internetverbindung besteht, browser geht nicht

corebone · 22.02.2014, 11:34

Seit etwa 2 tagen komme ich vom pc aus nicht mehr ins internet. Skype und teamspeak haben eine verbindung aber teamviewer und firefox können keine verbindung herstellen. In anderen foren war zu lesen, wenn man eine ip anpingen kann (funktioniert) aber keine domain anpingen kann dann hat man irgendeinen trojaner. Ich habe mir dazu spybot search and destroy geholt, der mir wiederum sagt er hat eine bedrohung gefunden, jedoch kann spybot sie nicht entfernen und die datei wird mir beim system scan nicht angezeigt. Ein kumpel hat das selbe problem auch seit 2 tagen. Was tun?

schrauber · 22.02.2014, 12:33

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

corebone · 23.02.2014, 10:06

Hi schrauber. Ich stecke grade in ziemlichen zeitproblemen und werde dir wahrscheinlich erst am montag die logfiles posten können. Noch eine frage zum programm. Ist dieses frst sowas wie hijackthis?

schrauber · 24.02.2014, 12:06

Ja, nur besser

corebone · 26.02.2014, 15:38

hi. habe den scan mit frst64 gemacht wie es sich gehört. beim ersten scan hat er mir keine addition.txt erstellt also hab ich das prog neugestartet und dann hats funktioniert. sorry wegen der langen wartezeit aber wir haben gerade klausurphase. eine frage hätte ich noch: ich hab meinen usb stick zum kopieren der textdatein am infizierten pc angesteckt (ca halbe min). ist der usb stick nun auch infiziert?
hier die beiden datein. als erste die frst.txt:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-02-2014
Ran by 0 (administrator) on 0-PC on 26-02-2014 15:19:48
Running from C:\Users\0\Desktop
Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Intel Corporation) C:\Windows\system32\IProsetMonitor.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Microsoft) C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBorders.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Bogdan Sharkov) C:\Program Files (x86)\Clownfish\Clownfish.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Microsoft) C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBorders.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe
(Microsoft Corporation) C:\Windows\SysWOW64\DllHost.exe
() C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MousewithoutBordersHelper.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12459112 2012-03-28] (Realtek Semiconductor)
HKLM\...\Run: [Launch LCore] - C:\Program Files\Logitech Gaming Software\LCore.exe [7477016 2013-04-24] (Logitech Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3813712 2014-02-04] (LogMeIn Inc.)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2014-01-28] (Microsoft Corporation)
HKU\S-1-5-21-1345727386-1844014112-3696916032-1000\...\Run: [HydraVisionDesktopManager] - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2011-05-24] (AMD)
HKU\S-1-5-21-1345727386-1844014112-3696916032-1000\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-1345727386-1844014112-3696916032-1000\...\Run: [Clownfish] - C:\Program Files (x86)\Clownfish\Clownfish.exe [1306360 2013-12-17] (Bogdan Sharkov)
HKU\S-1-5-21-1345727386-1844014112-3696916032-1000\...\Run: [AdobeBridge] - [X]
HKU\S-1-5-21-1345727386-1844014112-3696916032-1000\...\MountPoints2: {3aa2d3ce-539c-11e3-8e39-806e6f6e6963} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\Setup.msi
HKU\S-1-5-21-1345727386-1844014112-3696916032-1000\...\MountPoints2: {7c4fc3d3-34c3-11e3-a94f-002215aaba05} - E:\LGAutoRun.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x614F3545A372CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\0\AppData\Roaming\Mozilla\Firefox\Profiles\1eyb20dp.default
FF Homepage: www.google.at/ig
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF - C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml

==================== Services (Whitelisted) =================

R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-02-04] (LogMeIn, Inc.)
S2 MouseWithoutBordersSvc; C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBordersSvc.exe [27872 2012-12-28] (Microsoft)
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-07-26] (Nitro PDF Software)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-01-05] ()
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [106472 2013-09-18] (Razer Inc.)
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S3 TuneUp.Defrag; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe [607040 2013-06-26] (TuneUp Software)
S2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [1403200 2010-08-12] (TuneUp Software)

