Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Wer greift auf meinen Rechner zu ?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 10.10.2013, 07:49   #1
guggelhupf
 
Wer greift auf meinen Rechner zu ? - Standard

Wer greift auf meinen Rechner zu ?



Moin,
Ich habe ein kleines Problem, nämlich ist vor kurzem plötzlich ein Ordner auf meiner Partition D:/ aufgetaucht und mein Virusprog AVG hat die dort enthaltene "Setup.exe" auch gleich gemeldet und ich habe sie geblockt. Danach habe ich den ganzen Ordner schreddern lassen mit dem Tool "ArchiCrypt Shredder".

Meine Frage bezieht sicht aber nun darauf, wer denn eigendlich etwas von meinem Rechner wollte. Nähere Infos zu dem "Virus" in meinem Anhang. der remote ip zufolge bezieht der eingriff auf die Firma, welche laut dieser Website genannt wird: hxxp://glendalenewspress.com.trustcheck.net/ nämlich akamaitechnologies.

Ich habe keine Ahnung was hier gerade abgeht und hoffe Ihr könnt mir helfen

mfg
guggelhupf
Angehängte Grafiken
Dateityp: jpg Virus.jpg (14,9 KB, 127x aufgerufen)

Alt 10.10.2013, 07:57   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Wer greift auf meinen Rechner zu ? - Standard

Wer greift auf meinen Rechner zu ?



hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 10.10.2013, 08:18   #3
guggelhupf
 
Wer greift auf meinen Rechner zu ? - Standard

Wer greift auf meinen Rechner zu ?



FRST.TXT

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by guggelhupf (administrator) on GUGGELHUPF-PC on 10-10-2013 09:10:54
Running from C:\Users\guggelhupf\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Andrea Electronics Corporation) C:\Windows\system32\AEADISRV.EXE
(Softwareentwicklung Remus - ArchiCrypt) C:\Program Files (x86)\ArchiCrypt\ArchiCrypt Shredder 6\ArchiCryptInjector64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
(AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
() C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Akamai Technologies, Inc.) C:\Users\guggelhupf\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\guggelhupf\AppData\Local\Akamai\netsession_win.exe
() C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe
(Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
(Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe
(TeamSpeak Systems GmbH) C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe
() C:\Program Files\TeamSpeak 3 Client\plugins\ts3overlay\InstallHook.exe
(Valve Corporation) D:\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winamp.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SoundMAX] - C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe [3866624 2009-05-18] (Analog Devices, Inc.)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028896 2013-07-27] (NVIDIA Corporation)
HKLM\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKCU\...\Run: [Steam] - D:\Steam\steam.exe [1813928 2013-10-09] (Valve Corporation)
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\guggelhupf\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [GarenaPlus] - C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe [9866032 2013-09-27] ()
HKCU\...\Run: [ArchiCrypt Shredder 6] - [x]
HKCU\...\Run: [ArchiCrypt Scheduler 6] - [x]
HKCU\...\Run: [ArchiCrypt SecureDZone] - [x]
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [542632 2013-01-31] (Lavasoft)
HKLM-x32\...\Run: [SoundMAXPnP] - C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1310720 2009-06-05] (Analog Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [VirtualCloneDrive] - C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [WinampAgent] - C:\Program Files (x86)\Winamp\winampa.exe [74752 2012-06-20] (Nullsoft, Inc.)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411440 2013-08-15] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Aeria Ignite] - C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe [1925656 2013-06-06] (Aeria Games & Entertainment)
AppInit_DLLs: C:\PROGRA~1\NVIDIA~1\NVSTRE~1\rxinput.dll [653600 2013-07-27] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\PROGRA~2\NVIDIA~1\NVSTRE~1\rxinput.dll [593696 2013-07-27] (NVIDIA Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xFF7C77157259CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
URLSearchHook: (No Name) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} -  No File
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll (AnchorFree Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: ArcPluginIEBHO Class - {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} - e:\Arc\Plugins\ArcPluginIE.dll (Perfect World Entertainment Inc)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 83.169.184.33 83.169.184.97

FireFox:
========
FF ProfilePath: C:\Users\guggelhupf\AppData\Roaming\Mozilla\Firefox\Profiles\ed4k8s0w.default
FF NewTab: about:blank
FF Homepage: https://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin - e:\Arc\Plugins\npArcPluginFF.dll (Perfect World Entertainment Inc)
FF Plugin-x32: @t.garena.com/garenatalk - C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\guggelhupf\AppData\Roaming\Mozilla\Firefox\Profiles\ed4k8s0w.default\Extensions\ich@maltegoetz.de
FF Extension: Lavasoft Search Plugin - C:\Users\guggelhupf\AppData\Roaming\Mozilla\Firefox\Profiles\ed4k8s0w.default\Extensions\jid1-yZwVFzbsyfMrqQ@jetpack
FF Extension: No Name - C:\Users\guggelhupf\AppData\Roaming\Mozilla\Firefox\Profiles\ed4k8s0w.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: No Name - C:\Users\guggelhupf\AppData\Roaming\Mozilla\Firefox\Profiles\ed4k8s0w.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Hotspot Shield Helper (Please allow this installation) - C:\Program Files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com

==================== Services (Whitelisted) =================

R2 AEADIFilters; C:\Windows\system32\AEADISRV.EXE [111616 2009-06-05] (Andrea Electronics Corporation)
R2 ArchiCrypt Sichere Loeschzonen; C:\Program Files (x86)\ArchiCrypt\ArchiCrypt Shredder 6\ArchiCryptInjector64.exe [313408 2012-05-15] (Softwareentwicklung Remus - ArchiCrypt)
S3 ArcService; e:\Arc\ArcService.exe [88424 2013-08-15] (Perfect World Entertainment Inc)
R2 avgfws; C:\Program Files (x86)\AVG\AVG2013\avgfws.exe [1432080 2013-09-04] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-07-23] (AVG Technologies CZ, s.r.o.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-08-04] ()
R2 hshld; C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe [555304 2013-04-12] (AnchorFree Inc.)
S3 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [78512 2013-04-12] ()
R2 HssWd; C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [390440 2013-04-12] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14984480 2013-07-27] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-08-06] ()
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [754584 2013-06-24] (Tunngle.net GmbH)

