| |
| |||||||
Log-Analyse und Auswertung: Windows 7: Steam Trojaner Warnung + Phishing SpamWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
02.12.2013, 19:40
| #1 |
 |  Windows 7: Steam Trojaner Warnung + Phishing Spam Guten Abend, ich habe mir vor kurzem bei Steam den Free to play Titel: War Thunder und noch einen anderen Free to play Titel geladen, woraufhin mein Avira Antivirus Free bereits beim downloaden eine Trojaner Warnung zu beiden Spielen gab. Den Download habe ich dann abgebrochen. An sich dachte ich das sei nur eine Blindwarnung, da ich dazu im Netz nichts gefunden hatte, allerdings habe ich gestern eine Phishing Mail erhalten, nachdem ich bei Steam etwas gekauft hatte. Da ich vor ein paar Monaten schon ein ähnliches Problem hatte und mir hier so super geholfen wurde, würde ich mich freuen wenn nochmal jemand über meine Log-Files schauen könnte. Vielen Dank im voraus und einen schönen Abend noch! Defogger: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 15:40 on 02/12/2013 (User)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
HKCU:DAEMON Tools Lite -> Removed
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-12-2013
Ran by User (administrator) on PC on 02-12-2013 15:40:57
Running from C:\Users\User\Desktop\Troj
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(Akamai Technologies, Inc.) C:\Users\User\AppData\Local\Akamai\netsession_win.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(NETGEAR) C:\Program Files (x86)\NETGEAR\WNDA4100\WNDA4100.EXE
(Akamai Technologies, Inc.) C:\Users\User\AppData\Local\Akamai\netsession_win.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Logitech Inc.) D:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
() D:\Program Files (x86)\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe
() D:\Program Files (x86)\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_64server.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\HelperService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\ConversionService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Windows\SysWOW64\PnkBstrB.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\NETGEAR\WNDA4100\Service\RaRegistry.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\NETGEAR\WNDA4100\Service\RaRegistry64.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Users\User\AppData\Local\Temp\Creative Cloud Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor)
HKLM\...\Run: [Autodesk Sync] - C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [415680 2012-02-05] (Autodesk, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [472984 2013-09-25] (Adobe Systems Incorporated)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe [1028384 2013-11-08] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Winlogon: [Userinit] C:\Windows\sysWOW64\userinit.exe [26624 2010-11-21] (Microsoft Corporation)
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\User\AppData\Local\Akamai\netsession_win.exe [4441920 2012-10-09] (Akamai Technologies, Inc.)
HKCU\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1476104 2012-12-20] (Samsung)
HKCU\...\Policies\Explorer: []
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-03-26] (Intel Corporation)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [683576 2013-11-25] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310280 2012-12-20] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LWS] - D:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Creative Cloud] - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2237328 2013-11-05] (Adobe Systems Incorporated)
AppInit_DLLs: # [ ] ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xA3363A4B4DE1CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://active.macromedia.com/flash2/cabs/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\2ltrwnit.default
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\2ltrwnit.default\Extensions\ich@maltegoetz.de
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF StartMenuInternet: FIREFOX.EXE - D:\Program Files (x86)\Mozilla Firefox\firefox.exe
Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://google.de/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll No File
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll No File
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Battlefield Heroes) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cehdakiococlfmjcbebbkjkfjhbieknh\5.0.203.0_0
CHR Extension: (Adblock Plus) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.6.1_0
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Assassin's Creed III) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\geadmffjboclimmeiaimcafapjaefnfn\1.4_0
CHR Extension: (Terms of Service; Didn\u2019t Read) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjdoplcnndgiblooccencgcggcoihigg\1.0.7_0
CHR Extension: (Turbo for YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhgnmngkgolhffjjdaipkkjbmbnpefef\1.2.3_0
CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-11-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-25] (Avira Operations GmbH & Co. KG)
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [19232 2012-01-31] (Autodesk, Inc.)
