| |
| |||||||
Log-Analyse und Auswertung: Windows Vista SP2: Kein Zugriff mehr auf viele Programme.Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
13.04.2014, 17:33
| #1 |
 |  Windows Vista SP2: Kein Zugriff mehr auf viele Programme. Guten Tag liebe trojaner-board Community. Ich habe seit gestern ein Problem mit meinem alten Vista PC. Seit gestern kann ich keine Antiviren Programme mehr starten/öffnen oder überhaupt herunterladen. Auch kann ich andere Programme nicht mehr öffnen, weil ich angeblich nicht die ausreichenden Rechte dazu habe. Einzig und allein die Firewall ist noch aktiv, will ich aber den Windows Defender in der Systemsteuerung öffnen, kommt eine Fehlermeldung: "" konnte nicht gefunden werden. Wie in der Checkliste des Forums beschrieben, habe ich einige Log Programme laufen lassen, hier das Ergebniss: FRST Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-04-2014 01
Ran by Chaos (administrator) on CHAOSPC on 13-04-2014 17:52:18
Running from C:\Users\Chaos\Desktop
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\system32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(AMD) C:\Windows\system32\atieclxx.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Razer Inc.) C:\Program Files\Razer\Razer Game Booster\RzKLService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Motorola, Inc.) C:\ProgramData\Windows Firewall\winfirewall.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Valve Corporation) E:\Steamm\Steam.exe
(Valve Corporation) C:\Program Files\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Windows\system32\taskmgr.exe
(TeamViewer GmbH) F:\Teamviewer\TeamViewer_Service.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [ZoneAlarm Installer] - C:\Program Files\CheckPoint\Install\Install.exe [2734216 2014-04-13] (Check Point Software Technologies Ltd.)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2149094274-397478528-610200255-1000\...\MountPoints2: {ed76785f-78f4-11e3-98d1-6c626d5e6154} - G:\Autorun.exe
HKU\S-1-5-21-2149094274-397478528-610200255-1000\...\Winlogon: [Shell] explorer.exe,"C:\ProgramData\Windows Firewall\winfirewall.exe" [0 ] (Motorola, Inc.) <==== ATTENTION
HKU\S-1-5-21-2149094274-397478528-610200255-500\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
IFEO\AvastSvc.exe: [Debugger] nqij.exe
IFEO\AvastUI.exe: [Debugger] nqij.exe
IFEO\avcenter.exe: [Debugger] nqij.exe
IFEO\avconfig.exe: [Debugger] nqij.exe
IFEO\avgcsrvx.exe: [Debugger] nqij.exe
IFEO\avgidsagent.exe: [Debugger] nqij.exe
IFEO\avgnt.exe: [Debugger] nqij.exe
IFEO\avgrsx.exe: [Debugger] nqij.exe
IFEO\avguard.exe: [Debugger] nqij.exe
IFEO\avgui.exe: [Debugger] nqij.exe
IFEO\avgwdsvc.exe: [Debugger] nqij.exe
IFEO\avp.exe: [Debugger] nqij.exe
IFEO\avscan.exe: [Debugger] nqij.exe
IFEO\bdagent.exe: [Debugger] nqij.exe
IFEO\ccuac.exe: [Debugger] nqij.exe
IFEO\ComboFix.exe: [Debugger] nqij.exe
IFEO\egui.exe: [Debugger] nqij.exe
IFEO\hijackthis.exe: [Debugger] nqij.exe
IFEO\instup.exe: [Debugger] nqij.exe
IFEO\keyscrambler.exe: [Debugger] nqij.exe
IFEO\mbam.exe: [Debugger] nqij.exe
IFEO\mbamgui.exe: [Debugger] nqij.exe
IFEO\mbampt.exe: [Debugger] nqij.exe
IFEO\mbamscheduler.exe: [Debugger] nqij.exe
IFEO\mbamservice.exe: [Debugger] nqij.exe
IFEO\MpCmdRun.exe: [Debugger] nqij.exe
IFEO\MSASCui.exe: [Debugger] nqij.exe
IFEO\MsMpEng.exe: [Debugger] nqij.exe
IFEO\msseces.exe: [Debugger] nqij.exe
IFEO\rstrui.exe: [Debugger] nqij.exe
IFEO\spybotsd.exe: [Debugger] nqij.exe
IFEO\wireshark.exe: [Debugger] nqij.exe
IFEO\zlclient.exe: [Debugger] nqij.exe
Startup: C:\Users\Chaos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=026eb550-70ca-0627-a2c3-9e18f96de028&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=09/01/2014&type=hp1000
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p23_serp_ie_de_display?ie=UTF8&tagbase=bds-p23&tbrId=v1_abb-channel-23_ab05ecf424094889917629fe99e7a7a4_39_1006_20131019_DE_ie_sp_
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=026eb550-70ca-0627-a2c3-9e18f96de028&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=09/01/2014&type=hp1000
SearchScopes: HKLM - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=026eb550-70ca-0627-a2c3-9e18f96de028&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=09/01/2014&type=hp1000
SearchScopes: HKLM - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=026eb550-70ca-0627-a2c3-9e18f96de028&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=09/01/2014&type=hp1000
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=026eb550-70ca-0627-a2c3-9e18f96de028&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=09/01/2014&type=hp1000
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=026eb550-70ca-0627-a2c3-9e18f96de028&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=09/01/2014&type=hp1000
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {1FAFD711-ABF9-4F6A-8130-5166C7371427} - No File
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\Chaos\AppData\Roaming\Mozilla\Firefox\Profiles\m44lhb7g.default
FF user.js: detected! => C:\Users\Chaos\AppData\Roaming\Mozilla\Firefox\Profiles\m44lhb7g.default\user.js
FF SearchEngineOrder.1: Search By ZoneAlarm
FF Homepage: hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p23_serp_ff_de_display?ie=UTF8&tagbase=bds-p23&tbrId=v1_abb-channel-23_ab05ecf424094889917629fe99e7a7a4_39_1006_20131019_DE_ff_sp_
FF Keyword.URL: hxxp://search.zonealarm.com/search?src=sp&tbid=HFA5&Lan=de&gu=3116355a4a3d46799656bd523f45b98c&tu=10G9z00DR1D03M0&sku=&tstsId=&ver=&&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @esn.me/esnsonar,version=0.70.4 - C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin: @esn/npbattlelog,version=2.3.2 - C:\Program Files\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 - C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Users\Chaos\AppData\Roaming\Mozilla\Firefox\Profiles\m44lhb7g.default\searchplugins\Web Search.xml
FF SearchPlugin: C:\Users\Chaos\AppData\Roaming\Mozilla\Firefox\Profiles\m44lhb7g.default\searchplugins\zonealarm.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: zonealarm.com - C:\Users\Chaos\AppData\Roaming\Mozilla\Firefox\Profiles\m44lhb7g.default\Extensions\ffxtlbr@zonealarm.com [2014-04-13]
FF Extension: Better Battlelog (BBLog) - C:\Users\Chaos\AppData\Roaming\Mozilla\Firefox\Profiles\m44lhb7g.default\Extensions\jid1-qQSMEVsYTOjgYA@jetpack.xpi [2014-03-06]
FF Extension: Adblock Plus - C:\Users\Chaos\AppData\Roaming\Mozilla\Firefox\Profiles\m44lhb7g.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-20]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-10-19]
Chrome:
=======
CHR HomePage: hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p23_serp_cr_de_display?ie=UTF8&tagbase=bds-p23&tbrId=v1_abb-channel-23_ab05ecf424094889917629fe99e7a7a4_39_1006_20131019_DE_cr_sp_
CHR DefaultSearchKeyword: search.yahoo.com
CHR DefaultSearchProvider: Web
CHR DefaultSearchURL: hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=026eb550-70ca-0627-a2c3-9e18f96de028&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=09/01/2014&type=hp1000
CHR DefaultNewTabURL:
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\33.0.1750.154\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.450.18) - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java(TM) Platform SE 7 U45) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
CHR Plugin: (PDF-XChange Viewer) - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
CHR Plugin: (Nexon Game Controller) - C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
CHR Plugin: (RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealDownloader Plugin) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll No File
CHR Extension: (ProxTube) - C:\Users\Chaos\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2013-11-05]
CHR Extension: (Assassin's Creed IV Black Flag) - C:\Users\Chaos\AppData\Local\Google\Chrome\User Data\Default\Extensions\agibflpbghgmiinfaefgnldmfajdance [2013-10-13]
CHR Extension: (Google Docs) - C:\Users\Chaos\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-12]
CHR Extension: (AdBlock) - C:\Users\Chaos\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-10-20]
CHR Extension: (RealDownloader) - C:\Users\Chaos\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-10-19]
CHR Extension: (Better Battlelog (BBLog)) - C:\Users\Chaos\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjlfnjepjdmlppapoikepbaabbghofma [2014-03-06]
CHR Extension: (Google Wallet) - C:\Users\Chaos\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-12]
CHR Extension: (Amazon 1Button App for Chrome) - C:\Users\Chaos\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam [2013-10-28]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM\...\Chrome\Extension: [pkhojieggfgllhllcegoffdcnmdeojgb] - C:\Program Files\IminentToolbar\1.8.25.0\iminent.crx [2013-08-14]
========================== Services (Whitelisted) =================
S2 BingDesktopUpdate; C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe [173192 2013-06-20] (Microsoft Corp.)
