|
W32/patched.uc Virus Hilfe Antivir zeigt mir an das ich den oben genannten virus hab! |
Hi, Systemscan mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32bit oder FRST 64bit (Wenn du nicht sicher bist: Start > Computer (Rechtsklick) > Eigenschaften)
|
wo muss ich # drücken? Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-06-2013 02 Ran by Neunzerling (administrator) on 02-06-2013 19:17:30 Running from C:\Users\Neunzerling\Downloads Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) ================= () C:\Windows\system32\services.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (WebCake LLC) C:\Program Files (x86)\WebCake\WebCakeDesktop.Updater.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Valve Corporation) D:\Steam\Steam.exe (Skype Technologies S.A.) D:\Phone\Skype.exe () C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe (Electronic Arts) D:\Origin\Origin.exe (Spotify Ltd) C:\Users\Neunzerling\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe () C:\Windows\system\Cm106eye.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Google Inc.) C:\Users\Neunzerling\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Neunzerling\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Neunzerling\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Neunzerling\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Neunzerling\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Neunzerling\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Neunzerling\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Neunzerling\AppData\Local\Google\Chrome\Application\chrome.exe () C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe () C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe (Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe (Google Inc.) C:\Users\Neunzerling\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Neunzerling\AppData\Local\Google\Chrome\Application\chrome.exe (Farbar) C:\Users\Neunzerling\Downloads\FRST64 (1).exe (Microsoft Corporation) C:\Windows\system32\wermgr.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s [6470760 2012-05-08] (Realtek Semiconductor) HKLM\...\Run: [Cm106Sound] C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cm106.dll,CMICtrlWnd [8151040 2010-07-01] (C-Media Corporation) HKCU\...\Run: [Google Update] "C:\Users\Neunzerling\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2013-01-28] (Google Inc.) HKCU\...\Run: [Steam] "D:\Steam\steam.exe" -silent [x] HKCU\...\Run: [Skype] "D:\Phone\Skype.exe" /minimized /regrun [x] HKCU\...\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2013-01-28] () HKCU\...\Run: [EADM] "D:\Origin\Origin.exe" -AutoStart [x] HKCU\...\Run: [Spotify Web Helper] "C:\Users\Neunzerling\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1104384 2013-05-25] (Spotify Ltd) HKCU\...\Run: [WebCake Desktop] "C:\Users\Neunzerling\AppData\Roaming\WebCake\WebCakeDesktop.exe" [47896 2013-05-31] (WebCake LLC) MountPoints2: {ad0d77d3-6974-11e2-a732-806e6f6e6963} - F:\KMDS.exe MountPoints2: {ad0d7819-6974-11e2-a732-d43d7e051931} - F:\KMDS.exe MountPoints2: {e5098649-66fa-11e2-bd20-806e6f6e6963} - E:\Autorun.exe HKLM-x32\...\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [291608 2012-03-26] (Intel Corporation) HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [356376 2013-01-25] (Kaspersky Lab ZAO) HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [345312 2013-05-02] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation) HKLM-x32\...\Run: [RaidCall] C:\Program Files (x86)\RaidCall\raidcall.exe [3423928 2013-05-06] (RAIDCALL.COM) Startup: C:\Users\Neunzerling\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?affID=119357&tt=300513_new&babsrc=HP_ss_din2g&mntrId=60DED43D7E051931 HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.pcspezialist.de/berlin-spandau/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.delta-search.com/?q={searchTerms}&affID=119357&tt=300513_new&babsrc=SP_ss&mntrId=60DED43D7E051931 SearchScopes: HKCU - {B04094C1-09BB-4FBE-AA8F-E477D26E5B68} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=3CB95953-C0F2-4BB1-8690-52F0A3780A9D&apn_sauid=7337EF3B-8270-4E9A-83FD-BCA02BE8054A BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) BHO-x32: WebCake - {2A5A2A90-3B30-4E6E-A955-2F232C6EF517} - C:\Program Files (x86)\WebCake\WebCakeIEClient.dll (WebCake LLC) BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO-x32: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.21.5\bh\delta.dll (Delta-search.com) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) BHO-x32: DealPly - {EF7BD87A-8024-11E2-F316-F3E56188709B} - C:\Program Files (x86)\DealPly\DealPlyIE.dll (DealPly) Toolbar: HKLM-x32 - Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.21.5\deltaTlbr.dll (Delta-search.com) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll" Winsock: Catalog9 01 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [260832] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 02 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [260832] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 03 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [260832] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 04 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [260832] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 05 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [260832] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 06 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [260832] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 07 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [260832] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 08 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [260832] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 09 mswsock.dll File Not found () Winsock: Catalog9 10 mswsock.dll File Not found () Winsock: Catalog9 11 mswsock.dll File Not found () Winsock: Catalog9 12 mswsock.dll File Not found () Winsock: Catalog9 13 mswsock.dll File Not found () Winsock: Catalog9 14 mswsock.dll File Not found () Winsock: Catalog9 15 mswsock.dll File Not found () Winsock: Catalog9 16 mswsock.dll File Not found () Winsock: Catalog9 17 mswsock.dll File Not found () Winsock: Catalog9 18 mswsock.dll File Not found () Winsock: Catalog9 19 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [260832] (Avira Operations GmbH & Co. KG) Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" Winsock: Catalog5-x64 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll" Winsock: Catalog9-x64 01 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [234208] (Avira Operations GmbH & Co. KG) Winsock: Catalog9-x64 02 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [234208] (Avira Operations GmbH & Co. KG) Winsock: Catalog9-x64 03 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [234208] (Avira Operations GmbH & Co. KG) Winsock: Catalog9-x64 04 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [234208] (Avira Operations GmbH & Co. KG) Winsock: Catalog9-x64 05 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [234208] (Avira Operations GmbH & Co. KG) Winsock: Catalog9-x64 06 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [234208] (Avira Operations GmbH & Co. KG) Winsock: Catalog9-x64 07 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [234208] (Avira Operations GmbH & Co. KG) Winsock: Catalog9-x64 08 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [234208] (Avira Operations GmbH & Co. KG) Winsock: Catalog9-x64 09 mswsock.dll File Not found () Winsock: Catalog9-x64 10 mswsock.dll File Not found () Winsock: Catalog9-x64 11 mswsock.dll File Not found () Winsock: Catalog9-x64 12 mswsock.dll File Not found () Winsock: Catalog9-x64 13 mswsock.dll File Not found () Winsock: Catalog9-x64 14 mswsock.dll File Not found () Winsock: Catalog9-x64 15 mswsock.dll File Not found () Winsock: Catalog9-x64 16 mswsock.dll File Not found () Winsock: Catalog9-x64 17 mswsock.dll File Not found () Winsock: Catalog9-x64 18 mswsock.dll File Not found () Winsock: Catalog9-x64 19 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [234208] (Avira Operations GmbH & Co. KG) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Chrome: ======= CHR Extension: (Kaspersky URL Advisor) - C:\Users\Neunzerling\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0 CHR Extension: (WebCake) - C:\Users\Neunzerling\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh\1.0.3_0 CHR Extension: (DealPly Shopping) - C:\Users\Neunzerling\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmfnfnpmhcllokmkepffndflpnadjmma\3.5.3.0_0 ==================== Services (Whitelisted) ================= R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86752 2013-03-27] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110816 2013-03-27] (Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [562744 2013-05-02] (Avira Operations GmbH & Co. KG) R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356376 2013-01-25] (Kaspersky Lab ZAO) R2 BrowserDefendert; C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe [2827728 2013-05-23] () R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-05-17] () R2 WebCake Desktop Updater; C:\Users\Neunzerling\AppData\Roaming\WebCake\WebCakeDesktop.exe [47896 2013-05-31] (WebCake LLC) ==================== Drivers (Whitelisted) ==================== R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458584 2012-06-19] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [613720 2013-01-25] (Kaspersky Lab) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [28504 2012-08-02] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29016 2012-10-25] (Kaspersky Lab) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29528 2012-10-25] (Kaspersky Lab) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54104 2013-01-25] (Kaspersky Lab) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178008 2012-08-13] (Kaspersky Lab) S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.) R3 USBMULCD; C:\Windows\System32\drivers\CM10664.sys [1307648 2009-10-01] (C-Media Electronics Inc) R2 avgntflt; system32\DRIVERS\avgntflt.sys [x] R1 avipbb; system32\DRIVERS\avipbb.sys [x] R1 avkmgr; system32\DRIVERS\avkmgr.sys [x] S3 MSICDSetup; \??\E:\CDriver64.sys [x] S3 NTIOLib_1_0_C; \??\E:\NTIOLib_X64.