R2 mi-raysat_3dsmax2010_64; D:\Program Files (x86)\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe [86016 2009-04-13] ()
R2 mi-raysat_3dsmax2013_64; D:\Program Files (x86)\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_64server.exe [86016 2011-09-15] ()
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15125280 2013-11-08] (NVIDIA Corporation)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1324104 2013-01-09] (pdfforge GbR)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [795208 2013-01-09] (pdfforge GbR)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75064 2013-10-22] ()
R2 PnkBstrB; C:\Windows\SysWow64\PnkBstrB.exe [189248 2013-10-22] ()
R2 RalinkRegistryWriter; C:\Program Files (x86)\NETGEAR\WNDA4100\Service\RaRegistry.exe [377088 2012-04-30] (Ralink Technology, Corp.)
R2 RalinkRegistryWriter64; C:\Program Files (x86)\NETGEAR\WNDA4100\Service\RaRegistry64.exe [455424 2012-04-30] (Ralink Technology, Corp.)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [106904 2013-11-25] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132600 2013-11-25] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-22] (AVM Berlin)
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-02-17] (DT Soft Ltd)
S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [460800 2010-10-22] (AVM GmbH)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-09-28] (NVIDIA Corporation)
S3 ssceserd; C:\Windows\System32\DRIVERS\ssceserd.sys [129024 2012-06-27] (MCCI Corporation)
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [203544 2013-02-06] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 MSICDSetup; \??\E:\CDriver64.sys [x]
S3 NTIOLib_1_0_C; \??\E:\NTIOLib_X64.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-12-02 15:40 - 2013-12-02 15:40 - 00000168 _____ C:\Users\User\defogger_reenable
2013-12-02 15:40 - 2013-12-02 15:40 - 00000000 ____D C:\FRST
2013-12-02 15:38 - 2013-12-02 15:40 - 00000000 ____D C:\Users\User\Desktop\Troj
2013-12-02 15:34 - 2013-12-02 15:34 - 199092305 _____ C:\Users\User\Downloads\InDesign_7_5_LS4.7z.crdownload
2013-12-02 15:34 - 2013-12-02 15:34 - 194417319 _____ C:\Users\User\Downloads\InDesign_7_5_LS1.7z.crdownload
2013-12-02 15:34 - 2013-12-02 15:34 - 01229800 _____ (Adobe Systems Incorporated) C:\Users\User\Downloads\InDesign_7_5_LS4.exe
2013-12-02 15:34 - 2013-12-02 15:34 - 01229800 _____ (Adobe Systems Incorporated) C:\Users\User\Downloads\InDesign_7_5_LS1.exe
2013-12-02 15:27 - 2013-12-02 15:27 - 00001070 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2013-12-02 15:24 - 2013-12-02 15:24 - 02841464 _____ (Adobe Systems Incorporated) C:\Users\User\Downloads\CreativeCloudSet-Up (1).exe
2013-12-02 14:43 - 2013-12-02 14:43 - 00000000 ____D C:\Users\User\AppData\Roaming\AdobeSupportAdvisor
2013-12-02 14:43 - 2013-12-02 14:43 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2013-12-02 14:43 - 2013-12-02 14:43 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2013-12-02 13:28 - 2013-12-02 15:15 - 00000336 _____ C:\Windows\setupact.log
2013-12-02 13:28 - 2013-12-02 13:28 - 00000000 _____ C:\Windows\setuperr.log
2013-12-01 21:38 - 2013-12-01 21:38 - 06143206 _____ C:\Users\User\Downloads\Adobe_Creative_Cloud_Cleaner_Tool.zip
2013-12-01 21:22 - 2013-12-02 14:43 - 00000726 _____ C:\Users\Public\Desktop\Adobe Support Advisor.lnk
2013-12-01 21:22 - 2013-12-01 21:22 - 00000000 ____D C:\Users\User\AppData\Roaming\AdobeSupportAdvisor.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1