S2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)
S3 OverwolfUpdaterService; C:\Program Files\Overwolf\OverwolfUpdater.exe [18360 2013-11-11] (Overwolf Ltd)
S2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [75136 2014-04-09] ()
S2 PnkBstrB; C:\Windows\system32\PnkBstrB.exe [189248 2014-04-09] ()
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 RzKLService; C:\Program Files\Razer\Razer Game Booster\RzKLService.exe [105448 2014-02-25] (Razer Inc.)
R2 TeamViewer9; F:\Teamviewer\TeamViewer_Service.exe [4972864 2014-04-02] (TeamViewer GmbH)
S3 TunngleService; C:\Program Files\Tunngle\TnglCtrl.exe [759192 2013-09-03] (Tunngle.net GmbH)
==================== Drivers (Whitelisted) ====================
R3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdLH3.sys [75776 2013-01-15] (Advanced Micro Devices)
S3 cpudrv; C:\Program Files\SystemRequirementsLab\cpudrv.sys [11336 2011-06-02] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [243128 2014-01-09] (Disc Soft Ltd)
S3 FETNDIS; C:\Windows\System32\DRIVERS\fetnd5.sys [45568 2006-11-02] (VIA Technologies, Inc. )
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
S3 R300; C:\Windows\System32\DRIVERS\atikmdag.sys [9986048 2013-03-29] (Advanced Micro Devices, Inc.)
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [27136 2009-09-16] (Tunngle.net)
R3 teamviewervpn; C:\Windows\System32\DRIVERS\teamviewervpn.sys [25088 2013-10-17] (TeamViewer GmbH)
S3 USBMULCD; C:\Windows\System32\drivers\CM106.sys [1515520 2009-10-01] (C-Media Electronics Inc)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files\Razer\Razer Game Booster\Driver\WinRing0.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-04-13 17:52 - 2014-04-13 17:52 - 00020602 _____ () C:\Users\Chaos\Desktop\FRST.txt
2014-04-13 17:52 - 2014-04-13 17:52 - 00000000 ____D () C:\FRST
2014-04-13 17:51 - 2014-04-13 17:51 - 01145856 _____ (Farbar) C:\Users\Chaos\Desktop\FRST.exe
2014-04-13 17:01 - 2014-04-13 17:01 - 00000000 ____D () C:\Users\Chaos\Desktop\Booker DeWitt
2014-04-13 17:01 - 2014-04-13 17:01 - 00000000 ____D () C:\Users\Chaos\Desktop\Batman Playermodel
2014-04-13 17:01 - 2014-04-13 17:01 - 00000000 ____D () C:\Users\Chaos\Desktop\Agent Smith Playermodel & NPC
2014-04-13 17:00 - 2014-04-13 17:00 - 00007686 _____ () C:\Users\Chaos\Downloads\gma converter.zip
2014-04-13 16:02 - 2014-04-13 16:04 - 00002200 _____ () C:\Users\Chaos\Desktop\Samsung Support.txt
2014-04-13 15:47 - 2014-04-13 16:12 - 701953848 _____ () C:\Users\Chaos\Downloads\Samsung AtivS GDR2 I8750XXBME1_OXABME1_R_Signed_WP8.rar
2014-04-13 15:21 - 2014-04-13 15:21 - 00000949 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-04-13 15:21 - 2014-04-13 15:21 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Subversion
2014-04-13 15:21 - 2014-04-13 15:21 - 00000000 ____D () C:\Users\Administrator\AppData\Local\TSVNCache
2014-04-13 15:11 - 2014-04-13 15:11 - 00009216 _____ () C:\Users\Chaos\Downloads\gmadconv.exe
2014-04-13 15:07 - 2014-04-13 15:07 - 00000639 _____ () C:\Users\Public\Desktop\ZoneAlarm Security.lnk
2014-04-13 15:06 - 2010-04-05 22:00 - 00221568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-04-13 14:54 - 2014-04-13 15:07 - 00000000 ____D () C:\Program Files\CheckPoint
2014-04-13 14:54 - 2014-04-13 14:54 - 00000000 ____D () C:\Users\Chaos\AppData\Roaming\Check Point Software Technologies LTD
2014-04-13 14:54 - 2014-04-13 14:54 - 00000000 ____D () C:\Program Files\Check Point Software Technologies LTD
2014-04-13 14:53 - 2014-04-13 14:53 - 00002277 _____ () C:\Users\Chaos\Desktop\ZoneAlarm Security-Installation fortsetzen.lnk
2014-04-13 14:52 - 2014-04-13 14:52 - 00000000 ____D () C:\ProgramData\CheckPoint
2014-04-13 14:43 - 2014-04-13 14:46 - 88551496 _____ () C:\Users\Chaos\Downloads\avast_free_antivirus_setup_9.0.2016.exe.part
2014-04-13 14:42 - 2014-04-13 14:42 - 04435328 _____ () C:\Users\Chaos\Downloads\avg_avct_stb_all_2014_4158_futuretest2.exe.part
2014-04-13 14:41 - 2014-04-13 14:41 - 11268944 _____ (Microsoft Corporation) C:\Users\Chaos\Downloads\mseinstall.exe
2014-04-13 14:38 - 2014-01-05 14:47 - 00043447 _____ () C:\Users\Chaos\Downloads\The Exchange - Kopie.zip
2014-04-13 14:22 - 2014-04-13 14:40 - 229324456 _____ () C:\Users\Chaos\Downloads\EmsisoftAntiMalwareSetup.exe.part
2014-04-13 13:54 - 2014-04-13 13:53 - 96712585 _____ () C:\Users\Chaos\Desktop\dota_2_-_windrunner_169211979.gma
2014-04-13 13:53 - 2014-04-13 13:51 - 72973212 _____ () C:\Users\Chaos\Desktop\harley_quinn_playermodel_182175188.gma
2014-04-13 13:53 - 2014-04-13 13:51 - 52541230 _____ () C:\Users\Chaos\Desktop\dota_2_-_drow_ranger_(traxex)_122335478.gma
2014-04-13 13:53 - 2014-04-13 13:50 - 60437894 _____ () C:\Users\Chaos\Desktop\tomb_raider_lara_croft_playermodel_156925148.gma
2014-04-13 13:53 - 2014-04-13 13:50 - 30703404 _____ () C:\Users\Chaos\Desktop\dixon_brothers_141889780.gma
2014-04-13 13:53 - 2014-04-13 13:47 - 45754789 _____ () C:\Users\Chaos\Desktop\dead_space_3_isaac_clarke_and_john_carver_214135812.gma
2014-04-13 13:53 - 2014-04-13 13:46 - 06114157 _____ () C:\Users\Chaos\Desktop\lich_king_model_and_playermodel_179134697.gma
2014-04-13 13:53 - 2014-04-13 13:45 - 42385927 _____ () C:\Users\Chaos\Desktop\the_elder_scrolls_v_skyrim_dovahkiin_playermodel_156922874.gma
2014-04-13 13:52 - 2014-04-13 13:27 - 116106709 _____ () C:\Users\Chaos\Desktop\ww2_ttt_weapons_pack_202970409.gma
2014-04-11 19:42 - 2014-04-11 19:42 - 00000584 _____ () C:\Users\Public\Desktop\Flixster.lnk