==================== Drivers (Whitelisted) ====================

S3 1394hub; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 1394hub; C:\Windows\SysWow64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [50296 2012-09-04] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-09-05] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-21] (AVG Technologies CZ, s.r.o.)
S3 EagleX64; C:\Windows\system32\drivers\EagleX64.sys [140024 2013-08-10] (AhnLab, Inc.)
S3 EagleX64; C:\Windows\system32\drivers\EagleX64.sys [140024 2013-08-10] (AhnLab, Inc.)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [38096 2012-12-17] (GFI Software)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-02-22] (GFI Software)
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [46280 2013-04-12] (AnchorFree Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39712 2013-05-14] (NVIDIA Corporation)
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-04-03] (Anchorfree Inc.)
S3 GGSAFERDriver; \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys [x]
S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [x]
S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [x]
S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-10 09:10 - 2013-10-10 09:10 - 00000000 ____D C:\FRST
2013-10-10 09:08 - 2013-10-10 09:08 - 01954124 _____ (Farbar) C:\Users\guggelhupf\Desktop\FRST64.exe
2013-10-09 10:35 - 2013-10-09 10:35 - 17813896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-10-06 15:44 - 2013-10-06 17:09 - 00000000 ____D C:\Users\guggelhupf\AppData\Local\Microsoft Games
2013-10-01 18:01 - 2013-10-01 18:01 - 00000000 ____D C:\Users\guggelhupf\AppData\Local\CrashRpt
2013-10-01 17:42 - 2013-10-01 17:42 - 00000202 _____ C:\Users\guggelhupf\Desktop\Prime World.url
2013-10-01 04:26 - 2013-10-01 04:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-29 15:57 - 2013-09-29 15:57 - 00000694 _____ C:\Users\guggelhupf\Desktop\Path of Exile.lnk
2013-09-29 15:56 - 2013-09-29 15:56 - 07270400 _____ C:\Users\guggelhupf\Downloads\PathOfExileInstaller.msi
2013-09-25 20:37 - 2013-09-25 20:37 - 00000700 _____ C:\Users\guggelhupf\Desktop\Minecraft.lnk
2013-09-25 01:44 - 2013-09-25 01:44 - 00000000 ____D C:\ts3overlay
2013-09-22 23:35 - 2013-09-22 23:35 - 00000000 ____D C:\Users\guggelhupf\AppData\Local\Blizzard
2013-09-22 22:54 - 2013-09-22 22:54 - 00000443 _____ C:\Users\Public\Desktop\Hearthstone.lnk
2013-09-22 22:52 - 2013-09-24 03:11 - 00000000 ____D C:\Users\guggelhupf\AppData\Local\Battle.net
2013-09-22 22:52 - 2013-09-23 00:25 - 00000000 ____D C:\Users\guggelhupf\AppData\Roaming\Battle.net
2013-09-22 22:52 - 2013-09-22 22:52 - 00000000 ____D C:\Users\guggelhupf\AppData\Local\Blizzard Entertainment
2013-09-22 22:50 - 2013-09-22 22:50 - 05906904 _____ (Blizzard Entertainment) C:\Users\guggelhupf\Downloads\Hearthstone-Beta-Setup-deDE.exe
2013-09-21 19:16 - 2013-09-21 19:16 - 00000674 _____ C:\Users\guggelhupf\Desktop\Warhammer Online Age of Reckoning.lnk
2013-09-21 19:16 - 2013-09-21 19:16 - 00000000 ____D C:\Users\guggelhupf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Electronic Arts
2013-09-21 19:11 - 2013-09-21 19:12 - 42929231 _____ C:\Users\guggelhupf\Downloads\WarhammerOnlineInstaller.exe
2013-09-21 15:47 - 2013-09-21 15:47 - 25755856 _____ (Microsoft Corporation) C:\Users\guggelhupf\Downloads\wordview_de-de.exe
2013-09-21 15:47 - 2013-09-21 15:47 - 00000000 ____D C:\Program Files (x86)\MSECache
2013-09-21 15:47 - 2013-09-21 15:47 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2013-09-19 19:03 - 2013-09-19 19:03 - 00011198 _____ C:\Users\guggelhupf\Documents\Janus.m3u
2013-09-14 01:54 - 2013-08-10 07:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-14 01:54 - 2013-08-10 07:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-14 01:54 - 2013-08-10 07:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-14 01:54 - 2013-08-10 07:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-14 01:54 - 2013-08-10 07:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-14 01:54 - 2013-08-10 07:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-14 01:54 - 2013-08-10 07:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-14 01:54 - 2013-08-10 07:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-14 01:54 - 2013-08-10 07:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-14 01:54 - 2013-08-10 07:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-14 01:54 - 2013-08-10 07:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-14 01:54 - 2013-08-10 07:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-14 01:54 - 2013-08-10 07:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-14 01:54 - 2013-08-10 07:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-14 01:54 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-14 01:54 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-14 01:54 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-14 01:54 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-14 01:54 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-14 01:54 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-14 01:54 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-14 01:54 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-14 01:54 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-14 01:54 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-14 01:54 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-14 01:54 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-14 01:54 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-14 01:54 - 2013-08-10 05:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-14 01:54 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-14 01:54 - 2013-08-10 04:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-14 01:54 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-13 18:46 - 2013-09-13 18:46 - 00002322 _____ C:\Users\guggelhupf\Documents\Watsky.m3u
2013-09-13 18:40 - 2013-09-13 18:40 - 00166497 _____ C:\Users\guggelhupf\Documents\Nightwish & Epica.m3u
2013-09-13 18:36 - 2013-10-02 01:49 - 00039810 _____ C:\Users\guggelhupf\Documents\Hip Hop.m3u
2013-09-13 11:26 - 2013-09-13 11:26 - 00002141 _____ C:\Users\guggelhupf\Desktop\Torchlight 2 Save.lnk
2013-09-13 09:25 - 2013-08-08 03:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-13 09:25 - 2013-08-02 04:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-13 09:25 - 2013-08-02 04:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-13 09:25 - 2013-08-02 04:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-09-13 09:25 - 2013-08-02 04:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-09-13 09:25 - 2013-08-02 04:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-09-13 09:25 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-13 09:25 - 2013-08-02 04:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-09-13 09:25 - 2013-08-02 04:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-13 09:25 - 2013-08-02 04:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-13 09:25 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-13 09:25 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-09-13 09:25 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-13 09:25 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-13 09:25 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-13 09:25 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-13 09:25 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-13 09:25 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-13 09:25 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-13 09:25 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-13 09:25 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-13 09:25 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-13 09:25 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-13 09:25 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-13 09:25 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-13 09:25 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-13 09:25 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-13 09:25 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-13 09:25 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-13 09:25 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-13 09:25 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-13 09:25 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-13 09:25 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-13 09:25 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-13 09:25 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-13 09:25 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-13 09:25 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-13 09:25 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-13 09:25 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-13 09:25 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-13 09:25 - 2013-08-02 03:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-13 09:25 - 2013-08-02 03:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-13 09:25 - 2013-08-02 03:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-13 09:25 - 2013-08-02 03:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-13 09:25 - 2013-08-02 03:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-13 09:25 - 2013-08-02 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-13 09:25 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-13 09:25 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-13 09:25 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-13 09:25 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-13 09:25 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-13 09:25 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-13 09:25 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-13 09:25 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-13 09:25 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-13 09:25 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-13 09:25 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-13 09:25 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-13 09:25 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-13 09:25 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-13 09:25 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-13 09:25 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-13 09:25 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-13 09:25 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-13 09:25 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-13 09:25 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-13 09:25 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-13 09:25 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-13 09:25 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-13 09:25 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-13 09:25 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-13 09:25 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-13 09:25 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-13 09:25 - 2013-08-02 02:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-13 09:25 - 2013-08-02 02:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-13 09:25 - 2013-08-02 02:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-13 09:25 - 2013-08-02 02:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-13 09:25 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-13 09:25 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-13 09:25 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-13 09:25 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-13 09:25 - 2013-07-26 04:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-13 09:25 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-13 09:25 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-13 09:25 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-09-12 20:40 - 2013-09-12 20:40 - 00000202 _____ C:\Users\guggelhupf\Desktop\Torchlight II.url
2013-09-12 14:24 - 2013-09-13 18:37 - 00007038 _____ C:\Users\guggelhupf\Documents\Alborosie.m3u
2013-09-11 23:34 - 2013-09-13 18:41 - 00027348 _____ C:\Users\guggelhupf\Documents\Poets of the Fall.m3u
2013-09-10 06:37 - 2013-09-10 06:37 - 00000000 ____D C:\Users\guggelhupf\AppData\Local\Overwolf

==================== One Month Modified Files and Folders =======

2013-10-10 09:10 - 2013-10-10 09:10 - 00000000 ____D C:\FRST
2013-10-10 09:08 - 2013-10-10 09:08 - 01954124 _____ (Farbar) C:\Users\guggelhupf\Desktop\FRST64.exe
2013-10-10 09:02 - 2013-01-29 13:04 - 00000000 ____D C:\Users\guggelhupf\AppData\Roaming\Winamp
2013-10-10 08:59 - 2013-02-22 01:02 - 00000000 ____D C:\ProgramData\MFAData
2013-10-10 08:35 - 2013-09-07 20:24 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-10 07:04 - 2013-01-23 22:55 - 02024622 _____ C:\Windows\WindowsUpdate.log
2013-10-10 06:22 - 2013-02-25 04:59 - 00000000 ____D C:\Users\guggelhupf\AppData\Local\PMB Files
2013-10-10 06:22 - 2013-02-25 04:59 - 00000000 ____D C:\ProgramData\PMB Files
2013-10-10 06:21 - 2013-04-02 02:01 - 00000000 ____D C:\Users\guggelhupf\AppData\Roaming\vlc
2013-10-10 04:05 - 2013-01-25 18:31 - 00000000 ____D C:\Users\guggelhupf\AppData\Roaming\TS3Client
2013-10-10 03:03 - 2013-01-26 11:20 - 01591896 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-10-10 03:03 - 2011-04-12 09:43 - 00698688 _____ C:\Windows\system32\perfh007.dat
2013-10-10 03:03 - 2011-04-12 09:43 - 00148828 _____ C:\Windows\system32\perfc007.dat
2013-10-10 03:03 - 2009-07-14 07:13 - 01591896 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-09 10:40 - 2013-09-07 20:24 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-09 10:40 - 2013-09-07 20:24 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-09 10:40 - 2013-08-23 19:08 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-09 10:35 - 2013-10-09 10:35 - 17813896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-10-08 21:30 - 2009-07-14 06:45 - 00021856 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-08 21:30 - 2009-07-14 06:45 - 00021856 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-08 21:27 - 2013-07-03 01:39 - 00000000 ____D C:\Users\guggelhupf\AppData\Roaming\GarenaPlus
2013-10-08 21:27 - 2013-07-03 01:39 - 00000000 ____D C:\ProgramData\GarenaMessenger
2013-10-08 21:23 - 2013-02-24 02:00 - 00030192 _____ C:\Windows\setupact.log
2013-10-08 21:23 - 2013-01-23 23:08 - 00000000 ____D C:\ProgramData\NVIDIA
2013-10-08 21:23 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-08 00:20 - 2013-01-25 12:23 - 00000000 ____D C:\Program Files (x86)\JDownloader
2013-10-08 00:06 - 2013-02-03 17:25 - 00000000 ____D C:\Users\guggelhupf\AppData\Roaming\.minecraft
2013-10-07 21:18 - 2013-07-03 01:39 - 00000000 ____D C:\Program Files (x86)\Garena Plus
2013-10-06 17:09 - 2013-10-06 15:44 - 00000000 ____D C:\Users\guggelhupf\AppData\Local\Microsoft Games
2013-10-05 18:03 - 2013-04-30 13:20 - 00000000 ____D C:\Users\guggelhupf\AppData\Roaming\Skype
2013-10-03 21:26 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-10-02 14:48 - 2013-01-25 18:30 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2013-10-02 01:49 - 2013-09-13 18:36 - 00039810 _____ C:\Users\guggelhupf\Documents\Hip Hop.m3u
2013-10-01 18:01 - 2013-10-01 18:01 - 00000000 ____D C:\Users\guggelhupf\AppData\Local\CrashRpt
2013-10-01 17:44 - 2013-01-24 14:37 - 00000000 ____D C:\Users\guggelhupf\Documents\my games
2013-10-01 17:42 - 2013-10-01 17:42 - 00000202 _____ C:\Users\guggelhupf\Desktop\Prime World.url
2013-10-01 14:10 - 2013-01-23 23:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-10-01 05:02 - 2013-04-10 10:00 - 00000000 ____D C:\Users\guggelhupf\Desktop\Verküpfungen
2013-10-01 05:01 - 2013-01-23 23:07 - 00000000 ____D C:\Users\guggelhupf\AppData\Local\Mozilla
2013-10-01 04:26 - 2013-10-01 04:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-29 15:57 - 2013-09-29 15:57 - 00000694 _____ C:\Users\guggelhupf\Desktop\Path of Exile.lnk
2013-09-29 15:56 - 2013-09-29 15:56 - 07270400 _____ C:\Users\guggelhupf\Downloads\PathOfExileInstaller.msi
2013-09-25 22:51 - 2013-07-16 05:15 - 00000000 ____D C:\Users\guggelhupf\Desktop\Minecraft Launcher
2013-09-25 20:37 - 2013-09-25 20:37 - 00000700 _____ C:\Users\guggelhupf\Desktop\Minecraft.lnk
2013-09-25 01:44 - 2013-09-25 01:44 - 00000000 ____D C:\ts3overlay
2013-09-24 03:11 - 2013-09-22 22:52 - 00000000 ____D C:\Users\guggelhupf\AppData\Local\Battle.net
2013-09-23 00:25 - 2013-09-22 22:52 - 00000000 ____D C:\Users\guggelhupf\AppData\Roaming\Battle.net
2013-09-22 23:35 - 2013-09-22 23:35 - 00000000 ____D C:\Users\guggelhupf\AppData\Local\Blizzard
2013-09-22 22:54 - 2013-09-22 22:54 - 00000443 _____ C:\Users\Public\Desktop\Hearthstone.lnk
2013-09-22 22:52 - 2013-09-22 22:52 - 00000000 ____D C:\Users\guggelhupf\AppData\Local\Blizzard Entertainment
2013-09-22 22:50 - 2013-09-22 22:50 - 05906904 _____ (Blizzard Entertainment) C:\Users\guggelhupf\Downloads\Hearthstone-Beta-Setup-deDE.exe
2013-09-22 11:43 - 2010-11-21 05:47 - 00013400 _____ C:\Windows\PFRO.log
2013-09-21 19:16 - 2013-09-21 19:16 - 00000674 _____ C:\Users\guggelhupf\Desktop\Warhammer Online Age of Reckoning.lnk
2013-09-21 19:16 - 2013-09-21 19:16 - 00000000 ____D C:\Users\guggelhupf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Electronic Arts
2013-09-21 19:12 - 2013-09-21 19:11 - 42929231 _____ C:\Users\guggelhupf\Downloads\WarhammerOnlineInstaller.exe
2013-09-21 15:47 - 2013-09-21 15:47 - 25755856 _____ (Microsoft Corporation) C:\Users\guggelhupf\Downloads\wordview_de-de.exe
2013-09-21 15:47 - 2013-09-21 15:47 - 00000000 ____D C:\Program Files (x86)\MSECache
2013-09-21 15:47 - 2013-09-21 15:47 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2013-09-21 15:45 - 2013-04-10 10:00 - 00000000 ____D C:\Users\guggelhupf\Desktop\Text Dateien
2013-09-19 19:03 - 2013-09-19 19:03 - 00011198 _____ C:\Users\guggelhupf\Documents\Janus.m3u
2013-09-16 20:01 - 2013-08-04 17:47 - 00000000 ____D C:\Users\guggelhupf\AppData\Roaming\TeamViewer
2013-09-15 18:14 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-09-14 08:45 - 2013-01-23 23:04 - 00000000 ___RD C:\Users\guggelhupf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-14 08:45 - 2013-01-23 23:04 - 00000000 ___RD C:\Users\guggelhupf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-14 08:43 - 2009-07-14 06:45 - 00266992 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-13 18:47 - 2013-04-11 22:57 - 00006634 _____ C:\Users\guggelhupf\Documents\Prinz Pi.m3u
2013-09-13 18:46 - 2013-09-13 18:46 - 00002322 _____ C:\Users\guggelhupf\Documents\Watsky.m3u
2013-09-13 18:45 - 2013-05-30 07:03 - 00043150 _____ C:\Users\guggelhupf\Documents\engelsblut.m3u
2013-09-13 18:43 - 2013-03-12 02:33 - 00023949 _____ C:\Users\guggelhupf\Documents\Mantus.m3u
2013-09-13 18:41 - 2013-09-11 23:34 - 00027348 _____ C:\Users\guggelhupf\Documents\Poets of the Fall.m3u
2013-09-13 18:40 - 2013-09-13 18:40 - 00166497 _____ C:\Users\guggelhupf\Documents\Nightwish & Epica.m3u
2013-09-13 18:37 - 2013-09-12 14:24 - 00007038 _____ C:\Users\guggelhupf\Documents\Alborosie.m3u
2013-09-13 18:37 - 2013-05-16 06:33 - 00002537 _____ C:\Users\guggelhupf\Documents\SDP.m3u
2013-09-13 18:35 - 2013-08-15 22:49 - 00007826 _____ C:\Users\guggelhupf\Documents\Bon Iver.m3u
2013-09-13 11:26 - 2013-09-13 11:26 - 00002141 _____ C:\Users\guggelhupf\Desktop\Torchlight 2 Save.lnk
2013-09-12 21:08 - 2013-01-24 09:52 - 00606261 _____ C:\Windows\DirectX.log
2013-09-12 20:40 - 2013-09-12 20:40 - 00000202 _____ C:\Users\guggelhupf\Desktop\Torchlight II.url
2013-09-10 06:37 - 2013-09-10 06:37 - 00000000 ____D C:\Users\guggelhupf\AppData\Local\Overwolf