==================== Drivers (Whitelisted) ====================

R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [66800 2013-01-17] (Logitech Inc.)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [11856 2010-02-25] (TuneUp Software)
S3 athrusb; system32\DRIVERS\athrxusb.sys [X]
S3 ZDPNDIS4; \??\C:\Windows\system32\ZDPNDIS4.SYS [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-26 15:19 - 2014-02-26 15:19 - 00010316 _____ () C:\Users\0\Desktop\FRST.txt
2014-02-26 15:13 - 2013-03-28 02:57 - 02155520 _____ (Farbar) C:\Users\0\Desktop\FRST64.exe
2014-02-26 15:11 - 2014-02-26 15:19 - 00000000 ____D () C:\FRST
2014-02-22 12:20 - 2014-02-22 12:20 - 00001010 _____ () C:\Users\0\Desktop\WinSysClean X4 (64-bit).lnk
2014-02-22 12:20 - 2014-02-22 12:20 - 00000000 __HDC () C:\Users\0\AppData\Local\{8FDDBC08-C557-40EF-AF83-9A0BCC26B68E}
2014-02-22 12:20 - 2014-02-22 12:20 - 00000000 ____D () C:\Users\0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ultimate Systems
2014-02-22 12:20 - 2014-02-22 12:20 - 00000000 ____D () C:\Program Files\WinSysClean X4
2014-02-22 12:16 - 2014-02-22 12:16 - 22683736 _____ (Ultimate Systems, Inc. ) C:\Users\0\Downloads\wsc_x4_v1411_full_setup.exe
2014-02-22 12:16 - 2014-02-22 12:16 - 00000000 ____D () C:\Users\0\AppData\Local\PackageAware
2014-02-22 12:07 - 2014-02-22 12:07 - 00001383 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-02-22 12:07 - 2014-02-22 12:07 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-02-22 12:07 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-02-22 10:55 - 2014-02-22 12:07 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-02-22 10:55 - 2014-02-22 12:07 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-02-19 17:19 - 2014-02-19 17:19 - 00988305 _____ () C:\Users\0\Downloads\TheHive-spawn.zip
2014-02-19 17:19 - 2014-02-19 17:19 - 00070290 _____ () C:\Users\0\Downloads\World Downloader [1.7.2] 20140118.zip
2014-02-19 17:18 - 2014-02-19 17:18 - 00528634 _____ () C:\Users\0\Downloads\world.rar
2014-02-19 15:41 - 2014-02-19 15:41 - 00000132 _____ () C:\Users\0\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen
2014-02-18 19:32 - 2014-02-18 19:32 - 25401728 _____ () C:\Users\0\Documents\PHD_Music Kanaldsgn.psd
2014-02-18 19:32 - 2014-02-18 19:32 - 02438195 _____ () C:\Users\0\Documents\phd_tests.ai
2014-02-18 18:47 - 2014-02-18 18:47 - 00000000 ____D () C:\Users\Public\Documents\Adobe
2014-02-18 18:47 - 2014-02-18 18:47 - 00000000 ____D () C:\Users\0\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2014-02-18 15:48 - 2014-02-18 16:50 - 00000000 ____D () C:\Users\0\.soundcenter
2014-02-18 15:47 - 2014-02-18 15:47 - 00000208 _____ () C:\Users\0\Downloads\add_exception_win.bat
2014-02-18 15:46 - 2014-02-18 15:46 - 00000208 _____ () C:\Users\0\Downloads\add_exception_win.bat.txt
2014-02-16 08:17 - 2014-02-16 08:17 - 01296675 _____ () C:\Users\0\Documents\3E_logo_ill.ai
2014-02-16 08:08 - 2014-02-16 08:08 - 00001252 _____ () C:\Users\0\Desktop\Adobe Illustrator CS6.lnk
2014-02-16 08:08 - 2014-02-16 08:08 - 00000914 _____ () C:\Users\0\Desktop\Adobe Photoshop CS6 (64 Bit).lnk
2014-02-16 08:08 - 2014-02-16 08:08 - 00000895 _____ () C:\Users\0\Desktop\Adobe After Effects CS6.lnk
2014-02-15 19:44 - 2014-02-15 19:45 - 00000000 ____D () C:\Users\0\AppData\Roaming\TeamViewer
2014-02-15 19:42 - 2014-02-15 20:32 - 00001090 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-02-15 19:42 - 2014-02-15 19:42 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-02-15 19:30 - 2014-02-16 15:28 - 77167757 _____ () C:\Users\0\Documents\Project01.psd
2014-02-15 19:28 - 2014-02-15 19:28 - 50140174 _____ () C:\Users\0\Documents\3E_Logo.psd
2014-02-15 18:50 - 2014-02-15 18:50 - 05886237 _____ () C:\Users\0\Downloads\BukkitForge-1.5.2-301.jar
2014-02-15 18:03 - 2014-02-15 18:03 - 00000000 ____D () C:\Users\0\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2014-02-15 16:59 - 2014-02-15 16:59 - 00001150 _____ () C:\Users\Public\Desktop\FL Studio 10.lnk
2014-02-15 16:59 - 2014-02-15 16:59 - 00000000 ____D () C:\Users\0\Documents\Image-Line
2014-02-15 16:59 - 2014-02-15 16:59 - 00000000 ____D () C:\Users\0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
2014-02-15 16:59 - 2014-02-15 16:59 - 00000000 ____D () C:\Users\0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
2014-02-15 16:59 - 2014-02-15 16:59 - 00000000 ____D () C:\Program Files (x86)\Outsim
2014-02-15 16:59 - 2014-02-15 16:59 - 00000000 ____D () C:\Program Files (x86)\ASIO4ALL v2
2014-02-15 16:59 - 2009-09-15 10:14 - 01554944 _____ (HMS hxxp://hp.vector.co.jp/authors/VA012897/) C:\Windows\SysWOW64\vorbis.acm
2014-02-15 16:59 - 2006-06-20 09:56 - 00225280 _____ (Propellerhead Software AB) C:\Windows\SysWOW64\rewire.dll
2014-02-15 16:55 - 2014-02-15 16:59 - 00000000 ____D () C:\Program Files (x86)\Image-Line
2014-02-15 16:43 - 2014-02-15 16:43 - 00000000 ____D () C:\Users\0\AppData\Roaming\MAXON
2014-02-15 16:38 - 2014-02-15 16:38 - 20565880 _____ () C:\Users\0\Documents\Minecraft_Gewitter.psd
2014-02-15 16:09 - 2014-02-15 16:09 - 00000000 ____D () C:\Program Files\Adobe
2014-02-15 15:41 - 2014-02-15 15:41 - 00000000 ____D () C:\ProgramData\ALM
2014-02-15 15:40 - 2014-02-15 15:40 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2014-02-15 15:40 - 2014-02-15 15:40 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2014-02-15 15:27 - 2014-02-15 16:10 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-02-15 15:25 - 2014-02-15 15:40 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-02-15 15:23 - 2014-02-15 16:08 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-02-15 15:19 - 2014-02-15 15:19 - 00000672 _____ () C:\Users\Public\Desktop\Cinema 4D.lnk
2014-02-15 10:17 - 2014-02-15 10:17 - 04822473 _____ (Tim Kosse) C:\Users\0\Downloads\FileZilla_3.7.4.1_win32-setup.exe
2014-02-15 09:11 - 2014-02-15 09:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-07 16:52 - 2014-02-07 16:52 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-02-06 08:34 - 2014-02-06 08:36 - 30796712 _____ (Oracle Corporation) C:\Users\0\Downloads\jre-7u51-windows-x64.exe
2014-02-06 08:33 - 2014-02-06 08:33 - 00921000 _____ (Oracle Corporation) C:\Users\0\Downloads\jxpiinstall(1).exe
