|
Plagegeister aller Art und deren Bekämpfung: W32/patched.ucWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
02.06.2013, 17:46 | #1 |
| W32/patched.uc Hallo ich habe ein Problem mit dem Virus W32/patched.uc! |
02.06.2013, 17:52 | #2 |
/// the machine /// TB-Ausbilder | W32/patched.uc hi,
__________________Systemscan mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32bit oder FRST 64bit (Wenn du nicht sicher bist: Start > Computer (Rechtsklick) > Eigenschaften)
Wo wird der gefunden?
__________________ |
02.06.2013, 17:56 | #3 |
| W32/patched.uc Hier die Files
__________________Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-06-2013 02 Ran by Neunzerling (administrator) on 02-06-2013 18:54:24 Running from C:\Users\Neunzerling\Downloads Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) ================= () C:\Windows\system32\services.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe () C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (WebCake LLC) C:\Program Files (x86)\WebCake\WebCakeDesktop.Updater.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE () C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Valve Corporation) D:\Steam\Steam.exe (Skype Technologies S.A.) D:\Phone\Skype.exe () C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe (Electronic Arts) D:\Origin\Origin.exe (Spotify Ltd) C:\Users\Neunzerling\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (WebCake LLC) C:\Users\Neunzerling\AppData\Roaming\WebCake\WebCakeDesktop.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe () C:\Windows\system\Cm106eye.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Google Inc.) C:\Users\Neunzerling\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Neunzerling\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Neunzerling\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Neunzerling\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Neunzerling\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Neunzerling\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Neunzerling\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Neunzerling\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Neunzerling\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Neunzerling\AppData\Local\Google\Chrome\Application\chrome.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\klwtblfs.exe (Farbar) C:\Users\Neunzerling\Downloads\FRST64 (1).exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s [6470760 2012-05-08] (Realtek Semiconductor) HKLM\...\Run: [Cm106Sound] C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cm106.dll,CMICtrlWnd [8151040 2010-07-01] (C-Media Corporation) HKCU\...\Run: [Google Update] "C:\Users\Neunzerling\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2013-01-28] (Google Inc.) HKCU\...\Run: [Steam] "D:\Steam\steam.exe" -silent [x] HKCU\...\Run: [Skype] "D:\Phone\Skype.exe" /minimized /regrun [x] HKCU\...\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2013-01-28] () HKCU\...\Run: [EADM] "D:\Origin\Origin.exe" -AutoStart [x] HKCU\...\Run: [Spotify Web Helper] "C:\Users\Neunzerling\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1104384 2013-05-25] (Spotify Ltd) HKCU\...\Run: [WebCake Desktop] "C:\Users\Neunzerling\AppData\Roaming\WebCake\WebCakeDesktop.exe" [47896 2013-05-31] (WebCake LLC) MountPoints2: {ad0d77d3-6974-11e2-a732-806e6f6e6963} - F:\KMDS.exe MountPoints2: {ad0d7819-6974-11e2-a732-d43d7e051931} - F:\KMDS.exe MountPoints2: {e5098649-66fa-11e2-bd20-806e6f6e6963} - E:\Autorun.exe HKLM-x32\...\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [291608 2012-03-26] (Intel Corporation) HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [356376 2013-01-25] (Kaspersky Lab ZAO) HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [345312 2013-05-02] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation) HKLM-x32\...\Run: [RaidCall] C:\Program Files (x86)\RaidCall\raidcall.exe [3423928 2013-05-06] (RAIDCALL.COM) Startup: C:\Users\Neunzerling\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Delta Search HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = PC-SPEZIALIST HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login. SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.delta-search.com/?q={searchTerms}&affID=119357&tt=300513_new&babsrc=SP_ss&mntrId=60DED43D7E051931 SearchScopes: HKCU - {B04094C1-09BB-4FBE-AA8F-E477D26E5B68} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=3CB95953-C0F2-4BB1-8690-52F0A3780A9D&apn_sauid=7337EF3B-8270-4E9A-83FD-BCA02BE8054A BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) BHO-x32: WebCake - {2A5A2A90-3B30-4E6E-A955-2F232C6EF517} - C:\Program Files (x86)\WebCake\WebCakeIEClient.dll (WebCake LLC) BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO-x32: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.21.5\bh\delta.dll (Delta-search.com) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) BHO-x32: DealPly - {EF7BD87A-8024-11E2-F316-F3E56188709B} - C:\Program Files (x86)\DealPly\DealPlyIE.dll (DealPly) Toolbar: HKLM-x32 - Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.21.5\deltaTlbr.dll (Delta-search.com) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll" Winsock: Catalog9 