2013-12-01 21:13 - 2013-12-01 21:21 - 09869160 _____ C:\Users\User\Downloads\AdobeSupportAdvisor.exe
2013-12-01 19:23 - 2013-12-01 19:23 - 00000364 _____ C:\Windows\DirectX.log
2013-12-01 19:23 - 2013-12-01 19:23 - 00000000 ____D C:\Windows\8A809006C25A4A3A9DAB94659BCDB107.TMP
2013-12-01 15:37 - 2013-12-01 15:37 - 00001085 _____ C:\Users\Public\Desktop\Adobe Content Viewer.lnk
2013-11-27 21:35 - 2013-11-28 22:38 - 00000764 _____ C:\Users\User\Desktop\serien.txt
2013-11-18 00:00 - 2013-11-18 00:00 - 00000000 ____D C:\Users\User\Downloads\fraps
2013-11-17 21:27 - 2013-11-17 21:28 - 02783758 _____ C:\Users\User\Downloads\fraps.zip
2013-11-16 13:30 - 2013-11-16 13:30 - 00000000 ____D C:\Users\User\AppData\Local\NVIDIA Corporation
2013-11-15 23:02 - 2013-11-15 23:02 - 08849350 _____ C:\Users\User\Downloads\Atherys Ascended x32 1.6.2 V.2.0.zip
2013-11-15 20:21 - 2013-11-15 20:21 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2013-11-13 23:39 - 2013-10-12 09:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-13 23:39 - 2013-10-12 09:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-13 23:39 - 2013-10-12 09:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-13 23:39 - 2013-10-12 09:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-13 23:39 - 2013-10-12 09:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-13 23:39 - 2013-10-12 09:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-13 23:39 - 2013-10-12 09:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-13 23:39 - 2013-10-12 09:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-13 23:39 - 2013-10-12 09:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-13 23:39 - 2013-10-12 09:43 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-13 23:39 - 2013-10-12 09:43 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-13 23:39 - 2013-10-12 09:43 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-13 23:39 - 2013-10-12 09:43 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-13 23:39 - 2013-10-12 09:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-13 23:39 - 2013-10-12 08:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-13 23:39 - 2013-10-12 08:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-13 23:39 - 2013-10-12 08:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-13 23:39 - 2013-10-12 08:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-13 23:39 - 2013-10-12 08:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-13 23:39 - 2013-10-12 08:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-13 23:39 - 2013-10-12 08:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-13 23:39 - 2013-10-12 08:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-13 23:39 - 2013-10-12 08:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-13 23:39 - 2013-10-12 08:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-13 23:39 - 2013-10-12 08:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-13 23:39 - 2013-10-12 08:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-13 23:39 - 2013-10-12 08:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-13 23:39 - 2013-10-12 07:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-13 23:39 - 2013-10-12 07:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-13 23:39 - 2013-10-12 06:44 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-13 23:39 - 2013-10-12 06:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-13 20:55 - 2013-11-13 20:55 - 00000000 ____D C:\Users\User\Downloads\1300031721_RealityIV1.62