2014-02-03 16:38 - 2014-02-03 16:38 - 00000000 ____D () C:\Users\0\Desktop\Youtube
2014-02-03 16:35 - 2014-02-03 17:14 - 734937088 _____ () C:\Users\0\Downloads\KNOPPIX_V7 DE.iso
2014-02-03 16:30 - 2014-02-03 17:16 - 938475520 _____ () C:\Users\0\Downloads\Ubuntu-13.10-Desktop i386.iso
2014-01-31 16:14 - 2014-01-31 16:15 - 12973435 _____ () C:\Users\0\Downloads\craftbukkit-1.5.2-R1.0.jar
2014-01-31 16:04 - 2014-02-02 09:52 - 00000000 ____D () C:\Users\0\Desktop\Server_Markus
2014-01-30 16:11 - 2014-02-21 15:07 - 00000000 ____D () C:\Users\0\AppData\Roaming\TS3Client
2014-01-30 16:09 - 2014-01-30 16:09 - 00001195 _____ () C:\Users\0\Desktop\TeamSpeak 3 Client.lnk
2014-01-30 16:09 - 2014-01-30 16:09 - 00000000 ____D () C:\Users\0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2014-01-30 16:09 - 2014-01-30 16:09 - 00000000 ____D () C:\Users\0\AppData\Local\TeamSpeak 3 Client
2014-01-30 16:00 - 2014-01-30 16:02 - 30095736 _____ (TeamSpeak Systems GmbH) C:\Users\0\Downloads\TeamSpeak3-Client-win32-3.0.13.1.exe
2014-01-30 15:39 - 2014-01-30 15:39 - 00000000 ____D () C:\Users\0\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2014-01-30 15:34 - 2014-01-30 15:34 - 02469824 _____ () C:\Users\0\Downloads\adobe-download-assistant_28224.exe
2014-01-28 20:37 - 2014-01-28 20:37 - 00000000 ____D () C:\Windows\system32\SPReview
2014-01-28 18:45 - 2014-01-28 18:45 - 00000000 ____D () C:\Users\0\Documents\Skype Voice Records
2014-01-28 18:45 - 2014-01-28 18:45 - 00000000 ____D () C:\Users\0\Documents\Clownfish Avatars
2014-01-28 18:45 - 2014-01-28 18:45 - 00000000 ____D () C:\Program Files (x86)\Clownfish
2014-01-28 17:59 - 2014-01-28 17:59 - 00678744 _____ (Shark Labs) C:\Users\0\Downloads\CFSetup345.exe
2014-01-28 16:56 - 2014-02-15 19:50 - 00000000 ____D () C:\Users\0\Desktop\Sonstiges
2014-01-28 16:55 - 2014-02-07 14:46 - 00000000 ___RD () C:\Users\0\Desktop\Musicproduction
2014-01-28 16:29 - 2014-01-28 16:29 - 00000000 ____D () C:\Users\0\Documents\Video deluxe 2013 Premium
2014-01-28 16:29 - 2014-01-28 16:29 - 00000000 ____D () C:\Users\0\Documents\MAGIX
2014-01-28 16:24 - 2014-01-28 16:26 - 00000000 ____D () C:\Program Files (x86)\MAGIX
2014-01-28 16:24 - 2014-01-28 16:24 - 00001177 _____ () C:\Users\Public\Desktop\MAGIX Video deluxe 2013 Premium.lnk
2014-01-28 16:24 - 2014-01-28 16:24 - 00000000 ____D () C:\Users\Public\Documents\MAGIX
2014-01-28 16:24 - 2014-01-28 16:24 - 00000000 ____D () C:\Users\0\Documents\MAGIX_MusicEditor
2014-01-28 16:24 - 2014-01-28 16:24 - 00000000 ____D () C:\Users\0\AppData\Local\Xara
2014-01-28 16:23 - 2014-01-28 16:29 - 00000000 ____D () C:\ProgramData\MAGIX
2014-01-28 16:23 - 2014-01-28 16:23 - 00000000 ____D () C:\ProgramData\simplitec
2014-01-28 16:07 - 2014-02-07 16:14 - 00000000 ____D () C:\Users\0\AppData\Roaming\Audacity
2014-01-28 16:07 - 2014-01-28 16:07 - 00001011 _____ () C:\Users\Public\Desktop\Audacity.lnk
2014-01-28 16:07 - 2014-01-28 16:07 - 00000000 ____D () C:\Program Files (x86)\Audacity
2014-01-28 16:04 - 2014-01-28 16:29 - 00000000 ____D () C:\Users\0\AppData\Roaming\MAGIX
2014-01-28 16:04 - 2014-01-28 16:04 - 22180353 _____ (Audacity Team ) C:\Users\0\Downloads\audacity-win-2.0.5.exe
2014-01-28 16:02 - 2014-01-28 18:55 - 00000000 ____D () C:\Fraps
2014-01-28 16:02 - 2014-01-28 16:02 - 00000562 _____ () C:\Users\Public\Desktop\Fraps.lnk
2014-01-28 16:00 - 2014-01-28 16:00 - 02623818 _____ () C:\Users\0\Downloads\Fraps.rar
2014-01-28 15:58 - 2014-01-28 16:00 - 04631704 _____ () C:\Users\0\Downloads\vidlux2013premium.rar
2014-01-27 16:24 - 2014-01-27 16:24 - 00069632 _____ (Twain Working Group) C:\Windows\Twunk_32.728
2014-01-27 16:24 - 2014-01-27 16:24 - 00048560 _____ (Twain Working Group) C:\Windows\TWUNK_16.728
2014-01-27 16:24 - 2014-01-27 16:24 - 00033537 _____ () C:\Windows\DeIsL1.isu
2014-01-27 16:24 - 2014-01-27 16:24 - 00029029 _____ () C:\Windows\DeIsL2.isu
2014-01-27 16:24 - 2014-01-27 16:24 - 00000000 ____D () C:\Windows\SysWOW64\COLOR
2014-01-27 16:24 - 2014-01-27 16:24 - 00000000 ____D () C:\Windows\Samsung
2014-01-27 16:24 - 2002-04-29 13:56 - 00110592 _____ (Samsung Electronics) C:\Windows\dll32.dll
2014-01-27 16:24 - 2002-04-23 09:24 - 00266240 _____ () C:\Windows\SysWOW64\Sscffax.exe
2014-01-27 16:24 - 2002-04-16 16:13 - 00002397 _____ () C:\Windows\ssnew05.ini
2014-01-27 16:24 - 2002-04-16 16:13 - 00002397 _____ () C:\Windows\ssnew04.ini
2014-01-27 16:24 - 2002-04-16 16:13 - 00002397 _____ () C:\Windows\ssnew03.ini
2014-01-27 16:24 - 2002-04-16 16:13 - 00002397 _____ () C:\Windows\ssnew02.ini
2014-01-27 16:24 - 2002-04-16 16:13 - 00002397 _____ () C:\Windows\ssnew01.ini
2014-01-27 16:24 - 2002-02-08 10:24 - 00036864 _____ (Samsung Electronics) C:\Windows\SysWOW64\Sscfbtn.exe
2014-01-27 16:24 - 2002-02-07 21:37 - 00041472 _____ (DeviceGuys, Inc.) C:\Windows\SysWOW64\Drivers\DgivEcp.sys
2014-01-27 16:24 - 2002-02-07 14:07 - 00002568 _____ () C:\Windows\Ssudmsg.loc
2014-01-27 16:24 - 2002-01-26 10:11 - 00038292 _____ () C:\Windows\MyScan.loc
2014-01-27 16:24 - 2001-12-19 11:34 - 00028672 _____ () C:\Windows\SysWOW64\CxFoUnin.dll
2014-01-27 16:24 - 2001-12-18 13:56 - 00073728 _____ () C:\Windows\SysWOW64\Sscfinst.dll
2014-01-27 16:24 - 2001-10-13 10:29 - 00002585 _____ () C:\Windows\SSDS32.INI
2014-01-27 16:24 - 2001-10-13 10:26 - 00073728 _____ (Samsung Electronics) C:\Windows\SysWOW64\Sscfmdm.dll
2014-01-27 16:24 - 2001-10-05 18:46 - 00013770 _____ () C:\Windows\SysWOW64\Sscffax.hlp
2014-01-27 16:24 - 2001-08-08 20:24 - 00014628 _____ (Samsung Electronics) C:\Windows\SysWOW64\Sscfusb.dll
2014-01-27 16:24 - 2000-09-27 10:05 - 00002296 _____ () C:\Windows\SSDEF32.INI
2014-01-27 16:24 - 1999-10-29 09:29 - 00000029 _____ () C:\Windows\MyScan.ini
2014-01-27 16:24 - 1999-05-14 08:10 - 00536245 _____ () C:\Windows\Myscan.HLP
2014-01-27 16:24 - 1999-02-02 10:20 - 00002554 _____ () C:\Windows\SSDS16.INI
2014-01-27 16:24 - 1999-02-02 10:20 - 00002267 _____ () C:\Windows\SSDEF16.INI
2014-01-27 16:24 - 1998-10-21 18:43 - 00328704 _____ (InstallShield Software Corporation ) C:\Windows\IsUn0407.exe
2014-01-27 16:24 - 1997-10-29 21:18 - 00012800 _____ () C:\Windows\SS16FT.DLL

