| |
| |||||||
Log-Analyse und Auswertung: E-Mail Account versendet Spam-MailsWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
09.08.2013, 18:47
| #1 |
| |  E-Mail Account versendet Spam-Mails Hallo liebes Forum, heute bekam ich die E-Mail von meinem Vater, das ich ihm Spam verschickt hätte und das schon das 2. Mal. Ich konnte in meinem Gesendet Postfach leider nichts davon vorfinden und bin auch absoluter Anfänger in Sache Viren, Rootkits etc. Was mir ebenfalls aufgefallen ist, ist das mein Google Chrome Browser seltsamerweise des öfteren ein leeres Graues Fenster öffnet das in der Mitte der Seite erscheint. Mit einem Adblocker kann ich diese Löschen aber ein verhindern ist nicht möglich. Ich habe nun einige Programm laufen lassen und poste euch nun die Logfiles. Hoffe mir kann jemand helfen! PS: Da ich Anfänger bin, bitte melden falls etwas fehlt! Danke Mfg Kai Addition Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version 08-08-2013 02 Ran by Kai at 2013-08-09 143155 Running from CUsersKaiDownloads Boot Mode Normal ========================================================== ==================== Installed Programs ======================= Acrobat.com (x32 Version 0.0.0) Acrobat.com (x32 Version 1.1.377) Adblock IE 2.3 (Version 2.3.1756) Adobe AIR (x32 Version 1.0.4990) Adobe AIR (x32 Version 1.0.8.4990) Adobe Creative Cloud (x32 Version 2.0.2.189) Adobe Flash Player 11 ActiveX (x32 Version 11.8.800.94) Adobe Flash Player 11 Plugin (x32 Version 11.7.700.224) Adobe Photoshop CC (x32 Version 14.0) Adobe Reader XI (11.0.03) - Deutsch (x32 Version 11.0.03) Alien Swarm (x32) AMD OverDrive (x32 Version 4.2.6.0638) AMD USB Filter Driver (x32 Version 1.0.14.91) Apple Application Support (x32 Version 2.3.4) Apple Mobile Device Support (Version 6.1.0.13) Apple Software Update (x32 Version 2.1.3.127) Asmedia ASM104x USB 3.0 Host Controller Driver (x32 Version 1.10.1.0) ASRock eXtreme Tuner v0.1.91 (x32) ASRock InstantBoot v1.28 (x32) ATI Catalyst Install Manager (Version 3.0.762.0) Avira Free Antivirus (x32 Version 13.0.0.3885) Bonjour (Version 3.0.0.10) Call of Duty Black Ops II - Multiplayer (x32) Call of Duty Black Ops II - Zombies (x32) Call of Duty Modern Warfare 3 - Multiplayer (x32) Call of Duty Modern Warfare 3 (x32) CameraHelperMsi (x32 Version 13.51.815.0) Counter-Strike Global Offensive (x32) Counter-Strike Source (x32) DAEMON Tools Lite (x32 Version 4.47.1.0333) Diablo III (x32 Version 1.0.8.16603) erLT (x32 Version 1.20.138.34) EVEREST Ultimate Edition v5.50 (x32 Version 5.50) Free YouTube Download version 3.2.5.628 (x32 Version 3.2.5.628) GameTracker Lite (x32) Google Chrome (x32 Version 28.0.1500.95) Google Chrome Frame (x32 Version 65.107.16500) Google Update Helper (x32 Version 1.3.21.153) Grand Theft Auto IV (x32) HTC Driver Installer (x32 Version 4.2.0.001) HTC Sync Manager (x32 Version 2.0.61.0) IPTInstaller (x32 Version 4.0.8) iTunes (Version 11.0.4.4) Java 7 Update 21 (64-bit) (Version 7.0.210) Java 7 Update 25 (x32 Version 7.0.250) Java Auto Updater (x32 Version 2.1.9.5) JDownloader 0.9 (x32 Version 0.9) League of Legends (x32 Version 1.3) LogicCircuit (x32 Version 1.9.0915) Logitech Gaming Software (Version 8.45.88) Logitech Gaming Software 8.46 (Version 8.46.27) Logitech Webcam-Software (x32 Version 2.51) LWS Facebook (x32 Version 13.50.854.0) LWS Gallery (x32 Version 13.51.827.0) LWS Help_main (x32 Version 13.51.828.0) LWS Launcher (x32 Version 13.51.828.0) LWS Motion Detection (x32 Version 13.51.815.0) LWS Pictures And Video (x32 Version 13.51.815.0) LWS Twitter (x32 Version 13.30.1346.0) LWS Webcam Software (x32 Version 13.51.815.0) LWS WLM Plugin (x32 Version 1.30.1201.0) LWS YouTube Plugin (x32 Version 13.31.1038.0) Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version 1.75.0.1300) Microsoft .NET Framework 4 Client Profile (Version 4.0.30319) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version 4.0.30319) Microsoft .NET Framework 4 Extended (Version 4.0.30319) Microsoft .NET Framework 4 Extended DEU Language Pack (Version 4.0.30319) Microsoft Application Error Reporting (Version 12.0.6015.5000) Microsoft Games for Windows - LIVE Redistributable (x32 Version 3.5.92.0) Microsoft Games for Windows Marketplace (x32 Version 3.5.50.0) Microsoft Silverlight (Version 5.1.20513.0) Microsoft Visual C++ 2005 Redistributable (x32 Version 8.0.56336) Microsoft Visual C++ 2005 Redistributable (x32 Version 8.0.59193) Microsoft Visual C++ 2005 Redistributable (x32 Version 8.0.61001) Microsoft Visual C++ 2005 Redistributable (x64) (Version 8.0.61000) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version 9.0.30729.6161) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version 10.0.40219) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version 10.0.40219) Microsoft_VC80_CRT_x86 (x32 Version 8.0.50727.4053) Microsoft_VC90_CRT_x86 (x32 Version 1.00.0000) MSXML 4.0 SP2 (KB954430) (x32 Version 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (x32 Version 4.20.9876.0) Nero 12 (x32 Version 12.5.01900) Nero Audio Pack 1 (x32 Version 11.0.11500.110.0) Nero BackItUp (x32 Version 12.5.1000) Nero BackItUp Help (CHM) (x32 Version 12.0.13000) Nero Blu-ray Player (x32 Version 12.0.20014) Nero Blu-ray Player Help (CHM) (x32 Version 12.0.9000) Nero Burning ROM (x32 Version 12.5.5001) Nero Burning ROM Help (CHM) (x32 Version 12.0.3000) Nero ControlCenter (x32 Version 11.0.15600) Nero ControlCenter Help (CHM) (x32 Version 12.0.12000) Nero Core Components (x32 Version 11.0.20200) Nero Disc Menus Basic (x32 Version 12.0.11500) Nero Effects Basic (x32 Version 12.0.11500) Nero Express (x32 Version 12.5.5002) Nero Express Help (CHM) (x32 Version 12.0.13000) Nero Kwik Media (x32 Version 1.18.20100) Nero Kwik Media Help (CHM) (x32 Version 12.0.12000) Nero Kwik Themes Basic (x32 Version 12.0.11500) Nero PiP Effects Basic (x32 Version 12.0.11500) Nero Recode (x32 Version 12.5.6000) Nero Recode Help (CHM) (x32 Version 12.0.12000) Nero RescueAgent (x32 Version 12.0.10002) Nero RescueAgent Help (CHM) (x32 Version 12.0.7000) Nero SharedVideoCodecs (x32 Version 1.0.12100.2.0) Nero Update (x32 Version 11.0.11800.31.0) Nero Video (x32 Version 12.5.2001) Nero Video Help (CHM) (x32 Version 12.0.12000) neroxml (x32 Version 1.0.0) NVIDIA 3D Vision Controller-Treiber 320.49 (Version 320.49) NVIDIA 3D Vision Treiber 320.49 (Version 320.49) NVIDIA GeForce Experience 1.6 (Version 1.6) NVIDIA Grafiktreiber 320.49 (Version 320.49) NVIDIA HD-Audiotreiber 1.3.24.2 (Version 1.3.24.2) NVIDIA Install Application (Version 2.1002.131.854) NVIDIA PhysX (x32 Version 9.13.0604) NVIDIA PhysX-Systemsoftware 9.13.0604 (Version 9.13.0604) NVIDIA Stereoscopic 3D Driver (x32 Version 7.17.13.2049) NVIDIA Systemsteuerung 320.49 (Version 320.49) NVIDIA Update 7.2.17 (Version 7.2.17) NVIDIA Update Components (Version 7.2.17) NVIDIA Virtual Audio 1.2.1 (Version 1.2.1) ock App Charger v1.0.5 OpenOffice.org 3.4.1 (x32 Version 3.41.9593) Origin (x32 Version 9.1.15.109) Pando Media Booster (x32 Version 2.6.0.9) PDF Settings CC (x32 Version 12.0) PiccShare (HKCU Version 2.0) Prerequisite installer (x32 Version 12.0.0003) Rage (x32) Realtek Ethernet Controller Driver (x32 Version 7.44.421.2011) Realtek High Definition Audio Driver (x32 Version 6.0.1.6378) SHIELD Streaming (Version 1.05.19) Skype™ 6.6 (x32 Version 6.6.106) Spybot - Search & Destroy (x32 Version 2.1.21) StarCraft II (x32 Version 2.0.8.25604) Steam (x32 Version 1.0.0.0) Team Fortress 2 (x32) TeamSpeak 3 Client (Version 3.0.10) THX TruStudio (x32 Version 1.00.01) TrueCrypt (x32 Version 7.1a) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version 1) Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version 1) Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version 1) Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version 1) Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version 1) VLC media player 2.0.7 (Version 2.0.7) Welcome App (Start-up experience) (x32 Version 12.0.15000) Winamp (x32 Version 5.7 Beta) Winamp Erkennungs-Plug-in (HKCU Version 1.0.0.1) Windows Live ID Sign-in Assistant (Version 6.500.3165.0) Windows Mobile Device Updater Component (Version 04.08.2345.00) WinRAR 4.20 (64-Bit) (Version 4.20.0) XFastUsb (x32) Zune (Version 04.08.2345.00) Zune Language Pack (CHS) (Version 04.08.2345.00) Zune Language Pack (CHT) (Version 04.08.2345.00) Zune Language Pack (CSY) (Version 04.08.2345.00) Zune Language Pack (DAN) (Version 04.08.2345.00) Zune Language Pack (DEU) (Version 04.08.2345.00) Zune Language Pack (ELL) (Version 04.08.2345.00) Zune Language Pack (ESP) (Version 04.08.2345.00) Zune Language Pack (FIN) (Version 04.08.2345.00) Zune Language Pack (FRA) (Version 04.08.2345.00) Zune Language Pack (HUN) (Version 04.08.2345.00) Zune Language Pack (IND) (Version 04.08.2345.00) Zune Language Pack (ITA) (Version 04.08.2345.00) Zune Language Pack (JPN) (Version 04.08.2345.00) Zune Language Pack (KOR) (Version 04.08.2345.00) Zune Language Pack (MSL) (Version 04.08.2345.00) Zune Language Pack (NLD) (Version 04.08.2345.00) Zune Language Pack (NOR) (Version 04.08.2345.00) Zune Language Pack (PLK) (Version 04.08.2345.00) Zune Language Pack (PTB) (Version 04.08.2345.00) Zune Language Pack (PTG) (Version 04.08.2345.00) Zune Language Pack (RUS) (Version 04.08.2345.00) Zune Language Pack (SVE) (Version 04.08.2345.00) ==================== Restore Points ========================= 26-07-2013 094453 Installed Nero 12. 27-07-2013 181254 Windows Update 08-08-2013 152603 Geplanter Prüfpunkt ==================== Hosts content ========================== 2009-07-14 0434 - 2009-06-10 2300 - 00000824 ____A CWindowssystem32Driversetchosts ==================== Scheduled Tasks (whitelisted) ============= Task {200F5894-D473-4BDC-856A-2C5C2624E4A9} - System32TasksMicrosoftWindowsMUILpksetup = CWindowsSystem32lpksetup.exe [2010-11-21] (Microsoft Corporation) Task {7100F970-2B8B-420E-A8E9-CC51E0F1CC72} - System32TasksSafer-NetworkingSpybot - Search and DestroyScan the system = CProgram Files (x86)Spybot - Search & Destroy 2SDScan.exe No File Task {97B0F082-8488-4A72-BE78-29976E302B55} - System32TasksGoogleUpdateTaskMachineCore = CProgram Files (x86)GoogleUpdateGoogleUpdate.exe [2013-05-22] (Google Inc.) Task {BDA58606-C7E3-435C-BB58-5C839D96A28B} - System32TasksAdobeAAMUpdater-1.0-Kai-PC-Kai = CProgram Files (x86)Common FilesAdobeOOBEPDAppUWAUpdaterStartupUtility.exe [2013-06-03] (Adobe Systems Incorporated) Task {CCA2B57E-C49C-43D4-9F2F-FCD59FC1E610} - System32TasksGoogleUpdateTaskMachineUA = CProgram Files (x86)GoogleUpdateGoogleUpdate.exe [2013-05-22] (Google Inc.) Task {CDC6AC0C-F17F-44BD-B5E7-7997B1164873} - System32TasksSafer-NetworkingSpybot - Search and DestroyRefresh immunization = CProgram Files (x86)Spybot - Search & Destroy 2SDImmunize.exe No File Task {D005F59E-BE0F-4695-A732-2137537FD408} - System32TasksAdobe Flash Player Updater = CWindowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe [2013-07-11] (Adobe Systems Incorporated) Task {D5B0A1A7-529E-4460-9133-5DE821ECBAD1} - System32TasksSafer-NetworkingSpybot - Search and DestroyCheck for updates = CProgram Files (x86)Spybot - Search & Destroy 2SDUpdate.exe No File Task {EE7F45A1-12EC-47FA-ACD9-9C87A6A3FAD7} - System32TasksAppleAppleSoftwareUpdate = CProgram Files (x86)Apple Software UpdateSoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task CWindowsTasksAdobe Flash Player Updater.job = CWindowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe Task CWindowsTasksGoogleUpdateTaskMachineCore.job = CProgram Files (x86)GoogleUpdateGoogleUpdate.exe Task CWindowsTasksGoogleUpdateTaskMachineUA.job = CProgram Files (x86)GoogleUpdateGoogleUpdate.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors ========================= Application errors ================== Error (08092013 014056 PM) (Source WinMgmt) (User ) Description .rootCIMV2SELECT FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA Win32_Processor AND TargetInstance.LoadPercentage 990x80041003 Error (08092013 014022 PM) (Source NvStreamSvc) (User ) Description NvStreamSvcUnregistering VAD endpoint [0] Error (08092013 014020 PM) (Source NvStreamSvc) (User ) Description NvStreamSvcNvVAD endpoint registered successfully [0] Error (08082013 021633 PM) (Source SideBySide) (User ) Description Fehler beim Generieren des Aktivierungskontextes für assemblyIdentity1. Fehler in Manifest- oder Richtliniendatei assemblyIdentity2 in Zeile assemblyIdentity3. Der Wert MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR des version-Attributs im assemblyIdentity-Element ist ungültig. Error (08082013 113158 AM) (Source WinMgmt) (User ) Description .rootCIMV2SELECT FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA Win32_Processor AND TargetInstance.LoadPercentage 990x80041003 Error (08082013 113133 AM) (Source NvStreamSvc) (User ) Description NvStreamSvcUnregistering VAD endpoint [0] Error (08082013 113129 AM) (Source NvStreamSvc) (User ) Description NvStreamSvcNvVAD endpoint registered successfully [0] Error (08072013 073620 PM) (Source Application Error) (User ) Description Name der fehlerhaften Anwendung daemonu.exe, Version 7.2.17.0, Zeitstempel 0x51f38419 Name des fehlerhaften Moduls ntdll.dll, Version 6.1.7601.17725, Zeitstempel 0x4ec49b8f Ausnahmecode 0xc0000374 Fehleroffset 0x000ce6c3 ID des fehlerhaften Prozesses 0x878 Startzeit der fehlerhaften Anwendung 0xdaemonu.exe0 Pfad der fehlerhaften Anwendung daemonu.exe1 Pfad des fehlerhaften Moduls daemonu.exe2 Berichtskennung daemonu.exe3 Error (08072013 010911 PM) (Source Bonjour Service) (User ) Description Task Scheduling Error m-NextScheduledSPRetry 5008 Error (08072013 010911 PM) (Source Bonjour Service) (User ) Description Task Scheduling Error m-NextScheduledEvent 5008 System errors ============= Error (08092013 014051 PM) (Source Service Control Manager) (User ) Description Der Dienst Spybot-S&D 2 Scanner Service wurde aufgrund folgenden Fehlers nicht gestartet %%1053 Error (08092013 014051 PM) (Source Service Control Manager) (User ) Description Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Scanner Service erreicht. Error (08072013 113715 PM) (Source DCOM) (User ) Description {F9717507-6651-4EDB-BFF7-AE615179BCCF} Error (08072013 073621 PM) (Source Service Control Manager) (User ) Description Dienst NVIDIA Update Service Daemon wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error (08072013 103817 AM) (Source Service Control Manager) (User ) Description Der Dienst Spybot-S&D 2 Scanner Service wurde aufgrund folgenden Fehlers nicht gestartet %%1053 Error (08072013 103817 AM) (Source Service Control Manager) (User ) Description Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Scanner Service erreicht. Error (08062013 043153 PM) (Source DCOM) (User ) Description {F9717507-6651-4EDB-BFF7-AE615179BCCF} Error (08042013 071936 PM) (Source Service Control Manager) (User ) Description Der Dienst Steam Client Service wurde aufgrund folgenden Fehlers nicht gestartet %%1053 Error (08042013 071936 PM) (Source Service Control Manager) (User ) Description Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht. Error (07252013 090152 PM) (Source Disk) (User ) Description Der Treiber hat einen Controllerfehler auf DeviceHarddisk2DR4 gefunden. Microsoft Office Sessions ========================= Error (08092013 014056 PM) (Source WinMgmt)(User ) Description .rootCIMV2SELECT FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA Win32_Processor AND TargetInstance.LoadPercentage 990x80041003 Error (08092013 014022 PM) (Source NvStreamSvc)(User ) Description NvStreamSvcUnregistering VAD endpoint [0] Error (08092013 014020 PM) (Source NvStreamSvc)(User ) Description NvStreamSvcNvVAD endpoint registered successfully [0] Error (08082013 021633 PM) (Source SideBySide)(User ) Description assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORCProgram Files (x86)Common FilesAdobe AIRVersions1.0Adobe AIR.dllCProgram Files (x86)Common FilesAdobe AIRVersions1.0Adobe AIR.dll3 Error (08082013 113158 AM) (Source WinMgmt)(User ) Description .rootCIMV2SELECT FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA Win32_Processor AND TargetInstance.LoadPercentage 990x80041003 Error (08082013 113133 AM) (Source NvStreamSvc)(User ) Description NvStreamSvcUnregistering VAD endpoint [0] Error (08082013 113129 AM) (Source NvStreamSvc)(User ) Description NvStreamSvcNvVAD endpoint registered successfully [0] Error (08072013 073620 PM) (Source Application Error)(User ) Description daemonu.exe7.2.17.051f38419ntdll.dll6.1.7601.177254ec49b8fc0000374000ce6c387801ce934af664c95bCProgram Files (x86)NVIDIA CorporationNVIDIA Update Coredaemonu.exeCWindowsSysWOW64ntdll.dllde68f364-ff87-11e2-a9ee-bc5ff477dfe1 Error (08072013 010911 PM) (Source Bonjour Service)(User ) Description Task Scheduling Error m-NextScheduledSPRetry 5008 Error (08072013 010911 PM) (Source Bonjour Service)(User ) Description Task Scheduling Error m-NextScheduledEvent 5008 CodeIntegrity Errors =================================== Date 2013-05-22 141057.571 Description Windows konnte die Abbildintegrität der Datei DeviceHarddiskVolume2UsersKaiAppDataLocalTempEverestDriver.sys nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date 2013-05-22 141057.563 Description Windows konnte die Abbildintegrität der Datei DeviceHarddiskVolume2UsersKaiAppDataLocalTempEverestDriver.sys nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date 2013-05-22 141057.162 Description Windows konnte die Abbildintegrität der Datei DeviceHarddiskVolume2Program Files (x86)LavalysEVEREST Home Editionkerneld.amd64 nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date 2013-05-22 141057.157 Description Windows konnte die Abbildintegrität der Datei DeviceHarddiskVolume2Program Files (x86)LavalysEVEREST Home Editionkerneld.amd64 nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. ==================== Memory info =========================== Percentage of memory in use 36% Total physical RAM 8149.69 MB Available physical RAM 5163.69 MB Total Pagefile 16297.57 MB Available Pagefile 12509.56 MB Total Virtual 8192 MB Available Virtual 8191.82 MB ==================== Drives ================================ Drive c () (Fixed) (Total390.62 GB) (Free190.81 GB) NTFS (Disk=1 Partition=2) ==[Drive with boot components (obtained from BCD)] Drive d () (Fixed) (Total540.89 GB) (Free262.91 GB) NTFS (Disk=1 Partition=1) Drive f (Datenträger) (Fixed) (Total443.13 GB) (Free443 GB) NTFS (Disk=0 Partition=1) Drive h (Datenträger) (Fixed) (Total488.28 GB) (Free488.14 GB) NTFS (Disk=0 Partition=2) Drive j (Expansion Drive) (Fixed) (Total1863.01 GB) (Free1184.22 GB) NTFS (Disk=2 Partition=1) ==================== MBR & Partition Table ================== ======================================================== Disk 0 (MBR Code Windows 7 or 8) (Size 932 GB) (Disk ID 132CEDD9) Partition 1 (Active) - (Size=443 GB) - (Type=07 NTFS) Partition 2 (Not Active) - (Size=488 GB) - (Type=07 NTFS) ======================================================== Disk 1 (MBR Code Windows 7 or 8) (Size 932 GB) (Disk ID 7BAFA82D) Partition 1 (Not Active) - (Size=541 GB) - (Type=07 NTFS) Partition 2 (Active) - (Size=391 GB) - (Type=07 NTFS) ======================================================== Disk 2 (Size 1863 GB) (Disk ID 06215959) Partition 1 (Not Active) - (Size=-198626966528) - (Type=07 NTFS) ==================== End Of Log ============================ FRST Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version 08-08-2013 02
Ran by Kai (administrator) on 09-08-2013 143011
Running from CUsersKaiDownloads
Windows 7 Professional Service Pack 1 (X64) OS Language German Standard
Internet Explorer Version 10
Boot Mode Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) CWindowssystem32nvvsvc.exe
(NVIDIA Corporation) CProgram Files (x86)NVIDIA Corporation3D VisionnvSCPAPISvr.exe
(Avira Operations GmbH & Co. KG) CProgram Files (x86)AviraAntiVir Desktopsched.exe
(NVIDIA Corporation) CProgram FilesNVIDIA CorporationDisplaynvxdsync.exe
(NVIDIA Corporation) CWindowssystem32nvvsvc.exe
(Avira Operations GmbH & Co. KG) CProgram Files (x86)AviraAntiVir Desktopavguard.exe
(Apple Inc.) CProgram Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe
(Apple Inc.) CProgram FilesBonjourmDNSResponder.exe
(ClanServers Hosting LLC) CProgram Files (x86)GameTrackerGSInGameService.exe
(Nero AG) CProgram Files (x86)HTCHTC Sync ManagerHSMServiceEntry.exe
(Malwarebytes Corporation) CProgram Files (x86)Malwarebytes' Anti-Malwarembamscheduler.exe
(Malwarebytes Corporation) CProgram Files (x86)Malwarebytes' Anti-Malwarembamservice.exe
(NVIDIA Corporation) CProgram FilesNVIDIA CorporationNvStreamSrvnvstreamsvc.exe
(NVIDIA Corporation) CProgram Files (x86)NVIDIA CorporationNVIDIA Update Coredaemonu.exe
() CProgram Files (x86)HTCInternet Pass-ThroughPassThruSvr.exe
(Malwarebytes Corporation) CProgram Files (x86)Malwarebytes' Anti-Malwarembamgui.exe
(NVIDIA Corporation) CProgram Files (x86)NVIDIA CorporationNVIDIA Update CoreComUpdatus.exe
(Avira Operations GmbH & Co. KG) CProgram Files (x86)AviraAntiVir Desktopavshadow.exe
(Realtek Semiconductor) CProgram FilesRealtekAudioHDARAVCpl64.exe
(NVIDIA Corporation) CProgram Files (x86)NVIDIA CorporationNVIDIA Update CoreNvTmru.exe
(NVIDIA Corporation) CProgram FilesNVIDIA CorporationNvStreamSrvnvstreamsvc.exe
(Google Inc.) CProgram Files (x86)GoogleUpdate1.3.21.153GoogleCrashHandler.exe
(Google Inc.) CProgram Files (x86)GoogleUpdate1.3.21.153GoogleCrashHandler64.exe
() CProgram Files (x86)HTCHTC Sync ManagerHTC Syncadb.exe
(NVIDIA Corporation) CProgram FilesNVIDIA CorporationDisplaynvtray.exe
(Microsoft Corporation) CProgram FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE
(Safer-Networking Ltd.) CProgram Files (x86)Spybot - Search & Destroy 2SDUpdSvc.exe
(Microsoft Corporation) CProgram FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe
(Safer-Networking Ltd.) CProgram Files (x86)Spybot - Search & Destroy 2SDWSCSvc.exe
(Safer-Networking Ltd.) CProgram Files (x86)Spybot - Search & Destroy 2SDFSSvc.exe
(Logitech Inc.) CProgram FilesLogitech Gaming SoftwareLCore.exe
(ClanServers Hosting LLC) CProgram Files (x86)GameTrackerGTLite.exe
(Avira Operations GmbH & Co. KG) CProgram Files (x86)AviraAntiVir Desktopavgnt.exe
(Oracle Corporation) CProgram Files (x86)Common FilesJavaJava Updatejusched.exe
(Logitech Inc.) CProgram Files (x86)LogitechLWSWebcam SoftwareLWS.exe
() CProgram Files (x86)LogitechLWSWebcam SoftwareCameraHelperShell.exe
(Safer-Networking Ltd.) CProgram Files (x86)Spybot - Search & Destroy 2SDTray.exe
(Logitech Inc.) CProgram FilesLogitech Gaming SoftwareAppletsLCDRSS.exe
(Logitech Inc.) CProgram FilesLogitech Gaming SoftwareAppletsLCDClock.exe
(Logitech Inc.) CProgram FilesLogitech Gaming SoftwareAppletsLCDPop3.exe
(Logitech Inc.) CProgram FilesLogitech Gaming SoftwareAppletsLCDCountdown.exe
(Logitech Inc.) CProgram FilesLogitech Gaming SoftwareAppletsLCDMedia.exe
(Nero AG) CProgram Files (x86)NeroUpdateNASvc.exe
(Adobe Systems Incorporated) CProgram Files (x86)Common FilesAdobeOOBEPDAppUWAAAM Updates Notifier.exe
(Valve Corporation) CProgram Files (x86)SteamSteam.exe
(Google Inc.) CProgram Files (x86)GoogleChromeApplicationchrome.exe
(Google Inc.) CProgram Files (x86)GoogleChromeApplicationchrome.exe
(Valve Corporation) CProgram Files (x86)Common FilesSteamSteamService.exe
(Google Inc.) CProgram Files (x86)GoogleChromeApplicationchrome.exe
(Google Inc.) CProgram Files (x86)GoogleChromeApplicationchrome.exe
(Google Inc.) CProgram Files (x86)GoogleChromeApplicationchrome.exe
(Avira Operations GmbH & Co. KG) Cprogram files (x86)aviraantivir desktopavscan.exe
(Malwarebytes Corporation) CProgram Files (x86)Malwarebytes' Anti-Malwarembam.exe
() CUsersKaiDesktopDefogger.exe
==================== Registry (Whitelisted) ==================
HKLM...Run [RTHDVCPL] - CProgram FilesRealtekAudioHDARAVCpl64.exe [11855976 2011-05-18] (Realtek Semiconductor)
HKLM...Run [Nvtmru] - CProgram Files (x86)NVIDIA CorporationNVIDIA Update Corenvtmru.exe [1028896 2013-07-27] (NVIDIA Corporation)
HKLM...Run [Launch LCore] - CProgram FilesLogitech Gaming SoftwareLCore.exe [7477016 2013-04-25] (Logitech Inc.)