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-06-02 19:14 - 2013-06-02 19:14 - 00004032 ____A C:\Users\Neunzerling\Desktop\RKreport[1]_S_06022013_02d1914.txt 2013-06-02 19:13 - 2013-06-02 19:14 - 00000000 ____D C:\Users\Neunzerling\Desktop\RK_Quarantine 2013-06-02 19:13 - 2013-06-02 19:13 - 00816128 ____A C:\Users\Neunzerling\Downloads\RogueKiller.exe 2013-06-02 18:53 - 2013-06-02 18:53 - 01916600 ____A (Farbar) C:\Users\Neunzerling\Downloads\FRST64 (1).exe 2013-06-01 19:53 - 2013-06-01 19:53 - 00000000 ____A C:\Users\Neunzerling\defogger_reenable 2013-06-01 19:51 - 2013-06-01 19:51 - 00019043 ____A C:\Users\Neunzerling\Downloads\Addition.txt 2013-06-01 19:50 - 2013-06-01 19:50 - 00000000 ____D C:\Users\Neunzerling\AppData\Local\Downloaded Installations 2013-06-01 19:50 - 2013-06-01 19:50 - 00000000 ____D C:\FRST 2013-06-01 19:49 - 2013-06-01 19:50 - 01916164 ____A (Farbar) C:\Users\Neunzerling\Downloads\FRST64.exe 2013-06-01 19:49 - 2013-06-01 19:49 - 00000000 ____D C:\Windows\SysWOW64\searchplugins 2013-06-01 19:49 - 2013-06-01 19:49 - 00000000 ____D C:\Windows\SysWOW64\Extensions 2013-06-01 19:49 - 2013-06-01 19:49 - 00000000 ____D C:\Users\Neunzerling\AppData\Roaming\BabSolution 2013-06-01 19:49 - 2013-06-01 19:49 - 00000000 ____D C:\ProgramData\BrowserDefender 2013-06-01 19:48 - 2013-06-01 19:48 - 00000000 ____D C:\Users\Neunzerling\AppData\Roaming\Delta 2013-06-01 19:48 - 2013-06-01 19:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-06-01 19:48 - 2013-06-01 19:48 - 00000000 ____D C:\Program Files (x86)\Delta 2013-06-01 19:47 - 2013-06-02 18:47 - 00000304 ____A C:\Windows\Tasks\DSite.job 2013-06-01 19:47 - 2013-06-02 18:33 - 00000000 ____D C:\Users\Neunzerling\AppData\Roaming\WebCake 2013-06-01 19:47 - 2013-06-01 19:47 - 00000000 ____D C:\Users\Neunzerling\AppData\Roaming\DSite 2013-06-01 19:47 - 2013-06-01 19:47 - 00000000 ____D C:\Users\Neunzerling\AppData\Roaming\DealPly 2013-06-01 19:47 - 2013-06-01 19:47 - 00000000 ____D C:\Users\Neunzerling\AppData\Roaming\Babylon 2013-06-01 19:47 - 2013-06-01 19:47 - 00000000 ____D C:\ProgramData\Babylon 2013-06-01 19:47 - 2013-06-01 19:47 - 00000000 ____D C:\Program Files (x86)\WebCake 2013-06-01 19:47 - 2013-06-01 19:47 - 00000000 ____D C:\Program Files (x86)\DealPly 2013-06-01 19:46 - 2013-06-01 19:46 - 00791488 ____A C:\Users\Neunzerling\Downloads\CodecPack.exe 2013-06-01 19:34 - 2013-06-02 19:11 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-06-01 19:26 - 2013-06-01 19:26 - 00632031 ____A C:\Users\Neunzerling\Downloads\adwcleaner.exe 2013-06-01 19:26 - 2013-06-01 19:26 - 00001424 ____A C:\AdwCleaner[S1].txt 2013-06-01 19:21 - 2013-06-01 19:21 - 640065676 ____A C:\Windows\MEMORY.DMP 2013-06-01 19:21 - 2013-06-01 19:21 - 00305152 ____A C:\Windows\Minidump\060113-17253-01.dmp 2013-06-01 19:21 - 2013-06-01 19:21 - 00000000 ____D C:\Windows\Minidump 2013-06-01 19:11 - 2013-06-01 19:11 - 00377856 ____A C:\Users\Neunzerling\Downloads\gmer_2.1.19163.exe 2013-06-01 19:11 - 2013-06-01 19:11 - 00050477 ____A C:\Users\Neunzerling\Downloads\Defogger.exe 2013-06-01 19:11 - 2013-06-01 19:11 - 00000484 ____A C:\Users\Neunzerling\Downloads\defogger_disable.log 2013-06-01 19:11 - 2013-06-01 19:11 - 00000256 ____A C:\Users\Neunzerling\Downloads\defogger_enable.log 2013-06-01 15:34 - 2013-06-01 15:39 - 00036892 ____A C:\Windows\SysWOW64\bassmod.dll 2013-06-01 15:33 - 2013-06-01 15:33 - 02340966 ____A C:\Users\Neunzerling\Downloads\Anno2070_DO_+15Trn+SE_2.00.7780.rar 2013-06-01 15:33 - 2013-01-12 16:07 - 00000000 ____D C:\Users\Neunzerling\Desktop\Anno2070_DO_+15Trn+SE_2.00.7780 2013-06-01 15:06 - 2013-06-01 15:06 - 00000047 ____A C:\Users\Neunzerling\Documents\mt-x_hook.txt 2013-06-01 15:06 - 2013-06-01 15:06 - 00000007 ____A C:\Users\Neunzerling\Documents\mt-e_hook.txt 2013-05-30 21:24 - 2013-05-30 21:24 - 00049323 ____A C:\Users\Neunzerling\Downloads\just_cause_2-demo_v1.0.0.2-trainer_v2010.03.21-dc.zip 2013-05-30 21:24 - 2010-03-21 00:34 - 00050176 ____A C:\Users\Neunzerling\Desktop\Just_Cause_2-Demo_v1.0.0.2-Trainer.exe 2013-05-27 19:47 - 2013-05-27 19:47 - 00000000 ____D C:\Users\Neunzerling\Documents\Square Enix 2013-05-25 18:08 - 2013-05-25 18:09 - 03819928 ____A C:\Users\Neunzerling\Downloads\battlelog-web-plugins_2.1.4_112.exe 2013-05-25 17:59 - 2013-05-25 18:01 - 18848284 ____A C:\Users\Neunzerling\Downloads\QueenstownNZIanRushton.themepack 2013-05-25 13:12 - 2013-05-25 13:13 - 00000000 ____D C:\Users\Neunzerling\Desktop\Anno 2070 Produktionsketten 2013-05-23 20:41 - 2013-05-23 20:41 - 00002146 ____A C:\Users\Public\Desktop\Eu3 - DEMO.lnk 2013-05-23 20:41 - 2013-05-23 20:41 - 00000000 ____D C:\Program Files (x86)\Paradox Interactive 2013-05-23 20:23 - 2013-05-23 20:38 - 132963467 ____A (Paradox Interactive ) C:\Users\Neunzerling\Downloads\eu3_demo.exe 2013-05-23 19:19 - 2013-05-23 20:00 - 00474925 ____A C:\Users\Neunzerling\Downloads\FliegenunterWasser.odp 2013-05-21 12:28 - 2013-05-21 12:28 - 00000000 ____D C:\Users\Neunzerling\Documents\Empire Earth II SP Demo 2013-05-21 12:28 - 2013-05-21 12:28 - 00000000 ____D C:\Users\Neunzerling\AppData\Roaming\Sierra 2013-05-21 12:26 - 2013-05-21 12:26 - 00001010 ____A C:\Users\Public\Desktop\Launch EEII SP Demo.lnk 2013-05-21 12:26 - 2013-05-21 12:26 - 00000000 ____D C:\Program Files (x86)\Sierra 2013-05-21 10:39 - 2013-05-21 10:39 - 00614816 ____A (www.download-sponsor.de) C:\Users\Neunzerling\Downloads\empireearth2_spdemo_en (1).exe 2013-05-20 22:11 - 2013-05-20 22:11 - 00614816 ____A (www.download-sponsor.de) C:\Users\Neunzerling\Downloads\empireearth2_spdemo_en.exe 2013-05-20 20:45 - 2013-05-20 20:45 - 00673992 ____A C:\Users\Neunzerling\Downloads\Brothersoft_downloader_For_Empire_Earth_1.exe 2013-05-18 22:13 - 2013-05-27 15:07 - 00000000 ____D C:\Users\Neunzerling\Desktop\Ruse 2013-05-18 21:22 - 2013-05-18 21:26 - 43144421 ____A C:\Users\Neunzerling\Downloads\RUSE_THEME.zip 2013-05-18 20:22 - 2013-05-18 20:22 - 00000000 ____D C:\Users\Neunzerling\Documents\ANNO 2070 2013-05-18 20:15 - 2013-05-18 20:15 - 00000000 ____D C:\Users\Neunzerling\Documents\Electronic Arts 2013-05-18 20:02 - 2013-05-18 20:02 - 00000000 ____D C:\ProgramData\Solidshield 2013-05-18 16:42 - 2013-05-18 16:42 - 00002250 ____A C:\Users\Public\Desktop\Die Sims™ 3 Traumkarrieren.lnk 2013-05-18 16:40 - 2013-05-18 16:41 - 08950523 ____A C:\Users\Neunzerling\Downloads\awesome.zip 2013-05-18 16:39 - 2013-05-18 16:39 - 00887896 ____A (Microsoft Corporation) C:\Users\Neunzerling\Downloads\dotNetFx40_Client_setup.exe 2013-05-18 16:38 - 2013-05-18 16:39 - 02869264 ____A (Microsoft Corporation) C:\Users\Neunzerling\Downloads\dotNetFx35setup.exe 2013-05-18 16:15 - 2013-05-18 16:15 - 00002090 ____A C:\Users\Public\Desktop\Die*Sims™*3.lnk 2013-05-18 16:15 - 2013-05-18 16:15 - 00000000 ____D C:\Program Files (x86)\Microsoft WSE 2013-05-18 16:01 - 2013-05-18 16:36 - 00000000 ____D C:\Program Files (x86)\Electronic Arts 2013-05-18 12:32 - 2013-05-18 12:32 - 00000658 ____A C:\Users\Neunzerling\Desktop\Anno 2070.lnk 2013-05-18 12:32 - 2013-05-18 12:32 - 00000000 ____D C:\Users\Neunzerling\AppData\Roaming\Ubisoft 2013-05-17 19:29 - 2013-05-30 17:05 - 00291088 ____A C:\Windows\SysWOW64\PnkBstrB.exe 2013-05-17 19:29 - 2013-05-17 19:34 - 00076888 ____A C:\Windows\SysWOW64\PnkBstrA.exe 2013-05-17 19:20 - 2013-05-17 19:20 - 00886409 ____A C:\Users\Neunzerling\Downloads\pbsetup.zip 2013-05-17 19:19 - 2012-07-06 16:13 - 02580552 ____A C:\Windows\SysWOW64\pbsvc.exe 2013-05-16 21:37 - 2013-05-16 21:37 - 03820336 ____A C:\Users\Neunzerling\Downloads\battlelog-web-plugins_2.1.3_109.exe 2013-05-16 16:35 - 2013-05-16 16:35 - 00000000 ____D C:\Users\Neunzerling\AppData\Local\Adobe 2013-05-16 15:45 - 2013-04-05 08:52 - 02242048 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-05-16 15:45 - 2013-04-05 08:52 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-05-16 15:45 - 2013-04-05 08:52 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2013-05-16 15:45 - 2013-04-05 08:50 - 19231232 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-05-16 15:45 - 2013-04-05 08:50 - 15404032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-05-16 15:45 - 2013-04-05 08:50 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-05-16 15:45 - 2013-04-05 08:50 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-05-16 15:45 - 2013-04-05 08:50 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-05-16 15:45 - 2013-04-05 08:50 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-05-16 15:45 - 2013-04-05 08:50 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-05-16 15:45 - 2013-04-05 08:50 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll 2013-05-16 15:45 - 2013-04-05 08:50 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2013-05-16 15:45 - 2013-04-05 08:50 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-05-16 15:45 - 2013-04-05 08:50 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2013-05-16 15:45 - 2013-04-05 07:28 - 01767424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-05-16 15:45 - 2013-04-05 07:28 - 01130496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-05-16 15:45 - 2013-04-05 07:26 - 14323712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-05-16 15:45 - 2013-04-05 07:26 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-05-16 15:45 - 2013-04-05 07:26 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-05-16 15:45 - 2013-04-05 07:26 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-05-16 15:45 - 2013-04-05 07:26 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-05-16 15:45 - 2013-04-05 07:26 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-05-16 15:45 - 2013-04-05 07:26 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-05-16 15:45 - 2013-04-05 07:26 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-05-16 15:45 - 2013-04-05 07:26 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-05-16 15:45 - 2013-04-05 07:26 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-05-16 15:45 - 2013-04-05 07:26 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-05-16 15:45 - 2013-04-05 06:43 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-05-16 15:45 - 2013-04-05 06:29 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-05-16 15:45 - 2013-04-05 05:51 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe 2013-05-16 15:45 - 2013-04-05 05:38 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-05-16 15:44 - 2013-04-10 08:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys 2013-05-16 15:44 - 2013-04-10 08:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys 2013-05-16 15:44 - 2013-04-10 05:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2013-05-16 15:44 - 2013-03-19 07:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll 2013-05-16 15:44 - 2013-03-19 07:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll 2013-05-16 15:44 - 2013-02-27 08:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe 2013-05-16 15:44 - 2013-02-27 07:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll 2013-05-16 15:44 - 2013-02-27 07:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll 2013-05-16 15:44 - 2013-02-27 07:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll 2013-05-16 15:44 - 2013-02-27 07:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll 2013-05-16 15:44 - 2013-02-27 06:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2013-05-16 15:44 - 2013-02-27 06:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll 2013-05-16 15:44 - 2013-02-27 06:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2013-05-16 15:44 - 2011-02-03 13:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll 2013-05-13 15:13 - 2013-05-13 15:13 - 00092776 ____A (Spotify Ltd) C:\Users\Neunzerling\Downloads\SpotifySetup.exe 2013-05-13 15:11 - 2013-06-01 15:13 - 00000000 ____D C:\Users\Neunzerling\AppData\Local\Spotify 2013-05-13 15:11 - 2013-05-13 15:11 - 00001797 ____A C:\Users\Neunzerling\Desktop\Spotify.lnk 2013-05-13 15:10 - 2013-06-01 16:11 - 00000000 ____D C:\Users\Neunzerling\AppData\Roaming\Spotify 2013-05-13 15:09 - 2013-05-13 15:09 - 00092776 ____A (Spotify Ltd) C:\Users\Neunzerling\Downloads\SpotifySetup33.exe 2013-05-13 15:09 - 2013-05-13 15:09 - 00092776 ____A (Spotify Ltd) C:\Users\Neunzerling\Downloads\SpotifySetup33 (1).exe 2013-05-12 16:04 - 2013-05-12 16:07 - 23647099 ____A C:\Users\Neunzerling\Downloads\WestCoastNZIanRushton.themepack 2013-05-12 16:04 - 2013-05-12 16:06 - 15384369 ____A C:\Users\Neunzerling\Downloads\PanoramicDeserts.deskthemepack 2013-05-08 14:18 - 2013-05-08 14:18 - 00000202 ____A C:\Users\Neunzerling\Desktop\Teraria.url 2013-05-07 20:49 - 2013-05-07 20:49 - 00321645 ____A C:\Users\Neunzerling\Downloads\Flaggenmod.zip 2013-05-07 20:36 - 2013-05-07 20:38 - 09928241 ____A C:\Users\Neunzerling\Downloads\AustralianLandscapes IanJohnson.themepack 2013-05-07 20:36 - 2013-05-07 20:37 - 08337971 ____A C:\Users\Neunzerling\Downloads\AustralianShoresAntonGorlin.themepack 2013-05-07 16:46 - 2013-05-07 16:47 - 12378733 ____A C:\Users\Neunzerling\Downloads\PCSX2 BIOS CJG.rar 2013-05-07 16:43 - 2013-05-07 19:30 - 00000000 ____D C:\Users\Neunzerling\Documents\PCSX2 2013-05-07 16:40 - 2013-05-07 16:40 - 08945660 ____A C:\Users\Neunzerling\Downloads\pcsx2-1.0.0-r5350-setup.exe 2013-05-07 16:38 - 2013-05-07 16:40 - 11403721 ____A C:\Users\Neunzerling\Downloads\san_francisco_rush_2049.zip 2013-05-07 10:00 - 2013-05-07 10:02 - 10122352 ____A C:\Users\Neunzerling\Downloads\mariokart64.zip 2013-05-07 09:59 - 2013-05-07 19:31 - 00000000 ____D C:\Program Files (x86)\Project64 1.6 2013-05-07 09:57 - 2013-05-07 09:57 - 00613216 ____A (www.download-sponsor.de) C:\Users\Neunzerling\Downloads\setup_Project64_1.6en.exe 2013-05-06 15:11 - 2013-05-23 14:35 - 00000000 ____A C:\Windows\SysWOW64\filetrace.log 2013-05-05 13:52 - 2013-05-23 14:43 - 00000000 ____D C:\Program Files (x86)\RaidCall 2013-05-05 13:52 - 2013-05-05 13:52 - 05515624 ____A C:\Users\Neunzerling\Downloads\raidcall_v7.2.0.exe 2013-05-05 13:52 - 2013-05-05 13:52 - 00001011 ____A C:\Users\UpdatusUser\Desktop\RaidCall.lnk 2013-05-05 13:52 - 2013-05-05 13:52 - 00001011 ____A C:\Users\Neunzerling\Desktop\Raidcall.lnk 2013-05-05 13:52 - 2013-05-05 13:52 - 00000000 ____D C:\Users\Neunzerling\AppData\Roaming\raidcall 2013-05-05 12:27 - 2013-05-06 17:56 - 00000000 ____D C:\Users\Neunzerling\AppData\Roaming\TS3Client 2013-05-05 12:26 - 2013-05-05 12:26 - 00000967 ____A C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk 2013-05-05 12:26 - 2013-05-05 12:26 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client 2013-05-05 12:23 - 2013-05-05 12:26 - 34954912 ____A (TeamSpeak Systems GmbH) C:\Users\Neunzerling\Downloads\TeamSpeak3-Client-win64-3.0.10.1.exe 2013-05-04 17:03 - 2013-05-04 17:03 - 00097946 ____A C:\Users\Neunzerling\Downloads\TooManyItems2013_04_25_1.5.2.zip 2013-05-04 16:46 - 2013-06-01 13:09 - 00000000 ____D C:\Users\Neunzerling\AppData\Roaming\.minecraft 2013-05-04 16:45 - 2013-05-04 16:46 - 11584038 ____A C:\Users\Neunzerling\Downloads\Sphax PureBDcraft 64x MC15.zip 2013-05-04 16:43 - 2013-05-04 16:44 - 00376304 ____A C:\Users\Neunzerling\Downloads\OptiFine_1.5.2_HD_U_D2.zip 2013-05-03 20:20 - 2013-05-03 20:20 - 00004107 ____A C:\Windows\SysWOW64\jupdate-1.7.0_21-b11.log 2013-05-03 20:20 - 2013-04-04 05:35 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-05-03 20:20 - 2013-04-04 05:30 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-05-03 20:20 - 2013-04-04 05:29 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-05-03 15:10 - 2013-05-03 15:27 - 231404576 ____A (Ubisoft) C:\Users\Neunzerling\Downloads\FarCry3_mp_dlc.exe ==================== One Month Modified Files and Folders ======= 2013-06-02 19:17 - 2013-01-28 20:57 - 00000000 ____D C:\Users\Neunzerling\AppData\Local\PMB Files 2013-06-02 19:17 - 2013-01-28 20:19 - 00000000 ____D C:\Users\Neunzerling\AppData\Roaming\Skype 2013-06-02 19:14 - 2013-06-02 19:14 - 00004032 ____A C:\Users\Neunzerling\Desktop\RKreport[1]_S_06022013_02d1914.txt 2013-06-02 19:14 - 2013-06-02 19:13 - 00000000 ____D C:\Users\Neunzerling\Desktop\RK_Quarantine 2013-06-02 19:13 - 2013-06-02 19:13 - 00816128 ____A C:\Users\Neunzerling\Downloads\RogueKiller.exe 2013-06-02 19:11 - 2013-06-01 19:34 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-06-02 18:53 - 2013-06-02 18:53 - 01916600 ____A (Farbar) C:\Users\Neunzerling\Downloads\FRST64 (1).exe 2013-06-02 18:47 - 2013-06-01 19:47 - 00000304 ____A C:\Windows\Tasks\DSite.job 2013-06-02 18:39 - 2009-07-14 06:45 - 00021840 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-06-02 18:39 - 2009-07-14 06:45 - 00021840 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-06-02 18:38 - 2011-04-12 09:43 - 00654372 ____A C:\Windows\System32\perfh007.dat 2013-06-02 18:38 - 2011-04-12 09:43 - 00129986 ____A C:\Windows\System32\perfc007.dat 2013-06-02 18:38 - 2009-07-14 07:13 - 01499844 ____A C:\Windows\System32\PerfStringBackup.INI 2013-06-02 18:34 - 2013-01-25 20:12 - 00000000 ____D C:\ProgramData\Kaspersky Lab 2013-06-02 18:33 - 2013-06-01 19:47 - 00000000 ____D C:\Users\Neunzerling\AppData\Roaming\WebCake 2013-06-02 18:32 - 2013-01-25 19:57 - 00000000 ____D C:\ProgramData\NVIDIA 2013-06-02 18:32 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-06-02 18:32 - 2009-07-14 06:51 - 00043300 ____A C:\Windows\setupact.log 2013-06-01 20:27 - 2013-01-28 20:04 - 00001144 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1396853779-1898471116-1014588444-1000UA.job 2013-06-01 20:04 - 2013-01-25 20:08 - 00000000 ____D C:\Users\Neunzerling\AppData\Roaming\SoftGrid Client 2013-06-01 19:53 - 2013-06-01 19:53 - 00000000 ____A C:\Users\Neunzerling\defogger_reenable 2013-06-01 19:53 - 2013-01-25 16:30 - 00000000 ____D C:\users\Neunzerling 2013-06-01 19:51 - 2013-06-01 19:51 - 00019043 ____A C:\Users\Neunzerling\Downloads\Addition.txt 2013-06-01 19:50 - 2013-06-01 19:50 - 00000000 ____D C:\Users\Neunzerling\AppData\Local\Downloaded Installations 2013-06-01 19:50 - 2013-06-01 19:50 - 00000000 ____D C:\FRST 2013-06-01 19:50 - 2013-06-01 19:49 - 01916164 ____A (Farbar) C:\Users\Neunzerling\Downloads\FRST64.exe 2013-06-01 19:49 - 2013-06-01 19:49 - 00000000 ____D C:\Windows\SysWOW64\searchplugins 2013-06-01 19:49 - 2013-06-01 19:49 - 00000000 ____D C:\Windows\SysWOW64\Extensions 2013-06-01 19:49 - 2013-06-01 19:49 - 00000000 ____D C:\Users\Neunzerling\AppData\Roaming\BabSolution 2013-06-01 19:49 - 2013-06-01 19:49 - 00000000 ____D C:\ProgramData\BrowserDefender 2013-06-01 19:48 - 2013-06-01 19:48 - 00000000 ____D C:\Users\Neunzerling\AppData\Roaming\Delta 2013-06-01 19:48 - 2013-06-01 19:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-06-01 19:48 - 2013-06-01 19:48 - 00000000 ____D C:\Program Files (x86)\Delta 2013-06-01 19:47 - 2013-06-01 19:47 - 00000000 ____D C:\Users\Neunzerling\AppData\Roaming\DSite 2013-06-01 19:47 - 2013-06-01 19:47 - 00000000 ____D C:\Users\Neunzerling\AppData\Roaming\DealPly 2013-06-01 19:47 - 2013-06-01 19:47 - 00000000 ____D C:\Users\Neunzerling\AppData\Roaming\Babylon 2013-06-01 19:47 - 2013-06-01 19:47 - 00000000 ____D C:\ProgramData\Babylon 2013-06-01 19:47 - 2013-06-01 19:47 - 00000000 ____D C:\Program Files (x86)\WebCake 2013-06-01 19:47 - 2013-06-01 19:47 - 00000000 ____D C:\Program Files (x86)\DealPly 2013-06-01 19:46 - 2013-06-01 19:46 - 00791488 ____A C:\Users\Neunzerling\Downloads\CodecPack.exe 2013-06-01 19:34 - 2013-04-03 11:41 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-06-01 19:34 - 2013-03-24 00:10 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-06-01 19:26 - 2013-06-01 19:26 - 00632031 ____A C:\Users\Neunzerling\Downloads\adwcleaner.exe 2013-06-01 19:26 - 2013-06-01 19:26 - 00001424 ____A C:\AdwCleaner[S1].txt 2013-06-01 19:21 - 2013-06-01 19:21 - 640065676 ____A C:\Windows\MEMORY.DMP 2013-06-01 19:21 - 2013-06-01 19:21 - 00305152 ____A C:\Windows\Minidump\060113-17253-01.dmp 2013-06-01 19:21 - 2013-06-01 19:21 - 00000000 ____D C:\Windows\Minidump 2013-06-01 19:19 - 2013-01-25 16:30 - 01651897 ____A C:\Windows\WindowsUpdate.log 2013-06-01 19:11 - 2013-06-01 19:11 - 00377856 ____A C:\Users\Neunzerling\Downloads\gmer_2.1.19163.exe 2013-06-01 19:11 - 2013-06-01 19:11 - 00050477 ____A C:\Users\Neunzerling\Downloads\Defogger.exe 2013-06-01 19:11 - 2013-06-01 19:11 - 00000484 ____A C:\Users\Neunzerling\Downloads\defogger_disable.log 2013-06-01 19:11 - 2013-06-01 19:11 - 00000256 ____A C:\Users\Neunzerling\Downloads\defogger_enable.log 2013-06-01 16:36 - 2013-02-01 21:12 - 00000000 ____D C:\Program Files (x86)\Origin Games 2013-06-01 16:11 - 2013-05-13 15:10 - 00000000 ____D C:\Users\Neunzerling\AppData\Roaming\Spotify 2013-06-01 15:39 - 2013-06-01 15:34 - 00036892 ____A C:\Windows\SysWOW64\bassmod.dll 2013-06-01 15:33 - 2013-06-01 15:33 - 02340966 ____A C:\Users\Neunzerling\Downloads\Anno2070_DO_+15Trn+SE_2.00.7780.rar 2013-06-01 15:13 - 2013-05-13 15:11 - 00000000 ____D