2013-11-13 20:52 - 2013-11-13 20:52 - 01532234 _____ C:\Users\User\Downloads\1300031721_RealityIV1.62.7z
2013-11-13 19:03 - 2013-11-13 19:03 - 00000000 ____D C:\Users\User\Desktop\handling sicherung
2013-11-13 18:51 - 2013-11-13 18:51 - 02855181 _____ C:\Users\User\Downloads\RealisticDriving_EFLC_13.zip
2013-11-13 18:48 - 2013-11-13 18:48 - 17532198 _____ C:\Users\User\Downloads\iCEnhancer2_1FINAL_reup.zip
2013-11-13 18:15 - 2013-11-13 18:15 - 00810245 _____ C:\Users\User\Downloads\iCEnhancer Config Tool.zip
2013-11-13 18:14 - 2013-11-13 18:14 - 195063456 _____ C:\Users\User\Downloads\iCEnhancer2.0N.zip
2013-11-13 18:13 - 2013-11-13 18:13 - 106562781 _____ C:\Users\User\Downloads\iCEnhancer125.rar
2013-11-13 15:36 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-13 15:36 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-13 15:36 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-13 15:36 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-13 15:36 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-13 15:36 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-13 15:36 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-13 15:36 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-13 15:36 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-13 15:36 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-13 15:36 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-13 15:36 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-13 15:36 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-13 15:36 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-13 15:36 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-13 15:36 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-13 15:36 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-13 15:36 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-13 15:36 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-13 15:36 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-13 15:36 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-13 15:36 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-13 15:36 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-13 15:36 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-13 15:36 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-13 15:36 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-13 15:36 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-13 15:36 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-13 15:36 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-13 15:36 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-12 17:39 - 2013-11-12 17:39 - 00286720 _____ C:\Users\User\Desktop\pinguin.max
2013-11-09 13:40 - 2013-11-09 13:40 - 00006365 _____ C:\Users\User\Downloads\fonts.zip
2013-11-09 13:31 - 2013-11-09 13:32 - 00001782 _____ C:\Users\User\Desktop\LaunchGTAIV.exe - Shortcut.lnk
2013-11-09 12:36 - 2013-11-09 13:14 - 3428982002 _____ (Autodesk, Inc.) C:\Users\User\Downloads\Autodesk_3ds_Max_2014_EFGJKS_Win_64bit_dlm.sfx.exe
2013-11-08 18:09 - 2013-11-08 18:09 - 00003196 _____ C:\Windows\System32\Tasks\{0E113119-20AB-4029-9CFB-EFA57728CFA9}
2013-11-08 18:08 - 2013-11-08 18:08 - 02796287 _____ C:\Users\User\Downloads\RGSC_1_1_3_0.rar
2013-11-08 18:08 - 2013-11-08 18:08 - 00000000 ____D C:\Users\User\Downloads\RGSC_1_1_3_0
