Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: wahrscheinlich gehackt.

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 02.12.2013, 09:29   #1
ryderslider
 
wahrscheinlich gehackt. - Beitrag

wahrscheinlich gehackt.



Hi Leute,
ich hab folgendes Problem.
Meine Fenster öffnen sich komisch(siehe Anhang).
Und als ich berechtigung ändern wollte(bei unwichtigen Ordnern wie z.B. c:\Spiele)
hatte ich bemerkt das u.a. Anonymous angezeigt hatte.Aber jetzt ist es weg bzw, ich finde es nicht mehr. jetzt habe ich die Befürchtung immer noch jemand drin ist und deshalb bitte ich euch mir zu helfen.

Viel Ahnung habe ich nicht aber ich bin bereit alles zu tun damit ich hier sicherer bin.

Zum System: Windows 8 64 bit und alles auf den neusten Stand.
Als Schutz ist Norton 360 installiert.


Geändert von ryderslider (02.12.2013 um 09:51 Uhr)

Alt 03.12.2013, 11:10   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
wahrscheinlich gehackt. - Standard

wahrscheinlich gehackt.



Hallo,

Zitat:
Meine Fenster öffnen sich komisch(siehe Anhang).
Und wer glaubst du vermag auf deinem Briefmarkenbildchen etwas zu erkennen?
__________________

__________________

Alt 03.12.2013, 23:08   #3
ryderslider
 
wahrscheinlich gehackt. - Standard

wahrscheinlich gehackt.



Zitat:
Zitat von cosinus Beitrag anzeigen
Hallo,



Und wer glaubst du vermag auf deinem Briefmarkenbildchen etwas zu erkennen?
der Inhalt ist egal nur das sich das Fenster so öffnet. Sonst mache ich es immer auf Vollbild.

wie kann man genau feststellen ob jemand unbefugtes drin war? Evtl kann man darüber etwas finden.

Ach nochwas ich weiß nicht ob es normal ist, aber Norton hat selbständig die Firewall regeln geändert.
__________________

Alt 04.12.2013, 08:09   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
wahrscheinlich gehackt. - Standard

wahrscheinlich gehackt.



Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten!
Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!




Zudem bitte auch ein Log mit Farbars Tool machen:

Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)



Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 07.12.2013, 22:53   #5
ryderslider
 
wahrscheinlich gehackt. - Unglücklich

wahrscheinlich gehackt.



Hallo,
danke erstmal für deine Antwort.
Ich wollte das Programm starten doch nach scan gibt es eine Fehlermeldung.

Gibt es da Abhilfe?

Hier der Fehler


Alt 08.12.2013, 16:26   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
wahrscheinlich gehackt. - Standard

wahrscheinlich gehackt.



FRST neu runterladen auf den Desktop und nochmal probieren
__________________
--> wahrscheinlich gehackt.

Alt 08.12.2013, 23:07   #7
ryderslider
 
wahrscheinlich gehackt. - Standard

wahrscheinlich gehackt.



FRST.txt:
FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-12-2013 03
Ran by Richard (ATTENTION: The logged in user is not administrator) on **** on 08-12-2013 23:46:11
Running from C:\Users\****\Desktop
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe\LiveComm.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Quick Starter\Quick Starter.exe
(ultracopier.first-world.info) C:\Program Files\Ultracopier\ultracopier.exe
(Intel Corporation) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13191824 2012-08-10] (Realtek Semiconductor)
HKLM\...\Run: [BtTray] - C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [766080 2012-12-05] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [128640 2012-12-05] (Atheros Communications)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [499608 2011-06-16] (Adobe Systems Incorporated)
HKLM\...\Run: [Bitcasa] - C:\Program Files\Bitcasa\Bitcasa.exe [3952128 2012-11-27] (Bitcasa, Inc)
HKLM\...\Run: [HotKeysCmds] - C:\windows\system32\hkcmd.exe [ ] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [EPSONCF0E53 (Epson Stylus Office BX305 Plus)] - C:\windows\system32\spool\DRIVERS\x64\3\E_IATIHRE.EXE /FU "C:\Users\****\AppData\Local\Temp\E_SB71E.tmp" /EF "HKCU"
HKCU\...\Run: [MyDriveConnect.exe] - C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe [473496 2013-10-21] (TomTom)
HKCU\...\Run: [Quick Starter] - C:\Program Files (x86)\Samsung\Quick Starter\Quick Starter.exe [2338352 2013-09-25] (Samsung Electronics CO., LTD.)
HKCU\...\Run: [ultracopier] - C:\Program Files\Ultracopier\ultracopier.exe [1111040 2013-10-08] (ultracopier.first-world.info)
MountPoints2: E - "E:\setup.exe" 
MountPoints2: {61c5cd67-5631-11e3-be9b-208984a5a408} - "E:\setup.exe" 
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-01] (Intel Corporation)
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2994880 2012-08-15] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\reader_sl.exe [40312 2013-09-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] - C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] - C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-12] (CyberLink Corp.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] - C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-13] (Intel Corporation)
HKLM-x32\...\Run: [KeePass 2 PreLoad] - C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2010624 2013-07-20] (Dominik Reichl)
HKLM-x32\...\Run: [bdruninstaller] - "C:\Program Files\Common Files\Bitdefender\SetupInformation\downloader\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\downloader\setupdownloader.exe" /args:"/after_restart"
HKLM-x32\...\Run: [amd_dc_opt] - C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [VirtualCloneDrive] - C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
AppInit_DLLs: C:\Program Files [0 2013-11-07] ()
AppInit_DLLs-x32: C:\Program Files [0 2013-11-07] ()
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung13.msn.com
SearchScopes: HKLM - DefaultScope {E0938EF3-0427-4EBB-A6DE-40EC4E8B5934} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM - {E0938EF3-0427-4EBB-A6DE-40EC4E8B5934} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM-x32 - DefaultScope {E0938EF3-0427-4EBB-A6DE-40EC4E8B5934} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM-x32 - {E0938EF3-0427-4EBB-A6DE-40EC4E8B5934} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3314958&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP5495B96E-F880-470A-ABAD-E10F57C3895C&q={searchTerms}
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3314958&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP5495B96E-F880-470A-ABAD-E10F57C3895C&q={searchTerms}
SearchScopes: HKCU - {E0938EF3-0427-4EBB-A6DE-40EC4E8B5934} URL = 
BHO: Video-Saver-1 - {11111111-1111-1111-1111-110411361110} - C:\Program Files (x86)\Video-Saver-1\Video-Saver-1-bho64.dll (YTSsaver)
BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO-x32: Video-Saver-1 - {11111111-1111-1111-1111-110411361110} - C:\Program Files (x86)\Video-Saver-1\Video-Saver-1-bho.dll No File
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

Chrome: 
=======
CHR HomePage: hxxp://search.conduit.com/?ctid=CT3314958&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP5495B96E-F880-470A-ABAD-E10F57C3895C
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR DefaultSearchKeyword: google.de
CHR DefaultSearchProvider: Google
CHR DefaultSearchURL: {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}
CHR Extension: (Entanglement Web App) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\3.4.9_0
CHR Extension: (Tank Hero: Laser Wars (Web)) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahkkneogpiampdcpgceflcjjmghppmmn\1.0.8_0
CHR Extension: (Download Button) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\alakoggmijiicdlcjjeakffojoinhlpg\1.3_0
CHR Extension: (Google Docs) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Adblock Plus) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.6.1_0
CHR Extension: (Google Search) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (High Contrast) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\djcfdncoelnlbldjfhinnjlhdjlikmph\0.5_0
CHR Extension: (MaskMe) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpkiidbpeijnaaacjlfnijncdlkicejg\1.38.339_0
CHR Extension: (DoNotTrackMe: Online Privacy Protection) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd\3.1.1016_0
CHR Extension: (Mech Hero) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\falbfmgplkcpmcfdbedincgjganegaie\1.0.6_0
CHR Extension: (AdBlock) - C:\Users\R***\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.14_0
CHR Extension: (IP Address) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjndloejlcbpkholmagjbddfkjmmploh\1.10_0
CHR Extension: (Pathuku) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkiilmogcdkeefnbemdagpmcediekadb\1.24.0.0_0
CHR Extension: (Cookies) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\iphcomljdfghbkdcfndaijbokpgddeno\1.7_0
CHR Extension: (Download Helper) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnbkeigkjcncjkbmkiibjgbhbnbanmfi\2.0.2_0
CHR Extension: (IP Address) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpnjjlbngpejmmhgcaagljaomgnginml\7.1_0
CHR Extension: (Cargo Bridge) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\keembkgclppcbilkekfgpobhldjjhpmn\1.5.7_0
CHR Extension: (Download Master) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcceagdollnkjlogmdckgjakjapmkdjf\4.0.0.2_0
CHR Extension: (Chroma Wars) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgojhnokgjooglbmjkmapacckddnbihp\1.2_0
CHR Extension: (Norton Identity Protection) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.3.4_0
CHR Extension: (Downloads Manager Inverted) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgpkmijlbcgmbpaadcngkcapnkkoema\1.0_0
CHR Extension: (Google Wallet) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Better Pop Up Blocker) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpeeekfhbmikbdhlpjbfmnpgcbeggic\2.1.6_0
CHR Extension: (Flow Colors) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbnmelddedlommnmllmfhoephaidddmk\1.3_0
CHR Extension: (Gmail) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\Exts\Chrome.crx

==================== Services (Whitelisted) =================

S4 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [172104 2013-01-26] (Adobe Systems Incorporated)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [231552 2012-12-05] (Qualcomm Atheros Commnucations)
S4 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1591176 2012-11-30] (Samsung Electronics CO., LTD.)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 lmhosts; C:\Windows\system32\svchost.exe [29696 2012-09-20] (Microsoft Corporation)
R2 MSSQL$ADK; c:\Program Files (x86)\Microsoft SQL Server\MSSQL11.ADK\MSSQL\Binn\sqlservr.exe [206424 2012-02-11] (Microsoft Corporation)
R2 N360; C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [29696 2012-09-20] (Microsoft Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3943104 2012-08-15] (Symantec Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [29696 2012-09-20] (Microsoft Corporation)
S4 SQLAgent$ADK; c:\Program Files (x86)\Microsoft SQL Server\MSSQL11.ADK\MSSQL\Binn\SQLAGENT.EXE [438360 2012-02-11] (Microsoft Corporation)
R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3018800 2013-10-21] (Samsung Electronics CO., LTD.)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-12-05] (Atheros)
S4 BitBoxService; "C:\Program Files (x86)\Sirrix AG\BitBox\Service\BitBoxService.exe" [x]