C:\Users\Neunzerling\AppData\Local\Spotify 2013-06-01 15:06 - 2013-06-01 15:06 - 00000047 ____A C:\Users\Neunzerling\Documents\mt-x_hook.txt 2013-06-01 15:06 - 2013-06-01 15:06 - 00000007 ____A C:\Users\Neunzerling\Documents\mt-e_hook.txt 2013-06-01 13:23 - 2013-01-28 20:57 - 00000000 ____D C:\ProgramData\PMB Files 2013-06-01 13:09 - 2013-05-04 16:46 - 00000000 ____D C:\Users\Neunzerling\AppData\Roaming\.minecraft 2013-05-31 21:27 - 2013-01-28 20:04 - 00001092 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1396853779-1898471116-1014588444-1000Core.job 2013-05-31 19:25 - 2009-07-14 07:08 - 00032640 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2013-05-30 21:24 - 2013-05-30 21:24 - 00049323 ____A C:\Users\Neunzerling\Downloads\just_cause_2-demo_v1.0.0.2-trainer_v2010.03.21-dc.zip 2013-05-30 17:05 - 2013-05-17 19:29 - 00291088 ____A C:\Windows\SysWOW64\PnkBstrB.exe 2013-05-30 17:05 - 2013-01-29 20:36 - 00291088 ____A C:\Windows\SysWOW64\PnkBstrB.xtr 2013-05-28 19:21 - 2013-01-29 20:06 - 00291088 ____A C:\Windows\SysWOW64\PnkBstrB.ex0 2013-05-27 19:47 - 2013-05-27 19:47 - 00000000 ____D C:\Users\Neunzerling\Documents\Square Enix 2013-05-27 15:07 - 2013-05-18 22:13 - 00000000 ____D C:\Users\Neunzerling\Desktop\Ruse 2013-05-26 16:08 - 2013-02-04 13:31 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins 2013-05-26 16:08 - 2010-11-21 05:47 - 00273884 ____A C:\Windows\PFRO.log 2013-05-25 18:09 - 2013-05-25 18:08 - 03819928 ____A C:\Users\Neunzerling\Downloads\battlelog-web-plugins_2.1.4_112.exe 2013-05-25 18:01 - 2013-05-25 17:59 - 18848284 ____A C:\Users\Neunzerling\Downloads\QueenstownNZIanRushton.themepack 2013-05-25 13:13 - 2013-05-25 13:12 - 00000000 ____D C:\Users\Neunzerling\Desktop\Anno 2070 Produktionsketten 2013-05-23 20:41 - 2013-05-23 20:41 - 00002146 ____A C:\Users\Public\Desktop\Eu3 - DEMO.lnk 2013-05-23 20:41 - 2013-05-23 20:41 - 00000000 ____D C:\Program Files (x86)\Paradox Interactive 2013-05-23 20:41 - 2013-01-25 16:58 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2013-05-23 20:38 - 2013-05-23 20:23 - 132963467 ____A (Paradox Interactive ) C:\Users\Neunzerling\Downloads\eu3_demo.exe 2013-05-23 20:00 - 2013-05-23 19:19 - 00474925 ____A C:\Users\Neunzerling\Downloads\FliegenunterWasser.odp 2013-05-23 14:43 - 2013-05-05 13:52 - 00000000 ____D C:\Program Files (x86)\RaidCall 2013-05-23 14:35 - 2013-05-06 15:11 - 00000000 ____A C:\Windows\SysWOW64\filetrace.log 2013-05-21 12:28 - 2013-05-21 12:28 - 00000000 ____D C:\Users\Neunzerling\Documents\Empire Earth II SP Demo 2013-05-21 12:28 - 2013-05-21 12:28 - 00000000 ____D C:\Users\Neunzerling\AppData\Roaming\Sierra 2013-05-21 12:26 - 2013-05-21 12:26 - 00001010 ____A C:\Users\Public\Desktop\Launch EEII SP Demo.lnk 2013-05-21 12:26 - 2013-05-21 12:26 - 00000000 ____D C:\Program Files (x86)\Sierra 2013-05-21 10:39 - 2013-05-21 10:39 - 00614816 ____A (www.download-sponsor.de) C:\Users\Neunzerling\Downloads\empireearth2_spdemo_en (1).exe 2013-05-20 22:11 - 2013-05-20 22:11 - 00614816 ____A (www.download-sponsor.de) C:\Users\Neunzerling\Downloads\empireearth2_spdemo_en.exe 2013-05-20 20:45 - 2013-05-20 20:45 - 00673992 ____A C:\Users\Neunzerling\Downloads\Brothersoft_downloader_For_Empire_Earth_1.exe 2013-05-18 21:26 - 2013-05-18 21:22 - 43144421 ____A C:\Users\Neunzerling\Downloads\RUSE_THEME.zip 2013-05-18 20:22 - 2013-05-18 20:22 - 00000000 ____D C:\Users\Neunzerling\Documents\ANNO 2070 2013-05-18 20:15 - 2013-05-18 20:15 - 00000000 ____D C:\Users\Neunzerling\Documents\Electronic Arts 2013-05-18 20:02 - 2013-05-18 20:02 - 00000000 ____D C:\ProgramData\Solidshield 2013-05-18 17:21 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache 2013-05-18 16:42 - 2013-05-18 16:42 - 00002250 ____A C:\Users\Public\Desktop\Die Sims™ 3 Traumkarrieren.lnk 2013-05-18 16:41 - 2013-05-18 16:40 - 08950523 ____A C:\Users\Neunzerling\Downloads\awesome.zip 2013-05-18 16:39 - 2013-05-18 16:39 - 00887896 ____A (Microsoft Corporation) C:\Users\Neunzerling\Downloads\dotNetFx40_Client_setup.exe 2013-05-18 16:39 - 2013-05-18 16:38 - 02869264 ____A (Microsoft Corporation) C:\Users\Neunzerling\Downloads\dotNetFx35setup.exe 2013-05-18 16:36 - 2013-05-18 16:01 - 00000000 ____D C:\Program Files (x86)\Electronic Arts 2013-05-18 16:15 - 2013-05-18 16:15 - 00002090 ____A C:\Users\Public\Desktop\Die*Sims™*3.lnk 2013-05-18 16:15 - 2013-05-18 16:15 - 00000000 ____D C:\Program Files (x86)\Microsoft WSE 2013-05-18 12:32 - 2013-05-18 12:32 - 00000658 ____A C:\Users\Neunzerling\Desktop\Anno 2070.lnk 2013-05-18 12:32 - 2013-05-18 12:32 - 00000000 ____D C:\Users\Neunzerling\AppData\Roaming\Ubisoft 2013-05-18 12:17 - 2013-01-29 19:57 - 00000000 ____D C:\Program Files (x86)\Ubisoft 2013-05-17 19:34 - 2013-05-17 19:29 - 00076888 ____A C:\Windows\SysWOW64\PnkBstrA.exe 2013-05-17 19:20 - 2013-05-17 19:20 - 00886409 ____A C:\Users\Neunzerling\Downloads\pbsetup.zip 2013-05-16 21:37 - 2013-05-16 21:37 - 03820336 ____A C:\Users\Neunzerling\Downloads\battlelog-web-plugins_2.1.3_109.exe 2013-05-16 20:08 - 2013-01-25 20:05 - 00000000 ____D C:\ProgramData\Adobe 2013-05-16 20:06 - 2009-07-14 06:45 - 00294168 ____A C:\Windows\System32\FNTCACHE.DAT 2013-05-16 16:35 - 2013-05-16 16:35 - 00000000 ____D C:\Users\Neunzerling\AppData\Local\Adobe 2013-05-16 16:35 - 2013-01-30 16:58 - 00000000 ____D C:\Users\Neunzerling\AppData\Roaming\Adobe 2013-05-16 15:48 - 2013-01-25 20:48 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-05-13 15:13 - 2013-05-13 15:13 - 00092776 ____A (Spotify Ltd) C:\Users\Neunzerling\Downloads\SpotifySetup.exe 2013-05-13 15:11 - 2013-05-13 15:11 - 00001797 ____A C:\Users\Neunzerling\Desktop\Spotify.lnk 2013-05-13 15:09 - 2013-05-13 15:09 - 00092776 ____A (Spotify Ltd) C:\Users\Neunzerling\Downloads\SpotifySetup33.exe 2013-05-13 15:09 - 2013-05-13 15:09 - 00092776 ____A (Spotify Ltd) C:\Users\Neunzerling\Downloads\SpotifySetup33 (1).exe 2013-05-12 16:21 - 2013-01-29 20:35 - 00000000 ____D C:\Users\Neunzerling\Documents\My Games 2013-05-12 16:07 - 2013-05-12 16:04 - 23647099 ____A C:\Users\Neunzerling\Downloads\WestCoastNZIanRushton.themepack 2013-05-12 16:06 - 2013-05-12 16:04 - 15384369 ____A C:\Users\Neunzerling\Downloads\PanoramicDeserts.deskthemepack 2013-05-08 14:18 - 2013-05-08 14:18 - 00000202 ____A C:\Users\Neunzerling\Desktop\Teraria.url 2013-05-07 20:49 - 2013-05-07 20:49 - 00321645 ____A C:\Users\Neunzerling\Downloads\Flaggenmod.zip 2013-05-07 20:38 - 2013-05-07 20:36 - 09928241 ____A C:\Users\Neunzerling\Downloads\AustralianLandscapes IanJohnson.themepack 2013-05-07 20:37 - 2013-05-07 20:36 - 08337971 ____A C:\Users\Neunzerling\Downloads\AustralianShoresAntonGorlin.themepack 2013-05-07 19:31 - 2013-05-07 09:59 - 00000000 ____D C:\Program Files (x86)\Project64 1.6 2013-05-07 19:30 - 2013-05-07 16:43 - 00000000 ____D C:\Users\Neunzerling\Documents\PCSX2 2013-05-07 16:47 - 2013-05-07 16:46 - 12378733 ____A C:\Users\Neunzerling\Downloads\PCSX2 BIOS CJG.rar 2013-05-07 16:41 - 2013-01-25 16:30 - 00000000 ____D C:\Users\Neunzerling\AppData\Local\VirtualStore 2013-05-07 16:40 - 2013-05-07 16:40 - 08945660 ____A C:\Users\Neunzerling\Downloads\pcsx2-1.0.0-r5350-setup.exe 2013-05-07 16:40 - 2013-05-07 16:38 - 11403721 ____A C:\Users\Neunzerling\Downloads\san_francisco_rush_2049.zip 2013-05-07 10:02 - 2013-05-07 10:00 - 10122352 ____A C:\Users\Neunzerling\Downloads\mariokart64.zip 2013-05-07 09:57 - 2013-05-07 09:57 - 00613216 ____A (www.download-sponsor.de) C:\Users\Neunzerling\Downloads\setup_Project64_1.6en.exe 2013-05-06 17:56 - 2013-05-05 12:27 - 00000000 ____D C:\Users\Neunzerling\AppData\Roaming\TS3Client 2013-05-05 13:52 - 2013-05-05 13:52 - 05515624 ____A C:\Users\Neunzerling\Downloads\raidcall_v7.2.0.exe 2013-05-05 13:52 - 2013-05-05 13:52 - 00001011 ____A C:\Users\UpdatusUser\Desktop\RaidCall.lnk 2013-05-05 13:52 - 2013-05-05 13:52 - 00001011 ____A C:\Users\Neunzerling\Desktop\Raidcall.lnk 2013-05-05 13:52 - 2013-05-05 13:52 - 00000000 ____D C:\Users\Neunzerling\AppData\Roaming\raidcall 2013-05-05 12:26 - 2013-05-05 12:26 - 00000967 ____A C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk 2013-05-05 12:26 - 2013-05-05 12:26 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client 2013-05-05 12:26 - 2013-05-05 12:23 - 34954912 ____A (TeamSpeak Systems GmbH) C:\Users\Neunzerling\Downloads\TeamSpeak3-Client-win64-3.0.10.1.exe 2013-05-04 17:03 - 2013-05-04 17:03 - 00097946 ____A C:\Users\Neunzerling\Downloads\TooManyItems2013_04_25_1.5.2.zip 2013-05-04 16:46 - 2013-05-04 16:45 - 11584038 ____A C:\Users\Neunzerling\Downloads\Sphax PureBDcraft 64x MC15.zip 2013-05-04 16:44 - 2013-05-04 16:43 - 00376304 ____A C:\Users\Neunzerling\Downloads\OptiFine_1.5.2_HD_U_D2.zip 2013-05-03 20:20 - 2013-05-03 20:20 - 00004107 ____A C:\Windows\SysWOW64\jupdate-1.7.0_21-b11.log 2013-05-03 20:20 - 2013-03-31 18:28 - 00000000 ____D C:\Program Files (x86)\Java 2013-05-03 15:40 - 2013-01-26 13:19 - 00000000 ____D C:\Users\Neunzerling\AppData\Local\Windows Live 2013-05-03 15:27 - 2013-05-03 15:10 - 231404576 ____A (Ubisoft) C:\Users\Neunzerling\Downloads\FarCry3_mp_dlc.exe ZeroAccess: C:\Windows\Installer\{ac1db9bb-b2dc-73c1-293b-096c6512083d} C:\Windows\Installer\{ac1db9bb-b2dc-73c1-293b-096c6512083d}\@ C:\Windows\Installer\{ac1db9bb-b2dc-73c1-293b-096c6512083d}\L C:\Windows\Installer\{ac1db9bb-b2dc-73c1-293b-096c6512083d}\U C:\Windows\Installer\{ac1db9bb-b2dc-73c1-293b-096c6512083d}\L\00000004.@ C:\Windows\Installer\{ac1db9bb-b2dc-73c1-293b-096c6512083d}\L\76603ac3 C:\Windows\Installer\{ac1db9bb-b2dc-73c1-293b-096c6512083d}\U\00000004.@ C:\Windows\Installer\{ac1db9bb-b2dc-73c1-293b-096c6512083d}\U\00000008.@ C:\Windows\Installer\{ac1db9bb-b2dc-73c1-293b-096c6512083d}\U\000000cb.@ C:\Windows\Installer\{ac1db9bb-b2dc-73c1-293b-096c6512083d}\U\80000000.@ C:\Windows\Installer\{ac1db9bb-b2dc-73c1-293b-096c6512083d}\U\80000032.@ C:\Windows\Installer\{ac1db9bb-b2dc-73c1-293b-096c6512083d}\U\80000064.@ ZeroAccess: C:\Windows\assembly\GAC_32\Desktop.ini ZeroAccess: C:\Windows\assembly\GAC_64\Desktop.ini ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe [2009-07-14 01:19] - [2009-07-14 03:39] - 0329216 ____A () D41D8CD98F00B204E9800998ECF8427E C:\Windows\System32\services.exe IS INFECTED. <===== ATTENTION! C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender Last Boot: 2013-05-24 19:42 ==================== End Of Log ============================ Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-06-2013 02 Ran by Neunzerling (administrator) on 02-06-2013 19:18:22 Running from C:\Users\Neunzerling\Downloads Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) ================= () C:\Windows\system32\services.