==================== One Month Modified Files and Folders =======

2014-02-26 15:19 - 2014-02-26 15:19 - 00010316 _____ () C:\Users\0\Desktop\FRST.txt
2014-02-26 15:19 - 2014-02-26 15:11 - 00000000 ____D () C:\FRST
2014-02-26 15:16 - 2009-07-14 05:45 - 00014208 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-26 15:16 - 2009-07-14 05:45 - 00014208 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-26 15:15 - 2013-06-26 18:44 - 01995493 _____ () C:\Windows\WindowsUpdate.log
2014-02-26 15:12 - 2009-07-14 18:58 - 00698688 _____ () C:\Windows\system32\perfh007.dat
2014-02-26 15:12 - 2009-07-14 18:58 - 00148828 _____ () C:\Windows\system32\perfc007.dat
2014-02-26 15:12 - 2009-07-14 06:13 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-26 15:11 - 2013-06-26 20:28 - 00004266 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{6654E669-DAA9-4216-9634-B1BF51C61636}
2014-02-26 15:10 - 2013-07-08 12:32 - 00000000 ____D () C:\Users\0\AppData\Roaming\Skype
2014-02-26 15:09 - 2013-07-05 08:46 - 00000000 ____D () C:\Users\0\AppData\Local\LogMeIn Hamachi
2014-02-26 15:08 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-26 15:08 - 2009-07-14 05:51 - 00057604 _____ () C:\Windows\setupact.log
2014-02-22 12:20 - 2014-02-22 12:20 - 00001010 _____ () C:\Users\0\Desktop\WinSysClean X4 (64-bit).lnk
2014-02-22 12:20 - 2014-02-22 12:20 - 00000000 __HDC () C:\Users\0\AppData\Local\{8FDDBC08-C557-40EF-AF83-9A0BCC26B68E}
2014-02-22 12:20 - 2014-02-22 12:20 - 00000000 ____D () C:\Users\0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ultimate Systems
2014-02-22 12:20 - 2014-02-22 12:20 - 00000000 ____D () C:\Program Files\WinSysClean X4
2014-02-22 12:16 - 2014-02-22 12:16 - 22683736 _____ (Ultimate Systems, Inc. ) C:\Users\0\Downloads\wsc_x4_v1411_full_setup.exe
2014-02-22 12:16 - 2014-02-22 12:16 - 00000000 ____D () C:\Users\0\AppData\Local\PackageAware
2014-02-22 12:07 - 2014-02-22 12:07 - 00001383 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-02-22 12:07 - 2014-02-22 12:07 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-02-22 12:07 - 2014-02-22 10:55 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-02-22 12:07 - 2014-02-22 10:55 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-02-22 12:04 - 2013-06-26 18:42 - 00000000 ____D () C:\Users\0
2014-02-22 12:03 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-02-22 12:03 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2014-02-21 15:07 - 2014-01-30 16:11 - 00000000 ____D () C:\Users\0\AppData\Roaming\TS3Client
2014-02-20 17:36 - 2013-06-30 01:12 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-19 19:05 - 2013-07-04 12:59 - 00000000 ____D () C:\Users\0\AppData\Roaming\.minecraft
2014-02-19 17:19 - 2014-02-19 17:19 - 00988305 _____ () C:\Users\0\Downloads\TheHive-spawn.zip
2014-02-19 17:19 - 2014-02-19 17:19 - 00070290 _____ () C:\Users\0\Downloads\World Downloader [1.7.2] 20140118.zip
2014-02-19 17:18 - 2014-02-19 17:18 - 00528634 _____ () C:\Users\0\Downloads\world.rar
2014-02-19 15:41 - 2014-02-19 15:41 - 00000132 _____ () C:\Users\0\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen
2014-02-18 19:32 - 2014-02-18 19:32 - 25401728 _____ () C:\Users\0\Documents\PHD_Music Kanaldsgn.psd
2014-02-18 19:32 - 2014-02-18 19:32 - 02438195 _____ () C:\Users\0\Documents\phd_tests.ai
2014-02-18 18:47 - 2014-02-18 18:47 - 00000000 ____D () C:\Users\Public\Documents\Adobe
2014-02-18 18:47 - 2014-02-18 18:47 - 00000000 ____D () C:\Users\0\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2014-02-18 16:50 - 2014-02-18 15:48 - 00000000 ____D () C:\Users\0\.soundcenter
2014-02-18 15:47 - 2014-02-18 15:47 - 00000208 _____ () C:\Users\0\Downloads\add_exception_win.bat
2014-02-18 15:46 - 2014-02-18 15:46 - 00000208 _____ () C:\Users\0\Downloads\add_exception_win.bat.txt
2014-02-16 15:28 - 2014-02-15 19:30 - 77167757 _____ () C:\Users\0\Documents\Project01.psd
2014-02-16 15:01 - 2013-07-01 15:49 - 00000000 ____D () C:\Users\0\AppData\Local\Adobe
2014-02-16 08:17 - 2014-02-16 08:17 - 01296675 _____ () C:\Users\0\Documents\3E_logo_ill.ai
2014-02-16 08:08 - 2014-02-16 08:08 - 00001252 _____ () C:\Users\0\Desktop\Adobe Illustrator CS6.lnk
2014-02-16 08:08 - 2014-02-16 08:08 - 00000914 _____ () C:\Users\0\Desktop\Adobe Photoshop CS6 (64 Bit).lnk
2014-02-16 08:08 - 2014-02-16 08:08 - 00000895 _____ () C:\Users\0\Desktop\Adobe After Effects CS6.lnk
2014-02-16 08:08 - 2013-07-07 08:54 - 00000000 ____D () C:\ProgramData\Adobe
2014-02-16 08:08 - 2013-06-30 01:12 - 00000000 ____D () C:\Users\0\AppData\Roaming\Adobe
2014-02-16 08:06 - 2013-11-10 21:05 - 00003848 _____ () C:\Windows\PFRO.log
2014-02-16 08:06 - 2013-06-26 20:19 - 00107840 _____ () C:\Users\0\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-16 08:06 - 2009-07-14 05:45 - 05009048 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-15 20:32 - 2014-02-15 19:42 - 00001090 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-02-15 19:50 - 2014-01-28 16:56 - 00000000 ____D () C:\Users\0\Desktop\Sonstiges
2014-02-15 19:45 - 2014-02-15 19:44 - 00000000 ____D () C:\Users\0\AppData\Roaming\TeamViewer
2014-02-15 19:42 - 2014-02-15 19:42 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-02-15 19:34 - 2013-09-11 15:59 - 00000000 ____D () C:\Users\0\Desktop\Unleashed_server
2014-02-15 19:28 - 2014-02-15 19:28 - 50140174 _____ () C:\Users\0\Documents\3E_Logo.psd
2014-02-15 18:50 - 2014-02-15 18:50 - 05886237 _____ () C:\Users\0\Downloads\BukkitForge-1.5.2-301.jar
2014-02-15 18:03 - 2014-02-15 18:03 - 00000000 ____D () C:\Users\0\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2014-02-15 16:59 - 2014-02-15 16:59 - 00001150 _____ () C:\Users\Public\Desktop\FL Studio 10.lnk
2014-02-15 16:59 - 2014-02-15 16:59 - 00000000 ____D () C:\Users\0\Documents\Image-Line
2014-02-15 16:59 - 2014-02-15 16:59 - 00000000 ____D () C:\Users\0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
2014-02-15 16:59 - 2014-02-15 16:59 - 00000000 ____D () C:\Users\0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
2014-02-15 16:59 - 2014-02-15 16:59 - 00000000 ____D () C:\Program Files (x86)\Outsim
2014-02-15 16:59 - 2014-02-15 16:59 - 00000000 ____D () C:\Program Files (x86)\ASIO4ALL v2
2014-02-15 16:59 - 2014-02-15 16:55 - 00000000 ____D () C:\Program Files (x86)\Image-Line
2014-02-15 16:43 - 2014-02-15 16:43 - 00000000 ____D () C:\Users\0\AppData\Roaming\MAXON
2014-02-15 16:38 - 2014-02-15 16:38 - 20565880 _____ () C:\Users\0\Documents\Minecraft_Gewitter.psd