01 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [260832] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 02 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [260832] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 03 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [260832] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 04 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [260832] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 05 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [260832] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 06 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [260832] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 07 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [260832] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 08 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [260832] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 09 mswsock.dll File Not found () Winsock: Catalog9 10 mswsock.dll File Not found () Winsock: Catalog9 11 mswsock.dll File Not found () Winsock: Catalog9 12 mswsock.dll File Not found () Winsock: Catalog9 13 mswsock.dll File Not found () Winsock: Catalog9 14 mswsock.dll File Not found () Winsock: Catalog9 15 mswsock.dll File Not found () Winsock: Catalog9 16 mswsock.dll File Not found () Winsock: Catalog9 17 mswsock.dll File Not found () Winsock: Catalog9 18 mswsock.dll File Not found () Winsock: Catalog9 19 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [260832] (Avira Operations GmbH & Co. KG) Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" Winsock: Catalog5-x64 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll" Winsock: Catalog9-x64 01 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [234208] (Avira Operations GmbH & Co. KG) Winsock: Catalog9-x64 02 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [234208] (Avira Operations GmbH & Co. KG) Winsock: Catalog9-x64 03 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [234208] (Avira Operations GmbH & Co. KG) Winsock: Catalog9-x64 04 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [234208] (Avira Operations GmbH & Co. KG) Winsock: Catalog9-x64 05 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [234208] (Avira Operations GmbH & Co. KG) Winsock: Catalog9-x64 06 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [234208] (Avira Operations GmbH & Co. KG) Winsock: Catalog9-x64 07 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [234208] (Avira Operations GmbH & Co. KG) Winsock: Catalog9-x64 08 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [234208] (Avira Operations GmbH & Co. KG) Winsock: Catalog9-x64 09 mswsock.dll File Not found () Winsock: Catalog9-x64 10 mswsock.dll File Not found () Winsock: Catalog9-x64 11 mswsock.dll File Not found () Winsock: Catalog9-x64 12 mswsock.dll File Not found () Winsock: Catalog9-x64 13 mswsock.dll File Not found () Winsock: Catalog9-x64 14 mswsock.dll File Not found () Winsock: Catalog9-x64 15 mswsock.dll File Not found () Winsock: Catalog9-x64 16 mswsock.dll File Not found () Winsock: Catalog9-x64 17 mswsock.dll File Not found () Winsock: Catalog9-x64 18 mswsock.dll File Not found () Winsock: Catalog9-x64 19 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [234208] (Avira Operations GmbH & Co. KG) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Chrome: ======= CHR Extension: (Kaspersky URL Advisor) - C:\Users\Neunzerling\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0 CHR Extension: (WebCake) - C:\Users\Neunzerling\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh\1.0.3_0 CHR Extension: (DealPly Shopping) - C:\Users\Neunzerling\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmfnfnpmhcllokmkepffndflpnadjmma\3.5.3.0_0 ==================== Services (Whitelisted) ================= R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86752 2013-03-27] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110816 2013-03-27] (Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [562744 2013-05-02] (Avira Operations GmbH & Co. KG) R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356376 2013-01-25] (Kaspersky Lab ZAO) R2 BrowserDefendert; C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe [2827728 2013-05-23] () R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-05-17] () R2 WebCake Desktop Updater; C:\Users\Neunzerling\AppData\Roaming\WebCake\WebCakeDesktop.exe [47896 2013-05-31] (WebCake LLC) ==================== Drivers (Whitelisted) ==================== R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458584 2012-06-19] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [613720 2013-01-25] (Kaspersky Lab) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [28504 2012-08-02] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29016 2012-10-25] (Kaspersky Lab) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29528 2012-10-25] (Kaspersky Lab) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54104 2013-01-25] (Kaspersky Lab) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178008 2012-08-13] (Kaspersky Lab) S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.) R3 USBMULCD; C:\Windows\System32\drivers\CM10664.sys [1307648 2009-10-01] (C-Media Electronics Inc) R2 avgntflt; system32\DRIVERS\avgntflt.sys [x] R1 avipbb; system32\DRIVERS\avipbb.sys [x] R1 avkmgr; system32\DRIVERS\avkmgr.sys [x] S3 MSICDSetup; \??