==================== Drivers (Whitelisted) ====================

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [35496 2012-07-09] (Advanced Micro Devices, Inc.)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [88480 2013-10-31] ()
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20131203.001\BHDrvx64.sys [1526488 2013-12-03] (Symantec Corporation)
S3 BTATH_HID; C:\Windows\system32\DRIVERS\btath_hid.sys [222360 2012-12-05] (Qualcomm Atheros)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2012-12-05] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R1 cbfs3; C:\windows\system32\drivers\cbfs3.sys [352456 2012-08-06] (EldoS Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1404000.028\ccSetx64.sys [169048 2013-04-16] (Symantec Corporation)
R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-21] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-21] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20131206.001\IDSvia64.sys [521816 2013-10-25] (Symantec Corporation)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [46400 2013-10-31] ()
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20131207.008\ENG64.SYS [126040 2013-10-29] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20131207.008\EX64.SYS [2099288 2013-10-29] (Symantec Corporation)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-09] (Corel Corporation)
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1404000.028\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1404000.028\SRTSPX64.SYS [36952 2013-03-05] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1404000.028\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1404000.028\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\N360x64\1404000.028\SymELAM.sys [23448 2012-06-20] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-10-29] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1404000.028\Ironx64.SYS [224416 2013-03-05] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1404000.028\SYMNETS.SYS [433752 2013-04-25] (Symantec Corporation)
S3 WIMMount; C:\Program Files (x86)\Windows Kits\8.0\Assessment and Deployment Kit\Deployment Tools\amd64\DISM\wimmount.sys [40392 2012-07-25] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-08 23:46 - 2013-12-08 23:46 - 00019714 _____ C:\Users\Richard\Desktop\FRST.txt
2013-12-08 23:45 - 2013-12-08 23:45 - 01927998 _____ (Farbar) C:\Users\Richard\Desktop\FRST64.exe
2013-12-08 20:46 - 2013-12-08 20:46 - 00000000 ____H C:\windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2013-12-07 23:39 - 2013-12-07 23:39 - 01060157 _____ (Farbar) C:\Users\Richard\Downloads\FRST.exe
2013-12-07 23:39 - 2013-12-07 23:39 - 00010047 _____ C:\Users\Richard\Downloads\FRST.txt
2013-12-07 23:29 - 2013-12-07 23:29 - 00000000 ____D C:\FRST
2013-12-07 00:02 - 2013-12-07 00:02 - 00000000 ____D C:\Users\Richard\Downloads\Windows_Loader_v2.2.1
2013-12-06 23:58 - 2013-12-07 00:02 - 01706667 _____ C:\Users\Richard\Downloads\Windows_Loader_v2.2.1.zip
2013-12-06 01:12 - 2013-12-06 01:12 - 00472258 _____ C:\Users\Richard\Downloads\sdogs214promo-ch.rar
2013-12-06 01:12 - 2013-12-06 01:12 - 00000000 ____D C:\Users\Richard\Downloads\sdogs214promo-ch
2013-12-06 01:11 - 2013-12-06 01:11 - 00570304 _____ C:\Users\Richard\Downloads\SD.v2.1.437044.Plus.10.Trainer-FLiNG.rar
2013-12-06 01:11 - 2013-12-06 01:11 - 00000000 ____D C:\Users\Richard\Downloads\SD.v2.1.437044.Plus.10.Trainer-FLiNG
2013-12-06 00:57 - 2013-12-06 00:57 - 00000000 ____D C:\Users\Richard\Downloads\SLEEPING.DOGS.V2.1.PLUS10TRN.FLING
2013-12-06 00:57 - 2013-12-06 00:57 - 00000000 ____D C:\Users\Richard\Documents\FLiNGTrainer
2013-12-06 00:45 - 2013-12-06 00:45 - 00000000 ____D C:\Users\Richard\Downloads\SleepingDogsv1.9+4_AOBeta
2013-12-06 00:41 - 2013-12-06 00:41 - 00002525 _____ C:\Users\Richard\Desktop\SleepingD+20Tr-LNG_v2.1.437044.exe - Verknüpfung.lnk
2013-12-06 00:40 - 2013-12-06 00:40 - 00000000 ____D C:\Users\Richard\Downloads\SleepD+20Tr-LNG_v2.1.437044
2013-12-06 00:39 - 2013-12-06 00:39 - 02235499 _____ C:\Users\Richard\Downloads\SleepD+20Tr-LNG_v2.1.437044.rar
2013-12-06 00:38 - 2013-12-06 00:38 - 02092070 _____ C:\Users\Richard\Downloads\SleepingDogsv1.9+4_AOBeta.rar
2013-12-06 00:38 - 2013-12-06 00:38 - 00627642 _____ C:\Users\Richard\Downloads\SLEEPING.DOGS.V2.1.PLUS10TRN.FLING.ZIP
2013-12-05 14:25 - 2013-12-07 23:22 - 00000000 ____D C:\Users\Richard\Desktop\mukke
2013-12-04 15:38 - 2013-12-04 15:49 - 285442224 _____ C:\Users\Richard\Downloads\Top 30 Dance Club Play 23.11.2013.rar
2013-12-04 15:36 - 2013-12-04 15:49 - 365014490 _____ C:\Users\Richard\Downloads\01 - 50_0912.rar
2013-12-04 15:36 - 2013-12-04 15:49 - 363989764 _____ C:\Users\Richard\Downloads\51 - 100_0912.rar
2013-12-04 02:14 - 2013-12-04 02:14 - 00001624 _____ C:\Users\Richard\Downloads\p310y6427fl0kg3.dlc
2013-12-03 01:05 - 2013-12-03 01:05 - 00000000 ____D C:\Users\Richard\Documents\Square Enix
2013-12-03 01:04 - 2013-12-03 01:04 - 00000000 ____D C:\windows\SysWOW64\AGEIA
2013-12-03 01:04 - 2013-12-03 01:04 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2013-12-03 00:27 - 2013-12-03 00:27 - 00019937 _____ C:\Users\Richard\Documents\Liste grammatikalischer Grundbegriffe (1).odt
2013-12-02 12:19 - 2013-12-02 12:19 - 00000000 ____D C:\Users\Richard\AppData\Roaming\LibreOffice
2013-12-02 12:18 - 2013-12-02 12:18 - 00002599 _____ C:\Users\Public\Desktop\LibreOffice 4.1.lnk
2013-12-02 12:18 - 2013-12-02 12:18 - 00000000 ____D C:\Program Files (x86)\LibreOffice 4
2013-12-02 12:13 - 2013-12-02 12:17 - 215306240 _____ C:\Users\Richard\Downloads\LibreOffice_4.1.3_Win_x86.msi
2013-12-02 11:21 - 2013-12-02 11:21 - 00001054 _____ C:\Users\Public\Desktop\Secure Banking.lnk
2013-12-02 10:34 - 2013-12-02 10:34 - 00000000 ____D C:\Users\Richard\Downloads\Secure Banking v1.5.2
2013-12-02 10:19 - 2013-12-02 10:19 - 00414150 _____ C:\Users\Richard\Downloads\Secure Banking v1.5.2.rar
2013-12-02 10:15 - 2013-12-02 11:21 - 00000000 ____D C:\Program Files (x86)\Secure Banking
2013-12-02 10:14 - 2013-12-02 10:14 - 00000000 ____D C:\Users\Richard\Downloads\Secure Banking v1.5.1
2013-12-02 10:12 - 2013-12-02 10:12 - 00399347 _____ C:\Users\Richard\Downloads\Secure Banking v1.5.1.rar
2013-12-02 10:09 - 2013-12-02 10:09 - 00000000 ____D C:\Users\Richard\Downloads\Thats_My_Work_2-(DatPiff.com)
2013-12-01 22:45 - 2013-12-01 22:50 - 90074222 _____ C:\Users\Richard\Downloads\Thats_My_Work_2-(DatPiff.com).zip
2013-12-01 21:47 - 2013-12-01 21:47 - 00000222 _____ C:\Users\Richard\Desktop\Binary Domain.url
2013-11-29 00:35 - 2013-11-29 00:35 - 00000222 _____ C:\Users\Richard\Desktop\Batman Arkham City GOTY.url
2013-11-29 00:34 - 2013-11-29 00:34 - 00000221 _____ C:\Users\Richard\Desktop\Batman Arkham Asylum GOTY Edition.url
2013-11-28 01:53 - 2013-11-28 01:57 - 00000000 ____D C:\Users\Richard\Documents\Assassin's Creed IV Black Flag
2013-11-28 01:28 - 2013-11-28 01:28 - 00000925 _____ C:\Users\Public\Desktop\Assassin's Creed IV Black Flag.lnk
2013-11-28 00:42 - 2013-11-28 00:42 - 00001234 _____ C:\Users\Public\Desktop\Virtual CloneDrive.lnk
2013-11-28 00:40 - 2013-11-28 00:40 - 00000000 ____D C:\Program Files (x86)\Elaborate Bytes
2013-11-28 00:38 - 2013-11-28 00:38 - 01640984 _____ C:\Users\Richard\Downloads\SetupVirtualCloneDrive547 (1).exe
2013-11-28 00:37 - 2013-11-28 00:38 - 01640984 _____ C:\Users\Richard\Downloads\SetupVirtualCloneDrive547.exe
2013-11-28 00:33 - 2013-11-28 01:54 - 1073741824 _____ C:\Users\Richard\Downloads\a3c-thir.part03.rar
2013-11-28 00:33 - 2013-11-28 01:54 - 1073741824 _____ C:\Users\Richard\Downloads\a3c-thir.part02.rar
2013-11-28 00:33 - 2013-11-28 01:53 - 1073741824 _____ C:\Users\Richard\Downloads\a3c-thir.part06.rar
2013-11-28 00:33 - 2013-11-28 01:53 - 1073741824 _____ C:\Users\Richard\Downloads\a3c-thir.part04.rar
2013-11-28 00:33 - 2013-11-28 01:52 - 1073741824 _____ C:\Users\Richard\Downloads\a3c-thir.part12.rar
2013-11-28 00:33 - 2013-11-28 01:50 - 1073741824 _____ C:\Users\Richard\Downloads\a3c-thir.part01.rar
2013-11-27 17:18 - 2013-11-27 17:31 - 174390904 _____ C:\Users\Richard\Downloads\a3cdl2-thir.part4.rar
2013-11-27 17:06 - 2013-11-27 17:34 - 418381824 _____ C:\Users\Richard\Downloads\a3cdl2-thir.part3.rar
2013-11-27 17:03 - 2013-11-27 17:32 - 418381824 _____ C:\Users\Richard\Downloads\a3cdl2-thir.part2.rar
2013-11-27 16:47 - 2013-11-27 17:17 - 418381824 _____ C:\Users\Richard\Downloads\a3cdl2-thir.part1.rar
2013-11-27 16:43 - 2013-11-27 16:47 - 43452244 _____ C:\Users\Richard\Downloads\ac3up106-thir.rar
2013-11-27 16:42 - 2013-11-27 17:06 - 323475216 _____ C:\Users\Richard\Downloads\a3c-thir.part16.rar
2013-11-27 16:41 - 2013-11-27 17:41 - 1073741824 _____ C:\Users\Richard\Downloads\a3c-thir.part15.rar
2013-11-27 16:39 - 2013-11-27 17:41 - 1073741824 _____ C:\Users\Richard\Downloads\a3c-thir.part14.rar
2013-11-27 16:38 - 2013-11-27 17:41 - 1073741824 _____ C:\Users\Richard\Downloads\a3c-thir.part13.rar
2013-11-27 15:32 - 2013-11-27 16:43 - 1073741824 _____ C:\Users\Richard\Downloads\a3c-thir.part11.rar
2013-11-27 15:28 - 2013-11-27 16:42 - 1073741824 _____ C:\Users\Richard\Downloads\a3c-thir.part10.rar
2013-11-27 02:22 - 2013-11-27 16:41 - 1073741824 _____ C:\Users\Richard\Downloads\a3c-thir.part09.rar
2013-11-27 02:21 - 2013-11-27 16:39 - 1073741824 _____ C:\Users\Richard\Downloads\a3c-thir.part08.rar
2013-11-27 02:11 - 2013-11-27 16:37 - 1073741824 _____ C:\Users\Richard\Downloads\a3c-thir.part07.rar
2013-11-27 00:59 - 2013-11-27 00:59 - 00000000 ____D C:\Users\Richard\Downloads\Uplay-2.1.1-Steam006 (1)
2013-11-27 00:51 - 2013-11-27 00:54 - 01921165 _____ C:\Users\Richard\Downloads\Uplay-2.1.1-Steam006 (1).7z
2013-11-27 00:44 - 2013-11-27 15:39 - 1073741824 _____ C:\Users\Richard\Downloads\a3c-thir.part05.rar
2013-11-27 00:31 - 2013-11-27 00:32 - 43270981 _____ C:\Users\Richard\Downloads\AC3..v1.06.Upd-SKID_StanleyTweedle.rar
2013-11-27 00:30 - 2013-11-27 00:30 - 00000944 _____ C:\Users\Richard\Downloads\9badc50989b04a28c0aec96e79dfbe25.dlc
2013-11-27 00:22 - 2013-11-27 00:22 - 09002585 _____ C:\Users\Richard\Downloads\sr-ac3u106.7z
2013-11-26 23:47 - 2013-11-26 23:47 - 00000000 ____D C:\Users\Internet\AppData\Roaming\Origin
2013-11-26 23:45 - 2013-11-26 23:45 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2013-11-26 23:40 - 2013-11-26 23:47 - 00000000 ____D C:\Program Files (x86)\Origin
2013-11-26 23:40 - 2013-11-26 23:40 - 00000000 ____D C:\ProgramData\Electronic Arts
2013-11-26 23:38 - 2013-12-08 00:50 - 00000000 ____D C:\Program Files (x86)\Steam
2013-11-26 23:38 - 2013-11-26 23:38 - 00000933 _____ C:\Users\Public\Desktop\Steam.lnk
2013-11-26 01:45 - 2013-11-26 01:45 - 00000000 ____D C:\Users\Richard\Downloads\Need.for.Speed.Rivals.v1.2.0.0.Update.and.No.Origin.X86.and.X64.Crack-3DM
2013-11-26 01:18 - 2013-11-26 01:20 - 133759637 _____ C:\Users\Richard\Downloads\Need.for.Speed.Rivals.v1.2.0.0.Update.and.No.Origin.X86.and.X64.Crack-3DM.rar
2013-11-26 01:18 - 2013-11-26 01:18 - 17481110 _____ C:\Users\Richard\Downloads\Need.for.Speed.Rivals.X86.and.X64.Crack.Only.v2-3DM.rar
2013-11-26 00:57 - 2013-11-26 00:57 - 00000000 ____D C:\Users\Richard\Documents\Games for Windows - LIVE Demos
2013-11-26 00:56 - 2013-11-26 00:56 - 00000000 ____D C:\windows\SysWOW64\xlive
2013-11-26 00:56 - 2013-11-26 00:56 - 00000000 ____D C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2013-11-26 00:27 - 2013-11-26 00:27 - 00642712 _____ (Microsoft Corporation) C:\Users\Richard\Downloads\gfwlive35setup.exe
2013-11-25 10:02 - 2013-11-25 10:02 - 00000000 ____D C:\Writer
2013-11-25 09:59 - 2013-11-25 10:01 - 167088248 _____ (PortableApps.com) C:\Users\Richard\Downloads\LibreOfficePortable_4.1.3_MultilingualAll.paf.exe
2013-11-25 00:53 - 2013-11-25 00:53 - 00000000 ____D C:\Users\Richard\Downloads\assn3crc
2013-11-24 21:23 - 2013-11-24 21:23 - 00000000 ____D C:\Users\Richard\Documents\Ghost Games
2013-11-24 15:28 - 2013-11-24 15:28 - 00001760 _____ C:\Users\Public\Desktop\Need for Speed Rivals (x86).lnk
2013-11-24 15:28 - 2013-11-24 15:28 - 00001728 _____ C:\Users\Public\Desktop\Need for Speed Rivals (x64).lnk
2013-11-24 13:22 - 2013-11-24 14:31 - 1047527424 _____ C:\Users\Richard\Downloads\nfsrddem2nwfxdvr-thir.part7.rar
2013-11-24 13:22 - 2013-11-24 14:31 - 1047527424 _____ C:\Users\Richard\Downloads\nfsrddem2nwfxdvr-thir.part6.rar
2013-11-24 13:22 - 2013-11-24 13:55 - 482193540 _____ C:\Users\Richard\Downloads\nfsrddem2nwfxdvr-thir.part8.rar
2013-11-24 13:21 - 2013-11-24 14:32 - 1047527424 _____ C:\Users\Richard\Downloads\nfsrddem2nwfxdvr-thir.part3.rar
2013-11-24 13:21 - 2013-11-24 14:31 - 1047527424 _____ C:\Users\Richard\Downloads\nfsrddem2nwfxdvr-thir.part5.rar
2013-11-24 13:21 - 2013-11-24 14:31 - 1047527424 _____ C:\Users\Richard\Downloads\nfsrddem2nwfxdvr-thir.part1.rar
2013-11-24 13:21 - 2013-11-24 13:21 - 00000000 ____D C:\Users\Richard\Downloads\maba_maensischusagfra_dri_upx
2013-11-24 00:51 - 2013-11-24 00:51 - 00000000 ____D C:\Users\Richard\Documents\WB Games
2013-11-24 00:40 - 2013-11-24 00:46 - 525336579 _____ C:\Users\Richard\Downloads\Assassins.Creed.IV.Black.Flag.Black.Chest.Edition.MULTi19-ElAmigos.part10.rar
2013-11-23 21:59 - 2013-11-23 23:16 - 1047527424 _____ C:\Users\Richard\Downloads\nfsrddem2nwfxdvr-thir.part4.rar
2013-11-23 21:57 - 2013-11-23 23:17 - 1047527424 _____ C:\Users\Richard\Downloads\nfsrddem2nwfxdvr-thir.part2.rar
2013-11-23 21:54 - 2013-11-23 21:54 - 00000000 ____D C:\Users\Richard\Downloads\Assassins.Creed.IV.Black.Flag.Black.Chest.Edition.MULTi19-ElAmigos
2013-11-23 19:32 - 2013-11-23 19:37 - 41749356 _____ C:\Users\Richard\Downloads\Need for Speed Rivals Deutsche Sprachdateien.rar
2013-11-23 17:22 - 2013-11-23 17:28 - 525336579 _____ C:\Users\Richard\Downloads\Assassins.Creed.IV.Black.Flag.Black.Chest.Edition.MULTi19-ElAmigos.part16.rar
2013-11-23 13:39 - 2013-11-23 13:40 - 37996284 _____ C:\Users\Richard\Downloads\maba_maensischusagfra_dri_upx.part11.rar
2013-11-23 13:31 - 2013-11-23 13:39 - 110100480 _____ C:\Users\Richard\Downloads\maba_maensischusagfra_dri_upx.part10.rar
2013-11-23 13:31 - 2013-11-23 13:39 - 110100480 _____ C:\Users\Richard\Downloads\maba_maensischusagfra_dri_upx.part09.rar
2013-11-23 13:31 - 2013-11-23 13:39 - 110100480 _____ C:\Users\Richard\Downloads\maba_maensischusagfra_dri_upx.part08.rar
2013-11-23 13:31 - 2013-11-23 13:39 - 110100480 _____ C:\Users\Richard\Downloads\maba_maensischusagfra_dri_upx.part07.rar
2013-11-23 13:30 - 2013-11-23 13:39 - 110100480 _____ C:\Users\Richard\Downloads\maba_maensischusagfra_dri_upx.part06.rar
2013-11-23 13:22 - 2013-11-23 13:31 - 110100480 _____ C:\Users\Richard\Downloads\maba_maensischusagfra_dri_upx.part04.rar
2013-11-23 13:22 - 2013-11-23 13:30 - 110100480 _____ C:\Users\Richard\Downloads\maba_maensischusagfra_dri_upx.part05.rar