2014-02-15 16:10 - 2014-02-15 15:27 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-02-15 16:09 - 2014-02-15 16:09 - 00000000 ____D () C:\Program Files\Adobe
2014-02-15 16:08 - 2014-02-15 15:23 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-02-15 15:41 - 2014-02-15 15:41 - 00000000 ____D () C:\ProgramData\ALM
2014-02-15 15:40 - 2014-02-15 15:40 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2014-02-15 15:40 - 2014-02-15 15:40 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2014-02-15 15:40 - 2014-02-15 15:25 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-02-15 15:32 - 2013-07-01 15:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-15 15:19 - 2014-02-15 15:19 - 00000672 _____ () C:\Users\Public\Desktop\Cinema 4D.lnk
2014-02-15 10:19 - 2013-07-15 09:13 - 00000000 ____D () C:\Users\0\AppData\Roaming\FileZilla
2014-02-15 10:17 - 2014-02-15 10:17 - 04822473 _____ (Tim Kosse) C:\Users\0\Downloads\FileZilla_3.7.4.1_win32-setup.exe
2014-02-15 10:17 - 2013-07-15 09:13 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
2014-02-15 09:11 - 2014-02-15 09:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-08 10:00 - 2013-08-15 12:43 - 00000000 ___RD () C:\Users\0\Desktop\FTB
2014-02-07 16:52 - 2014-02-07 16:52 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-02-07 16:52 - 2013-07-05 08:46 - 00000926 _____ () C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
2014-02-07 16:14 - 2014-01-28 16:07 - 00000000 ____D () C:\Users\0\AppData\Roaming\Audacity
2014-02-07 14:46 - 2014-01-28 16:55 - 00000000 ___RD () C:\Users\0\Desktop\Musicproduction
2014-02-06 08:36 - 2014-02-06 08:34 - 30796712 _____ (Oracle Corporation) C:\Users\0\Downloads\jre-7u51-windows-x64.exe
2014-02-06 08:33 - 2014-02-06 08:33 - 00921000 _____ (Oracle Corporation) C:\Users\0\Downloads\jxpiinstall(1).exe
2014-02-05 18:28 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-05 10:36 - 2013-06-30 01:12 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-05 10:36 - 2013-06-30 01:12 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-05 10:36 - 2013-06-30 01:12 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-03 17:16 - 2014-02-03 16:30 - 938475520 _____ () C:\Users\0\Downloads\Ubuntu-13.10-Desktop i386.iso
2014-02-03 17:14 - 2014-02-03 16:35 - 734937088 _____ () C:\Users\0\Downloads\KNOPPIX_V7 DE.iso
2014-02-03 16:38 - 2014-02-03 16:38 - 00000000 ____D () C:\Users\0\Desktop\Youtube
2014-02-02 09:52 - 2014-01-31 16:04 - 00000000 ____D () C:\Users\0\Desktop\Server_Markus
2014-01-31 16:15 - 2014-01-31 16:14 - 12973435 _____ () C:\Users\0\Downloads\craftbukkit-1.5.2-R1.0.jar
2014-01-30 16:09 - 2014-01-30 16:09 - 00001195 _____ () C:\Users\0\Desktop\TeamSpeak 3 Client.lnk
2014-01-30 16:09 - 2014-01-30 16:09 - 00000000 ____D () C:\Users\0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2014-01-30 16:09 - 2014-01-30 16:09 - 00000000 ____D () C:\Users\0\AppData\Local\TeamSpeak 3 Client
2014-01-30 16:02 - 2014-01-30 16:00 - 30095736 _____ (TeamSpeak Systems GmbH) C:\Users\0\Downloads\TeamSpeak3-Client-win32-3.0.13.1.exe
2014-01-30 15:39 - 2014-01-30 15:39 - 00000000 ____D () C:\Users\0\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2014-01-30 15:34 - 2014-01-30 15:34 - 02469824 _____ () C:\Users\0\Downloads\adobe-download-assistant_28224.exe
2014-01-28 20:37 - 2014-01-28 20:37 - 00000000 ____D () C:\Windows\system32\SPReview
2014-01-28 18:55 - 2014-01-28 16:02 - 00000000 ____D () C:\Fraps
2014-01-28 18:45 - 2014-01-28 18:45 - 00000000 ____D () C:\Users\0\Documents\Skype Voice Records
2014-01-28 18:45 - 2014-01-28 18:45 - 00000000 ____D () C:\Users\0\Documents\Clownfish Avatars
2014-01-28 18:45 - 2014-01-28 18:45 - 00000000 ____D () C:\Program Files (x86)\Clownfish
2014-01-28 17:59 - 2014-01-28 17:59 - 00678744 _____ (Shark Labs) C:\Users\0\Downloads\CFSetup345.exe
2014-01-28 16:55 - 2013-07-04 13:23 - 00000000 ____D () C:\Users\0\Desktop\Bukkitserver
2014-01-28 16:29 - 2014-01-28 16:29 - 00000000 ____D () C:\Users\0\Documents\Video deluxe 2013 Premium
2014-01-28 16:29 - 2014-01-28 16:29 - 00000000 ____D () C:\Users\0\Documents\MAGIX
2014-01-28 16:29 - 2014-01-28 16:23 - 00000000 ____D () C:\ProgramData\MAGIX
2014-01-28 16:29 - 2014-01-28 16:04 - 00000000 ____D () C:\Users\0\AppData\Roaming\MAGIX
2014-01-28 16:29 - 2013-12-16 19:01 - 00000000 ____D () C:\Users\0\AppData\Local\Unity
2014-01-28 16:28 - 2013-06-26 18:43 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-01-28 16:26 - 2014-01-28 16:24 - 00000000 ____D () C:\Program Files (x86)\MAGIX
2014-01-28 16:24 - 2014-01-28 16:24 - 00001177 _____ () C:\Users\Public\Desktop\MAGIX Video deluxe 2013 Premium.lnk
2014-01-28 16:24 - 2014-01-28 16:24 - 00000000 ____D () C:\Users\Public\Documents\MAGIX
2014-01-28 16:24 - 2014-01-28 16:24 - 00000000 ____D () C:\Users\0\Documents\MAGIX_MusicEditor
2014-01-28 16:24 - 2014-01-28 16:24 - 00000000 ____D () C:\Users\0\AppData\Local\Xara
2014-01-28 16:24 - 2007-04-27 10:43 - 00120200 _____ () C:\Windows\SysWOW64\DLLDEV32i.dll
2014-01-28 16:23 - 2014-01-28 16:23 - 00000000 ____D () C:\ProgramData\simplitec
2014-01-28 16:23 - 2013-06-26 20:18 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2014-01-28 16:07 - 2014-01-28 16:07 - 00001011 _____ () C:\Users\Public\Desktop\Audacity.lnk
2014-01-28 16:07 - 2014-01-28 16:07 - 00000000 ____D () C:\Program Files (x86)\Audacity
2014-01-28 16:04 - 2014-01-28 16:04 - 22180353 _____ (Audacity Team ) C:\Users\0\Downloads\audacity-win-2.0.5.exe
2014-01-28 16:02 - 2014-01-28 16:02 - 00000562 _____ () C:\Users\Public\Desktop\Fraps.lnk
2014-01-28 16:00 - 2014-01-28 16:00 - 02623818 _____ () C:\Users\0\Downloads\Fraps.rar
2014-01-28 16:00 - 2014-01-28 15:58 - 04631704 _____ () C:\Users\0\Downloads\vidlux2013premium.rar
2014-01-27 16:24 - 2014-01-27 16:24 - 00069632 _____ (Twain Working Group) C:\Windows\Twunk_32.728
2014-01-27 16:24 - 2014-01-27 16:24 - 00048560 _____ (Twain Working Group) C:\Windows\TWUNK_16.728
2014-01-27 16:24 - 2014-01-27 16:24 - 00033537 _____ () C:\Windows\DeIsL1.isu
2014-01-27 16:24 - 2014-01-27 16:24 - 00029029 _____ () C:\Windows\DeIsL2.isu
2014-01-27 16:24 - 2014-01-27 16:24 - 00000000 ____D () C:\Windows\SysWOW64\COLOR
2014-01-27 16:24 - 2014-01-27 16:24 - 00000000 ____D () C:\Windows\Samsung
2014-01-27 16:24 - 2009-07-14 03:34 - 00000425 _____ () C:\Windows\win.ini
2014-01-27 16:12 - 2013-10-08 17:46 - 00000000 ____D () C:\Users\0\Desktop\Geometrie
2014-01-27 15:42 - 2013-11-05 18:19 - 00000000 ____D () C:\Users\0\AppData\Roaming\Nitro PDF