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (WebCake LLC) C:\Program Files (x86)\WebCake\WebCakeDesktop.Updater.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Valve Corporation) D:\Steam\Steam.exe (Skype Technologies S.A.) D:\Phone\Skype.exe () C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe (Electronic Arts) D:\Origin\Origin.exe (Spotify Ltd) C:\Users\Neunzerling\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe () C:\Windows\system\Cm106eye.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Google Inc.) C:\Users\Neunzerling\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Neunzerling\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Neunzerling\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Neunzerling\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Neunzerling\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Neunzerling\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Neunzerling\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Neunzerling\AppData\Local\Google\Chrome\Application\chrome.exe () C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe () C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe (Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe (Google Inc.) C:\Users\Neunzerling\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Neunzerling\AppData\Local\Google\Chrome\Application\chrome.exe (Farbar) C:\Users\Neunzerling\Downloads\FRST64 (1).exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s [6470760 2012-05-08] (Realtek Semiconductor) HKLM\...\Run: [Cm106Sound] C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cm106.dll,CMICtrlWnd [8151040 2010-07-01] (C-Media Corporation) HKCU\...\Run: [Google Update] "C:\Users\Neunzerling\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2013-01-28] (Google Inc.) HKCU\...\Run: [Steam] "D:\Steam\steam.exe" -silent [x] HKCU\...\Run: [Skype] "D:\Phone\Skype.exe" /minimized /regrun [x] HKCU\...\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2013-01-28] () HKCU\...\Run: [EADM] "D:\Origin\Origin.exe" -AutoStart [x] HKCU\...\Run: [Spotify Web Helper] "C:\Users\Neunzerling\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1104384 2013-05-25] (Spotify Ltd) HKCU\...\Run: [WebCake Desktop] "C:\Users\Neunzerling\AppData\Roaming\WebCake\WebCakeDesktop.exe" [47896 2013-05-31] (WebCake LLC) MountPoints2: {ad0d77d3-6974-11e2-a732-806e6f6e6963} - F:\KMDS.exe MountPoints2: {ad0d7819-6974-11e2-a732-d43d7e051931} - F:\KMDS.exe MountPoints2: {e5098649-66fa-11e2-bd20-806e6f6e6963} - E:\Autorun.exe HKLM-x32\...\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [291608 2012-03-26] (Intel Corporation) HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [356376 2013-01-25] (Kaspersky Lab ZAO) HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [345312 2013-05-02] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation) HKLM-x32\...\Run: [RaidCall] C:\Program Files (x86)\RaidCall\raidcall.exe [3423928 2013-05-06] (RAIDCALL.COM) Startup: C:\Users\Neunzerling\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?affID=119357&tt=300513_new&babsrc=HP_ss_din2g&mntrId=60DED43D7E051931 HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.pcspezialist.de/berlin-spandau/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.delta-search.com/?q={searchTerms}&affID=119357&tt=300513_new&babsrc=SP_ss&mntrId=60DED43D7E051931 SearchScopes: HKCU - {B04094C1-09BB-4FBE-AA8F-E477D26E5B68} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=3CB95953-C0F2-4BB1-8690-52F0A3780A9D&apn_sauid=7337EF3B-8270-4E9A-83FD-BCA02BE8054A BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) BHO-x32: WebCake - {2A5A2A90-3B30-4E6E-A955-2F232C6EF517} - C:\Program Files (x86)\WebCake\WebCakeIEClient.dll (WebCake LLC) BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO-x32: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.21.5\bh\delta.dll (Delta-search.com) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) BHO-x32: DealPly - {EF7BD87A-8024-11E2-F316-F3E56188709B} - C:\Program Files (x86)\DealPly\DealPlyIE.dll (DealPly) Toolbar: HKLM-x32 - Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.21.5\deltaTlbr.dll (Delta-search.com) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll" Winsock: Catalog9 01 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [260832] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 02 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [260832] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 03 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [260832] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 04 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [260832] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 05 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [260832] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 06 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [260832] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 07 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [260832] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 08 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [260832] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 09 mswsock.dll File Not found () Winsock: Catalog9 10 mswsock.dll File Not found () Winsock: Catalog9 11 mswsock.dll File Not found () Winsock: Catalog9 12 mswsock.dll File Not found () Winsock: Catalog9 13 mswsock.dll File Not found () Winsock: Catalog9 14 mswsock.dll File Not found () Winsock: Catalog9 15 mswsock.dll File Not found () Winsock: Catalog9 16 mswsock.dll File Not found () Winsock: Catalog9 17 mswsock.dll File Not found () Winsock: Catalog9 18 mswsock.dll File Not found () Winsock: Catalog9 19 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [260832] (Avira Operations GmbH & Co. KG) Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" Winsock: Catalog5-x64 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll" Winsock: Catalog9-x64 01 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [234208] (Avira Operations GmbH & Co. KG) Winsock: Catalog9-x64 02 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [234208] (Avira Operations GmbH & Co. KG) Winsock: Catalog9-x64 03 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [234208] (Avira Operations GmbH & Co. KG) Winsock: Catalog9-x64 04 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [234208] (Avira Operations GmbH & Co. KG) Winsock: Catalog9-x64 05 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [234208] (Avira Operations GmbH & Co. KG) Winsock: Catalog9-x64 06 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [234208] (Avira Operations GmbH & Co. KG) Winsock: Catalog9-x64 07 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [234208] (Avira Operations GmbH & Co. KG) Winsock: Catalog9-x64 08 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [234208] (Avira Operations GmbH & Co. KG) Winsock: Catalog9-x64 09 mswsock.dll File Not found () Winsock: Catalog9-x64 10 mswsock.dll File Not found () Winsock: Catalog9-x64 11 mswsock.dll File Not found () Winsock: Catalog9-x64 12 mswsock.dll File Not found () Winsock: Catalog9-x64 13 mswsock.dll File Not found () Winsock: Catalog9-x64 14 mswsock.dll File Not found () Winsock: Catalog9-x64 15 mswsock.dll File Not found () Winsock: Catalog9-x64 16 mswsock.dll File Not found () Winsock: Catalog9-x64 17 mswsock.dll File Not found () Winsock: Catalog9-x64 18 mswsock.dll File Not found () Winsock: Catalog9-x64 19 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [234208] (Avira Operations GmbH & Co. KG) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Chrome: ======= CHR Extension: (Kaspersky URL Advisor) - C:\Users\Neunzerling\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0 CHR Extension: (WebCake) - C:\Users\Neunzerling\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh\1.0.3_0 CHR Extension: (DealPly Shopping) - C:\Users\Neunzerling\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmfnfnpmhcllokmkepffndflpnadjmma\3.5.3.0_0 ==================== Services (Whitelisted) ================= R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86752 2013-03-27] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110816 2013-03-27] (Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [562744 2013-05-02] (Avira Operations GmbH & Co. KG) R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356376 2013-01-25] (Kaspersky Lab ZAO) R2 BrowserDefendert; C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe [2827728 2013-05-23] () R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-05-17] () R2 WebCake Desktop Updater; C:\Users\Neunzerling\AppData\Roaming\WebCake\WebCakeDesktop.exe [47896 2013-05-31] (WebCake LLC) ==================== Drivers (Whitelisted) ==================== R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458584 2012-06-19] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [613720 2013-01-25] (Kaspersky Lab) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [28504 2012-08-02] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29016 2012-10-25] (Kaspersky Lab) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29528 2012-10-25] (Kaspersky Lab) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54104 2013-01-25] (Kaspersky Lab) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178008 2012-08-13] (Kaspersky Lab) S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.) R3 USBMULCD; C:\Windows\System32\drivers\CM10664.sys [1307648 2009-10-01] (C-Media Electronics Inc) R2 avgntflt; system32\DRIVERS\avgntflt.sys [x] R1 avipbb; system32\DRIVERS\avipbb.sys [x] R1 avkmgr; system32\DRIVERS\avkmgr.sys [x] S3 MSICDSetup; \??\E:\CDriver64.sys [x] S3 NTIOLib_1_0_C; \??\E:\NTIOLib_X64.