2013-11-23 13:22 - 2013-11-23 13:30 - 110100480 _____ C:\Users\Richard\Downloads\maba_maensischusagfra_dri_upx.part03.rar
2013-11-23 13:22 - 2013-11-23 13:30 - 110100480 _____ C:\Users\Richard\Downloads\maba_maensischusagfra_dri_upx.part02.rar
2013-11-23 13:22 - 2013-11-23 13:30 - 110100480 _____ C:\Users\Richard\Downloads\maba_maensischusagfra_dri_upx.part01.rar
2013-11-23 13:21 - 2013-11-23 13:21 - 00004292 _____ C:\Users\Richard\Downloads\Mario.Barth.-.Maenner.Sind.Schuld.Sagen.Die.Frauen.2013.German.AC3.DVDRip.x264-UPX-k1x7owm9yy1.dlc
2013-11-23 01:55 - 2013-11-23 01:55 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Intel Corporation
2013-11-23 01:55 - 2013-11-23 01:55 - 00000000 ____D C:\Users\Admin\AppData\Roaming\ATI
2013-11-23 01:54 - 2013-11-23 01:54 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Atheros
2013-11-23 01:52 - 2013-11-23 01:52 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Synaptics
2013-11-23 01:52 - 2013-11-23 01:52 - 00000000 _____ C:\Users\Admin\agent.log
2013-11-23 01:50 - 2013-11-23 02:01 - 00000000 ____D C:\Users\Richard\Downloads\fc-bafix
2013-11-23 01:48 - 2013-11-23 01:49 - 49938442 _____ C:\Users\Richard\Downloads\fc-bafix.7z
2013-11-23 01:42 - 2012-08-28 13:35 - 15453832 _____ (Microsoft Corporation) C:\windows\system32\xlive.dll
2013-11-23 01:41 - 2013-11-23 01:41 - 08780754 _____ C:\Users\Richard\Downloads\xlive.zip
2013-11-23 01:41 - 2013-11-23 01:41 - 00000000 ____D C:\Users\Richard\Downloads\xlive
2013-11-23 01:21 - 2013-11-23 01:21 - 00000000 ____D C:\Users\Richard\Desktop\Neuer Ordner
2013-11-23 01:14 - 2013-11-23 01:14 - 00000000 __SHD C:\ProgramData\DSS
2013-11-23 00:08 - 2013-11-23 00:08 - 00000000 ____D C:\Program Files (x86)\AMD
2013-11-22 19:17 - 2013-11-22 19:17 - 00000000 ____D C:\Users\Richard\Downloads\Batman.Arkham.City.Game.of.the.Year.Edition-SKIDROW
2013-11-22 03:04 - 2013-11-23 13:40 - 525336579 _____ C:\Users\Richard\Downloads\Assassins.Creed.IV.Black.Flag.Black.Chest.Edition.MULTi19-ElAmigos.part15.rar
2013-11-22 02:58 - 2013-11-23 13:22 - 525336579 _____ C:\Users\Richard\Downloads\Assassins.Creed.IV.Black.Flag.Black.Chest.Edition.MULTi19-ElAmigos.part14.rar
2013-11-22 02:53 - 2013-11-22 02:57 - 258475746 _____ C:\Users\Richard\Downloads\Assassins.Creed.IV.Black.Flag.Black.Chest.Edition.MULTi19-ElAmigos.part19.rar
2013-11-22 02:45 - 2013-11-22 02:55 - 525336579 _____ C:\Users\Richard\Downloads\Assassins.Creed.IV.Black.Flag.Black.Chest.Edition.MULTi19-ElAmigos.part13.rar
2013-11-22 00:39 - 2013-11-22 00:39 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2013-11-22 00:24 - 2013-11-22 00:24 - 00000000 ____D C:\Users\Richard\Downloads\EurolineDH1
2013-11-22 00:19 - 2013-11-22 00:19 - 05292313 _____ C:\Users\Richard\Downloads\EurolineDH1.rar
2013-11-22 00:10 - 2013-11-22 00:10 - 00000000 ____D C:\Users\Richard\Downloads\6795965
2013-11-21 23:11 - 2013-11-21 23:40 - 1013978768 _____ C:\Users\Richard\Downloads\6795965.rar
2013-11-21 19:38 - 2013-11-05 23:58 - 00694232 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2013-11-21 19:38 - 2013-11-05 23:58 - 00078296 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-16 15:14 - 2013-11-16 15:14 - 00001270 _____ C:\Users\Richard\Desktop\iw6sp64_ship.exe - Verknüpfung.lnk
2013-11-16 02:10 - 2013-11-16 14:01 - 525336579 _____ C:\Users\Richard\Downloads\Assassins.Creed.IV.Black.Flag.Black.Chest.Edition.MULTi19-ElAmigos.part18.rar
2013-11-16 01:51 - 2013-11-16 02:45 - 525336579 _____ C:\Users\Richard\Downloads\Assassins.Creed.IV.Black.Flag.Black.Chest.Edition.MULTi19-ElAmigos.part17.rar
2013-11-16 01:13 - 2013-11-25 00:52 - 00000000 ____D C:\Users\Richard\Downloads\rld-ac3105
2013-11-16 00:58 - 2013-11-16 01:02 - 07171632 _____ C:\Users\Richard\Downloads\bitdefender_tsecurity.exe
2013-11-16 00:51 - 2013-11-16 02:10 - 525336579 _____ C:\Users\Richard\Downloads\Assassins.Creed.IV.Black.Flag.Black.Chest.Edition.MULTi19-ElAmigos.part12.rar
2013-11-16 00:48 - 2013-11-22 02:35 - 525336579 _____ C:\Users\Richard\Downloads\Assassins.Creed.IV.Black.Flag.Black.Chest.Edition.MULTi19-ElAmigos.part11.rar
2013-11-16 00:19 - 2013-11-16 00:51 - 525336582 _____ C:\Users\Richard\Downloads\Assassins.Creed.IV.Black.Flag.Black.Chest.Edition.MULTi19-ElAmigos.part09.rar
2013-11-16 00:19 - 2013-11-16 00:51 - 525336579 _____ C:\Users\Richard\Downloads\Assassins.Creed.IV.Black.Flag.Black.Chest.Edition.MULTi19-ElAmigos.part08.rar
2013-11-16 00:19 - 2013-11-16 00:46 - 525336579 _____ C:\Users\Richard\Downloads\Assassins.Creed.IV.Black.Flag.Black.Chest.Edition.MULTi19-ElAmigos.part07.rar
2013-11-16 00:00 - 2013-11-16 00:19 - 525336579 _____ C:\Users\Richard\Downloads\Assassins.Creed.IV.Black.Flag.Black.Chest.Edition.MULTi19-ElAmigos.part06.rar
2013-11-16 00:00 - 2013-11-16 00:19 - 525336579 _____ C:\Users\Richard\Downloads\Assassins.Creed.IV.Black.Flag.Black.Chest.Edition.MULTi19-ElAmigos.part05.rar
2013-11-16 00:00 - 2013-11-16 00:19 - 525336579 _____ C:\Users\Richard\Downloads\Assassins.Creed.IV.Black.Flag.Black.Chest.Edition.MULTi19-ElAmigos.part04.rar
2013-11-15 23:41 - 2013-11-16 00:00 - 525336585 _____ C:\Users\Richard\Downloads\Assassins.Creed.IV.Black.Flag.Black.Chest.Edition.MULTi19-ElAmigos.part02.rar
2013-11-15 23:41 - 2013-11-16 00:00 - 525336585 _____ C:\Users\Richard\Downloads\Assassins.Creed.IV.Black.Flag.Black.Chest.Edition.MULTi19-ElAmigos.part01.rar
2013-11-15 23:41 - 2013-11-16 00:00 - 525336582 _____ C:\Users\Richard\Downloads\Assassins.Creed.IV.Black.Flag.Black.Chest.Edition.MULTi19-ElAmigos.part03.rar
2013-11-15 23:39 - 2013-11-15 23:39 - 00006552 _____ C:\Users\Richard\Downloads\031pah2q22r8493.dlc
2013-11-15 23:28 - 2013-11-15 23:28 - 00000000 ____D C:\Program Files (x86)\DealPly
2013-11-15 23:27 - 2013-12-08 23:27 - 00001968 _____ C:\windows\Tasks\Video-Saver-1-chromeinstaller.job
2013-11-15 23:27 - 2013-12-08 23:27 - 00001352 _____ C:\windows\Tasks\Video-Saver-1-updater.job
2013-11-15 23:27 - 2013-12-08 23:27 - 00001258 _____ C:\windows\Tasks\Video-Saver-1-codedownloader.job
2013-11-15 23:27 - 2013-12-08 23:27 - 00001158 _____ C:\windows\Tasks\Video-Saver-1-enabler.job
2013-11-15 23:27 - 2013-11-16 15:25 - 00000000 ____D C:\Program Files (x86)\Video-Saver-1
2013-11-15 23:25 - 2013-11-15 23:26 - 19084123 _____ (© schoener-fernsehen.com) C:\Users\Richard\Downloads\SchoenerFernsehen_0.0.0.1.exe
2013-11-14 22:38 - 2013-10-03 00:25 - 01300992 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2013-11-14 22:38 - 2013-10-02 00:37 - 01569280 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2013-11-14 22:38 - 2013-10-02 00:26 - 01890816 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2013-11-14 22:38 - 2013-10-01 23:22 - 01022976 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2013-11-14 22:37 - 2013-10-12 09:45 - 02241536 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-11-14 22:37 - 2013-10-12 09:45 - 01364992 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-11-14 22:37 - 2013-10-12 09:45 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-11-14 22:37 - 2013-10-12 09:43 - 19269632 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-11-14 22:37 - 2013-10-12 09:43 - 15404544 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-11-14 22:37 - 2013-10-12 09:43 - 03959808 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-11-14 22:37 - 2013-10-12 09:43 - 02648576 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-11-14 22:37 - 2013-10-12 09:43 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-11-14 22:37 - 2013-10-12 09:43 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-11-14 22:37 - 2013-10-12 08:03 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-11-14 22:37 - 2013-10-12 08:03 - 01138176 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-11-14 22:37 - 2013-10-12 08:02 - 14355968 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-11-14 22:37 - 2013-10-12 08:02 - 13761024 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-11-14 22:37 - 2013-10-12 08:02 - 02877952 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-11-14 22:37 - 2013-10-12 08:02 - 02049024 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-11-14 22:37 - 2013-10-12 08:02 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2013-11-14 22:37 - 2013-10-12 08:02 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2013-11-14 22:37 - 2013-10-10 12:53 - 00096600 _____ (Microsoft Corporation) C:\windows\system32\Drivers\wfplwfs.sys
2013-11-14 22:37 - 2013-10-10 10:21 - 01160192 _____ (Microsoft Corporation) C:\windows\system32\IKEEXT.DLL
2013-11-14 22:37 - 2013-10-10 10:20 - 00723968 _____ (Microsoft Corporation) C:\windows\system32\BFE.DLL
2013-11-14 22:37 - 2013-09-23 23:30 - 00419328 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2013-11-14 22:37 - 2013-09-23 23:30 - 00323072 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2013-11-14 22:37 - 2013-09-04 04:11 - 00576512 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2013-11-14 22:37 - 2013-08-23 08:22 - 02062848 _____ (Microsoft Corporation) C:\windows\system32\d3d11.dll
2013-11-14 22:37 - 2013-08-23 02:44 - 01711616 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d11.dll
2013-11-14 22:36 - 2013-10-02 00:37 - 02035712 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2013-11-14 22:36 - 2013-10-02 00:26 - 02304512 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2013-11-14 02:45 - 2013-11-14 02:45 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Macromedia
2013-11-14 02:42 - 2013-11-14 02:42 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Adobe
2013-11-14 01:44 - 2013-11-14 01:44 - 00000000 ____D C:\AMD
2013-11-13 13:43 - 2013-11-13 13:43 - 00000000 ____D C:\ProgramData\Steam
2013-11-13 02:09 - 2013-11-13 02:09 - 00000000 ____D C:\Users\Richard\Downloads\Subaru_Legacy_BL5
2013-11-13 00:22 - 2013-11-13 00:23 - 18371483 _____ C:\Users\Richard\Downloads\MisterSir_Rotary_Rescript.zip
2013-11-13 00:22 - 2013-11-13 00:22 - 00005015 _____ C:\Users\Richard\Downloads\MisterSir_Rotary_Rescript_MWM_RPK.zip
2013-11-13 00:18 - 2013-11-13 00:19 - 06182927 _____ C:\Users\Richard\Downloads\Subaru_Legacy_BL5.7z
2013-11-12 00:34 - 2013-11-12 00:34 - 00001262 _____ C:\Users\Richard\Desktop\MOHW.exe - Verknüpfung.lnk
2013-11-10 16:02 - 2013-11-23 10:49 - 636054618 _____ C:\windows\MEMORY.DMP
2013-11-10 01:10 - 2013-11-10 01:11 - 00000510 _____ C:\Users\Richard\Desktop\mohwf.reg
2013-11-09 13:40 - 2013-11-09 13:40 - 00002022 _____ C:\Users\Public\Desktop\Adobe Reader X.lnk
2013-11-08 19:08 - 2013-11-08 19:08 - 00000000 ____D C:\Users\Internet\AppData\Roaming\Intel Corporation
2013-11-08 19:07 - 2013-11-08 19:07 - 00000000 ____D C:\Users\Internet\AppData\Roaming\ATI
2013-11-08 19:07 - 2013-11-08 19:07 - 00000000 ____D C:\Users\Internet\AppData\Roaming\Atheros
2013-11-08 19:06 - 2013-11-08 19:06 - 00000000 ____D C:\Users\Internet\AppData\Roaming\Adobe
2013-11-08 19:05 - 2013-11-08 19:06 - 00000000 ____D C:\Users\Internet
2013-11-08 19:05 - 2013-11-08 19:05 - 00000020 ___SH C:\Users\Internet\ntuser.ini
2013-11-08 19:05 - 2013-11-08 19:05 - 00000000 _SHDL C:\Users\Internet\Vorlagen
2013-11-08 19:05 - 2013-11-08 19:05 - 00000000 _SHDL C:\Users\Internet\Startmenü
2013-11-08 19:05 - 2013-11-08 19:05 - 00000000 _SHDL C:\Users\Internet\Netzwerkumgebung
2013-11-08 19:05 - 2013-11-08 19:05 - 00000000 _SHDL C:\Users\Internet\Lokale Einstellungen
2013-11-08 19:05 - 2013-11-08 19:05 - 00000000 _SHDL C:\Users\Internet\Eigene Dateien
2013-11-08 19:05 - 2013-11-08 19:05 - 00000000 _SHDL C:\Users\Internet\Druckumgebung
2013-11-08 19:05 - 2013-11-08 19:05 - 00000000 _SHDL C:\Users\Internet\Anwendungsdaten
2013-11-08 19:05 - 2013-11-08 19:05 - 00000000 ____D C:\Users\Internet\AppData\Roaming\Synaptics
2013-11-08 19:05 - 2013-11-08 19:05 - 00000000 _____ C:\Users\Internet\agent.log
2013-11-08 11:20 - 2013-11-23 01:54 - 00000000 ____D C:\Users\Admin
2013-11-08 11:20 - 2013-11-08 11:20 - 00000020 ___SH C:\Users\Admin\ntuser.ini
2013-11-08 11:20 - 2013-11-08 11:20 - 00000000 _SHDL C:\Users\Admin\Vorlagen
2013-11-08 11:20 - 2013-11-08 11:20 - 00000000 _SHDL C:\Users\Admin\Startmenü
2013-11-08 11:20 - 2013-11-08 11:20 - 00000000 _SHDL C:\Users\Admin\Netzwerkumgebung
2013-11-08 11:20 - 2013-11-08 11:20 - 00000000 _SHDL C:\Users\Admin\Lokale Einstellungen
2013-11-08 11:20 - 2013-11-08 11:20 - 00000000 _SHDL C:\Users\Admin\Eigene Dateien
2013-11-08 11:20 - 2013-11-08 11:20 - 00000000 _SHDL C:\Users\Admin\Druckumgebung
2013-11-08 11:20 - 2013-11-08 11:20 - 00000000 _SHDL C:\Users\Admin\Anwendungsdaten
2013-11-08 04:01 - 2013-11-08 04:01 - 00112260 _____ C:\Users\Richard\Downloads\Assassin_s_Creed_II_-_Deluxe_Edition_-_FULL-SC-4casudmhbv5.dlc
2013-11-08 03:52 - 2013-11-08 03:52 - 12558132 _____ C:\Users\Richard\Downloads\AgyC3cr.rar
2013-11-08 03:48 - 2013-11-08 03:48 - 17845093 _____ C:\Users\Richard\Downloads\assn3crc.rar
2013-11-08 03:28 - 2013-11-27 00:22 - 00000000 ____D C:\Users\Richard\AppData\Local\Ubisoft Game Launcher
2013-11-08 03:26 - 2013-11-08 03:26 - 00000000 ____D C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2013-11-08 03:25 - 2013-11-08 03:26 - 24112320 _____ C:\Users\Richard\Downloads\UplayInstaller208.exe
2013-11-08 03:24 - 2013-11-09 12:42 - 00000000 ____D C:\Users\Richard\Downloads\Uplay-2.1.1-Steam006
2013-11-08 03:24 - 2013-11-08 03:24 - 01921165 _____ C:\Users\Richard\Downloads\Uplay-2.1.1-Steam006.7z
2013-11-08 03:22 - 2013-11-08 03:22 - 00123316 _____ C:\Users\Richard\Downloads\rld-ac3105.7z
2013-11-08 03:12 - 2013-11-25 00:54 - 00000000 ____D C:\Users\Richard\Documents\Assassin's Creed III
2013-11-08 03:05 - 2013-11-08 03:05 - 00000000 ____D C:\ProgramData\Orbit
2013-11-08 01:34 - 2013-11-08 01:37 - 00000000 ____D C:\Users\Richard\Documents\MOHW
2013-11-08 00:56 - 2013-11-08 00:56 - 00012528 _____ C:\Users\Richard\Downloads\6487d51abb310291098a73916702a77d.dlc
2013-11-08 00:39 - 2013-11-13 14:59 - 00000000 ____D C:\Users\Richard\Downloads\a3cem2-thir
2013-11-08 00:38 - 2013-11-26 23:40 - 00000000 ____D C:\ProgramData\Origin
2013-11-08 00:22 - 2013-11-08 00:22 - 00105808 _____ (Valve Corporation) C:\windows\SysWOW64\steam_api.dll
2013-11-08 00:21 - 2013-04-11 16:12 - 00019392 _____ (Dll-Files.com) C:\windows\system32\roboot64.exe
2013-11-08 00:20 - 2013-11-08 00:20 - 04241280 _____ (Dll-Files.com                                               ) C:\Users\Richard\Downloads\dffsetup-steam_api.exe
2013-11-08 00:13 - 2013-11-08 00:13 - 00055394 _____ C:\Users\Richard\Downloads\steam_api.zip
2013-11-08 00:13 - 2013-11-08 00:13 - 00000000 ____D C:\Users\Richard\Downloads\steam_api
2013-11-08 00:02 - 2013-11-08 00:02 - 00000000 ____D C:\Users\Richard\Documents\Gamepires