2013-11-07 22:32 - 2013-11-07 22:32 - 00000000 ____D C:\Users\User\Documents\Rockstar Games
2013-11-07 22:27 - 2013-11-07 22:27 - 00000000 __SHD C:\ProgramData\SecuROM
2013-11-07 22:25 - 2013-11-07 22:25 - 00178800 _____ (Sony DADC Austria AG.) C:\Windows\SysWOW64\CmdLineExt_x64.dll
2013-11-07 22:25 - 2013-11-07 22:25 - 00000000 ____D C:\Users\User\AppData\Local\Rockstar Games
2013-11-07 09:01 - 2013-11-07 09:01 - 00000000 ____D C:\Users\User\AppData\Local\Macromedia
2013-11-06 22:17 - 2013-11-06 22:17 - 00015773 _____ C:\Users\User\Desktop\Analyse.odt
2013-11-03 20:20 - 2013-11-03 20:20 - 00000000 ____D C:\Users\User\Desktop\New folder
==================== One Month Modified Files and Folders =======
2013-12-02 15:40 - 2013-12-02 15:40 - 00000168 _____ C:\Users\User\defogger_reenable
2013-12-02 15:40 - 2013-12-02 15:40 - 00000000 ____D C:\FRST
2013-12-02 15:40 - 2013-12-02 15:38 - 00000000 ____D C:\Users\User\Desktop\Troj
2013-12-02 15:40 - 2012-12-23 19:18 - 00000000 ____D C:\Users\User
2013-12-02 15:34 - 2013-12-02 15:34 - 199092305 _____ C:\Users\User\Downloads\InDesign_7_5_LS4.7z.crdownload
2013-12-02 15:34 - 2013-12-02 15:34 - 194417319 _____ C:\Users\User\Downloads\InDesign_7_5_LS1.7z.crdownload
2013-12-02 15:34 - 2013-12-02 15:34 - 01229800 _____ (Adobe Systems Incorporated) C:\Users\User\Downloads\InDesign_7_5_LS4.exe
2013-12-02 15:34 - 2013-12-02 15:34 - 01229800 _____ (Adobe Systems Incorporated) C:\Users\User\Downloads\InDesign_7_5_LS1.exe
2013-12-02 15:30 - 2013-01-05 13:01 - 00000000 ____D C:\Users\User\AppData\Local\Adobe
2013-12-02 15:27 - 2013-12-02 15:27 - 00001070 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2013-12-02 15:27 - 2013-01-05 13:01 - 00000000 ____D C:\Users\User\AppData\Roaming\Adobe
2013-12-02 15:26 - 2013-01-05 12:59 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-12-02 15:24 - 2013-12-02 15:24 - 02841464 _____ (Adobe Systems Incorporated) C:\Users\User\Downloads\CreativeCloudSet-Up (1).exe
2013-12-02 15:24 - 2009-07-14 05:45 - 00021808 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-02 15:24 - 2009-07-14 05:45 - 00021808 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-02 15:21 - 2009-07-14 06:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-02 15:20 - 2013-10-05 09:04 - 01691470 _____ C:\Windows\WindowsUpdate.log
2013-12-02 15:17 - 2012-12-23 21:38 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-02 15:15 - 2013-12-02 13:28 - 00000336 _____ C:\Windows\setupact.log
2013-12-02 15:15 - 2012-12-23 21:38 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-02 15:14 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-02 14:43 - 2013-12-02 14:43 - 00000000 ____D C:\Users\User\AppData\Roaming\AdobeSupportAdvisor
2013-12-02 14:43 - 2013-12-02 14:43 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2013-12-02 14:43 - 2013-12-02 14:43 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2013-12-02 14:43 - 2013-12-01 21:22 - 00000726 _____ C:\Users\Public\Desktop\Adobe Support Advisor.lnk
2013-12-02 13:31 - 2012-12-24 21:08 - 00000000 ____D C:\Users\User\AppData\Local\Akamai
2013-12-02 13:28 - 2013-12-02 13:28 - 00000000 _____ C:\Windows\setuperr.log
2013-12-01 21:43 - 2013-02-13 19:48 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-12-01 21:38 - 2013-12-01 21:38 - 06143206 _____ C:\Users\User\Downloads\Adobe_Creative_Cloud_Cleaner_Tool.zip