Some content of TEMP:
====================
C:\Users\guggelhupf\AppData\Local\Temp\setup.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-03 05:37

==================== End Of Log ============================
         
--- --- ---


Addition.txt
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-10-2013
Ran by guggelhupf at 2013-10-10 09:11:19
Running from C:\Users\guggelhupf\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: AVG Internet Security 2013 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security 2013 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2013 (Enabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}

==================== Installed Programs ======================

Ad-Aware Browsing Protection (x32 Version: 1.0.1.94)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Reader XI (11.0.04) - Deutsch (x32 Version: 11.0.04)
Adobe Shockwave Player 12.0 (x32 Version: 12.0.3.133)
Aeria Ignite (x32 Version: 1.13.3296)
Akamai NetSession Interface (HKCU)
Alien Swarm (x32)
ANNO 2070 (x32 Version: 1.0.0.0)
Anno 2170 - A.R.R.C. (x32 Version: 2.04)
APB Reloaded (x32)
Arc (x32 Version: 1.0.0.5510)
ArchiCrypt Shredder Version 6.0.9.5654 (x32 Version: 6.0.9.5654)
Arma 2 (x32)
Arma 2: Operation Arrowhead (x32)
Arma 3 Beta (x32)
AVG 2013 (Version: 13.0.3222)
AVG 2013 (Version: 13.0.3408)
AVG 2013 (Version: 2013.0.3408)
Battle.net (x32)
BattlEye for OA Uninstall (x32)
BattlEye Uninstall (x32)
BioShock Infinite (x32)
Borderlands 2 (x32)
BOSS (x32 Version: 2.1.1)
Brutal Legend version 1 (x32 Version: 1)
Burnout Paradise: The Ultimate Box (x32)
CDBurnerXP (x32 Version: 4.5.2.4214)
Cheat Engine 6.2 (x32)
Counter-Strike (x32)
Cube World version 0.0.1 (x32 Version: 0.0.1)
DayZ Commander (x32 Version: 0.92.69)
Dead Island (x32)
Dead Island Riptide (x32)
Deadpool (x32 Version: 1.0)
Diablo III (x32)
DMC Devi May Cry (c) Capcom version 1 (x32 Version: 1)
Don't Starve (x32)
Dota 2 (x32)
EdenEternal-DE (x32)
Elsword (x32)
Far Cry 3 Blood Dragon (x32 Version: 1.00)
Firefall (x32)
Free YouTube to MP3 Converter version 3.12.2.430 (x32 Version: 3.12.2.430)
Garena Plus (x32 Version: 2011)
Half Minute Hero: Super Mega Neo Climax Ultimate Boy (x32)
Hearthstone (x32)
Hex-Editor MX (x32 Version: 6.0)
Host OpenAL (ADI) (x32)
Hotspot Shield 2.91 (x32 Version: 2.91)
IrfanView (remove only) (x32 Version: 4.35)
Java 7 Update 25 (64-bit) (Version: 7.0.250)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
JDownloader 0.9 (x32 Version: 0.9)
Just Cause 2 (x32)
League of Legends (x32 Version: 1.3)
Loadout (x32)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Marvel Heroes (x32)
Microsoft .NET Framework 4.5 (Version: 4.5.50709)
Microsoft Office Word Viewer 2003 (x32 Version: 11.0.8173.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61187)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.7523 (x32 Version: 9.0.30729.7523)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (x32 Version: 11.0.60610.1)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610)
Microsoft XNA Framework Redistributable 4.0 (x32 Version: 4.0.20823.0)
Might & Magic ® Heroes ® VI (x32)
Mozilla Firefox 24.0 (x86 de) (x32 Version: 24.0)
Mozilla Maintenance Service (x32 Version: 24.0)
Nexus Mod Manager (Version: 0.45.6)
NVIDIA 3D Vision Controller-Treiber 320.49 (Version: 320.49)
NVIDIA 3D Vision Treiber 320.49 (Version: 320.49)
NVIDIA GeForce Experience 1.6 (Version: 1.6)
NVIDIA Grafiktreiber 320.49 (Version: 320.49)
NVIDIA HD-Audiotreiber 1.3.24.2 (Version: 1.3.24.2)
NVIDIA Install Application (Version: 2.1002.131.854)
NVIDIA PhysX (x32 Version: 9.13.0604)
NVIDIA PhysX-Systemsoftware 9.13.0604 (Version: 9.13.0604)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.2049)
NVIDIA Systemsteuerung 320.49 (Version: 320.49)
NVIDIA Update 7.2.17 (Version: 7.2.17)
NVIDIA Update Components (Version: 7.2.17)
NVIDIA Virtual Audio 1.2.1 (Version: 1.2.1)
Origin (x32 Version: 9.1.13.85)
Pando Media Booster (x32 Version: 2.6.0.8)
Path of Exile (x32 Version: 0.10.0.22655)
Portal 2 (x32)
Prime World (x32)
PunkBuster Services (x32 Version: 0.993)
RPG MAKER VX Ace RTP (x32 Version: 1.00)
Sacred 2 Gold (x32)
Saints Row IV (x32 Version: 1)
Saints Row: The Third (x32)
ScarletBlade-DE (x32)
Scribblenauts Unlimited (x32)
Shadowrun Returns (x32)
SHIELD Streaming (Version: 1.05.19)
Should I Remove It (HKCU Version: 1.0.4)
Should I Remove It (x32 Version: 1.0.4)
SimCity™ (x32 Version: 1.0.0.0)
Skype™ 6.6 (x32 Version: 6.6.106)
SoundMAX (x32 Version: 6.10.2.6585)
SPORE™ (x32 Version: 1.04.0000)
SPORE™ Galaktische Abenteuer (x32 Version: 1.00.0000)
SPORE™ Süß & Schrecklich Ergänzungs-Pack (x32 Version: 1.00.0000)
StarCraft II (x32)
StarForge Alpha (x32)
Steam (x32 Version: 1.0.0.0)
swMSM (x32 Version: 12.0.0.1)
TeamSpeak 3 Client (Version: 3.0.13)
TEdit 3 (x32 Version: 1.0.0.0)
Terraria (x32)
The Elder Scrolls V: Skyrim (x32)
The Walking Dead (x32)
Torchlight II (x32)
TrackMania² Stadium (x32)
Tunngle beta (x32)
Unepic (x32)
Uplay (x32 Version: 2.1)
VirtualCloneDrive (x32)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
VLC media player 2.0.5 (Version: 2.0.5)
War Thunder Launcher 1.0.1.178 (x32)
Warcraft III (x32)
Warframe (x32)
Warhammer 40,000: Dawn of War – Soulstorm (x32)
Warhammer Online: Age of Reckoning (x32 Version: )
Winamp (x32 Version: 5.63 )
Winamp Erkennungs-Plug-in (HKCU Version: 1.0.0.1)
WinRAR 4.20 (64-Bit) (Version: 4.20.0)
Xiph.Org Open Codecs 0.85.17777 (x32 Version: 0.85.17777)