HKCU...Run [ASRockXTU] - [x]
HKCU...Run [zASRockInstantBoot] - [x]
HKCU...Run [GameTracker] - CProgram Files (x86)GameTrackerGTLite.exe [4019992 2013-03-08] (ClanServers Hosting LLC)
MountPoints2 {48aa80dc-f786-11e2-ba6b-bc5ff477dfe1} - GHTC_Sync_Manager_PC.exe
MountPoints2 {5b535c8d-c2b3-11e2-8920-bc5ff477dfe1} - ILaunchU3.exe -a
MountPoints2 {9e576e33-f842-11e2-9f93-bc5ff477dfe1} - GHTC_Sync_Manager_PC.exe
HKLM-x32...Run [avgnt] - CProgram Files (x86)AviraAntiVir Desktopavgnt.exe [345144 2013-06-27] (Avira Operations GmbH & Co. KG)
HKLM-x32...Run [SunJavaUpdateSched] - CProgram Files (x86)Common FilesJavaJava Updatejusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32...Run [APSDaemon] - CProgram Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32...Run [LWS] - CProgram Files (x86)LogitechLWSWebcam SoftwareLWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM-x32...Run [SDTray] - CProgram Files (x86)Spybot - Search & Destroy 2SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
AppInit_DLLs CPROGRA~1NVIDIA~1NVSTRE~1rxinput.dll [653600 2013-07-27] (NVIDIA Corporation)
AppInit_DLLs-x32 CPROGRA~2NVIDIA~1NVSTRE~1rxinput.dll [593696 2013-07-27] (NVIDIA Corporation)
BootExecute autocheck autochk sdnclean64.exe
==================== Internet (Whitelisted) ====================
HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = httpwww.dell.com
SearchScopes HKLM - DefaultScope value is missing.
SearchScopes HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = httpde.search.yahoo.comsearchp={searchTerms}&fr=chr-devicevm&type=ASRK
BHO Adblock IE - {667BEE43-20BD-4CE3-94AC-E63E04D4B191} - CProgram FilesMGTEKAdblock IEadblockie.dll (MGTEK)
BHO Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - CProgram FilesJavajre7binssv.dll (Oracle Corporation)
BHO Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - CProgram FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll (Microsoft Corporation)
BHO Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - CProgram FilesJavajre7binjp2ssv.dll (Oracle Corporation)
BHO-x32 PiccShare BHO - {553318DA-D010-469E-84B1-496563CAE1C0} - CUsersKaiAppDataLocalext_piccshareext_piccshare.dll (HTTO Group, Ltd)
BHO-x32 Adblock IE - {667BEE43-20BD-4CE3-94AC-E63E04D4B191} - CProgram Files (x86)MGTEKAdblock IEadblockie.dll (MGTEK)
BHO-x32 Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - CProgram Files (x86)Javajre7binssv.dll (Oracle Corporation)
BHO-x32 Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - CProgram Files (x86)Common FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32 Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - CProgram Files (x86)Javajre7binjp2ssv.dll (Oracle Corporation)
BHO-x32 ChromeFrame BHO - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - CProgram Files (x86)GoogleChrome FrameApplication28.0.1500.95npchrome_frame.dll (Google Inc.)
Toolbar HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Handler gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - No File
Handler-x32 gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - CProgram Files (x86)GoogleChrome FrameApplication28.0.1500.95npchrome_frame.dll (Google Inc.)
Handler-x32 skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - CPROGRA~2COMMON~1SkypeSKYPE4~1.DLL (Skype Technologies)
TcpipParameters [DhcpNameServer] 192.168.2.1
Chrome
=======
CHR HomePage hxxpwww.google.com
CHR DefaultSearchURL (Google) - {googlebaseURL}searchq={searchTerms}&{googleRLZ}{googleoriginalQueryForSuggestion}{googleassistedQueryStats}{googlesearchFieldtrialParameter}{googlesearchClient}{googlesourceId}{googleinstantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL (Google) - {googlebaseSuggestURL}search{googlesearchFieldtrialParameter}client=chrome&q={searchTerms}&{googlecursorPosition}{googlezeroPrefixUrl}sugkey={googlesuggestAPIKeyParameter}
CHR Plugin (Shockwave Flash) - CProgram Files (x86)GoogleChromeApplication28.0.1500.95PepperFlashpepflashplayer.dll ()
CHR Plugin (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin (Native Client) - CProgram Files (x86)GoogleChromeApplication28.0.1500.95ppGoogleNaClPluginChrome.dll ()
CHR Plugin (Chrome PDF Viewer) - CProgram Files (x86)GoogleChromeApplication28.0.1500.95pdf.dll ()
CHR Plugin (Adobe Acrobat) - CProgram Files (x86)AdobeReader 11.0ReaderBrowsernppdf32.dll (Adobe Systems Inc.)
CHR Plugin (Nero Kwik Media Helper) - CPROGRA~2COMMON~1NeroBROWSE~1NPBROW~1.DLL (Nero AG)
CHR Plugin (AdobeAAMDetect) - CProgram Files (x86)AdobeAdobe Creative CloudUtilsnpAdobeAAMDetect32.dll (Adobe Systems)
CHR Plugin (Google Update) - CProgram Files (x86)GoogleUpdate1.3.21.153npGoogleUpdate3.dll (Google Inc.)
CHR Plugin (Java(TM) Platform SE 7 U25) - CProgram Files (x86)Javajre7binplugin2npjp2.dll (Oracle Corporation)
CHR Plugin (Silverlight Plug-In) - CProgram Files (x86)Microsoft Silverlight5.1.20513.0npctrl.dll ( Microsoft Corporation)
CHR Plugin (NVIDIA 3D Vision) - CProgram Files (x86)NVIDIA Corporation3D Visionnpnv3dv.dll (NVIDIA Corporation)
CHR Plugin (NVIDIA 3D VISION) - CProgram Files (x86)NVIDIA Corporation3D Visionnpnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin (Pando Web Plugin) - CProgram Files (x86)Pando NetworksMedia BoosternpPandoWebPlugin.dll (Pando Networks)
CHR Plugin (iTunes Application Detector) - CProgram Files (x86)iTunesMozilla Pluginsnpitunes.dll ()
CHR Plugin (Shockwave Flash) - CWindowsSysWOW64MacromedFlashNPSWF32_11_7_700_224.dll ()
CHR Plugin (Java Deployment Toolkit 7.0.250.16) - CWindowsSysWOW64npDeployJava1.dll (Oracle Corporation)
CHR Extension (Google Docs) - CUsersKaiAppDataLocalGoogleChromeUser DataDefaultExtensionsaohghmighlieiainnegkcijnfilokake0.5_0
CHR Extension (Google Drive) - CUsersKaiAppDataLocalGoogleChromeUser DataDefaultExtensionsapdfllckaahabafndbhieahigkjlhalf6.3_0
CHR Extension (YouTube) - CUsersKaiAppDataLocalGoogleChromeUser DataDefaultExtensionsblpcfgokakmgnkcojhhkbfbldkacnbeo4.2.6_0
CHR Extension (Google Search) - CUsersKaiAppDataLocalGoogleChromeUser DataDefaultExtensionscoobgpohoikkiipiblmjeljniedjpjpf0.0.0.20_0
CHR Extension (PiccShare) - CUsersKaiAppDataLocalGoogleChromeUser DataDefaultExtensionsdocfnddcclkgokdfpnmngpiliiachclb2.0_0
CHR Extension (OfferMosquito) - CUsersKaiAppDataLocalGoogleChromeUser DataDefaultExtensionsgbmdkmlcnbapgegninelmjbfibaghdmk0.5_0
CHR Extension (Gmail) - CUsersKaiAppDataLocalGoogleChromeUser DataDefaultExtensionspjkljhegncpnkpknbcohdijeoejaedia7_0
CHR StartMenuInternet Google Chrome - CProgram Files (x86)GoogleChromeApplicationchrome.exe
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; CProgram Files (x86)AviraAntiVir Desktopsched.exe [84024 2013-06-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; CProgram Files (x86)AviraAntiVir Desktopavguard.exe [108088 2013-06-27] (Avira Operations GmbH & Co. KG)
S4 AODService; CProgram Files (x86)AMDOverDriveAODAssist.exe [137096 2013-02-06] ()
R2 HTCMonitorService; CProgram Files (x86)HTCHTC Sync ManagerHSMServiceEntry.exe [87368 2013-01-29] (Nero AG)
R2 MBAMScheduler; CProgram Files (x86)Malwarebytes' Anti-Malwarembamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; CProgram Files (x86)Malwarebytes' Anti-Malwarembamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 NvStreamSvc; CProgram FilesNVIDIA CorporationNvStreamSrvnvstreamsvc.exe [14984480 2013-07-27] (NVIDIA Corporation)
R2 PassThru Service; CProgram Files (x86)HTCInternet Pass-ThroughPassThruSvr.exe [167424 2012-12-07] ()
R2 SDScannerService; CProgram Files (x86)Spybot - Search & Destroy 2SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
R2 SDUpdateService; CProgram Files (x86)Spybot - Search & Destroy 2SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
R2 SDWSCService; CProgram Files (x86)Spybot - Search & Destroy 2SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
==================== Drivers (Whitelisted) ====================
R2 AODDriver4.2.0; CProgram Files (x86)AMDOverDriveamd64AODDriver2.sys [57952 2013-02-06] (Advanced Micro Devices)
R2 AODDriver4.2.0; CProgram Files (x86)AMDOverDriveamd64AODDriver2.sys [57952 2013-02-06] (Advanced Micro Devices)
R2 avgntflt; CWindowsSystem32DRIVERSavgntflt.sys [100712 2013-05-22] (Avira Operations GmbH & Co. KG)
R1 avipbb; CWindowsSystem32DRIVERSavipbb.sys [130016 2013-05-22] (Avira Operations GmbH & Co. KG)
R1 avkmgr; CWindowsSystem32DRIVERSavkmgr.sys [28600 2013-05-22] (Avira Operations GmbH & Co. KG)
S3 cleanhlp; CEEKRuncleanhlp64.sys [57032 2013-07-11] (Emsisoft GmbH)
S3 cleanhlp; CEEKRuncleanhlp64.sys [57032 2013-07-11] (Emsisoft GmbH)
R1 dtsoftbus01; CWindowsSystem32DRIVERSdtsoftbus01.sys [283200 2013-07-25] (DT Soft Ltd)
R3 FNETTBOH_305; CWindowsSystem32driversFNETTBOH_305.SYS [31808 2013-05-22] (FNet Co., Ltd.)
R1 FNETURPX; CWindowsSystem32driversFNETURPX.SYS [15936 2013-05-22] (FNet Co., Ltd.)
R3 MBAMProtector; CWindowssystem32driversmbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; CWindowssystem32driversmbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 nvvad_WaveExtensible; CWindowsSystem32driversnvvad64v.sys [39712 2013-05-14] (NVIDIA Corporation)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-08-09 1429 - 2013-08-09 1429 - 00000468 _____ CUsersKaiDesktopdefogger_disable.log
2013-08-09 1428 - 2013-08-09 1428 - 00000000 _____ CUsersKaidefogger_reenable
2013-08-09 1427 - 2013-08-09 1427 - 00377856 _____ CUsersKaiDownloadsgmer_2.1.19163.exe
2013-08-09 1426 - 2013-08-09 1427 - 01790169 _____ (Farbar) CUsersKaiDownloadsFRST64.exe
2013-08-09 1426 - 2013-08-09 1425 - 00050477 _____ CUsersKaiDesktopDefogger.exe
2013-08-09 1425 - 2013-08-09 1425 - 00050477 _____ CUsersKaiDownloadsDefogger.exe
2013-08-07 2049 - 2013-08-07 2050 - 1138838405 _____ CUsersKaiDownloadsElysium2.rar
2013-08-07 1850 - 2013-08-07 1905 - 1425489052 _____ CUsersKaiDownloadsCryENGINE_PC_v3_4_5_6666_freesdk.zip
2013-08-07 1041 - 2013-08-07 1041 - 00002259 _____ CUsersPublicDesktopGoogle Chrome.lnk
2013-08-07 1038 - 2013-08-07 1046 - 00000000 ____D CProgramDataSpybot - Search & Destroy
2013-08-07 1038 - 2013-08-07 1038 - 00000000 ____D CWindowsSystem32TasksSafer-Networking
2013-08-07 1037 - 2013-08-07 1037 - 00001383 _____ CUsersPublicDesktopSpybot-S&D Start Center.lnk
2013-08-07 1037 - 2013-08-07 1037 - 00000000 ____D CProgram Files (x86)Spybot - Search & Destroy 2
2013-08-07 1037 - 2009-01-25 1314 - 00017272 _____ (Safer Networking Limited) CWindowssystem32sdnclean64.exe
2013-08-04 2008 - 2013-08-09 1341 - 00000000 ____D CUsersKaiAppDataRoamingGameTracker
2013-08-04 2008 - 2013-08-04 2008 - 00001020 _____ CUsersKaiDesktopGameTracker Lite.lnk
2013-08-04 2008 - 2013-08-04 2008 - 00000000 ____D CUsersKaiAppDataRoamingMicrosoftWindowsStart MenuProgramsGameTracker Lite
2013-08-04 2008 - 2013-08-04 2008 - 00000000 ____D CProgram Files (x86)GameTracker
2013-08-04 1921 - 2013-08-04 1921 - 00000000 ____D CNvidiaLogging
2013-08-04 1919 - 2013-05-14 2128 - 00039712 _____ (NVIDIA Corporation) CWindowssystem32Driversnvvad64v.sys
2013-08-04 1919 - 2013-05-14 2127 - 00029984 _____ (NVIDIA Corporation) CWindowssystem32nvaudcap64v.dll
2013-08-04 1919 - 2013-05-14 2127 - 00028448 _____ (NVIDIA Corporation) CWindowsSysWOW64nvaudcap32v.dll
2013-07-29 1607 - 2013-08-09 1340 - 00000000 ____D CUsersKaiAppDataLocalHTC MediaHub
2013-07-29 1607 - 2013-07-29 1607 - 00002031 _____ CUsersPublicDesktopHTC Sync Manager.lnk
2013-07-29 1607 - 2013-07-29 1607 - 00000000 ____D CUsersKaiAppDataRoamingHTC Sync
2013-07-29 1603 - 2013-07-29 1603 - 00000005 _____ CWindowsSysWOW64lMMLDeleteUserData42107612FX.tmp
2013-07-29 1522 - 2013-07-29 1523 - 00000000 ____D CUsersKaiDesktopDavid Guetta - Nothing But The Beat
2013-07-28 2309 - 2013-07-28 2309 - 00003302 _____ CWindowsSystem32Tasks{E9E56819-4421-4B16-A380-71F0D5C648A5}
2013-07-28 2254 - 2013-07-28 2254 - 00000219 _____ CUsersKaiDesktopAlien Swarm.url
2013-07-28 2140 - 2013-07-28 2140 - 00000000 ____D CProgram FilesMicrosoft Silverlight
2013-07-28 2140 - 2013-07-28 2140 - 00000000 ____D CProgram Files (x86)Microsoft Silverlight
2013-07-28 2113 - 2013-07-28 2113 - 00000219 _____ CUsersKaiDesktopTeam Fortress 2.url
2013-07-28 1935 - 2013-07-28 1935 - 00000222 _____ CUsersKaiDesktopCall of Duty Black Ops II - Zombies.url
2013-07-28 1822 - 2013-07-29 1607 - 00000000 ____D CUsersKaiAppDataRoamingHTC
2013-07-28 1821 - 2013-07-28 1822 - 00000000 ____D CUsersKaiDocumentsHTC
2013-07-28 1821 - 2013-07-28 1821 - 00000000 ____D CProgramDataMotorola
2013-07-28 1820 - 2013-07-28 1820 - 00000000 ____D CProgram Files (x86)Spirent Communications
2013-07-28 1817 - 2013-07-29 1607 - 00000000 ____D CProgramDataHTC
2013-07-28 1817 - 2013-07-29 1607 - 00000000 ____D CProgram Files (x86)HTC
2013-07-28 1817 - 2009-11-02 1216 - 00033736 _____ (HTC, Corporation) CWindowssystem32DriversANDROIDUSB.sys
2013-07-28 1817 - 2009-06-09 1541 - 01122664 _____ (Microsoft Corporation) CWindowssystem32WdfCoInstaller01007.dll
2013-07-27 2013 - 2013-07-27 2013 - 00287600 _____ CWindowsmsxml4-KB954430-enu.LOG
2013-07-27 2013 - 2013-07-27 2013 - 00283814 _____ CWindowsmsxml4-KB973688-enu.LOG
2013-07-27 2013 - 2013-07-27 2013 - 00000000 ____D CProgram Files (x86)MSXML 4.0
2013-07-26 1922 - 2013-07-26 1922 - 00000000 ____D CUsersKaiAppDataLocalNero_AG
2013-07-26 1921 - 2013-07-26 1922 - 00000000 ____D CUsersKaiAppDataLocalNero
2013-07-26 1148 - 2013-07-26 1149 - 00000000 ____D CUsersKaiAppDataRoamingNero
2013-07-26 1147 - 2013-07-26 1147 - 00002797 _____ CUsersPublicDesktopNero Video 12.lnk
2013-07-26 1145 - 2013-07-26 1148 - 00000000 ____D CProgramDataNero
2013-07-26 1145 - 2013-07-26 1148 - 00000000 ____D CProgram Files (x86)Nero
2013-07-26 1127 - 2011-10-24 2126 - 00001524 _____ CUsersKaiDesktopBabyDevelop.lnk
2013-07-25 2129 - 2013-07-25 2130 - 00000000 ____D CProgram FilesTrueCrypt
2013-07-25 2129 - 2013-07-25 2129 - 00231376 _____ (TrueCrypt Foundation) CWindowssystem32Driverstruecrypt.sys
2013-07-25 2129 - 2013-07-25 2129 - 00000875 _____ CUsersPublicDesktopTrueCrypt.lnk
2013-07-25 2126 - 2013-07-25 2126 - 00000000 ____D CUsersKaiAppDataLocalLogicCircuit
2013-07-25 2125 - 2013-07-25 2125 - 00001506 _____ CUsersKaiDesktopLogicCircuit - Verknüpfung.lnk
2013-07-25 2124 - 2013-07-25 2124 - 00000000 ____D CUsersKaiAppDataRoamingMicrosoftWindowsStart MenuProgramsLogic Circuit
2013-07-25 2124 - 2013-07-25 2124 - 00000000 ____D CProgram Files (x86)LogicCircuit
2013-07-25 2112 - 2013-07-25 2112 - 00000000 ____D Copt
2013-07-25 1449 - 2013-07-25 1449 - 00002056 _____ CUsersPublicDesktopRage.lnk
2013-07-25 1432 - 2013-07-25 1432 - 00000000 ____D CProgram Files (x86)Bethesda Softworks
2013-07-25 1431 - 2013-07-25 1431 - 00001954 _____ CUsersPublicDesktopDAEMON Tools Lite.lnk
2013-07-25 1430 - 2013-07-25 1432 - 00000000 ____D CUsersKaiAppDataRoamingDAEMON Tools Lite
2013-07-25 1430 - 2013-07-25 1432 - 00000000 ____D CProgramDataDAEMON Tools Lite
2013-07-25 1430 - 2013-07-25 1430 - 00283200 _____ (DT Soft Ltd) CWindowssystem32Driversdtsoftbus01.sys
2013-07-25 1430 - 2013-07-25 1430 - 00000000 ____D CProgram Files (x86)DAEMON Tools Lite
2013-07-25 1414 - 2013-07-25 1414 - 00000871 _____ CUsersPublicDesktopVLC media player.lnk
2013-07-25 1156 - 2013-08-09 1340 - 00012214 _____ CWindowssetupact.log
2013-07-25 1156 - 2013-07-25 1156 - 00000000 _____ CWindowssetuperr.log
2013-07-25 0954 - 2013-07-25 0954 - 00000000 ____D CWindowspss
2013-07-24 1441 - 2013-07-24 1441 - 00000000 ____D CUsersKaiAppDataRoamingPDAppFlex
2013-07-24 1441 - 2013-07-24 1441 - 00000000 ____D CProgramDataregid.1986-12.com.adobe
2013-07-24 1323 - 2013-07-24 1323 - 00000000 ____D CProgram FilesAdobe
2013-07-24 1316 - 2013-07-24 1323 - 00000000 ____D CProgram FilesCommon FilesAdobe
2013-07-24 1254 - 2013-07-24 1254 - 00003494 _____ CWindowsSystem32TasksAdobeAAMUpdater-1.0-Kai-PC-Kai
2013-07-24 1253 - 2013-07-24 1253 - 00001074 _____ CUsersPublicDesktopAdobe Creative Cloud.lnk
2013-07-24 1221 - 2013-07-24 1221 - 00000546 _____ CUsersKaiDesktopEmsisoft Emergency Kit.lnk
2013-07-24 1221 - 2013-07-24 1221 - 00000000 ____D CEEK
2013-07-23 1711 - 2013-07-23 1711 - 00000219 _____ CUsersKaiDesktopCounter-Strike Global Offensive.url
2013-07-22 1927 - 2013-07-22 1940 - 00000000 ____D CUsersKaiAppDataRoamingTrueCrypt
2013-07-22 1908 - 2013-07-22 1907 - 00666633 _____ CUsersKaiDesktopAdwCleaner.exe
2013-07-22 1537 - 2013-07-22 1537 - 00001113 _____ CUsersPublicDesktopMalwarebytes Anti-Malware.lnk
2013-07-22 1537 - 2013-07-22 1537 - 00000000 ____D CUsersKaiAppDataRoamingMalwarebytes
2013-07-22 1537 - 2013-07-22 1537 - 00000000 ____D CProgramDataMalwarebytes
2013-07-22 1537 - 2013-07-22 1537 - 00000000 ____D CProgram Files (x86)Malwarebytes' Anti-Malware
2013-07-22 1537 - 2013-04-04 1450 - 00025928 _____ (Malwarebytes Corporation) CWindowssystem32Driversmbam.sys
2013-07-21 2030 - 2013-07-21 2030 - 00000000 ____D CUsersKaiAppDataRoamingSnz
2013-07-18 1915 - 2013-07-18 1915 - 00000000 ____D CUsersKaiDocumentsGames for Windows - LIVE Demos
2013-07-18 1914 - 2013-07-18 1914 - 00000000 ____D CWindowsSysWOW64xlive
2013-07-18 1914 - 2013-07-18 1914 - 00000000 ____D CProgram Files (x86)Microsoft Games for Windows - LIVE
2013-07-18 1907 - 2013-07-18 1907 - 00000000 ____D CUsersKaiDocumentsRockstar Games
2013-07-18 1848 - 2013-07-18 1848 - 00000000 __SHD CProgramDataSecuROM
2013-07-18 1845 - 2013-07-18 1845 - 00178800 _____ (Sony DADC Austria AG.) CWindowsSysWOW64CmdLineExt_x64.dll
2013-07-18 1845 - 2013-07-18 1845 - 00000000 __RHD CUsersKaiAppDataRoamingSecuROM
2013-07-18 1845 - 2013-07-18 1845 - 00000000 ____D CUsersKaiAppDataLocalRockstar Games
2013-07-12 1340 - 2013-07-12 1340 - 00000000 ____D CUsersKaiAppDataLocalDeutscheBahn
2013-07-11 2202 - 2013-06-12 0143 - 14329856 _____ (Microsoft Corporation) CWindowsSysWOW64mshtml.dll
2013-07-11 2202 - 2013-06-12 0143 - 02877440 _____ (Microsoft Corporation) CWindowsSysWOW64jscript9.dll