Some content of TEMP:
====================
C:\Users\0\AppData\Local\Temp\i4jdel0.exe
C:\Users\0\AppData\Local\Temp\jansi-32-git-Bukkit-1.5.2-R1.0-b2788jnks.dll
C:\Users\0\AppData\Local\Temp\jansi-64-git-Bukkit-1.5.2-R0.1-b2771jnks.dll
C:\Users\0\AppData\Local\Temp\jansi-64-git-Bukkit-1.5.2-R1.0-b2788jnks.dll
C:\Users\0\AppData\Local\Temp\jansi-64-git-Bukkit-1.6.4-R2.0-26-g31d7c5f-b2943jnks.dll
C:\Users\0\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\0\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
C:\Users\0\AppData\Local\Temp\Uninstall.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-19 16:55

==================== End Of Log ============================

--- --- ---

und hier die addition.txt:FRST Additions Logfile:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-02-2014
Ran by 0 at 2014-02-26 15:19:58
Running from C:\Users\0\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

Adobe After Effects CS6 (HKLM-x32\...\{4817D846-700B-474E-A31B-80892B3E92E3}) (Version: 11 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.1.0.4880 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Help Manager (x32 Version: 4.0.244 - Adobe Systems Incorporated) Hidden
Adobe Illustrator CS6 (HKLM-x32\...\{4869414E-7AEA-4C8E-BE1C-8D40977FD517}) (Version: 16.0 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
AMD Accelerated Video Transcoding (Version: 12.10.100.30328 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 2.4.650.9 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{C8807716-1F6F-5C43-3C32-7295A45CF060}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.80328.2204 - Advanced Micro Devices, Inc.) Hidden
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.10 - Michael Tippach)
ATI AVIVO64 Codecs (Version: 11.6.0.10524 - ATI Technologies Inc.) Hidden
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2013.0328.2218.38225 - Ihr Firmenname) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
Cinema 4D version R12 (HKLM-x32\...\{7D9D8134-9FA3-4FFF-ADA1-BF609F29997A}_is1) (Version: R12 - Salat Production)
Clownfish for Skype (HKLM-x32\...\Clownfish) (Version:  - )
Crazy Machines - Neues aus dem Labor (HKLM-x32\...\Crazy Machines - Neues aus dem Labor) (Version:  - )
FileZilla Client 3.7.4.1 (HKLM-x32\...\FileZilla Client) (Version: 3.7.4.1 - Tim Kosse)
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{39AB2E37-1A55-4292-A5D3-971E9F70D0F8}) (Version: 2.1.32.0 - MAGIX AG)
FL Studio 10 (HKLM-x32\...\FL Studio 10) (Version:  - Image-Line)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
HydraVision (x32 Version: 4.2.206.0 - ATI Technologies Inc.) Hidden
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version:  - Image-Line)
Intel(R) Network Connections 17.0.200.2 (HKLM\...\PROSetDX) (Version: 17.0.200.2 - Intel)
Intel(R) Network Connections 17.0.200.2 (Version: 17.0.200.2 - Intel) Hidden
Java 7 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417025FF}) (Version: 7.0.250 - Oracle)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Logitech Gaming Software (Version: 8.45.88 - Logitech Inc.) Hidden
Logitech Gaming Software 8.46 (HKLM\...\Logitech Gaming Software) (Version: 8.46.27 - Logitech Inc.)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.130 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.130 - LogMeIn, Inc.) Hidden
MAGIX Video deluxe 2013 Premium (HKLM-x32\...\MAGIX_{47E960B1-A285-4D31-87BA-4D2936FC8FF1}) (Version: 12.0.3.4 - MAGIX AG)
MAGIX Video deluxe 2013 Premium (Version: 12.0.3.4 - MAGIX AG) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft Garage Mouse without Borders (HKLM-x32\...\{D3BC954F-D661-474C-B367-30EB6E56542E}) (Version: 2.1.2.1212 - Microsoft Garage)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Minecraft1.5.2 (HKLM-x32\...\Minecraft1.5.2) (Version:  - )
Mozilla Firefox 27.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Nitro Reader 3 (HKLM\...\{4756C731-B54E-451A-9AF1-86E8AB1BEBBB}) (Version: 3.5.6.5 - Nitro)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Razer Game Booster (HKLM-x32\...\Razer Game Booster_is1) (Version: 4.0.68.0 - Razer Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.50.1123.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6602 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.28.1 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.28.1 - Renesas Electronics Corporation) Hidden
Samsung SCX-1150 Series Druckertreiber (HKLM-x32\...\Samsung SCX-1150 Series) (Version:  - )
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)
TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.13 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.25942 - TeamViewer)
TuneUp Utilities (HKLM-x32\...\TuneUp Utilities) (Version: 9.0.4500.26 - TuneUp Software)
TuneUp Utilities (x32 Version: 9.0.4500.26 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (x32 Version: 9.0.4500.26 - TuneUp Software) Hidden
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WinSysClean X4 (HKCU\...\WinSysClean X4) (Version: 14.11 - Ultimate Systems, Inc.)
WinSysClean X4 (Version: 14.11 - Ultimate Systems, Inc.) Hidden
WorldPainter 1.4.0 (HKLM\...\4144-4862-0472-7103) (Version: 1.4.0 - pepsoft.org)