==================== Restore Points  =========================

21-09-2013 13:47:43 Microsoft Office Word Viewer 2003 wird installiert
07-10-2013 06:59:10 Geplanter Prüfpunkt
10-10-2013 01:00:12 Windows Update
10-10-2013 06:06:54 Removed LogMeIn Hamachi

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {2EAD5293-9BCC-4172-9186-993FA375EF1C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-09] (Adobe Systems Incorporated)
Task: {623710C7-FB14-4899-8DAB-A2EA3B6DC036} - System32\Tasks\{36FDD824-E04F-4056-B511-765D2D602693} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=6.3.0.105&LastError=12002
Task: {C5E1AB23-E04E-4068-8019-7816C95CE3F4} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\PROGRA~2\AD-AWA~1\AdAwareLauncher.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2012-10-29 12:08 - 2012-10-29 12:08 - 00030208 _____ () C:\Program Files\TeamSpeak 3 Client\imageformats\_old_qgif4.dll
2012-10-29 12:08 - 2012-10-29 12:08 - 00236032 _____ () C:\Program Files\TeamSpeak 3 Client\imageformats\_old_qjpeg4.dll
2012-10-29 12:08 - 2013-10-02 14:48 - 00302056 _____ () C:\Program Files\TeamSpeak 3 Client\soundbackends\directsound_win64.dll
2012-10-29 12:08 - 2013-10-02 14:48 - 00320488 _____ () C:\Program Files\TeamSpeak 3 Client\soundbackends\windowsaudiosession_win64.dll
2012-10-29 12:08 - 2013-10-02 14:48 - 00186344 _____ () C:\Program Files\TeamSpeak 3 Client\plugins\appscanner_plugin.dll
2012-10-29 12:08 - 2013-10-02 14:48 - 00565224 _____ () C:\Program Files\TeamSpeak 3 Client\plugins\clientquery_plugin.dll
2013-09-10 06:36 - 2013-10-02 14:48 - 00700904 _____ () C:\Program Files\TeamSpeak 3 Client\plugins\teamspeak_control_plugin.dll
2013-04-12 20:35 - 2013-04-12 20:35 - 00705832 _____ () C:\Program Files (x86)\Hotspot Shield\bin\af_proxy.dll
2013-06-19 05:38 - 2013-06-19 05:38 - 00104752 _____ () C:\Program Files (x86)\Garena Plus\CommonLib.dll
2013-06-19 05:39 - 2013-08-23 11:10 - 00553776 _____ () C:\Program Files (x86)\Garena Plus\ggspawn.dll
2013-06-19 05:38 - 2013-06-19 05:38 - 00033584 _____ () C:\Program Files (x86)\Garena Plus\DibModule.dll
2013-06-19 05:39 - 2013-09-29 10:31 - 00027952 _____ () C:\Program Files (x86)\Garena Plus\VersionModule.dll
2013-06-19 05:38 - 2013-06-19 05:38 - 00051504 _____ () C:\Program Files (x86)\Garena Plus\FileLoader.dll
2013-06-19 05:39 - 2013-06-19 05:39 - 00087344 _____ () C:\Program Files (x86)\Garena Plus\PluginKernel.dll
2013-06-19 05:38 - 2013-06-19 05:38 - 00487216 _____ () C:\Program Files (x86)\Garena Plus\CxImage.dll
2013-06-19 05:39 - 2013-06-19 05:39 - 00025392 _____ () C:\Program Files (x86)\Garena Plus\PluginModule.dll
2013-06-19 05:39 - 2013-06-19 05:39 - 00170800 _____ () C:\Program Files (x86)\Garena Plus\lib\fs\YYFileSystem.dll
2013-06-19 05:39 - 2013-06-19 05:39 - 00374064 _____ () C:\Program Files (x86)\Garena Plus\lib\Http.dll
2013-06-19 05:39 - 2013-06-19 05:39 - 00184624 _____ () C:\Program Files (x86)\Garena Plus\lib\MP3Module.dll
2012-02-22 10:52 - 2012-02-22 10:52 - 00162304 _____ () C:\Program Files (x86)\Garena Plus\lame_enc.DLL
2013-06-19 05:39 - 2013-06-19 05:39 - 00219952 _____ () C:\Program Files (x86)\Garena Plus\lib\TaskManagerLib.dll
2013-06-19 05:39 - 2013-06-19 05:39 - 00106288 _____ () C:\Program Files (x86)\Garena Plus\lib\UILayout.dll
2013-06-19 05:39 - 2013-07-26 08:18 - 00957232 _____ () C:\Program Files (x86)\Garena Plus\lib\XLL.dll
2013-06-19 05:39 - 2013-06-19 05:39 - 00055088 _____ () C:\Program Files (x86)\Garena Plus\lib\XmlUIModule.dll
2012-02-22 10:52 - 2012-02-22 10:52 - 00573100 _____ () C:\Program Files (x86)\Garena Plus\sqlite3.dll
2013-06-19 05:39 - 2013-06-19 05:39 - 00224560 _____ () C:\Program Files (x86)\Garena Plus\Plugins\StatsPlugin.dll
2013-06-19 05:39 - 2013-09-29 10:31 - 00868656 _____ () C:\Program Files (x86)\Garena Plus\Plugins\ggplugin.dll
2013-06-19 05:39 - 2013-06-19 05:39 - 00192816 _____ () C:\Program Files (x86)\Garena Plus\ImageModule.dll
2013-06-19 05:39 - 2013-06-19 05:39 - 00155440 _____ () C:\Program Files (x86)\Garena Plus\libmpg123.dll
2013-06-19 05:39 - 2013-06-19 05:39 - 02941232 _____ () C:\Program Files (x86)\Garena Plus\ggdownloader.dll
2013-06-19 05:39 - 2013-06-19 05:39 - 00065840 _____ () C:\Program Files (x86)\Garena Plus\lib\delay_load\AudioMixerLib.dll
2013-06-19 05:39 - 2013-06-19 05:39 - 00016688 _____ () C:\Program Files (x86)\Garena Plus\lib\delay_load\ClientTcp.dll
2013-06-19 05:39 - 2013-07-15 16:29 - 01545520 _____ () C:\Program Files (x86)\Garena Plus\lib\delay_load\FileSender.dll
2013-02-01 07:42 - 2013-02-01 07:42 - 00153088 _____ () C:\Program Files (x86)\Garena Plus\libzmq.dll
2013-06-19 05:39 - 2013-09-20 13:12 - 00956208 _____ () C:\Program Files (x86)\Garena Plus\lib\delay_load\GaFileTransfer.dll
2013-06-19 05:39 - 2013-06-19 05:39 - 00245040 _____ () C:\Program Files (x86)\Garena Plus\lib\delay_load\MediaEngine.dll
2013-06-19 05:39 - 2013-06-19 05:39 - 00026416 _____ () C:\Program Files (x86)\Garena Plus\ServerMemAlloc.dll
2013-06-19 05:39 - 2013-06-19 05:39 - 00516912 _____ () C:\Program Files (x86)\Garena Plus\lib\delay_load\RSALib.dll
2013-06-19 05:39 - 2013-06-19 05:39 - 00068400 _____ () C:\Program Files (x86)\Garena Plus\lib\delay_load\UdtLib.dll
2013-08-14 17:10 - 2013-07-27 10:50 - 00013088 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvStreamSrv\detoured.dll
2013-03-12 18:10 - 2013-08-22 00:18 - 00687104 _____ () D:\Steam\SDL2.dll
2013-01-24 09:48 - 2013-10-09 04:19 - 01121704 _____ () D:\Steam\bin\chromehtml.DLL
2013-01-24 09:48 - 2013-09-11 00:20 - 20625832 _____ () D:\Steam\bin\libcef.dll
2013-01-24 09:48 - 2013-06-15 01:49 - 01100800 _____ () D:\Steam\bin\avcodec-53.dll
2013-01-24 09:48 - 2013-06-15 01:49 - 00124416 _____ () D:\Steam\bin\avutil-51.dll
2013-01-24 09:48 - 2013-06-15 01:49 - 00192000 _____ () D:\Steam\bin\avformat-53.dll
2013-10-01 04:26 - 2013-10-01 04:26 - 03279768 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-10-09 10:40 - 2013-10-09 10:40 - 16233864 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
2012-06-20 18:14 - 2013-01-29 13:04 - 00417280 _____ () C:\Program Files (x86)\Winamp\nsutil.dll
2012-06-20 18:14 - 2013-01-29 13:04 - 00078848 _____ () C:\Program Files (x86)\Winamp\nde.dll
2012-06-20 18:14 - 2013-01-29 13:04 - 00064512 _____ () C:\Program Files (x86)\Winamp\zlib.dll
2013-10-10 09:02 - 2013-10-10 09:02 - 00010752 _____ () C:\Users\guggelhupf\AppData\Local\Temp\WLZ2736.tmp\auth.lng
2013-10-10 09:02 - 2013-10-10 09:02 - 00069120 _____ () C:\Users\guggelhupf\AppData\Local\Temp\WLZ2736.tmp\burnlib.lng
2013-10-10 09:02 - 2013-10-10 09:02 - 00013824 _____ () C:\Users\guggelhupf\AppData\Local\Temp\WLZ2736.tmp\dsp_sps.lng
2013-10-10 09:02 - 2013-10-10 09:02 - 00006656 _____ () C:\Users\guggelhupf\AppData\Local\Temp\WLZ2736.tmp\enc_fhgaac.lng
2013-10-10 09:02 - 2013-10-10 09:02 - 00004096 _____ () C:\Users\guggelhupf\AppData\Local\Temp\WLZ2736.tmp\enc_flac.lng
2013-10-10 09:02 - 2013-10-10 09:02 - 00005632 _____ () C:\Users\guggelhupf\AppData\Local\Temp\WLZ2736.tmp\enc_lame.lng
2013-10-10 09:02 - 2013-10-10 09:02 - 00004096 _____ () C:\Users\guggelhupf\AppData\Local\Temp\WLZ2736.tmp\enc_vorbis.lng
2013-10-10 09:02 - 2013-10-10 09:02 - 00004096 _____ () C:\Users\guggelhupf\AppData\Local\Temp\WLZ2736.tmp\enc_wav.lng
2013-10-10 09:02 - 2013-10-10 09:02 - 00006144 _____ () C:\Users\guggelhupf\AppData\Local\Temp\WLZ2736.tmp\enc_wma.lng
2013-10-10 09:02 - 2013-10-10 09:02 - 00023552 _____ () C:\Users\guggelhupf\AppData\Local\Temp\WLZ2736.tmp\gen_classicart.lng
2013-10-10 09:02 - 2013-10-10 09:02 - 00007168 _____ () C:\Users\guggelhupf\AppData\Local\Temp\WLZ2736.tmp\gen_crasher.lng