2013-07-11 2202 - 2013-06-12 0143 - 01767936 _____ (Microsoft Corporation) CWindowsSysWOW64wininet.dll
2013-07-11 2202 - 2013-06-12 0143 - 01141248 _____ (Microsoft Corporation) CWindowsSysWOW64urlmon.dll
2013-07-11 2202 - 2013-06-12 0143 - 00690688 _____ (Microsoft Corporation) CWindowsSysWOW64jscript.dll
2013-07-11 2202 - 2013-06-12 0143 - 00493056 _____ (Microsoft Corporation) CWindowsSysWOW64msfeeds.dll
2013-07-11 2202 - 2013-06-12 0143 - 00039424 _____ (Microsoft Corporation) CWindowsSysWOW64jsproxy.dll
2013-07-11 2202 - 2013-06-12 0142 - 13760512 _____ (Microsoft Corporation) CWindowsSysWOW64ieframe.dll
2013-07-11 2202 - 2013-06-12 0142 - 02046976 _____ (Microsoft Corporation) CWindowsSysWOW64iertutil.dll
2013-07-11 2202 - 2013-06-12 0142 - 00391168 _____ (Microsoft Corporation) CWindowsSysWOW64ieui.dll
2013-07-11 2202 - 2013-06-12 0142 - 00109056 _____ (Microsoft Corporation) CWindowsSysWOW64iesysprep.dll
2013-07-11 2202 - 2013-06-12 0142 - 00061440 _____ (Microsoft Corporation) CWindowsSysWOW64iesetup.dll
2013-07-11 2202 - 2013-06-12 0142 - 00033280 _____ (Microsoft Corporation) CWindowsSysWOW64iernonce.dll
2013-07-11 2202 - 2013-06-12 0126 - 02241024 _____ (Microsoft Corporation) CWindowssystem32wininet.dll
2013-07-11 2202 - 2013-06-12 0126 - 01365504 _____ (Microsoft Corporation) CWindowssystem32urlmon.dll
2013-07-11 2202 - 2013-06-12 0126 - 00051712 _____ (Microsoft Corporation) CWindowssystem32ie4uinit.exe
2013-07-11 2202 - 2013-06-12 0125 - 19238912 _____ (Microsoft Corporation) CWindowssystem32mshtml.dll
2013-07-11 2202 - 2013-06-12 0125 - 15404032 _____ (Microsoft Corporation) CWindowssystem32ieframe.dll
2013-07-11 2202 - 2013-06-12 0125 - 03958784 _____ (Microsoft Corporation) CWindowssystem32jscript9.dll
2013-07-11 2202 - 2013-06-12 0125 - 02648576 _____ (Microsoft Corporation) CWindowssystem32iertutil.dll
2013-07-11 2202 - 2013-06-12 0125 - 00855552 _____ (Microsoft Corporation) CWindowssystem32jscript.dll
2013-07-11 2202 - 2013-06-12 0125 - 00603136 _____ (Microsoft Corporation) CWindowssystem32msfeeds.dll
2013-07-11 2202 - 2013-06-12 0125 - 00526336 _____ (Microsoft Corporation) CWindowssystem32ieui.dll
2013-07-11 2202 - 2013-06-12 0125 - 00136704 _____ (Microsoft Corporation) CWindowssystem32iesysprep.dll
2013-07-11 2202 - 2013-06-12 0125 - 00067072 _____ (Microsoft Corporation) CWindowssystem32iesetup.dll
2013-07-11 2202 - 2013-06-12 0125 - 00053248 _____ (Microsoft Corporation) CWindowssystem32jsproxy.dll
2013-07-11 2202 - 2013-06-12 0125 - 00039936 _____ (Microsoft Corporation) CWindowssystem32iernonce.dll
2013-07-11 2202 - 2013-06-12 0051 - 00071680 _____ (Microsoft Corporation) CWindowsSysWOW64RegisterIEPKEYs.exe
2013-07-11 2202 - 2013-06-12 0050 - 00089600 _____ (Microsoft Corporation) CWindowssystem32RegisterIEPKEYs.exe
2013-07-11 2202 - 2013-06-07 0522 - 02706432 _____ (Microsoft Corporation) CWindowssystem32mshtml.tlb
2013-07-11 2202 - 2013-06-07 0437 - 02706432 _____ (Microsoft Corporation) CWindowsSysWOW64mshtml.tlb
2013-07-11 2139 - 2013-06-05 0534 - 03153920 _____ (Microsoft Corporation) CWindowssystem32win32k.sys
2013-07-11 2139 - 2013-06-04 0800 - 00624128 _____ (Microsoft Corporation) CWindowssystem32qedit.dll
2013-07-11 2139 - 2013-06-04 0653 - 00509440 _____ (Microsoft Corporation) CWindowsSysWOW64qedit.dll
2013-07-11 2139 - 2013-05-06 0803 - 01887744 _____ (Microsoft Corporation) CWindowssystem32WMVDECOD.DLL
2013-07-11 2139 - 2013-05-06 0656 - 01620480 _____ (Microsoft Corporation) CWindowsSysWOW64WMVDECOD.DLL
2013-07-11 2139 - 2013-04-10 0134 - 01247744 _____ (Microsoft Corporation) CWindowsSysWOW64DWrite.dll
2013-07-11 2139 - 2013-04-03 0051 - 01643520 _____ (Microsoft Corporation) CWindowssystem32DWrite.dll
2013-07-11 2102 - 2013-07-11 2102 - 00001306 _____ CUsersPublicDesktopFree YouTube Download.lnk
2013-07-11 2102 - 2013-07-11 2102 - 00000000 ____D CUsersKaiAppDataRoamingDVDVideoSoft
2013-07-11 2102 - 2013-07-11 2102 - 00000000 ____D CProgram Files (x86)DVDVideoSoft
==================== One Month Modified Files and Folders =======
2013-08-09 1430 - 2013-08-09 1430 - 00000000 ____D CFRST
2013-08-09 1429 - 2013-08-09 1429 - 00000468 _____ CUsersKaiDesktopdefogger_disable.log
2013-08-09 1428 - 2013-08-09 1428 - 00000000 _____ CUsersKaidefogger_reenable
2013-08-09 1428 - 2013-05-21 2355 - 00000000 ____D CUsersKai
2013-08-09 1427 - 2013-08-09 1427 - 00377856 _____ CUsersKaiDownloadsgmer_2.1.19163.exe
2013-08-09 1427 - 2013-08-09 1426 - 01790169 _____ (Farbar) CUsersKaiDownloadsFRST64.exe
2013-08-09 1425 - 2013-08-09 1426 - 00050477 _____ CUsersKaiDesktopDefogger.exe
2013-08-09 1425 - 2013-08-09 1425 - 00050477 _____ CUsersKaiDownloadsDefogger.exe
2013-08-09 1411 - 2013-05-22 0958 - 00000000 ____D CProgram Files (x86)Steam
2013-08-09 1408 - 2013-05-22 1552 - 00000884 _____ CWindowsTasksAdobe Flash Player Updater.job
2013-08-09 1350 - 2013-05-22 1831 - 00000000 ____D CUsersKaiAppDataLocalAdobe
2013-08-09 1348 - 2009-07-14 0645 - 00025680 ____H CWindowssystem327B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-09 1348 - 2009-07-14 0645 - 00025680 ____H CWindowssystem327B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-09 1346 - 2013-05-22 0947 - 00696620 _____ CWindowssystem32perfh007.dat
2013-08-09 1346 - 2013-05-22 0947 - 00147916 _____ CWindowssystem32perfc007.dat
2013-08-09 1346 - 2009-07-14 0713 - 01612484 _____ CWindowssystem32PerfStringBackup.INI
2013-08-09 1345 - 2013-05-22 0930 - 00001104 _____ CWindowsTasksGoogleUpdateTaskMachineUA.job
2013-08-09 1341 - 2013-08-04 2008 - 00000000 ____D CUsersKaiAppDataRoamingGameTracker
2013-08-09 1340 - 2013-07-29 1607 - 00000000 ____D CUsersKaiAppDataLocalHTC MediaHub
2013-08-09 1340 - 2013-07-25 1156 - 00012214 _____ CWindowssetupact.log
2013-08-09 1340 - 2013-05-22 0940 - 00000000 ____D CProgramDataNVIDIA
2013-08-09 1340 - 2013-05-22 0930 - 00001100 _____ CWindowsTasksGoogleUpdateTaskMachineCore.job
2013-08-09 1340 - 2009-07-14 0708 - 00000006 ____H CWindowsTasksSA.DAT
2013-08-08 1807 - 2013-05-21 2351 - 01158810 _____ CWindowsWindowsUpdate.log
2013-08-07 2337 - 2013-05-22 0937 - 00000000 ____D CUsersKaiAppDataRoamingSkype
2013-08-07 2323 - 2013-05-22 0947 - 00000000 ____D CUsersKaiAppDataLocalPMB Files
2013-08-07 2323 - 2013-05-22 0947 - 00000000 ____D CProgramDataPMB Files
2013-08-07 2050 - 2013-08-07 2049 - 1138838405 _____ CUsersKaiDownloadsElysium2.rar
2013-08-07 1936 - 2013-05-22 1945 - 00000000 ____D CUsersUpdatusUserAppDataLocalCrashDumps
2013-08-07 1905 - 2013-08-07 1850 - 1425489052 _____ CUsersKaiDownloadsCryENGINE_PC_v3_4_5_6666_freesdk.zip
2013-08-07 1048 - 2010-11-21 0547 - 00254788 _____ CWindowsPFRO.log
2013-08-07 1047 - 2013-07-08 2116 - 00000000 ____D CUsersKaiAppDataRoamingCommon
2013-08-07 1046 - 2013-08-07 1038 - 00000000 ____D CProgramDataSpybot - Search & Destroy
2013-08-07 1041 - 2013-08-07 1041 - 00002259 _____ CUsersPublicDesktopGoogle Chrome.lnk
2013-08-07 1041 - 2013-05-22 1110 - 00000000 ____D CProgram Files (x86)Mozilla Firefox
2013-08-07 1038 - 2013-08-07 1038 - 00000000 ____D CWindowsSystem32TasksSafer-Networking
2013-08-07 1037 - 2013-08-07 1037 - 00001383 _____ CUsersPublicDesktopSpybot-S&D Start Center.lnk
2013-08-07 1037 - 2013-08-07 1037 - 00000000 ____D CProgram Files (x86)Spybot - Search & Destroy 2
2013-08-04 2008 - 2013-08-04 2008 - 00001020 _____ CUsersKaiDesktopGameTracker Lite.lnk
2013-08-04 2008 - 2013-08-04 2008 - 00000000 ____D CUsersKaiAppDataRoamingMicrosoftWindowsStart MenuProgramsGameTracker Lite
2013-08-04 2008 - 2013-08-04 2008 - 00000000 ____D CProgram Files (x86)GameTracker
2013-08-04 1921 - 2013-08-04 1921 - 00000000 ____D CNvidiaLogging
2013-08-04 1920 - 2013-05-22 0939 - 00000000 ____D CProgram FilesNVIDIA Corporation
2013-08-04 1920 - 2013-05-22 0939 - 00000000 ____D CProgram Files (x86)NVIDIA Corporation
2013-07-30 2333 - 2013-05-23 1501 - 00000000 ____D CUsersKaiAppDataRoamingvlc
2013-07-29 1844 - 2009-07-14 0645 - 04990416 _____ CWindowssystem32FNTCACHE.DAT
2013-07-29 1607 - 2013-07-29 1607 - 00002031 _____ CUsersPublicDesktopHTC Sync Manager.lnk
2013-07-29 1607 - 2013-07-29 1607 - 00000000 ____D CUsersKaiAppDataRoamingHTC Sync
2013-07-29 1607 - 2013-07-28 1822 - 00000000 ____D CUsersKaiAppDataRoamingHTC
2013-07-29 1607 - 2013-07-28 1817 - 00000000 ____D CProgramDataHTC
2013-07-29 1607 - 2013-07-28 1817 - 00000000 ____D CProgram Files (x86)HTC
2013-07-29 1607 - 2013-05-22 1321 - 00000000 ____D CUsersKaiAppDataLocalDownloaded Installations
2013-07-29 1607 - 2013-05-22 0930 - 00064792 _____ CUsersKaiAppDataLocalGDIPFONTCACHEV1.DAT
2013-07-29 1603 - 2013-07-29 1603 - 00000005 _____ CWindowsSysWOW64lMMLDeleteUserData42107612FX.tmp
2013-07-29 1523 - 2013-07-29 1522 - 00000000 ____D CUsersKaiDesktopDavid Guetta - Nothing But The Beat
2013-07-28 2309 - 2013-07-28 2309 - 00003302 _____ CWindowsSystem32Tasks{E9E56819-4421-4B16-A380-71F0D5C648A5}
2013-07-28 2254 - 2013-07-28 2254 - 00000219 _____ CUsersKaiDesktopAlien Swarm.url
2013-07-28 2140 - 2013-07-28 2140 - 00000000 ____D CProgram FilesMicrosoft Silverlight
2013-07-28 2140 - 2013-07-28 2140 - 00000000 ____D CProgram Files (x86)Microsoft Silverlight
2013-07-28 2113 - 2013-07-28 2113 - 00000219 _____ CUsersKaiDesktopTeam Fortress 2.url
2013-07-28 1935 - 2013-07-28 1935 - 00000222 _____ CUsersKaiDesktopCall of Duty Black Ops II - Zombies.url
2013-07-28 1822 - 2013-07-28 1821 - 00000000 ____D CUsersKaiDocumentsHTC
2013-07-28 1821 - 2013-07-28 1821 - 00000000 ____D CProgramDataMotorola
2013-07-28 1821 - 2013-05-23 1329 - 00000000 ____D CUsersKaiAppDataRoamingApple Computer
2013-07-28 1821 - 2013-05-23 1329 - 00000000 ____D CUsersKaiAppDataLocalApple Computer
2013-07-28 1820 - 2013-07-28 1820 - 00000000 ____D CProgram Files (x86)Spirent Communications
2013-07-28 1820 - 2013-05-22 0924 - 00035414 _____ CWindowsDPINST.LOG
2013-07-27 2013 - 2013-07-27 2013 - 00287600 _____ CWindowsmsxml4-KB954430-enu.LOG
2013-07-27 2013 - 2013-07-27 2013 - 00283814 _____ CWindowsmsxml4-KB973688-enu.LOG
2013-07-27 2013 - 2013-07-27 2013 - 00000000 ____D CProgram Files (x86)MSXML 4.0
2013-07-26 1922 - 2013-07-26 1922 - 00000000 ____D CUsersKaiAppDataLocalNero_AG
2013-07-26 1922 - 2013-07-26 1921 - 00000000 ____D CUsersKaiAppDataLocalNero
2013-07-26 1150 - 2013-05-22 0927 - 00000000 ____D CUsersKaiAppDataRoamingAdobe
2013-07-26 1149 - 2013-07-26 1148 - 00000000 ____D CUsersKaiAppDataRoamingNero
2013-07-26 1148 - 2013-07-26 1145 - 00000000 ____D CProgramDataNero
2013-07-26 1148 - 2013-07-26 1145 - 00000000 ____D CProgram Files (x86)Nero
2013-07-26 1148 - 2009-07-14 0520 - 00000000 ____D CWindowsCursors
2013-07-26 1147 - 2013-07-26 1147 - 00002797 _____ CUsersPublicDesktopNero Video 12.lnk
2013-07-25 2130 - 2013-07-25 2129 - 00000000 ____D CProgram FilesTrueCrypt
2013-07-25 2129 - 2013-07-25 2129 - 00231376 _____ (TrueCrypt Foundation) CWindowssystem32Driverstruecrypt.sys
2013-07-25 2129 - 2013-07-25 2129 - 00000875 _____ CUsersPublicDesktopTrueCrypt.lnk
2013-07-25 2126 - 2013-07-25 2126 - 00000000 ____D CUsersKaiAppDataLocalLogicCircuit
2013-07-25 2125 - 2013-07-25 2125 - 00001506 _____ CUsersKaiDesktopLogicCircuit - Verknüpfung.lnk
2013-07-25 2124 - 2013-07-25 2124 - 00000000 ____D CUsersKaiAppDataRoamingMicrosoftWindowsStart MenuProgramsLogic Circuit
2013-07-25 2124 - 2013-07-25 2124 - 00000000 ____D CProgram Files (x86)LogicCircuit
2013-07-25 2112 - 2013-07-25 2112 - 00000000 ____D Copt
2013-07-25 1913 - 2013-06-23 1924 - 00000000 ____D CUsersKaiDesktopGfs Religion Sterbehilfe
2013-07-25 1651 - 2013-07-07 1703 - 00008788 _____ CUsersKaiDesktopSharePod.log
2013-07-25 1449 - 2013-07-25 1449 - 00002056 _____ CUsersPublicDesktopRage.lnk
2013-07-25 1432 - 2013-07-25 1432 - 00000000 ____D CProgram Files (x86)Bethesda Softworks
2013-07-25 1432 - 2013-07-25 1430 - 00000000 ____D CUsersKaiAppDataRoamingDAEMON Tools Lite
2013-07-25 1432 - 2013-07-25 1430 - 00000000 ____D CProgramDataDAEMON Tools Lite
2013-07-25 1431 - 2013-07-25 1431 - 00001954 _____ CUsersPublicDesktopDAEMON Tools Lite.lnk
2013-07-25 1430 - 2013-07-25 1430 - 00283200 _____ (DT Soft Ltd) CWindowssystem32Driversdtsoftbus01.sys
2013-07-25 1430 - 2013-07-25 1430 - 00000000 ____D CProgram Files (x86)DAEMON Tools Lite
2013-07-25 1414 - 2013-07-25 1414 - 00000871 _____ CUsersPublicDesktopVLC media player.lnk
2013-07-25 1156 - 2013-07-25 1156 - 00000000 _____ CWindowssetuperr.log
2013-07-25 0954 - 2013-07-25 0954 - 00000000 ____D CWindowspss
2013-07-25 0954 - 2013-05-21 2355 - 00000000 ___RD CUsersKaiAppDataRoamingMicrosoftWindowsStart MenuProgramsStartup
2013-07-24 1453 - 2013-05-30 1238 - 00001708 _____ CUsersKaiDesktopPhotoshop - Verknüpfung.lnk
2013-07-24 1441 - 2013-07-24 1441 - 00000000 ____D CUsersKaiAppDataRoamingPDAppFlex
2013-07-24 1441 - 2013-07-24 1441 - 00000000 ____D CProgramDataregid.1986-12.com.adobe
2013-07-24 1323 - 2013-07-24 1323 - 00000000 ____D CProgram FilesAdobe
2013-07-24 1323 - 2013-07-24 1316 - 00000000 ____D CProgram FilesCommon FilesAdobe
2013-07-24 1318 - 2013-05-22 0927 - 00000000 ____D CProgram Files (x86)Adobe
2013-07-24 1316 - 2013-05-22 0927 - 00000000 ____D CProgramDataAdobe
2013-07-24 1254 - 2013-07-24 1254 - 00003494 _____ CWindowsSystem32TasksAdobeAAMUpdater-1.0-Kai-PC-Kai
2013-07-24 1253 - 2013-07-24 1253 - 00001074 _____ CUsersPublicDesktopAdobe Creative Cloud.lnk
2013-07-24 1235 - 2013-05-22 1030 - 00000000 ____D CUsersKaiAppDataLocalCrashDumps
2013-07-24 1221 - 2013-07-24 1221 - 00000546 _____ CUsersKaiDesktopEmsisoft Emergency Kit.lnk
2013-07-24 1221 - 2013-07-24 1221 - 00000000 ____D CEEK
2013-07-24 1207 - 2009-07-14 0520 - 00000000 ____D CWindowssystem32NDF
2013-07-23 1747 - 2013-05-22 1439 - 00062244 _____ CWindowsDirectX.log
2013-07-23 1711 - 2013-07-23 1711 - 00000219 _____ CUsersKaiDesktopCounter-Strike Global Offensive.url
2013-07-23 1640 - 2009-07-14 0520 - 00000000 ____D CWindowsregistration
2013-07-22 1940 - 2013-07-22 1927 - 00000000 ____D CUsersKaiAppDataRoamingTrueCrypt
2013-07-22 1907 - 2013-07-22 1908 - 00666633 _____ CUsersKaiDesktopAdwCleaner.exe
2013-07-22 1537 - 2013-07-22 1537 - 00001113 _____ CUsersPublicDesktopMalwarebytes Anti-Malware.lnk
2013-07-22 1537 - 2013-07-22 1537 - 00000000 ____D CUsersKaiAppDataRoamingMalwarebytes
2013-07-22 1537 - 2013-07-22 1537 - 00000000 ____D CProgramDataMalwarebytes
2013-07-22 1537 - 2013-07-22 1537 - 00000000 ____D CProgram Files (x86)Malwarebytes' Anti-Malware
2013-07-21 2031 - 2013-07-08 2117 - 00000000 ____D CUsersKaiAppDataRoamingIntermediate
2013-07-21 2030 - 2013-07-21 2030 - 00000000 ____D CUsersKaiAppDataRoamingSnz
2013-07-18 1915 - 2013-07-18 1915 - 00000000 ____D CUsersKaiDocumentsGames for Windows - LIVE Demos
2013-07-18 1914 - 2013-07-18 1914 - 00000000 ____D CWindowsSysWOW64xlive
2013-07-18 1914 - 2013-07-18 1914 - 00000000 ____D CProgram Files (x86)Microsoft Games for Windows - LIVE
2013-07-18 1907 - 2013-07-18 1907 - 00000000 ____D CUsersKaiDocumentsRockstar Games
2013-07-18 1854 - 2009-07-14 0520 - 00000000 ____D CProgram FilesCommon FilesMicrosoft Shared
2013-07-18 1848 - 2013-07-18 1848 - 00000000 __SHD CProgramDataSecuROM
2013-07-18 1845 - 2013-07-18 1845 - 00178800 _____ (Sony DADC Austria AG.) CWindowsSysWOW64CmdLineExt_x64.dll
2013-07-18 1845 - 2013-07-18 1845 - 00000000 __RHD CUsersKaiAppDataRoamingSecuROM
2013-07-18 1845 - 2013-07-18 1845 - 00000000 ____D CUsersKaiAppDataLocalRockstar Games
2013-07-18 1540 - 2013-05-22 0930 - 00004100 _____ CWindowsSystem32TasksGoogleUpdateTaskMachineUA
2013-07-18 1540 - 2013-05-22 0930 - 00003848 _____ CWindowsSystem32TasksGoogleUpdateTaskMachineCore
2013-07-18 1518 - 2013-05-22 1128 - 00000000 ____D CProgram Files (x86)JDownloader
2013-07-18 1507 - 2013-05-22 0952 - 00001351 _____ CUsersPublicDesktopGeForce Experience.lnk
2013-07-18 1504 - 2013-05-22 0937 - 00000000 ___RD CProgram Files (x86)Skype
2013-07-18 1504 - 2013-05-22 0937 - 00000000 ____D CProgramDataSkype
2013-07-12 1340 - 2013-07-12 1340 - 00000000 ____D CUsersKaiAppDataLocalDeutscheBahn
2013-07-12 1338 - 2010-11-21 0917 - 00000000 ____D CProgram FilesWindows Journal
2013-07-12 1338 - 2009-07-14 0732 - 00000000 ____D CProgram FilesWindows Defender
2013-07-12 1338 - 2009-07-14 0732 - 00000000 ____D CProgram Files (x86)Windows Defender
2013-07-11 2203 - 2013-05-22 1756 - 78185248 _____ (Microsoft Corporation) CWindowssystem32MRT.exe
2013-07-11 2102 - 2013-07-11 2102 - 00001306 _____ CUsersPublicDesktopFree YouTube Download.lnk
2013-07-11 2102 - 2013-07-11 2102 - 00000000 ____D CUsersKaiAppDataRoamingDVDVideoSoft
2013-07-11 2102 - 2013-07-11 2102 - 00000000 ____D CProgram Files (x86)DVDVideoSoft
2013-07-11 0658 - 2013-05-22 1552 - 00692104 _____ (Adobe Systems Incorporated) CWindowsSysWOW64FlashPlayerApp.exe
2013-07-11 0658 - 2013-05-22 1552 - 00071048 _____ (Adobe Systems Incorporated) CWindowsSysWOW64FlashPlayerCPLApp.cpl
2013-07-11 0658 - 2013-05-22 1552 - 00003822 _____ CWindowsSystem32TasksAdobe Flash Player Updater
==================== Bamital & volsnap Check =================
CWindowsSystem32winlogon.exe = MD5 is legit
CWindowsSystem32wininit.exe = MD5 is legit
CWindowsSysWOW64wininit.exe = MD5 is legit
CWindowsexplorer.exe = MD5 is legit
CWindowsSysWOW64explorer.exe = MD5 is legit
CWindowsSystem32svchost.exe = MD5 is legit
CWindowsSysWOW64svchost.exe = MD5 is legit
CWindowsSystem32services.exe = MD5 is legit
CWindowsSystem32User32.dll = MD5 is legit
CWindowsSysWOW64User32.dll = MD5 is legit
CWindowsSystem32userinit.exe = MD5 is legit
CWindowsSysWOW64userinit.exe = MD5 is legit
CWindowsSystem32Driversvolsnap.sys = MD5 is legit
LastRegBack 2013-08-08 1414
==================== End Of Log ============================
Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 1429 on 09082013 (Kai)
Checking for autostart values...