2013-12-01 21:22 - 2013-12-01 21:22 - 00000000 ____D C:\Users\User\AppData\Roaming\AdobeSupportAdvisor.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1
2013-12-01 21:21 - 2013-12-01 21:13 - 09869160 _____ C:\Users\User\Downloads\AdobeSupportAdvisor.exe
2013-12-01 19:23 - 2013-12-01 19:23 - 00000364 _____ C:\Windows\DirectX.log
2013-12-01 19:23 - 2013-12-01 19:23 - 00000000 ____D C:\Windows\8A809006C25A4A3A9DAB94659BCDB107.TMP
2013-12-01 16:39 - 2013-01-09 14:22 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2013-12-01 15:37 - 2013-12-01 15:37 - 00001085 _____ C:\Users\Public\Desktop\Adobe Content Viewer.lnk
2013-12-01 15:37 - 2013-01-05 11:17 - 00000000 ____D C:\ProgramData\Adobe
2013-12-01 13:48 - 2012-12-23 21:46 - 00000000 ____D C:\Users\User\AppData\Roaming\vlc
2013-11-28 22:38 - 2013-11-27 21:35 - 00000764 _____ C:\Users\User\Desktop\serien.txt
2013-11-28 17:10 - 2013-06-02 21:57 - 00000000 ____D C:\Users\User\AppData\Local\Mozilla
2013-11-28 16:17 - 2013-09-03 12:17 - 00000000 ____D C:\Windows\rescache
2013-11-26 17:41 - 2012-12-24 01:04 - 00000000 ____D C:\Users\User\AppData\Roaming\Skype
2013-11-26 16:21 - 2012-12-24 01:04 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-11-26 16:21 - 2012-12-24 01:04 - 00000000 ____D C:\ProgramData\Skype
2013-11-25 13:40 - 2013-05-07 15:00 - 00083160 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-11-25 13:40 - 2013-03-27 10:21 - 00132600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-11-25 13:40 - 2013-03-27 10:21 - 00106904 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-11-25 13:40 - 2013-03-27 10:21 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-11-24 16:31 - 2013-10-13 20:49 - 00018874 _____ C:\Users\User\Desktop\Story.odt
2013-11-24 13:57 - 2012-12-23 22:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-21 18:54 - 2013-10-25 22:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-11-18 00:00 - 2013-11-18 00:00 - 00000000 ____D C:\Users\User\Downloads\fraps
2013-11-18 00:00 - 2013-02-02 14:36 - 00000512 _____ C:\Users\Public\Desktop\Fraps.lnk
2013-11-17 21:28 - 2013-11-17 21:27 - 02783758 _____ C:\Users\User\Downloads\fraps.zip
2013-11-17 19:19 - 2013-09-02 17:09 - 00000000 ____D C:\Users\User\AppData\Roaming\Audacity
2013-11-17 18:59 - 2012-12-23 21:37 - 00096040 _____ C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-17 17:48 - 2009-07-14 05:45 - 05064032 _____ C:\Windows\system32\FNTCACHE.DAT
2013-11-17 17:47 - 2013-10-26 00:59 - 00000671 _____ C:\Users\User\Desktop\batman.txt
2013-11-17 17:36 - 2012-12-23 19:19 - 00000000 ___RD C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-16 13:30 - 2013-11-16 13:30 - 00000000 ____D C:\Users\User\AppData\Local\NVIDIA Corporation
2013-11-15 23:02 - 2013-11-15 23:02 - 08849350 _____ C:\Users\User\Downloads\Atherys Ascended x32 1.6.2 V.2.0.zip
2013-11-15 20:21 - 2013-11-15 20:21 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2013-11-15 20:21 - 2012-12-24 11:06 - 00000000 ____D C:\Users\User\Documents\My Games
2013-11-15 20:21 - 2012-12-23 19:30 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-11-15 19:29 - 2012-12-24 04:14 - 00000000 ____D C:\Windows\Panther
2013-11-13 23:39 - 2013-08-15 22:40 - 00000000 ____D C:\Windows\system32\MRT
2013-11-13 23:37 - 2012-12-29 00:05 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-13 20:55 - 2013-11-13 20:55 - 00000000 ____D C:\Users\User\Downloads\1300031721_RealityIV1.62