==================== One Month Modified Files and Folders =======

2013-12-08 23:46 - 2013-12-08 23:46 - 00019714 _____ C:\Users\Richard\Desktop\FRST.txt
2013-12-08 23:45 - 2013-12-08 23:45 - 01927998 _____ (Farbar) C:\Users\Richard\Desktop\FRST64.exe
2013-12-08 23:29 - 2013-03-29 10:30 - 00000360 _____ C:\windows\Tasks\Xerox PhotoCafe Communicator.job
2013-12-08 23:27 - 2013-11-15 23:27 - 00001968 _____ C:\windows\Tasks\Video-Saver-1-chromeinstaller.job
2013-12-08 23:27 - 2013-11-15 23:27 - 00001352 _____ C:\windows\Tasks\Video-Saver-1-updater.job
2013-12-08 23:27 - 2013-11-15 23:27 - 00001258 _____ C:\windows\Tasks\Video-Saver-1-codedownloader.job
2013-12-08 23:27 - 2013-11-15 23:27 - 00001158 _____ C:\windows\Tasks\Video-Saver-1-enabler.job
2013-12-08 22:56 - 2013-10-29 03:40 - 00001124 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-08 22:02 - 2012-07-26 09:12 - 00000000 ____D C:\windows\system32\sru
2013-12-08 20:56 - 2013-03-29 08:02 - 01167758 _____ C:\windows\WindowsUpdate.log
2013-12-08 20:46 - 2013-12-08 20:46 - 00000000 ____H C:\windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2013-12-08 20:46 - 2012-07-26 08:21 - 00029155 _____ C:\windows\setupact.log
2013-12-08 17:35 - 2013-03-29 23:55 - 00840008 _____ C:\windows\system32\perfh007.dat
2013-12-08 17:35 - 2013-03-29 23:55 - 00189376 _____ C:\windows\system32\perfc007.dat
2013-12-08 17:35 - 2012-07-26 08:28 - 01991464 _____ C:\windows\system32\PerfStringBackup.INI
2013-12-08 17:33 - 2013-10-29 03:40 - 00001120 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-08 17:33 - 2013-03-29 09:57 - 00000868 _____ C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2013-12-08 00:50 - 2013-11-26 23:38 - 00000000 ____D C:\Program Files (x86)\Steam
2013-12-07 23:39 - 2013-12-07 23:39 - 01060157 _____ (Farbar) C:\Users\Richard\Downloads\FRST.exe
2013-12-07 23:39 - 2013-12-07 23:39 - 00010047 _____ C:\Users\Richard\Downloads\FRST.txt
2013-12-07 23:29 - 2013-12-07 23:29 - 00000000 ____D C:\FRST
2013-12-07 23:22 - 2013-12-05 14:25 - 00000000 ____D C:\Users\Richard\Desktop\mukke
2013-12-07 17:02 - 2013-11-02 13:06 - 00000000 ____D C:\Users\Richard\AppData\Local\CrashDumps
2013-12-07 00:02 - 2013-12-07 00:02 - 00000000 ____D C:\Users\Richard\Downloads\Windows_Loader_v2.2.1
2013-12-07 00:02 - 2013-12-06 23:58 - 01706667 _____ C:\Users\Richard\Downloads\Windows_Loader_v2.2.1.zip
2013-12-06 11:51 - 2013-03-29 09:57 - 00000870 _____ C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2013-12-06 01:12 - 2013-12-06 01:12 - 00472258 _____ C:\Users\Richard\Downloads\sdogs214promo-ch.rar
2013-12-06 01:12 - 2013-12-06 01:12 - 00000000 ____D C:\Users\Richard\Downloads\sdogs214promo-ch
2013-12-06 01:11 - 2013-12-06 01:11 - 00570304 _____ C:\Users\Richard\Downloads\SD.v2.1.437044.Plus.10.Trainer-FLiNG.rar
2013-12-06 01:11 - 2013-12-06 01:11 - 00000000 ____D C:\Users\Richard\Downloads\SD.v2.1.437044.Plus.10.Trainer-FLiNG
2013-12-06 00:57 - 2013-12-06 00:57 - 00000000 ____D C:\Users\Richard\Downloads\SLEEPING.DOGS.V2.1.PLUS10TRN.FLING
2013-12-06 00:57 - 2013-12-06 00:57 - 00000000 ____D C:\Users\Richard\Documents\FLiNGTrainer
2013-12-06 00:45 - 2013-12-06 00:45 - 00000000 ____D C:\Users\Richard\Downloads\SleepingDogsv1.9+4_AOBeta
2013-12-06 00:41 - 2013-12-06 00:41 - 00002525 _____ C:\Users\Richard\Desktop\SleepingD+20Tr-LNG_v2.1.437044.exe - Verknüpfung.lnk
2013-12-06 00:40 - 2013-12-06 00:40 - 00000000 ____D C:\Users\Richard\Downloads\SleepD+20Tr-LNG_v2.1.437044
2013-12-06 00:39 - 2013-12-06 00:39 - 02235499 _____ C:\Users\Richard\Downloads\SleepD+20Tr-LNG_v2.1.437044.rar
2013-12-06 00:38 - 2013-12-06 00:38 - 02092070 _____ C:\Users\Richard\Downloads\SleepingDogsv1.9+4_AOBeta.rar
2013-12-06 00:38 - 2013-12-06 00:38 - 00627642 _____ C:\Users\Richard\Downloads\SLEEPING.DOGS.V2.1.PLUS10TRN.FLING.ZIP
2013-12-05 14:51 - 2013-10-29 03:41 - 00002147 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-12-04 15:49 - 2013-12-04 15:38 - 285442224 _____ C:\Users\Richard\Downloads\Top 30 Dance Club Play 23.11.2013.rar
2013-12-04 15:49 - 2013-12-04 15:36 - 365014490 _____ C:\Users\Richard\Downloads\01 - 50_0912.rar
2013-12-04 15:49 - 2013-12-04 15:36 - 363989764 _____ C:\Users\Richard\Downloads\51 - 100_0912.rar
2013-12-04 02:14 - 2013-12-04 02:14 - 00001624 _____ C:\Users\Richard\Downloads\p310y6427fl0kg3.dlc
2013-12-03 01:05 - 2013-12-03 01:05 - 00000000 ____D C:\Users\Richard\Documents\Square Enix
2013-12-03 01:04 - 2013-12-03 01:04 - 00000000 ____D C:\windows\SysWOW64\AGEIA
2013-12-03 01:04 - 2013-12-03 01:04 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2013-12-03 01:03 - 2013-03-29 10:27 - 00223606 _____ C:\windows\DirectX.log
2013-12-03 00:27 - 2013-12-03 00:27 - 00019937 _____ C:\Users\Richard\Documents\Liste grammatikalischer Grundbegriffe (1).odt
2013-12-02 12:19 - 2013-12-02 12:19 - 00000000 ____D C:\Users\Richard\AppData\Roaming\LibreOffice
2013-12-02 12:18 - 2013-12-02 12:18 - 00002599 _____ C:\Users\Public\Desktop\LibreOffice 4.1.lnk
2013-12-02 12:18 - 2013-12-02 12:18 - 00000000 ____D C:\Program Files (x86)\LibreOffice 4
2013-12-02 12:17 - 2013-12-02 12:13 - 215306240 _____ C:\Users\Richard\Downloads\LibreOffice_4.1.3_Win_x86.msi
2013-12-02 11:21 - 2013-12-02 11:21 - 00001054 _____ C:\Users\Public\Desktop\Secure Banking.lnk
2013-12-02 11:21 - 2013-12-02 10:15 - 00000000 ____D C:\Program Files (x86)\Secure Banking
2013-12-02 10:55 - 2013-03-29 10:15 - 00000000 ____D C:\ProgramData\WinClon
2013-12-02 10:34 - 2013-12-02 10:34 - 00000000 ____D C:\Users\Richard\Downloads\Secure Banking v1.5.2
2013-12-02 10:19 - 2013-12-02 10:19 - 00414150 _____ C:\Users\Richard\Downloads\Secure Banking v1.5.2.rar
2013-12-02 10:15 - 2013-10-29 03:19 - 00000000 ____D C:\Users\Richard\AppData\Local\VirtualStore
2013-12-02 10:14 - 2013-12-02 10:14 - 00000000 ____D C:\Users\Richard\Downloads\Secure Banking v1.5.1
2013-12-02 10:12 - 2013-12-02 10:12 - 00399347 _____ C:\Users\Richard\Downloads\Secure Banking v1.5.1.rar
2013-12-02 10:09 - 2013-12-02 10:09 - 00000000 ____D C:\Users\Richard\Downloads\Thats_My_Work_2-(DatPiff.com)
2013-12-01 22:50 - 2013-12-01 22:45 - 90074222 _____ C:\Users\Richard\Downloads\Thats_My_Work_2-(DatPiff.com).zip
2013-12-01 21:47 - 2013-12-01 21:47 - 00000222 _____ C:\Users\Richard\Desktop\Binary Domain.url
2013-11-30 02:19 - 2013-10-29 03:16 - 00000000 ____D C:\Users\Richard
2013-11-29 00:35 - 2013-11-29 00:35 - 00000222 _____ C:\Users\Richard\Desktop\Batman Arkham City GOTY.url
2013-11-29 00:34 - 2013-11-29 00:34 - 00000221 _____ C:\Users\Richard\Desktop\Batman Arkham Asylum GOTY Edition.url
2013-11-28 14:03 - 2012-07-26 09:12 - 00000000 ____D C:\windows\AUInstallAgent
2013-11-28 02:00 - 2013-03-29 10:17 - 00000000 ____D C:\ProgramData\Adobe
2013-11-28 01:57 - 2013-11-28 01:53 - 00000000 ____D C:\Users\Richard\Documents\Assassin's Creed IV Black Flag
2013-11-28 01:54 - 2013-11-28 00:33 - 1073741824 _____ C:\Users\Richard\Downloads\a3c-thir.part03.rar
2013-11-28 01:54 - 2013-11-28 00:33 - 1073741824 _____ C:\Users\Richard\Downloads\a3c-thir.part02.rar
2013-11-28 01:53 - 2013-11-28 00:33 - 1073741824 _____ C:\Users\Richard\Downloads\a3c-thir.part06.rar
2013-11-28 01:53 - 2013-11-28 00:33 - 1073741824 _____ C:\Users\Richard\Downloads\a3c-thir.part04.rar
2013-11-28 01:52 - 2013-11-28 00:33 - 1073741824 _____ C:\Users\Richard\Downloads\a3c-thir.part12.rar
2013-11-28 01:50 - 2013-11-28 00:33 - 1073741824 _____ C:\Users\Richard\Downloads\a3c-thir.part01.rar
2013-11-28 01:28 - 2013-11-28 01:28 - 00000925 _____ C:\Users\Public\Desktop\Assassin's Creed IV Black Flag.lnk
2013-11-28 00:43 - 2013-10-30 23:50 - 00000000 ____D C:\Spiele
2013-11-28 00:42 - 2013-11-28 00:42 - 00001234 _____ C:\Users\Public\Desktop\Virtual CloneDrive.lnk
2013-11-28 00:40 - 2013-11-28 00:40 - 00000000 ____D C:\Program Files (x86)\Elaborate Bytes
2013-11-28 00:38 - 2013-11-28 00:38 - 01640984 _____ C:\Users\Richard\Downloads\SetupVirtualCloneDrive547 (1).exe
2013-11-28 00:38 - 2013-11-28 00:37 - 01640984 _____ C:\Users\Richard\Downloads\SetupVirtualCloneDrive547.exe
2013-11-27 17:41 - 2013-11-27 16:41 - 1073741824 _____ C:\Users\Richard\Downloads\a3c-thir.part15.rar
2013-11-27 17:41 - 2013-11-27 16:39 - 1073741824 _____ C:\Users\Richard\Downloads\a3c-thir.part14.rar
2013-11-27 17:41 - 2013-11-27 16:38 - 1073741824 _____ C:\Users\Richard\Downloads\a3c-thir.part13.rar
2013-11-27 17:34 - 2013-11-27 17:06 - 418381824 _____ C:\Users\Richard\Downloads\a3cdl2-thir.part3.rar
2013-11-27 17:32 - 2013-11-27 17:03 - 418381824 _____ C:\Users\Richard\Downloads\a3cdl2-thir.part2.rar
2013-11-27 17:31 - 2013-11-27 17:18 - 174390904 _____ C:\Users\Richard\Downloads\a3cdl2-thir.part4.rar
2013-11-27 17:17 - 2013-11-27 16:47 - 418381824 _____ C:\Users\Richard\Downloads\a3cdl2-thir.part1.rar
2013-11-27 17:06 - 2013-11-27 16:42 - 323475216 _____ C:\Users\Richard\Downloads\a3c-thir.part16.rar
2013-11-27 16:47 - 2013-11-27 16:43 - 43452244 _____ C:\Users\Richard\Downloads\ac3up106-thir.rar
2013-11-27 16:43 - 2013-11-27 15:32 - 1073741824 _____ C:\Users\Richard\Downloads\a3c-thir.part11.rar
2013-11-27 16:42 - 2013-11-27 15:28 - 1073741824 _____ C:\Users\Richard\Downloads\a3c-thir.part10.rar
2013-11-27 16:41 - 2013-11-27 02:22 - 1073741824 _____ C:\Users\Richard\Downloads\a3c-thir.part09.rar
2013-11-27 16:39 - 2013-11-27 02:21 - 1073741824 _____ C:\Users\Richard\Downloads\a3c-thir.part08.rar
2013-11-27 16:37 - 2013-11-27 02:11 - 1073741824 _____ C:\Users\Richard\Downloads\a3c-thir.part07.rar
2013-11-27 15:39 - 2013-11-27 00:44 - 1073741824 _____ C:\Users\Richard\Downloads\a3c-thir.part05.rar
2013-11-27 02:41 - 2013-10-30 00:22 - 00000000 ____D C:\Users\Richard\AppData\Roaming\uTorrent
2013-11-27 00:59 - 2013-11-27 00:59 - 00000000 ____D C:\Users\Richard\Downloads\Uplay-2.1.1-Steam006 (1)
2013-11-27 00:54 - 2013-11-27 00:51 - 01921165 _____ C:\Users\Richard\Downloads\Uplay-2.1.1-Steam006 (1).7z
2013-11-27 00:32 - 2013-11-27 00:31 - 43270981 _____ C:\Users\Richard\Downloads\AC3..v1.06.Upd-SKID_StanleyTweedle.rar
2013-11-27 00:30 - 2013-11-27 00:30 - 00000944 _____ C:\Users\Richard\Downloads\9badc50989b04a28c0aec96e79dfbe25.dlc
2013-11-27 00:22 - 2013-11-27 00:22 - 09002585 _____ C:\Users\Richard\Downloads\sr-ac3u106.7z
2013-11-27 00:22 - 2013-11-08 03:28 - 00000000 ____D C:\Users\Richard\AppData\Local\Ubisoft Game Launcher
2013-11-26 23:47 - 2013-11-26 23:47 - 00000000 ____D C:\Users\Internet\AppData\Roaming\Origin
2013-11-26 23:47 - 2013-11-26 23:40 - 00000000 ____D C:\Program Files (x86)\Origin
2013-11-26 23:45 - 2013-11-26 23:45 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2013-11-26 23:40 - 2013-11-26 23:40 - 00000000 ____D C:\ProgramData\Electronic Arts
2013-11-26 23:40 - 2013-11-08 00:38 - 00000000 ____D C:\ProgramData\Origin
2013-11-26 23:38 - 2013-11-26 23:38 - 00000933 _____ C:\Users\Public\Desktop\Steam.lnk
2013-11-26 01:45 - 2013-11-26 01:45 - 00000000 ____D C:\Users\Richard\Downloads\Need.for.Speed.Rivals.v1.2.0.0.Update.and.No.Origin.X86.and.X64.Crack-3DM
2013-11-26 01:26 - 2012-08-05 22:07 - 00207350 _____ C:\windows\PFRO.log
2013-11-26 01:26 - 2012-07-26 08:22 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-11-26 01:20 - 2013-11-26 01:18 - 133759637 _____ C:\Users\Richard\Downloads\Need.for.Speed.Rivals.v1.2.0.0.Update.and.No.Origin.X86.and.X64.Crack-3DM.rar
2013-11-26 01:18 - 2013-11-26 01:18 - 17481110 _____ C:\Users\Richard\Downloads\Need.for.Speed.Rivals.X86.and.X64.Crack.Only.v2-3DM.rar
2013-11-26 00:57 - 2013-11-26 00:57 - 00000000 ____D C:\Users\Richard\Documents\Games for Windows - LIVE Demos
2013-11-26 00:56 - 2013-11-26 00:56 - 00000000 ____D C:\windows\SysWOW64\xlive
2013-11-26 00:56 - 2013-11-26 00:56 - 00000000 ____D C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2013-11-26 00:27 - 2013-11-26 00:27 - 00642712 _____ (Microsoft Corporation) C:\Users\Richard\Downloads\gfwlive35setup.exe
2013-11-25 10:02 - 2013-11-25 10:02 - 00000000 ____D C:\Writer
2013-11-25 10:01 - 2013-11-25 09:59 - 167088248 _____ (PortableApps.com) C:\Users\Richard\Downloads\LibreOfficePortable_4.1.3_MultilingualAll.paf.exe
2013-11-25 00:54 - 2013-11-08 03:12 - 00000000 ____D C:\Users\Richard\Documents\Assassin's Creed III
2013-11-25 00:53 - 2013-11-25 00:53 - 00000000 ____D C:\Users\Richard\Downloads\assn3crc
2013-11-25 00:52 - 2013-11-16 01:13 - 00000000 ____D C:\Users\Richard\Downloads\rld-ac3105
2013-11-24 21:23 - 2013-11-24 21:23 - 00000000 ____D C:\Users\Richard\Documents\Ghost Games
2013-11-24 15:28 - 2013-11-24 15:28 - 00001760 _____ C:\Users\Public\Desktop\Need for Speed Rivals (x86).lnk
2013-11-24 15:28 - 2013-11-24 15:28 - 00001728 _____ C:\Users\Public\Desktop\Need for Speed Rivals (x64).lnk
2013-11-24 15:19 - 2013-10-29 13:24 - 00000000 ____D C:\Users\Richard\AppData\Roaming\vlc
2013-11-24 14:32 - 2013-11-24 13:21 - 1047527424 _____ C:\Users\Richard\Downloads\nfsrddem2nwfxdvr-thir.part3.rar
2013-11-24 14:31 - 2013-11-24 13:22 - 1047527424 _____ C:\Users\Richard\Downloads\nfsrddem2nwfxdvr-thir.part7.rar
2013-11-24 14:31 - 2013-11-24 13:22 - 1047527424 _____ C:\Users\Richard\Downloads\nfsrddem2nwfxdvr-thir.part6.rar
2013-11-24 14:31 - 2013-11-24 13:21 - 1047527424 _____ C:\Users\Richard\Downloads\nfsrddem2nwfxdvr-thir.part5.rar
2013-11-24 14:31 - 2013-11-24 13:21 - 1047527424 _____ C:\Users\Richard\Downloads\nfsrddem2nwfxdvr-thir.part1.rar
2013-11-24 13:55 - 2013-11-24 13:22 - 482193540 _____ C:\Users\Richard\Downloads\nfsrddem2nwfxdvr-thir.part8.rar
2013-11-24 13:21 - 2013-11-24 13:21 - 00000000 ____D C:\Users\Richard\Downloads\maba_maensischusagfra_dri_upx
2013-11-24 00:51 - 2013-11-24 00:51 - 00000000 ____D C:\Users\Richard\Documents\WB Games
2013-11-24 00:46 - 2013-11-24 00:40 - 525336579 _____ C:\Users\Richard\Downloads\Assassins.Creed.IV.Black.Flag.Black.Chest.Edition.MULTi19-ElAmigos.part10.rar
2013-11-23 23:17 - 2013-11-23 21:57 - 1047527424 _____ C:\Users\Richard\Downloads\nfsrddem2nwfxdvr-thir.part2.rar
2013-11-23 23:16 - 2013-11-23 21:59 - 1047527424 _____ C:\Users\Richard\Downloads\nfsrddem2nwfxdvr-thir.part4.rar
2013-11-23 21:54 - 2013-11-23 21:54 - 00000000 ____D C:\Users\Richard\Downloads\Assassins.Creed.IV.Black.Flag.Black.Chest.Edition.MULTi19-ElAmigos
2013-11-23 19:37 - 2013-11-23 19:32 - 41749356 _____ C:\Users\Richard\Downloads\Need for Speed Rivals Deutsche Sprachdateien.rar
2013-11-23 17:28 - 2013-11-23 17:22 - 525336579 _____ C:\Users\Richard\Downloads\Assassins.Creed.IV.Black.Flag.Black.Chest.Edition.MULTi19-ElAmigos.part16.rar
2013-11-23 13:40 - 2013-11-23 13:39 - 37996284 _____ C:\Users\Richard\Downloads\maba_maensischusagfra_dri_upx.part11.rar
2013-11-23 13:40 - 2013-11-22 03:04 - 525336579 _____ C:\Users\Richard\Downloads\Assassins.Creed.IV.Black.Flag.Black.Chest.Edition.MULTi19-ElAmigos.part15.rar
2013-11-23 13:39 - 2013-11-23 13:31 - 110100480 _____ C:\Users\Richard\Downloads\maba_maensischusagfra_dri_upx.part10.rar
2013-11-23 13:39 - 2013-11-23 13:31 - 110100480 _____ C:\Users\Richard\Downloads\maba_maensischusagfra_dri_upx.part09.rar
2013-11-23 13:39 - 2013-11-23 13:31 - 110100480 _____ C:\Users\Richard\Downloads\maba_maensischusagfra_dri_upx.part08.rar
2013-11-23 13:39 - 2013-11-23 13:31 - 110100480 _____ C:\Users\Richard\Downloads\maba_maensischusagfra_dri_upx.part07.rar
2013-11-23 13:39 - 2013-11-23 13:30 - 110100480 _____ C:\Users\Richard\Downloads\maba_maensischusagfra_dri_upx.part06.rar
2013-11-23 13:31 - 2013-11-23 13:22 - 110100480 _____ C:\Users\Richard\Downloads\maba_maensischusagfra_dri_upx.part04.rar
2013-11-23 13:30 - 2013-11-23 13:22 - 110100480 _____ C:\Users\Richard\Downloads\maba_maensischusagfra_dri_upx.part05.rar
2013-11-23 13:30 - 2013-11-23 13:22 - 110100480 _____ C:\Users\Richard\Downloads\maba_maensischusagfra_dri_upx.part03.rar
2013-11-23 13:30 - 2013-11-23 13:22 - 110100480 _____ C:\Users\Richard\Downloads\maba_maensischusagfra_dri_upx.part02.rar
2013-11-23 13:30 - 2013-11-23 13:22 - 110100480 _____ C:\Users\Richard\Downloads\maba_maensischusagfra_dri_upx.part01.rar
2013-11-23 13:22 - 2013-11-22 02:58 - 525336579 _____ C:\Users\Richard\Downloads\Assassins.Creed.IV.Black.Flag.Black.Chest.Edition.MULTi19-ElAmigos.part14.rar
2013-11-23 13:21 - 2013-11-23 13:21 - 00004292 _____ C:\Users\Richard\Downloads\Mario.Barth.-.Maenner.Sind.Schuld.Sagen.Die.Frauen.2013.German.AC3.DVDRip.x264-UPX-k1x7owm9yy1.dlc
2013-11-23 11:22 - 2012-07-26 09:12 - 00000000 ____D C:\windows\rescache
2013-11-23 10:49 - 2013-11-10 16:02 - 636054618 _____ C:\windows\MEMORY.DMP
2013-11-23 10:49 - 2013-10-29 04:07 - 00000000 ____D C:\windows\Minidump
2013-11-23 10:49 - 2012-07-26 09:12 - 00000000 ___HD C:\windows\ELAMBKUP
2013-11-23 02:01 - 2013-11-23 01:50 - 00000000 ____D C:\Users\Richard\Downloads\fc-bafix
2013-11-23 01:55 - 2013-11-23 01:55 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Intel Corporation
2013-11-23 01:55 - 2013-11-23 01:55 - 00000000 ____D C:\Users\Admin\AppData\Roaming\ATI
2013-11-23 01:54 - 2013-11-23 01:54 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Atheros
2013-11-23 01:54 - 2013-11-08 11:20 - 00000000 ____D C:\Users\Admin
2013-11-23 01:52 - 2013-11-23 01:52 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Synaptics
2013-11-23 01:52 - 2013-11-23 01:52 - 00000000 _____ C:\Users\Admin\agent.log
2013-11-23 01:49 - 2013-11-23 01:48 - 49938442 _____ C:\Users\Richard\Downloads\fc-bafix.7z
2013-11-23 01:41 - 2013-11-23 01:41 - 08780754 _____ C:\Users\Richard\Downloads\xlive.zip
2013-11-23 01:41 - 2013-11-23 01:41 - 00000000 ____D C:\Users\Richard\Downloads\xlive
2013-11-23 01:21 - 2013-11-23 01:21 - 00000000 ____D C:\Users\Richard\Desktop\Neuer Ordner
2013-11-23 01:14 - 2013-11-23 01:14 - 00000000 __SHD C:\ProgramData\DSS
2013-11-23 00:08 - 2013-11-23 00:08 - 00000000 ____D C:\Program Files (x86)\AMD
2013-11-22 19:17 - 2013-11-22 19:17 - 00000000 ____D C:\Users\Richard\Downloads\Batman.Arkham.City.Game.of.the.Year.Edition-SKIDROW
2013-11-22 02:57 - 2013-11-22 02:53 - 258475746 _____ C:\Users\Richard\Downloads\Assassins.Creed.IV.Black.Flag.Black.Chest.Edition.MULTi19-ElAmigos.part19.rar
2013-11-22 02:55 - 2013-11-22 02:45 - 525336579 _____ C:\Users\Richard\Downloads\Assassins.Creed.IV.Black.Flag.Black.Chest.Edition.MULTi19-ElAmigos.part13.rar
2013-11-22 02:35 - 2013-11-16 00:48 - 525336579 _____ C:\Users\Richard\Downloads\Assassins.Creed.IV.Black.Flag.Black.Chest.Edition.MULTi19-ElAmigos.part11.rar
2013-11-22 00:40 - 2013-10-29 03:21 - 00000000 ____D C:\Users\Richard\AppData\Roaming\Adobe
2013-11-22 00:39 - 2013-11-22 00:39 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2013-11-22 00:24 - 2013-11-22 00:24 - 00000000 ____D C:\Users\Richard\Downloads\EurolineDH1
2013-11-22 00:19 - 2013-11-22 00:19 - 05292313 _____ C:\Users\Richard\Downloads\EurolineDH1.rar
2013-11-22 00:10 - 2013-11-22 00:10 - 00000000 ____D C:\Users\Richard\Downloads\6795965
2013-11-21 23:40 - 2013-11-21 23:11 - 1013978768 _____ C:\Users\Richard\Downloads\6795965.rar
2013-11-21 19:34 - 2012-07-26 09:12 - 00000000 ___RD C:\windows\ToastData
2013-11-20 15:08 - 2013-10-30 00:24 - 00000000 ____D C:\Torrent
2013-11-16 15:25 - 2013-11-15 23:27 - 00000000 ____D C:\Program Files (x86)\Video-Saver-1
2013-11-16 15:14 - 2013-11-16 15:14 - 00001270 _____ C:\Users\Richard\Desktop\iw6sp64_ship.exe - Verknüpfung.lnk
2013-11-16 14:01 - 2013-11-16 02:10 - 525336579 _____ C:\Users\Richard\Downloads\Assassins.Creed.IV.Black.Flag.Black.Chest.Edition.MULTi19-ElAmigos.part18.rar
2013-11-16 02:45 - 2013-11-16 01:51 - 525336579 _____ C:\Users\Richard\Downloads\Assassins.Creed.IV.Black.Flag.Black.Chest.Edition.MULTi19-ElAmigos.part17.rar
2013-11-16 02:10 - 2013-11-16 00:51 - 525336579 _____ C:\Users\Richard\Downloads\Assassins.Creed.IV.Black.Flag.Black.Chest.Edition.MULTi19-ElAmigos.part12.rar
2013-11-16 01:02 - 2013-11-16 00:58 - 07171632 _____ C:\Users\Richard\Downloads\bitdefender_tsecurity.exe
2013-11-16 00:52 - 2013-10-29 03:53 - 00000000 ____D C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
2013-11-16 00:52 - 2013-03-29 10:05 - 00000000 ____D C:\ProgramData\Norton
2013-11-16 00:51 - 2013-11-16 00:19 - 525336582 _____ C:\Users\Richard\Downloads\Assassins.Creed.IV.Black.Flag.Black.Chest.Edition.MULTi19-ElAmigos.part09.rar
2013-11-16 00:51 - 2013-11-16 00:19 - 525336579 _____ C:\Users\Richard\Downloads\Assassins.Creed.IV.Black.Flag.Black.Chest.Edition.MULTi19-ElAmigos.part08.rar
2013-11-16 00:46 - 2013-11-16 00:19 - 525336579 _____ C:\Users\Richard\Downloads\Assassins.Creed.IV.Black.Flag.Black.Chest.Edition.MULTi19-ElAmigos.part07.rar
2013-11-16 00:43 - 2013-10-29 03:53 - 00048128 ___SH C:\Users\Richard\Desktop\Thumbs.db
2013-11-16 00:43 - 2013-10-29 03:53 - 00001328 _____ C:\Users\Richard\Desktop\Norton Installation Files.lnk
2013-11-16 00:19 - 2013-11-16 00:00 - 525336579 _____ C:\Users\Richard\Downloads\Assassins.Creed.IV.Black.Flag.Black.Chest.Edition.MULTi19-ElAmigos.part06.rar
2013-11-16 00:19 - 2013-11-16 00:00 - 525336579 _____ C:\Users\Richard\Downloads\Assassins.Creed.IV.Black.Flag.Black.Chest.Edition.MULTi19-ElAmigos.part05.rar
2013-11-16 00:19 - 2013-11-16 00:00 - 525336579 _____ C:\Users\Richard\Downloads\Assassins.Creed.IV.Black.Flag.Black.Chest.Edition.MULTi19-ElAmigos.part04.rar
2013-11-16 00:00 - 2013-11-15 23:41 - 525336585 _____ C:\Users\Richard\Downloads\Assassins.Creed.IV.Black.Flag.Black.Chest.Edition.MULTi19-ElAmigos.part02.rar
2013-11-16 00:00 - 2013-11-15 23:41 - 525336585 _____ C:\Users\Richard\Downloads\Assassins.Creed.IV.Black.Flag.Black.Chest.Edition.MULTi19-ElAmigos.part01.rar
2013-11-16 00:00 - 2013-11-15 23:41 - 525336582 _____ C:\Users\Richard\Downloads\Assassins.Creed.IV.Black.Flag.Black.Chest.Edition.MULTi19-ElAmigos.part03.rar
2013-11-15 23:39 - 2013-11-15 23:39 - 00006552 _____ C:\Users\Richard\Downloads\031pah2q22r8493.dlc
2013-11-15 23:28 - 2013-11-15 23:28 - 00000000 ____D C:\Program Files (x86)\DealPly
2013-11-15 23:26 - 2013-11-15 23:25 - 19084123 _____ (© schoener-fernsehen.com) C:\Users\Richard\Downloads\SchoenerFernsehen_0.0.0.1.exe
2013-11-14 22:49 - 2013-10-29 12:43 - 00000000 ____D C:\windows\system32\MRT
2013-11-14 22:47 - 2013-10-29 12:43 - 82896128 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-11-14 02:45 - 2013-11-14 02:45 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Macromedia
2013-11-14 02:42 - 2013-11-14 02:42 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Adobe
2013-11-14 01:44 - 2013-11-14 01:44 - 00000000 ____D C:\AMD
2013-11-14 00:44 - 2013-11-04 15:07 - 00000000 ____D C:\windows\SysWOW64\directx
2013-11-13 14:59 - 2013-11-08 00:39 - 00000000 ____D C:\Users\Richard\Downloads\a3cem2-thir
2013-11-13 13:43 - 2013-11-13 13:43 - 00000000 ____D C:\ProgramData\Steam
2013-11-13 02:09 - 2013-11-13 02:09 - 00000000 ____D C:\Users\Richard\Downloads\Subaru_Legacy_BL5
2013-11-13 00:23 - 2013-11-13 00:22 - 18371483 _____ C:\Users\Richard\Downloads\MisterSir_Rotary_Rescript.zip
2013-11-13 00:22 - 2013-11-13 00:22 - 00005015 _____ C:\Users\Richard\Downloads\MisterSir_Rotary_Rescript_MWM_RPK.zip
2013-11-13 00:19 - 2013-11-13 00:18 - 06182927 _____ C:\Users\Richard\Downloads\Subaru_Legacy_BL5.7z
2013-11-12 00:34 - 2013-11-12 00:34 - 00001262 _____ C:\Users\Richard\Desktop\MOHW.exe - Verknüpfung.lnk
2013-11-10 01:11 - 2013-11-10 01:10 - 00000510 _____ C:\Users\Richard\Desktop\mohwf.reg
2013-11-09 13:40 - 2013-11-09 13:40 - 00002022 _____ C:\Users\Public\Desktop\Adobe Reader X.lnk
2013-11-09 12:42 - 2013-11-08 03:24 - 00000000 ____D C:\Users\Richard\Downloads\Uplay-2.1.1-Steam006
2013-11-09 12:42 - 2013-11-07 23:40 - 00000000 ____D C:\Users\Richard\Downloads\rld-gaguex
2013-11-08 19:08 - 2013-11-08 19:08 - 00000000 ____D C:\Users\Internet\AppData\Roaming\Intel Corporation
2013-11-08 19:07 - 2013-11-08 19:07 - 00000000 ____D C:\Users\Internet\AppData\Roaming\ATI
2013-11-08 19:07 - 2013-11-08 19:07 - 00000000 ____D C:\Users\Internet\AppData\Roaming\Atheros
2013-11-08 19:06 - 2013-11-08 19:06 - 00000000 ____D C:\Users\Internet\AppData\Roaming\Adobe
2013-11-08 19:06 - 2013-11-08 19:05 - 00000000 ____D C:\Users\Internet
2013-11-08 19:05 - 2013-11-08 19:05 - 00000020 ___SH C:\Users\Internet\ntuser.ini
2013-11-08 19:05 - 2013-11-08 19:05 - 00000000 _SHDL C:\Users\Internet\Vorlagen
2013-11-08 19:05 - 2013-11-08 19:05 - 00000000 _SHDL C:\Users\Internet\Startmenü
2013-11-08 19:05 - 2013-11-08 19:05 - 00000000 _SHDL C:\Users\Internet\Netzwerkumgebung
2013-11-08 19:05 - 2013-11-08 19:05 - 00000000 _SHDL C:\Users\Internet\Lokale Einstellungen
2013-11-08 19:05 - 2013-11-08 19:05 - 00000000 _SHDL C:\Users\Internet\Eigene Dateien
2013-11-08 19:05 - 2013-11-08 19:05 - 00000000 _SHDL C:\Users\Internet\Druckumgebung
2013-11-08 19:05 - 2013-11-08 19:05 - 00000000 _SHDL C:\Users\Internet\Anwendungsdaten
2013-11-08 19:05 - 2013-11-08 19:05 - 00000000 ____D C:\Users\Internet\AppData\Roaming\Synaptics
2013-11-08 19:05 - 2013-11-08 19:05 - 00000000 _____ C:\Users\Internet\agent.log
2013-11-08 11:20 - 2013-11-08 11:20 - 00000020 ___SH C:\Users\Admin\ntuser.ini
2013-11-08 11:20 - 2013-11-08 11:20 - 00000000 _SHDL C:\Users\Admin\Vorlagen
2013-11-08 11:20 - 2013-11-08 11:20 - 00000000 _SHDL C:\Users\Admin\Startmenü
2013-11-08 11:20 - 2013-11-08 11:20 - 00000000 _SHDL C:\Users\Admin\Netzwerkumgebung
2013-11-08 11:20 - 2013-11-08 11:20 - 00000000 _SHDL C:\Users\Admin\Lokale Einstellungen
2013-11-08 11:20 - 2013-11-08 11:20 - 00000000 _SHDL C:\Users\Admin\Eigene Dateien
2013-11-08 11:20 - 2013-11-08 11:20 - 00000000 _SHDL C:\Users\Admin\Druckumgebung
2013-11-08 11:20 - 2013-11-08 11:20 - 00000000 _SHDL C:\Users\Admin\Anwendungsdaten
2013-11-08 04:01 - 2013-11-08 04:01 - 00112260 _____ C:\Users\Richard\Downloads\Assassin_s_Creed_II_-_Deluxe_Edition_-_FULL-SC-4casudmhbv5.dlc
2013-11-08 03:52 - 2013-11-08 03:52 - 12558132 _____ C:\Users\Richard\Downloads\AgyC3cr.rar
2013-11-08 03:48 - 2013-11-08 03:48 - 17845093 _____ C:\Users\Richard\Downloads\assn3crc.rar
2013-11-08 03:26 - 2013-11-08 03:26 - 00000000 ____D C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2013-11-08 03:26 - 2013-11-08 03:25 - 24112320 _____ C:\Users\Richard\Downloads\UplayInstaller208.exe
2013-11-08 03:24 - 2013-11-08 03:24 - 01921165 _____ C:\Users\Richard\Downloads\Uplay-2.1.1-Steam006.7z
2013-11-08 03:22 - 2013-11-08 03:22 - 00123316 _____ C:\Users\Richard\Downloads\rld-ac3105.7z
2013-11-08 03:05 - 2013-11-08 03:05 - 00000000 ____D C:\ProgramData\Orbit
2013-11-08 01:37 - 2013-11-08 01:34 - 00000000 ____D C:\Users\Richard\Documents\MOHW
2013-11-08 00:56 - 2013-11-08 00:56 - 00012528 _____ C:\Users\Richard\Downloads\6487d51abb310291098a73916702a77d.dlc
2013-11-08 00:22 - 2013-11-08 00:22 - 00105808 _____ (Valve Corporation) C:\windows\SysWOW64\steam_api.dll
2013-11-08 00:20 - 2013-11-08 00:20 - 04241280 _____ (Dll-Files.com                                               ) C:\Users\Richard\Downloads\dffsetup-steam_api.exe
2013-11-08 00:13 - 2013-11-08 00:13 - 00055394 _____ C:\Users\Richard\Downloads\steam_api.zip
2013-11-08 00:13 - 2013-11-08 00:13 - 00000000 ____D C:\Users\Richard\Downloads\steam_api
2013-11-08 00:02 - 2013-11-08 00:02 - 00000000 ____D C:\Users\Richard\Documents\Gamepires