2014-04-11 19:42 - 2014-04-11 19:42 - 00000000 ____D () C:\Users\Chaos\AppData\Roaming\com.wb.DC2
2014-04-11 19:41 - 2014-04-11 19:41 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2014-04-11 19:41 - 2014-04-11 19:41 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2014-04-11 19:41 - 2014-04-11 19:41 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR
2014-04-11 16:31 - 2014-04-11 16:31 - 04968079 _____ () C:\Users\Chaos\Downloads\FileZilla_3.8.0_win32-setup.exe
2014-04-11 16:13 - 2014-04-11 16:13 - 00000816 _____ () C:\Users\Administrator\Desktop\CF Toolbox.lnk
2014-04-11 16:13 - 2014-04-11 16:13 - 00000000 ____D () C:\Users\Chaos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CF Toolbox
2014-04-11 15:47 - 2014-04-13 17:52 - 00119488 _____ () C:\Users\Chaos\AppData\Roaming\msconfig.ini
2014-04-11 15:47 - 2014-04-11 15:47 - 00000000 __SHD () C:\ProgramData\Windows Firewall
2014-04-11 15:45 - 2014-04-11 15:45 - 01141680 _____ () C:\Users\Chaos\Downloads\SteamSetup.exe
2014-04-10 13:11 - 2014-03-08 01:51 - 12347904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-10 13:11 - 2014-03-08 01:20 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-10 13:11 - 2014-03-08 01:12 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-10 13:11 - 2014-03-08 01:03 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-10 13:11 - 2014-03-08 01:02 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-10 13:11 - 2014-03-08 01:02 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-10 13:11 - 2014-03-08 01:00 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-04-10 13:11 - 2014-03-08 00:59 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-10 13:11 - 2014-03-08 00:57 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-04-10 13:11 - 2014-03-08 00:57 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-10 13:11 - 2014-03-08 00:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-10 13:11 - 2014-03-08 00:54 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-10 13:11 - 2014-03-08 00:53 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-10 13:11 - 2014-03-08 00:52 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-10 13:11 - 2014-03-08 00:52 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-04-10 13:11 - 2014-03-08 00:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-10 13:07 - 2014-02-06 03:56 - 00894464 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-08 19:30 - 2014-04-08 19:30 - 00002035 _____ () C:\Users\Public\Desktop\Free Audio Converter.lnk
2014-04-08 19:30 - 2014-04-08 19:30 - 00000000 ____D () C:\Program Files\DVDVideoSoft
2014-04-08 19:30 - 2014-04-08 19:30 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2014-04-08 19:29 - 2014-04-08 19:30 - 00000000 ____D () C:\Users\Chaos\AppData\Roaming\DVDVideoSoft
2014-04-08 17:23 - 2014-04-08 20:42 - 00000000 ____D () C:\Users\Chaos\Documents\RPGVXAce
2014-04-08 17:10 - 2014-04-08 17:10 - 00000000 ____D () C:\Users\Chaos\AppData\Roaming\Enterbrain
2014-04-08 17:10 - 2014-04-08 17:10 - 00000000 ____D () C:\Program Files\Common Files\Enterbrain
2014-04-08 17:09 - 2014-04-08 17:09 - 00000792 _____ () C:\Users\Chaos\Desktop\RPGVXAce - Verknüpfung.lnk
2014-04-08 17:08 - 2014-04-09 12:32 - 00000000 ____D () C:\Program Files\RPG Maker VX Ace
2014-04-08 17:04 - 2014-04-08 17:04 - 11717876 _____ () C:\Users\Chaos\Documents\m39-287-456_2014-04-08 17.03.tvs
2014-04-08 16:32 - 2014-04-10 13:06 - 00000000 ____D () C:\Users\Chaos\AppData\Roaming\TeamViewer
2014-04-08 16:32 - 2014-04-08 16:32 - 00000537 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-04-08 16:32 - 2013-10-17 17:32 - 00025088 _____ (TeamViewer GmbH) C:\Windows\system32\Drivers\teamviewervpn.sys
2014-04-08 16:29 - 2014-04-08 16:29 - 06120184 _____ (TeamViewer GmbH) C:\Users\Chaos\Downloads\TeamViewer_Setup_de.exe
2014-04-07 12:20 - 2014-04-07 12:20 - 00000000 ____D () C:\Users\Chaos\AppData\Roaming\LolClient
2014-04-07 00:14 - 2008-07-12 08:18 - 03851784 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2014-04-07 00:14 - 2008-07-12 08:18 - 01493528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2014-04-07 00:14 - 2008-07-12 08:18 - 00467984 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2014-04-07 00:13 - 2014-04-07 00:13 - 00001307 _____ () C:\Users\Public\Desktop\Play League of Legends.lnk
2014-04-07 00:13 - 2014-04-07 00:13 - 00000000 __SHD () C:\Windows\system32\AI_RecycleBin
2014-04-07 00:12 - 2014-04-12 22:03 - 00000000 ____D () C:\Users\Chaos\AppData\Local\PMB Files
2014-04-07 00:12 - 2014-04-12 22:03 - 00000000 ____D () C:\ProgramData\PMB Files
2014-04-07 00:12 - 2014-04-07 00:12 - 00000000 ____D () C:\Program Files\Pando Networks
2014-04-07 00:11 - 2014-04-07 00:12 - 00000000 ____D () C:\Users\Chaos\AppData\Roaming\Riot Games
2014-04-06 19:07 - 2014-04-06 19:07 - 00001954 _____ () C:\Users\Public\Desktop\Enter The Matrix.lnk
2014-04-06 18:46 - 2014-04-06 18:46 - 00000000 ____D () C:\Program Files\Infogrames
2014-04-05 12:51 - 2014-04-05 12:51 - 00000619 _____ () C:\Users\Chaos\Desktop\BigRaceUSA.lnk
2014-04-05 12:48 - 2014-04-05 12:48 - 00000000 ____D () C:\Users\Chaos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pro Pinball
2014-04-05 12:45 - 2014-04-05 12:45 - 00000000 ____D () C:\Program Files\Pro Pinball
2014-04-03 10:39 - 2014-04-03 10:39 - 00000000 ____D () C:\Users\Chaos\Documents\Electronic Arts
2014-04-03 10:39 - 2014-04-03 10:39 - 00000000 ____D () C:\Users\Chaos\AppData\Local\Electronic Arts