2013-11-13 20:52 - 2013-11-13 20:52 - 01532234 _____ C:\Users\User\Downloads\1300031721_RealityIV1.62.7z
2013-11-13 19:03 - 2013-11-13 19:03 - 00000000 ____D C:\Users\User\Desktop\handling sicherung
2013-11-13 18:51 - 2013-11-13 18:51 - 02855181 _____ C:\Users\User\Downloads\RealisticDriving_EFLC_13.zip
2013-11-13 18:48 - 2013-11-13 18:48 - 17532198 _____ C:\Users\User\Downloads\iCEnhancer2_1FINAL_reup.zip
2013-11-13 18:15 - 2013-11-13 18:15 - 00810245 _____ C:\Users\User\Downloads\iCEnhancer Config Tool.zip
2013-11-13 18:14 - 2013-11-13 18:14 - 195063456 _____ C:\Users\User\Downloads\iCEnhancer2.0N.zip
2013-11-13 18:13 - 2013-11-13 18:13 - 106562781 _____ C:\Users\User\Downloads\iCEnhancer125.rar
2013-11-12 17:39 - 2013-11-12 17:39 - 00286720 _____ C:\Users\User\Desktop\pinguin.max
2013-11-12 16:00 - 2009-07-14 06:08 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-11-09 13:40 - 2013-11-09 13:40 - 00006365 _____ C:\Users\User\Downloads\fonts.zip
2013-11-09 13:32 - 2013-11-09 13:31 - 00001782 _____ C:\Users\User\Desktop\LaunchGTAIV.exe - Shortcut.lnk
2013-11-09 13:14 - 2013-11-09 12:36 - 3428982002 _____ (Autodesk, Inc.) C:\Users\User\Downloads\Autodesk_3ds_Max_2014_EFGJKS_Win_64bit_dlm.sfx.exe
2013-11-09 12:40 - 2013-09-15 20:18 - 00000000 ____D C:\Program Files\Adobe
2013-11-08 22:59 - 2013-02-10 17:30 - 00000000 ____D C:\Users\User\AppData\Roaming\.minecraft
2013-11-08 21:47 - 2013-10-28 16:19 - 01064224 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2013-11-08 21:47 - 2013-10-28 16:19 - 00955168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2013-11-08 18:09 - 2013-11-08 18:09 - 00003196 _____ C:\Windows\System32\Tasks\{0E113119-20AB-4029-9CFB-EFA57728CFA9}
2013-11-08 18:08 - 2013-11-08 18:08 - 02796287 _____ C:\Users\User\Downloads\RGSC_1_1_3_0.rar
2013-11-08 18:08 - 2013-11-08 18:08 - 00000000 ____D C:\Users\User\Downloads\RGSC_1_1_3_0
2013-11-08 17:43 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2013-11-07 22:32 - 2013-11-07 22:32 - 00000000 ____D C:\Users\User\Documents\Rockstar Games
2013-11-07 22:27 - 2013-11-07 22:27 - 00000000 __SHD C:\ProgramData\SecuROM
2013-11-07 22:25 - 2013-11-07 22:25 - 00178800 _____ (Sony DADC Austria AG.) C:\Windows\SysWOW64\CmdLineExt_x64.dll
2013-11-07 22:25 - 2013-11-07 22:25 - 00000000 ____D C:\Users\User\AppData\Local\Rockstar Games
2013-11-07 09:01 - 2013-11-07 09:01 - 00000000 ____D C:\Users\User\AppData\Local\Macromedia
2013-11-07 09:00 - 2013-03-27 10:14 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-11-07 09:00 - 2013-03-27 10:14 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-06 22:17 - 2013-11-06 22:17 - 00015773 _____ C:\Users\User\Desktop\Analyse.odt
2013-11-03 20:20 - 2013-11-03 20:20 - 00000000 ____D C:\Users\User\Desktop\New folder
Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\avgnt.exe
C:\Users\User\AppData\Local\Temp\Creative Cloud Helper.exe
C:\Users\User\AppData\Local\Temp\drm_dyndata_7380014.dll
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-12-02 13:51
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-12-02 19:26:59
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T0L0-0 ST31000524AS rev.JC4B 931,51GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\User\AppData\Local\Temp\fgliqpoc.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff80002ff5000 63 bytes [00, 00, 00, 00, 00, 00, 00, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 592 fffff80002ff5040 13 bytes [01, A0, 98, 1E, A0, F8, FF, ...]