Files to move or delete:
====================
C:\ProgramData\MakeMarkerFile.exe
C:\Users\EasySurvey\EasySurvey.exe


Some content of TEMP:
====================
C:\Users\Richard\AppData\Local\Temp\CH.dll
C:\Users\Richard\AppData\Local\Temp\ubi22E3.tmp.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Addition:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-12-2013 03
Ran by Richard at 2013-12-08 23:47:28
Running from C:\Users\Richard\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton 360 Online (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton 360 Online (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 Online (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

µTorrent (HKCU Version: 3.3.2.30303)
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Adobe Photoshop Elements 11 (x32 Version: 11.0)
Adobe Reader X (10.1.8) MUI (x32 Version: 10.1.8)
AllSharePlayLink (x32 Version: 1.0.0)
AMD APP SDK Runtime (Version: 10.0.938.2)
AMD Catalyst Install Manager (Version: 8.0.881.0)
Application Compatibility Toolkit (Version: 8.59.25584)
Assassin's Creed IV Black Flag Version 1.0 (x32 Version: 1.0)
Assessment and Deployment Kit (x32 Version: 8.59.25584)
Assessments on Client (x32 Version: 8.59.25584)
Batman: Arkham Asylum GOTY Edition (x32)
Batman: Arkham City GOTY (x32)
BeamNG-Techdemo-0.3 (remove only) (HKCU)
Binary Domain (x32)
Bitcasa version 0.9.20.4133 (Version: 0.9.20.4133)
Browser in the Box (Version: 2.4.2-r1952)
Call of Duty Ghosts (x32 Version: Call of Duty Ghosts)
Call of Duty: Ghosts Update 1 (x32 Version: 1)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center (x32 Version: 2012.0806.1156.19437)
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0806.1156.19437)
Catalyst Control Center InstallProxy (x32 Version: 2012.0806.1156.19437)
Catalyst Control Center Localization All (x32 Version: 2012.0806.1156.19437)
Catalyst Control Center Profiles Mobile (x32 Version: 2012.0806.1156.19437)
CCC Help Chinese Standard (x32 Version: 2012.0806.1155.19437)
CCC Help Chinese Traditional (x32 Version: 2012.0806.1155.19437)
CCC Help Czech (x32 Version: 2012.0806.1155.19437)
CCC Help Danish (x32 Version: 2012.0806.1155.19437)
CCC Help Dutch (x32 Version: 2012.0806.1155.19437)
CCC Help English (x32 Version: 2012.0806.1155.19437)
CCC Help Finnish (x32 Version: 2012.0806.1155.19437)
CCC Help French (x32 Version: 2012.0806.1155.19437)
CCC Help German (x32 Version: 2012.0806.1155.19437)
CCC Help Greek (x32 Version: 2012.0806.1155.19437)
CCC Help Hungarian (x32 Version: 2012.0806.1155.19437)
CCC Help Italian (x32 Version: 2012.0806.1155.19437)
CCC Help Japanese (x32 Version: 2012.0806.1155.19437)
CCC Help Korean (x32 Version: 2012.0806.1155.19437)
CCC Help Norwegian (x32 Version: 2012.0806.1155.19437)
CCC Help Polish (x32 Version: 2012.0806.1155.19437)
CCC Help Portuguese (x32 Version: 2012.0806.1155.19437)
CCC Help Russian (x32 Version: 2012.0806.1155.19437)
CCC Help Spanish (x32 Version: 2012.0806.1155.19437)
CCC Help Swedish (x32 Version: 2012.0806.1155.19437)
CCC Help Thai (x32 Version: 2012.0806.1155.19437)
CCC Help Turkish (x32 Version: 2012.0806.1155.19437)
ccc-utility64 (Version: 2012.0806.1156.19437)
CyberLink Power2Go 8 (x32 Version: 8.0.0.1912)
CyberLink PowerDVD 10 (x32 Version: 10.0.4421.02)
D3DX10 (x32 Version: 15.4.2368.0902)
DealPly (remove only) (x32 Version: 4.8.7.2) <==== ATTENTION
Dual-Core Optimizer (x32 Version: 1.1.4.0169)
Easy File Share (x32 Version: 1.3.6)
Elements 11 Organizer (x32 Version: 11.0)
E-POP (x32 Version: 1.0.1)
EPSON BX305 Plus Series Printer Uninstall
Fotogalerie (x32 Version: 16.4.3503.0728)
Galerie de photos (x32 Version: 16.4.3503.0728)
Gas Guzzlers Extreme (x32 Version: 1)
Google Chrome (x32 Version: 31.0.1650.63)
Google Update Helper (x32 Version: 1.3.22.3)
Heat Online (x32)
Help Desk (Version: 1.0.96)
Intel AppUp(SM) center (x32 Version: 3.6.1.33070.11)
Intel(R) Control Center (x32 Version: 1.2.1.1008)
Intel(R) Display Audio Driver (x32 Version: 6.14.00.3097)
Intel(R) Manageability Engine Firmware Recovery Agent (x32 Version: 1.0.0.36354)
Intel(R) Management Engine Components (x32 Version: 8.1.0.1252)
Intel(R) Rapid Storage Technology (x32 Version: 11.6.0.1030)
Intel® Trusted Connect Service Client (Version: 1.24.388.1)
JDownloader 2 (Version: 2.0)
KeePass Password Safe 2.23 (x32)
Kits Configuration Installer (x32 Version: 8.59.25584)
LibreOffice 4.1.3.2 (x32 Version: 4.1.3.2)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.5.92.0)
Microsoft Games for Windows Marketplace (x32 Version: 3.5.67.0)
Microsoft Office (x32 Version: 14.0.6120.5004)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft SQL Server 2008 Setup Support Files  (x32 Version: 10.1.2731.0)
Microsoft SQL Server 2012 (x32)
Microsoft SQL Server 2012 Native Client  (Version: 11.0.2100.60)
Microsoft SQL Server 2012 RsFx Driver (x32 Version: 11.0.2100.60)
Microsoft SQL Server 2012 Setup (English) (x32 Version: 11.0.2100.60)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (Version: 11.0.2100.60)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft VSS Writer for SQL Server 2012 (Version: 11.0.2100.60)
Movie Maker (x32 Version: 16.4.3503.0728)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT110 (x32 Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1108.0727)
MyDriveConnect 3.3.0.1318 (x32 Version: 3.3.0.1318)
Need for Speed(TM) Rivals (Version: 1.0)
Norton 360 (x32 Version: 20.4.0.40)
Norton Online Backup (x32 Version: 2.2.3.51)
Norton Online Backup ARA (x32 Version: 4.1.0.14)
NVIDIA PhysX (x32 Version: 9.09.0814)
Oracle VM VirtualBox 4.0.16 (Version: 4.0.16)
Origin (x32 Version: 9.3.11.2762)
Photo Common (x32 Version: 16.4.3503.0728)
Photo Gallery (x32 Version: 16.4.3503.0728)
Plants vs. Zombies (x32)
PSE11 STI Installer (x32 Version: 11.0)
PX Profile Update (x32 Version: 1.00.1.)
Qualcomm Atheros Bluetooth Suite (64) (Version: 8.0.0.216)
Qualcomm Atheros Client Installation Program (x32 Version: 10.0)
Quick Starter (Version: 1.0.2)
Raccolta foto (x32 Version: 16.4.3503.0728)
Realtek Ethernet Controller Driver (x32 Version: 8.3.730.2012)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6702)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.8400.39030)
Recovery (x32 Version: 6.0.10.0)
S Agent (Version: 1.1.45)
Secure Banking Version 1.5.1 (x32 Version: 1.5.1)
Secure Banking Version 1.5.2 (x32 Version: 1.5.2)
Settings (x32 Version: 2.0.1)
SQL Server 2012 Common Files (x32 Version: 11.0.2100.60)
SQL Server 2012 Database Engine Services (x32 Version: 11.0.2100.60)
SQL Server 2012 Database Engine Shared (x32 Version: 11.0.2100.60)
SQL Server Browser for SQL Server 2012 (x32 Version: 11.0.2100.60)
Sql Server Customer Experience Improvement Program (x32 Version: 11.0.2100.60)
Steam (x32)
Support Center (Version: 2.1.1106)
Support Center FAQ (x32 Version: 1.0.11)
SW Update (x32 Version: 2.1.21)
Synaptics Pointing Device Driver (Version: 16.2.14.2)
Tom Clancy's Rainbow Six Vegas (x32 Version: 1.06.000)
Toolkit Documentation (x32 Version: 8.59.25584)
Ultracopier 1.0.1.9 (x32 Version: 1.0.1.9)
Uplay (x32 Version: 4.0)
User Guide (x32 Version: 1.4.00)
User State Migration Tool (x32 Version: 8.59.25584)
Video-Saver-1 (x32 Version: 1.28.153.5)
VirtualCloneDrive (x32 Version: 5.4.7.0)
Visual Studio C++ 10.0 Runtime (x32 Version: 10.0.0)
VLC media player 2.1.0 (Version: 2.1.0)
vLite (x32 Version: 1.2)
Volume Activation Management Tool (x32 Version: 8.59.25584)
Windows 7 USB/DVD Download Tool (x32 Version: 1.0.30)
Windows Assessment Services - Client (AMD64 Architecture Specific, Client SKU) (x32 Version: 8.59.25584)
Windows Assessment Services - Client (Client SKU) (x32 Version: 8.59.25584)
Windows Assessment Toolkit (AMD64 Architecture Specific) (x32 Version: 8.59.25584)
Windows Assessment Toolkit (x32 Version: 8.59.25584)
Windows Deployment Customizations (x32 Version: 8.59.25584)
Windows Deployment Tools (x32 Version: 8.59.25584)
Windows Live (x32 Version: 16.4.3503.0728)
Windows Live Communications Platform (x32 Version: 16.4.3503.0728)
Windows Live Essentials (x32 Version: 16.4.3503.0728)
Windows Live Installer (x32 Version: 16.4.3503.0728)
Windows Live Photo Common (x32 Version: 16.4.3503.0728)
Windows Live PIMT Platform (x32 Version: 16.4.3503.0728)
Windows Live SOXE (x32 Version: 16.4.3503.0728)
Windows Live SOXE Definitions (x32 Version: 16.4.3503.0728)
Windows Live UX Platform (x32 Version: 16.4.3503.0728)
Windows Live UX Platform Language Pack (x32 Version: 16.4.3503.0728)
Windows PE x86 x64 (x32 Version: 8.59.25584)
Windows PE x86 x64 wims (x32 Version: 8.59.25584)
Windows System Image Manager on amd64 (x32 Version: 8.59.25584)
WPT Redistributables (x32 Version: 8.59.25584)
WPTx64 (x32 Version: 8.59.25584)
Xerox PhotoCafe (x32 Version: 1.0.0.6162)

==================== Restore Points  =========================

Could not list Restore Points. Check WMI.


==================== Hosts content: ==========================

2012-07-26 06:26 - 2012-07-26 06:26 - 00000824 ____N C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => ?
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => ?
Task: C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => ?
Task: C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => ?
Task: C:\windows\Tasks\Video-Saver-1-chromeinstaller.job => ?
Task: C:\windows\Tasks\Video-Saver-1-codedownloader.job => ?
Task: C:\windows\Tasks\Video-Saver-1-enabler.job => ?
Task: C:\windows\Tasks\Video-Saver-1-updater.job => ?
Task: C:\windows\Tasks\Xerox PhotoCafe Communicator.job => ?

==================== Loaded Modules (whitelisted) =============

2012-09-17 09:23 - 2012-09-17 09:23 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-10-08 11:11 - 2013-10-08 11:11 - 00103424 _____ () C:\Program Files\Ultracopier\libgcc_s_sjlj-1.dll
2013-10-08 11:11 - 2013-10-08 11:11 - 01062912 _____ () C:\Program Files\Ultracopier\libstdc++-6.dll
2013-10-08 11:11 - 2013-10-08 11:11 - 01071616 _____ () C:\Program Files\Ultracopier\qt-plugins\platforms\qwindows.dll
2012-08-06 03:54 - 2012-08-06 03:54 - 00369664 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: Qualcomm Atheros AR3012 Bluetooth 4.0 + HS
Description: Qualcomm Atheros AR3012 Bluetooth 4.0 + HS
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Qualcomm Atheros Communications
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/08/2013 05:38:36 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: PABLO)
Description: Bei der Aktivierung der App „DefaultBrowser_NOPUBLISHERID!Chrome“ ist folgender Fehler aufgetreten: -2147024891. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (12/07/2013 11:45:46 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: PABLO)
Description: Bei der Aktivierung der App „DefaultBrowser_NOPUBLISHERID!Chrome“ ist folgender Fehler aufgetreten: -2147024891. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (12/07/2013 11:25:22 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: PABLO)
Description: Bei der Aktivierung der App „DefaultBrowser_NOPUBLISHERID!Chrome“ ist folgender Fehler aufgetreten: -2147024891. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (12/07/2013 11:18:28 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: PABLO)
Description: Bei der Aktivierung der App „DefaultBrowser_NOPUBLISHERID!Chrome“ ist folgender Fehler aufgetreten: -2147024891. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (12/07/2013 07:01:37 PM) (Source: ATIeRecord) (User: )
Description: ATI EEU Client event error

Error: (12/07/2013 05:02:54 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: ismagent.exe, Version: 1.8.1.36353, Zeitstempel: 0x4f8c314b
Name des fehlerhaften Moduls: combase.dll, Version: 6.2.9200.16420, Zeitstempel: 0x505a976e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00012b58
ID des fehlerhaften Prozesses: 0x1984
Startzeit der fehlerhaften Anwendung: 0xismagent.exe0
Pfad der fehlerhaften Anwendung: ismagent.exe1
Pfad des fehlerhaften Moduls: ismagent.exe2
Berichtskennung: ismagent.exe3
Vollständiger Name des fehlerhaften Pakets: ismagent.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ismagent.exe5

Error: (12/07/2013 05:01:52 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: ismagent.exe, Version: 1.8.1.36353, Zeitstempel: 0x4f8c314b
Name des fehlerhaften Moduls: systemInfo.dll, Version: 1.8.1.36353, Zeitstempel: 0x4f8c2ec9
Ausnahmecode: 0xc00001a5
Fehleroffset: 0x000076d4
ID des fehlerhaften Prozesses: 0x1984
Startzeit der fehlerhaften Anwendung: 0xismagent.exe0
Pfad der fehlerhaften Anwendung: ismagent.exe1
Pfad des fehlerhaften Moduls: ismagent.exe2
Berichtskennung: ismagent.exe3
Vollständiger Name des fehlerhaften Pakets: ismagent.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ismagent.exe5

Error: (12/06/2013 11:56:36 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: PABLO)
Description: Bei der Aktivierung der App „DefaultBrowser_NOPUBLISHERID!Chrome“ ist folgender Fehler aufgetreten: -2147024891. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (12/06/2013 11:43:30 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: ismagent.exe, Version: 1.8.1.36353, Zeitstempel: 0x4f8c314b
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x7783bda1
ID des fehlerhaften Prozesses: 0x1c78
Startzeit der fehlerhaften Anwendung: 0xismagent.exe0
Pfad der fehlerhaften Anwendung: ismagent.exe1
Pfad des fehlerhaften Moduls: ismagent.exe2
Berichtskennung: ismagent.exe3
Vollständiger Name des fehlerhaften Pakets: ismagent.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ismagent.exe5

Error: (12/06/2013 11:42:59 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: ismagent.exe, Version: 1.8.1.36353, Zeitstempel: 0x4f8c314b
Name des fehlerhaften Moduls: network.dll, Version: 1.8.1.36353, Zeitstempel: 0x4f8c2e3b
Ausnahmecode: 0xc00001a5
Fehleroffset: 0x000176d4
ID des fehlerhaften Prozesses: 0x1c78
Startzeit der fehlerhaften Anwendung: 0xismagent.exe0
Pfad der fehlerhaften Anwendung: ismagent.exe1
Pfad des fehlerhaften Moduls: ismagent.exe2
Berichtskennung: ismagent.exe3
Vollständiger Name des fehlerhaften Pakets: ismagent.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ismagent.exe5


System errors:
=============
Error: (12/07/2013 11:17:11 PM) (Source: bowser) (User: )
Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "PABLO" auf Transport "NetBT_Tcpip_{84CB43D4-116C-4341-8250-9C67F68F9A58}". Das Datagramm steht in den Daten.
Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.

Error: (12/07/2013 07:01:36 PM) (Source: DCOM) (User: PABLO)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

Error: (12/07/2013 01:02:32 AM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "RICHY-PC",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{84CB43D4-116C-4341-8250-9C67F68F9A58}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (12/07/2013 00:53:00 AM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "RICHY-PC",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{84CB43D4-116C-4341-8250-9C67F68F9A58}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (12/07/2013 00:40:59 AM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "RICHY-PC",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{84CB43D4-116C-4341-8250-9C67F68F9A58}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (12/07/2013 00:28:58 AM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "RICHY-PC",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{84CB43D4-116C-4341-8250-9C67F68F9A58}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (12/07/2013 00:16:59 AM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "RICHY-PC",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{84CB43D4-116C-4341-8250-9C67F68F9A58}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (12/07/2013 00:05:01 AM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "RICHY-PC",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{84CB43D4-116C-4341-8250-9C67F68F9A58}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (12/06/2013 11:52:59 PM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "RICHY-PC",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{84CB43D4-116C-4341-8250-9C67F68F9A58}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (12/06/2013 11:47:04 PM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{84CB43D4-116C-4341-8250-9C67F68F9A58}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.