==================== Restore Points  =========================

22-02-2014 11:20:14 WinSysClean Startup

==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {4491FD85-D19C-4B9C-ABE6-186A2E5D6F53} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {62CFD1F6-E590-49FA-9DE3-4BBD61E21C1B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-05] (Adobe Systems Incorporated)
Task: {8BF7FC80-79F1-4B77-AC11-A08E5BCC59B8} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance => C:\Program Files (x86)\TuneUp Utilities 2010\OneClick.exe [2010-08-12] (TuneUp Software)
Task: {A050465B-DB63-47AC-BB75-EF88D874EE81} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {AD4E3028-18F2-4A6F-A0E4-8A6C45337968} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2010-01-02 15:42 - 2010-01-02 15:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2014-01-05 16:11 - 2014-01-05 16:11 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2012-12-28 10:44 - 2012-12-28 10:44 - 00039648 _____ () C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MousewithoutBordersHelper.exe
2014-02-22 10:55 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-02-22 10:55 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/26/2014 03:17:57 PM) (Source: Application Hang) (User: )
Description: Programm FRST64.exe, Version 3.3.10.2 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: ce0

Startzeit: 01cf32fd7f9f2d84

Endzeit: 0

Anwendungspfad: C:\Users\0\Desktop\FRST64.exe

Berichts-ID: c83c6226-9ef0-11e3-82d3-002215aaba05

Error: (02/26/2014 03:17:34 PM) (Source: Application Hang) (User: )
Description: Programm FRST64.exe, Version 3.3.10.2 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: b54

Startzeit: 01cf32fd78aa7980

Endzeit: 0

Anwendungspfad: C:\Users\0\Desktop\FRST64.exe

Berichts-ID: bb0d2270-9ef0-11e3-82d3-002215aaba05

Error: (02/26/2014 03:17:22 PM) (Source: Application Hang) (User: )
Description: Programm FRST64.exe, Version 3.3.10.2 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 10f4

Startzeit: 01cf32fd70c01ac7

Endzeit: 0

Anwendungspfad: C:\Users\0\Desktop\FRST64.exe

Berichts-ID: b413da8d-9ef0-11e3-82d3-002215aaba05

Error: (02/26/2014 03:13:39 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: TuneUpUtilitiesService64.exe, Version: 9.0.4500.26, Zeitstempel: 0x4c644a73
Name des fehlerhaften Moduls: TuneUpUtilitiesService64.exe, Version: 9.0.4500.26, Zeitstempel: 0x4c644a73
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000015d21
ID des fehlerhaften Prozesses: 0xa74
Startzeit der fehlerhaften Anwendung: 0xTuneUpUtilitiesService64.exe0
Pfad der fehlerhaften Anwendung: TuneUpUtilitiesService64.exe1
Pfad des fehlerhaften Moduls: TuneUpUtilitiesService64.exe2
Berichtskennung: TuneUpUtilitiesService64.exe3

Error: (02/26/2014 03:10:34 PM) (Source: Application Hang) (User: )
Description: Programm FRST64.exe, Version 3.3.10.2 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 13ec

Startzeit: 01cf32fc7a36fb82

Endzeit: 0

Anwendungspfad: E:\FRST64.exe

Berichts-ID: c0af8b0f-9eef-11e3-82d3-002215aaba05

Error: (02/26/2014 03:10:14 PM) (Source: Application Hang) (User: )
Description: Programm FRST64.exe, Version 3.3.10.2 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 134c

Startzeit: 01cf32fc6c475fc2

Endzeit: 0

Anwendungspfad: E:\FRST64.exe

Berichts-ID: b4d4ee46-9eef-11e3-82d3-002215aaba05

Error: (02/22/2014 00:21:18 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: WinSysClean.exe, Version: 14.1.1.600, Zeitstempel: 0x51484ba1
Name des fehlerhaften Moduls: WinSysClean.exe, Version: 14.1.1.600, Zeitstempel: 0x51484ba1
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000040695a
ID des fehlerhaften Prozesses: 0x8a8
Startzeit der fehlerhaften Anwendung: 0xWinSysClean.exe0
Pfad der fehlerhaften Anwendung: WinSysClean.exe1
Pfad des fehlerhaften Moduls: WinSysClean.exe2
Berichtskennung: WinSysClean.exe3

Error: (02/22/2014 00:20:50 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: WinSysClean.exe, Version: 14.1.1.600, Zeitstempel: 0x51484ba1
Name des fehlerhaften Moduls: WinSysClean.exe, Version: 14.1.1.600, Zeitstempel: 0x51484ba1
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000040695a
ID des fehlerhaften Prozesses: 0xfdc
Startzeit der fehlerhaften Anwendung: 0xWinSysClean.exe0
Pfad der fehlerhaften Anwendung: WinSysClean.exe1
Pfad des fehlerhaften Moduls: WinSysClean.exe2
Berichtskennung: WinSysClean.exe3

Error: (02/22/2014 00:20:25 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: WinSysClean.exe, Version: 14.1.1.600, Zeitstempel: 0x51484ba1
Name des fehlerhaften Moduls: WinSysClean.exe, Version: 14.1.1.600, Zeitstempel: 0x51484ba1
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000040695a
ID des fehlerhaften Prozesses: 0x770
Startzeit der fehlerhaften Anwendung: 0xWinSysClean.exe0
Pfad der fehlerhaften Anwendung: WinSysClean.exe1
Pfad des fehlerhaften Moduls: WinSysClean.exe2
Berichtskennung: WinSysClean.exe3

Error: (02/22/2014 00:09:25 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: TuneUpUtilitiesService64.exe, Version: 9.0.4500.26, Zeitstempel: 0x4c644a73
Name des fehlerhaften Moduls: TuneUpUtilitiesService64.exe, Version: 9.0.4500.26, Zeitstempel: 0x4c644a73
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000015d21
ID des fehlerhaften Prozesses: 0x728
Startzeit der fehlerhaften Anwendung: 0xTuneUpUtilitiesService64.exe0
Pfad der fehlerhaften Anwendung: TuneUpUtilitiesService64.exe1
Pfad des fehlerhaften Moduls: TuneUpUtilitiesService64.exe2
Berichtskennung: TuneUpUtilitiesService64.exe3


System errors:
=============
Error: (02/26/2014 03:13:40 PM) (Source: Service Control Manager) (User: )
Description: Dienst "TuneUp Utilities Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (02/26/2014 03:09:39 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (02/26/2014 03:09:39 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Scanner Service erreicht.