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2136] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075351465 2 bytes [35, 75]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2136] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000753514bb 2 bytes [35, 75]
.text ... * 2
.text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[2396] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000075351465 2 bytes [35, 75]
.text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[2396] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000753514bb 2 bytes [35, 75]
.text ... * 2
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075351465 2 bytes [35, 75]
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000753514bb 2 bytes [35, 75]
.text ... * 2
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[2776] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075351465 2 bytes [35, 75]
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[2776] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000753514bb 2 bytes [35, 75]
.text ... * 2
.text D:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe[2912] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075351465 2 bytes [35, 75]
.text D:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe[2912] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000753514bb 2 bytes [35, 75]
.text ... * 2
.text D:\Program Files (x86)\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe[1448] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075351465 2 bytes [35, 75]
.text D:\Program Files (x86)\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe[1448] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000753514bb 2 bytes [35, 75]
.text ... * 2
.text D:\Program Files (x86)\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_64server.exe[1472] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075351465 2 bytes [35, 75]
.text D:\Program Files (x86)\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_64server.exe[1472] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000753514bb 2 bytes [35, 75]
.text ... * 2
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2332] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075351465 2 bytes [35, 75]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2332] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000753514bb 2 bytes [35, 75]
.text ... * 2
.text C:\Windows\SysWOW64\PnkBstrA.exe[2632] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000074b41a22 2 bytes [B4, 74]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2632] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000074b41ad0 2 bytes [B4, 74]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2632] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000074b41b08 2 bytes [B4, 74]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2632] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000074b41bba 2 bytes [B4, 74]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2632] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000074b41bda 2 bytes [B4, 74]
.text C:\Windows\SysWOW64\PnkBstrB.exe[2720] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000074b41a22 2 bytes [B4, 74]
.text C:\Windows\SysWOW64\PnkBstrB.exe[2720] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000074b41ad0 2 bytes [B4, 74]
.text C:\Windows\SysWOW64\PnkBstrB.exe[2720] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000074b41b08 2 bytes [B4, 74]
.text C:\Windows\SysWOW64\PnkBstrB.exe[2720] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000074b41bba 2 bytes [B4, 74]
.text C:\Windows\SysWOW64\PnkBstrB.exe[2720] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000074b41bda 2 bytes [B4, 74]
.text C:\Windows\SysWOW64\PnkBstrB.exe[2720] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000075351465 2 bytes [35, 75]
.text C:\Windows\SysWOW64\PnkBstrB.exe[2720] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000753514bb 2 bytes [35, 75]
.text ... * 2
.text C:\Users\User\AppData\Local\Akamai\netsession_win.exe[7144] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075351465 2 bytes [35, 75]
.text C:\Users\User\AppData\Local\Akamai\netsession_win.exe[7144] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000753514bb 2 bytes [35, 75]
.text ... * 2
.text C:\Users\User\AppData\Local\Akamai\netsession_win.exe[1944] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075351465 2 bytes [35, 75]
.text C:\Users\User\AppData\Local\Akamai\netsession_win.exe[1944] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000753514bb 2 bytes [35, 75]
.text ... * 2
---- Threads - GMER 2.1 ----
Thread C:\Windows\explorer.exe [4396:3456] 000007fefb9e2154
Thread C:\Windows\explorer.exe [4396:4348] 000007fefbf86204
Thread C:\Windows\explorer.exe [4396:2368] 000007fef8b12f9c
Thread C:\Windows\explorer.exe [4396:2320] 000007fef3462118
Thread C:\Windows\explorer.exe [4396:5336] 000007fefa461010
Thread C:\Windows\explorer.exe [4396:7064] 000007fef378a3f8
Thread C:\Windows\explorer.exe [4396:5180] 000007fef8b12f9c
Thread C:\Windows\explorer.exe [4396:4184] 000007fef8b12f9c
---- Registry - GMER 2.1 ----
Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\User\AppData\Local\Logitech\xae Webcam-Software\Logishrd\LU2.0\LogitechUpdate.exe 1
---- EOF - GMER 2.1 ----
|
| Themen zu Windows 7: Steam Trojaner Warnung + Phishing Spam |
| adblock, akamai, antivirus, avira, combofix, converter, desktop, google, homepage, iexplore.exe, launch, mozilla, netgear, phishing, plug-in, problem, realtek, rundll, scan, secur, software, spam, spielen, super, svchost.exe, system, trojaner, usb, warnung, windows |
Baum-Darstellung