Microsoft Office Sessions:
=========================
Error: (12/08/2013 05:38:36 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: PABLO)
Description: DefaultBrowser_NOPUBLISHERID!Chrome-2147024891

Error: (12/07/2013 11:45:46 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: PABLO)
Description: DefaultBrowser_NOPUBLISHERID!Chrome-2147024891

Error: (12/07/2013 11:25:22 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: PABLO)
Description: DefaultBrowser_NOPUBLISHERID!Chrome-2147024891

Error: (12/07/2013 11:18:28 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: PABLO)
Description: DefaultBrowser_NOPUBLISHERID!Chrome-2147024891

Error: (12/07/2013 07:01:37 PM) (Source: ATIeRecord)(User: )
Description: 

Error: (12/07/2013 05:02:54 PM) (Source: Application Error)(User: )
Description: ismagent.exe1.8.1.363534f8c314bcombase.dll6.2.9200.16420505a976ec000000500012b58198401cef36596650ef7C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exeC:\windows\SYSTEM32\combase.dll0772f7cb-5f59-11e3-be9b-208984a5a408

Error: (12/07/2013 05:01:52 PM) (Source: Application Error)(User: )
Description: ismagent.exe1.8.1.363534f8c314bsystemInfo.dll1.8.1.363534f8c2ec9c00001a5000076d4198401cef36596650ef7C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exeC:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\systemInfo.dlle2945b04-5f58-11e3-be9b-208984a5a408

Error: (12/06/2013 11:56:36 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: PABLO)
Description: DefaultBrowser_NOPUBLISHERID!Chrome-2147024891

Error: (12/06/2013 11:43:30 PM) (Source: Application Error)(User: )
Description: ismagent.exe1.8.1.363534f8c314bunknown0.0.0.000000000c00000057783bda11c7801cef2d47e158f5aC:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exeunknownd4001a07-5ec7-11e3-be9b-208984a5a408

Error: (12/06/2013 11:42:59 PM) (Source: Application Error)(User: )
Description: ismagent.exe1.8.1.363534f8c314bnetwork.dll1.8.1.363534f8c2e3bc00001a5000176d41c7801cef2d47e158f5aC:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exeC:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\network.dllc13288ed-5ec7-11e3-be9b-208984a5a408


==================== Memory info =========================== 

Percentage of memory in use: 39%
Total physical RAM: 8083.49 MB
Available physical RAM: 4881.86 MB
Total Pagefile: 16275.5 MB
Available Pagefile: 12548.91 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:433.09 GB) (Free:52.11 GB) NTFS
Drive e: (ACIV Black Flag) (CDROM) (Total:9.05 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

==================== End Of Log ============================
         

so ich hoffe ich konnte helfen

Alt 08.12.2013, 23:17   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
wahrscheinlich gehackt. - Standard

wahrscheinlich gehackt.



Zitat:
C:\Users\Richard\Downloads\Need.for.Speed.Rivals.v1.2.0.0.Update.and.No.Origin.X86.and.X64.Crack-3DM

C:\Users\Richard\Downloads\Windows_Loader_v2.2.1
C:\Users\Richard\Downloads\Windows_Loader_v2.2.1.zip
C:\Users\Richard\Downloads\SD.v2.1.437044.Plus.10.Trainer-FLiNG.rar
C:\Users\Richard\Downloads\SD.v2.1.437044.Plus.10.Trainer-FLiNG
Ja herzlichen Glückwunsch, klassischer Fall von "selbst gehackt"!

Da dein Win8 anscheinend auch illegal ist, kannste gleich mal ne legale Version besorgen und dann anschließend alls flachmachen und dann den Artikel zur Neuinstallation von Windows lesen und umsetzen...
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 08.12.2013, 23:21   #9
ryderslider
 
wahrscheinlich gehackt. - Standard

wahrscheinlich gehackt.



Zitat:
Zitat von cosinus Beitrag anzeigen
Ja herzlichen Glückwunsch, klassischer Fall von "selbst gehackt"!

Da dein Win8 anscheinend auch illegal ist, kannste gleich mal ne legale Version besorgen und dann anschließend alls flachmachen und dann den Artikel zur Neuinstallation von Windows lesen und umsetzen...
Das kann nciht sein... Hab den Laptop von conrad.de gekauft mit win8 da habe ich nichts dran gemacht.
ne die Sachen waren für ein kumpel... selber habe Ich diese nicht benutzt, weil es für Win 7 ist nicht für Win 8

Alt 08.12.2013, 23:25   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
wahrscheinlich gehackt. - Standard

wahrscheinlich gehackt.



Mal ehrlich, du unterstützt deinen Kumpel in illegalen Aktivitäten, gehts noch?

Und das Need for Speed wo du nen Crack für hast ist bei dir installiert.

Bitte lesen => http://www.trojaner-board.de/95393-c...-software.html

Es geht weiter wenn du alles Illegale entfernt hast.

Bei wiederholten Crack/Keygen Verstößen behalte ich es mir vor, den Support einzustellen, d.h. Hilfe nur noch bei der Datensicherung und Neuinstallation des Betriebssystems.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 08.12.2013, 23:28   #11
ryderslider
 
wahrscheinlich gehackt. - Standard

wahrscheinlich gehackt.



Zitat:
Zitat von cosinus Beitrag anzeigen
Mal ehrlich, du unterstützt deinen Kumpel in illegalen Aktivitäten, gehts noch?

Und das Need for Speed wo du nen Crack für hast ist bei dir installiert.

Bitte lesen => http://www.trojaner-board.de/95393-c...-software.html

Es geht weiter wenn du alles Illegale entfernt hast.

Bei wiederholten Crack/Keygen Verstößen behalte ich es mir vor, den Support einzustellen, d.h. Hilfe nur noch bei der Datensicherung und Neuinstallation des Betriebssystems.

okay wird entfernt wollte es nur anspielen...aber geht nicht... und das mit dem kupel ist nur übergangsweise er kauft sich eine Lizenz...

Wenn ich alles entfernt habe soll Ich nochmal die Logs eintragen?

Alt 08.12.2013, 23:35   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
wahrscheinlich gehackt. - Standard

wahrscheinlich gehackt.



Ja, neue FRST Logs bitte, wenn du meinst alles Illegale entfernt zu haben
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 08.12.2013, 23:56   #13
ryderslider
 
wahrscheinlich gehackt. - Standard

wahrscheinlich gehackt.



FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-12-2013 03
Ran by Richard (ATTENTION: The logged in user is not administrator) on PABLO on 09-12-2013 00:53:35
Running from C:\Users\Richard\Downloads
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe\LiveComm.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Quick Starter\Quick Starter.exe
(ultracopier.first-world.info) C:\Program Files\Ultracopier\ultracopier.exe
(Intel Corporation) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13191824 2012-08-10] (Realtek Semiconductor)
HKLM\...\Run: [BtTray] - C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [766080 2012-12-05] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [128640 2012-12-05] (Atheros Communications)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [499608 2011-06-16] (Adobe Systems Incorporated)
HKLM\...\Run: [Bitcasa] - C:\Program Files\Bitcasa\Bitcasa.exe [3952128 2012-11-27] (Bitcasa, Inc)
HKLM\...\Run: [HotKeysCmds] - C:\windows\system32\hkcmd.exe [ ] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [EPSONCF0E53 (Epson Stylus Office BX305 Plus)] - C:\windows\system32\spool\DRIVERS\x64\3\E_IATIHRE.EXE /FU "C:\Users\Richard\AppData\Local\Temp\E_SB71E.tmp" /EF "HKCU"
HKCU\...\Run: [MyDriveConnect.exe] - C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe [473496 2013-10-21] (TomTom)
HKCU\...\Run: [Quick Starter] - C:\Program Files (x86)\Samsung\Quick Starter\Quick Starter.exe [2338352 2013-09-25] (Samsung Electronics CO., LTD.)
HKCU\...\Run: [ultracopier] - C:\Program Files\Ultracopier\ultracopier.exe [1111040 2013-10-08] (ultracopier.first-world.info)
MountPoints2: E - "E:\setup.exe" 
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-01] (Intel Corporation)
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2994880 2012-08-15] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\reader_sl.exe [40312 2013-09-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] - C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] - C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-12] (CyberLink Corp.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] - C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-13] (Intel Corporation)
HKLM-x32\...\Run: [KeePass 2 PreLoad] - C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2010624 2013-07-20] (Dominik Reichl)
HKLM-x32\...\Run: [bdruninstaller] - "C:\Program Files\Common Files\Bitdefender\SetupInformation\downloader\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\downloader\setupdownloader.exe" /args:"/after_restart"
HKLM-x32\...\Run: [amd_dc_opt] - C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [VirtualCloneDrive] - C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
AppInit_DLLs: C:\Program Files [0 2013-11-07] ()
AppInit_DLLs-x32: C:\Program Files [0 2013-11-07] ()
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung13.msn.com
SearchScopes: HKLM - DefaultScope {E0938EF3-0427-4EBB-A6DE-40EC4E8B5934} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM - {E0938EF3-0427-4EBB-A6DE-40EC4E8B5934} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM-x32 - DefaultScope {E0938EF3-0427-4EBB-A6DE-40EC4E8B5934} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM-x32 - {E0938EF3-0427-4EBB-A6DE-40EC4E8B5934} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3314958&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP5495B96E-F880-470A-ABAD-E10F57C3895C&q={searchTerms}
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3314958&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP5495B96E-F880-470A-ABAD-E10F57C3895C&q={searchTerms}
SearchScopes: HKCU - {E0938EF3-0427-4EBB-A6DE-40EC4E8B5934} URL = 
BHO: Video-Saver-1 - {11111111-1111-1111-1111-110411361110} - C:\Program Files (x86)\Video-Saver-1\Video-Saver-1-bho64.dll (YTSsaver)
BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO-x32: Video-Saver-1 - {11111111-1111-1111-1111-110411361110} - C:\Program Files (x86)\Video-Saver-1\Video-Saver-1-bho.dll No File
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

Chrome: 
=======
CHR HomePage: hxxp://search.conduit.com/?ctid=CT3314958&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP5495B96E-F880-470A-ABAD-E10F57C3895C
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR DefaultSearchKeyword: google.de
CHR DefaultSearchProvider: Google
CHR DefaultSearchURL: {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}
CHR Extension: (Entanglement Web App) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\3.4.9_0
CHR Extension: (Tank Hero: Laser Wars (Web)) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahkkneogpiampdcpgceflcjjmghppmmn\1.0.8_0
CHR Extension: (Download Button) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\alakoggmijiicdlcjjeakffojoinhlpg\1.3_0
CHR Extension: (Google Docs) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Adblock Plus) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.6.1_0
CHR Extension: (Google Search) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (High Contrast) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\djcfdncoelnlbldjfhinnjlhdjlikmph\0.5_0
CHR Extension: (MaskMe) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpkiidbpeijnaaacjlfnijncdlkicejg\1.38.339_0
CHR Extension: (DoNotTrackMe: Online Privacy Protection) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd\3.1.1016_0
CHR Extension: (Mech Hero) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\falbfmgplkcpmcfdbedincgjganegaie\1.0.6_0
CHR Extension: (AdBlock) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.14_0
CHR Extension: (IP Address) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjndloejlcbpkholmagjbddfkjmmploh\1.10_0
CHR Extension: (Pathuku) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkiilmogcdkeefnbemdagpmcediekadb\1.24.0.0_0
CHR Extension: (Cookies) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\iphcomljdfghbkdcfndaijbokpgddeno\1.7_0
CHR Extension: (Download Helper) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnbkeigkjcncjkbmkiibjgbhbnbanmfi\2.0.2_0
CHR Extension: (IP Address) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpnjjlbngpejmmhgcaagljaomgnginml\7.1_0
CHR Extension: (Cargo Bridge) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\keembkgclppcbilkekfgpobhldjjhpmn\1.5.7_0
CHR Extension: (Download Master) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcceagdollnkjlogmdckgjakjapmkdjf\4.0.0.2_0
CHR Extension: (Chroma Wars) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgojhnokgjooglbmjkmapacckddnbihp\1.2_0
CHR Extension: (Norton Identity Protection) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.3.4_0
CHR Extension: (Downloads Manager Inverted) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgpkmijlbcgmbpaadcngkcapnkkoema\1.0_0
CHR Extension: (Google Wallet) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Better Pop Up Blocker) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpeeekfhbmikbdhlpjbfmnpgcbeggic\2.1.6_0
CHR Extension: (Flow Colors) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbnmelddedlommnmllmfhoephaidddmk\1.3_0
CHR Extension: (Gmail) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\Exts\Chrome.crx

==================== Services (Whitelisted) =================

S4 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [172104 2013-01-26] (Adobe Systems Incorporated)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [231552 2012-12-05] (Qualcomm Atheros Commnucations)
S4 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1591176 2012-11-30] (Samsung Electronics CO., LTD.)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 lmhosts; C:\Windows\system32\svchost.exe [29696 2012-09-20] (Microsoft Corporation)
R2 MSSQL$ADK; c:\Program Files (x86)\Microsoft SQL Server\MSSQL11.ADK\MSSQL\Binn\sqlservr.exe [206424 2012-02-11] (Microsoft Corporation)
R2 N360; C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [29696 2012-09-20] (Microsoft Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3943104 2012-08-15] (Symantec Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [29696 2012-09-20] (Microsoft Corporation)
S4 SQLAgent$ADK; c:\Program Files (x86)\Microsoft SQL Server\MSSQL11.ADK\MSSQL\Binn\SQLAGENT.EXE [438360 2012-02-11] (Microsoft Corporation)
R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3018800 2013-10-21] (Samsung Electronics CO., LTD.)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-12-05] (Atheros)
S4 BitBoxService; "C:\Program Files (x86)\Sirrix AG\BitBox\Service\BitBoxService.exe" [x]

==================== Drivers (Whitelisted) ====================

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [35496 2012-07-09] (Advanced Micro Devices, Inc.)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [88480 2013-10-31] ()
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20131203.001\BHDrvx64.sys [1526488 2013-12-03] (Symantec Corporation)
S3 BTATH_HID; C:\Windows\system32\DRIVERS\btath_hid.sys [222360 2012-12-05] (Qualcomm Atheros)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2012-12-05] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R1 cbfs3; C:\windows\system32\drivers\cbfs3.sys [352456 2012-08-06] (EldoS Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1404000.028\ccSetx64.sys [169048 2013-04-16] (Symantec Corporation)
R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-21] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-21] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20131206.001\IDSvia64.sys [521816 2013-10-25] (Symantec Corporation)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [46400 2013-10-31] ()
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20131208.005\ENG64.SYS [126040 2013-10-29] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20131208.005\EX64.SYS [2099288 2013-10-29] (Symantec Corporation)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-09] (Corel Corporation)
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1404000.028\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1404000.028\SRTSPX64.SYS [36952 2013-03-05] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1404000.028\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1404000.028\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\N360x64\1404000.028\SymELAM.sys [23448 2012-06-20] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-10-29] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1404000.028\Ironx64.SYS [224416 2013-03-05] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1404000.028\SYMNETS.SYS [433752 2013-04-25] (Symantec Corporation)
S3 WIMMount; C:\Program Files (x86)\Windows Kits\8.0\Assessment and Deployment Kit\Deployment Tools\amd64\DISM\wimmount.sys [40392 2012-07-25] (Microsoft Corporation)
U3 DfSdkS; 