\E:\CDriver64.sys [x] S3 NTIOLib_1_0_C; \??\E:\NTIOLib_X64.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-06-02 18:53 - 2013-06-02 18:53 - 01916600 ____A (Farbar) C:\Users\Neunzerling\Downloads\FRST64 (1).exe 2013-06-01 19:53 - 2013-06-01 19:53 - 00000000 ____A C:\Users\Neunzerling\defogger_reenable 2013-06-01 19:51 - 2013-06-01 19:51 - 00019043 ____A C:\Users\Neunzerling\Downloads\Addition.txt 2013-06-01 19:50 - 2013-06-01 19:50 - 00000000 ____D C:\Users\Neunzerling\AppData\Local\Downloaded Installations 2013-06-01 19:50 - 2013-06-01 19:50 - 00000000 ____D C:\FRST 2013-06-01 19:49 - 2013-06-01 19:50 - 01916164 ____A (Farbar) C:\Users\Neunzerling\Downloads\FRST64.exe 2013-06-01 19:49 - 2013-06-01 19:49 - 00000000 ____D C:\Windows\SysWOW64\searchplugins 2013-06-01 19:49 - 2013-06-01 19:49 - 00000000 ____D C:\Windows\SysWOW64\Extensions 2013-06-01 19:49 - 2013-06-01 19:49 - 00000000 ____D C:\Users\Neunzerling\AppData\Roaming\BabSolution 2013-06-01 19:49 - 2013-06-01 19:49 - 00000000 ____D C:\ProgramData\BrowserDefender 2013-06-01 19:48 - 2013-06-01 19:48 - 00000000 ____D C:\Users\Neunzerling\AppData\Roaming\Delta 2013-06-01 19:48 - 2013-06-01 19:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-06-01 19:48 - 2013-06-01 19:48 - 00000000 ____D C:\Program Files (x86)\Delta 2013-06-01 19:47 - 2013-06-02 18:47 - 00000304 ____A C:\Windows\Tasks\DSite.job 2013-06-01 19:47 - 2013-06-02 18:33 - 00000000 ____D C:\Users\Neunzerling\AppData\Roaming\WebCake 2013-06-01 19:47 - 2013-06-01 19:47 - 00000000 ____D C:\Users\Neunzerling\AppData\Roaming\DSite 2013-06-01 19:47 - 2013-06-01 19:47 - 00000000 ____D C:\Users\Neunzerling\AppData\Roaming\DealPly 2013-06-01 19:47 - 2013-06-01 19:47 - 00000000 ____D C:\Users\Neunzerling\AppData\Roaming\Babylon 2013-06-01 19:47 - 2013-06-01 19:47 - 00000000 ____D C:\ProgramData\Babylon 2013-06-01 19:47 - 2013-06-01 19:47 - 00000000 ____D C:\Program Files (x86)\WebCake 2013-06-01 19:47 - 2013-06-01 19:47 - 00000000 ____D C:\Program Files (x86)\DealPly 2013-06-01 19:46 - 2013-06-01 19:46 - 00791488 ____A C:\Users\Neunzerling\Downloads\CodecPack.exe 2013-06-01 19:34 - 2013-06-01 20:11 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-06-01 19:26 - 2013-06-01 19:26 - 00632031 ____A C:\Users\Neunzerling\Downloads\adwcleaner.exe 2013-06-01 19:26 - 2013-06-01 19:26 - 00001424 ____A C:\AdwCleaner[S1].txt 2013-06-01 19:21 - 2013-06-01 19:21 - 640065676 ____A C:\Windows\MEMORY.DMP 2013-06-01 19:21 - 2013-06-01 19:21 - 00305152 ____A C:\Windows\Minidump\060113-17253-01.dmp 2013-06-01 19:21 - 2013-06-01 19:21 - 00000000 ____D C:\Windows\Minidump 2013-06-01 19:11 - 2013-06-01 19:11 - 00377856 ____A C:\Users\Neunzerling\Downloads\gmer_2.1.19163.exe 2013-06-01 19:11 - 2013-06-01 19:11 - 00050477 ____A C:\Users\Neunzerling\Downloads\Defogger.exe 2013-06-01 19:11 - 2013-06-01 19:11 - 00000484 ____A C:\Users\Neunzerling\Downloads\defogger_disable.log 2013-06-01 19:11 - 2013-06-01 19:11 - 00000256 ____A C:\Users\Neunzerling\Downloads\defogger_enable.log 2013-06-01 15:34 - 2013-06-01 15:39 - 00036892 ____A C:\Windows\SysWOW64\bassmod.dll 2013-06-01 15:33 - 2013-06-01 15:33 - 02340966 ____A C:\Users\Neunzerling\Downloads\Anno2070_DO_+15Trn+SE_2.00.7780.rar 2013-06-01 15:33 - 2013-01-12 16:07 - 00000000 ____D C:\Users\Neunzerling\Desktop\Anno2070_DO_+15Trn+SE_2.00.7780 2013-06-01 15:06 - 2013-06-01 15:06 - 00000047 ____A C:\Users\Neunzerling\Documents\mt-x_hook.txt 2013-06-01 15:06 - 2013-06-01 15:06 - 00000007 ____A C:\Users\Neunzerling\Documents\mt-e_hook.txt 2013-05-30 21:24 - 2013-05-30 21:24 - 00049323 ____A C:\Users\Neunzerling\Downloads\just_cause_2-demo_v1.0.0.2-trainer_v2010.03.21-dc.zip 2013-05-30 21:24 - 2010-03-21 00:34 - 00050176 ____A C:\Users\Neunzerling\Desktop\Just_Cause_2-Demo_v1.0.0.2-Trainer.exe 2013-05-27 19:47 - 2013-05-27 19:47 - 00000000 ____D C:\Users\Neunzerling\Documents\Square Enix 2013-05-25 18:08 - 2013-05-25 18:09 - 03819928 ____A C:\Users\Neunzerling\Downloads\battlelog-web-plugins_2.1.4_112.exe 2013-05-25 17:59 - 2013-05-25 18:01 - 18848284 ____A C:\Users\Neunzerling\Downloads\QueenstownNZIanRushton.themepack 2013-05-25 13:12 - 2013-05-25 13:13 - 00000000 ____D C:\Users\Neunzerling\Desktop\Anno 2070 Produktionsketten 2013-05-23 20:41 - 2013-05-23 20:41 - 00002146 ____A C:\Users\Public\Desktop\Eu3 - DEMO.lnk 2013-05-23 20:41 - 2013-05-23 20:41 - 00000000 ____D C:\Program Files (x86)\Paradox Interactive 2013-05-23 20:23 - 2013-05-23 20:38 - 132963467 ____A (Paradox Interactive ) C:\Users\Neunzerling\Downloads\eu3_demo.exe 2013-05-23 19:19 - 2013-05-23 20:00 - 00474925 ____A C:\Users\Neunzerling\Downloads\FliegenunterWasser.odp 2013-05-21 12:28 - 2013-05-21 12:28 - 00000000 ____D C:\Users\Neunzerling\Documents\Empire Earth II SP Demo 2013-05-21 12:28 - 2013-05-21 12:28 - 00000000 ____D C:\Users\Neunzerling\AppData\Roaming\Sierra 2013-05-21 12:26 - 2013-05-21 12:26 - 00001010 ____A C:\Users\Public\Desktop\Launch EEII SP Demo.lnk 2013-05-21 12:26 - 2013-05-21 12:26 - 00000000 ____D C:\Program Files (x86)\Sierra 2013-05-21 10:39 - 