2014-04-03 10:35 - 2014-04-03 10:35 - 00000991 _____ () C:\Users\Public\Desktop\Dead Space.lnk
2014-04-02 19:40 - 2014-04-02 19:46 - 00000000 ____D () C:\Users\Chaos\AppData\Roaming\Notepad++
2014-04-02 19:40 - 2014-04-02 19:40 - 00000862 _____ () C:\Users\Administrator\Desktop\Notepad++.lnk
2014-04-02 19:40 - 2014-04-02 19:40 - 00000000 ____D () C:\Users\Chaos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-04-02 19:39 - 2014-04-02 19:39 - 00000000 ____D () C:\Neuer Ordner
2014-04-02 14:36 - 2014-04-02 14:36 - 00143616 _____ () C:\Windows\Minidump\Mini040214-01.dmp
2014-03-31 15:11 - 2014-03-31 15:11 - 00000000 _____ () C:\Windows\iPlayer.INI
2014-03-31 15:10 - 2014-03-31 15:10 - 00000000 ____D () C:\Program Files\InterActual
2014-03-30 17:42 - 2014-04-12 23:05 - 00000000 _____ () C:\Users\Chaos\Desktop\GmadConvGUI.exe
2014-03-30 11:57 - 2014-03-30 11:57 - 00000000 ____D () C:\Program Files\SCOL
2014-03-30 11:52 - 2014-03-30 11:57 - 00000000 ____D () C:\Program Files\Scotland Yard
2014-03-30 11:50 - 2014-03-30 11:50 - 00000000 ____D () C:\SCOL
2014-03-30 11:49 - 1998-01-23 12:22 - 00304128 _____ (InstallShield Software Corporation) C:\Windows\IsUninst.exe
2014-03-29 22:39 - 2014-04-13 15:25 - 00000000 ____D () C:\Users\Chaos\AppData\Local\TSVNCache
2014-03-29 21:58 - 2014-03-29 21:58 - 00000000 ____D () C:\Users\Chaos\AppData\Roaming\TortoiseSVN
2014-03-29 21:58 - 2014-03-29 21:58 - 00000000 ____D () C:\Users\Chaos\AppData\Roaming\Subversion
2014-03-29 21:56 - 2014-03-29 21:57 - 00000000 ____D () C:\Program Files\TortoiseSVN
2014-03-29 21:56 - 2014-03-29 21:56 - 00000000 ____D () C:\Program Files\Common Files\TortoiseOverlays
2014-03-29 13:53 - 2014-03-29 13:54 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-29 12:55 - 2014-04-13 17:01 - 00000000 ____D () C:\Users\Chaos\Desktop\Verschiedenes
2014-03-25 22:36 - 2014-03-25 22:37 - 00000000 ____D () C:\Users\Chaos\AppData\Local\Sniper Elite Zombie Army 2
2014-03-24 20:52 - 2014-03-24 21:22 - 00000000 ____D () C:\Users\Chaos\AppData\Local\ESN Sonar
2014-03-24 17:51 - 2014-03-24 17:51 - 00000000 ____D () C:\Users\Chaos\AppData\Local\Skype
2014-03-23 17:49 - 2014-03-23 17:49 - 00002098 _____ () C:\Users\Public\Desktop\Die Schlacht um Mittelerde™ II.lnk
2014-03-23 12:05 - 2014-03-23 12:43 - 00000000 ____D () C:\Users\Chaos\Downloads\The.Lord.Of.The.Rings.Battle.For.Middle.Earth.2-RELOADED
2014-03-23 11:06 - 2014-03-23 11:06 - 00002092 _____ () C:\Users\Public\Desktop\Aufstieg des Hexenkönigs™.lnk
2014-03-22 23:59 - 2014-03-23 00:00 - 00000000 ____D () C:\Users\Public\Documents\DAEMON Tools Images
2014-03-22 20:15 - 2014-03-22 20:15 - 00001660 _____ () C:\Users\Administrator\Desktop\CDCheck.lnk
2014-03-22 20:15 - 2014-03-22 20:15 - 00000000 ____D () C:\Users\Chaos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CDCheck
2014-03-22 20:15 - 2014-03-22 20:15 - 00000000 ____D () C:\Program Files\CDCheck
2014-03-16 21:36 - 2014-04-13 13:03 - 00000000 ____D () C:\Users\Chaos\AppData\Roaming\FileZilla
2014-03-16 21:36 - 2014-04-11 16:32 - 00000000 ____D () C:\Users\Chaos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2014-03-16 21:36 - 2014-04-11 16:32 - 00000000 ____D () C:\Program Files\FileZilla FTP Client
2014-03-16 21:35 - 2014-03-16 21:36 - 04822473 _____ (Tim Kosse) C:\Users\Chaos\Downloads\FileZilla_3.7.4.1_win32-setup.exe
2014-03-16 13:30 - 2014-03-16 16:18 - 00000000 ____D () C:\Users\Chaos\AppData\Roaming\.minecraft
2014-03-15 23:45 - 2014-03-26 20:55 - 02136461 _____ () C:\Users\Chaos\Desktop\FTB.exe
==================== One Month Modified Files and Folders =======
2014-04-13 17:52 - 2014-04-13 17:52 - 00020602 _____ () C:\Users\Chaos\Desktop\FRST.txt
2014-04-13 17:52 - 2014-04-13 17:52 - 00000000 ____D () C:\FRST
2014-04-13 17:52 - 2014-04-11 15:47 - 00119488 _____ () C:\Users\Chaos\AppData\Roaming\msconfig.ini
2014-04-13 17:51 - 2014-04-13 17:51 - 01145856 _____ (Farbar) C:\Users\Chaos\Desktop\FRST.exe
2014-04-13 17:23 - 2013-10-12 21:08 - 00000000 ____D () C:\Users\Chaos\AppData\Roaming\Skype
2014-04-13 17:13 - 2006-11-02 14:47 - 00003264 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-13 17:13 - 2006-11-02 14:47 - 00003264 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-13 17:01 - 2014-04-13 17:01 - 00000000 ____D () C:\Users\Chaos\Desktop\Booker DeWitt
2014-04-13 17:01 - 2014-04-13 17:01 - 00000000 ____D () C:\Users\Chaos\Desktop\Batman Playermodel
2014-04-13 17:01 - 2014-04-13 17:01 - 00000000 ____D () C:\Users\Chaos\Desktop\Agent Smith Playermodel & NPC
2014-04-13 17:01 - 2014-03-29 12:55 - 00000000 ____D () C:\Users\Chaos\Desktop\Verschiedenes
2014-04-13 17:00 - 2014-04-13 17:00 - 00007686 _____ () C:\Users\Chaos\Downloads\gma converter.zip
2014-04-13 16:12 - 2014-04-13 15:47 - 701953848 _____ () C:\Users\Chaos\Downloads\Samsung AtivS GDR2 I8750XXBME1_OXABME1_R_Signed_WP8.rar
2014-04-13 16:04 - 2014-04-13 16:02 - 00002200 _____ () C:\Users\Chaos\Desktop\Samsung Support.txt
2014-04-13 15:33 - 2013-10-12 14:22 - 02002453 _____ () C:\Windows\WindowsUpdate.log
2014-04-13 15:25 - 2014-03-29 22:39 - 00000000 ____D () C:\Users\Chaos\AppData\Local\TSVNCache
2014-04-13 15:21 - 2014-04-13 15:21 - 00000949 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-04-13 15:21 - 2014-04-13 15:21 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Subversion
2014-04-13 15:21 - 2014-04-13 15:21 - 00000000 ____D () C:\Users\Administrator\AppData\Local\TSVNCache
2014-04-13 15:21 - 2013-10-12 15:13 - 00000915 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