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-06-02 19:14 - 2013-06-02 19:14 - 00004032 ____A C:\Users\Neunzerling\Desktop\RKreport[1]_S_06022013_02d1914.txt 2013-06-02 19:13 - 2013-06-02 19:14 - 00000000 ____D C:\Users\Neunzerling\Desktop\RK_Quarantine 2013-06-02 19:13 - 2013-06-02 19:13 - 00816128 ____A C:\Users\Neunzerling\Downloads\RogueKiller.exe 2013-06-02 18:53 - 2013-06-02 18:53 - 01916600 ____A (Farbar) C:\Users\Neunzerling\Downloads\FRST64 (1).exe 2013-06-01 19:53 - 2013-06-01 19:53 - 00000000 ____A C:\Users\Neunzerling\defogger_reenable 2013-06-01 19:51 - 2013-06-01 19:51 - 00019043 ____A C:\Users\Neunzerling\Downloads\Addition.txt 2013-06-01 19:50 - 2013-06-01 19:50 - 00000000 ____D C:\Users\Neunzerling\AppData\Local\Downloaded Installations 2013-06-01 19:50 - 2013-06-01 19:50 - 00000000 ____D C:\FRST 2013-06-01 19:49 - 2013-06-01 19:50 - 01916164 ____A (Farbar) C:\Users\Neunzerling\Downloads\FRST64.exe 2013-06-01 19:49 - 2013-06-01 19:49 - 00000000 ____D C:\Windows\SysWOW64\searchplugins 2013-06-01 19:49 - 2013-06-01 19:49 - 00000000 ____D C:\Windows\SysWOW64\Extensions 2013-06-01 19:49 - 2013-06-01 19:49 - 00000000 ____D C:\Users\Neunzerling\AppData\Roaming\BabSolution 2013-06-01 19:49 - 2013-06-01 19:49 - 00000000 ____D C:\ProgramData\BrowserDefender 2013-06-01 19:48 - 2013-06-01 19:48 - 00000000 ____D C:\Users\Neunzerling\AppData\Roaming\Delta 2013-06-01 19:48 - 2013-06-01 19:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-06-01 19:48 - 2013-06-01 19:48 - 00000000 ____D C:\Program Files (x86)\Delta 2013-06-01 19:47 - 2013-06-02 18:47 - 00000304 ____A C:\Windows\Tasks\DSite.job 2013-06-01 19:47 - 2013-06-02 18:33 - 00000000 ____D C:\Users\Neunzerling\AppData\Roaming\WebCake 2013-06-01 19:47 - 2013-06-01 19:47 - 00000000 ____D C:\Users\Neunzerling\AppData\Roaming\DSite 2013-06-01 19:47 - 2013-06-01 19:47 - 00000000 ____D C:\Users\Neunzerling\AppData\Roaming\DealPly 2013-06-01 19:47 - 2013-06-01 19:47 - 00000000 ____D C:\Users\Neunzerling\AppData\Roaming\Babylon 2013-06-01 19:47 - 2013-06-01 19:47 - 00000000 ____D C:\ProgramData\Babylon 2013-06-01 19:47 - 2013-06-01 19:47 - 00000000 ____D C:\Program Files (x86)\WebCake 2013-06-01 19:47 - 2013-06-01 19:47 - 00000000 ____D C:\Program Files (x86)\DealPly 2013-06-01 19:46 - 2013-06-01 19:46 - 00791488 ____A C:\Users\Neunzerling\Downloads\CodecPack.exe 2013-06-01 19:34 - 2013-06-02 19:11 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-06-01 19:26 - 2013-06-01 19:26 - 00632031 ____A C:\Users\Neunzerling\Downloads\adwcleaner.exe 2013-06-01 19:26 - 2013-06-01 19:26 - 00001424 ____A C:\AdwCleaner[S1].txt 2013-06-01 19:21 - 2013-06-01 19:21 - 640065676 ____A C:\Windows\MEMORY.DMP 2013-06-01 19:21 - 2013-06-01 19:21 - 00305152 ____A C:\Windows\Minidump\060113-17253-01.dmp 2013-06-01 19:21 - 2013-06-01 19:21 - 00000000 ____D C:\Windows\Minidump 2013-06-01 19:11 - 2013-06-01 19:11 - 00377856 ____A C:\Users\Neunzerling\Downloads\gmer_2.1.19163.exe 2013-06-01 19:11 - 2013-06-01 19:11 - 00050477 ____A C:\Users\Neunzerling\Downloads\Defogger.exe 2013-06-01 19:11 - 2013-06-01 19:11 - 00000484 ____A C:\Users\Neunzerling\Downloads\defogger_disable.log 2013-06-01 19:11 - 2013-06-01 19:11 - 00000256 ____A C:\Users\Neunzerling\Downloads\defogger_enable.log 2013-06-01 15:34 - 2013-06-01 15:39 - 00036892 ____A C:\Windows\SysWOW64\bassmod.dll 2013-06-01 15:33 - 2013-06-01 15:33 - 02340966 ____A C:\Users\Neunzerling\Downloads\Anno2070_DO_+15Trn+SE_2.00.7780.rar 2013-06-01 15:33 - 2013-01-12 16:07 - 00000000 ____D C:\Users\Neunzerling\Desktop\Anno2070_DO_+15Trn+SE_2.00.7780 2013-06-01 15:06 - 2013-06-01 15:06 - 00000047 ____A C:\Users\Neunzerling\Documents\mt-x_hook.txt 2013-06-01 15:06 - 2013-06-01 15:06 - 00000007 ____A C:\Users\Neunzerling\Documents\mt-e_hook.txt 2013-05-30 21:24 - 2013-05-30 21:24 - 00049323 ____A C:\Users\Neunzerling\Downloads\just_cause_2-demo_v1.0.0.2-trainer_v2010.03.21-dc.zip 2013-05-30 21:24 - 2010-03-21 00:34 - 00050176 ____A C:\Users\Neunzerling\Desktop\Just_Cause_2-Demo_v1.0.0.2-Trainer.exe 2013-05-27 19:47 - 2013-05-27 19:47 - 00000000 ____D C:\Users\Neunzerling\Documents\Square Enix 2013-05-25 18:08 - 2013-05-25 18:09 - 03819928 ____A C:\Users\Neunzerling\Downloads\battlelog-web-plugins_2.1.4_112.exe 2013-05-25 17:59 - 2013-05-25 18:01 - 18848284 ____A C:\Users\Neunzerling\Downloads\QueenstownNZIanRushton.themepack 2013-05-25 13:12 - 2013-05-25 13:13 - 00000000 ____D C:\Users\Neunzerling\Desktop\Anno 2070 Produktionsketten 2013-05-23 20:41 - 2013-05-23 20:41 - 00002146 ____A C:\Users\Public\Desktop\Eu3 - DEMO.lnk 2013-05-23 20:41 - 2013-05-23 20:41 - 00000000 ____D C:\Program Files (x86)\Paradox Interactive 2013-05-23 20:23 - 2013-05-23 20:38 - 132963467 ____A (Paradox Interactive ) C:\Users\Neunzerling\Downloads\eu3_demo.exe 2013-05-23 19:19 - 2013-05-23 20:00 - 00474925 ____A C:\Users\Neunzerling\Downloads\FliegenunterWasser.odp 2013-05-21 12:28 - 2013-05-21 12:28 - 00000000 ____D C:\Users\Neunzerling\Documents\Empire Earth II SP Demo 2013-05-21 12:28 - 2013-05-21 12:28 - 00000000 ____D C:\Users\Neunzerling\AppData\Roaming\Sierra 2013-05-21 12:26 - 2013-05-21 12:26 - 00001010 ____A C:\Users\Public\Desktop\Launch EEII SP Demo.lnk 2013-05-21 12:26 - 2013-05-21 12:26 - 00000000 ____D C:\Program Files (x86)\Sierra 2013-05-21 10:39 - 2013-05-21 10:39 - 00614816 ____A (www.download-sponsor.de) C:\Users\Neunzerling\Downloads\empireearth2_spdemo_en (1).exe 2013-05-20 22:11 - 2013-05-20 22:11 - 00614816 ____A (www.download-sponsor.de) C:\Users\Neunzerling\Downloads\empireearth2_spdemo_en.exe 2013-05-20 20:45 - 2013-05-20 20:45 - 00673992 ____A C:\Users\Neunzerling\Downloads\Brothersoft_downloader_For_Empire_Earth_1.exe 2013-05-18 22:13 - 2013-05-27 15:07 - 00000000 ____D C:\Users\Neunzerling\Desktop\Ruse 2013-05-18 21:22 - 2013-05-18 21:26 - 43144421 ____A C:\Users\Neunzerling\Downloads\RUSE_THEME.zip 2013-05-18 20:22 - 2013-05-18 20:22 - 00000000 ____D C:\Users\Neunzerling\Documents\ANNO 2070 2013-05-18 20:15 - 2013-05-18 20:15 - 00000000 ____D C:\Users\Neunzerling\Documents\Electronic Arts 2013-05-18 20:02 - 2013-05-18 20:02 - 00000000 ____D C:\ProgramData\Solidshield 2013-05-18 16:42 - 2013-05-18 16:42 - 00002250 ____A C:\Users\Public\Desktop\Die Sims™ 3 Traumkarrieren.lnk 2013-05-18 16:40 - 2013-05-18 16:41 - 08950523 ____A C:\Users\Neunzerling\Downloads\awesome.zip 2013-05-18 16:39 - 2013-05-18 16:39 - 00887896 ____A (Microsoft Corporation) C:\Users\Neunzerling\Downloads\dotNetFx40_Client_setup.exe 2013-05-18 16:38 - 2013-05-18 16:39 - 02869264 ____A (Microsoft Corporation) C:\Users\Neunzerling\Downloads\dotNetFx35setup.exe 2013-05-18 16:15 - 2013-05-18 16:15 - 00002090 ____A C:\Users\Public\Desktop\Die*Sims™*3.lnk 2013-05-18 16:15 - 2013-05-18 16:15 - 00000000 ____D C:\Program Files (x86)\Microsoft WSE 2013-05-18 16:01 - 2013-05-18 16:36 - 00000000 ____D C:\Program Files (x86)\Electronic Arts 2013-05-18 12:32 - 2013-05-18 12:32 - 00000658 ____A C:\Users\Neunzerling\Desktop\Anno 2070.lnk 2013-05-18 12:32 - 2013-05-18 12:32 - 00000000 ____D C:\Users\Neunzerling\AppData\Roaming\Ubisoft 2013-05-17 19:29 - 2013-05-30 17:05 - 00291088 ____A C:\Windows\SysWOW64\PnkBstrB.exe 2013-05-17 19:29 - 2013-05-17 19:34 - 00076888 ____A C:\Windows\SysWOW64\PnkBstrA.exe 2013-05-17 19:20 - 2013-05-17 19:20 - 00886409 ____A C:\Users\Neunzerling\Downloads\pbsetup.zip 2013-05-17 19:19 - 2012-07-06 16:13 - 02580552 ____A C:\Windows\SysWOW64\pbsvc.exe 2013-05-16 21:37 - 2013-05-16 21:37 - 03820336 ____A C:\Users\Neunzerling\Downloads\battlelog-web-plugins_2.1.3_109.exe 2013-05-16 16:35 - 2013-05-16 16:35 - 00000000 ____D C:\Users\Neunzerling\AppData\Local\Adobe 2013-05-16 15:45 - 2013-04-05 08:52 - 02242048 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-05-16 15:45 - 2013-04-05 08:52 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-05-16 15:45 - 2013-04-05 08:52 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2013-05-16 15:45 - 2013-04-05 08:50 - 19231232 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-05-16 15:45 - 2013-04-05 08:50 - 15404032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-05-16 15:45 - 2013-04-05 08:50 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-05-16 15:45 - 2013-04-05 08:50 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-05-16 15:45 - 2013-04-05 08:50 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-05-16 15:45 - 2013-04-05 08:50 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-05-16 15:45 - 2013-04-05 08:50 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-05-16 15:45 - 2013-04-05 08:50 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll 2013-05-16 15:45 - 2013-04-05 08:50 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2013-05-16 15:45 - 2013-04-05 08:50 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-05-16 15:45 - 2013-04-05 08:50 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2013-05-16 15:45 - 2013-04-05 07:28 - 01767424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-05-16 15:45 - 2013-04-05 07:28 - 01130496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-05-16 15:45 - 2013-04-05 07:26 - 14323712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-05-16 15:45 - 2013-04-05 07:26 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-05-16 15:45 - 2013-04-05 07:26 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-05-16 15:45 - 2013-04-05 07:26 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-05-16 15:45 - 2013-04-05 07:26 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-05-16 15:45 - 2013-04-05 07:26 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-05-16 15:45 - 2013-04-05 07:26 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-05-16 15:45 - 2013-04-05 07:26 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-05-16 15:45 - 2013-04-05 07:26 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-05-16 15:45 - 2013-04-05 07:26 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-05-16 15:45 - 2013-04-05 07:26 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-05-16 15:45 - 2013-04-05 06:43 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-05-16 15:45 - 2013-04-05 06:29 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-05-16 15:45 - 2013-04-05 05:51 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe 2013-05-16 15:45 - 2013-04-05 05:38 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-05-16 15:44 - 2013-04-10 08:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys 2013-05-16 15:44 - 2013-04-10 08:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys 2013-05-16 15:44 - 2013-04-10 05:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2013-05-16 15:44 - 2013-03-19 07:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll 2013-05-16 15:44 - 2013-03-19 07:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll 2013-05-16 15:44 - 2013-02-27 08:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe 2013-05-16 15:44 - 2013-02-27 07:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll 2013-05-16 15:44 - 2013-02-27 07:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll 2013-05-16 15:44 - 2013-02-27 07:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll 2013-05-16 15:44 - 2013-02-27 07:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll 2013-05-16 15:44 - 2013-02-27 06:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2013-05-16 15:44 - 2013-02-27 06:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll 2013-05-16 15:44 - 2013-02-27 06:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2013-05-16 15:44 - 2011-02-03 13:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll 2013-05-13 15:13 - 2013-05-13 15:13 - 00092776 ____A (Spotify Ltd) C:\Users\Neunzerling\Downloads\SpotifySetup.exe 2013-05-13 15:11 - 2013-06-01 15:13 - 00000000 ____D C:\Users\Neunzerling\AppData\Local\Spotify 2013-05-13 15:11 - 2013-05-13 15:11 - 00001797 ____A C:\Users\Neunzerling\Desktop\Spotify.lnk 2013-05-13 15:10 - 2013-06-01 16:11 - 00000000 ____D C:\Users\Neunzerling\AppData\Roaming\Spotify 2013-05-13 15:09 - 2013-05-13 15:09 - 00092776 ____A (Spotify Ltd) C:\Users\Neunzerling\Downloads\SpotifySetup33.exe 2013-05-13 15:09 - 2013-05-13 15:09 - 00092776 ____A (Spotify Ltd) C:\Users\Neunzerling\Downloads\SpotifySetup33 (1).exe 2013-05-12 16:04 - 2013-05-12 16:07 - 23647099 ____A C:\Users\Neunzerling\Downloads\WestCoastNZIanRushton.themepack 2013-05-12 16:04 - 2013-05-12 16:06 - 15384369 ____A C:\Users\Neunzerling\Downloads\PanoramicDeserts.deskthemepack 2013-05-08 14:18 - 2013-05-08 14:18 - 00000202 ____A C:\Users\Neunzerling\Desktop\Teraria.url 2013-05-07 20:49 - 2013-05-07 20:49 - 00321645 ____A C:\Users\Neunzerling\Downloads\Flaggenmod.zip 2013-05-07 20:36 - 2013-05-07 20:38 - 09928241 ____A C:\Users\Neunzerling\Downloads\AustralianLandscapes IanJohnson.themepack 2013-05-07 20:36 - 2013-05-07 20:37 - 08337971 ____A C:\Users\Neunzerling\Downloads\AustralianShoresAntonGorlin.themepack 2013-05-07 16:46 - 2013-05-07 16:47 - 12378733 ____A C:\Users\Neunzerling\Downloads\PCSX2 BIOS CJG.rar 2013-05-07 16:43 - 2013-05-07 19:30 - 00000000 ____D C:\Users\Neunzerling\Documents\PCSX2 2013-05-07 16:40 - 2013-05-07 16:40 - 08945660 ____A C:\Users\Neunzerling\Downloads\pcsx2-1.0.0-r5350-setup.exe 2013-05-07 16:38 - 2013-05-07 16:40 - 11403721 ____A C:\Users\Neunzerling\Downloads\san_francisco_rush_2049.zip 2013-05-07 10:00 - 2013-05-07 10:02 - 10122352 ____A C:\Users\Neunzerling\Downloads\mariokart64.zip 2013-05-07 09:59 - 2013-05-07 19:31 - 00000000 ____D C:\Program Files (x86)\Project64 1.6 2013-05-07 09:57 - 2013-05-07 09:57 - 00613216 ____A (www.download-sponsor.de) C:\Users\Neunzerling\Downloads\setup_Project64_1.6en.exe 2013-05-06 15:11 - 2013-05-23 14:35 - 00000000 ____A C:\Windows\SysWOW64\filetrace.log 2013-05-05 13:52 - 2013-05-23 14:43 - 00000000 ____D C:\Program Files (x86)\RaidCall 2013-05-05 13:52 - 2013-05-05 13:52 - 05515624 ____A C:\Users\Neunzerling\Downloads\raidcall_v7.2.0.exe 2013-05-05 13:52 - 2013-05-05 13:52 - 00001011 ____A C:\Users\UpdatusUser\Desktop\RaidCall.lnk 2013-05-05 13:52 - 2013-05-05 13:52 - 00001011 ____A C:\Users\Neunzerling\Desktop\Raidcall.lnk 2013-05-05 13:52 - 2013-05-05 13:52 - 00000000 ____D C:\Users\Neunzerling\AppData\Roaming\raidcall 2013-05-05 12:27 - 2013-05-06 17:56 - 00000000 ____D C:\Users\Neunzerling\AppData\Roaming\TS3Client 2013-05-05 12:26 - 2013-05-05 12:26 - 00000967 ____A C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk 2013-05-05 12:26 - 2013-05-05 12:26 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client 2013-05-05 12:23 - 2013-05-05 12:26 - 34954912 ____A (TeamSpeak Systems GmbH) C:\Users\Neunzerling\Downloads\TeamSpeak3-Client-win64-3.0.10.1.exe 2013-05-04 17:03 - 2013-05-04 17:03 - 00097946 ____A C:\Users\Neunzerling\Downloads\TooManyItems2013_04_25_1.5.2.zip 2013-05-04 16:46 - 2013-06-01 13:09 - 00000000 ____D C:\Users\Neunzerling\AppData\Roaming\.minecraft 2013-05-04 16:45 - 2013-05-04 16:46 - 11584038 ____A C:\Users\Neunzerling\Downloads\Sphax PureBDcraft 64x MC15.zip 2013-05-04 16:43 - 2013-05-04 16:44 - 00376304 ____A C:\Users\Neunzerling\Downloads\OptiFine_1.5.2_HD_U_D2.zip 2013-05-03 20:20 - 2013-05-03 20:20 - 00004107 ____A C:\Windows\SysWOW64\jupdate-1.7.0_21-b11.log 2013-05-03 20:20 - 2013-04-04 05:35 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-05-03 20:20 - 2013-04-04 05:30 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-05-03 20:20 - 2013-04-04 05:29 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-05-03 15:10 - 2013-05-03 15:27 - 231404576 ____A (Ubisoft) C:\Users\Neunzerling\Downloads\FarCry3_mp_dlc.exe ==================== One Month Modified Files and Folders ======= 2013-06-02 19:18 - 2013-01-28 20:57 - 00000000 ____D C:\Users\Neunzerling\AppData\Local\PMB Files 2013-06-02 19:17 - 2013-01-28 20:19 - 00000000 ____D C:\Users\Neunzerling\AppData\Roaming\Skype 2013-06-02 19:14 - 2013-06-02 19:14 - 00004032 ____A C:\Users\Neunzerling\Desktop\RKreport[1]_S_06022013_02d1914.txt 2013-06-02 19:14 - 2013-06-02 19:13 - 00000000 ____D C:\Users\Neunzerling\Desktop\RK_Quarantine 2013-06-02 19:13 - 2013-06-02 19:13 - 00816128 ____A C:\Users\Neunzerling\Downloads\RogueKiller.exe 2013-06-02 19:11 - 2013-06-01 19:34 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-06-02 18:53 - 2013-06-02 18:53 - 01916600 ____A (Farbar) C:\Users\Neunzerling\Downloads\FRST64 (1).exe 2013-06-02 18:47 - 2013-06-01 19:47 - 00000304 ____A C:\Windows\Tasks\DSite.job 2013-06-02 18:39 - 2009-07-14 06:45 - 00021840 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-06-02 18:39 - 2009-07-14 06:45 - 00021840 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-06-02 18:38 - 2011-04-12 09:43 - 00654372 ____A C:\Windows\System32\perfh007.dat 2013-06-02 18:38 - 2011-04-12 09:43 - 00129986 ____A C:\Windows\System32\perfc007.dat 2013-06-02 18:38 - 2009-07-14 07:13 - 01499844 ____A C:\Windows\System32\PerfStringBackup.INI 2013-06-02 18:34 - 2013-01-25 20:12 - 00000000 ____D C:\ProgramData\Kaspersky Lab 2013-06-02 18:33 - 2013-06-01 19:47 - 00000000 ____D C:\Users\Neunzerling\AppData\Roaming\WebCake 2013-06-02 18:32 - 2013-01-25 19:57 - 00000000 ____D C:\ProgramData\NVIDIA 2013-06-02 18:32 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-06-02 18:32 - 2009-07-14 06:51 - 00043300 ____A C:\Windows\setupact.log 2013-06-01 20:27 - 2013-01-28 20:04 - 00001144 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1396853779-1898471116-1014588444-1000UA.job 2013-06-01 20:04 - 2013-01-25 20:08 - 00000000 ____D C:\Users\Neunzerling\AppData\Roaming\SoftGrid Client 2013-06-01 19:53 - 2013-06-01 19:53 - 00000000 ____A C:\Users\Neunzerling\defogger_reenable 2013-06-01 19:53 - 2013-01-25 16:30 - 00000000 ____D C:\users\Neunzerling 2013-06-01 19:51 - 2013-06-01 19:51 - 00019043 ____A C:\Users\Neunzerling\Downloads\Addition.txt 2013-06-01 19:50 - 2013-06-01 19:50 - 00000000 ____D C:\Users\Neunzerling\AppData\Local\Downloaded Installations 2013-06-01 19:50 - 2013-06-01 19:50 - 00000000 ____D C:\FRST 2013-06-01 19:50 - 2013-06-01 19:49 - 01916164 ____A (Farbar) C:\Users\Neunzerling\Downloads\FRST64.exe 2013-06-01 19:49 - 2013-06-01 19:49 - 00000000 ____D C:\Windows\SysWOW64\searchplugins 2013-06-01 19:49 - 2013-06-01 19:49 - 00000000 ____D C:\Windows\SysWOW64\Extensions 2013-06-01 19:49 - 2013-06-01 19:49 - 00000000 ____D C:\Users\Neunzerling\AppData\Roaming\BabSolution 2013-06-01 19:49 - 2013-06-01 19:49 - 00000000 ____D C:\ProgramData\BrowserDefender 2013-06-01 19:48 - 2013-06-01 19:48 - 00000000 ____D C:\Users\Neunzerling\AppData\Roaming\Delta 2013-06-01 19:48 - 2013-06-01 19:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-06-01 19:48 - 2013-06-01 19:48 - 00000000 ____D C:\Program Files (x86)\Delta 2013-06-01 19:47 - 2013-06-01 19:47 - 00000000 ____D C:\Users\Neunzerling\AppData\Roaming\DSite 2013-06-01 19:47 - 2013-06-01 19:47 - 00000000 ____D C:\Users\Neunzerling\AppData\Roaming\DealPly 2013-06-01 19:47 - 2013-06-01 19:47 - 00000000 ____D C:\Users\Neunzerling\AppData\Roaming\Babylon 2013-06-01 19:47 - 2013-06-01 19:47 - 00000000 ____D C:\ProgramData\Babylon 2013-06-01 19:47 - 2013-06-01 19:47 - 00000000 ____D C:\Program Files (x86)\WebCake 2013-06-01 19:47 - 2013-06-01 19:47 - 00000000 ____D C:\Program Files (x86)\DealPly 2013-06-01 19:46 - 2013-06-01 19:46 - 00791488 ____A C:\Users\Neunzerling\Downloads\CodecPack.exe 2013-06-01 19:34 - 2013-04-03 11:41 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-06-01 19:34 - 2013-03-24 00:10 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-06-01 19:26 - 2013-06-01 19:26 - 00632031 ____A C:\Users\Neunzerling\Downloads\adwcleaner.exe 2013-06-01 19:26 - 2013-06-01 19:26 - 00001424 ____A C:\AdwCleaner[S1].txt 2013-06-01 19:21 - 2013-06-01 19:21 - 640065676 ____A C:\Windows\MEMORY.DMP 2013-06-01 19:21 - 2013-06-01 19:21 - 00305152 ____A C:\Windows\Minidump\060113-17253-01.dmp 2013-06-01 19:21 - 2013-06-01 19:21 - 00000000 ____D C:\Windows\Minidump 2013-06-01 19:19 - 2013-01-25 16:30 - 01651897 ____A C:\Windows\WindowsUpdate.log 2013-06-01 19:11 - 2013-06-01 19:11 - 00377856 ____A C:\Users\Neunzerling\Downloads\gmer_2.1.19163.exe 2013-06-01 19:11 - 2013-06-01 19:11 - 00050477 ____A C:\Users\Neunzerling\Downloads\Defogger.exe 2013-06-01 19:11 - 2013-06-01 19:11 - 00000484 ____A C:\Users\Neunzerling\Downloads\defogger_disable.log 2013-06-01 19:11 - 2013-06-01 19:11 - 00000256 ____A C:\Users\Neunzerling\Downloads\defogger_enable.log 2013-06-01 16:36 - 2013-02-01 21:12 - 00000000 ____D C:\Program Files (x86)\Origin Games 2013-06-01 16:11 - 2013-05-13 15:10 - 00000000 ____D C:\Users\Neunzerling\AppData\Roaming\Spotify 2013-06-01 15:39 - 2013-06-01 15:34 - 00036892 ____A C:\Windows\SysWOW64\bassmod.dll 2013-06-01 15:33 - 2013-06-01 15:33 - 02340966 ____A C:\Users\Neunzerling\Downloads\Anno2070_DO_+15Trn+SE_2.00.7780.rar 2013-06-01 15:13 - 2013-05-13 15:11 - 00000000 ____D C:\Users\Neunzerling\AppData\Local\Spotify 2013-06-01 15:06 - 2013-06-01 15:06 - 00000047 ____A C:\Users\Neunzerling\Documents\mt-x_hook.txt 2013-06-01 15:06 - 2013-06-01 15:06 - 00000007 ____A C:\Users\Neunzerling\Documents\mt-e_hook.txt 2013-06-01 13:23 - 2013-01-28 20:57 - 00000000 ____D C:\ProgramData\PMB Files 2013-06-01 13:09 - 2013-05-04 16:46 - 00000000 ____D C:\Users\Neunzerling\AppData\Roaming\.minecraft 