HKCU~Run values retrieved.
HKLM~Run values retrieved.
Checking for servicesdrivers...
-=E.O.F=-
Code:
ATTFilter GMER 2.1.19163 - httpwww.gmer.net
Rootkit scan 2013-08-09 145929
Windows 6.1.7601 Service Pack 1 x64 DeviceHarddisk1DR1 - DeviceIdeIdeDeviceP1T0L0-1 ST1000DM003-1CH162 rev.CC46 931,51GB
Running gmer_2.1.19163.exe; Driver CUsersKaiAppDataLocalTempuwldqpow.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG CWindowssystem32ntoskrnl.exe!ExDeleteNPagedLookasideList + 560 fffff800033b3000 4 bytes [CC, 05, ED, FF]
INITKDBG CWindowssystem32ntoskrnl.exe!ExDeleteNPagedLookasideList + 565 fffff800033b3005 12 bytes {MOV [RSP+0x28], RBX; LEA R12, [RSP+0x20]; JMP 0x22}
---- User code sections - GMER 2.1 ----
.text CProgram Files (x86)GameTrackerGSInGameService.exe[1180] CWindowssyswow64PSAPI.DLL!GetModuleInformation + 69 0000000075661465 2 bytes [66, 75]
.text CProgram Files (x86)GameTrackerGSInGameService.exe[1180] CWindowssyswow64PSAPI.DLL!GetModuleInformation + 155 00000000756614bb 2 bytes [66, 75]
.text ... 2
.text CProgram Files (x86)NVIDIA CorporationNVIDIA Update Coredaemonu.exe[2228] CWindowssyswow64PSAPI.DLL!GetModuleInformation + 69 0000000075661465 2 bytes [66, 75]
.text CProgram Files (x86)NVIDIA CorporationNVIDIA Update Coredaemonu.exe[2228] CWindowssyswow64PSAPI.DLL!GetModuleInformation + 155 00000000756614bb 2 bytes [66, 75]
.text ... 2
.text CProgram Files (x86)NVIDIA CorporationNVIDIA Update CoreNvTmru.exe[2204] CWindowssyswow64PSAPI.DLL!GetModuleInformation + 69 0000000075661465 2 bytes [66, 75]
.text CProgram Files (x86)NVIDIA CorporationNVIDIA Update CoreNvTmru.exe[2204] CWindowssyswow64PSAPI.DLL!GetModuleInformation + 155 00000000756614bb 2 bytes [66, 75]
.text ... 2
.text CProgram Files (x86)Spybot - Search & Destroy 2SDUpdSvc.exe[3860] CWindowssyswow64PSAPI.DLL!GetModuleInformation + 69 0000000075661465 2 bytes [66, 75]
.text CProgram Files (x86)Spybot - Search & Destroy 2SDUpdSvc.exe[3860] CWindowssyswow64PSAPI.DLL!GetModuleInformation + 155 00000000756614bb 2 bytes [66, 75]
.text ... 2
.text CProgram Files (x86)Spybot - Search & Destroy 2SDFSSvc.exe[3316] CWindowssyswow64psapi.dll!GetModuleInformation + 69 0000000075661465 2 bytes [66, 75]
.text CProgram Files (x86)Spybot - Search & Destroy 2SDFSSvc.exe[3316] CWindowssyswow64psapi.dll!GetModuleInformation + 155 00000000756614bb 2 bytes [66, 75]
.text ... 2
.text CProgram Files (x86)GameTrackerGTLite.exe[4668] CWindowssyswow64PSAPI.DLL!GetModuleInformation + 69 0000000075661465 2 bytes [66, 75]
.text CProgram Files (x86)GameTrackerGTLite.exe[4668] CWindowssyswow64PSAPI.DLL!GetModuleInformation + 155 00000000756614bb 2 bytes [66, 75]
.text ... 2
.text CProgram Files (x86)LogitechLWSWebcam SoftwareLWS.exe[4308] CWindowssyswow64PSAPI.DLL!GetModuleInformation + 69 0000000075661465 2 bytes [66, 75]
.text CProgram Files (x86)LogitechLWSWebcam SoftwareLWS.exe[4308] CWindowssyswow64PSAPI.DLL!GetModuleInformation + 155 00000000756614bb 2 bytes [66, 75]
.text ... 2
.text CProgram Files (x86)LogitechLWSWebcam SoftwareCameraHelperShell.exe[4664] CWindowssyswow64PSAPI.DLL!GetModuleInformation + 69 0000000075661465 2 bytes [66, 75]
.text CProgram Files (x86)LogitechLWSWebcam SoftwareCameraHelperShell.exe[4664] CWindowssyswow64PSAPI.DLL!GetModuleInformation + 155 00000000756614bb 2 bytes [66, 75]
.text ... 2
.text CProgram Files (x86)Spybot - Search & Destroy 2SDTray.exe[4716] CWindowssyswow64psapi.dll!GetModuleInformation + 69 0000000075661465 2 bytes [66, 75]
.text CProgram Files (x86)Spybot - Search & Destroy 2SDTray.exe[4716] CWindowssyswow64psapi.dll!GetModuleInformation + 155 00000000756614bb 2 bytes [66, 75]
.text ... 2
.text CProgram FilesLogitech Gaming SoftwareAppletsLCDMedia.exe[4928] CWindowssyswow64PSAPI.DLL!GetModuleInformation + 69 0000000075661465 2 bytes [66, 75]
.text CProgram FilesLogitech Gaming SoftwareAppletsLCDMedia.exe[4928] CWindowssyswow64PSAPI.DLL!GetModuleInformation + 155 00000000756614bb 2 bytes [66, 75]
.text ... 2
.text CProgram Files (x86)SteamSteam.exe[3452] CWindowssyswow64kernel32.dll!FreeLibrary 00000000753534a8 5 bytes JMP 000000016efd2170
.text CProgram Files (x86)SteamSteam.exe[3452] CWindowssyswow64kernel32.dll!LoadLibraryExA 00000000753548fb 5 bytes JMP 000000016efd1fe0
.text CProgram Files (x86)SteamSteam.exe[3452] CWindowssyswow64kernel32.dll!LoadLibraryW 0000000075354913 5 bytes JMP 000000016efd1f20
.text CProgram Files (x86)SteamSteam.exe[3452] CWindowssyswow64kernel32.dll!LoadLibraryExW 0000000075354945 5 bytes JMP 000000016efd20a0
.text CProgram Files (x86)SteamSteam.exe[3452] CWindowssyswow64kernel32.dll!LoadLibraryA 00000000753549bf 5 bytes JMP 000000016efd1e70
.text CProgram Files (x86)SteamSteam.exe[3452] CWindowssyswow64KERNELBASE.dll!HeapCreate 0000000076e9549c 5 bytes JMP 00000001000a0800
.text CProgram Files (x86)Common FilesSteamSteamService.exe[4900] CWindowssyswow64KERNELBASE.dll!HeapCreate 0000000076e9549c 5 bytes JMP 00000001001c0800
.text CProgram Files (x86)Common FilesSteamSteamService.exe[4900] CWindowssyswow64PSAPI.DLL!GetModuleInformation + 69 0000000075661465 2 bytes [66, 75]
.text CProgram Files (x86)Common FilesSteamSteamService.exe[4900] CWindowssyswow64PSAPI.DLL!GetModuleInformation + 155 00000000756614bb 2 bytes [66, 75]
.text ... 2
---- Processes - GMER 2.1 ----
Library CProgram Files (x86)AviraAntiVir Desktopsched.exe ( suspicious ) @ CProgram Files (x86)AviraAntiVir Desktopsched.exe [1496] 0000000000bf0000
Library CProgram Files (x86)AviraAntiVir Desktopgrdcore.dll ( suspicious ) @ CProgram Files (x86)AviraAntiVir Desktopsched.exe [1496] 0000000072a80000
Library cprogram files (x86)aviraantivir desktopcfglib.dll ( suspicious ) @ CProgram Files (x86)AviraAntiVir Desktopsched.exe [1496] 00000000723e0000
Library cprogram files (x86)aviraantivir desktopgpipc.dll ( suspicious ) @ CProgram Files (x86)AviraAntiVir Desktopsched.exe [1496] 00000000723a0000
Library cprogram files (x86)aviraantivir desktopgpgen.dll ( suspicious ) @ CProgram Files (x86)AviraAntiVir Desktopsched.exe [1496] 0000000072340000
Library cprogram files (x86)aviraantivir desktopgpschd.dll ( suspicious ) @ CProgram Files (x86)AviraAntiVir Desktopsched.exe [1496] 0000000072310000
Library CProgram Files (x86)AviraAntiVir Desktopavevtlog.dll ( suspicious ) @ CProgram Files (x86)AviraAntiVir Desktopsched.exe [1496] 0000000072250000
Library CProgram Files (x86)AviraAntiVir Desktopschedr.dll ( suspicious ) @ CProgram Files (x86)AviraAntiVir Desktopsched.exe [1496] 0000000072240000
Library CProgram Files (x86)AviraAntiVir Desktopsqlite3.dll ( suspicious ) @ CProgram Files (x86)AviraAntiVir Desktopsched.exe [1496] 00000000721d0000
Library CProgram Files (x86)AviraAntiVir Desktopavipc.dll ( suspicious ) @ CProgram Files (x86)AviraAntiVir Desktopsched.exe [1496] 00000000728c0000
Library CProgram Files (x86)AviraAntiVir Desktopavguard.exe ( suspicious ) @ CProgram Files (x86)AviraAntiVir Desktopavguard.exe [1860] 0000000000b10000
Library CProgram Files (x86)AviraAntiVir Desktopavshadow.exe ( suspicious ) @ CProgram Files (x86)AviraAntiVir Desktopavshadow.exe [1544] 000000013f560000
Library CProgram Files (x86)AviraAntiVir Desktopavipc64.dll ( suspicious ) @ CProgram Files (x86)AviraAntiVir Desktopavshadow.exe [1544] 000007fef74c0000
Library CProgram Files (x86)AviraAntiVir Desktopavgnt.exe ( suspicious ) @ CProgram Files (x86)AviraAntiVir Desktopavgnt.exe [4184] 00000000012b0000
Library CProgram Files (x86)AviraAntiVir Desktopccwkrlib.dll ( suspicious ) @ CProgram Files (x86)AviraAntiVir Desktopavgnt.exe [4184] 0000000073770000
Library cprogram files (x86)aviraantivir desktopcfglib.dll ( suspicious ) @ CProgram Files (x86)AviraAntiVir Desktopavgnt.exe [4184] 00000000723e0000
Library cprogram files (x86)aviraantivir desktopccguard.dll ( suspicious ) @ CProgram Files (x86)AviraAntiVir Desktopavgnt.exe [4184] 00000000736b0000
Library cprogram files (x86)aviraantivir desktopccgrdrc.dll ( suspicious ) @ CProgram Files (x86)AviraAntiVir Desktopavgnt.exe [4184] 0000000073d20000
Library cprogram files (x86)aviraantivir desktopccgrdw.dll ( suspicious ) @ CProgram Files (x86)AviraAntiVir Desktopavgnt.exe [4184] 0000000073730000
Library CProgram Files (x86)AviraAntiVir Desktopgrdcore.dll ( suspicious ) @ CProgram Files (x86)AviraAntiVir Desktopavgnt.exe [4184] 0000000072a80000
Library cprogram files (x86)aviraantivir desktopgpipc.dll ( suspicious ) @ CProgram Files (x86)AviraAntiVir Desktopavgnt.exe [4184] 00000000723a0000
Library CProgram Files (x86)AviraAntiVir Desktopavipc.dll ( suspicious ) @ CProgram Files (x86)AviraAntiVir Desktopavgnt.exe [4184] 00000000728c0000
Library cprogram files (x86)aviraantivir desktopccwgrd.dll ( suspicious ) @ CProgram Files (x86)AviraAntiVir Desktopavgnt.exe [4184] 00000000734a0000
Library cprogram files (x86)aviraantivir desktopccgen.dll ( suspicious ) @ CProgram Files (x86)AviraAntiVir Desktopavgnt.exe [4184] 00000000730a0000
Library cprogram files (x86)aviraantivir desktopccgenrc.dll ( suspicious ) @ CProgram Files (x86)AviraAntiVir Desktopavgnt.exe [4184] 0000000073d30000
Library cprogram files (x86)aviraantivir desktopccupdate.dll ( suspicious ) @ CProgram Files (x86)AviraAntiVir Desktopavgnt.exe [4184] 0000000073410000
Library cprogram files (x86)aviraantivir desktopccupdrc.dll ( suspicious ) @ CProgram Files (x86)AviraAntiVir Desktopavgnt.exe [4184] 0000000073c80000
Library cprogram files (x86)aviraantivir desktopcclic.dll ( suspicious ) @ CProgram Files (x86)AviraAntiVir Desktopavgnt.exe [4184] 0000000073710000
Library cprogram files (x86)aviraantivir desktopcclicrc.dll ( suspicious ) @ CProgram Files (x86)AviraAntiVir Desktopavgnt.exe [4184] 00000000733c0000
Library cprogram files (x86)aviraantivir desktopccmsg.dll ( suspicious ) @ CProgram Files (x86)AviraAntiVir Desktopavgnt.exe [4184] 0000000072e90000
Library cprogram files (x86)aviraantivir desktopccmsgrc.dll ( suspicious ) @ CProgram Files (x86)AviraAntiVir Desktopavgnt.exe [4184] 0000000073840000
Library cprogram files (x86)aviraantivir desktopccmainrc.dll ( suspicious ) @ CProgram Files (x86)AviraAntiVir Desktopavgnt.exe [4184] 00000000736a0000
Library CProgram Files (x86)AviraAntiVir Desktopccupdw.dll ( suspicious ) @ CProgram Files (x86)AviraAntiVir Desktopavgnt.exe [4184] 000000006e030000
Library Cprogram files (x86)aviraantivir desktopavscan.exe ( suspicious ) @ Cprogram files (x86)aviraantivir desktopavscan.exe [5452] 0000000001200000
Library Cprogram files (x86)aviraantivir desktopavlode.dll ( suspicious ) @ Cprogram files (x86)aviraantivir desktopavscan.exe [5452] 0000000068cd0000
Library Cprogram files (x86)aviraantivir desktopapcfile.dll ( suspicious ) @ Cprogram files (x86)aviraantivir desktopavscan.exe [5452] 0000000069880000
Library Cprogram files (x86)aviraantivir desktoplibcurl.dll ( suspicious ) @ Cprogram files (x86)aviraantivir desktopavscan.exe [5452] 0000000068c80000
Library Cprogram files (x86)aviraantivir desktopLIBEAY32.dll ( suspicious ) @ Cprogram files (x86)aviraantivir desktopavscan.exe [5452] 0000000068720000
Library Cprogram files (x86)aviraantivir desktopSSLEAY32.dll ( suspicious ) @ Cprogram files (x86)aviraantivir desktopavscan.exe [5452] 0000000068c30000
Library Cprogram files (x86)aviraantivir desktoplibaprutil-1.dll ( suspicious ) @ Cprogram files (x86)aviraantivir desktopavscan.exe [5452] 000000006ee60000
Library Cprogram files (x86)aviraantivir desktoplibapriconv-1.dll ( suspicious ) @ Cprogram files (x86)aviraantivir desktopavscan.exe [5452] 000000006ee50000
Library Cprogram files (x86)aviraantivir desktoplibapr-1.dll ( suspicious ) @ Cprogram files (x86)aviraantivir desktopavscan.exe [5452] 000000006eec0000
Library Cprogram files (x86)aviraantivir desktopAVSCANRC.DLL ( suspicious ) @ Cprogram files (x86)aviraantivir desktopavscan.exe [5452] 000000006f860000
Library Cprogram files (x86)aviraantivir desktopAVWINLL.DLL ( suspicious ) @ Cprogram files (x86)aviraantivir desktopavscan.exe [5452] 000000006f6b0000
Library Cprogram files (x86)aviraantivir desktopLUKE.DLL ( suspicious ) @ Cprogram files (x86)aviraantivir desktopavscan.exe [5452] 000000006e530000
Library Cprogram files (x86)aviraantivir desktopExtDlgFw.dll ( suspicious ) @ Cprogram files (x86)aviraantivir desktopavscan.exe [5452] 0000000069840000
Library Cprogram files (x86)aviraantivir desktopccwkrlib.dll ( suspicious ) @ Cprogram files (x86)aviraantivir desktopavscan.exe [5452] 0000000073770000
Library cprogram files (x86)aviraantivir desktopcfglib.dll ( suspicious ) @ Cprogram files (x86)aviraantivir desktopavscan.exe [5452] 00000000723e0000
Library cprogram files (x86)aviraantivir desktopccavscanex.dll ( suspicious ) @ Cprogram files (x86)aviraantivir desktopavscan.exe [5452] 0000000068bd0000
Library cprogram files (x86)aviraantivir desktopccavscanexrc.dll ( suspicious ) @ Cprogram files (x86)aviraantivir desktopavscan.exe [5452] 000000006e080000
Library Cprogram files (x86)aviraantivir desktopAVREP.DLL ( suspicious ) @ Cprogram files (x86)aviraantivir desktopavscan.exe [5452] 00000000696f0000
Library cprogram files (x86)aviraantivir desktopAVPREF.DLL ( suspicious ) @ Cprogram files (x86)aviraantivir desktopavscan.exe [5452] 0000000071ed0000
Library cprogram files (x86)aviraantivir desktopaecore.dll ( suspicious ) @ Cprogram files (x86)aviraantivir desktopavscan.exe [5452] 0000000071e90000
Library cprogram files (x86)aviraantivir desktopaevdf.dll ( suspicious ) @ Cprogram files (x86)aviraantivir desktopavscan.exe [5452] 0000000071e70000
Library cprogram files (x86)aviraantivir desktopaescript.dll ( suspicious ) @ Cprogram files (x86)aviraantivir desktopavscan.exe [5452] 0000000071df0000
Library cprogram files (x86)aviraantivir desktopaescn.dll ( suspicious ) @ Cprogram files (x86)aviraantivir desktopavscan.exe [5452] 0000000071dc0000
Library cprogram files (x86)aviraantivir desktopaesbx.dll ( suspicious ) @ Cprogram files (x86)aviraantivir desktopavscan.exe [5452] 0000000071c90000
Library cprogram files (x86)aviraantivir desktopaerdl.dll ( suspicious ) @ Cprogram files (x86)aviraantivir desktopavscan.exe [5452] 0000000071be0000
Library cprogram files (x86)aviraantivir desktopaepack.dll ( suspicious ) @ Cprogram files (x86)aviraantivir desktopavscan.exe [5452] 0000000071b20000
Library cprogram files (x86)aviraantivir desktopaeoffice.dll ( suspicious ) @ Cprogram files (x86)aviraantivir desktopavscan.exe [5452] 0000000071ae0000
Library cprogram files (x86)aviraantivir desktopaeheur.dll ( suspicious ) @ Cprogram files (x86)aviraantivir desktopavscan.exe [5452] 0000000071500000
Library cprogram files (x86)aviraantivir desktopaehelp.dll ( suspicious ) @ Cprogram files (x86)aviraantivir desktopavscan.exe [5452] 00000000714b0000
Library cprogram files (x86)aviraantivir desktopaegen.dll ( suspicious ) @ Cprogram files (x86)aviraantivir desktopavscan.exe [5452] 0000000071440000
Library cprogram files (x86)aviraantivir desktopaeexp.dll ( suspicious ) @ Cprogram files (x86)aviraantivir desktopavscan.exe [5452] 00000000713f0000
Library cprogram files (x86)aviraantivir desktopaeemu.dll ( suspicious ) @ Cprogram files (x86)aviraantivir desktopavscan.exe [5452] 0000000010000000
Library cprogram files (x86)aviraantivir desktopaebb.dll ( suspicious ) @ Cprogram files (x86)aviraantivir desktopavscan.exe [5452] 0000000000c60000
Library Cprogram files (x86)aviraantivir desktopavevtlog.dll ( suspicious ) @ Cprogram files (x86)aviraantivir desktopavscan.exe [5452] 0000000072250000
Library Cprogram files (x86)aviraantivir desktopsqlite3.dll ( suspicious ) @ Cprogram files (x86)aviraantivir desktopavscan.exe [5452] 00000000721d0000
Library Cprogram files (x86)aviraantivir desktopAVSCPLR.DLL ( suspicious ) @ Cprogram files (x86)aviraantivir desktopavscan.exe [5452] 000000006c640000
Library Cprogram files (x86)aviraantivir desktopAVREG.DLL ( suspicious ) @ Cprogram files (x86)aviraantivir desktopavscan.exe [5452] 000000006fab0000
Library Cprogram files (x86)aviraantivir desktopavipc.dll ( suspicious ) @ Cprogram files (x86)aviraantivir desktopavscan.exe [5452] 00000000728c0000
---- EOF - GMER 2.1 ----
Code:
ATTFilter Emsisoft Anti-Malware - Version 8.0
Letztes Update 09.08.2013 153230
Benutzerkonto Kai-PCKai
Scan Einstellungen
Scan Methode Detail Scan
Objekte Rootkits, Speicher, Traces, C, D, F, H
Riskware-Erkennung Aus
Archiv Scan An
ADS Scan An
Dateitypen-Filter Aus
Erweitertes Caching An
Direkter Festplattenzugriff Aus
Scan Beginn 09.08.2013 161637
Gescannt 515635
Gefunden 0
Scan Ende 09.08.2013 174354
Scan Zeit 12717
Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version v2013.07.22.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16635 Kai KAI-PC [Administrator] Schutz Aktiviert 22.07.2013 161109 mbam-log-2013-07-22 (16-11-09).txt Art des Suchlaufs Vollständiger Suchlauf (CDFGH) Aktivierte Suchlaufeinstellungen Speicher Autostart Registrierung Dateisystem HeuristiksExtra HeuristiKsShuriken PUP PUM Deaktivierte Suchlaufeinstellungen P2P Durchsuchte Objekte 408410 Laufzeit 1 Stunde(n), 30 Sekunde(n) Infizierte Speicherprozesse 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter Exportierte Ereignisse:
09.08.2013 19:35 [System-Scanner] Malware gefunden
Die Datei 'C:\Users\Kai\AppData\Local\Google\Chrome\User Data\Default\File
System\000\t\00\00000002'
enthielt einen Virus oder unerwünschtes Programm 'TR/Graftor.77030' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '1e16f293.qua'
verschoben!