2014-04-13 15:21 - 2006-11-02 12:33 - 01622232 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-13 15:20 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-04-13 15:13 - 2013-11-02 11:44 - 00134714 _____ () C:\Windows\PFRO.log
2014-04-13 15:11 - 2014-04-13 15:11 - 00009216 _____ () C:\Users\Chaos\Downloads\gmadconv.exe
2014-04-13 15:07 - 2014-04-13 15:07 - 00000639 _____ () C:\Users\Public\Desktop\ZoneAlarm Security.lnk
2014-04-13 15:07 - 2014-04-13 14:54 - 00000000 ____D () C:\Program Files\CheckPoint
2014-04-13 14:54 - 2014-04-13 14:54 - 00000000 ____D () C:\Users\Chaos\AppData\Roaming\Check Point Software Technologies LTD
2014-04-13 14:54 - 2014-04-13 14:54 - 00000000 ____D () C:\Program Files\Check Point Software Technologies LTD
2014-04-13 14:53 - 2014-04-13 14:53 - 00002277 _____ () C:\Users\Chaos\Desktop\ZoneAlarm Security-Installation fortsetzen.lnk
2014-04-13 14:52 - 2014-04-13 14:52 - 00000000 ____D () C:\ProgramData\CheckPoint
2014-04-13 14:46 - 2014-04-13 14:43 - 88551496 _____ () C:\Users\Chaos\Downloads\avast_free_antivirus_setup_9.0.2016.exe.part
2014-04-13 14:42 - 2014-04-13 14:42 - 04435328 _____ () C:\Users\Chaos\Downloads\avg_avct_stb_all_2014_4158_futuretest2.exe.part
2014-04-13 14:41 - 2014-04-13 14:41 - 11268944 _____ (Microsoft Corporation) C:\Users\Chaos\Downloads\mseinstall.exe
2014-04-13 14:41 - 2013-10-12 20:21 - 00002198 _____ () C:\Windows\epplauncher.mif
2014-04-13 14:40 - 2014-04-13 14:22 - 229324456 _____ () C:\Users\Chaos\Downloads\EmsisoftAntiMalwareSetup.exe.part
2014-04-13 14:37 - 2013-10-16 19:52 - 00000000 ____D () C:\Users\Chaos\AppData\Roaming\uTorrent
2014-04-13 14:33 - 2013-10-16 20:21 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-13 13:53 - 2014-04-13 13:54 - 96712585 _____ () C:\Users\Chaos\Desktop\dota_2_-_windrunner_169211979.gma
2014-04-13 13:51 - 2014-04-13 13:53 - 72973212 _____ () C:\Users\Chaos\Desktop\harley_quinn_playermodel_182175188.gma
2014-04-13 13:51 - 2014-04-13 13:53 - 52541230 _____ () C:\Users\Chaos\Desktop\dota_2_-_drow_ranger_(traxex)_122335478.gma
2014-04-13 13:50 - 2014-04-13 13:53 - 60437894 _____ () C:\Users\Chaos\Desktop\tomb_raider_lara_croft_playermodel_156925148.gma
2014-04-13 13:50 - 2014-04-13 13:53 - 30703404 _____ () C:\Users\Chaos\Desktop\dixon_brothers_141889780.gma
2014-04-13 13:47 - 2014-04-13 13:53 - 45754789 _____ () C:\Users\Chaos\Desktop\dead_space_3_isaac_clarke_and_john_carver_214135812.gma
2014-04-13 13:46 - 2014-04-13 13:53 - 06114157 _____ () C:\Users\Chaos\Desktop\lich_king_model_and_playermodel_179134697.gma
2014-04-13 13:45 - 2014-04-13 13:53 - 42385927 _____ () C:\Users\Chaos\Desktop\the_elder_scrolls_v_skyrim_dovahkiin_playermodel_156922874.gma
2014-04-13 13:27 - 2014-04-13 13:52 - 116106709 _____ () C:\Users\Chaos\Desktop\ww2_ttt_weapons_pack_202970409.gma
2014-04-13 13:03 - 2014-03-16 21:36 - 00000000 ____D () C:\Users\Chaos\AppData\Roaming\FileZilla
2014-04-12 23:17 - 2013-10-12 22:50 - 00000000 ____D () C:\Users\Chaos\AppData\Roaming\TS3Client
2014-04-12 23:05 - 2014-03-30 17:42 - 00000000 _____ () C:\Users\Chaos\Desktop\GmadConvGUI.exe
2014-04-12 22:03 - 2014-04-07 00:12 - 00000000 ____D () C:\Users\Chaos\AppData\Local\PMB Files
2014-04-12 22:03 - 2014-04-07 00:12 - 00000000 ____D () C:\ProgramData\PMB Files
2014-04-12 00:34 - 2006-11-02 15:01 - 00032514 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-12 00:34 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-12 00:10 - 2013-10-12 20:26 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-11 23:44 - 2013-10-12 14:57 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-11 19:42 - 2014-04-11 19:42 - 00000584 _____ () C:\Users\Public\Desktop\Flixster.lnk
2014-04-11 19:42 - 2014-04-11 19:42 - 00000000 ____D () C:\Users\Chaos\AppData\Roaming\com.wb.DC2
2014-04-11 19:41 - 2014-04-11 19:41 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2014-04-11 19:41 - 2014-04-11 19:41 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2014-04-11 19:41 - 2014-04-11 19:41 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR
2014-04-11 19:41 - 2013-10-28 19:46 - 00000000 ____D () C:\ProgramData\Adobe
2014-04-11 19:41 - 2013-10-15 18:09 - 00000000 ____D () C:\Users\Chaos\AppData\Local\Adobe
2014-04-11 19:41 - 2013-10-12 20:27 - 00000000 ____D () C:\Users\Chaos\AppData\Roaming\Adobe
2014-04-11 16:32 - 2014-03-16 21:36 - 00000000 ____D () C:\Users\Chaos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2014-04-11 16:32 - 2014-03-16 21:36 - 00000000 ____D () C:\Program Files\FileZilla FTP Client
2014-04-11 16:31 - 2014-04-11 16:31 - 04968079 _____ () C:\Users\Chaos\Downloads\FileZilla_3.8.0_win32-setup.exe
2014-04-11 16:13 - 2014-04-11 16:13 - 00000816 _____ () C:\Users\Administrator\Desktop\CF Toolbox.lnk
2014-04-11 16:13 - 2014-04-11 16:13 - 00000000 ____D () C:\Users\Chaos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CF Toolbox
2014-04-11 15:56 - 2013-11-23 12:21 - 00000000 ____D () C:\Users\Chaos\AppData\Local\Akamai
2014-04-11 15:53 - 2013-10-13 10:36 - 00000000 ____D () C:\Program Files\Common Files\Steam
2014-04-11 15:47 - 2014-04-11 15:47 - 00000000 __SHD () C:\ProgramData\Windows Firewall
2014-04-11 15:45 - 2014-04-11 15:45 - 01141680 _____ () C:\Users\Chaos\Downloads\SteamSetup.exe