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-09 00:53 - 2013-12-09 00:53 - 00019882 _____ C:\Users\Richard\Downloads\FRST.txt
2013-12-09 00:49 - 2013-12-09 00:49 - 01927998 _____ (Farbar) C:\Users\Richard\Downloads\FRST64.exe
2013-12-09 00:48 - 2013-12-09 00:48 - 00019880 _____ C:\Users\Richard\Desktop\FRST.txt
2013-12-09 00:24 - 2013-12-09 00:24 - 00002234 _____ C:\Users\Public\Desktop\Ein-Klick-Optimierung (WO10).lnk
2013-12-09 00:24 - 2013-12-09 00:24 - 00000214 _____ C:\Users\Public\Desktop\Your Software Deals.url
2013-12-09 00:23 - 2013-12-09 00:24 - 00001212 _____ C:\Users\Public\Desktop\Ashampoo WinOptimizer 10.lnk
2013-12-09 00:23 - 2013-12-09 00:24 - 00000000 ____D C:\ProgramData\Ashampoo
2013-12-09 00:23 - 2013-12-09 00:23 - 00000000 ____D C:\Program Files (x86)\Ashampoo
2013-12-09 00:23 - 2009-08-24 21:13 - 00034304 _____ (mst software GmbH, Germany) C:\windows\system32\DfSdkBt.exe
2013-12-08 23:45 - 2013-12-08 23:45 - 01927998 _____ (Farbar) C:\Users\Richard\Desktop\FRST64.exe
2013-12-08 20:46 - 2013-12-08 20:46 - 00000000 ____H C:\windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2013-12-07 23:29 - 2013-12-07 23:29 - 00000000 ____D C:\FRST
2013-12-06 00:57 - 2013-12-06 00:57 - 00000000 ____D C:\Users\Richard\Documents\FLiNGTrainer
2013-12-06 00:41 - 2013-12-06 00:41 - 00002525 _____ C:\Users\Richard\Desktop\SleepingD+20Tr-LNG_v2.1.437044.exe - Verknüpfung.lnk
2013-12-05 14:25 - 2013-12-07 23:22 - 00000000 ____D C:\Users\Richard\Desktop\mukke
2013-12-03 01:05 - 2013-12-03 01:05 - 00000000 ____D C:\Users\Richard\Documents\Square Enix
2013-12-03 01:04 - 2013-12-03 01:04 - 00000000 ____D C:\windows\SysWOW64\AGEIA
2013-12-03 01:04 - 2013-12-03 01:04 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2013-12-03 00:27 - 2013-12-03 00:27 - 00019937 _____ C:\Users\Richard\Documents\Liste grammatikalischer Grundbegriffe (1).odt
2013-12-02 12:19 - 2013-12-02 12:19 - 00000000 ____D C:\Users\Richard\AppData\Roaming\LibreOffice
2013-12-02 12:18 - 2013-12-02 12:18 - 00002599 _____ C:\Users\Public\Desktop\LibreOffice 4.1.lnk
2013-12-02 12:18 - 2013-12-02 12:18 - 00000000 ____D C:\Program Files (x86)\LibreOffice 4
2013-12-02 11:21 - 2013-12-02 11:21 - 00001054 _____ C:\Users\Public\Desktop\Secure Banking.lnk
2013-12-02 10:15 - 2013-12-02 11:21 - 00000000 ____D C:\Program Files (x86)\Secure Banking
2013-12-01 21:47 - 2013-12-01 21:47 - 00000222 _____ C:\Users\Richard\Desktop\Binary Domain.url
2013-11-29 00:35 - 2013-11-29 00:35 - 00000222 _____ C:\Users\Richard\Desktop\Batman Arkham City GOTY.url
2013-11-29 00:34 - 2013-11-29 00:34 - 00000221 _____ C:\Users\Richard\Desktop\Batman Arkham Asylum GOTY Edition.url
2013-11-28 01:53 - 2013-11-28 01:57 - 00000000 ____D C:\Users\Richard\Documents\Assassin's Creed IV Black Flag
2013-11-28 00:42 - 2013-11-28 00:42 - 00001234 _____ C:\Users\Public\Desktop\Virtual CloneDrive.lnk
2013-11-28 00:40 - 2013-11-28 00:40 - 00000000 ____D C:\Program Files (x86)\Elaborate Bytes
2013-11-26 23:47 - 2013-11-26 23:47 - 00000000 ____D C:\Users\Internet\AppData\Roaming\Origin
2013-11-26 23:45 - 2013-11-26 23:45 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2013-11-26 23:40 - 2013-11-26 23:47 - 00000000 ____D C:\Program Files (x86)\Origin
2013-11-26 23:40 - 2013-11-26 23:40 - 00000000 ____D C:\ProgramData\Electronic Arts
2013-11-26 23:38 - 2013-12-08 00:50 - 00000000 ____D C:\Program Files (x86)\Steam
2013-11-26 23:38 - 2013-11-26 23:38 - 00000933 _____ C:\Users\Public\Desktop\Steam.lnk
2013-11-26 00:57 - 2013-11-26 00:57 - 00000000 ____D C:\Users\Richard\Documents\Games for Windows - LIVE Demos
2013-11-26 00:56 - 2013-11-26 00:56 - 00000000 ____D C:\windows\SysWOW64\xlive
2013-11-26 00:56 - 2013-11-26 00:56 - 00000000 ____D C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2013-11-25 10:02 - 2013-11-25 10:02 - 00000000 ____D C:\Writer
2013-11-24 21:23 - 2013-11-24 21:23 - 00000000 ____D C:\Users\Richard\Documents\Ghost Games
2013-11-24 00:51 - 2013-11-24 00:51 - 00000000 ____D C:\Users\Richard\Documents\WB Games
2013-11-23 01:55 - 2013-11-23 01:55 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Intel Corporation
2013-11-23 01:55 - 2013-11-23 01:55 - 00000000 ____D C:\Users\Admin\AppData\Roaming\ATI
2013-11-23 01:54 - 2013-11-23 01:54 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Atheros
2013-11-23 01:52 - 2013-11-23 01:52 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Synaptics
2013-11-23 01:52 - 2013-11-23 01:52 - 00000000 _____ C:\Users\Admin\agent.log
2013-11-23 01:42 - 2012-08-28 13:35 - 15453832 _____ (Microsoft Corporation) C:\windows\system32\xlive.dll
2013-11-23 01:21 - 2013-11-23 01:21 - 00000000 ____D C:\Users\Richard\Desktop\Neuer Ordner
2013-11-23 01:14 - 2013-11-23 01:14 - 00000000 __SHD C:\ProgramData\DSS
2013-11-23 00:08 - 2013-11-23 00:08 - 00000000 ____D C:\Program Files (x86)\AMD
2013-11-22 00:39 - 2013-11-22 00:39 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2013-11-21 19:38 - 2013-11-05 23:58 - 00694232 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2013-11-21 19:38 - 2013-11-05 23:58 - 00078296 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-15 23:28 - 2013-11-15 23:28 - 00000000 ____D C:\Program Files (x86)\DealPly
2013-11-15 23:27 - 2013-12-09 00:29 - 00001968 _____ C:\windows\Tasks\Video-Saver-1-chromeinstaller.job
2013-11-15 23:27 - 2013-12-09 00:29 - 00001352 _____ C:\windows\Tasks\Video-Saver-1-updater.job
2013-11-15 23:27 - 2013-12-09 00:29 - 00001258 _____ C:\windows\Tasks\Video-Saver-1-codedownloader.job
2013-11-15 23:27 - 2013-12-09 00:29 - 00001158 _____ C:\windows\Tasks\Video-Saver-1-enabler.job
2013-11-15 23:27 - 2013-11-16 15:25 - 00000000 ____D C:\Program Files (x86)\Video-Saver-1
2013-11-14 22:38 - 2013-10-03 00:25 - 01300992 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2013-11-14 22:38 - 2013-10-02 00:37 - 01569280 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2013-11-14 22:38 - 2013-10-02 00:26 - 01890816 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2013-11-14 22:38 - 2013-10-01 23:22 - 01022976 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2013-11-14 22:37 - 2013-10-12 09:45 - 02241536 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-11-14 22:37 - 2013-10-12 09:45 - 01364992 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-11-14 22:37 - 2013-10-12 09:45 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-11-14 22:37 - 2013-10-12 09:43 - 19269632 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-11-14 22:37 - 2013-10-12 09:43 - 15404544 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-11-14 22:37 - 2013-10-12 09:43 - 03959808 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-11-14 22:37 - 2013-10-12 09:43 - 02648576 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-11-14 22:37 - 2013-10-12 09:43 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-11-14 22:37 - 2013-10-12 09:43 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-11-14 22:37 - 2013-10-12 08:03 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-11-14 22:37 - 2013-10-12 08:03 - 01138176 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-11-14 22:37 - 2013-10-12 08:02 - 14355968 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-11-14 22:37 - 2013-10-12 08:02 - 13761024 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-11-14 22:37 - 2013-10-12 08:02 - 02877952 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-11-14 22:37 - 2013-10-12 08:02 - 02049024 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-11-14 22:37 - 2013-10-12 08:02 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2013-11-14 22:37 - 2013-10-12 08:02 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2013-11-14 22:37 - 2013-10-10 12:53 - 00096600 _____ (Microsoft Corporation) C:\windows\system32\Drivers\wfplwfs.sys
2013-11-14 22:37 - 2013-10-10 10:21 - 01160192 _____ (Microsoft Corporation) C:\windows\system32\IKEEXT.DLL
2013-11-14 22:37 - 2013-10-10 10:20 - 00723968 _____ (Microsoft Corporation) C:\windows\system32\BFE.DLL
2013-11-14 22:37 - 2013-09-23 23:30 - 00419328 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2013-11-14 22:37 - 2013-09-23 23:30 - 00323072 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2013-11-14 22:37 - 2013-09-04 04:11 - 00576512 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2013-11-14 22:37 - 2013-08-23 08:22 - 02062848 _____ (Microsoft Corporation) C:\windows\system32\d3d11.dll
2013-11-14 22:37 - 2013-08-23 02:44 - 01711616 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d11.dll
2013-11-14 22:36 - 2013-10-02 00:37 - 02035712 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2013-11-14 22:36 - 2013-10-02 00:26 - 02304512 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2013-11-14 02:45 - 2013-11-14 02:45 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Macromedia
2013-11-14 02:42 - 2013-11-14 02:42 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Adobe
2013-11-14 01:44 - 2013-11-14 01:44 - 00000000 ____D C:\AMD
2013-11-13 13:43 - 2013-11-13 13:43 - 00000000 ____D C:\ProgramData\Steam
2013-11-12 00:34 - 2013-11-12 00:34 - 00001262 _____ C:\Users\Richard\Desktop\MOHW.exe - Verknüpfung.lnk
2013-11-10 16:02 - 2013-11-23 10:49 - 636054618 _____ C:\windows\MEMORY.DMP
2013-11-10 01:10 - 2013-11-10 01:11 - 00000510 _____ C:\Users\Richard\Desktop\mohwf.reg
2013-11-09 13:40 - 2013-11-09 13:40 - 00002022 _____ C:\Users\Public\Desktop\Adobe Reader X.lnk

==================== One Month Modified Files and Folders =======

2013-12-09 00:53 - 2013-12-09 00:53 - 00019882 _____ C:\Users\Richard\Downloads\FRST.txt
2013-12-09 00:49 - 2013-12-09 00:49 - 01927998 _____ (Farbar) C:\Users\Richard\Downloads\FRST64.exe
2013-12-09 00:48 - 2013-12-09 00:48 - 00019880 _____ C:\Users\Richard\Desktop\FRST.txt
2013-12-09 00:41 - 2013-10-30 23:50 - 00000000 ____D C:\Spiele
2013-12-09 00:41 - 2013-03-29 08:02 - 01193972 _____ C:\windows\WindowsUpdate.log
2013-12-09 00:35 - 2013-03-29 23:55 - 00840008 _____ C:\windows\system32\perfh007.dat
2013-12-09 00:35 - 2013-03-29 23:55 - 00189376 _____ C:\windows\system32\perfc007.dat
2013-12-09 00:35 - 2012-07-26 08:28 - 01991464 _____ C:\windows\system32\PerfStringBackup.INI
2013-12-09 00:32 - 2013-03-29 10:15 - 00000000 ____D C:\ProgramData\WinClon
2013-12-09 00:29 - 2013-11-15 23:27 - 00001968 _____ C:\windows\Tasks\Video-Saver-1-chromeinstaller.job
2013-12-09 00:29 - 2013-11-15 23:27 - 00001352 _____ C:\windows\Tasks\Video-Saver-1-updater.job
2013-12-09 00:29 - 2013-11-15 23:27 - 00001258 _____ C:\windows\Tasks\Video-Saver-1-codedownloader.job
2013-12-09 00:29 - 2013-11-15 23:27 - 00001158 _____ C:\windows\Tasks\Video-Saver-1-enabler.job
2013-12-09 00:29 - 2013-10-29 03:40 - 00001120 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-09 00:29 - 2013-03-29 10:30 - 00000360 _____ C:\windows\Tasks\Xerox PhotoCafe Communicator.job
2013-12-09 00:29 - 2013-03-29 09:57 - 00000868 _____ C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2013-12-09 00:24 - 2013-12-09 00:24 - 00002234 _____ C:\Users\Public\Desktop\Ein-Klick-Optimierung (WO10).lnk
2013-12-09 00:24 - 2013-12-09 00:24 - 00000214 _____ C:\Users\Public\Desktop\Your Software Deals.url
2013-12-09 00:24 - 2013-12-09 00:23 - 00001212 _____ C:\Users\Public\Desktop\Ashampoo WinOptimizer 10.lnk
2013-12-09 00:24 - 2013-12-09 00:23 - 00000000 ____D C:\ProgramData\Ashampoo
2013-12-09 00:23 - 2013-12-09 00:23 - 00000000 ____D C:\Program Files (x86)\Ashampoo
2013-12-09 00:00 - 2012-07-26 09:12 - 00000000 ____D C:\windows\system32\sru
2013-12-08 23:56 - 2013-10-29 03:40 - 00001124 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-08 23:45 - 2013-12-08 23:45 - 01927998 _____ (Farbar) C:\Users\Richard\Desktop\FRST64.exe
2013-12-08 20:46 - 2013-12-08 20:46 - 00000000 ____H C:\windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2013-12-08 20:46 - 2012-07-26 08:21 - 00029155 _____ C:\windows\setupact.log
2013-12-08 00:50 - 2013-11-26 23:38 - 00000000 ____D C:\Program Files (x86)\Steam
2013-12-07 23:29 - 2013-12-07 23:29 - 00000000 ____D C:\FRST
2013-12-07 23:22 - 2013-12-05 14:25 - 00000000 ____D C:\Users\Richard\Desktop\mukke
2013-12-07 17:02 - 2013-11-02 13:06 - 00000000 ____D C:\Users\Richard\AppData\Local\CrashDumps
2013-12-06 11:51 - 2013-03-29 09:57 - 00000870 _____ C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2013-12-06 00:57 - 2013-12-06 00:57 - 00000000 ____D C:\Users\Richard\Documents\FLiNGTrainer
2013-12-06 00:41 - 2013-12-06 00:41 - 00002525 _____ C:\Users\Richard\Desktop\SleepingD+20Tr-LNG_v2.1.437044.exe - Verknüpfung.lnk
2013-12-05 14:51 - 2013-10-29 03:41 - 00002147 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-12-04 16:48 - 2012-07-26 09:12 - 00000000 ____D C:\windows\AUInstallAgent
2013-12-03 01:05 - 2013-12-03 01:05 - 00000000 ____D C:\Users\Richard\Documents\Square Enix
2013-12-03 01:04 - 2013-12-03 01:04 - 00000000 ____D C:\windows\SysWOW64\AGEIA
2013-12-03 01:04 - 2013-12-03 01:04 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2013-12-03 01:03 - 2013-03-29 10:27 - 00223606 _____ C:\windows\DirectX.log
2013-12-03 00:27 - 2013-12-03 00:27 - 00019937 _____ C:\Users\Richard\Documents\Liste grammatikalischer Grundbegriffe (1).odt
2013-12-02 12:19 - 2013-12-02 12:19 - 00000000 ____D C:\Users\Richard\AppData\Roaming\LibreOffice
2013-12-02 12:18 - 2013-12-02 12:18 - 00002599 _____ C:\Users\Public\Desktop\LibreOffice 4.1.lnk
2013-12-02 12:18 - 2013-12-02 12:18 - 00000000 ____D C:\Program Files (x86)\LibreOffice 4
2013-12-02 11:21 - 2013-12-02 11:21 - 00001054 _____ C:\Users\Public\Desktop\Secure Banking.lnk
2013-12-02 11:21 - 2013-12-02 10:15 - 00000000 ____D C:\Program Files (x86)\Secure Banking
2013-12-02 10:15 - 2013-10-29 03:19 - 00000000 ____D C:\Users\Richard\AppData\Local\VirtualStore
2013-12-01 21:47 - 2013-12-01 21:47 - 00000222 _____ C:\Users\Richard\Desktop\Binary Domain.url
2013-11-30 02:19 - 2013-10-29 03:16 - 00000000 ____D C:\Users\Richard
2013-11-29 00:35 - 2013-11-29 00:35 - 00000222 _____ C:\Users\Richard\Desktop\Batman Arkham City GOTY.url
2013-11-29 00:34 - 2013-11-29 00:34 - 00000221 _____ C:\Users\Richard\Desktop\Batman Arkham Asylum GOTY Edition.url
2013-11-28 02:00 - 2013-03-29 10:17 - 00000000 ____D C:\ProgramData\Adobe
2013-11-28 01:57 - 2013-11-28 01:53 - 00000000 ____D C:\Users\Richard\Documents\Assassin's Creed IV Black Flag
2013-11-28 00:42 - 2013-11-28 00:42 - 00001234 _____ C:\Users\Public\Desktop\Virtual CloneDrive.lnk
2013-11-28 00:40 - 2013-11-28 00:40 - 00000000 ____D C:\Program Files (x86)\Elaborate Bytes
2013-11-27 02:41 - 2013-10-30 00:22 - 00000000 ____D C:\Users\Richard\AppData\Roaming\uTorrent
2013-11-27 00:22 - 2013-11-08 03:28 - 00000000 ____D C:\Users\Richard\AppData\Local\Ubisoft Game Launcher
2013-11-26 23:47 - 2013-11-26 23:47 - 00000000 ____D C:\Users\Internet\AppData\Roaming\Origin
2013-11-26 23:47 - 2013-11-26 23:40 - 00000000 ____D C:\Program Files (x86)\Origin
2013-11-26 23:45 - 2013-11-26 23:45 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2013-11-26 23:40 - 2013-11-26 23:40 - 00000000 ____D C:\ProgramData\Electronic Arts
2013-11-26 23:40 - 2013-11-08 00:38 - 00000000 ____D C:\ProgramData\Origin
2013-11-26 23:38 - 2013-11-26 23:38 - 00000933 _____ C:\Users\Public\Desktop\Steam.lnk
2013-11-26 01:26 - 2012-08-05 22:07 - 00207350 _____ C:\windows\PFRO.log
2013-11-26 01:26 - 2012-07-26 08:22 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-11-26 00:57 - 2013-11-26 00:57 - 00000000 ____D C:\Users\Richard\Documents\Games for Windows - LIVE Demos
2013-11-26 00:56 - 2013-11-26 00:56 - 00000000 ____D C:\windows\SysWOW64\xlive
2013-11-26 00:56 - 2013-11-26 00:56 - 00000000 ____D C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2013-11-25 10:02 - 2013-11-25 10:02 - 00000000 ____D C:\Writer
2013-11-25 00:54 - 2013-11-08 03:12 - 00000000 ____D C:\Users\Richard\Documents\Assassin's Creed III
2013-11-24 21:23 - 2013-11-24 21:23 - 00000000 ____D C:\Users\Richard\Documents\Ghost Games
2013-11-24 15:19 - 2013-10-29 13:24 - 00000000 ____D C:\Users\Richard\AppData\Roaming\vlc
2013-11-24 00:51 - 2013-11-24 00:51 - 00000000 ____D C:\Users\Richard\Documents\WB Games
2013-11-23 11:22 - 2012-07-26 09:12 - 00000000 ____D C:\windows\rescache
2013-11-23 10:49 - 2013-11-10 16:02 - 636054618 _____ C:\windows\MEMORY.DMP
2013-11-23 10:49 - 2013-10-29 04:07 - 00000000 ____D C:\windows\Minidump
2013-11-23 10:49 - 2012-07-26 09:12 - 00000000 ___HD C:\windows\ELAMBKUP
2013-11-23 01:55 - 2013-11-23 01:55 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Intel Corporation
2013-11-23 01:55 - 2013-11-23 01:55 - 00000000 ____D C:\Users\Admin\AppData\Roaming\ATI
2013-11-23 01:54 - 2013-11-23 01:54 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Atheros
2013-11-23 01:54 - 2013-11-08 11:20 - 00000000 ____D C:\Users\Admin
2013-11-23 01:52 - 2013-11-23 01:52 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Synaptics
2013-11-23 01:52 - 2013-11-23 01:52 - 00000000 _____ C:\Users\Admin\agent.log
2013-11-23 01:21 - 2013-11-23 01:21 - 00000000 ____D C:\Users\Richard\Desktop\Neuer Ordner
2013-11-23 01:14 - 2013-11-23 01:14 - 00000000 __SHD C:\ProgramData\DSS
2013-11-23 00:08 - 2013-11-23 00:08 - 00000000 ____D C:\Program Files (x86)\AMD
2013-11-22 00:40 - 2013-10-29 03:21 - 00000000 ____D C:\Users\Richard\AppData\Roaming\Adobe
2013-11-22 00:39 - 2013-11-22 00:39 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2013-11-21 19:34 - 2012-07-26 09:12 - 00000000 ___RD C:\windows\ToastData
2013-11-20 15:08 - 2013-10-30 00:24 - 00000000 ____D C:\Torrent
2013-11-16 15:25 - 2013-11-15 23:27 - 00000000 ____D C:\Program Files (x86)\Video-Saver-1
2013-11-16 00:52 - 2013-10-29 03:53 - 00000000 ____D C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
2013-11-16 00:52 - 2013-03-29 10:05 - 00000000 ____D C:\ProgramData\Norton
2013-11-16 00:43 - 2013-10-29 03:53 - 00048128 ___SH C:\Users\Richard\Desktop\Thumbs.db
2013-11-16 00:43 - 2013-10-29 03:53 - 00001328 _____ C:\Users\Richard\Desktop\Norton Installation Files.lnk
2013-11-15 23:28 - 2013-11-15 23:28 - 00000000 ____D C:\Program Files (x86)\DealPly
2013-11-14 22:49 - 2013-10-29 12:43 - 00000000 ____D C:\windows\system32\MRT
2013-11-14 22:47 - 2013-10-29 12:43 - 82896128 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-11-14 02:45 - 2013-11-14 02:45 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Macromedia
2013-11-14 02:42 - 2013-11-14 02:42 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Adobe
2013-11-14 01:44 - 2013-11-14 01:44 - 00000000 ____D C:\AMD
2013-11-14 00:44 - 2013-11-04 15:07 - 00000000 ____D C:\windows\SysWOW64\directx
2013-11-13 13:43 - 2013-11-13 13:43 - 00000000 ____D C:\ProgramData\Steam
2013-11-12 00:34 - 2013-11-12 00:34 - 00001262 _____ C:\Users\Richard\Desktop\MOHW.exe - Verknüpfung.lnk
2013-11-10 01:11 - 2013-11-10 01:10 - 00000510 _____ C:\Users\Richard\Desktop\mohwf.reg
2013-11-09 13:40 - 2013-11-09 13:40 - 00002022 _____ C:\Users\Public\Desktop\Adobe Reader X.lnk

Files to move or delete:
====================
C:\ProgramData\MakeMarkerFile.exe
C:\Users\EasySurvey\EasySurvey.exe


Some content of TEMP:
====================
C:\Users\Richard\AppData\Local\Temp\CH.dll
C:\Users\Richard\AppData\Local\Temp\ubi22E3.tmp.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-12-2013 03
Ran by Richard at 2013-12-09 00:55:11
Running from C:\Users\Richard\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton 360 Online (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton 360 Online (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 Online (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