2013-10-10 09:02 - 2013-10-10 09:02 - 00023040 _____ () C:\Users\guggelhupf\AppData\Local\Temp\WLZ2736.tmp\gen_ff.lng
2013-10-10 09:02 - 2013-10-10 09:02 - 00004096 _____ () C:\Users\guggelhupf\AppData\Local\Temp\WLZ2736.tmp\gen_find_on_disk.lng
2013-10-10 09:02 - 2013-10-10 09:02 - 00011776 _____ () C:\Users\guggelhupf\AppData\Local\Temp\WLZ2736.tmp\gen_hotkeys.lng
2013-10-10 09:02 - 2013-10-10 09:02 - 00041984 _____ () C:\Users\guggelhupf\AppData\Local\Temp\WLZ2736.tmp\gen_jumpex.lng
2013-10-10 09:02 - 2013-10-10 09:02 - 00041984 _____ () C:\Users\guggelhupf\AppData\Local\Temp\WLZ2736.tmp\gen_jumpex_original.lng
2013-10-10 09:02 - 2013-10-10 09:02 - 00021504 _____ () C:\Users\guggelhupf\AppData\Local\Temp\WLZ2736.tmp\gen_ml.lng
2013-10-10 09:02 - 2013-10-10 09:02 - 00009728 _____ () C:\Users\guggelhupf\AppData\Local\Temp\WLZ2736.tmp\gen_nopro.lng
2013-10-10 09:02 - 2013-10-10 09:02 - 00007168 _____ () C:\Users\guggelhupf\AppData\Local\Temp\WLZ2736.tmp\gen_orgler.lng
2013-10-10 09:02 - 2013-10-10 09:02 - 00014848 _____ () C:\Users\guggelhupf\AppData\Local\Temp\WLZ2736.tmp\gen_play_remove.lng
2013-10-10 09:02 - 2013-10-10 09:02 - 00011776 _____ () C:\Users\guggelhupf\AppData\Local\Temp\WLZ2736.tmp\gen_skinmanager.lng
2013-10-10 09:02 - 2013-10-10 09:02 - 00010240 _____ () C:\Users\guggelhupf\AppData\Local\Temp\WLZ2736.tmp\gen_timerestore.lng
2013-10-10 09:02 - 2013-10-10 09:02 - 00008192 _____ () C:\Users\guggelhupf\AppData\Local\Temp\WLZ2736.tmp\gen_tray.lng
2013-10-10 09:02 - 2013-10-10 09:02 - 00010752 _____ () C:\Users\guggelhupf\AppData\Local\Temp\WLZ2736.tmp\gen_undo.lng
2013-10-10 09:02 - 2013-10-10 09:02 - 00005120 _____ () C:\Users\guggelhupf\AppData\Local\Temp\WLZ2736.tmp\in_avi.lng
2013-10-10 09:02 - 2013-10-10 09:02 - 00014336 _____ () C:\Users\guggelhupf\AppData\Local\Temp\WLZ2736.tmp\in_cdda.lng
2013-10-10 09:02 - 2013-10-10 09:02 - 00006656 _____ () C:\Users\guggelhupf\AppData\Local\Temp\WLZ2736.tmp\in_dshow.lng
2013-10-10 09:02 - 2013-10-10 09:02 - 00005632 _____ () C:\Users\guggelhupf\AppData\Local\Temp\WLZ2736.tmp\in_flac.lng
2013-10-10 09:02 - 2013-10-10 09:02 - 00003584 _____ () C:\Users\guggelhupf\AppData\Local\Temp\WLZ2736.tmp\in_flv.lng
2013-10-10 09:02 - 2013-10-10 09:02 - 00003584 _____ () C:\Users\guggelhupf\AppData\Local\Temp\WLZ2736.tmp\in_linein.lng
2013-10-10 09:02 - 2013-10-10 09:02 - 00020480 _____ () C:\Users\guggelhupf\AppData\Local\Temp\WLZ2736.tmp\in_midi.lng
2013-10-10 09:02 - 2013-10-10 09:02 - 00004608 _____ () C:\Users\guggelhupf\AppData\Local\Temp\WLZ2736.tmp\in_mkv.lng
2013-10-10 09:02 - 2013-10-10 09:02 - 00018944 _____ () C:\Users\guggelhupf\AppData\Local\Temp\WLZ2736.tmp\in_mod.lng
2013-10-10 09:02 - 2013-10-10 09:02 - 00023040 _____ () C:\Users\guggelhupf\AppData\Local\Temp\WLZ2736.tmp\in_mp3.lng
2013-10-10 09:02 - 2013-10-10 09:02 - 00005120 _____ () C:\Users\guggelhupf\AppData\Local\Temp\WLZ2736.tmp\in_mp4.lng
2013-10-10 09:02 - 2013-10-10 09:02 - 00011776 _____ () C:\Users\guggelhupf\AppData\Local\Temp\WLZ2736.tmp\in_nsv.lng
2013-10-10 09:02 - 2013-10-10 09:02 - 00003584 _____ () C:\Users\guggelhupf\AppData\Local\Temp\WLZ2736.tmp\in_swf.lng
2013-10-10 09:02 - 2013-10-10 09:02 - 00011264 _____ () C:\Users\guggelhupf\AppData\Local\Temp\WLZ2736.tmp\in_vorbis.lng
2013-10-10 09:02 - 2013-10-10 09:02 - 00006656 _____ () C:\Users\guggelhupf\AppData\Local\Temp\WLZ2736.tmp\in_wav.lng
2013-10-10 09:02 - 2013-10-10 09:02 - 00005632 _____ () C:\Users\guggelhupf\AppData\Local\Temp\WLZ2736.tmp\in_wave.lng
2013-10-10 09:02 - 2013-10-10 09:02 - 00015360 _____ () C:\Users\guggelhupf\AppData\Local\Temp\WLZ2736.tmp\in_wm.lng
2013-10-10 09:02 - 2013-10-10 09:02 - 00004608 _____ () C:\Users\guggelhupf\AppData\Local\Temp\WLZ2736.tmp\in_wv.lng
2013-10-10 09:02 - 2013-10-10 09:02 - 00003584 _____ () C:\Users\guggelhupf\AppData\Local\Temp\WLZ2736.tmp\ml_addons.lng
2013-10-10 09:02 - 2013-10-10 09:02 - 00006656 _____ () C:\Users\guggelhupf\AppData\Local\Temp\WLZ2736.tmp\ml_autotag.lng
2013-10-10 09:02 - 2013-10-10 09:02 - 00005120 _____ () C:\Users\guggelhupf\AppData\Local\Temp\WLZ2736.tmp\ml_bookmarks.lng
2013-10-10 09:02 - 2013-10-10 09:02 - 00008704 _____ () C:\Users\guggelhupf\AppData\Local\Temp\WLZ2736.tmp\ml_devices.lng
2013-10-10 09:02 - 2013-10-10 09:02 - 00047616 _____ () C:\Users\guggelhupf\AppData\Local\Temp\WLZ2736.tmp\ml_disc.lng
2013-10-10 09:02 - 2013-10-10 09:02 - 00009728 _____ () C:\Users\guggelhupf\AppData\Local\Temp\WLZ2736.tmp\ml_downloads.lng
2013-10-10 09:02 - 2013-10-10 09:02 - 00004608 _____ () C:\Users\guggelhupf\AppData\Local\Temp\WLZ2736.tmp\ml_enqplay.lng
2013-10-10 09:02 - 2013-10-10 09:02 - 00008704 _____ () C:\Users\guggelhupf\AppData\Local\Temp\WLZ2736.tmp\ml_history.lng
2013-10-10 09:02 - 2013-10-10 09:02 - 00005120 _____ () C:\Users\guggelhupf\AppData\Local\Temp\WLZ2736.tmp\ml_impex.lng
2013-10-10 09:02 - 2013-10-10 09:02 - 00056320 _____ () C:\Users\guggelhupf\AppData\Local\Temp\WLZ2736.tmp\ml_local.lng
2013-10-10 09:02 - 2013-10-10 09:02 - 00003584 _____ () C:\Users\guggelhupf\AppData\Local\Temp\WLZ2736.tmp\ml_nowplaying.lng
2013-10-10 09:02 - 2013-10-10 09:02 - 00014336 _____ () C:\Users\guggelhupf\AppData\Local\Temp\WLZ2736.tmp\ml_online.lng
2013-10-10 09:02 - 2013-10-10 09:02 - 00004096 _____ () C:\Users\guggelhupf\AppData\Local\Temp\WLZ2736.tmp\ml_orb.lng
2013-10-10 09:02 - 2013-10-10 09:02 - 00012800 _____ () C:\Users\guggelhupf\AppData\Local\Temp\WLZ2736.tmp\ml_playlists.lng
2013-10-10 09:02 - 2013-10-10 09:02 - 00034816 _____ () C:\Users\guggelhupf\AppData\Local\Temp\WLZ2736.tmp\ml_plg.lng
2013-10-10 09:02 - 2013-10-10 09:02 - 00047104 _____ () C:\Users\guggelhupf\AppData\Local\Temp\WLZ2736.tmp\ml_pmp.lng
2013-10-10 09:02 - 2013-10-10 09:02 - 00005120 _____ () C:\Users\guggelhupf\AppData\Local\Temp\WLZ2736.tmp\ml_rg.lng
2013-10-10 09:02 - 2013-10-10 09:02 - 00008192 _____ () C:\Users\guggelhupf\AppData\Local\Temp\WLZ2736.tmp\ml_transcode.lng
2013-10-10 09:02 - 2013-10-10 09:02 - 00014848 _____ () C:\Users\guggelhupf\AppData\Local\Temp\WLZ2736.tmp\ml_wire.lng
2013-10-10 09:02 - 2013-10-10 09:02 - 00036352 _____ () C:\Users\guggelhupf\AppData\Local\Temp\WLZ2736.tmp\ombrowser.lng
2013-10-10 09:02 - 2013-10-10 09:02 - 00006144 _____ () C:\Users\guggelhupf\AppData\Local\Temp\WLZ2736.tmp\out_disk.lng
2013-10-10 09:02 - 2013-10-10 09:02 - 00016384 _____ () C:\Users\guggelhupf\AppData\Local\Temp\WLZ2736.tmp\out_ds.lng
2013-10-10 09:02 - 2013-10-10 09:02 - 00007680 _____ () C:\Users\guggelhupf\AppData\Local\Temp\WLZ2736.tmp\out_wave.lng
2013-10-10 09:02 - 2013-10-10 09:02 - 00003072 _____ () C:\Users\guggelhupf\AppData\Local\Temp\WLZ2736.tmp\playlist.lng
2013-10-10 09:02 - 2013-10-10 09:02 - 00004608 _____ () C:\Users\guggelhupf\AppData\Local\Temp\WLZ2736.tmp\pmp_activesync.lng
2013-10-10 09:02 - 2013-10-10 09:02 - 00020480 _____ () C:\Users\guggelhupf\AppData\Local\Temp\WLZ2736.tmp\pmp_android.lng
2013-10-10 09:02 - 2013-10-10 09:02 - 00036864 _____ () C:\Users\guggelhupf\AppData\Local\Temp\WLZ2736.tmp\pmp_ipod.lng
2013-10-10 09:02 - 2013-10-10 09:02 - 00003584 _____ () C:\Users\guggelhupf\AppData\Local\Temp\WLZ2736.tmp\pmp_njb.lng
2013-10-10 09:02 - 2013-10-10 09:02 - 00004096 _____ () C:\Users\guggelhupf\AppData\Local\Temp\WLZ2736.tmp\pmp_p4s.lng
2013-10-10 09:02 - 2013-10-10 09:02 - 00011776 _____ () C:\Users\guggelhupf\AppData\Local\Temp\WLZ2736.tmp\pmp_usb.lng
2013-10-10 09:02 - 2013-10-10 09:02 - 00039424 _____ () C:\Users\guggelhupf\AppData\Local\Temp\WLZ2736.tmp\pmp_wifi.lng
2013-10-10 09:02 - 2013-10-10 09:02 - 00006144 _____ () C:\Users\guggelhupf\AppData\Local\Temp\WLZ2736.tmp\tagz.lng