2014-04-11 14:44 - 2013-10-12 14:57 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-10 13:10 - 2013-10-13 07:19 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-10 13:08 - 2006-11-02 12:24 - 88028728 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-04-10 13:06 - 2014-04-08 16:32 - 00000000 ____D () C:\Users\Chaos\AppData\Roaming\TeamViewer
2014-04-09 20:26 - 2014-01-09 20:45 - 00000204 _____ () C:\Windows\setupact.log
2014-04-09 16:17 - 2014-03-04 18:22 - 00000000 ____D () C:\ProgramData\Origin
2014-04-09 15:35 - 2013-12-15 23:09 - 00189248 _____ () C:\Windows\system32\PnkBstrB.exe
2014-04-09 15:35 - 2013-12-15 23:09 - 00189248 _____ () C:\Windows\system32\PnkBstrB.ex0
2014-04-09 15:35 - 2013-12-15 23:09 - 00138056 _____ () C:\Windows\system32\Drivers\PnkBstrK.sys
2014-04-09 15:35 - 2013-12-15 23:09 - 00138056 _____ () C:\Users\Chaos\AppData\Roaming\PnkBstrK.sys
2014-04-09 15:35 - 2013-12-15 23:09 - 00075136 _____ () C:\Windows\system32\PnkBstrA.exe
2014-04-09 12:32 - 2014-04-08 17:08 - 00000000 ____D () C:\Program Files\RPG Maker VX Ace
2014-04-09 11:37 - 2006-11-02 14:47 - 00381552 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-08 20:42 - 2014-04-08 17:23 - 00000000 ____D () C:\Users\Chaos\Documents\RPGVXAce
2014-04-08 19:30 - 2014-04-08 19:30 - 00002035 _____ () C:\Users\Public\Desktop\Free Audio Converter.lnk
2014-04-08 19:30 - 2014-04-08 19:30 - 00000000 ____D () C:\Program Files\DVDVideoSoft
2014-04-08 19:30 - 2014-04-08 19:30 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2014-04-08 19:30 - 2014-04-08 19:29 - 00000000 ____D () C:\Users\Chaos\AppData\Roaming\DVDVideoSoft
2014-04-08 17:14 - 2013-10-12 14:31 - 00104192 _____ () C:\Users\Chaos\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-08 17:10 - 2014-04-08 17:10 - 00000000 ____D () C:\Users\Chaos\AppData\Roaming\Enterbrain
2014-04-08 17:10 - 2014-04-08 17:10 - 00000000 ____D () C:\Program Files\Common Files\Enterbrain
2014-04-08 17:09 - 2014-04-08 17:09 - 00000792 _____ () C:\Users\Chaos\Desktop\RPGVXAce - Verknüpfung.lnk
2014-04-08 17:04 - 2014-04-08 17:04 - 11717876 _____ () C:\Users\Chaos\Documents\m39-287-456_2014-04-08 17.03.tvs
2014-04-08 16:35 - 2013-10-12 14:30 - 00000000 ____D () C:\Users\Chaos
2014-04-08 16:32 - 2014-04-08 16:32 - 00000537 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-04-08 16:29 - 2014-04-08 16:29 - 06120184 _____ (TeamViewer GmbH) C:\Users\Chaos\Downloads\TeamViewer_Setup_de.exe
2014-04-07 12:20 - 2014-04-07 12:20 - 00000000 ____D () C:\Users\Chaos\AppData\Roaming\LolClient
2014-04-07 00:13 - 2014-04-07 00:13 - 00001307 _____ () C:\Users\Public\Desktop\Play League of Legends.lnk
2014-04-07 00:13 - 2014-04-07 00:13 - 00000000 __SHD () C:\Windows\system32\AI_RecycleBin
2014-04-07 00:12 - 2014-04-07 00:12 - 00000000 ____D () C:\Program Files\Pando Networks
2014-04-07 00:12 - 2014-04-07 00:11 - 00000000 ____D () C:\Users\Chaos\AppData\Roaming\Riot Games
2014-04-06 19:07 - 2014-04-06 19:07 - 00001954 _____ () C:\Users\Public\Desktop\Enter The Matrix.lnk
2014-04-06 18:46 - 2014-04-06 18:46 - 00000000 ____D () C:\Program Files\Infogrames
2014-04-06 18:46 - 2013-10-12 14:45 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-04-06 18:44 - 2013-11-15 19:45 - 00000000 ____D () C:\Program Files\Common Files\InstallShield
2014-04-06 01:32 - 2013-10-12 16:36 - 00000000 ____D () C:\Program Files\Minecraft
2014-04-05 14:54 - 2014-03-06 13:15 - 00280904 _____ () C:\Windows\system32\PnkBstrB.xtr
2014-04-05 12:58 - 2013-10-12 20:20 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-04-05 12:51 - 2014-04-05 12:51 - 00000619 _____ () C:\Users\Chaos\Desktop\BigRaceUSA.lnk
2014-04-05 12:48 - 2014-04-05 12:48 - 00000000 ____D () C:\Users\Chaos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pro Pinball
2014-04-05 12:45 - 2014-04-05 12:45 - 00000000 ____D () C:\Program Files\Pro Pinball
2014-04-03 10:39 - 2014-04-03 10:39 - 00000000 ____D () C:\Users\Chaos\Documents\Electronic Arts
2014-04-03 10:39 - 2014-04-03 10:39 - 00000000 ____D () C:\Users\Chaos\AppData\Local\Electronic Arts
2014-04-03 10:35 - 2014-04-03 10:35 - 00000991 _____ () C:\Users\Public\Desktop\Dead Space.lnk
2014-04-03 10:35 - 2013-10-12 19:35 - 00011776 _____ () C:\Users\Chaos\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-04-02 19:46 - 2014-04-02 19:40 - 00000000 ____D () C:\Users\Chaos\AppData\Roaming\Notepad++
2014-04-02 19:40 - 2014-04-02 19:40 - 00000862 _____ () C:\Users\Administrator\Desktop\Notepad++.lnk
2014-04-02 19:40 - 2014-04-02 19:40 - 00000000 ____D () C:\Users\Chaos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-04-02 19:40 - 2013-10-12 15:33 - 00000000 ____D () C:\Program Files\Notepad++
2014-04-02 19:39 - 2014-04-02 19:39 - 00000000 ____D () C:\Neuer Ordner
2014-04-02 14:36 - 2014-04-02 14:36 - 00143616 _____ () C:\Windows\Minidump\Mini040214-01.dmp
2014-04-02 14:36 - 2013-12-26 23:15 - 00000000 ____D () C:\Windows\Minidump
2014-04-02 14:35 - 2013-12-26 23:15 - 230596154 _____ () C:\Windows\MEMORY.DMP
2014-03-31 15:11 - 2014-03-31 15:11 - 00000000 _____ () C:\Windows\iPlayer.INI
2014-03-31 15:10 - 2014-03-31 15:10 - 00000000 ____D () C:\Program Files\InterActual
2014-03-31 09:35 - 2013-10-12 20:28 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-03-30 11:57 - 2014-03-30 11:57 - 00000000 ____D () C:\Program Files\SCOL
2014-03-30 11:57 - 2014-03-30 11:52 - 00000000 ____D () C:\Program Files\Scotland Yard
2014-03-30 11:50 - 2014-03-30 11:50 - 00000000 ____D () C:\SCOL
2014-03-30 11:20 - 2013-11-01 21:10 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-03-29 21:58 - 2014-03-29 21:58 - 00000000 ____D () C:\Users\Chaos\AppData\Roaming\TortoiseSVN