09.08.2013 19:23 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\ProgramData\Avira\AntiVir
Desktop\TEMP\AVSCAN-20130809-181905-6072A14C\00000003-8D62B22E'
wurde ein Virus oder unerwünschtes Programm 'TR/Graftor.77030' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
09.08.2013 19:23 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\ProgramData\Avira\AntiVir
Desktop\TEMP\AVSCAN-20130809-181905-6072A14C\00000003-876E4D48'
wurde ein Virus oder unerwünschtes Programm 'TR/Graftor.77030' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
09.08.2013 18:58 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\ProgramData\Avira\AntiVir
Desktop\TEMP\AVSCAN-20130809-181905-6072A14C\00000002-4AED024B'
wurde ein Virus oder unerwünschtes Programm 'TR/Graftor.77030' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
|
|
10.08.2013, 05:31
| #2 | |
| /// the machine /// TB-Ausbilder    | E-Mail Account versendet Spam-Mails hi,
__________________Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ |
|
10.08.2013, 11:15
| #3 |
| | E-Mail Account versendet Spam-Mails Hallo schrauber,
__________________vielen Dank für deine schnelle Antwort! Ich habe sofort Combofix gestartet und folgender Logfile kam dabei heraus: Code:
ATTFilter Combofix Logfile: |
|
10.08.2013, 21:06
| #4 |
| /// the machine /// TB-Ausbilder | E-Mail Account versendet Spam-Mails Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
14.08.2013, 20:13
| #5 |
| | E-Mail Account versendet Spam-Mails Hallo schrauber, ich war leider einige Tage im Urlaub und konnte erst jetzt die oben genannten Prozesse durchführen. Malwarebytes Anti-Malware : Code:
ATTFilter Malwarebytes Anti-Malware (PRO) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.08.14.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16635 Kai :: KAI-PC [Administrator] Schutz: Aktiviert 14.08.2013 20:43:29 mbam-log-2013-08-14 (20-43-29).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 241605 Laufzeit: 4 Minute(n), 10 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.306 - Datei am 14/08/2013 um 20:49:58 erstellt
# Aktualisiert am 19/07/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : Kai - KAI-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Kai\Desktop\AdwCleaner.exe
# Option [Suche]
**** [Dienste] ****
Gefunden : APNMCP
***** [Dateien / Ordner] *****
Ordner Gefunden : C:\Program Files (x86)\AskPartnerNetwork
Ordner Gefunden : C:\ProgramData\APN
Ordner Gefunden : C:\ProgramData\AskPartnerNetwork
Ordner Gefunden : C:\Users\Kai\AppData\Local\Temp\APN
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\AskPartnerNetwork
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Schlüssel Gefunden : HKLM\Software\AskPartnerNetwork
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnTbMon]
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16635
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Google Chrome v28.0.1500.95
Datei : C:\Users\Kai\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R4].txt - [1370 octets] - [14/08/2013 20:49:58]
########## EOF - C:\AdwCleaner[R4].txt - [1430 octets] ##########
[/CODE] Junkware Removal Tool: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.4.5 (08.13.2013:1)
OS: Windows 7 Professional x64
Ran by Kai on 14.08.2013 at 20:54:01,61
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\apntbmon
Successfully deleted [Registry Value] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\bProtectTabs
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{553318DA-D010-469E-84B1-496563CAE1C0}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\httogroup
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\piccshare
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{553318DA-D010-469E-84B1-496563CAE1C0}
~~~ Files
Failed to delete: [File] "C:\Users\Kai\appdata\local\google\chrome\user data\default\ext_piccshare"
Successfully deleted: [File] "C:\Windows\wininit.ini"
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\apn"
Successfully deleted: [Folder] "C:\Users\Kai\AppData\Roaming\intermediate"
Successfully deleted: [Folder] "C:\Users\Kai\AppData\Roaming\scheck"
Successfully deleted: [Folder] "C:\Users\Kai\AppData\Roaming\ssync"
Successfully deleted: [Folder] "C:\Users\Kai\appdata\local\ext_piccshare"
~~~ Chrome
Successfully deleted: [Folder] C:\Users\Kai\appdata\local\Google\Chrome\User Data\Default\Extensions\aaaaacalgebmfelllfiaoknifldpngjh
Successfully deleted: [Folder] C:\Users\Kai\appdata\local\Google\Chrome\User Data\Default\Extensions\docfnddcclkgokdfpnmngpiliiachclb
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\aaaaacalgebmfelllfiaoknifldpngjh
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Google\Chrome\Extensions\docfnddcclkgokdfpnmngpiliiachclb
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 14.08.2013 at 21:06:03,68
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-08-2013 01
Ran by Kai (administrator) on 14-08-2013 21:08:51
Running from C:\Users\Kai\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
(ClanServers Hosting LLC) C:\Program Files (x86)\GameTracker\GSInGameService.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
() C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(ClanServers Hosting LLC) C:\Program Files (x86)\GameTracker\GTLite.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NANotify.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Avira Operations GmbH & Co. KG) C:\program files (x86)\avira\antivir desktop\avcenter.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11855976 2011-05-18] (Realtek Semiconductor)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028896 2013-07-27] (NVIDIA Corporation)
HKLM\...\Run: [Launch LCore] - C:\Program Files\Logitech Gaming Software\LCore.exe [7477016 2013-04-25] (Logitech Inc.)
HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [6330568 2013-03-21] (ESET)
HKCU\...\Run: [GameTracker] - C:\Program Files (x86)\GameTracker\GTLite.exe [4019992 2013-03-08] (ClanServers Hosting LLC)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [LWS] - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM-x32\...\Run: [emsisoft anti-malware] - c:\program files (x86)\emsisoft anti-malware\a2guard.exe [2928040 2013-07-02] (Emsisoft GmbH)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [345144 2013-08-09] (Avira Operations GmbH & Co. KG)
AppInit_DLLs: C:\PROGRA~1\NVIDIA~1\NVSTRE~1\rxinput.dll [653600 2013-07-27] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\PROGRA~2\NVIDIA~1\NVSTRE~1\rxinput.dll [593696 2013-07-27] (NVIDIA Corporation)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=ASRK
BHO: Adblock IE - {667BEE43-20BD-4CE3-94AC-E63E04D4B191} - C:\Program Files\MGTEK\Adblock IE\adblockie.dll (MGTEK)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Avira SearchFree Toolbar plus Web Protection - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
BHO-x32: Adblock IE - {667BEE43-20BD-4CE3-94AC-E63E04D4B191} - C:\Program Files (x86)\MGTEK\Adblock IE\adblockie.dll (MGTEK)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ChromeFrame BHO - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome Frame\Application\28.0.1500.95\npchrome_frame.dll (Google Inc.)
Toolbar: HKLM-x32 - Avira SearchFree Toolbar plus Web Protection - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - No File
Handler-x32: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\28.0.1500.95\npchrome_frame.dll (Google Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Nero Kwik Media Helper) - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
CHR Plugin: (AdobeAAMDetect) - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.250.16) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (Google Docs) - C:\Users\Kai\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Kai\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Kai\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Kai\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Gmail) - C:\Users\Kai\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
==================== Services (Whitelisted) =================
R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [2938408 2013-07-02] (Emsisoft GmbH)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-08-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-08-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [589368 2013-08-09] (Avira Operations GmbH & Co. KG)
S4 AODService; C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [137096 2013-02-06] ()
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [168400 2013-07-26] (APN LLC.)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1341664 2013-03-21] (ESET)
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2013-01-29] (Nero AG)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14984480 2013-07-27] (NVIDIA Corporation)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] ()
==================== Drivers (Whitelisted) ====================
R3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [66320 2012-04-30] (Emsisoft GmbH)
R3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [66320 2012-04-30] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH)
R1 a2injectiondriver; C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [44688 2012-04-30] (Emsisoft GmbH)
R1 a2injectiondriver; C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [44688 2012-04-30] (Emsisoft GmbH)
R1 a2util; C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [17384 2013-03-28] (Emsisoft GmbH)
R1 a2util; C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [17384 2013-03-28] (Emsisoft GmbH)
R2 AODDriver4.2.0; C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [57952 2013-02-06] (Advanced Micro Devices)
R2 AODDriver4.2.0; C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [57952 2013-02-06] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-08-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-08-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-08-09] (Avira Operations GmbH & Co. KG)
R3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57032 2013-07-02] (Emsisoft GmbH)
R3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57032 2013-07-02] (Emsisoft GmbH)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-07-25] (DT Soft Ltd)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [213416 2013-02-14] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [150616 2013-01-10] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [139768 2013-01-10] (ESET)
S3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [31808 2013-05-22] (FNet Co., Ltd.)
R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [15936 2013-05-22] (FNet Co., Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39712 2013-05-14] (NVIDIA Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-08-14 20:55 - 2013-08-14 21:06 - 00000000 ____D C:\Users\Kai\Desktop\Neue Logfiles. 14.08
2013-08-14 20:55 - 2013-08-14 20:55 - 00000000 ____D C:\Users\Kai\Desktop\Alte Logfiles. 09.08-10.08
2013-08-14 20:54 - 2013-08-14 20:54 - 00000000 ____D C:\Windows\ERUNT
2013-08-14 20:52 - 2013-08-14 20:52 - 01158897 _____ (Thisisu) C:\Users\Kai\Downloads\JRT.exe
2013-08-14 20:52 - 2013-08-14 20:52 - 01158897 _____ (Thisisu) C:\Users\Kai\Desktop\JRT.exe
2013-08-14 20:49 - 2013-08-14 20:50 - 00001499 _____ C:\AdwCleaner[R4].txt
2013-08-14 20:39 - 2013-08-14 20:39 - 00000000 _____ C:\Users\Kai\AppData\Roaming\.NANotifyHere
2013-08-10 12:11 - 2013-08-10 12:11 - 00034996 _____ C:\ComboFix.txt
2013-08-10 11:57 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-08-10 11:57 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-08-10 11:57 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-08-10 11:57 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-08-10 11:57 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-08-10 11:57 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-08-10 11:57 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-08-10 11:57 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-08-10 11:54 - 2013-08-10 12:11 - 00000000 ____D C:\Qoobox
2013-08-10 11:53 - 2013-08-10 12:09 - 00000000 ____D C:\Windows\erdnt
2013-08-10 11:53 - 2013-08-10 11:52 - 05102523 ____R (Swearware) C:\Users\Kai\Desktop\ComboFix.exe
2013-08-10 11:51 - 2013-08-10 11:52 - 05102523 _____ (Swearware) C:\Users\Kai\Downloads\ComboFix.exe
2013-08-09 18:18 - 2013-08-09 18:18 - 00083672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-08-09 18:18 - 2013-08-09 18:18 - 00000000 ____D C:\Users\Kai\AppData\Roaming\Mozilla
2013-08-09 18:18 - 2013-08-09 18:18 - 00000000 ____D C:\Users\Kai\AppData\Roaming\Avira
2013-08-09 18:18 - 2013-08-09 18:18 - 00000000 ____D C:\ProgramData\AskPartnerNetwork
2013-08-09 18:18 - 2013-08-09 18:18 - 00000000 ____D C:\Program Files (x86)\AskPartnerNetwork
2013-08-09 18:17 - 2013-08-09 18:17 - 00002070 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-08-09 18:16 - 2013-08-09 18:17 - 00000000 ____D C:\ProgramData\Avira
2013-08-09 18:16 - 2013-08-09 18:16 - 00130016 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-08-09 18:16 - 2013-08-09 18:16 - 00100712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-08-09 18:16 - 2013-08-09 18:16 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-08-09 18:16 - 2013-08-09 18:16 - 00000000 ____D C:\Program Files (x86)\Avira
2013-08-09 18:10 - 2013-08-10 12:03 - 00084294 _____ C:\Users\Kai\Desktop\Neues Textdokument.txt
2013-08-09 16:11 - 2013-08-09 16:11 - 00000000 ____D C:\Users\Kai\AppData\Local\ESET
2013-08-09 15:09 - 2013-08-09 15:09 - 00000000 ____D C:\ProgramData\ESET
2013-08-09 15:09 - 2013-08-09 15:09 - 00000000 ____D C:\Program Files\ESET
2013-08-09 15:06 - 2013-08-09 15:06 - 00001095 _____ C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2013-08-09 15:05 - 2013-08-14 20:38 - 00000000 ____D C:\Program Files (x86)\Emsisoft Anti-Malware
2013-08-09 15:05 - 2013-08-09 15:05 - 00000000 ____D C:\Users\Kai\Documents\Anti-Malware
2013-08-09 15:04 - 2013-08-09 15:05 - 01415824 _____ (ESET) C:\Users\Kai\Downloads\eset_nod32_antivirus_live_installer.exe
2013-08-09 15:03 - 2013-08-09 15:05 - 187509536 _____ (Emsisoft GmbH ) C:\Users\Kai\Downloads\EmsisoftAntiMalwareSetup.exe
2013-08-09 15:02 - 2013-08-09 15:02 - 02092792 _____ C:\Users\Kai\Downloads\avira_free_antivirus.exe
2013-08-09 14:30 - 2013-08-09 14:30 - 00000000 ____D C:\FRST
2013-08-09 14:28 - 2013-08-09 14:28 - 00000000 _____ C:\Users\Kai\defogger_reenable
2013-08-09 14:27 - 2013-08-09 14:27 - 00377856 _____ C:\Users\Kai\Downloads\gmer_2.1.19163.exe
2013-08-09 14:26 - 2013-08-14 21:08 - 01575570 _____ (Farbar) C:\Users\Kai\Desktop\FRST64.exe
2013-08-09 14:26 - 2013-08-09 14:25 - 00050477 _____ C:\Users\Kai\Desktop\Defogger.exe
2013-08-09 14:25 - 2013-08-09 14:25 - 00050477 _____ C:\Users\Kai\Downloads\Defogger.exe
2013-08-07 20:49 - 2013-08-07 20:50 - 1138838405 _____ C:\Users\Kai\Downloads\Elysium2.rar
2013-08-07 18:50 - 2013-08-07 19:05 - 1425489052 _____ C:\Users\Kai\Downloads\CryENGINE_PC_v3_4_5_6666_freesdk.zip
2013-08-07 10:41 - 2013-08-07 10:41 - 00002259 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-08-07 10:38 - 2013-08-07 10:46 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-08-07 10:38 - 2013-08-07 10:38 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-08-04 20:08 - 2013-08-14 20:38 - 00000000 ____D C:\Users\Kai\AppData\Roaming\GameTracker
2013-08-04 20:08 - 2013-08-04 20:08 - 00001020 _____ C:\Users\Kai\Desktop\GameTracker Lite.lnk
2013-08-04 20:08 - 2013-08-04 20:08 - 00000000 ____D C:\Users\Kai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameTracker Lite
2013-08-04 20:08 - 2013-08-04 20:08 - 00000000 ____D C:\Program Files (x86)\GameTracker
2013-08-04 19:21 - 2013-08-04 19:21 - 00000000 ____D C:\NvidiaLogging
2013-08-04 19:19 - 2013-05-14 21:28 - 00039712 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2013-08-04 19:19 - 2013-05-14 21:27 - 00029984 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2013-08-04 19:19 - 2013-05-14 21:27 - 00028448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2013-07-29 16:07 - 2013-08-14 20:38 - 00000000 ____D C:\Users\Kai\AppData\Local\HTC MediaHub
2013-07-29 16:07 - 2013-07-29 16:07 - 00002031 _____ C:\Users\Public\Desktop\HTC Sync Manager.lnk
2013-07-29 16:07 - 2013-07-29 16:07 - 00000000 ____D C:\Users\Kai\AppData\Roaming\HTC Sync
2013-07-29 16:03 - 2013-07-29 16:03 - 00000005 _____ C:\Windows\SysWOW64\lMMLDeleteUserData42107612FX.tmp
2013-07-29 15:22 - 2013-07-29 15:23 - 00000000 ____D C:\Users\Kai\Desktop\David Guetta - Nothing But The Beat
2013-07-28 23:09 - 2013-07-28 23:09 - 00003302 _____ C:\Windows\System32\Tasks\{E9E56819-4421-4B16-A380-71F0D5C648A5}
2013-07-28 22:54 - 2013-07-28 22:54 - 00000219 _____ C:\Users\Kai\Desktop\Alien Swarm.url
2013-07-28 21:40 - 2013-07-28 21:40 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-28 21:40 - 2013-07-28 21:40 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-28 21:13 - 2013-07-28 21:13 - 00000219 _____ C:\Users\Kai\Desktop\Team Fortress 2.url
2013-07-28 19:35 - 2013-07-28 19:35 - 00000222 _____ C:\Users\Kai\Desktop\Call of Duty Black Ops II - Zombies.url
2013-07-28 18:22 - 2013-07-29 16:07 - 00000000 ____D C:\Users\Kai\AppData\Roaming\HTC
2013-07-28 18:21 - 2013-07-28 18:22 - 00000000 ____D C:\Users\Kai\Documents\HTC
2013-07-28 18:21 - 2013-07-28 18:21 - 00000000 ____D C:\ProgramData\Motorola
2013-07-28 18:20 - 2013-07-28 18:20 - 00000000 ____D C:\Program Files (x86)\Spirent Communications
2013-07-28 18:17 - 2013-07-29 16:07 - 00000000 ____D C:\ProgramData\HTC
2013-07-28 18:17 - 2013-07-29 16:07 - 00000000 ____D C:\Program Files (x86)\HTC
2013-07-28 18:17 - 2009-11-02 12:16 - 00033736 _____ (HTC, Corporation) C:\Windows\system32\Drivers\ANDROIDUSB.sys
2013-07-28 18:17 - 2009-06-09 15:41 - 01122664 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01007.dll
2013-07-27 20:13 - 2013-07-27 20:13 - 00287600 _____ C:\Windows\msxml4-KB954430-enu.LOG
2013-07-27 20:13 - 2013-07-27 20:13 - 00283814 _____ C:\Windows\msxml4-KB973688-enu.LOG
2013-07-27 20:13 - 2013-07-27 20:13 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
2013-07-26 19:22 - 2013-07-26 19:22 - 00000000 ____D C:\Users\Kai\AppData\Local\Nero_AG
2013-07-26 19:21 - 2013-07-26 19:22 - 00000000 ____D C:\Users\Kai\AppData\Local\Nero
2013-07-26 11:48 - 2013-07-26 11:49 - 00000000 ____D C:\Users\Kai\AppData\Roaming\Nero
2013-07-26 11:47 - 2013-07-26 11:47 - 00002797 _____ C:\Users\Public\Desktop\Nero Video 12.lnk
2013-07-26 11:45 - 2013-07-26 11:48 - 00000000 ____D C:\ProgramData\Nero
2013-07-26 11:45 - 2013-07-26 11:48 - 00000000 ____D C:\Program Files (x86)\Nero
2013-07-26 11:27 - 2011-10-24 21:26 - 00001524 _____ C:\Users\Kai\Desktop\BabyDevelop.lnk
2013-07-25 21:29 - 2013-07-25 21:30 - 00000000 ____D C:\Program Files\TrueCrypt
2013-07-25 21:29 - 2013-07-25 21:29 - 00231376 _____ (TrueCrypt Foundation) C:\Windows\system32\Drivers\truecrypt.sys
2013-07-25 21:29 - 2013-07-25 21:29 - 00000875 _____ C:\Users\Public\Desktop\TrueCrypt.lnk
2013-07-25 21:26 - 2013-07-25 21:26 - 00000000 ____D C:\Users\Kai\AppData\Local\LogicCircuit
2013-07-25 21:25 - 2013-07-25 21:25 - 00001506 _____ C:\Users\Kai\Desktop\LogicCircuit - Verknüpfung.lnk
2013-07-25 21:24 - 2013-07-25 21:24 - 00000000 ____D C:\Users\Kai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Logic Circuit
2013-07-25 21:24 - 2013-07-25 21:24 - 00000000 ____D C:\Program Files (x86)\LogicCircuit
2013-07-25 21:12 - 2013-07-25 21:12 - 00000000 ____D C:\opt
2013-07-25 14:49 - 2013-07-25 14:49 - 00002056 _____ C:\Users\Public\Desktop\Rage.lnk
2013-07-25 14:32 - 2013-07-25 14:32 - 00000000 ____D C:\Program Files (x86)\Bethesda Softworks
2013-07-25 14:31 - 2013-07-25 14:31 - 00001954 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2013-07-25 14:30 - 2013-07-25 14:32 - 00000000 ____D C:\Users\Kai\AppData\Roaming\DAEMON Tools Lite
2013-07-25 14:30 - 2013-07-25 14:32 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2013-07-25 14:30 - 2013-07-25 14:30 - 00283200 _____ (DT Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys
2013-07-25 14:30 - 2013-07-25 14:30 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Lite
2013-07-25 14:14 - 2013-07-25 14:14 - 00000871 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-07-25 11:56 - 2013-08-14 20:36 - 00012830 _____ C:\Windows\setupact.log
2013-07-25 11:56 - 2013-07-25 11:56 - 00000000 _____ C:\Windows\setuperr.log
2013-07-25 09:54 - 2013-07-25 09:54 - 00000000 ____D C:\Windows\pss
2013-07-24 14:41 - 2013-07-24 14:41 - 00000000 ____D C:\Users\Kai\AppData\Roaming\PDAppFlex
2013-07-24 14:41 - 2013-07-24 14:41 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2013-07-24 13:23 - 2013-07-24 13:23 - 00000000 ____D C:\Program Files\Adobe
2013-07-24 13:16 - 2013-07-24 13:23 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-07-24 12:54 - 2013-07-24 12:54 - 00003494 _____ C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-Kai-PC-Kai