2013-10-10 09:02 - 2013-10-10 09:02 - 00088064 _____ () C:\Users\guggelhupf\AppData\Local\Temp\WLZ2736.tmp\vis_avs.lng
2013-10-10 09:02 - 2013-10-10 09:02 - 00156160 _____ () C:\Users\guggelhupf\AppData\Local\Temp\WLZ2736.tmp\vis_milk2.lng
2013-10-10 09:02 - 2013-10-10 09:02 - 00007680 _____ () C:\Users\guggelhupf\AppData\Local\Temp\WLZ2736.tmp\vis_nsfs.lng
2013-10-10 09:02 - 2013-10-10 09:02 - 00206336 _____ () C:\Users\guggelhupf\AppData\Local\Temp\WLZ2736.tmp\winamp.lng
2013-10-10 09:02 - 2013-10-10 09:02 - 00004096 _____ () C:\Users\guggelhupf\AppData\Local\Temp\WLZ2736.tmp\winampa.lng
2012-06-20 18:14 - 2013-01-29 13:04 - 00023552 _____ () C:\Program Files (x86)\Winamp\System\albumart.w5s
2012-06-20 18:14 - 2013-01-29 13:04 - 00174080 _____ () C:\Program Files (x86)\Winamp\System\auth.w5s
2012-06-20 18:14 - 2013-01-29 13:04 - 00019456 _____ () C:\Program Files (x86)\Winamp\System\bmp.w5s
2012-06-20 18:14 - 2013-01-29 13:04 - 00044544 _____ () C:\Program Files (x86)\Winamp\System\devices.w5s
2012-06-20 18:14 - 2013-01-29 13:04 - 00016896 _____ () C:\Program Files (x86)\Winamp\System\dlmgr.w5s
2012-06-20 18:14 - 2013-01-29 13:04 - 00014336 _____ () C:\Program Files (x86)\Winamp\System\filereader.w5s
2012-06-20 18:14 - 2013-01-29 13:04 - 00019456 _____ () C:\Program Files (x86)\Winamp\System\gif.w5s
2012-06-20 18:14 - 2013-01-29 13:04 - 00016384 _____ () C:\Program Files (x86)\Winamp\System\gracenote.w5s
2012-06-20 18:14 - 2013-01-29 13:04 - 00623616 _____ () C:\Program Files (x86)\Winamp\System\jnetlib.w5s
2012-06-20 18:14 - 2013-01-29 13:04 - 00154624 _____ () C:\Program Files (x86)\Winamp\System\jpeg.w5s
2012-06-20 18:14 - 2013-01-29 13:04 - 00084480 _____ () C:\Program Files (x86)\Winamp\System\playlist.w5s
2012-06-20 18:14 - 2013-01-29 13:04 - 00087552 _____ () C:\Program Files (x86)\Winamp\System\png.w5s
2012-06-20 18:14 - 2013-01-29 13:04 - 00013824 _____ () C:\Program Files (x86)\Winamp\System\primo.w5s
2012-06-20 18:14 - 2013-01-29 13:04 - 00021504 _____ () C:\Program Files (x86)\Winamp\System\tagz.w5s
2012-06-20 18:14 - 2013-01-29 13:04 - 00035328 _____ () C:\Program Files (x86)\Winamp\System\timer.w5s
2012-06-20 18:14 - 2013-01-29 13:04 - 00091136 _____ () C:\Program Files (x86)\Winamp\System\xml.w5s
2012-06-20 18:14 - 2013-01-29 13:04 - 00068608 _____ () C:\Program Files (x86)\Winamp\Plugins\in_avi.dll
2012-06-20 18:14 - 2013-01-29 13:04 - 00102400 _____ () C:\Program Files (x86)\Winamp\Plugins\in_cdda.dll
2012-06-20 18:14 - 2013-01-29 13:04 - 00072192 _____ () C:\Program Files (x86)\Winamp\Plugins\in_dshow.dll
2012-06-20 18:14 - 2013-01-29 13:04 - 00061440 _____ () C:\Program Files (x86)\Winamp\Plugins\in_flac.dll
2012-06-20 18:14 - 2013-01-29 13:04 - 00043008 _____ () C:\Program Files (x86)\Winamp\Plugins\in_flv.dll
2012-06-20 18:14 - 2013-01-29 13:04 - 00007168 _____ () C:\Program Files (x86)\Winamp\Plugins\in_linein.dll
2012-06-20 18:14 - 2013-01-29 13:04 - 00109568 _____ () C:\Program Files (x86)\Winamp\Plugins\in_midi.dll
2012-06-20 18:14 - 2013-01-29 13:04 - 00049152 _____ () C:\Program Files (x86)\Winamp\Plugins\in_mkv.dll
2012-06-20 18:14 - 2013-01-29 13:04 - 00164864 _____ () C:\Program Files (x86)\Winamp\Plugins\in_mod.dll
2012-06-20 18:14 - 2013-01-29 13:04 - 00290816 _____ () C:\Program Files (x86)\Winamp\Plugins\in_mp3.dll
2012-06-20 18:14 - 2013-01-29 13:04 - 00052736 _____ () C:\Program Files (x86)\Winamp\Plugins\in_mp4.dll
2012-06-20 18:14 - 2013-01-29 13:04 - 00075264 _____ () C:\Program Files (x86)\Winamp\Plugins\in_nsv.dll
2012-06-20 18:14 - 2013-01-29 13:04 - 00023552 _____ () C:\Program Files (x86)\Winamp\Plugins\in_swf.dll
2012-06-20 18:14 - 2013-01-29 13:04 - 00253440 _____ () C:\Program Files (x86)\Winamp\Plugins\in_vorbis.dll
2012-06-20 18:14 - 2013-01-29 13:04 - 00016896 _____ () C:\Program Files (x86)\Winamp\Plugins\in_wave.dll
2012-06-20 18:14 - 2013-01-29 13:04 - 00253440 _____ () C:\Program Files (x86)\Winamp\libsndfile.dll
2012-06-20 18:14 - 2013-01-29 13:04 - 00313344 _____ () C:\Program Files (x86)\Winamp\Plugins\in_wm.dll
2012-06-20 18:14 - 2013-01-29 13:04 - 00022528 _____ () C:\Program Files (x86)\Winamp\Plugins\out_disk.dll
2012-06-20 18:14 - 2013-01-29 13:04 - 00052224 _____ () C:\Program Files (x86)\Winamp\Plugins\out_ds.dll
2012-06-20 18:14 - 2013-01-29 13:04 - 00018432 _____ () C:\Program Files (x86)\Winamp\Plugins\out_wave.dll
2012-06-20 18:14 - 2013-01-29 13:04 - 01737728 _____ () C:\Program Files (x86)\Winamp\Plugins\gen_ff.dll
2012-06-20 18:14 - 2013-01-29 13:04 - 00083968 _____ () C:\Program Files (x86)\Winamp\tataki.dll
2012-06-20 18:14 - 2013-01-29 13:04 - 00028160 _____ () C:\Program Files (x86)\Winamp\Plugins\gen_hotkeys.dll
2011-11-11 00:10 - 2013-01-29 13:04 - 00185344 _____ () C:\Program Files (x86)\Winamp\Plugins\gen_jumpex.dll
2012-06-20 18:14 - 2013-01-29 13:04 - 00318976 _____ () C:\Program Files (x86)\Winamp\Plugins\gen_ml.dll
2012-06-20 18:14 - 2013-01-29 13:04 - 00294912 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_local.dll
2012-06-20 18:14 - 2013-01-29 13:04 - 00084480 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_playlists.dll
2012-06-20 18:14 - 2013-01-29 13:04 - 00124928 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_online.dll
2012-06-20 18:14 - 2013-01-29 13:04 - 00249856 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_devices.dll
2012-06-20 18:14 - 2013-01-29 13:04 - 00201728 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_disc.dll
2012-06-20 18:14 - 2013-01-29 13:04 - 00240640 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_pmp.dll
2012-06-20 18:14 - 2013-01-29 13:04 - 00060928 _____ () C:\Program Files (x86)\Winamp\Plugins\pmp_android.dll
2012-06-20 18:14 - 2013-01-29 13:04 - 00170496 _____ () C:\Program Files (x86)\Winamp\Plugins\pmp_ipod.dll
2012-06-20 18:14 - 2013-01-29 13:04 - 00020480 _____ () C:\Program Files (x86)\Winamp\Plugins\pmp_njb.dll
2012-06-20 18:14 - 2013-01-29 13:04 - 00118272 _____ () C:\Program Files (x86)\Winamp\Plugins\pmp_p4s.dll
2012-06-20 18:14 - 2013-01-29 13:04 - 00053760 _____ () C:\Program Files (x86)\Winamp\Plugins\pmp_usb.dll
2012-06-20 18:14 - 2013-01-29 13:04 - 00113664 _____ () C:\Program Files (x86)\Winamp\Plugins\pmp_wifi.dll
2012-06-20 18:14 - 2013-01-29 13:04 - 00028672 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_bookmarks.dll
2012-06-20 18:14 - 2013-01-29 13:04 - 00052224 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_history.dll
2012-06-20 18:14 - 2013-01-29 13:04 - 00028672 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_autotag.dll
2012-06-20 18:14 - 2013-01-29 13:04 - 00057344 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_impex.dll
2012-06-20 18:14 - 2013-01-29 13:04 - 00083456 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_plg.dll
2012-06-20 18:14 - 2013-01-29 13:04 - 00033792 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_rg.dll
2012-06-20 18:14 - 2013-01-29 13:04 - 00032256 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_transcode.dll
2012-06-20 18:14 - 2013-01-29 13:04 - 00057344 _____ () C:\Program Files (x86)\Winamp\Plugins\gen_orgler.dll
2012-06-20 18:14 - 2013-01-29 13:04 - 00025600 _____ () C:\Program Files (x86)\Winamp\Plugins\gen_tray.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: SBRE
Description: SBRE
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: SBRE
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/08/2013 09:25:11 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/08/2013 09:23:48 PM) (Source: NvStreamSvc) (User: )
Description: NvStreamSvcUnregistering VAD endpoint [0]