2014-03-29 21:58 - 2014-03-29 21:58 - 00000000 ____D () C:\Users\Chaos\AppData\Roaming\Subversion
2014-03-29 21:57 - 2014-03-29 21:56 - 00000000 ____D () C:\Program Files\TortoiseSVN
2014-03-29 21:56 - 2014-03-29 21:56 - 00000000 ____D () C:\Program Files\Common Files\TortoiseOverlays
2014-03-29 13:54 - 2014-03-29 13:53 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-27 16:33 - 2014-03-06 13:14 - 00000000 ____D () C:\Program Files\Battlelog Web Plugins
2014-03-26 20:55 - 2014-03-15 23:45 - 02136461 _____ () C:\Users\Chaos\Desktop\FTB.exe
2014-03-26 20:55 - 2013-10-12 23:32 - 00000000 ____D () C:\Users\Chaos\AppData\Roaming\ftblauncher
2014-03-25 22:37 - 2014-03-25 22:36 - 00000000 ____D () C:\Users\Chaos\AppData\Local\Sniper Elite Zombie Army 2
2014-03-24 21:22 - 2014-03-24 20:52 - 00000000 ____D () C:\Users\Chaos\AppData\Local\ESN Sonar
2014-03-24 17:51 - 2014-03-24 17:51 - 00000000 ____D () C:\Users\Chaos\AppData\Local\Skype
2014-03-24 17:50 - 2013-10-12 21:08 - 00000000 ____D () C:\ProgramData\Skype
2014-03-24 17:50 - 2013-10-12 16:36 - 00000000 ___RD () C:\Program Files\Skype
2014-03-23 17:49 - 2014-03-23 17:49 - 00002098 _____ () C:\Users\Public\Desktop\Die Schlacht um Mittelerde™ II.lnk
2014-03-23 17:49 - 2013-11-10 17:06 - 00243696 _____ () C:\Windows\DirectX.log
2014-03-23 12:43 - 2014-03-23 12:05 - 00000000 ____D () C:\Users\Chaos\Downloads\The.Lord.Of.The.Rings.Battle.For.Middle.Earth.2-RELOADED
2014-03-23 11:06 - 2014-03-23 11:06 - 00002092 _____ () C:\Users\Public\Desktop\Aufstieg des Hexenkönigs™.lnk
2014-03-23 11:06 - 2014-01-09 20:27 - 00000000 ____D () C:\Users\Chaos\AppData\Local\Smartbar
2014-03-23 11:01 - 2013-11-01 21:11 - 00000000 ____D () C:\Users\Chaos\AppData\Local\Thunderbird
2014-03-23 11:01 - 2013-10-20 12:08 - 00000000 ____D () C:\Program Files\EA GAMES
2014-03-23 10:58 - 2013-11-10 17:08 - 00000000 ____D () C:\Program Files\Electronic Arts
2014-03-23 00:00 - 2014-03-22 23:59 - 00000000 ____D () C:\Users\Public\Documents\DAEMON Tools Images
2014-03-22 20:15 - 2014-03-22 20:15 - 00001660 _____ () C:\Users\Administrator\Desktop\CDCheck.lnk
2014-03-22 20:15 - 2014-03-22 20:15 - 00000000 ____D () C:\Users\Chaos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CDCheck
2014-03-22 20:15 - 2014-03-22 20:15 - 00000000 ____D () C:\Program Files\CDCheck
2014-03-16 21:36 - 2014-03-16 21:35 - 04822473 _____ (Tim Kosse) C:\Users\Chaos\Downloads\FileZilla_3.7.4.1_win32-setup.exe
2014-03-16 20:25 - 2013-12-16 20:24 - 00000000 ____D () C:\Users\Chaos\AppData\Roaming\.technic
2014-03-16 16:18 - 2014-03-16 13:30 - 00000000 ____D () C:\Users\Chaos\AppData\Roaming\.minecraft
2014-03-16 15:51 - 2013-10-15 18:03 - 00000000 ____D () C:\Users\Chaos\AppData\Roaming\Tunngle
2014-03-16 15:51 - 2013-10-15 18:03 - 00000000 ____D () C:\ProgramData\Tunngle
2014-03-14 20:08 - 2013-10-12 20:50 - 00000000 ____D () C:\Users\Chaos\AppData\Local\TeamSpeak 3 Client
2014-03-14 19:30 - 2013-10-16 10:21 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
Files to move or delete:
====================
C:\Users\Chaos\AppData\Roaming\msconfig.ini
C:\Users\Public\AlexaNSISPlugin.3456.dll
Some content of TEMP:
====================
C:\Users\Chaos\AppData\Local\Temp\AutoRun.exe
C:\Users\Chaos\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Chaos\AppData\Local\Temp\CmdLineExt02.dll
C:\Users\Chaos\AppData\Local\Temp\drm_dyndata_7330014.dll
C:\Users\Chaos\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Chaos\AppData\Local\Temp\EAInstall.dll
C:\Users\Chaos\AppData\Local\Temp\eauninstall.exe
C:\Users\Chaos\AppData\Local\Temp\jansi-32-git-Bukkit-1.6.4-R2.0-26-g31d7c5f-b2943jnks.dll
C:\Users\Chaos\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Chaos\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Chaos\AppData\Local\Temp\SIntf16.dll
C:\Users\Chaos\AppData\Local\Temp\SIntf32.dll
C:\Users\Chaos\AppData\Local\Temp\SIntfNT.dll
C:\Users\Chaos\AppData\Local\Temp\sonarinst.exe
C:\Users\Chaos\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Chaos\AppData\Local\Temp\The Battle for Middle-earth II_uninst.exe
C:\Users\Chaos\AppData\Local\Temp\xmlUpdater.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-04-13 15:19
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-04-2014 01
Ran by Chaos at 2014-04-13 17:52:49
Running from C:\Users\Chaos\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Microsoft Security Essentials (Disabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Disabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
==================== Installed Programs ======================
µTorrent (HKCU\...\uTorrent) (Version: 3.3.2.30303 - BitTorrent Inc.)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 13.0.0.83 - Adobe Systems Incorporated)
Adobe AIR (Version: 13.0.0.83 - Adobe Systems Incorporated) Hidden
Adobe Bridge 1.0 (Version: 001.000.001 - Adobe Systems) Hidden
Adobe Common File Installer (Version: 1.00.001 - Adobe System Incorporated) Hidden
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Help Center 1.0 (Version: 1.0.1 - Adobe Systems) Hidden
Adobe Illustrator CS2 (HKLM\...\Adobe Illustrator CS2) (Version: 12.000.000 - Adobe Systems Inc.)
Adobe Illustrator CS2 (Version: 12.000.000 - Adobe Systems Inc.) Hidden
Adobe Reader X (10.1.9) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Adobe Stock Photos 1.0 (Version: 1.0.1 - Adobe Systems) Hidden
Adobe SVG Viewer 3.0 (HKLM\...\Adobe SVG Viewer) (Version: 3.0 - Adobe Systems, Inc.)