2013-05-21 10:39 - 00614816 ____A (Download-Sponsor.de - Verdienen Sie mehr Geld mit Ihrer Software!) C:\Users\Neunzerling\Downloads\empireearth2_spdemo_en (1).exe 2013-05-20 22:11 - 2013-05-20 22:11 - 00614816 ____A (Download-Sponsor.de - Verdienen Sie mehr Geld mit Ihrer Software!) C:\Users\Neunzerling\Downloads\empireearth2_spdemo_en.exe 2013-05-20 20:45 - 2013-05-20 20:45 - 00673992 ____A C:\Users\Neunzerling\Downloads\Brothersoft_downloader_For_Empire_Earth_1.exe 2013-05-18 22:13 - 2013-05-27 15:07 - 00000000 ____D C:\Users\Neunzerling\Desktop\Ruse 2013-05-18 21:22 - 2013-05-18 21:26 - 43144421 ____A C:\Users\Neunzerling\Downloads\RUSE_THEME.zip 2013-05-18 20:22 - 2013-05-18 20:22 - 00000000 ____D C:\Users\Neunzerling\Documents\ANNO 2070 2013-05-18 20:15 - 2013-05-18 20:15 - 00000000 ____D C:\Users\Neunzerling\Documents\Electronic Arts 2013-05-18 20:02 - 2013-05-18 20:02 - 00000000 ____D C:\ProgramData\Solidshield 2013-05-18 16:42 - 2013-05-18 16:42 - 00002250 ____A C:\Users\Public\Desktop\Die Sims™ 3 Traumkarrieren.lnk 2013-05-18 16:40 - 2013-05-18 16:41 - 08950523 ____A C:\Users\Neunzerling\Downloads\awesome.zip 2013-05-18 16:39 - 2013-05-18 16:39 - 00887896 ____A (Microsoft Corporation) C:\Users\Neunzerling\Downloads\dotNetFx40_Client_setup.exe 2013-05-18 16:38 - 2013-05-18 16:39 - 02869264 ____A (Microsoft Corporation) C:\Users\Neunzerling\Downloads\dotNetFx35setup.exe 2013-05-18 16:15 - 2013-05-18 16:15 - 00002090 ____A C:\Users\Public\Desktop\Die*Sims™*3.lnk 2013-05-18 16:15 - 2013-05-18 16:15 - 00000000 ____D C:\Program Files (x86)\Microsoft WSE 2013-05-18 16:01 - 2013-05-18 16:36 - 00000000 ____D C:\Program Files (x86)\Electronic Arts 2013-05-18 12:32 - 2013-05-18 12:32 - 00000658 ____A C:\Users\Neunzerling\Desktop\Anno 2070.lnk 2013-05-18 12:32 - 2013-05-18 12:32 - 00000000 ____D C:\Users\Neunzerling\AppData\Roaming\Ubisoft 2013-05-17 19:29 - 2013-05-30 17:05 - 00291088 ____A C:\Windows\SysWOW64\PnkBstrB.exe 2013-05-17 19:29 - 2013-05-17 19:34 - 00076888 ____A C:\Windows\SysWOW64\PnkBstrA.exe 2013-05-17 19:20 - 2013-05-17 19:20 - 00886409 ____A C:\Users\Neunzerling\Downloads\pbsetup.zip 2013-05-17 19:19 - 2012-07-06 16:13 - 02580552 ____A C:\Windows\SysWOW64\pbsvc.exe 2013-05-16 21:37 - 2013-05-16 21:37 - 03820336 ____A C:\Users\Neunzerling\Downloads\battlelog-web-plugins_2.1.3_109.exe 2013-05-16 16:35 - 2013-05-16 16:35 - 00000000 ____D C:\Users\Neunzerling\AppData\Local\Adobe 2013-05-16 15:45 - 2013-04-05 08:52 - 02242048 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-05-16 15:45 - 2013-04-05 08:52 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-05-16 15:45 - 2013-04-05 08:52 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2013-05-16 15:45 - 2013-04-05 08:50 - 19231232 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-05-16 15:45 - 2013-04-05 08:50 - 15404032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-05-16 15:45 - 2013-04-05 08:50 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-05-16 15:45 - 2013-04-05 08:50 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-05-16 15:45 - 2013-04-05 08:50 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-05-16 15:45 - 2013-04-05 08:50 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-05-16 15:45 - 2013-04-05 08:50 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-05-16 15:45 - 2013-04-05 08:50 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll 2013-05-16 15:45 - 2013-04-05 08:50 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2013-05-16 15:45 - 2013-04-05 08:50 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-05-16 15:45 - 2013-04-05 08:50 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2013-05-16 15:45 - 2013-04-05 07:28 - 01767424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-05-16 15:45 - 2013-04-05 07:28 - 01130496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-05-16 15:45 - 2013-04-05 07:26 - 14323712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-05-16 15:45 - 2013-04-05 07:26 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-05-16 15:45 - 2013-04-05 07:26 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-05-16 15:45 - 2013-04-05 07:26 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-05-16 15:45 - 2013-04-05 07:26 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-05-16 15:45 - 2013-04-05 07:26 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-05-16 15:45 - 2013-04-05 07:26 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-05-16 15:45 - 2013-04-05 07:26 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-05-16 15:45 - 2013-04-05 07:26 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-05-16 15:45 - 2013-04-05 07:26 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-05-16 15:45 - 2013-04-05 07:26 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-05-16 15:45 - 2013-04-05 06:43 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-05-16 15:45 - 2013-04-05 06:29 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-05-16 15:45 - 2013-04-05 05:51 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe 2013-05-16 15:45 - 2013-04-05 05:38 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-05-16 15:44 - 2013-04-10 08:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys 2013-05-16 15:44 - 2013-04-10 08:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys 2013-05-16 15:44 - 2013-04-10 05:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2013-05-16 15:44 - 2013-03-19 07:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll 2013-05-16 15:44 - 2013-03-19 07:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll 2013-05-16 15:44 - 2013-02-27 08:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe 2013-05-16 15:44 - 2013-02-27 07:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll 2013-05-16 15:44 - 2013-02-27 07:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll 2013-05-16 15:44 - 2013-02-27 07:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll 2013-05-16 15:44 - 2013-02-27 07:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll 2013-05-16 15:44 - 2013-02-27 06:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2013-05-16 15:44 - 2013-02-27 06:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll 2013-05-16 15:44 - 2013-02-27 06:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2013-05-16 15:44 - 2011-02-03 13:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll 2013-05-13 15:13 - 2013-05-13 15:13 - 00092776 ____A (Spotify Ltd) C:\Users\Neunzerling\Downloads\SpotifySetup.exe 2013-05-13 15:11 - 2013-06-01 15:13 - 00000000 ____D C:\Users\Neunzerling\AppData\Local\Spotify 2013-05-13 15:11 - 2013-05-13 15:11 - 00001797 ____A C:\Users\Neunzerling\Desktop\Spotify.lnk 2013-05-13 15:10 - 2013-06-01 16:11 - 00000000 ____D C:\Users\Neunzerling\AppData\Roaming\Spotify 2013-05-13 15:09 - 2013-05-13 15:09 - 00092776 ____A (Spotify Ltd) C:\Users\Neunzerling\Downloads\SpotifySetup33.exe 2013-05-13 15:09 - 2013-05-13 15:09 - 00092776 ____A (Spotify Ltd) C:\Users\Neunzerling\Downloads\SpotifySetup33 (1).exe 2013-05-12 16:04 - 2013-05-12 16:07 - 23647099 ____A C:\Users\Neunzerling\Downloads\WestCoastNZIanRushton.themepack 2013-05-12 16:04 - 2013-05-12 16:06 - 15384369 ____A C:\Users\Neunzerling\Downloads\PanoramicDeserts.deskthemepack 2013-05-08 14:18 - 2013-05-08 14:18 - 00000202 ____A C:\Users\Neunzerling\Desktop\Teraria.url 2013-05-07 20:49 - 2013-05-07 20:49 - 00321645 ____A C:\Users\Neunzerling\Downloads\Flaggenmod.zip 2013-05-07 20:36 - 2013-05-07 20:38 - 09928241 ____A C:\Users\Neunzerling\Downloads\AustralianLandscapes IanJohnson.themepack 2013-05-07 20:36 - 2013-05-07 20:37 - 08337971 ____A C:\Users\Neunzerling\Downloads\AustralianShoresAntonGorlin.themepack 2013-05-07 16:46 - 2013-05-07 16:47 - 12378733 ____A C:\Users\Neunzerling\Downloads\PCSX2 BIOS CJG.rar 2013-05-07 16:43 - 2013-05-07 19:30 - 00000000 ____D C:\Users\Neunzerling\Documents\PCSX2 2013-05-07 16:40 - 2013-05-07 16:40 - 08945660 ____A C:\Users\Neunzerling\Downloads\pcsx2-1.0.0-r5350-setup.exe 2013-05-07 16:38 - 2013-05-07 16:40 - 11403721 ____A C:\Users\Neunzerling\Downloads\san_francisco_rush_2049.zip 2013-05-07 10:00 - 2013-05-07 10:02 - 10122352 ____A C:\Users\Neunzerling\Downloads\mariokart64.zip 2013-05-07 09:59 - 2013-05-07 19:31 - 00000000 ____D C:\Program Files (x86)\Project64 1.6 2013-05-07 09:57 - 2013-05-07 09:57 - 00613216 ____A (Download-Sponsor.de - Verdienen Sie mehr Geld mit Ihrer Software!) C:\Users\Neunzerling\Downloads\setup_Project64_1.6en.exe 2013-05-06 15:11 - 2013-05-23 14:35 - 00000000 ____A C:\Windows\SysWOW64\filetrace.log 2013-05-05 13:52 - 2013-05-23 14:43 - 00000000 ____D C:\Program Files (x86)\RaidCall 2013-05-05 13:52 - 2013-05-05 13:52 - 05515624 ____A C:\Users\Neunzerling\Downloads\raidcall_v7.2.0.exe 2013-05-05 13:52 - 2013-05-05 13:52 - 00001011 ____A C:\Users\UpdatusUser\Desktop\RaidCall.lnk 2013-05-05 13:52 - 2013-05-05 13:52 - 00001011 ____A C:\Users\Neunzerling\Desktop\Raidcall.lnk 2013-05-05 13:52 - 2013-05-05 13:52 - 00000000 ____D C:\Users\Neunzerling\AppData\Roaming\raidcall 2013-05-05 12:27 - 2013-05-06 17:56 - 00000000 ____D C:\Users\Neunzerling\AppData\Roaming\TS3Client 2013-05-05 12:26 - 2013-05-05 12:26 - 00000967 ____A C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk 2013-05-05 12:26 - 2013-05-05 12:26 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client 2013-05-05 12:23 - 2013-05-05 12:26 - 34954912 ____A (TeamSpeak Systems GmbH) C:\Users\Neunzerling\Downloads\TeamSpeak3-Client-win64-3.0.10.1.exe 2013-05-04 17:03 - 2013-05-04 17:03 - 00097946 ____A C:\Users\Neunzerling\Downloads\TooManyItems2013_04_25_1.5.2.zip 2013-05-04 16:46 - 2013-06-01 13:09 - 00000000 ____D C:\Users\Neunzerling\AppData\Roaming\.minecraft 2013-05-04 16:45 - 2013-05-04 16:46 - 11584038 ____A C:\Users\Neunzerling\Downloads\Sphax PureBDcraft 64x MC15.zip 2013-05-04 16:43 - 2013-05-04 16:44 - 00376304 ____A C:\Users\Neunzerling\Downloads\OptiFine_1.5.2_HD_U_D2.zip 2013-05-03 20:20 - 2013-05-03 20:20 - 00004107 ____A C:\Windows\SysWOW64\jupdate-1.7.0_21-b11.log 2013-05-03 20:20 - 2013-04-04 05:35 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-05-03 20:20 - 2013-04-04 05:30 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-05-03 20:20 - 2013-04-04 05:29 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-05-03 15:10 - 2013-05-03 15:27 - 231404576 ____A (Ubisoft) C:\Users\Neunzerling\Downloads\FarCry3_mp_dlc.exe ==================== One Month Modified Files and Folders ======= 2013-06-02 18:54 - 2013-01-28 20:57 - 00000000 ____D C:\Users\Neunzerling\AppData\Local\PMB Files 2013-06-02 18:53 - 2013-06-02 18:53 - 01916600 ____A (Farbar) C:\Users\Neunzerling\Downloads\FRST64 (1).exe 2013-06-02 18:48 - 2013-01-28 20:19 - 00000000 ____D C:\Users\Neunzerling\AppData\Roaming\Skype 2013-06-02 18:47 - 2013-06-01 19:47 - 00000304 ____A C:\Windows\Tasks\DSite.job 2013-06-02 18:39 - 2009-07-14 06:45 - 00021840 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-06-02 18:39 - 2009-07-14 06:45 - 00021840 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-06-02 18:38 - 2011-04-12 09:43 - 00654372 ____A C:\Windows\System32\perfh007.dat 2013-06-02 18:38 - 2011-04-12 09:43 - 00129986 ____A C:\Windows\System32\perfc007.dat 2013-06-02 18:38 - 2009-07-14 07:13 - 01499844 ____A C:\Windows\System32\PerfStringBackup.INI 2013-06-02 18:34 - 2013-01-25 20:12 - 00000000 ____D C:\ProgramData\Kaspersky Lab 2013-06-02 18:33 - 2013-06-01 19:47 - 00000000 ____D C:\Users\Neunzerling\AppData\Roaming\WebCake 2013-06-02 18:32 - 2013-01-25 19:57 - 00000000 ____D C:\ProgramData\NVIDIA 2013-06-02 18:32 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-06-02 18:32 - 2009-07-14 06:51 - 00043300 ____A C:\Windows\setupact.log 2013-06-01 20:27 - 2013-01-28 20:04 - 00001144 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1396853779-1898471116-1014588444-1000UA.job 2013-06-01 20:11 - 2013-06-01 19:34 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-06-01 20:04 - 2013-01-25 20:08 - 00000000 ____D C:\Users\Neunzerling\AppData\Roaming\SoftGrid Client 2013-06-01 19:53 - 2013-06-01 19:53 - 00000000 ____A C:\Users\Neunzerling\defogger_reenable 2013-06-01 19:53 - 2013-01-25 16:30 - 00000000 ____D C:\users\Neunzerling 2013-06-01 19:51 - 2013-06-01 19:51 - 00019043 ____A C:\Users\Neunzerling\Downloads\Addition.txt 2013-06-01 19:50 - 2013-06-01 19:50 - 00000000 ____D C:\Users\Neunzerling\AppData\Local\Downloaded Installations 2013-06-01 19:50 - 2013-06-01 19:50 - 00000000 ____D C:\FRST 2013-06-01 19:50 - 2013-06-01 19:49 - 01916164 ____A (Farbar) C:\Users\Neunzerling\Downloads\FRST64.exe 2013-06-01 19:49 - 2013-06-01 19:49 - 00000000 ____D C:\Windows\SysWOW64\searchplugins 2013-06-01 19:49 - 2013-06-01 19:49 - 00000000 ____D C:\Windows\SysWOW64\Extensions 2013-06-01 19:49 - 2013-06-01 19:49 - 00000000 ____D C:\Users\Neunzerling\AppData\Roaming\BabSolution 2013-06-01 19:49 - 2013-06-01 19:49 - 00000000 ____D C:\ProgramData\BrowserDefender 2013-06-01 19:48 - 2013-06-01 19:48 - 00000000 ____D C:\Users\Neunzerling\AppData\Roaming\Delta 2013-06-01 19:48 - 2013-06-01 19:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-06-01 19:48 - 2013-06-01 19:48 - 00000000 ____D C:\Program Files (x86)\Delta 2013-06-01 19:47 - 2013-06-01 19:47 - 00000000 ____D C:\Users\Neunzerling\AppData\Roaming\DSite 2013-06-01 19:47 - 2013-06-01 19:47 - 00000000 ____D C:\Users\Neunzerling\AppData\Roaming\DealPly 2013-06-01 19:47 - 2013-06-01 19:47 - 00000000 ____D C:\Users\Neunzerling\AppData\Roaming\Babylon 2013-06-01 19:47 - 2013-06-01 19:47 - 00000000 ____D C:\ProgramData\Babylon 2013-06-01 19:47 - 2013-06-01 19:47 - 00000000 ____D C:\Program Files (x86)\WebCake 2013-06-01 19:47 - 2013-06-01 19:47 - 00000000 ____D C:\Program Files (x86)\DealPly 2013-06-01 19:46 - 2013-06-01 19:46 - 00791488 ____A C:\Users\Neunzerling\Downloads\CodecPack.exe 2013-06-01 19:34 - 2013-04-03 11:41 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-06-01 19:34 - 2013-03-24 00:10 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-06-01 19:26 - 2013-06-01 19:26 - 00632031 ____A C:\Users\Neunzerling\Downloads\adwcleaner.exe 2013-06-01 19:26 - 2013-06-01 19:26 - 00001424 ____A C:\AdwCleaner[S1].txt 2013-06-01 19:21 - 2013-06-01 19:21 - 640065676 ____A C:\Windows\MEMORY.DMP 2013-06-01 19:21 - 2013-06-01 19:21 - 00305152 ____A C:\Windows\Minidump\060113-17253-01.dmp 2013-06-01 19:21 - 2013-06-01 19:21 - 00000000 ____D C:\Windows\Minidump 2013-06-01 19:19 - 2013-01-25 16:30 - 01651897 ____A C:\Windows\WindowsUpdate.log 2013-06-01 19:11 - 2013-06-01 19:11 - 00377856 ____A C:\Users\Neunzerling\Downloads\gmer_2.1.19163.exe 2013-06-01 19:11 - 2013-06-01 19:11 - 00050477 ____A C:\Users\Neunzerling\Downloads\Defogger.exe 2013-06-01 19:11 - 2013-06-01 19:11 - 00000484 ____A C:\Users\Neunzerling\Downloads\defogger_disable.log 2013-06-01 19:11 - 2013-06-01 19:11 - 00000256 ____A C:\Users\Neunzerling\Downloads\defogger_enable.log 2013-06-01 16:36 - 2013-02-01 21:12 - 00000000 ____D C:\Program Files (x86)\Origin Games 2013-06-01 16:11 - 2013-05-13 15:10 - 00000000 ____D C:\Users\Neunzerling\AppData\Roaming\Spotify 2013-06-01 15:39 - 2013-06-01 15:34 - 00036892 ____A C:\Windows\SysWOW64\bassmod.dll 2013-06-01 15:33 - 2013-06-01 15:33 - 02340966 ____A C:\Users\Neunzerling\Downloads\Anno2070_DO_+15Trn+SE_2.00.7780.rar 2013-06-01 15:13 - 2013-05-13 15:11 - 00000000 ____D C:\Users\Neunzerling\AppData\Local\Spotify 2013-06-01 15:06 - 2013-06-01 15:06 - 00000047 ____A C:\Users\Neunzerling\Documents\mt-x_hook.txt 2013-06-01 15:06 - 2013-06-01 15:06 - 00000007 ____A C:\Users\Neunzerling\Documents\mt-e_hook.txt 2013-06-01 13:23 - 2013-01-28 20:57 - 00000000 ____D C:\ProgramData\PMB Files 2013-06-01 13:09 - 2013-05-04 