2013-07-24 12:53 - 2013-07-24 12:53 - 00001074 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2013-07-24 12:21 - 2013-07-24 12:21 - 00000546 _____ C:\Users\Kai\Desktop\Emsisoft Emergency Kit.lnk
2013-07-24 12:21 - 2013-07-24 12:21 - 00000000 ____D C:\EEK
2013-07-23 17:11 - 2013-07-23 17:11 - 00000219 _____ C:\Users\Kai\Desktop\Counter-Strike Global Offensive.url
2013-07-22 19:27 - 2013-07-22 19:40 - 00000000 ____D C:\Users\Kai\AppData\Roaming\TrueCrypt
2013-07-22 19:08 - 2013-07-22 19:07 - 00666633 _____ C:\Users\Kai\Desktop\AdwCleaner.exe
2013-07-22 15:37 - 2013-07-22 15:37 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-07-22 15:37 - 2013-07-22 15:37 - 00000000 ____D C:\Users\Kai\AppData\Roaming\Malwarebytes
2013-07-22 15:37 - 2013-07-22 15:37 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-22 15:37 - 2013-07-22 15:37 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-22 15:37 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-07-21 20:30 - 2013-07-21 20:30 - 00000000 ____D C:\Users\Kai\AppData\Roaming\Snz
2013-07-18 19:15 - 2013-07-18 19:15 - 00000000 ____D C:\Users\Kai\Documents\Games for Windows - LIVE Demos
2013-07-18 19:14 - 2013-07-18 19:14 - 00000000 ____D C:\Windows\SysWOW64\xlive
2013-07-18 19:14 - 2013-07-18 19:14 - 00000000 ____D C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2013-07-18 19:07 - 2013-07-18 19:07 - 00000000 ____D C:\Users\Kai\Documents\Rockstar Games
2013-07-18 18:48 - 2013-07-18 18:48 - 00000000 __SHD C:\ProgramData\SecuROM
2013-07-18 18:45 - 2013-07-18 18:45 - 00178800 _____ (Sony DADC Austria AG.) C:\Windows\SysWOW64\CmdLineExt_x64.dll
2013-07-18 18:45 - 2013-07-18 18:45 - 00000000 __RHD C:\Users\Kai\AppData\Roaming\SecuROM
2013-07-18 18:45 - 2013-07-18 18:45 - 00000000 ____D C:\Users\Kai\AppData\Local\Rockstar Games
==================== One Month Modified Files and Folders =======
2013-08-14 21:08 - 2013-08-14 21:08 - 01575570 _____ (Farbar) C:\Users\Kai\Downloads\FRST64.exe
2013-08-14 21:08 - 2013-08-09 14:26 - 01575570 _____ (Farbar) C:\Users\Kai\Desktop\FRST64.exe
2013-08-14 21:08 - 2013-05-22 15:52 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-14 21:06 - 2013-08-14 20:55 - 00000000 ____D C:\Users\Kai\Desktop\Neue Logfiles. 14.08
2013-08-14 20:55 - 2013-08-14 20:55 - 00000000 ____D C:\Users\Kai\Desktop\Alte Logfiles. 09.08-10.08
2013-08-14 20:54 - 2013-08-14 20:54 - 00000000 ____D C:\Windows\ERUNT
2013-08-14 20:52 - 2013-08-14 20:52 - 01158897 _____ (Thisisu) C:\Users\Kai\Downloads\JRT.exe
2013-08-14 20:52 - 2013-08-14 20:52 - 01158897 _____ (Thisisu) C:\Users\Kai\Desktop\JRT.exe
2013-08-14 20:50 - 2013-08-14 20:49 - 00001499 _____ C:\AdwCleaner[R4].txt
2013-08-14 20:46 - 2013-05-22 18:31 - 00000000 ____D C:\Users\Kai\AppData\Local\Adobe
2013-08-14 20:45 - 2013-05-22 09:30 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-14 20:43 - 2009-07-14 06:45 - 00025680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-14 20:43 - 2009-07-14 06:45 - 00025680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-14 20:42 - 2013-05-22 09:47 - 00696620 _____ C:\Windows\system32\perfh007.dat
2013-08-14 20:42 - 2013-05-22 09:47 - 00147916 _____ C:\Windows\system32\perfc007.dat
2013-08-14 20:42 - 2009-07-14 07:13 - 01612484 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-14 20:40 - 2013-05-21 23:51 - 01354156 _____ C:\Windows\WindowsUpdate.log
2013-08-14 20:39 - 2013-08-14 20:39 - 00000000 _____ C:\Users\Kai\AppData\Roaming\.NANotifyHere
2013-08-14 20:38 - 2013-08-09 15:05 - 00000000 ____D C:\Program Files (x86)\Emsisoft Anti-Malware
2013-08-14 20:38 - 2013-08-04 20:08 - 00000000 ____D C:\Users\Kai\AppData\Roaming\GameTracker
2013-08-14 20:38 - 2013-07-29 16:07 - 00000000 ____D C:\Users\Kai\AppData\Local\HTC MediaHub
2013-08-14 20:37 - 2013-05-22 09:30 - 00001100 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-14 20:36 - 2013-07-25 11:56 - 00012830 _____ C:\Windows\setupact.log
2013-08-14 20:36 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-14 20:35 - 2013-05-22 09:40 - 00000000 ____D C:\ProgramData\NVIDIA
2013-08-14 20:35 - 2010-11-21 05:47 - 00260234 _____ C:\Windows\PFRO.log
2013-08-10 13:50 - 2013-05-22 09:58 - 00000000 ____D C:\Program Files (x86)\Steam
2013-08-10 12:11 - 2013-08-10 12:11 - 00034996 _____ C:\ComboFix.txt
2013-08-10 12:11 - 2013-08-10 11:54 - 00000000 ____D C:\Qoobox
2013-08-10 12:11 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-08-10 12:09 - 2013-08-10 11:53 - 00000000 ____D C:\Windows\erdnt
2013-08-10 12:09 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-08-10 12:03 - 2013-08-09 18:10 - 00084294 _____ C:\Users\Kai\Desktop\Neues Textdokument.txt
2013-08-10 11:52 - 2013-08-10 11:53 - 05102523 ____R (Swearware) C:\Users\Kai\Desktop\ComboFix.exe
2013-08-10 11:52 - 2013-08-10 11:51 - 05102523 _____ (Swearware) C:\Users\Kai\Downloads\ComboFix.exe
2013-08-09 20:38 - 2013-05-22 11:28 - 00000000 ____D C:\Program Files (x86)\JDownloader
2013-08-09 18:18 - 2013-08-09 18:18 - 00083672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-08-09 18:18 - 2013-08-09 18:18 - 00000000 ____D C:\Users\Kai\AppData\Roaming\Mozilla
2013-08-09 18:18 - 2013-08-09 18:18 - 00000000 ____D C:\Users\Kai\AppData\Roaming\Avira
2013-08-09 18:18 - 2013-08-09 18:18 - 00000000 ____D C:\ProgramData\AskPartnerNetwork
2013-08-09 18:18 - 2013-08-09 18:18 - 00000000 ____D C:\Program Files (x86)\AskPartnerNetwork
2013-08-09 18:17 - 2013-08-09 18:17 - 00002070 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-08-09 18:17 - 2013-08-09 18:16 - 00000000 ____D C:\ProgramData\Avira
2013-08-09 18:16 - 2013-08-09 18:16 - 00130016 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-08-09 18:16 - 2013-08-09 18:16 - 00100712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-08-09 18:16 - 2013-08-09 18:16 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-08-09 18:16 - 2013-08-09 18:16 - 00000000 ____D C:\Program Files (x86)\Avira
2013-08-09 16:11 - 2013-08-09 16:11 - 00000000 ____D C:\Users\Kai\AppData\Local\ESET
2013-08-09 15:09 - 2013-08-09 15:09 - 00000000 ____D C:\ProgramData\ESET
2013-08-09 15:09 - 2013-08-09 15:09 - 00000000 ____D C:\Program Files\ESET
2013-08-09 15:06 - 2013-08-09 15:06 - 00001095 _____ C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2013-08-09 15:05 - 2013-08-09 15:05 - 00000000 ____D C:\Users\Kai\Documents\Anti-Malware
2013-08-09 15:05 - 2013-08-09 15:04 - 01415824 _____ (ESET) C:\Users\Kai\Downloads\eset_nod32_antivirus_live_installer.exe
2013-08-09 15:05 - 2013-08-09 15:03 - 187509536 _____ (Emsisoft GmbH ) C:\Users\Kai\Downloads\EmsisoftAntiMalwareSetup.exe
2013-08-09 15:02 - 2013-08-09 15:02 - 02092792 _____ C:\Users\Kai\Downloads\avira_free_antivirus.exe
2013-08-09 14:30 - 2013-08-09 14:30 - 00000000 ____D C:\FRST
2013-08-09 14:28 - 2013-08-09 14:28 - 00000000 _____ C:\Users\Kai\defogger_reenable
2013-08-09 14:28 - 2013-05-21 23:55 - 00000000 ____D C:\Users\Kai
2013-08-09 14:27 - 2013-08-09 14:27 - 00377856 _____ C:\Users\Kai\Downloads\gmer_2.1.19163.exe
2013-08-09 14:25 - 2013-08-09 14:26 - 00050477 _____ C:\Users\Kai\Desktop\Defogger.exe
2013-08-09 14:25 - 2013-08-09 14:25 - 00050477 _____ C:\Users\Kai\Downloads\Defogger.exe
2013-08-07 23:37 - 2013-05-22 09:37 - 00000000 ____D C:\Users\Kai\AppData\Roaming\Skype
2013-08-07 23:23 - 2013-05-22 09:47 - 00000000 ____D C:\Users\Kai\AppData\Local\PMB Files
2013-08-07 23:23 - 2013-05-22 09:47 - 00000000 ____D C:\ProgramData\PMB Files
2013-08-07 20:50 - 2013-08-07 20:49 - 1138838405 _____ C:\Users\Kai\Downloads\Elysium2.rar
2013-08-07 19:36 - 2013-05-22 19:45 - 00000000 ____D C:\Users\UpdatusUser\AppData\Local\CrashDumps
2013-08-07 19:05 - 2013-08-07 18:50 - 1425489052 _____ C:\Users\Kai\Downloads\CryENGINE_PC_v3_4_5_6666_freesdk.zip
2013-08-07 10:47 - 2013-07-08 21:16 - 00000000 ____D C:\Users\Kai\AppData\Roaming\Common
2013-08-07 10:46 - 2013-08-07 10:38 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-08-07 10:41 - 2013-08-07 10:41 - 00002259 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-08-07 10:41 - 2013-05-22 11:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-07 10:38 - 2013-08-07 10:38 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-08-04 20:08 - 2013-08-04 20:08 - 00001020 _____ C:\Users\Kai\Desktop\GameTracker Lite.lnk
2013-08-04 20:08 - 2013-08-04 20:08 - 00000000 ____D C:\Users\Kai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameTracker Lite
2013-08-04 20:08 - 2013-08-04 20:08 - 00000000 ____D C:\Program Files (x86)\GameTracker
2013-08-04 19:21 - 2013-08-04 19:21 - 00000000 ____D C:\NvidiaLogging
2013-08-04 19:20 - 2013-05-22 09:39 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-08-04 19:20 - 2013-05-22 09:39 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-07-30 23:33 - 2013-05-23 15:01 - 00000000 ____D C:\Users\Kai\AppData\Roaming\vlc
2013-07-29 18:44 - 2009-07-14 06:45 - 04990416 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-29 16:07 - 2013-07-29 16:07 - 00002031 _____ C:\Users\Public\Desktop\HTC Sync Manager.lnk
2013-07-29 16:07 - 2013-07-29 16:07 - 00000000 ____D C:\Users\Kai\AppData\Roaming\HTC Sync
2013-07-29 16:07 - 2013-07-28 18:22 - 00000000 ____D C:\Users\Kai\AppData\Roaming\HTC
2013-07-29 16:07 - 2013-07-28 18:17 - 00000000 ____D C:\ProgramData\HTC
2013-07-29 16:07 - 2013-07-28 18:17 - 00000000 ____D C:\Program Files (x86)\HTC
2013-07-29 16:07 - 2013-05-22 13:21 - 00000000 ____D C:\Users\Kai\AppData\Local\Downloaded Installations
2013-07-29 16:07 - 2013-05-22 09:30 - 00064792 _____ C:\Users\Kai\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-29 16:03 - 2013-07-29 16:03 - 00000005 _____ C:\Windows\SysWOW64\lMMLDeleteUserData42107612FX.tmp
2013-07-29 15:23 - 2013-07-29 15:22 - 00000000 ____D C:\Users\Kai\Desktop\David Guetta - Nothing But The Beat
2013-07-28 23:09 - 2013-07-28 23:09 - 00003302 _____ C:\Windows\System32\Tasks\{E9E56819-4421-4B16-A380-71F0D5C648A5}
2013-07-28 22:54 - 2013-07-28 22:54 - 00000219 _____ C:\Users\Kai\Desktop\Alien Swarm.url
2013-07-28 21:40 - 2013-07-28 21:40 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-28 21:40 - 2013-07-28 21:40 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-28 21:13 - 2013-07-28 21:13 - 00000219 _____ C:\Users\Kai\Desktop\Team Fortress 2.url
2013-07-28 19:35 - 2013-07-28 19:35 - 00000222 _____ C:\Users\Kai\Desktop\Call of Duty Black Ops II - Zombies.url
2013-07-28 18:22 - 2013-07-28 18:21 - 00000000 ____D C:\Users\Kai\Documents\HTC
2013-07-28 18:21 - 2013-07-28 18:21 - 00000000 ____D C:\ProgramData\Motorola
2013-07-28 18:21 - 2013-05-23 13:29 - 00000000 ____D C:\Users\Kai\AppData\Roaming\Apple Computer
2013-07-28 18:21 - 2013-05-23 13:29 - 00000000 ____D C:\Users\Kai\AppData\Local\Apple Computer
2013-07-28 18:20 - 2013-07-28 18:20 - 00000000 ____D C:\Program Files (x86)\Spirent Communications
2013-07-28 18:20 - 2013-05-22 09:24 - 00035414 _____ C:\Windows\DPINST.LOG
2013-07-27 20:13 - 2013-07-27 20:13 - 00287600 _____ C:\Windows\msxml4-KB954430-enu.LOG
2013-07-27 20:13 - 2013-07-27 20:13 - 00283814 _____ C:\Windows\msxml4-KB973688-enu.LOG
2013-07-27 20:13 - 2013-07-27 20:13 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
2013-07-26 19:22 - 2013-07-26 19:22 - 00000000 ____D C:\Users\Kai\AppData\Local\Nero_AG
2013-07-26 19:22 - 2013-07-26 19:21 - 00000000 ____D C:\Users\Kai\AppData\Local\Nero
2013-07-26 11:50 - 2013-05-22 09:27 - 00000000 ____D C:\Users\Kai\AppData\Roaming\Adobe
2013-07-26 11:49 - 2013-07-26 11:48 - 00000000 ____D C:\Users\Kai\AppData\Roaming\Nero
2013-07-26 11:48 - 2013-07-26 11:45 - 00000000 ____D C:\ProgramData\Nero
2013-07-26 11:48 - 2013-07-26 11:45 - 00000000 ____D C:\Program Files (x86)\Nero
2013-07-26 11:48 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\Cursors
2013-07-26 11:47 - 2013-07-26 11:47 - 00002797 _____ C:\Users\Public\Desktop\Nero Video 12.lnk
2013-07-25 21:30 - 2013-07-25 21:29 - 00000000 ____D C:\Program Files\TrueCrypt
2013-07-25 21:29 - 2013-07-25 21:29 - 00231376 _____ (TrueCrypt Foundation) C:\Windows\system32\Drivers\truecrypt.sys
2013-07-25 21:29 - 2013-07-25 21:29 - 00000875 _____ C:\Users\Public\Desktop\TrueCrypt.lnk
2013-07-25 21:26 - 2013-07-25 21:26 - 00000000 ____D C:\Users\Kai\AppData\Local\LogicCircuit
2013-07-25 21:25 - 2013-07-25 21:25 - 00001506 _____ C:\Users\Kai\Desktop\LogicCircuit - Verknüpfung.lnk
2013-07-25 21:24 - 2013-07-25 21:24 - 00000000 ____D C:\Users\Kai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Logic Circuit
2013-07-25 21:24 - 2013-07-25 21:24 - 00000000 ____D C:\Program Files (x86)\LogicCircuit
2013-07-25 21:12 - 2013-07-25 21:12 - 00000000 ____D C:\opt
2013-07-25 19:13 - 2013-06-23 19:24 - 00000000 ____D C:\Users\Kai\Desktop\Gfs Religion Sterbehilfe
2013-07-25 16:51 - 2013-07-07 17:03 - 00008788 _____ C:\Users\Kai\Desktop\SharePod.log
2013-07-25 14:49 - 2013-07-25 14:49 - 00002056 _____ C:\Users\Public\Desktop\Rage.lnk
2013-07-25 14:32 - 2013-07-25 14:32 - 00000000 ____D C:\Program Files (x86)\Bethesda Softworks
2013-07-25 14:32 - 2013-07-25 14:30 - 00000000 ____D C:\Users\Kai\AppData\Roaming\DAEMON Tools Lite
2013-07-25 14:32 - 2013-07-25 14:30 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2013-07-25 14:31 - 2013-07-25 14:31 - 00001954 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2013-07-25 14:30 - 2013-07-25 14:30 - 00283200 _____ (DT Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys
2013-07-25 14:30 - 2013-07-25 14:30 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Lite
2013-07-25 14:14 - 2013-07-25 14:14 - 00000871 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-07-25 11:56 - 2013-07-25 11:56 - 00000000 _____ C:\Windows\setuperr.log
2013-07-25 09:54 - 2013-07-25 09:54 - 00000000 ____D C:\Windows\pss
2013-07-25 09:54 - 2013-05-21 23:55 - 00000000 ___RD C:\Users\Kai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-07-24 14:53 - 2013-05-30 12:38 - 00001708 _____ C:\Users\Kai\Desktop\Photoshop - Verknüpfung.lnk
2013-07-24 14:41 - 2013-07-24 14:41 - 00000000 ____D C:\Users\Kai\AppData\Roaming\PDAppFlex
2013-07-24 14:41 - 2013-07-24 14:41 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2013-07-24 13:23 - 2013-07-24 13:23 - 00000000 ____D C:\Program Files\Adobe
2013-07-24 13:23 - 2013-07-24 13:16 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-07-24 13:18 - 2013-05-22 09:27 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-07-24 13:16 - 2013-05-22 09:27 - 00000000 ____D C:\ProgramData\Adobe
2013-07-24 12:54 - 2013-07-24 12:54 - 00003494 _____ C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-Kai-PC-Kai
2013-07-24 12:53 - 2013-07-24 12:53 - 00001074 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2013-07-24 12:35 - 2013-05-22 10:30 - 00000000 ____D C:\Users\Kai\AppData\Local\CrashDumps
2013-07-24 12:21 - 2013-07-24 12:21 - 00000546 _____ C:\Users\Kai\Desktop\Emsisoft Emergency Kit.lnk
2013-07-24 12:21 - 2013-07-24 12:21 - 00000000 ____D C:\EEK
2013-07-24 12:07 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-07-23 17:47 - 2013-05-22 14:39 - 00062244 _____ C:\Windows\DirectX.log
2013-07-23 17:11 - 2013-07-23 17:11 - 00000219 _____ C:\Users\Kai\Desktop\Counter-Strike Global Offensive.url
2013-07-23 16:40 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2013-07-22 19:40 - 2013-07-22 19:27 - 00000000 ____D C:\Users\Kai\AppData\Roaming\TrueCrypt
2013-07-22 19:07 - 2013-07-22 19:08 - 00666633 _____ C:\Users\Kai\Desktop\AdwCleaner.exe
2013-07-22 15:37 - 2013-07-22 15:37 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-07-22 15:37 - 2013-07-22 15:37 - 00000000 ____D C:\Users\Kai\AppData\Roaming\Malwarebytes
2013-07-22 15:37 - 2013-07-22 15:37 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-22 15:37 - 2013-07-22 15:37 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-21 20:30 - 2013-07-21 20:30 - 00000000 ____D C:\Users\Kai\AppData\Roaming\Snz
2013-07-18 19:15 - 2013-07-18 19:15 - 00000000 ____D C:\Users\Kai\Documents\Games for Windows - LIVE Demos
2013-07-18 19:14 - 2013-07-18 19:14 - 00000000 ____D C:\Windows\SysWOW64\xlive
2013-07-18 19:14 - 2013-07-18 19:14 - 00000000 ____D C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2013-07-18 19:07 - 2013-07-18 19:07 - 00000000 ____D C:\Users\Kai\Documents\Rockstar Games
2013-07-18 18:54 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-07-18 18:48 - 2013-07-18 18:48 - 00000000 __SHD C:\ProgramData\SecuROM
2013-07-18 18:45 - 2013-07-18 18:45 - 00178800 _____ (Sony DADC Austria AG.) C:\Windows\SysWOW64\CmdLineExt_x64.dll
2013-07-18 18:45 - 2013-07-18 18:45 - 00000000 __RHD C:\Users\Kai\AppData\Roaming\SecuROM
2013-07-18 18:45 - 2013-07-18 18:45 - 00000000 ____D C:\Users\Kai\AppData\Local\Rockstar Games
2013-07-18 15:40 - 2013-05-22 09:30 - 00004100 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-18 15:40 - 2013-05-22 09:30 - 00003848 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-18 15:07 - 2013-05-22 09:52 - 00001351 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2013-07-18 15:04 - 2013-05-22 09:37 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-07-18 15:04 - 2013-05-22 09:37 - 00000000 ____D C:\ProgramData\Skype
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-08-08 14:14
==================== End Of Log ============================
|
|
15.08.2013, 08:49
| #6 |
| /// the machine /// TB-Ausbilder | E-Mail Account versendet Spam-Mails Du musst AdwCleaner schon löschen lassen  ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ --> E-Mail Account versendet Spam-Mails |
|
15.08.2013, 10:41
| #7 |
| | E-Mail Account versendet Spam-Mails Hallo, Ich habe nun wieder alle Schritte befolgt, jedoch möchte ich anmerken, das mein Computer sehr langsam geworden ist, seitdem ich diese Bekämpfung durchführe. Liegt das an den vielen Bekämpfungsprogrammen die im Hintergrund laufen?` Ob die Probleme noch vorhanden sind lässt sich erst die Tage beweisen. Hier die alte AdwCleaner Logfile mit gelöschten Daten: AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.306 - Datei am 15/08/2013 um 11:19:56 erstellt
# Aktualisiert am 19/07/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : Kai - KAI-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Kai\Desktop\AdwCleaner.exe
# Option [Löschen]
**** [Dienste] ****
Gestoppt & Gelöscht : APNMCP
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\Program Files (x86)\AskPartnerNetwork
Ordner Gelöscht : C:\ProgramData\AskPartnerNetwork
Ordner Gelöscht : C:\Users\Kai\AppData\Local\AskPartnerNetwork
Ordner Gelöscht : C:\Users\Kai\AppData\Local\Temp\APN
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\AskPartnerNetwork
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Schlüssel Gelöscht : HKLM\Software\AskPartnerNetwork
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16635
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Google Chrome v28.0.1500.95
Datei : C:\Users\Kai\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R4].txt - [1499 octets] - [14/08/2013 20:49:58]
AdwCleaner[R5].txt - [1506 octets] - [15/08/2013 11:18:15]
AdwCleaner[R6].txt - [1566 octets] - [15/08/2013 11:19:34]
AdwCleaner[S3].txt - [1510 octets] - [15/08/2013 11:19:56]
########## EOF - C:\AdwCleaner[S3].txt - [1570 octets] ##########
Eset Smartinstaller: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=62b429891223f64b85f2d07f927f68da
# engine=14779
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-08-15 09:19:06
# local_time=2013-08-15 11:19:06 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 94 176 493491 0 0
# compatibility_mode=5893 16776574 100 94 2929209 128188196 0 0
# compatibility_mode=8217 16776701 100 87 504557 126571298 0 0
# scanned=1
# found=0
# cleaned=0
# scan_time=0
# nod_component=V3 Build:0x30000000
Code:
ATTFilter Results of screen317's Security Check version 0.99.72 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` ESET NOD32 Antivirus 6.0 Emsisoft Anti-Malware Avira Desktop Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.75.0.1300 Java 7 Update 25 Adobe Flash Player 11.7.700.224 Adobe Reader XI Google Chrome 28.0.1500.95 ````````Process Check: objlist.exe by Laurent```````` ESET NOD32 Antivirus egui.exe ESET NOD32 Antivirus ekrn.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Avira Antivir avgnt.exe Avira Antivir avguard.exe Emsisoft Anti-Malware a2service.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-08-2013 01
Ran by Kai (administrator) on 15-08-2013 11:40:03
Running from C:\Users\Kai\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
(ClanServers Hosting LLC) C:\Program Files (x86)\GameTracker\GSInGameService.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11855976 2011-05-18] (Realtek Semiconductor)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028896 2013-07-27] (NVIDIA Corporation)
HKLM\...\Run: [Launch LCore] - C:\Program Files\Logitech Gaming Software\LCore.exe [7477016 2013-04-25] (Logitech Inc.)
HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [6330568 2013-03-21] (ESET)
HKCU\...\Run: [GameTracker] - C:\Program Files (x86)\GameTracker\GTLite.exe [4019992 2013-03-08] (ClanServers Hosting LLC)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [LWS] - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM-x32\...\Run: [emsisoft anti-malware] - c:\program files (x86)\emsisoft anti-malware\a2guard.exe [2928040 2013-07-02] (Emsisoft GmbH)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [345144 2013-08-09] (Avira Operations GmbH & Co. KG)
AppInit_DLLs: C:\PROGRA~1\NVIDIA~1\NVSTRE~1\rxinput.dll [653600 2013-07-27] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\PROGRA~2\NVIDIA~1\NVSTRE~1\rxinput.dll [593696 2013-07-27] (NVIDIA Corporation)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=ASRK
BHO: Adblock IE - {667BEE43-20BD-4CE3-94AC-E63E04D4B191} - C:\Program Files\MGTEK\Adblock IE\adblockie.dll (MGTEK)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Avira SearchFree Toolbar plus Web Protection - {41564952-412D-5637-00A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll" No File
BHO-x32: Adblock IE - {667BEE43-20BD-4CE3-94AC-E63E04D4B191} - C:\Program Files (x86)\MGTEK\Adblock IE\adblockie.dll (MGTEK)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ChromeFrame BHO - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome Frame\Application\28.0.1500.95\npchrome_frame.dll (Google Inc.)
Toolbar: HKLM-x32 - Avira SearchFree Toolbar plus Web Protection - {41564952-412D-5637-00A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll" No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKCU - No Name - {41564952-412D-5637-00A7-7A786E7484D7} - No File
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - No File
Handler-x32: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\28.0.1500.95\npchrome_frame.dll (Google Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Nero Kwik Media Helper) - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
CHR Plugin: (AdobeAAMDetect) - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.250.16) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (Google Docs) - C:\Users\Kai\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Kai\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Kai\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Kai\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Gmail) - C:\Users\Kai\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
==================== Services (Whitelisted) =================
R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [2938408 2013-07-02] (Emsisoft GmbH)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-08-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-08-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [589368 2013-08-09] (Avira Operations GmbH & Co. KG)
S4 AODService; C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [137096 2013-02-06] ()
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1341664 2013-03-21] (ESET)
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2013-01-29] (Nero AG)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14984480 2013-07-27] (NVIDIA Corporation)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] ()
==================== Drivers (Whitelisted) ====================
R3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [66320 2012-04-30] (Emsisoft GmbH)
R3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [66320 2012-04-30] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH)
R1 a2injectiondriver; C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [44688 2012-04-30] (Emsisoft GmbH)
R1 a2injectiondriver; C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [44688 2012-04-30] (Emsisoft GmbH)
R1 a2util; C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [17384 2013-03-28] (Emsisoft GmbH)
R1 a2util; C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [17384 2013-03-28] (Emsisoft GmbH)
R2 AODDriver4.2.0; C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [57952 2013-02-06] (Advanced Micro Devices)
R2 AODDriver4.2.0; C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [57952 2013-02-06] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-08-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-08-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-08-09] (Avira Operations GmbH & Co. KG)
R3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57032 2013-07-02] (Emsisoft GmbH)
R3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57032 2013-07-02] (Emsisoft GmbH)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-07-25] (DT Soft Ltd)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [213416 2013-02-14] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [150616 2013-01-10] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [139768 2013-01-10] (ESET)
R3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [31808 2013-05-22] (FNet Co., Ltd.)
R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [15936 2013-05-22] (FNet Co., Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39712 2013-05-14] (NVIDIA Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-08-15 11:36 - 2013-08-15 11:36 - 00891115 _____ C:\Users\Kai\Desktop\SecurityCheck.exe
2013-08-15 11:19 - 2013-08-15 11:20 - 00001639 _____ C:\AdwCleaner[S3].txt
2013-08-15 11:19 - 2013-08-15 11:19 - 00001566 _____ C:\AdwCleaner[R6].txt
2013-08-15 11:18 - 2013-08-15 11:18 - 00001506 _____ C:\AdwCleaner[R5].txt
2013-08-15 11:17 - 2013-08-15 11:17 - 00000000 ____D C:\Program Files (x86)\ESET
2013-08-15 11:15 - 2013-08-15 11:19 - 00000000 ____D C:\Windows\system32\MRT
2013-08-15 11:13 - 2013-08-15 11:13 - 02347384 _____ (ESET) C:\Users\Kai\Downloads\esetsmartinstaller_enu.exe
2013-08-15 11:13 - 2013-08-15 11:13 - 02347384 _____ (ESET) C:\Users\Kai\Desktop\esetsmartinstaller_enu.exe
2013-08-14 21:08 - 2013-08-14 21:08 - 01575570 _____ (Farbar) C:\Users\Kai\Downloads\FRST64.exe
2013-08-14 20:55 - 2013-08-14 21:10 - 00000000 ____D C:\Users\Kai\Desktop\Neue Logfiles. 14.08
2013-08-14 20:55 - 2013-08-14 20:55 - 00000000 ____D C:\Users\Kai\Desktop\Alte Logfiles. 09.08-10.08
2013-08-14 20:54 - 2013-08-14 20:54 - 00000000 ____D C:\Windows\ERUNT
2013-08-14 20:52 - 2013-08-14 20:52 - 01158897 _____ (Thisisu) C:\Users\Kai\Downloads\JRT.exe
2013-08-14 20:52 - 2013-08-14 20:52 - 01158897 _____ (Thisisu) C:\Users\Kai\Desktop\JRT.exe
2013-08-14 20:49 - 2013-08-14 20:50 - 00001499 _____ C:\AdwCleaner[R4].txt
2013-08-10 12:11 - 2013-08-10 12:11 - 00034996 _____ C:\ComboFix.txt
2013-08-10 11:57 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-08-10 11:57 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-08-10 11:57 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-08-10 11:57 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-08-10 11:57 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-08-10 11:57 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-08-10 11:57 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-08-10 11:57 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-08-10 11:54 - 2013-08-10 12:11 - 00000000 ____D C:\Qoobox
2013-08-10 11:53 - 2013-08-10 12:09 - 00000000 ____D C:\Windows\erdnt
2013-08-10 11:53 - 2013-08-10 11:52 - 05102523 ____R (Swearware) C:\Users\Kai\Desktop\ComboFix.exe
2013-08-10 11:51 - 2013-08-10 11:52 - 05102523 _____ (Swearware) C:\Users\Kai\Downloads\ComboFix.exe
2013-08-09 18:18 - 2013-08-09 18:18 - 00083672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-08-09 18:18 - 2013-08-09 18:18 - 00000000 ____D C:\Users\Kai\AppData\Roaming\Mozilla
2013-08-09 18:18 - 2013-08-09 18:18 - 00000000 ____D C:\Users\Kai\AppData\Roaming\Avira
2013-08-09 18:17 - 2013-08-09 18:17 - 00002070 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-08-09 18:16 - 2013-08-09 18:17 - 00000000 ____D C:\ProgramData\Avira
2013-08-09 18:16 - 2013-08-09 18:16 - 00130016 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-08-09 18:16 - 2013-08-09 18:16 - 00100712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-08-09 18:16 - 2013-08-09 18:16 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-08-09 18:16 - 2013-08-09 18:16 - 00000000 ____D C:\Program Files (x86)\Avira
2013-08-09 18:10 - 2013-08-10 12:03 - 00084294 _____ C:\Users\Kai\Desktop\Neues Textdokument.txt
2013-08-09 16:11 - 2013-08-09 16:11 - 00000000 ____D C:\Users\Kai\AppData\Local\ESET
2013-08-09 15:09 - 2013-08-09 15:09 - 00000000 ____D C:\ProgramData\ESET
2013-08-09 15:09 - 2013-08-09 15:09 - 00000000 ____D C:\Program Files\ESET
2013-08-09 15:06 - 2013-08-09 15:06 - 00001095 _____ C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2013-08-09 15:05 - 2013-08-15 11:31 - 00000000 ____D C:\Program Files (x86)\Emsisoft Anti-Malware
2013-08-09 15:05 - 2013-08-09 15:05 - 00000000 ____D C:\Users\Kai\Documents\Anti-Malware
2013-08-09 15:04 - 2013-08-09 15:05 - 01415824 _____ (ESET) C:\Users\Kai\Downloads\eset_nod32_antivirus_live_installer.exe
2013-08-09 15:03 - 2013-08-09 15:05 - 187509536 _____ (Emsisoft GmbH ) C:\Users\Kai\Downloads\EmsisoftAntiMalwareSetup.exe
2013-08-09 15:02 - 2013-08-09 15:02 - 02092792 _____ C:\Users\Kai\Downloads\avira_free_antivirus.exe
2013-08-09 14:30 - 2013-08-09 14:30 - 00000000 ____D C:\FRST
2013-08-09 14:28 - 2013-08-09 14:28 - 00000000 _____ C:\Users\Kai\defogger_reenable
2013-08-09 14:27 - 2013-08-09 14:27 - 00377856 _____ C:\Users\Kai\Downloads\gmer_2.1.19163.exe
2013-08-09 14:26 - 2013-08-14 21:08 - 01575570 _____ (Farbar) C:\Users\Kai\Desktop\FRST64.exe
2013-08-09 14:26 - 2013-08-09 14:25 - 00050477 _____ C:\Users\Kai\Desktop\Defogger.exe
2013-08-09 14:25 - 2013-08-09 14:25 - 00050477 _____ C:\Users\Kai\Downloads\Defogger.exe
2013-08-07 20:49 - 2013-08-07 20:50 - 1138838405 _____ C:\Users\Kai\Downloads\Elysium2.rar
2013-08-07 18:50 - 2013-08-07 19:05 - 1425489052 _____ C:\Users\Kai\Downloads\CryENGINE_PC_v3_4_5_6666_freesdk.zip
2013-08-07 10:41 - 2013-08-07 10:41 - 00002259 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-08-07 10:38 - 2013-08-07 10:46 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-08-07 10:38 - 2013-08-07 10:38 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-08-04 20:08 - 2013-08-15 11:31 - 00000000 ____D C:\Users\Kai\AppData\Roaming\GameTracker
2013-08-04 20:08 - 2013-08-04 20:08 - 00001020 _____ C:\Users\Kai\Desktop\GameTracker Lite.lnk
2013-08-04 20:08 - 2013-08-04 20:08 - 00000000 ____D C:\Users\Kai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameTracker Lite
2013-08-04 20:08 - 2013-08-04 20:08 - 00000000 ____D C:\Program Files (x86)\GameTracker
2013-08-04 19:21 - 2013-08-04 19:21 - 00000000 ____D C:\NvidiaLogging
2013-08-04 19:19 - 2013-05-14 21:28 - 00039712 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2013-08-04 19:19 - 2013-05-14 21:27 - 00029984 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2013-08-04 19:19 - 2013-05-14 21:27 - 00028448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2013-07-29 16:07 - 2013-08-15 11:31 - 00000000 ____D C:\Users\Kai\AppData\Local\HTC MediaHub
2013-07-29 16:07 - 2013-07-29 16:07 - 00002031 _____ C:\Users\Public\Desktop\HTC Sync Manager.lnk
2013-07-29 16:07 - 2013-07-29 16:07 - 00000000 ____D C:\Users\Kai\AppData\Roaming\HTC Sync
2013-07-29 16:03 - 2013-07-29 16:03 - 00000005 _____ C:\Windows\SysWOW64\lMMLDeleteUserData42107612FX.tmp
2013-07-29 15:22 - 2013-07-29 15:23 - 00000000 ____D C:\Users\Kai\Desktop\David Guetta - Nothing But The Beat
2013-07-28 23:09 - 2013-07-28 23:09 - 00003302 _____ C:\Windows\System32\Tasks\{E9E56819-4421-4B16-A380-71F0D5C648A5}
2013-07-28 22:54 - 2013-07-28 22:54 - 00000219 _____ C:\Users\Kai\Desktop\Alien Swarm.url
2013-07-28 21:40 - 2013-07-28 21:40 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-28 21:40 - 2013-07-28 21:40 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-28 21:13 - 2013-07-28 21:13 - 00000219 _____ C:\Users\Kai\Desktop\Team Fortress 2.url
2013-07-28 19:35 - 2013-07-28 19:35 - 00000222 _____ C:\Users\Kai\Desktop\Call of Duty Black Ops II - Zombies.url
2013-07-28 18:22 - 2013-07-29 16:07 - 00000000 ____D C:\Users\Kai\AppData\Roaming\HTC
2013-07-28 18:21 - 2013-07-28 18:22 - 00000000 ____D C:\Users\Kai\Documents\HTC
2013-07-28 18:21 - 2013-07-28 18:21 - 00000000 ____D C:\ProgramData\Motorola
2013-07-28 18:20 - 2013-07-28 18:20 - 00000000 ____D C:\Program Files (x86)\Spirent Communications
2013-07-28 18:17 - 2013-07-29 16:07 - 00000000 ____D C:\ProgramData\HTC
2013-07-28 18:17 - 2013-07-29 16:07 - 00000000 ____D C:\Program Files (x86)\HTC
2013-07-28 18:17 - 2009-11-02 12:16 - 00033736 _____ (HTC, Corporation) C:\Windows\system32\Drivers\ANDROIDUSB.sys
2013-07-28 18:17 - 2009-06-09 15:41 - 01122664 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01007.dll
2013-07-27 20:13 - 2013-07-27 20:13 - 00287600 _____ C:\Windows\msxml4-KB954430-enu.LOG
2013-07-27 20:13 - 2013-07-27 20:13 - 00283814 _____ C:\Windows\msxml4-KB973688-enu.LOG
2013-07-27 20:13 - 2013-07-27 20:13 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
2013-07-26 19:22 - 2013-07-26 19:22 - 00000000 ____D C:\Users\Kai\AppData\Local\Nero_AG
2013-07-26 19:21 - 2013-07-26 19:22 - 00000000 ____D C:\Users\Kai\AppData\Local\Nero
2013-07-26 11:48 - 2013-07-26 11:49 - 00000000 ____D C:\Users\Kai\AppData\Roaming\Nero
2013-07-26 11:47 - 2013-07-26 11:47 - 00002797 _____ C:\Users\Public\Desktop\Nero Video 12.lnk
2013-07-26 11:45 - 2013-07-26 11:48 - 00000000 ____D C:\ProgramData\Nero
2013-07-26 11:45 - 2013-07-26 11:48 - 00000000 ____D C:\Program Files (x86)\Nero
2013-07-26 11:27 - 2011-10-24 21:26 - 00001524 _____ C:\Users\Kai\Desktop\BabyDevelop.lnk
2013-07-25 21:29 - 2013-07-25 21:30 - 00000000 ____D C:\Program Files\TrueCrypt
2013-07-25 21:29 - 2013-07-25 21:29 - 00231376 _____ (TrueCrypt Foundation) C:\Windows\system32\Drivers\truecrypt.sys
2013-07-25 21:29 - 2013-07-25 21:29 - 00000875 _____ C:\Users\Public\Desktop\TrueCrypt.lnk
2013-07-25 21:26 - 2013-07-25 21:26 - 00000000 ____D C:\Users\Kai\AppData\Local\LogicCircuit
2013-07-25 21:25 - 2013-07-25 21:25 - 00001506 _____ C:\Users\Kai\Desktop\LogicCircuit - Verknüpfung.lnk
2013-07-25 21:24 - 2013-07-25 21:24 - 00000000 ____D C:\Users\Kai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Logic Circuit
2013-07-25 21:24 - 2013-07-25 21:24 - 00000000 ____D C:\Program Files (x86)\LogicCircuit
2013-07-25 21:12 - 2013-07-25 21:12 - 00000000 ____D C:\opt
2013-07-25 14:49 - 2013-07-25 14:49 - 00002056 _____ C:\Users\Public\Desktop\Rage.lnk
2013-07-25 14:32 - 2013-07-25 14:32 - 00000000 ____D C:\Program Files (x86)\Bethesda Softworks
2013-07-25 14:31 - 2013-07-25 14:31 - 00001954 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2013-07-25 14:30 - 2013-07-25 14:32 - 00000000 ____D C:\Users\Kai\AppData\Roaming\DAEMON Tools Lite
2013-07-25 14:30 - 2013-07-25 14:32 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2013-07-25 14:30 - 2013-07-25 14:30 - 00283200 _____ (DT Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys
2013-07-25 14:30 - 2013-07-25 14:30 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Lite
2013-07-25 14:14 - 2013-07-25 14:14 - 00000871 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-07-25 11:56 - 2013-08-15 11:30 - 00014443 _____ C:\Windows\setupact.log
2013-07-25 11:56 - 2013-07-25 11:56 - 00000000 _____ C:\Windows\setuperr.log
2013-07-25 09:54 - 2013-07-25 09:54 - 00000000 ____D C:\Windows\pss
2013-07-24 14:41 - 2013-07-24 14:41 - 00000000 ____D C:\Users\Kai\AppData\Roaming\PDAppFlex
2013-07-24 14:41 - 2013-07-24 14:41 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2013-07-24 13:23 - 2013-07-24 13:23 - 00000000 ____D C:\Program Files\Adobe
2013-07-24 13:16 - 2013-07-24 13:23 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-07-24 12:54 - 2013-07-24 12:54 - 00003494 _____ C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-Kai-PC-Kai
2013-07-24 12:53 - 2013-07-24 12:53 - 00001074 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2013-07-24 12:21 - 2013-07-24 12:21 - 00000546 _____ C:\Users\Kai\Desktop\Emsisoft Emergency Kit.lnk
2013-07-24 12:21 - 2013-07-24 12:21 - 00000000 ____D C:\EEK
2013-07-23 17:11 - 2013-07-23 17:11 - 00000219 _____ C:\Users\Kai\Desktop\Counter-Strike Global Offensive.url
2013-07-22 19:27 - 2013-07-22 19:40 - 00000000 ____D C:\Users\Kai\AppData\Roaming\TrueCrypt
2013-07-22 19:08 - 2013-07-22 19:07 - 00666633 _____ C:\Users\Kai\Desktop\AdwCleaner.exe
2013-07-22 15:37 - 2013-07-22 15:37 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-07-22 15:37 - 2013-07-22 15:37 - 00000000 ____D C:\Users\Kai\AppData\Roaming\Malwarebytes
2013-07-22 15:37 - 2013-07-22 15:37 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-22 15:37 - 2013-07-22 15:37 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-22 15:37 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-07-21 20:30 - 2013-07-21 20:30 - 00000000 ____D C:\Users\Kai\AppData\Roaming\Snz
2013-07-18 19:15 - 2013-07-18 19:15 - 00000000 ____D C:\Users\Kai\Documents\Games for Windows - LIVE Demos
2013-07-18 19:14 - 2013-07-18 19:14 - 00000000 ____D C:\Windows\SysWOW64\xlive
2013-07-18 19:14 - 2013-07-18 19:14 - 00000000 ____D C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2013-07-18 19:07 - 2013-07-18 19:07 - 00000000 ____D C:\Users\Kai\Documents\Rockstar Games
2013-07-18 18:48 - 2013-07-18 18:48 - 00000000 __SHD C:\ProgramData\SecuROM
2013-07-18 18:45 - 2013-07-18 18:45 - 00178800 _____ (Sony DADC Austria AG.) C:\Windows\SysWOW64\CmdLineExt_x64.dll
2013-07-18 18:45 - 2013-07-18 18:45 - 00000000 __RHD C:\Users\Kai\AppData\Roaming\SecuROM
2013-07-18 18:45 - 2013-07-18 18:45 - 00000000 ____D C:\Users\Kai\AppData\Local\Rockstar Games
==================== One Month Modified Files and Folders =======
2013-08-15 11:37 - 2009-07-14 06:45 - 00025680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-15 11:37 - 2009-07-14 06:45 - 00025680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-15 11:36 - 2013-08-15 11:36 - 00891115 _____ C:\Users\Kai\Downloads\SecurityCheck.exe
2013-08-15 11:36 - 2013-08-15 11:36 - 00891115 _____ C:\Users\Kai\Desktop\SecurityCheck.exe
2013-08-15 11:33 - 2013-05-22 09:47 - 00696620 _____ C:\Windows\system32\perfh007.dat
2013-08-15 11:33 - 2013-05-22 09:47 - 00147916 _____ C:\Windows\system32\perfc007.dat