Error: (10/08/2013 09:23:41 PM) (Source: NvStreamSvc) (User: )
Description: NvStreamSvcNvVAD endpoint registered successfully [0]

Error: (10/08/2013 08:28:05 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/08/2013 08:26:42 AM) (Source: NvStreamSvc) (User: )
Description: NvStreamSvcUnregistering VAD endpoint [0]

Error: (10/08/2013 08:26:35 AM) (Source: NvStreamSvc) (User: )
Description: NvStreamSvcNvVAD endpoint registered successfully [0]

Error: (10/08/2013 00:36:04 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: vlc.exe, Version: 2.0.5.0, Zeitstempel: 0x50cda22f
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18229, Zeitstempel: 0x51fb164a
Ausnahmecode: 0xc0000374
Fehleroffset: 0x00000000000c4102
ID des fehlerhaften Prozesses: 0x1d44
Startzeit der fehlerhaften Anwendung: 0xvlc.exe0
Pfad der fehlerhaften Anwendung: vlc.exe1
Pfad des fehlerhaften Moduls: vlc.exe2
Berichtskennung: vlc.exe3

Error: (10/07/2013 02:05:30 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/07/2013 02:03:59 AM) (Source: NvStreamSvc) (User: )
Description: NvStreamSvcUnregistering VAD endpoint [0]

Error: (10/07/2013 02:03:58 AM) (Source: NvStreamSvc) (User: )
Description: NvStreamSvcNvVAD endpoint registered successfully [0]


System errors:
=============
Error: (10/10/2013 06:21:55 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (10/10/2013 06:21:55 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht.

Error: (10/08/2013 09:23:48 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
SBRE

Error: (10/08/2013 09:23:48 PM) (Source: Service Control Manager) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5

Error: (10/08/2013 03:00:51 PM) (Source: Service Control Manager) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5

Error: (10/08/2013 08:26:42 AM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
SBRE

Error: (10/08/2013 08:26:41 AM) (Source: Service Control Manager) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5

Error: (10/08/2013 07:35:03 AM) (Source: Service Control Manager) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5

Error: (10/08/2013 03:33:30 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (10/08/2013 03:33:30 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht.


Microsoft Office Sessions:
=========================
Error: (10/08/2013 09:25:11 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/08/2013 09:23:48 PM) (Source: NvStreamSvc)(User: )
Description: NvStreamSvcUnregistering VAD endpoint [0]

Error: (10/08/2013 09:23:41 PM) (Source: NvStreamSvc)(User: )
Description: NvStreamSvcNvVAD endpoint registered successfully [0]

Error: (10/08/2013 08:28:05 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/08/2013 08:26:42 AM) (Source: NvStreamSvc)(User: )
Description: NvStreamSvcUnregistering VAD endpoint [0]

Error: (10/08/2013 08:26:35 AM) (Source: NvStreamSvc)(User: )
Description: NvStreamSvcNvVAD endpoint registered successfully [0]

Error: (10/08/2013 00:36:04 AM) (Source: Application Error)(User: )
Description: vlc.exe2.0.5.050cda22fntdll.dll6.1.7601.1822951fb164ac000037400000000000c41021d4401cec3ad980dbb92C:\Program Files\VideoLAN\VLC\vlc.exeC:\Windows\SYSTEM32\ntdll.dlld91a7db2-2fa0-11e3-95f3-00248c9478c3

Error: (10/07/2013 02:05:30 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/07/2013 02:03:59 AM) (Source: NvStreamSvc)(User: )
Description: NvStreamSvcUnregistering VAD endpoint [0]

Error: (10/07/2013 02:03:58 AM) (Source: NvStreamSvc)(User: )
Description: NvStreamSvcNvVAD endpoint registered successfully [0]


==================== Memory info =========================== 

Percentage of memory in use: 66%
Total physical RAM: 6135.12 MB
Available physical RAM: 2070.21 MB
Total Pagefile: 12268.42 MB
Available Pagefile: 8651.84 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:100 GB) (Free:46.2 GB) NTFS
Drive d: (Steam) (Fixed) (Total:1000 GB) (Free:806.9 GB) NTFS
Drive e: (Musik) (Fixed) (Total:762.92 GB) (Free:445.41 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: A8785758)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=100 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=1000 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=763 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
__________________

Alt 10.10.2013, 09:12   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Wer greift auf meinen Rechner zu ? - Standard

Wer greift auf meinen Rechner zu ?



hi,


Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 10.10.2013, 12:22   #5
guggelhupf
 
Wer greift auf meinen Rechner zu ? - Standard

Wer greift auf meinen Rechner zu ?



