 17:15 - 2013-07-21 17:15 - 00000000 ____D C:\Users\Erik\Downloads\MindCrack
2013-07-21 17:12 - 2013-07-21 17:12 - 00512825 _____ () C:\Users\Erik\Downloads\FTB_Launcher.exe
2013-07-21 17:11 - 2013-07-21 17:11 - 00675988 _____ C:\Users\Erik\Desktop\Minecraft.exe
2013-07-20 23:02 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\AUInstallAgent
2013-07-19 22:25 - 2013-07-19 22:25 - 00000000 ____D C:\Users\Erik\AppData\Roaming\.mono
2013-07-19 22:25 - 2013-07-19 22:25 - 00000000 ____D C:\Users\Erik\AppData\Local\UWebKit
2013-07-19 21:50 - 2012-09-04 14:28 - 00291128 _____ C:\WINDOWS\SysWOW64\PnkBstrB.ex0
2013-07-19 13:18 - 2013-07-19 13:16 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-07-16 21:25 - 2012-07-26 02:38 - 00312832 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationApi.dll
2013-07-16 10:02 - 2012-10-27 20:39 - 00000000 ____D C:\Users\Erik\AppData\Local\Adobe
2013-07-15 20:38 - 2012-07-26 07:38 - 00000000 ____D C:\WINDOWS\system32\oobe
2013-07-14 19:28 - 2013-03-14 14:23 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-14 19:28 - 2013-03-14 14:23 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-13 00:21 - 2012-07-26 12:29 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-12 14:42 - 2013-06-28 16:03 - 00000000 ____D C:\Program Files (x86)\Company of Heroes 2
2013-07-11 14:08 - 2013-07-11 14:08 - 00000000 ____D C:\Users\Erik\AppData\Roaming\RealNetworks
2013-07-11 14:07 - 2013-07-11 14:07 - 00000000 ____D C:\ProgramData\RealNetworks
2013-07-11 14:07 - 2013-07-11 14:07 - 00000000 ____D C:\Program Files (x86)\RealNetworks
2013-07-11 14:07 - 2012-12-28 21:32 - 00201872 _____ (RealNetworks, Inc.) C:\WINDOWS\SysWOW64\rmoc3260.dll
2013-07-11 14:07 - 2012-12-28 21:31 - 00499712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp71.dll
2013-07-11 14:07 - 2012-12-28 21:31 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr71.dll
2013-07-11 14:07 - 2012-12-28 21:31 - 00272896 _____ (Progressive Networks) C:\WINDOWS\SysWOW64\pncrt.dll
2013-07-11 14:07 - 2012-12-28 21:31 - 00006656 _____ (RealNetworks, Inc.) C:\WINDOWS\SysWOW64\pndx5016.dll
2013-07-11 14:07 - 2012-12-28 21:31 - 00005632 _____ (RealNetworks, Inc.) C:\WINDOWS\SysWOW64\pndx5032.dll
2013-07-11 14:07 - 2012-09-10 08:54 - 00000000 ____D C:\Program Files (x86)\Real
2013-07-11 14:07 - 2012-09-10 08:53 - 00000000 ____D C:\ProgramData\Real
2013-07-10 20:27 - 2013-01-09 11:45 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-10 09:43 - 2013-07-10 09:43 - 00000000 ____D C:\ProgramData\REVOLT
2013-07-10 09:43 - 2013-07-10 09:13 - 00000000 ____D C:\Users\Erik\Documents\Telltale Games
2013-07-10 09:34 - 2013-07-10 09:34 - 00001942 _____ C:\Users\Erik\Desktop\Play The Walking Dead nosTEAM.lnk
2013-07-10 09:30 - 2013-07-10 09:30 - 00000000 ____D C:\Users\Erik\Neuer Ordner
Files to move or delete:
====================
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install\{5d8c7e1b-84db-b569-6354-df7b2d22ca64}
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-07-31 18:26
==================== End Of Log ============================
--- --- --- |
|
10.08.2013, 09:15
| #6 |
| /// the machine /// TB-Ausbilder | Windows 8 x64 - "TR/ATRAPS.Gen2" in C:\Program Files (x86)\Google\Desktop\...\80000032.@ und ...\80000064.@ und ...{80000000.@ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
Downloade dir bitte  Farbar Service Scanner
Poste bitte den Inhalt hier. und ein frisches FRST log bitte.
__________________ --> Windows 8 x64 - "TR/ATRAPS.Gen2" in C:\Program Files (x86)\Google\Desktop\...\80000032.@ und ...\80000064.@ und ...{80000000.@ |
|
| Themen zu Windows 8 x64 - "TR/ATRAPS.Gen2" in C:\Program Files (x86)\Google\Desktop\...\80000032.@ und ...\80000064.@ und ...{80000000.@ |
| antivir, antivirus, avira, branding, defender, desktop, diagnostics, email, entfernen, error, excel, farbar, farbar recovery scan tool, firefox, flash player, google, helper, homepage, launch, mozilla, plug-in, plug-ins, programm, realtek, registry, rundll, scan, software, srtasks.exe, svchost.exe, teamspeak, virus, windows, windowsapps |
Linear-Darstellung