Error: (02/26/2014 03:09:08 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Spybot-S&D 2 Updating Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (02/26/2014 03:09:08 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Updating Service erreicht.

Error: (02/26/2014 03:08:38 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (02/26/2014 03:08:38 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Scanner Service erreicht.

Error: (02/26/2014 03:08:06 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎26.‎02.‎2014 um 15:03:49 unerwartet heruntergefahren.

Error: (02/22/2014 00:20:09 PM) (Source: volsnap) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (02/22/2014 00:09:26 PM) (Source: Service Control Manager) (User: )
Description: Dienst "TuneUp Utilities Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


Microsoft Office Sessions:
=========================
Error: (02/26/2014 03:17:57 PM) (Source: Application Hang)(User: )
Description: FRST64.exe3.3.10.2ce001cf32fd7f9f2d840C:\Users\0\Desktop\FRST64.exec83c6226-9ef0-11e3-82d3-002215aaba05

Error: (02/26/2014 03:17:34 PM) (Source: Application Hang)(User: )
Description: FRST64.exe3.3.10.2b5401cf32fd78aa79800C:\Users\0\Desktop\FRST64.exebb0d2270-9ef0-11e3-82d3-002215aaba05

Error: (02/26/2014 03:17:22 PM) (Source: Application Hang)(User: )
Description: FRST64.exe3.3.10.210f401cf32fd70c01ac70C:\Users\0\Desktop\FRST64.exeb413da8d-9ef0-11e3-82d3-002215aaba05

Error: (02/26/2014 03:13:39 PM) (Source: Application Error)(User: )
Description: TuneUpUtilitiesService64.exe9.0.4500.264c644a73TuneUpUtilitiesService64.exe9.0.4500.264c644a73c00000050000000000015d21a7401cf32fc3ec5449eC:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exeC:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe302600b1-9ef0-11e3-82d3-002215aaba05

Error: (02/26/2014 03:10:34 PM) (Source: Application Hang)(User: )
Description: FRST64.exe3.3.10.213ec01cf32fc7a36fb820E:\FRST64.exec0af8b0f-9eef-11e3-82d3-002215aaba05

Error: (02/26/2014 03:10:14 PM) (Source: Application Hang)(User: )
Description: FRST64.exe3.3.10.2134c01cf32fc6c475fc20E:\FRST64.exeb4d4ee46-9eef-11e3-82d3-002215aaba05

Error: (02/22/2014 00:21:18 PM) (Source: Application Error)(User: )
Description: WinSysClean.exe14.1.1.60051484ba1WinSysClean.exe14.1.1.60051484ba1c0000005000000000040695a8a801cf2fc02a47ce11C:\Program Files\WinSysClean X4\WinSysClean.exeC:\Program Files\WinSysClean X4\WinSysClean.exe72a0588c-9bb3-11e3-b9a0-002215aaba05

Error: (02/22/2014 00:20:50 PM) (Source: Application Error)(User: )
Description: WinSysClean.exe14.1.1.60051484ba1WinSysClean.exe14.1.1.60051484ba1c0000005000000000040695afdc01cf2fc018aad393C:\Program Files\WinSysClean X4\WinSysClean.exeC:\Program Files\WinSysClean X4\WinSysClean.exe61c3a0e0-9bb3-11e3-b9a0-002215aaba05

Error: (02/22/2014 00:20:25 PM) (Source: Application Error)(User: )
Description: WinSysClean.exe14.1.1.60051484ba1WinSysClean.exe14.1.1.60051484ba1c0000005000000000040695a77001cf2fc00badee82C:\Program Files\WinSysClean X4\WinSysClean.exeC:\Program Files\WinSysClean X4\WinSysClean.exe52c175bf-9bb3-11e3-b9a0-002215aaba05

Error: (02/22/2014 00:09:25 PM) (Source: Application Error)(User: )
Description: TuneUpUtilitiesService64.exe9.0.4500.264c644a73TuneUpUtilitiesService64.exe9.0.4500.264c644a73c00000050000000000015d2172801cf2fbdd81104e2C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exeC:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exec9aa831c-9bb1-11e3-b9a0-002215aaba05


==================== Memory info =========================== 

Percentage of memory in use: 17%
Total physical RAM: 8169.4 MB
Available physical RAM: 6716.48 MB
Total Pagefile: 16336.95 MB
Available Pagefile: 14691.9 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:59.53 GB) (Free:5.93 GB) NTFS
Drive d: (Seagate Barracuda) (Fixed) (Total:931.51 GB) (Free:914.87 GB) NTFS
Drive e: (FRST64 Virenscan) (CDROM) (Total:0.69 GB) (Free:0.66 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 60 GB) (Disk ID: 4830D143)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=60 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 932 GB) (Disk ID: 2BAB359D)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

==================== End Of Log ============================

--- --- ---
mfg

schrauber · 27.02.2014, 13:50

Stick sollte sicher sein

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

corebone · 27.02.2014, 14:04

Hi. Schrauber was ist mit dem anderen log von frst? Ich schau ob es sich heute noch ausgeht und poste dir dann die log dateien von combofix. Wie lange dauert dieser scan ca und zählt spybot search and destroy auch als virenschutzprogramm das ich ausschalten soll?
Mfg

schrauber · 28.02.2014, 14:00

Ja Spybot auf jeden Fall aus.

FRST zeigt dass wir Arbeit haben.

corebone · 28.02.2014, 14:03

Wieviel arbeit? Machbar an einem wochenende?

schrauber · 01.03.2014, 12:03

Kommt drauf wieviel "unnötigen Text" Du noch postest anstatt die Anleitungen abzuarbeiten

corebone · 05.03.2014, 16:48

Hi.
Bitte entschuldige ich habs jetzt mit einer kaspersky rescue cd probiert und naja. Es geht wieder alles

)))

Trotzdem danke für die hilfe!

schrauber · 06.03.2014, 13:46

ok

24.02.2014, 12:06	#4
schrauber /// the machine /// TB-Ausbilder	internetverbindung besteht, browser geht nicht Ja, nur besser __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

28.02.2014, 14:00	#8
schrauber /// the machine /// TB-Ausbilder	internetverbindung besteht, browser geht nicht Ja Spybot auf jeden Fall aus. FRST zeigt dass wir Arbeit haben. __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

01.03.2014, 12:03	#10
schrauber /// the machine /// TB-Ausbilder	internetverbindung besteht, browser geht nicht Kommt drauf wieviel "unnötigen Text" Du noch postest anstatt die Anleitungen abzuarbeiten __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

06.03.2014, 13:46	#12
schrauber /// the machine /// TB-Ausbilder	internetverbindung besteht, browser geht nicht ok __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

internetverbindung besteht, browser geht nicht

Plagegeister aller Art und deren Bekämpfung: internetverbindung besteht, browser geht nicht