Code:
ATTFilter
ComboFix 13-10-09.01 - guggelhupf 10.10.2013  12:58:08.1.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.6135.2790 [GMT 2:00]
ausgeführt von:: c:\users\guggelhupf\Desktop\ComboFix.exe
AV: AVG Internet Security 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
FW: AVG Internet Security 2013 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
SP: AVG Internet Security 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
E:\Setup.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-09-10 bis 2013-10-10  ))))))))))))))))))))))))))))))
.
.
2013-10-10 07:10 . 2013-10-10 07:10	--------	d-----w-	C:\FRST
2013-10-09 08:35 . 2013-10-09 08:35	17813896	----a-w-	c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-10-06 13:44 . 2013-10-06 15:09	--------	d-----w-	c:\users\guggelhupf\AppData\Local\Microsoft Games
2013-10-01 16:01 . 2013-10-01 16:01	--------	d-----w-	c:\users\guggelhupf\AppData\Local\CrashRpt
2013-09-24 23:44 . 2013-09-24 23:44	--------	d-----w-	C:\ts3overlay
2013-09-22 21:35 . 2013-09-22 21:35	--------	d-----w-	c:\users\guggelhupf\AppData\Local\Blizzard
2013-09-22 20:52 . 2013-09-22 20:52	--------	d-----w-	c:\users\guggelhupf\AppData\Local\Blizzard Entertainment
2013-09-22 20:52 . 2013-09-24 01:11	--------	d-----w-	c:\users\guggelhupf\AppData\Local\Battle.net
2013-09-22 20:52 . 2013-09-22 22:25	--------	d-----w-	c:\users\guggelhupf\AppData\Roaming\Battle.net
2013-09-21 13:47 . 2013-09-21 13:47	--------	d-----w-	c:\program files (x86)\MSECache
2013-09-13 07:25 . 2013-08-02 01:59	3968960	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-09 08:40 . 2013-09-07 18:24	692616	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-10-09 08:40 . 2013-08-23 17:08	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-04 23:43 . 2013-09-04 23:43	45880	----a-w-	c:\windows\system32\drivers\avgrkx64.sys
2013-08-23 16:46 . 2013-08-23 16:46	108968	----a-w-	c:\windows\system32\WindowsAccessBridge-64.dll
2013-08-23 16:46 . 2013-08-23 16:46	312232	----a-w-	c:\windows\system32\javaws.exe
2013-08-23 16:46 . 2013-08-23 16:46	189352	----a-w-	c:\windows\system32\javaw.exe
2013-08-23 16:46 . 2013-08-23 16:46	188840	----a-w-	c:\windows\system32\java.exe
2013-08-23 16:46 . 2013-02-03 16:13	972712	----a-w-	c:\windows\system32\deployJava1.dll
2013-08-23 16:46 . 2013-02-03 16:13	1093032	----a-w-	c:\windows\system32\npDeployJava1.dll
2013-08-23 16:46 . 2013-08-23 16:46	96168	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-08-23 16:46 . 2013-02-03 15:25	867240	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2013-08-23 16:46 . 2013-02-03 15:25	789416	----a-w-	c:\windows\SysWow64\deployJava1.dll
2013-08-10 15:33 . 2013-08-10 15:33	140024	----a-w-	c:\windows\system32\drivers\EagleX64.sys
2013-08-08 04:11 . 2013-08-06 00:20	290776	----a-w-	c:\windows\SysWow64\PnkBstrB.xtr
2013-08-08 04:11 . 2013-08-06 00:17	290776	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2013-08-07 18:56 . 2013-08-06 00:17	290776	----a-w-	c:\windows\SysWow64\PnkBstrB.ex0
2013-08-06 01:27 . 2013-08-06 00:17	76888	----a-w-	c:\windows\SysWow64\PnkBstrA.exe
2013-08-02 01:48 . 2013-09-13 07:25	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2013-07-25 09:25 . 2013-08-15 02:54	1888768	----a-w-	c:\windows\system32\WMVDECOD.DLL
2013-07-25 08:57 . 2013-08-15 02:54	1620992	----a-w-	c:\windows\SysWow64\WMVDECOD.DLL
2013-07-19 23:51 . 2013-07-19 23:51	311608	----a-w-	c:\windows\system32\drivers\avgloga.sys
2013-07-19 23:50 . 2013-07-19 23:50	71480	----a-w-	c:\windows\system32\drivers\avgidsha.sys
2013-07-19 23:50 . 2013-07-19 23:50	246072	----a-w-	c:\windows\system32\drivers\avgidsdrivera.sys
2013-07-19 23:50 . 2013-07-19 23:50	206648	----a-w-	c:\windows\system32\drivers\avgldx64.sys
2013-07-19 01:58 . 2013-08-15 02:54	2048	----a-w-	c:\windows\system32\tzres.dll
2013-07-19 01:41 . 2013-08-15 02:54	2048	----a-w-	c:\windows\SysWow64\tzres.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2013-04-12 17:29	233288	----a-w-	c:\program files (x86)\Hotspot Shield\HssIE\HssIE.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"Steam"="d:\steam\steam.exe" [2013-10-09 1813928]
"Akamai NetSession Interface"="c:\users\guggelhupf\AppData\Local\Akamai\netsession_win.exe" [2013-06-04 4489472]
"GarenaPlus"="c:\program files (x86)\Garena Plus\GarenaMessenger.exe" [2013-09-27 9866032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2013-01-31 542632]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2009-06-05 1310720]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2012-06-20 74752]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2013-08-15 4411440]
"Aeria Ignite"="c:\program files (x86)\Aeria Games\Ignite\aeriaignite.exe" [2013-06-06 1925656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~2\NVIDIA~1\NVSTRE~1\rxinput.dll
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys;c:\windows\SYSNATIVE\drivers\SBREdrv.sys [x]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 1394hub;1394 Enabled Hub;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R3 ArcService;Arc Service;e:\arc\ArcService.exe;e:\arc\ArcService.exe [x]
R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys;c:\windows\SYSNATIVE\drivers\gfiark.sys [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena Plus\Room\safedrv.sys;c:\program files (x86)\Garena Plus\Room\safedrv.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe;c:\program files (x86)\Tunngle\TnglCtrl.exe [x]
R3 X6va011;X6va011;c:\windows\SysWOW64\Drivers\X6va011;c:\windows\SysWOW64\Drivers\X6va011 [x]
R3 X6va012;X6va012;c:\windows\SysWOW64\Drivers\X6va012;c:\windows\SysWOW64\Drivers\X6va012 [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys;c:\windows\SYSNATIVE\drivers\gfibto.sys [x]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys;c:\windows\SYSNATIVE\DRIVERS\avgfwd6a.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys;c:\windows\SYSNATIVE\DRIVERS\hssdrv6.sys [x]
S2 ArchiCrypt Sichere Loeschzonen;ArchiCrypt Shredder - Sichere Löschzonen Hilfsservice;c:\program files (x86)\ArchiCrypt\ArchiCrypt Shredder 6\ArchiCryptInjector64.exe;c:\program files (x86)\ArchiCrypt\ArchiCrypt Shredder 6\ArchiCryptInjector64.exe [x]
S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2013\avgfws.exe;c:\program files (x86)\AVG\AVG2013\avgfws.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [x]
S2 hshld;Hotspot Shield Service;c:\program files (x86)\Hotspot Shield\bin\openvpnas.exe;c:\program files (x86)\Hotspot Shield\bin\openvpnas.exe [x]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys;c:\windows\SYSNATIVE\DRIVERS\tap0901t.sys [x]
S3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
S3 yukonw7;NDIS6.2-Miniporttreiber für Marvell Yukon-Ethernet-Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - ArchiCryptInjector
.
Inhalt des "geplante Tasks" Ordners
.
2013-10-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-07 08:40]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-07-27 1028896]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~1\NVIDIA~1\NVSTRE~1\rxinput.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
Trusted Zone: aeriagames.com
TCP: DhcpNameServer = 83.169.184.33 83.169.184.97
FF - ProfilePath - c:\users\guggelhupf\AppData\Roaming\Mozilla\Firefox\Profiles\ed4k8s0w.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{6c97a91e-4524-4019-86af-2aa2d567bf5c} - (no file)
Wow6432Node-HKCU-Run-ArchiCrypt Shredder 6 - (no file)
Wow6432Node-HKCU-Run-ArchiCrypt Scheduler 6 - (no file)
Wow6432Node-HKCU-Run-ArchiCrypt SecureDZone - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
AddRemove-BattlEye for A2 - d:\steam\steamapps\common\Arma 2BattlEye\UnInstallBE.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va011]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va011"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va012]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va012"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-10-10  13:04:12
ComboFix-quarantined-files.txt  2013-10-10 11:04
.
Vor Suchlauf: 15 Verzeichnis(se), 50.642.354.176 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 50.666.655.744 Bytes frei
.
- - End Of File - - 9727A989A4FEFD1E2B7543FD830E054B
A36C5E4F47E84449FF07ED3517B43A31
         
mfg
guggelhupf


Alt 11.10.2013, 08:09   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Wer greift auf meinen Rechner zu ? - Standard

Wer greift auf meinen Rechner zu ?



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
--> Wer greift auf meinen Rechner zu ?

Antwort

Themen zu Wer greift auf meinen Rechner zu ?
ahnung, akamai, aufgetaucht, avg, eigendlich, firma, frage, gemeldet, genannt, greift, griff, hoffe, infos, kleines, kurzem, ordner, partition, plötzlich, problem, rechner, remote, schreddern, shredder, tool, website



Ähnliche Themen: Wer greift auf meinen Rechner zu ?


  1. Zugriff von außen auf meinen Rechner
    Log-Analyse und Auswertung - 12.08.2015 (25)
  2. Fremdzugriff auf meinen Rechner
    Plagegeister aller Art und deren Bekämpfung - 13.12.2014 (8)
  3. Ich glaube es scant wer meinen Rechner
    Plagegeister aller Art und deren Bekämpfung - 01.12.2014 (20)
  4. Neuer CPU Kühler für meinen Rechner
    Netzwerk und Hardware - 06.01.2014 (1)
  5. GVU Trojaner auf Win 7 Rechner. Bin gerade im Ausland unterwegs und brauche meinen Rechner dringend
    Log-Analyse und Auswertung - 29.01.2013 (10)
  6. Trojaner der meinen Rechner blockiert
    Plagegeister aller Art und deren Bekämpfung - 21.12.2012 (5)
  7. Troj/Necurs-M in C:\WINDOWS\system32\drivers\d8146e3232754481.sys -- greift Hacker auf meinen PC zu?
    Log-Analyse und Auswertung - 03.11.2012 (5)
  8. GVU Trojaner v 2.07 infiziert meinen rechner. Bin ich ihn los?
    Plagegeister aller Art und deren Bekämpfung - 05.10.2012 (42)
  9. 100€ Virus blockiert meinen Rechner (XP)
    Plagegeister aller Art und deren Bekämpfung - 31.03.2012 (10)
  10. Hacker greift dauernt auf meinen rechner zu ( ip durch hamachi -.-)
    Plagegeister aller Art und deren Bekämpfung - 04.05.2011 (9)
  11. Unerklärliche Angriffe auf meinen Rechner
    Plagegeister aller Art und deren Bekämpfung - 13.08.2010 (7)
  12. Zugriff auf meinen Rechner?!
    Log-Analyse und Auswertung - 26.03.2010 (8)
  13. Wie rette Ich meinen Rechner?!
    Alles rund um Windows - 25.10.2007 (1)
  14. qttask.exe blockiert meinen Rechner
    Plagegeister aller Art und deren Bekämpfung - 22.07.2007 (1)
  15. Videodatei erlahmt meinen Rechner
    Log-Analyse und Auswertung - 17.09.2005 (3)
  16. trojan-spy hat meinen rechner flachgelegt
    Plagegeister aller Art und deren Bekämpfung - 12.07.2005 (12)
  17. dr/180solutions ärgert meinen rechner
    Plagegeister aller Art und deren Bekämpfung - 17.11.2004 (1)

Zum Thema Wer greift auf meinen Rechner zu ? - Moin, Ich habe ein kleines Problem, nämlich ist vor kurzem plötzlich ein Ordner auf meiner Partition D:/ aufgetaucht und mein Virusprog AVG hat die dort enthaltene "Setup.exe" auch gleich gemeldet - Wer greift auf meinen Rechner zu ?...
Archiv
Du betrachtest: Wer greift auf meinen Rechner zu ? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.