16:46 - 00000000 ____D C:\Users\Neunzerling\AppData\Roaming\.minecraft 2013-05-31 21:27 - 2013-01-28 20:04 - 00001092 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1396853779-1898471116-1014588444-1000Core.job 2013-05-31 19:25 - 2009-07-14 07:08 - 00032640 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2013-05-30 21:24 - 2013-05-30 21:24 - 00049323 ____A C:\Users\Neunzerling\Downloads\just_cause_2-demo_v1.0.0.2-trainer_v2010.03.21-dc.zip 2013-05-30 17:05 - 2013-05-17 19:29 - 00291088 ____A C:\Windows\SysWOW64\PnkBstrB.exe 2013-05-30 17:05 - 2013-01-29 20:36 - 00291088 ____A C:\Windows\SysWOW64\PnkBstrB.xtr 2013-05-28 19:21 - 2013-01-29 20:06 - 00291088 ____A C:\Windows\SysWOW64\PnkBstrB.ex0 2013-05-27 19:47 - 2013-05-27 19:47 - 00000000 ____D C:\Users\Neunzerling\Documents\Square Enix 2013-05-27 15:07 - 2013-05-18 22:13 - 00000000 ____D C:\Users\Neunzerling\Desktop\Ruse 2013-05-26 16:08 - 2013-02-04 13:31 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins 2013-05-26 16:08 - 2010-11-21 05:47 - 00273884 ____A C:\Windows\PFRO.log 2013-05-25 18:09 - 2013-05-25 18:08 - 03819928 ____A C:\Users\Neunzerling\Downloads\battlelog-web-plugins_2.1.4_112.exe 2013-05-25 18:01 - 2013-05-25 17:59 - 18848284 ____A C:\Users\Neunzerling\Downloads\QueenstownNZIanRushton.themepack 2013-05-25 13:13 - 2013-05-25 13:12 - 00000000 ____D C:\Users\Neunzerling\Desktop\Anno 2070 Produktionsketten 2013-05-23 20:41 - 2013-05-23 20:41 - 00002146 ____A C:\Users\Public\Desktop\Eu3 - DEMO.lnk 2013-05-23 20:41 - 2013-05-23 20:41 - 00000000 ____D C:\Program Files (x86)\Paradox Interactive 2013-05-23 20:41 - 2013-01-25 16:58 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2013-05-23 20:38 - 2013-05-23 20:23 - 132963467 ____A (Paradox Interactive ) C:\Users\Neunzerling\Downloads\eu3_demo.exe 2013-05-23 20:00 - 2013-05-23 19:19 - 00474925 ____A C:\Users\Neunzerling\Downloads\FliegenunterWasser.odp 2013-05-23 14:43 - 2013-05-05 13:52 - 00000000 ____D C:\Program Files (x86)\RaidCall 2013-05-23 14:35 - 2013-05-06 15:11 - 00000000 ____A C:\Windows\SysWOW64\filetrace.log 2013-05-21 12:28 - 2013-05-21 12:28 - 00000000 ____D C:\Users\Neunzerling\Documents\Empire Earth II SP Demo 2013-05-21 12:28 - 2013-05-21 12:28 - 00000000 ____D C:\Users\Neunzerling\AppData\Roaming\Sierra 2013-05-21 12:26 - 2013-05-21 12:26 - 00001010 ____A C:\Users\Public\Desktop\Launch EEII SP Demo.lnk 2013-05-21 12:26 - 2013-05-21 12:26 - 00000000 ____D C:\Program Files (x86)\Sierra 2013-05-21 10:39 - 2013-05-21 10:39 - 00614816 ____A (Download-Sponsor.de - Verdienen Sie mehr Geld mit Ihrer Software!) C:\Users\Neunzerling\Downloads\empireearth2_spdemo_en (1).exe 2013-05-20 22:11 - 2013-05-20 22:11 - 00614816 ____A (Download-Sponsor.de - Verdienen Sie mehr Geld mit Ihrer Software!) C:\Users\Neunzerling\Downloads\empireearth2_spdemo_en.exe 2013-05-20 20:45 - 2013-05-20 20:45 - 00673992 ____A C:\Users\Neunzerling\Downloads\Brothersoft_downloader_For_Empire_Earth_1.exe 2013-05-18 21:26 - 2013-05-18 21:22 - 43144421 ____A C:\Users\Neunzerling\Downloads\RUSE_THEME.zip 2013-05-18 20:22 - 2013-05-18 20:22 - 00000000 ____D C:\Users\Neunzerling\Documents\ANNO 2070 2013-05-18 20:15 - 2013-05-18 20:15 - 00000000 ____D C:\Users\Neunzerling\Documents\Electronic Arts 2013-05-18 20:02 - 2013-05-18 20:02 - 00000000 ____D C:\ProgramData\Solidshield 2013-05-18 17:21 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache 2013-05-18 16:42 - 2013-05-18 16:42 - 00002250 ____A C:\Users\Public\Desktop\Die Sims™ 3 Traumkarrieren.lnk 2013-05-18 16:41 - 2013-05-18 16:40 - 08950523 ____A C:\Users\Neunzerling\Downloads\awesome.zip 2013-05-18 16:39 - 2013-05-18 16:39 - 00887896 ____A (Microsoft Corporation) C:\Users\Neunzerling\Downloads\dotNetFx40_Client_setup.exe 2013-05-18 16:39 - 2013-05-18 16:38 - 02869264 ____A (Microsoft Corporation) C:\Users\Neunzerling\Downloads\dotNetFx35setup.exe 2013-05-18 16:36 - 2013-05-18 16:01 - 00000000 ____D C:\Program Files (x86)\Electronic Arts 2013-05-18 16:15 - 2013-05-18 16:15 - 00002090 ____A C:\Users\Public\Desktop\Die*Sims™*3.lnk 2013-05-18 16:15 - 2013-05-18 16:15 - 00000000 ____D C:\Program Files (x86)\Microsoft WSE 2013-05-18 12:32 - 2013-05-18 12:32 - 00000658 ____A C:\Users\Neunzerling\Desktop\Anno 2070.lnk 2013-05-18 12:32 - 2013-05-18 12:32 - 00000000 ____D C:\Users\Neunzerling\AppData\Roaming\Ubisoft 2013-05-18 12:17 - 2013-01-29 19:57 - 00000000 ____D C:\Program Files (x86)\Ubisoft 2013-05-17 19:34 - 2013-05-17 19:29 - 00076888 ____A C:\Windows\SysWOW64\PnkBstrA.exe 2013-05-17 19:20 - 2013-05-17 19:20 - 00886409 ____A C:\Users\Neunzerling\Downloads\pbsetup.zip 2013-05-16 21:37 - 2013-05-16 21:37 - 03820336 ____A C:\Users\Neunzerling\Downloads\battlelog-web-plugins_2.1.3_109.exe 2013-05-16 20:08 - 2013-01-25 20:05 - 00000000 ____D C:\ProgramData\Adobe 2013-05-16 20:06 - 2009-07-14 06:45 - 00294168 ____A C:\Windows\System32\FNTCACHE.DAT 2013-05-16 16:35 - 2013-05-16 16:35 - 00000000 ____D C:\Users\Neunzerling\AppData\Local\Adobe 2013-05-16 16:35 - 2013-01-30 16:58 - 00000000 ____D C:\Users\Neunzerling\AppData\Roaming\Adobe 2013-05-16 15:48 - 2013-01-25 20:48 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-05-13 15:13 - 2013-05-13 15:13 - 00092776 ____A (Spotify