2013-08-15 11:33 - 2009-07-14 07:13 - 01612484 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-15 11:32 - 2013-05-21 23:51 - 01591437 _____ C:\Windows\WindowsUpdate.log
2013-08-15 11:31 - 2013-08-09 15:05 - 00000000 ____D C:\Program Files (x86)\Emsisoft Anti-Malware
2013-08-15 11:31 - 2013-08-04 20:08 - 00000000 ____D C:\Users\Kai\AppData\Roaming\GameTracker
2013-08-15 11:31 - 2013-07-29 16:07 - 00000000 ____D C:\Users\Kai\AppData\Local\HTC MediaHub
2013-08-15 11:31 - 2013-05-22 09:30 - 00001100 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-15 11:30 - 2013-07-25 11:56 - 00014443 _____ C:\Windows\setupact.log
2013-08-15 11:29 - 2013-05-22 09:40 - 00000000 ____D C:\ProgramData\NVIDIA
2013-08-15 11:29 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-15 11:20 - 2013-08-15 11:19 - 00001639 _____ C:\AdwCleaner[S3].txt
2013-08-15 11:19 - 2013-08-15 11:19 - 00001566 _____ C:\AdwCleaner[R6].txt
2013-08-15 11:19 - 2013-08-15 11:15 - 00000000 ____D C:\Windows\system32\MRT
2013-08-15 11:18 - 2013-08-15 11:18 - 00001506 _____ C:\AdwCleaner[R5].txt
2013-08-15 11:17 - 2013-08-15 11:17 - 00000000 ____D C:\Program Files (x86)\ESET
2013-08-15 11:15 - 2013-05-22 17:56 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-15 11:13 - 2013-08-15 11:13 - 02347384 _____ (ESET) C:\Users\Kai\Downloads\esetsmartinstaller_enu.exe
2013-08-15 11:13 - 2013-08-15 11:13 - 02347384 _____ (ESET) C:\Users\Kai\Desktop\esetsmartinstaller_enu.exe
2013-08-14 23:08 - 2013-05-22 15:52 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-14 22:45 - 2013-05-22 09:30 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-14 21:10 - 2013-08-14 20:55 - 00000000 ____D C:\Users\Kai\Desktop\Neue Logfiles. 14.08
2013-08-14 21:08 - 2013-08-14 21:08 - 01575570 _____ (Farbar) C:\Users\Kai\Downloads\FRST64.exe
2013-08-14 21:08 - 2013-08-09 14:26 - 01575570 _____ (Farbar) C:\Users\Kai\Desktop\FRST64.exe
2013-08-14 20:55 - 2013-08-14 20:55 - 00000000 ____D C:\Users\Kai\Desktop\Alte Logfiles. 09.08-10.08
2013-08-14 20:54 - 2013-08-14 20:54 - 00000000 ____D C:\Windows\ERUNT
2013-08-14 20:52 - 2013-08-14 20:52 - 01158897 _____ (Thisisu) C:\Users\Kai\Downloads\JRT.exe
2013-08-14 20:52 - 2013-08-14 20:52 - 01158897 _____ (Thisisu) C:\Users\Kai\Desktop\JRT.exe
2013-08-14 20:50 - 2013-08-14 20:49 - 00001499 _____ C:\AdwCleaner[R4].txt
2013-08-14 20:46 - 2013-05-22 18:31 - 00000000 ____D C:\Users\Kai\AppData\Local\Adobe
2013-08-14 20:35 - 2010-11-21 05:47 - 00260234 _____ C:\Windows\PFRO.log
2013-08-10 13:50 - 2013-05-22 09:58 - 00000000 ____D C:\Program Files (x86)\Steam
2013-08-10 12:11 - 2013-08-10 12:11 - 00034996 _____ C:\ComboFix.txt
2013-08-10 12:11 - 2013-08-10 11:54 - 00000000 ____D C:\Qoobox
2013-08-10 12:11 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-08-10 12:09 - 2013-08-10 11:53 - 00000000 ____D C:\Windows\erdnt
2013-08-10 12:09 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-08-10 12:03 - 2013-08-09 18:10 - 00084294 _____ C:\Users\Kai\Desktop\Neues Textdokument.txt
2013-08-10 11:52 - 2013-08-10 11:53 - 05102523 ____R (Swearware) C:\Users\Kai\Desktop\ComboFix.exe
2013-08-10 11:52 - 2013-08-10 11:51 - 05102523 _____ (Swearware) C:\Users\Kai\Downloads\ComboFix.exe
2013-08-09 20:38 - 2013-05-22 11:28 - 00000000 ____D C:\Program Files (x86)\JDownloader
2013-08-09 18:18 - 2013-08-09 18:18 - 00083672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-08-09 18:18 - 2013-08-09 18:18 - 00000000 ____D C:\Users\Kai\AppData\Roaming\Mozilla
2013-08-09 18:18 - 2013-08-09 18:18 - 00000000 ____D C:\Users\Kai\AppData\Roaming\Avira
2013-08-09 18:17 - 2013-08-09 18:17 - 00002070 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-08-09 18:17 - 2013-08-09 18:16 - 00000000 ____D C:\ProgramData\Avira
2013-08-09 18:16 - 2013-08-09 18:16 - 00130016 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-08-09 18:16 - 2013-08-09 18:16 - 00100712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-08-09 18:16 - 2013-08-09 18:16 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-08-09 18:16 - 2013-08-09 18:16 - 00000000 ____D C:\Program Files (x86)\Avira
2013-08-09 16:11 - 2013-08-09 16:11 - 00000000 ____D C:\Users\Kai\AppData\Local\ESET
2013-08-09 15:09 - 2013-08-09 15:09 - 00000000 ____D C:\ProgramData\ESET
2013-08-09 15:09 - 2013-08-09 15:09 - 00000000 ____D C:\Program Files\ESET
2013-08-09 15:06 - 2013-08-09 15:06 - 00001095 _____ C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2013-08-09 15:05 - 2013-08-09 15:05 - 00000000 ____D C:\Users\Kai\Documents\Anti-Malware
2013-08-09 15:05 - 2013-08-09 15:04 - 01415824 _____ (ESET) C:\Users\Kai\Downloads\eset_nod32_antivirus_live_installer.exe
2013-08-09 15:05 - 2013-08-09 15:03 - 187509536 _____ (Emsisoft GmbH ) C:\Users\Kai\Downloads\EmsisoftAntiMalwareSetup.exe
2013-08-09 15:02 - 2013-08-09 15:02 - 02092792 _____ C:\Users\Kai\Downloads\avira_free_antivirus.exe
2013-08-09 14:30 - 2013-08-09 14:30 - 00000000 ____D C:\FRST
2013-08-09 14:28 - 2013-08-09 14:28 - 00000000 _____ C:\Users\Kai\defogger_reenable
2013-08-09 14:28 - 2013-05-21 23:55 - 00000000 ____D C:\Users\Kai
2013-08-09 14:27 - 2013-08-09 14:27 - 00377856 _____ C:\Users\Kai\Downloads\gmer_2.1.19163.exe
2013-08-09 14:25 - 2013-08-09 14:26 - 00050477 _____ C:\Users\Kai\Desktop\Defogger.exe
2013-08-09 14:25 - 2013-08-09 14:25 - 00050477 _____ C:\Users\Kai\Downloads\Defogger.exe
2013-08-07 23:37 - 2013-05-22 09:37 - 00000000 ____D C:\Users\Kai\AppData\Roaming\Skype
2013-08-07 23:23 - 2013-05-22 09:47 - 00000000 ____D C:\Users\Kai\AppData\Local\PMB Files
2013-08-07 23:23 - 2013-05-22 09:47 - 00000000 ____D C:\ProgramData\PMB Files
2013-08-07 20:50 - 2013-08-07 20:49 - 1138838405 _____ C:\Users\Kai\Downloads\Elysium2.rar
2013-08-07 19:36 - 2013-05-22 19:45 - 00000000 ____D C:\Users\UpdatusUser\AppData\Local\CrashDumps
2013-08-07 19:05 - 2013-08-07 18:50 - 1425489052 _____ C:\Users\Kai\Downloads\CryENGINE_PC_v3_4_5_6666_freesdk.zip
2013-08-07 10:47 - 2013-07-08 21:16 - 00000000 ____D C:\Users\Kai\AppData\Roaming\Common
2013-08-07 10:46 - 2013-08-07 10:38 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-08-07 10:41 - 2013-08-07 10:41 - 00002259 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-08-07 10:41 - 2013-05-22 11:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-07 10:38 - 2013-08-07 10:38 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-08-04 20:08 - 2013-08-04 20:08 - 00001020 _____ C:\Users\Kai\Desktop\GameTracker Lite.lnk
2013-08-04 20:08 - 2013-08-04 20:08 - 00000000 ____D C:\Users\Kai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameTracker Lite
2013-08-04 20:08 - 2013-08-04 20:08 - 00000000 ____D C:\Program Files (x86)\GameTracker
2013-08-04 19:21 - 2013-08-04 19:21 - 00000000 ____D C:\NvidiaLogging
2013-08-04 19:20 - 2013-05-22 09:39 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-08-04 19:20 - 2013-05-22 09:39 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-07-30 23:33 - 2013-05-23 15:01 - 00000000 ____D C:\Users\Kai\AppData\Roaming\vlc
2013-07-29 18:44 - 2009-07-14 06:45 - 04990416 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-29 16:07 - 2013-07-29 16:07 - 00002031 _____ C:\Users\Public\Desktop\HTC Sync Manager.lnk
2013-07-29 16:07 - 2013-07-29 16:07 - 00000000 ____D C:\Users\Kai\AppData\Roaming\HTC Sync
2013-07-29 16:07 - 2013-07-28 18:22 - 00000000 ____D C:\Users\Kai\AppData\Roaming\HTC
2013-07-29 16:07 - 2013-07-28 18:17 - 00000000 ____D C:\ProgramData\HTC
2013-07-29 16:07 - 2013-07-28 18:17 - 00000000 ____D C:\Program Files (x86)\HTC
2013-07-29 16:07 - 2013-05-22 13:21 - 00000000 ____D C:\Users\Kai\AppData\Local\Downloaded Installations
2013-07-29 16:07 - 2013-05-22 09:30 - 00064792 _____ C:\Users\Kai\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-29 16:03 - 2013-07-29 16:03 - 00000005 _____ C:\Windows\SysWOW64\lMMLDeleteUserData42107612FX.tmp
2013-07-29 15:23 - 2013-07-29 15:22 - 00000000 ____D C:\Users\Kai\Desktop\David Guetta - Nothing But The Beat
2013-07-28 23:09 - 2013-07-28 23:09 - 00003302 _____ C:\Windows\System32\Tasks\{E9E56819-4421-4B16-A380-71F0D5C648A5}
2013-07-28 22:54 - 2013-07-28 22:54 - 00000219 _____ C:\Users\Kai\Desktop\Alien Swarm.url
2013-07-28 21:40 - 2013-07-28 21:40 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-28 21:40 - 2013-07-28 21:40 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-28 21:13 - 2013-07-28 21:13 - 00000219 _____ C:\Users\Kai\Desktop\Team Fortress 2.url
2013-07-28 19:35 - 2013-07-28 19:35 - 00000222 _____ C:\Users\Kai\Desktop\Call of Duty Black Ops II - Zombies.url
2013-07-28 18:22 - 2013-07-28 18:21 - 00000000 ____D C:\Users\Kai\Documents\HTC
2013-07-28 18:21 - 2013-07-28 18:21 - 00000000 ____D C:\ProgramData\Motorola
2013-07-28 18:21 - 2013-05-23 13:29 - 00000000 ____D C:\Users\Kai\AppData\Roaming\Apple Computer
2013-07-28 18:21 - 2013-05-23 13:29 - 00000000 ____D C:\Users\Kai\AppData\Local\Apple Computer
2013-07-28 18:20 - 2013-07-28 18:20 - 00000000 ____D C:\Program Files (x86)\Spirent Communications
2013-07-28 18:20 - 2013-05-22 09:24 - 00035414 _____ C:\Windows\DPINST.LOG
2013-07-27 20:13 - 2013-07-27 20:13 - 00287600 _____ C:\Windows\msxml4-KB954430-enu.LOG
2013-07-27 20:13 - 2013-07-27 20:13 - 00283814 _____ C:\Windows\msxml4-KB973688-enu.LOG
2013-07-27 20:13 - 2013-07-27 20:13 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
2013-07-26 19:22 - 2013-07-26 19:22 - 00000000 ____D C:\Users\Kai\AppData\Local\Nero_AG
2013-07-26 19:22 - 2013-07-26 19:21 - 00000000 ____D C:\Users\Kai\AppData\Local\Nero
2013-07-26 11:50 - 2013-05-22 09:27 - 00000000 ____D C:\Users\Kai\AppData\Roaming\Adobe
2013-07-26 11:49 - 2013-07-26 11:48 - 00000000 ____D C:\Users\Kai\AppData\Roaming\Nero
2013-07-26 11:48 - 2013-07-26 11:45 - 00000000 ____D C:\ProgramData\Nero
2013-07-26 11:48 - 2013-07-26 11:45 - 00000000 ____D C:\Program Files (x86)\Nero
2013-07-26 11:48 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\Cursors
2013-07-26 11:47 - 2013-07-26 11:47 - 00002797 _____ C:\Users\Public\Desktop\Nero Video 12.lnk
2013-07-25 21:30 - 2013-07-25 21:29 - 00000000 ____D C:\Program Files\TrueCrypt
2013-07-25 21:29 - 2013-07-25 21:29 - 00231376 _____ (TrueCrypt Foundation) C:\Windows\system32\Drivers\truecrypt.sys
2013-07-25 21:29 - 2013-07-25 21:29 - 00000875 _____ C:\Users\Public\Desktop\TrueCrypt.lnk
2013-07-25 21:26 - 2013-07-25 21:26 - 00000000 ____D C:\Users\Kai\AppData\Local\LogicCircuit
2013-07-25 21:25 - 2013-07-25 21:25 - 00001506 _____ C:\Users\Kai\Desktop\LogicCircuit - Verknüpfung.lnk
2013-07-25 21:24 - 2013-07-25 21:24 - 00000000 ____D C:\Users\Kai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Logic Circuit
2013-07-25 21:24 - 2013-07-25 21:24 - 00000000 ____D C:\Program Files (x86)\LogicCircuit
2013-07-25 21:12 - 2013-07-25 21:12 - 00000000 ____D C:\opt
2013-07-25 19:13 - 2013-06-23 19:24 - 00000000 ____D C:\Users\Kai\Desktop\Gfs Religion Sterbehilfe
2013-07-25 16:51 - 2013-07-07 17:03 - 00008788 _____ C:\Users\Kai\Desktop\SharePod.log
2013-07-25 14:49 - 2013-07-25 14:49 - 00002056 _____ C:\Users\Public\Desktop\Rage.lnk
2013-07-25 14:32 - 2013-07-25 14:32 - 00000000 ____D C:\Program Files (x86)\Bethesda Softworks
2013-07-25 14:32 - 2013-07-25 14:30 - 00000000 ____D C:\Users\Kai\AppData\Roaming\DAEMON Tools Lite
2013-07-25 14:32 - 2013-07-25 14:30 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2013-07-25 14:31 - 2013-07-25 14:31 - 00001954 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2013-07-25 14:30 - 2013-07-25 14:30 - 00283200 _____ (DT Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys
2013-07-25 14:30 - 2013-07-25 14:30 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Lite
2013-07-25 14:14 - 2013-07-25 14:14 - 00000871 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-07-25 11:56 - 2013-07-25 11:56 - 00000000 _____ C:\Windows\setuperr.log
2013-07-25 09:54 - 2013-07-25 09:54 - 00000000 ____D C:\Windows\pss
2013-07-25 09:54 - 2013-05-21 23:55 - 00000000 ___RD C:\Users\Kai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-07-24 14:53 - 2013-05-30 12:38 - 00001708 _____ C:\Users\Kai\Desktop\Photoshop - Verknüpfung.lnk
2013-07-24 14:41 - 2013-07-24 14:41 - 00000000 ____D C:\Users\Kai\AppData\Roaming\PDAppFlex
2013-07-24 14:41 - 2013-07-24 14:41 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2013-07-24 13:23 - 2013-07-24 13:23 - 00000000 ____D C:\Program Files\Adobe
2013-07-24 13:23 - 2013-07-24 13:16 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-07-24 13:18 - 2013-05-22 09:27 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-07-24 13:16 - 2013-05-22 09:27 - 00000000 ____D C:\ProgramData\Adobe
2013-07-24 12:54 - 2013-07-24 12:54 - 00003494 _____ C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-Kai-PC-Kai
2013-07-24 12:53 - 2013-07-24 12:53 - 00001074 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2013-07-24 12:35 - 2013-05-22 10:30 - 00000000 ____D C:\Users\Kai\AppData\Local\CrashDumps
2013-07-24 12:21 - 2013-07-24 12:21 - 00000546 _____ C:\Users\Kai\Desktop\Emsisoft Emergency Kit.lnk
2013-07-24 12:21 - 2013-07-24 12:21 - 00000000 ____D C:\EEK
2013-07-24 12:07 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-07-23 17:47 - 2013-05-22 14:39 - 00062244 _____ C:\Windows\DirectX.log
2013-07-23 17:11 - 2013-07-23 17:11 - 00000219 _____ C:\Users\Kai\Desktop\Counter-Strike Global Offensive.url
2013-07-23 16:40 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2013-07-22 19:40 - 2013-07-22 19:27 - 00000000 ____D C:\Users\Kai\AppData\Roaming\TrueCrypt
2013-07-22 19:07 - 2013-07-22 19:08 - 00666633 _____ C:\Users\Kai\Desktop\AdwCleaner.exe
2013-07-22 15:37 - 2013-07-22 15:37 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-07-22 15:37 - 2013-07-22 15:37 - 00000000 ____D C:\Users\Kai\AppData\Roaming\Malwarebytes
2013-07-22 15:37 - 2013-07-22 15:37 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-22 15:37 - 2013-07-22 15:37 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-21 20:30 - 2013-07-21 20:30 - 00000000 ____D C:\Users\Kai\AppData\Roaming\Snz
2013-07-18 19:15 - 2013-07-18 19:15 - 00000000 ____D C:\Users\Kai\Documents\Games for Windows - LIVE Demos
2013-07-18 19:14 - 2013-07-18 19:14 - 00000000 ____D C:\Windows\SysWOW64\xlive
2013-07-18 19:14 - 2013-07-18 19:14 - 00000000 ____D C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2013-07-18 19:07 - 2013-07-18 19:07 - 00000000 ____D C:\Users\Kai\Documents\Rockstar Games
2013-07-18 18:54 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-07-18 18:48 - 2013-07-18 18:48 - 00000000 __SHD C:\ProgramData\SecuROM
2013-07-18 18:45 - 2013-07-18 18:45 - 00178800 _____ (Sony DADC Austria AG.) C:\Windows\SysWOW64\CmdLineExt_x64.dll
2013-07-18 18:45 - 2013-07-18 18:45 - 00000000 __RHD C:\Users\Kai\AppData\Roaming\SecuROM
2013-07-18 18:45 - 2013-07-18 18:45 - 00000000 ____D C:\Users\Kai\AppData\Local\Rockstar Games
2013-07-18 15:40 - 2013-05-22 09:30 - 00004100 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-18 15:40 - 2013-05-22 09:30 - 00003848 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-18 15:07 - 2013-05-22 09:52 - 00001351 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2013-07-18 15:04 - 2013-05-22 09:37 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-07-18 15:04 - 2013-05-22 09:37 - 00000000 ____D C:\ProgramData\Skype
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-08-08 14:14
==================== End Of Log ============================
____________________ Gruß Kai |
|
15.08.2013, 14:36
| #8 |
| /// the machine /// TB-Ausbilder | E-Mail Account versendet Spam-Mails Lesestoff:Warum wir Avira nicht mehr empfehlen Avira liefert seit einiger Zeit mit der Standardinstallation die Ask Toolbar mit aus. Diese Toolbar ist Voraussetzung dafür, dass der Webguard zuverlässig funktioniert. Die Ask Toolbar ist dafür bekannt, dass sie das Surfverhalten des Benutzers ausspioniert, um damit in letzter Konsequenz Geld zu verdienen. Daher wird von uns auf diesem Board als "schädlich" eingestuft. Mehr Informationen. Eine Sicherheitsfirma, die dem Benutzer praktisch ungefragt schädliche Software "unterjubelt", scheidet für uns daher aus. Wir empfehlen daher allen Nutzern von Avira aufgrund dieser Geschäftspraktik, der teilweise äußerst schlechten Erkennungsrate und der überaus nervtötenden Werbung Avira zu deinstallieren und auf ein alternatives Produkt auszuweichen. Solltest du dich zu einem Wechsel entscheiden, empfehlen wir dir nach der Deinstallation mit dem Avira-Cleaner alle Reste zu entfernen. Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop. Schließe nun alle offenen Programme und trenne Dich von dem Internet. Doppelklick auf die TFC.exe und drücke auf Start. Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen. Teste und berichte
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
15.08.2013, 15:54
| #9 |
| | E-Mail Account versendet Spam-Mails Hab den TFC laufen gelassen und er hatte auch einiges gefunden  Zudem hab ich mal paar Programme die überflüssig waren aus dem Autostart entfernt und bis jetzt läuft alles wie es soll. Wegen den Emails heißt es abwarten. Ich danke aber trotzdem schnonmal für die schnelle und präzise Hilfe. Klasse Board. Ich bin auch am überlegen ob ich mich, sobald wieder möglich, mich hier bewerbe! Saubere Arbeit! Lob werde ich bei Zeit auch noch in die richtige Kategorie schreiben Gruß Kai |
|
15.08.2013, 18:51
| #10 |
| /// the machine /// TB-Ausbilder | E-Mail Account versendet Spam-Mails Auf alle Fälle Passwort vom Mailaccount ändern. Fertig Die Reihenfolge ist hier entscheidend.
Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
15.08.2013, 20:12
| #11 |
| | E-Mail Account versendet Spam-Mails Ich werde jetzt nochmal deinen vielen Tips nachgehen in Ruhe.. Desweiteren habe ich keine Fragen. Vielen Dank nochmals! |
|
15.08.2013, 21:54
| #12 |
| /// the machine /// TB-Ausbilder | E-Mail Account versendet Spam-Mails Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu E-Mail Account versendet Spam-Mails |
| .com, antivirus, black, browser, e-mail, email account versendet spammails, emsisoft, error, explorer, farbar, farbar recovery scan tool, fehler, festplatte, flash player, google, home, homepage, ntdll.dll, offermosquito, photoshop, programm, registry, richtlinie, safer networking, scan, services.exe, software, spam, svchost.exe, traces, trojan, usb, viren, windows, öffnet |
Linear-Darstellung