µTorrent (HKCU Version: 3.3.2.30303)
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Adobe Photoshop Elements 11 (x32 Version: 11.0)
Adobe Reader X (10.1.8) MUI (x32 Version: 10.1.8)
AllSharePlayLink (x32 Version: 1.0.0)
AMD APP SDK Runtime (Version: 10.0.938.2)
AMD Catalyst Install Manager (Version: 8.0.881.0)
Application Compatibility Toolkit (Version: 8.59.25584)
Ashampoo WinOptimizer 10 v.10.2.6 (x32 Version: 10.02.06)
Assessment and Deployment Kit (x32 Version: 8.59.25584)
Assessments on Client (x32 Version: 8.59.25584)
Batman: Arkham Asylum GOTY Edition (x32)
Batman: Arkham City GOTY (x32)
BeamNG-Techdemo-0.3 (remove only) (HKCU)
Binary Domain (x32)
Bitcasa version 0.9.20.4133 (Version: 0.9.20.4133)
Browser in the Box (Version: 2.4.2-r1952)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center (x32 Version: 2012.0806.1156.19437)
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0806.1156.19437)
Catalyst Control Center InstallProxy (x32 Version: 2012.0806.1156.19437)
Catalyst Control Center Localization All (x32 Version: 2012.0806.1156.19437)
Catalyst Control Center Profiles Mobile (x32 Version: 2012.0806.1156.19437)
CCC Help Chinese Standard (x32 Version: 2012.0806.1155.19437)
CCC Help Chinese Traditional (x32 Version: 2012.0806.1155.19437)
CCC Help Czech (x32 Version: 2012.0806.1155.19437)
CCC Help Danish (x32 Version: 2012.0806.1155.19437)
CCC Help Dutch (x32 Version: 2012.0806.1155.19437)
CCC Help English (x32 Version: 2012.0806.1155.19437)
CCC Help Finnish (x32 Version: 2012.0806.1155.19437)
CCC Help French (x32 Version: 2012.0806.1155.19437)
CCC Help German (x32 Version: 2012.0806.1155.19437)
CCC Help Greek (x32 Version: 2012.0806.1155.19437)
CCC Help Hungarian (x32 Version: 2012.0806.1155.19437)
CCC Help Italian (x32 Version: 2012.0806.1155.19437)
CCC Help Japanese (x32 Version: 2012.0806.1155.19437)
CCC Help Korean (x32 Version: 2012.0806.1155.19437)
CCC Help Norwegian (x32 Version: 2012.0806.1155.19437)
CCC Help Polish (x32 Version: 2012.0806.1155.19437)
CCC Help Portuguese (x32 Version: 2012.0806.1155.19437)
CCC Help Russian (x32 Version: 2012.0806.1155.19437)
CCC Help Spanish (x32 Version: 2012.0806.1155.19437)
CCC Help Swedish (x32 Version: 2012.0806.1155.19437)
CCC Help Thai (x32 Version: 2012.0806.1155.19437)
CCC Help Turkish (x32 Version: 2012.0806.1155.19437)
ccc-utility64 (Version: 2012.0806.1156.19437)
CyberLink Power2Go 8 (x32 Version: 8.0.0.1912)
CyberLink PowerDVD 10 (x32 Version: 10.0.4421.02)
D3DX10 (x32 Version: 15.4.2368.0902)
DealPly (remove only) (x32 Version: 4.8.7.2) <==== ATTENTION
Dual-Core Optimizer (x32 Version: 1.1.4.0169)
Easy File Share (x32 Version: 1.3.6)
Elements 11 Organizer (x32 Version: 11.0)
E-POP (x32 Version: 1.0.1)
EPSON BX305 Plus Series Printer Uninstall
Fotogalerie (x32 Version: 16.4.3503.0728)
Galerie de photos (x32 Version: 16.4.3503.0728)
Google Chrome (x32 Version: 31.0.1650.63)
Google Update Helper (x32 Version: 1.3.22.3)
Help Desk (Version: 1.0.96)
Intel AppUp(SM) center (x32 Version: 3.6.1.33070.11)
Intel(R) Control Center (x32 Version: 1.2.1.1008)
Intel(R) Display Audio Driver (x32 Version: 6.14.00.3097)
Intel(R) Manageability Engine Firmware Recovery Agent (x32 Version: 1.0.0.36354)
Intel(R) Management Engine Components (x32 Version: 8.1.0.1252)
Intel(R) Rapid Storage Technology (x32 Version: 11.6.0.1030)
Intel® Trusted Connect Service Client (Version: 1.24.388.1)
JDownloader 2 (Version: 2.0)
KeePass Password Safe 2.23 (x32)
Kits Configuration Installer (x32 Version: 8.59.25584)
LibreOffice 4.1.3.2 (x32 Version: 4.1.3.2)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.5.92.0)
Microsoft Games for Windows Marketplace (x32 Version: 3.5.67.0)
Microsoft Office (x32 Version: 14.0.6120.5004)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft SQL Server 2008 Setup Support Files  (x32 Version: 10.1.2731.0)
Microsoft SQL Server 2012 (x32)
Microsoft SQL Server 2012 Native Client  (Version: 11.0.2100.60)
Microsoft SQL Server 2012 RsFx Driver (x32 Version: 11.0.2100.60)
Microsoft SQL Server 2012 Setup (English) (x32 Version: 11.0.2100.60)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (Version: 11.0.2100.60)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft VSS Writer for SQL Server 2012 (Version: 11.0.2100.60)
Movie Maker (x32 Version: 16.4.3503.0728)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT110 (x32 Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1108.0727)
MyDriveConnect 3.3.0.1318 (x32 Version: 3.3.0.1318)
Norton 360 (x32 Version: 20.4.0.40)
Norton Online Backup (x32 Version: 2.2.3.51)
Norton Online Backup ARA (x32 Version: 4.1.0.14)
NVIDIA PhysX (x32 Version: 9.09.0814)
Oracle VM VirtualBox 4.0.16 (Version: 4.0.16)
Origin (x32 Version: 9.3.11.2762)
Photo Common (x32 Version: 16.4.3503.0728)
Photo Gallery (x32 Version: 16.4.3503.0728)
Plants vs. Zombies (x32)
PSE11 STI Installer (x32 Version: 11.0)
PX Profile Update (x32 Version: 1.00.1.)
Qualcomm Atheros Bluetooth Suite (64) (Version: 8.0.0.216)
Qualcomm Atheros Client Installation Program (x32 Version: 10.0)
Quick Starter (Version: 1.0.2)
Raccolta foto (x32 Version: 16.4.3503.0728)
Realtek Ethernet Controller Driver (x32 Version: 8.3.730.2012)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6702)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.8400.39030)
Recovery (x32 Version: 6.0.10.0)
S Agent (Version: 1.1.45)
Secure Banking Version 1.5.1 (x32 Version: 1.5.1)
Secure Banking Version 1.5.2 (x32 Version: 1.5.2)
Settings (x32 Version: 2.0.1)
SQL Server 2012 Common Files (x32 Version: 11.0.2100.60)
SQL Server 2012 Database Engine Services (x32 Version: 11.0.2100.60)
SQL Server 2012 Database Engine Shared (x32 Version: 11.0.2100.60)
SQL Server Browser for SQL Server 2012 (x32 Version: 11.0.2100.60)
Sql Server Customer Experience Improvement Program (x32 Version: 11.0.2100.60)
Steam (x32)
Support Center (Version: 2.1.1106)
Support Center FAQ (x32 Version: 1.0.11)
SW Update (x32 Version: 2.1.21)
Synaptics Pointing Device Driver (Version: 16.2.14.2)
Tom Clancy's Rainbow Six Vegas (x32 Version: 1.06.000)
Toolkit Documentation (x32 Version: 8.59.25584)
Ultracopier 1.0.1.9 (x32 Version: 1.0.1.9)
Uplay (x32 Version: 4.0)
User Guide (x32 Version: 1.4.00)
User State Migration Tool (x32 Version: 8.59.25584)
Video-Saver-1 (x32 Version: 1.28.153.5)
VirtualCloneDrive (x32 Version: 5.4.7.0)
Visual Studio C++ 10.0 Runtime (x32 Version: 10.0.0)
VLC media player 2.1.0 (Version: 2.1.0)
vLite (x32 Version: 1.2)
Volume Activation Management Tool (x32 Version: 8.59.25584)
Windows 7 USB/DVD Download Tool (x32 Version: 1.0.30)
Windows Assessment Services - Client (AMD64 Architecture Specific, Client SKU) (x32 Version: 8.59.25584)
Windows Assessment Services - Client (Client SKU) (x32 Version: 8.59.25584)
Windows Assessment Toolkit (AMD64 Architecture Specific) (x32 Version: 8.59.25584)
Windows Assessment Toolkit (x32 Version: 8.59.25584)
Windows Deployment Customizations (x32 Version: 8.59.25584)
Windows Deployment Tools (x32 Version: 8.59.25584)
Windows Live (x32 Version: 16.4.3503.0728)
Windows Live Communications Platform (x32 Version: 16.4.3503.0728)
Windows Live Essentials (x32 Version: 16.4.3503.0728)
Windows Live Installer (x32 Version: 16.4.3503.0728)
Windows Live Photo Common (x32 Version: 16.4.3503.0728)
Windows Live PIMT Platform (x32 Version: 16.4.3503.0728)
Windows Live SOXE (x32 Version: 16.4.3503.0728)
Windows Live SOXE Definitions (x32 Version: 16.4.3503.0728)
Windows Live UX Platform (x32 Version: 16.4.3503.0728)
Windows Live UX Platform Language Pack (x32 Version: 16.4.3503.0728)
Windows PE x86 x64 (x32 Version: 8.59.25584)
Windows PE x86 x64 wims (x32 Version: 8.59.25584)
Windows System Image Manager on amd64 (x32 Version: 8.59.25584)
WPT Redistributables (x32 Version: 8.59.25584)
WPTx64 (x32 Version: 8.59.25584)
Xerox PhotoCafe (x32 Version: 1.0.0.6162)
Your Software Deals 1.0.0 (x32 Version: 1.0.0)

==================== Restore Points  =========================

Could not list Restore Points. Check WMI.


==================== Hosts content: ==========================

2012-07-26 06:26 - 2012-07-26 06:26 - 00000824 ____N C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => ?
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => ?
Task: C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => ?
Task: C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => ?
Task: C:\windows\Tasks\Video-Saver-1-chromeinstaller.job => ?
Task: C:\windows\Tasks\Video-Saver-1-codedownloader.job => ?
Task: C:\windows\Tasks\Video-Saver-1-enabler.job => ?
Task: C:\windows\Tasks\Video-Saver-1-updater.job => ?
Task: C:\windows\Tasks\Xerox PhotoCafe Communicator.job => ?

==================== Loaded Modules (whitelisted) =============

2012-09-17 09:23 - 2012-09-17 09:23 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-10-08 11:11 - 2013-10-08 11:11 - 00103424 _____ () C:\Program Files\Ultracopier\libgcc_s_sjlj-1.dll
2013-10-08 11:11 - 2013-10-08 11:11 - 01062912 _____ () C:\Program Files\Ultracopier\libstdc++-6.dll
2013-10-08 11:11 - 2013-10-08 11:11 - 01071616 _____ () C:\Program Files\Ultracopier\qt-plugins\platforms\qwindows.dll
2012-08-06 03:54 - 2012-08-06 03:54 - 00369664 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: Qualcomm Atheros AR3012 Bluetooth 4.0 + HS
Description: Qualcomm Atheros AR3012 Bluetooth 4.0 + HS
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Qualcomm Atheros Communications
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/09/2013 00:29:27 AM) (Source: ESENT) (User: )
Description: taskhostex (7428) Versuch, Datei "C:\Users\Admin\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" für den Lesezugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.

Error: (12/09/2013 00:26:31 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: WO10.exe, Version: 10.0.0.0, Zeitstempel: 0x5253fe3d
Name des fehlerhaften Moduls: WO10.exe, Version: 10.0.0.0, Zeitstempel: 0x5253fe3d
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00006c6a
ID des fehlerhaften Prozesses: 0x1dd4
Startzeit der fehlerhaften Anwendung: 0xWO10.exe0
Pfad der fehlerhaften Anwendung: WO10.exe1
Pfad des fehlerhaften Moduls: WO10.exe2
Berichtskennung: WO10.exe3
Vollständiger Name des fehlerhaften Pakets: WO10.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: WO10.exe5

Error: (12/09/2013 00:26:28 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: WO10.exe, Version: 10.0.0.0, Zeitstempel: 0x5253fe3d
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16451, Zeitstempel: 0x50988950
Ausnahmecode: 0x80000003
Fehleroffset: 0x00089bfc
ID des fehlerhaften Prozesses: 0x1dd4
Startzeit der fehlerhaften Anwendung: 0xWO10.exe0
Pfad der fehlerhaften Anwendung: WO10.exe1
Pfad des fehlerhaften Moduls: WO10.exe2
Berichtskennung: WO10.exe3
Vollständiger Name des fehlerhaften Pakets: WO10.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: WO10.exe5

Error: (12/08/2013 05:38:36 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: PABLO)
Description: Bei der Aktivierung der App „DefaultBrowser_NOPUBLISHERID!Chrome“ ist folgender Fehler aufgetreten: -2147024891. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (12/07/2013 11:45:46 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: PABLO)
Description: Bei der Aktivierung der App „DefaultBrowser_NOPUBLISHERID!Chrome“ ist folgender Fehler aufgetreten: -2147024891. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (12/07/2013 11:25:22 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: PABLO)
Description: Bei der Aktivierung der App „DefaultBrowser_NOPUBLISHERID!Chrome“ ist folgender Fehler aufgetreten: -2147024891. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (12/07/2013 11:18:28 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: PABLO)
Description: Bei der Aktivierung der App „DefaultBrowser_NOPUBLISHERID!Chrome“ ist folgender Fehler aufgetreten: -2147024891. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (12/07/2013 07:01:37 PM) (Source: ATIeRecord) (User: )
Description: ATI EEU Client event error

Error: (12/07/2013 05:02:54 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: ismagent.exe, Version: 1.8.1.36353, Zeitstempel: 0x4f8c314b
Name des fehlerhaften Moduls: combase.dll, Version: 6.2.9200.16420, Zeitstempel: 0x505a976e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00012b58
ID des fehlerhaften Prozesses: 0x1984
Startzeit der fehlerhaften Anwendung: 0xismagent.exe0
Pfad der fehlerhaften Anwendung: ismagent.exe1
Pfad des fehlerhaften Moduls: ismagent.exe2
Berichtskennung: ismagent.exe3
Vollständiger Name des fehlerhaften Pakets: ismagent.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ismagent.exe5

Error: (12/07/2013 05:01:52 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: ismagent.exe, Version: 1.8.1.36353, Zeitstempel: 0x4f8c314b
Name des fehlerhaften Moduls: systemInfo.dll, Version: 1.8.1.36353, Zeitstempel: 0x4f8c2ec9
Ausnahmecode: 0xc00001a5
Fehleroffset: 0x000076d4
ID des fehlerhaften Prozesses: 0x1984
Startzeit der fehlerhaften Anwendung: 0xismagent.exe0
Pfad der fehlerhaften Anwendung: ismagent.exe1
Pfad des fehlerhaften Moduls: ismagent.exe2
Berichtskennung: ismagent.exe3
Vollständiger Name des fehlerhaften Pakets: ismagent.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ismagent.exe5


System errors:
=============
Error: (12/07/2013 11:17:11 PM) (Source: bowser) (User: )
Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "PABLO" auf Transport "NetBT_Tcpip_{84CB43D4-116C-4341-8250-9C67F68F9A58}". Das Datagramm steht in den Daten.
Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.

Error: (12/07/2013 07:01:36 PM) (Source: DCOM) (User: PABLO)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

Error: (12/07/2013 01:02:32 AM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "RICHY-PC",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{84CB43D4-116C-4341-8250-9C67F68F9A58}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (12/07/2013 00:53:00 AM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "RICHY-PC",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{84CB43D4-116C-4341-8250-9C67F68F9A58}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (12/07/2013 00:40:59 AM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "RICHY-PC",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{84CB43D4-116C-4341-8250-9C67F68F9A58}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (12/07/2013 00:28:58 AM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "RICHY-PC",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{84CB43D4-116C-4341-8250-9C67F68F9A58}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (12/07/2013 00:16:59 AM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "RICHY-PC",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{84CB43D4-116C-4341-8250-9C67F68F9A58}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (12/07/2013 00:05:01 AM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "RICHY-PC",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{84CB43D4-116C-4341-8250-9C67F68F9A58}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (12/06/2013 11:52:59 PM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "RICHY-PC",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{84CB43D4-116C-4341-8250-9C67F68F9A58}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (12/06/2013 11:47:04 PM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{84CB43D4-116C-4341-8250-9C67F68F9A58}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.


Microsoft Office Sessions:
=========================
Error: (12/09/2013 00:29:27 AM) (Source: ESENT)(User: )
Description: taskhostex7428C:\Users\Admin\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat-1032 (0xfffffbf8)32 (0x00000020)Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.

Error: (12/09/2013 00:26:31 AM) (Source: Application Error)(User: )
Description: WO10.exe10.0.0.05253fe3dWO10.exe10.0.0.05253fe3dc000000500006c6a1dd401cef46cac0727d6C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 10\WO10.exeC:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 10\WO10.exe2ae2f615-6060-11e3-be9b-208984a5a408

Error: (12/09/2013 00:26:28 AM) (Source: Application Error)(User: )
Description: WO10.exe10.0.0.05253fe3dKERNELBASE.dll6.2.9200.16451509889508000000300089bfc1dd401cef46cac0727d6C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 10\WO10.exeC:\windows\SYSTEM32\KERNELBASE.dll296cf740-6060-11e3-be9b-208984a5a408

Error: (12/08/2013 05:38:36 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: PABLO)
Description: DefaultBrowser_NOPUBLISHERID!Chrome-2147024891

Error: (12/07/2013 11:45:46 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: PABLO)
Description: DefaultBrowser_NOPUBLISHERID!Chrome-2147024891

Error: (12/07/2013 11:25:22 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: PABLO)
Description: DefaultBrowser_NOPUBLISHERID!Chrome-2147024891

Error: (12/07/2013 11:18:28 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: PABLO)
Description: DefaultBrowser_NOPUBLISHERID!Chrome-2147024891

Error: (12/07/2013 07:01:37 PM) (Source: ATIeRecord)(User: )
Description: 

Error: (12/07/2013 05:02:54 PM) (Source: Application Error)(User: )
Description: ismagent.exe1.8.1.363534f8c314bcombase.dll6.2.9200.16420505a976ec000000500012b58198401cef36596650ef7C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exeC:\windows\SYSTEM32\combase.dll0772f7cb-5f59-11e3-be9b-208984a5a408

Error: (12/07/2013 05:01:52 PM) (Source: Application Error)(User: )
Description: ismagent.exe1.8.1.363534f8c314bsystemInfo.dll1.8.1.363534f8c2ec9c00001a5000076d4198401cef36596650ef7C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exeC:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\systemInfo.dlle2945b04-5f58-11e3-be9b-208984a5a408


==================== Memory info =========================== 

Percentage of memory in use: 40%
Total physical RAM: 8083.49 MB
Available physical RAM: 4777.76 MB
Total Pagefile: 16275.5 MB
Available Pagefile: 12162.84 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:433.09 GB) (Free:282.35 GB) NTFS

==================== MBR & Partition Table ==================

==================== End Of Log ============================
         
Jetzt sollte alles Illegale weg sein und noch ein paar spiele die ich schon durch hatte..

Alt 09.12.2013, 00:07   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
wahrscheinlich gehackt. - Standard

wahrscheinlich gehackt.



Zitat:
Jetzt sollte alles Illegale weg sein und noch ein paar spiele die ich schon durch hatte..
Jo..und was ist das hier bitte => C:\Users\Richard\Desktop\mohwf.reg

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 09.12.2013, 00:18   #15
ryderslider
 
wahrscheinlich gehackt. - Standard

wahrscheinlich gehackt.



Zitat:
Zitat von cosinus Beitrag anzeigen
Jo..und was ist das hier bitte => C:\Users\Richard\Desktop\mohwf.reg

Ups hab ich auch grade gesehen ist schon weg :P

Antwort

Themen zu wahrscheinlich gehackt.
64 bit, ahnung, angezeigt, anhang, anonymous, befürchtung, berechtigung, bereit, fenster, fenster öffnen sich, folge, folgendes, gehackt, komisch, leute, neuste, ordner, ordnern, sicherer, spiele, stand, system, wahrscheinlich, wichtige, windows, ändern, öffnen



Ähnliche Themen: wahrscheinlich gehackt.


  1. GMX gehackt, Nachrichten wurden verschickt, wahrscheinlich Virus
    Plagegeister aller Art und deren Bekämpfung - 23.07.2014 (15)
  2. Wahrscheinlich E-mail durch Keylogger gehackt
    Plagegeister aller Art und deren Bekämpfung - 23.05.2013 (8)
  3. Wahrscheinlich Infiziert
    Log-Analyse und Auswertung - 05.10.2012 (5)
  4. wahrscheinlich spyeye!
    Plagegeister aller Art und deren Bekämpfung - 05.02.2011 (19)
  5. [Gehackt]Gehackt dank nem kleinen Bruder
    Plagegeister aller Art und deren Bekämpfung - 03.02.2011 (2)
  6. Wahrscheinlich Trojaner auf PC
    Log-Analyse und Auswertung - 21.09.2010 (9)
  7. Wahrscheinlich Trojaner
    Log-Analyse und Auswertung - 13.07.2010 (5)
  8. Mein pc Wurde Wahrscheinlich gehackt!
    Netzwerk und Hardware - 14.04.2010 (8)
  9. Virus vorhanden - wahrscheinlich?
    Plagegeister aller Art und deren Bekämpfung - 14.11.2009 (0)
  10. Wahrscheinlich Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 17.08.2009 (10)
  11. Wahrscheinlich TR/DropperGen
    Plagegeister aller Art und deren Bekämpfung - 16.07.2009 (0)
  12. wahrscheinlich trojaner
    Log-Analyse und Auswertung - 30.11.2008 (7)
  13. Wahrscheinlich Virtumonde
    Log-Analyse und Auswertung - 23.07.2008 (9)
  14. Amazon Account gehackt + E-mail gehackt !
    Plagegeister aller Art und deren Bekämpfung - 05.05.2008 (16)
  15. Wahrscheinlich ein Trojaner???
    Log-Analyse und Auswertung - 22.03.2008 (7)
  16. Wahrscheinlich verseuchter Rechner...
    Log-Analyse und Auswertung - 27.06.2006 (5)
  17. wahrscheinlich ...
    Archiv - 24.01.2003 (10)

Zum Thema wahrscheinlich gehackt. - Hi Leute, ich hab folgendes Problem. Meine Fenster öffnen sich komisch(siehe Anhang). Und als ich berechtigung ändern wollte(bei unwichtigen Ordnern wie z.B. c:\Spiele) hatte ich bemerkt das u.a. Anonymous angezeigt - wahrscheinlich gehackt....
Archiv
Du betrachtest: wahrscheinlich gehackt. auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.