Ltd) C:\Users\Neunzerling\Downloads\SpotifySetup.exe 2013-05-13 15:11 - 2013-05-13 15:11 - 00001797 ____A C:\Users\Neunzerling\Desktop\Spotify.lnk 2013-05-13 15:09 - 2013-05-13 15:09 - 00092776 ____A (Spotify Ltd) C:\Users\Neunzerling\Downloads\SpotifySetup33.exe 2013-05-13 15:09 - 2013-05-13 15:09 - 00092776 ____A (Spotify Ltd) C:\Users\Neunzerling\Downloads\SpotifySetup33 (1).exe 2013-05-12 16:21 - 2013-01-29 20:35 - 00000000 ____D C:\Users\Neunzerling\Documents\My Games 2013-05-12 16:07 - 2013-05-12 16:04 - 23647099 ____A C:\Users\Neunzerling\Downloads\WestCoastNZIanRushton.themepack 2013-05-12 16:06 - 2013-05-12 16:04 - 15384369 ____A C:\Users\Neunzerling\Downloads\PanoramicDeserts.deskthemepack 2013-05-08 14:18 - 2013-05-08 14:18 - 00000202 ____A C:\Users\Neunzerling\Desktop\Teraria.url 2013-05-07 20:49 - 2013-05-07 20:49 - 00321645 ____A C:\Users\Neunzerling\Downloads\Flaggenmod.zip 2013-05-07 20:38 - 2013-05-07 20:36 - 09928241 ____A C:\Users\Neunzerling\Downloads\AustralianLandscapes IanJohnson.themepack 2013-05-07 20:37 - 2013-05-07 20:36 - 08337971 ____A C:\Users\Neunzerling\Downloads\AustralianShoresAntonGorlin.themepack 2013-05-07 19:31 - 2013-05-07 09:59 - 00000000 ____D C:\Program Files (x86)\Project64 1.6 2013-05-07 19:30 - 2013-05-07 16:43 - 00000000 ____D C:\Users\Neunzerling\Documents\PCSX2 2013-05-07 16:47 - 2013-05-07 16:46 - 12378733 ____A C:\Users\Neunzerling\Downloads\PCSX2 BIOS CJG.rar 2013-05-07 16:41 - 2013-01-25 16:30 - 00000000 ____D C:\Users\Neunzerling\AppData\Local\VirtualStore 2013-05-07 16:40 - 2013-05-07 16:40 - 08945660 ____A C:\Users\Neunzerling\Downloads\pcsx2-1.0.0-r5350-setup.exe 2013-05-07 16:40 - 2013-05-07 16:38 - 11403721 ____A C:\Users\Neunzerling\Downloads\san_francisco_rush_2049.zip 2013-05-07 10:02 - 2013-05-07 10:00 - 10122352 ____A C:\Users\Neunzerling\Downloads\mariokart64.zip 2013-05-07 09:57 - 2013-05-07 09:57 - 00613216 ____A (Download-Sponsor.de - Verdienen Sie mehr Geld mit Ihrer Software!) C:\Users\Neunzerling\Downloads\setup_Project64_1.6en.exe 2013-05-06 17:56 - 2013-05-05 12:27 - 00000000 ____D C:\Users\Neunzerling\AppData\Roaming\TS3Client 2013-05-05 13:52 - 2013-05-05 13:52 - 05515624 ____A C:\Users\Neunzerling\Downloads\raidcall_v7.2.0.exe 2013-05-05 13:52 - 2013-05-05 13:52 - 00001011 ____A C:\Users\UpdatusUser\Desktop\RaidCall.lnk 2013-05-05 13:52 - 2013-05-05 13:52 - 00001011 ____A C:\Users\Neunzerling\Desktop\Raidcall.lnk 2013-05-05 13:52 - 2013-05-05 13:52 - 00000000 ____D C:\Users\Neunzerling\AppData\Roaming\raidcall 2013-05-05 12:26 - 2013-05-05 12:26 - 00000967 ____A C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk 2013-05-05 12:26 - 2013-05-05 12:26 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client 2013-05-05 12:26 - 2013-05-05 12:23 - 34954912 ____A (TeamSpeak Systems GmbH) C:\Users\Neunzerling\Downloads\TeamSpeak3-Client-win64-3.0.10.1.exe 2013-05-04 17:03 - 2013-05-04 17:03 - 00097946 ____A C:\Users\Neunzerling\Downloads\TooManyItems2013_04_25_1.5.2.zip 2013-05-04 16:46 - 2013-05-04 16:45 - 11584038 ____A C:\Users\Neunzerling\Downloads\Sphax PureBDcraft 64x MC15.zip 2013-05-04 16:44 - 2013-05-04 16:43 - 00376304 ____A C:\Users\Neunzerling\Downloads\OptiFine_1.5.2_HD_U_D2.zip 2013-05-03 20:20 - 2013-05-03 20:20 - 00004107 ____A C:\Windows\SysWOW64\jupdate-1.7.0_21-b11.log 2013-05-03 20:20 - 2013-03-31 18:28 - 00000000 ____D C:\Program Files (x86)\Java 2013-05-03 15:40 - 2013-01-26 13:19 - 00000000 ____D C:\Users\Neunzerling\AppData\Local\Windows Live 2013-05-03 15:27 - 2013-05-03 15:10 - 231404576 ____A (Ubisoft) C:\Users\Neunzerling\Downloads\FarCry3_mp_dlc.exe ZeroAccess: C:\Windows\Installer\{ac1db9bb-b2dc-73c1-293b-096c6512083d} C:\Windows\Installer\{ac1db9bb-b2dc-73c1-293b-096c6512083d}\@ C:\Windows\Installer\{ac1db9bb-b2dc-73c1-293b-096c6512083d}\L C:\Windows\Installer\{ac1db9bb-b2dc-73c1-293b-096c6512083d}\U C:\Windows\Installer\{ac1db9bb-b2dc-73c1-293b-096c6512083d}\L\00000004.@ C:\Windows\Installer\{ac1db9bb-b2dc-73c1-293b-096c6512083d}\L\76603ac3 C:\Windows\Installer\{ac1db9bb-b2dc-73c1-293b-096c6512083d}\U\00000004.@ C:\Windows\Installer\{ac1db9bb-b2dc-73c1-293b-096c6512083d}\U\00000008.@ C:\Windows\Installer\{ac1db9bb-b2dc-73c1-293b-096c6512083d}\U\000000cb.@ C:\Windows\Installer\{ac1db9bb-b2dc-73c1-293b-096c6512083d}\U\80000000.@ C:\Windows\Installer\{ac1db9bb-b2dc-73c1-293b-096c6512083d}\U\80000032.@ C:\Windows\Installer\{ac1db9bb-b2dc-73c1-293b-096c6512083d}\U\80000064.@ ZeroAccess: C:\Windows\assembly\GAC_32\Desktop.ini ZeroAccess: C:\Windows\assembly\GAC_64\Desktop.ini ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe [2009-07-14 01:19] - [2009-07-14 03:39] - 0329216 ____A () D41D8CD98F00B204E9800998ECF8427E C:\Windows\System32\services.exe IS INFECTED. <===== ATTENTION! C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender Last Boot: 2013-05-24 19:42 ==================== End Of Log ============================ Welche ist denn die FRST.txt? |
02.06.2013, 18:18 | #4 |
/// the machine /// TB-Ausbilder | W32/patched.uc Der alte Thread wurde schon wegen Cracks geschlossen, ergo aber nette Verseuchung. Formatier und fertig.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Themen zu W32/patched.uc |
problem, virus, w32/patched.uc |