2013-05-31 21:27 - 2013-01-28 20:04 - 00001092 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1396853779-1898471116-1014588444-1000Core.job 2013-05-31 19:25 - 2009-07-14 07:08 - 00032640 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2013-05-30 21:24 - 2013-05-30 21:24 - 00049323 ____A C:\Users\Neunzerling\Downloads\just_cause_2-demo_v1.0.0.2-trainer_v2010.03.21-dc.zip 2013-05-30 17:05 - 2013-05-17 19:29 - 00291088 ____A C:\Windows\SysWOW64\PnkBstrB.exe 2013-05-30 17:05 - 2013-01-29 20:36 - 00291088 ____A C:\Windows\SysWOW64\PnkBstrB.xtr 2013-05-28 19:21 - 2013-01-29 20:06 - 00291088 ____A C:\Windows\SysWOW64\PnkBstrB.ex0 2013-05-27 19:47 - 2013-05-27 19:47 - 00000000 ____D C:\Users\Neunzerling\Documents\Square Enix 2013-05-27 15:07 - 2013-05-18 22:13 - 00000000 ____D C:\Users\Neunzerling\Desktop\Ruse 2013-05-26 16:08 - 2013-02-04 13:31 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins 2013-05-26 16:08 - 2010-11-21 05:47 - 00273884 ____A C:\Windows\PFRO.log 2013-05-25 18:09 - 2013-05-25 18:08 - 03819928 ____A C:\Users\Neunzerling\Downloads\battlelog-web-plugins_2.1.4_112.exe 2013-05-25 18:01 - 2013-05-25 17:59 - 18848284 ____A C:\Users\Neunzerling\Downloads\QueenstownNZIanRushton.themepack 2013-05-25 13:13 - 2013-05-25 13:12 - 00000000 ____D C:\Users\Neunzerling\Desktop\Anno 2070 Produktionsketten 2013-05-23 20:41 - 2013-05-23 20:41 - 00002146 ____A C:\Users\Public\Desktop\Eu3 - DEMO.lnk 2013-05-23 20:41 - 2013-05-23 20:41 - 00000000 ____D C:\Program Files (x86)\Paradox Interactive 2013-05-23 20:41 - 2013-01-25 16:58 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2013-05-23 20:38 - 2013-05-23 20:23 - 132963467 ____A (Paradox Interactive ) C:\Users\Neunzerling\Downloads\eu3_demo.exe 2013-05-23 20:00 - 2013-05-23 19:19 - 00474925 ____A C:\Users\Neunzerling\Downloads\FliegenunterWasser.odp 2013-05-23 14:43 - 2013-05-05 13:52 - 00000000 ____D C:\Program Files (x86)\RaidCall 2013-05-23 14:35 - 2013-05-06 15:11 - 00000000 ____A C:\Windows\SysWOW64\filetrace.log 2013-05-21 12:28 - 2013-05-21 12:28 - 00000000 ____D C:\Users\Neunzerling\Documents\Empire Earth II SP Demo 2013-05-21 12:28 - 2013-05-21 12:28 - 00000000 ____D C:\Users\Neunzerling\AppData\Roaming\Sierra 2013-05-21 12:26 - 2013-05-21 12:26 - 00001010 ____A C:\Users\Public\Desktop\Launch EEII SP Demo.lnk 2013-05-21 12:26 - 2013-05-21 12:26 - 00000000 ____D C:\Program Files (x86)\Sierra 2013-05-21 10:39 - 2013-05-21 10:39 - 00614816 ____A (www.download-sponsor.de) C:\Users\Neunzerling\Downloads\empireearth2_spdemo_en (1).exe 2013-05-20 22:11 - 2013-05-20 22:11 - 00614816 ____A (www.download-sponsor.de) C:\Users\Neunzerling\Downloads\empireearth2_spdemo_en.exe 2013-05-20 20:45 - 2013-05-20 20:45 - 00673992 ____A C:\Users\Neunzerling\Downloads\Brothersoft_downloader_For_Empire_Earth_1.exe 2013-05-18 21:26 - 2013-05-18 21:22 - 43144421 ____A C:\Users\Neunzerling\Downloads\RUSE_THEME.zip 2013-05-18 20:22 - 2013-05-18 20:22 - 00000000 ____D C:\Users\Neunzerling\Documents\ANNO 2070 2013-05-18 20:15 - 2013-05-18 20:15 - 00000000 ____D C:\Users\Neunzerling\Documents\Electronic Arts 2013-05-18 20:02 - 2013-05-18 20:02 - 00000000 ____D C:\ProgramData\Solidshield 2013-05-18 17:21 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache 2013-05-18 16:42 - 2013-05-18 16:42 - 00002250 ____A C:\Users\Public\Desktop\Die Sims™ 3 Traumkarrieren.lnk 2013-05-18 16:41 - 2013-05-18 16:40 - 08950523 ____A C:\Users\Neunzerling\Downloads\awesome.zip 2013-05-18 16:39 - 2013-05-18 16:39 - 00887896 ____A (Microsoft Corporation) C:\Users\Neunzerling\Downloads\dotNetFx40_Client_setup.exe 2013-05-18 16:39 - 2013-05-18 16:38 - 02869264 ____A (Microsoft Corporation) C:\Users\Neunzerling\Downloads\dotNetFx35setup.exe 2013-05-18 16:36 - 2013-05-18 16:01 - 00000000 ____D C:\Program Files (x86)\Electronic Arts 2013-05-18 16:15 - 2013-05-18 16:15 - 00002090 ____A C:\Users\Public\Desktop\Die*Sims™*3.lnk 2013-05-18 16:15 - 2013-05-18 16:15 - 00000000 ____D C:\Program Files (x86)\Microsoft WSE 2013-05-18 12:32 - 2013-05-18 12:32 - 00000658 ____A C:\Users\Neunzerling\Desktop\Anno 2070.lnk 2013-05-18 12:32 - 2013-05-18 12:32 - 00000000 ____D C:\Users\Neunzerling\AppData\Roaming\Ubisoft 2013-05-18 12:17 - 2013-01-29 19:57 - 00000000 ____D C:\Program Files (x86)\Ubisoft 2013-05-17 19:34 - 2013-05-17 19:29 - 00076888 ____A C:\Windows\SysWOW64\PnkBstrA.exe 2013-05-17 19:20 - 2013-05-17 19:20 - 00886409 ____A C:\Users\Neunzerling\Downloads\pbsetup.zip 2013-05-16 21:37 - 2013-05-16 21:37 - 03820336 ____A C:\Users\Neunzerling\Downloads\battlelog-web-plugins_2.1.3_109.exe 2013-05-16 20:08 - 2013-01-25 20:05 - 00000000 ____D C:\ProgramData\Adobe 2013-05-16 20:06 - 2009-07-14 06:45 - 00294168 ____A C:\Windows\System32\FNTCACHE.DAT 2013-05-16 16:35 - 2013-05-16 16:35 - 00000000 ____D C:\Users\Neunzerling\AppData\Local\Adobe 2013-05-16 16:35 - 2013-01-30 16:58 - 00000000 ____D C:\Users\Neunzerling\AppData\Roaming\Adobe 2013-05-16 15:48 - 2013-01-25 20:48 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-05-13 15:13 - 2013-05-13 15:13 - 00092776 ____A (Spotify Ltd) C:\Users\Neunzerling\Downloads\SpotifySetup.exe 2013-05-13 15:11 - 2013-05-13 15:11 - 00001797 ____A C:\Users\Neunzerling\Desktop\Spotify.lnk 2013-05-13 15:09 - 2013-05-13 15:09 - 00092776 ____A (Spotify Ltd) C:\Users\Neunzerling\Downloads\SpotifySetup33.exe 2013-05-13 15:09 - 2013-05-13 15:09 - 00092776 ____A (Spotify Ltd) C:\Users\Neunzerling\Downloads\SpotifySetup33 (1).exe 2013-05-12 16:21 - 2013-01-29 20:35 - 00000000 ____D C:\Users\Neunzerling\Documents\My Games 2013-05-12 16:07 - 2013-05-12 16:04 - 23647099 ____A C:\Users\Neunzerling\Downloads\WestCoastNZIanRushton.themepack 2013-05-12 16:06 - 2013-05-12 16:04 - 15384369 ____A C:\Users\Neunzerling\Downloads\PanoramicDeserts.deskthemepack 2013-05-08 14:18 - 2013-05-08 14:18 - 00000202 ____A C:\Users\Neunzerling\Desktop\Teraria.url 2013-05-07 20:49 - 2013-05-07 20:49 - 00321645 ____A C:\Users\Neunzerling\Downloads\Flaggenmod.zip 2013-05-07 20:38 - 2013-05-07 20:36 - 09928241 ____A C:\Users\Neunzerling\Downloads\AustralianLandscapes IanJohnson.themepack 2013-05-07 20:37 - 2013-05-07 20:36 - 08337971 ____A C:\Users\Neunzerling\Downloads\AustralianShoresAntonGorlin.themepack 2013-05-07 19:31 - 2013-05-07 09:59 - 00000000 ____D C:\Program Files (x86)\Project64 1.6 2013-05-07 19:30 - 2013-05-07 16:43 - 00000000 ____D C:\Users\Neunzerling\Documents\PCSX2 2013-05-07 16:47 - 2013-05-07 16:46 - 12378733 ____A C:\Users\Neunzerling\Downloads\PCSX2 BIOS CJG.rar 2013-05-07 16:41 - 2013-01-25 16:30 - 00000000 ____D C:\Users\Neunzerling\AppData\Local\VirtualStore 2013-05-07 16:40 - 2013-05-07 16:40 - 08945660 ____A C:\Users\Neunzerling\Downloads\pcsx2-1.0.0-r5350-setup.exe 2013-05-07 16:40 - 2013-05-07 16:38 - 11403721 ____A C:\Users\Neunzerling\Downloads\san_francisco_rush_2049.zip 2013-05-07 10:02 - 2013-05-07 10:00 - 10122352 ____A C:\Users\Neunzerling\Downloads\mariokart64.zip 2013-05-07 09:57 - 2013-05-07 09:57 - 00613216 ____A (www.download-sponsor.de) C:\Users\Neunzerling\Downloads\setup_Project64_1.6en.exe 2013-05-06 17:56 - 2013-05-05 12:27 - 00000000 ____D C:\Users\Neunzerling\AppData\Roaming\TS3Client 2013-05-05 13:52 - 2013-05-05 13:52 - 05515624 ____A C:\Users\Neunzerling\Downloads\raidcall_v7.2.0.exe 2013-05-05 13:52 - 2013-05-05 13:52 - 00001011 ____A C:\Users\UpdatusUser\Desktop\RaidCall.lnk 2013-05-05 13:52 - 2013-05-05 13:52 - 00001011 ____A C:\Users\Neunzerling\Desktop\Raidcall.lnk 2013-05-05 13:52 - 2013-05-05 13:52 - 00000000 ____D C:\Users\Neunzerling\AppData\Roaming\raidcall 2013-05-05 12:26 - 2013-05-05 12:26 - 00000967 ____A C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk 2013-05-05 12:26 - 2013-05-05 12:26 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client 2013-05-05 12:26 - 2013-05-05 12:23 - 34954912 ____A (TeamSpeak Systems GmbH) C:\Users\Neunzerling\Downloads\TeamSpeak3-Client-win64-3.0.10.1.exe 2013-05-04 17:03 - 2013-05-04 17:03 - 00097946 ____A C:\Users\Neunzerling\Downloads\TooManyItems2013_04_25_1.5.2.zip 2013-05-04 16:46 - 2013-05-04 16:45 - 11584038 ____A C:\Users\Neunzerling\Downloads\Sphax PureBDcraft 64x MC15.zip 2013-05-04 16:44 - 2013-05-04 16:43 - 00376304 ____A C:\Users\Neunzerling\Downloads\OptiFine_1.5.2_HD_U_D2.zip 2013-05-03 20:20 - 2013-05-03 20:20 - 00004107 ____A C:\Windows\SysWOW64\jupdate-1.7.0_21-b11.log 2013-05-03 20:20 - 2013-03-31 18:28 - 00000000 ____D C:\Program Files (x86)\Java 2013-05-03 15:40 - 2013-01-26 13:19 - 00000000 ____D C:\Users\Neunzerling\AppData\Local\Windows Live 2013-05-03 15:27 - 2013-05-03 15:10 - 231404576 ____A (Ubisoft) C:\Users\Neunzerling\Downloads\FarCry3_mp_dlc.exe ZeroAccess: C:\Windows\Installer\{ac1db9bb-b2dc-73c1-293b-096c6512083d} C:\Windows\Installer\{ac1db9bb-b2dc-73c1-293b-096c6512083d}\@ C:\Windows\Installer\{ac1db9bb-b2dc-73c1-293b-096c6512083d}\L C:\Windows\Installer\{ac1db9bb-b2dc-73c1-293b-096c6512083d}\U C:\Windows\Installer\{ac1db9bb-b2dc-73c1-293b-096c6512083d}\L\00000004.@ C:\Windows\Installer\{ac1db9bb-b2dc-73c1-293b-096c6512083d}\L\76603ac3 C:\Windows\Installer\{ac1db9bb-b2dc-73c1-293b-096c6512083d}\U\00000004.@ C:\Windows\Installer\{ac1db9bb-b2dc-73c1-293b-096c6512083d}\U\00000008.@ C:\Windows\Installer\{ac1db9bb-b2dc-73c1-293b-096c6512083d}\U\000000cb.@ C:\Windows\Installer\{ac1db9bb-b2dc-73c1-293b-096c6512083d}\U\80000000.@ C:\Windows\Installer\{ac1db9bb-b2dc-73c1-293b-096c6512083d}\U\80000032.@ C:\Windows\Installer\{ac1db9bb-b2dc-73c1-293b-096c6512083d}\U\80000064.@ ZeroAccess: C:\Windows\assembly\GAC_32\Desktop.ini ZeroAccess: C:\Windows\assembly\GAC_64\Desktop.ini ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe [2009-07-14 01:19] - [2009-07-14 03:39] - 0329216 ____A () D41D8CD98F00B204E9800998ECF8427E C:\Windows\System32\services.exe IS INFECTED. <===== ATTENTION! C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender Last Boot: 2013-05-24 19:42 ==================== End Of Log ============================ |
http://www.trojaner-board.de/135942-w32-patched-uc.html http://www.trojaner-board.de/135910-...atched-uc.html Das hier ist offensichtlich der gleiche Rechner wie in obigen beiden Threads. Wir sagen es gerne noch ein drittes Mal: Systeme mit Cracks und Keygens bereinigen wir nicht und die Infektion ist übel. Einstampfen und neu machen. |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 15:00 Uhr. |
Copyright ©2000-2024, Trojaner-Board