Age of Empires III (HKLM\...\InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III (Version: 1.00.0000 - Microsoft Game Studios) Hidden
Age of Mythology (HKLM\...\Age of Mythology 1.0) (Version: - )
Akamai NetSession Interface (HKCU\...\Akamai) (Version: - Akamai Technologies, Inc)
Amazon Browser Settings (HKLM\...\Amazon Browser Settings) (Version: 3.0 - Amazon)
AMD Catalyst Install Manager (HKLM\...\{0BD03BF6-3A66-EC7F-5155-28A8D6C69409}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
Amnesia - The Dark Descent (HKLM\...\{54B7A3C7-0940-4C16-A509-FC3C3758D22A}_is1) (Version: 1.0.0 - Frictional Games)
Aufstieg des Hexenkönigs™ (HKLM\...\{B931FB80-537A-4600-00AD-AC5DEDB6C25B}) (Version: - )
Battlefield 3™ (HKLM\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM\...\Battlelog Web Plugins) (Version: 2.3.2 - EA Digital Illusions CE AB)
Bing-Desktop (HKLM\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.171.0 - Microsoft Corporation)
Bochs 2.6.2 (remove only) (HKLM\...\Bochs 2.6.2) (Version: 2.6.2 - The Bochs Project)
Build and Shoot Launcher 1.2 (HKLM\...\Build and Shoot Launcher) (Version: 1.2 - Buld Then Snip, LLC)
Canon MG5200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series) (Version: - Canon Inc.)
Canon My Printer (HKLM\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Solution Menu EX (HKLM\...\CanonSolutionMenuEX) (Version: - )
Catalyst Control Center - Branding (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (Version: 2013.0328.2218.38225 - Ihr Firmenname) Hidden
Catalyst Control Center Graphics Previews Common (Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
ccc-utility (Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4291 - CDBurnerXP)
CDCheck (HKLM\...\CDCheck) (Version: - )
Cheat Engine 6.3 (HKLM\...\Cheat Engine 6.3_is1) (Version: - Cheat Engine)
Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Cities in Motion 2 (HKLM\...\Steam App 225420) (Version: - Colossal Order Ltd.)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.48.1.0347 - Disc Soft Ltd)
Dead Space (HKLM\...\{025A585C-0C66-413D-80D2-4C05CB699771}) (Version: 1.0.0.222 - Electronic Arts)
Die Schlacht um Mittelerde(tm) (HKLM\...\{3F290582-3F4E-4B96-009C-E0BABAA40C42}) (Version: - )
Die Schlacht um Mittelerde™ II (HKLM\...\{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}) (Version: - )
Dota 2 (HKLM\...\Steam App 570) (Version: - Valve)
Empire Earth (HKLM\...\{2447500B-22D7-47BD-9B13-1A927F43A267}) (Version: - )
Enter The Matrix (HKLM\...\{9CD92DB1-1B3B-4296-9456-93EA6BCAA4C5}) (Version: 1.00.000 - )
ESN Sonar (HKLM\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
FileZilla Client 3.8.0 (HKCU\...\FileZilla Client) (Version: 3.8.0 - Tim Kosse)
Flixster (HKLM\...\com.wb.DC2) (Version: 0.1.26 - Warner Bros. Entertainment Inc.)
Flixster (Version: 0.1.26 - Warner Bros. Entertainment Inc.) Hidden
Free Audio Converter version 5.0.37.327 (HKLM\...\Free Audio Converter_is1) (Version: 5.0.37.327 - DVDVideoSoft Ltd.)
Garry's Mod (HKLM\...\Steam App 4000) (Version: - Facepunch Studios)
GCFScape 1.8.5 (HKLM\...\GCFScape_is1) (Version: - Ryan Gregg)
GIMP 2.8.6 (HKLM\...\GIMP-2_is1) (Version: 2.8.6 - The GIMP Team)
GoldWave v4.26 (HKLM\...\GoldWave v4.26) (Version: - )
Google Chrome (HKLM\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.23.9 - Google Inc.) Hidden
GTAIII (HKLM\...\{92B94569-6683-4617-8C54-EB27A1B51B30}) (Version: - )
Half-Life Dedicated Server Update Tool (HKLM\...\Half-Life Dedicated Server Update Tool) (Version: - )
HdR Die Rückkehr des Königs tm (HKLM\...\{6E298B0A-558C-4138-0096-740677B382CD}) (Version: - )
HydraVision (Version: 4.2.252.0 - Advanced Micro Devices, Inc.) Hidden
Iminent (Version: 6.37.21.0 - Iminent) Hidden <==== ATTENTION
InterActual Player (HKLM\...\InterActual Player) (Version: - )
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
League of Legends (HKLM\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (Version: 3.0.1 - Riot Games ) Hidden
LUXOR Evolved (HKLM\...\LUXOR Evolved) (Version: 1.1.0.0 - MumboJumbo)
Medieval II Total War (HKLM\...\{C0698BDA-0D29-40EE-8570-A31106DF9AB1}) (Version: 1.03.000 - SEGA)
Medieval II Total War : Kingdoms : Americas (HKLM\...\{75983B66-804C-40D1-BA13-64DAF652A6F1}) (Version: 1.03.000 - SEGA)
Medieval II Total War : Kingdoms : Britannia (HKLM\...\{CEDDEE73-3D36-41C2-AA40-29355D9FBD63}) (Version: 1.03.000 - SEGA)
Medieval II Total War : Kingdoms : Crusades (HKLM\...\{02A10468-2F1C-447C-AD8E-4DEDDEA25AE2}) (Version: 1.03.000 - SEGA)
Medieval II Total War : Kingdoms : Teutonic (HKLM\...\{7AEE1963-7001-4C37-BC20-2FAEB74AA41C}) (Version: 1.03.000 - SEGA)
MEDUSA NX USB 5.1 Gaming Headset (HKLM\...\C-Media CM106 Like Sound Driver) (Version: - )
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Mozilla Firefox 28.0 (x86 de) (HKLM\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML4 Parser (HKLM\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios)
Myst Masterpiece Edition (HKLM\...\Myst Masterpiece Edition) (Version: - )
Need for Speed™ Carbon (HKLM\...\{259C0ABB-A3B2-4D70-008F-BF7EE491B70B}) (Version: - )
Notepad++ (HKLM\...\Notepad++) (Version: 6.5.5 - Notepad++ Team)
NVIDIA PhysX (HKLM\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
OpenAL (HKLM\...\OpenAL) (Version: - )
Orcs Must Die! 2 (HKLM\...\Steam App 201790) (Version: - Robot Entertainment)
Origin (HKLM\...\Origin) (Version: 9.4.5.195 - Electronic Arts, Inc.)
Overwolf (HKLM\...\{0A337036-B73E-4C85-8D32-3851F84B7CFE}) (Version: 0.46.271 - Overwolf)
Paint.NET v3.5.11 (HKLM\...\{72EF03F5-0507-4861-9A44-D99FD4C41417}) (Version: 3.61.0 - dotPDN LLC)
Pando Media Booster (HKLM\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
PaperPort Image Printer (HKLM\...\{332CC6BF-E6C7-48EE-BA3D-435E576AD67F}) (Version: 1.00.0000 - Nuance Communications, Inc.)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.214.1 - Tracker Software Products Ltd)
Pro Pinball : Big Race USA (HKLM\...\Pro Pinball : Big Race USA) (Version: - )
PunkBuster Services (HKLM\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
QuickTime (HKLM\...\QuickTime) (Version: - )
Razer Game Booster (HKLM\...\Razer Game Booster_is1) (Version: 4.2.45.0 - Razer Inc.)
Razer Lachesis 5600 (HKLM\...\{580AEA6C-E35C-4470-818F-0F0A083EE1AD}) (Version: 3.00.08 - Razer USA Ltd.)
RealDownloader (Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
Realtek Ethernet Controller Driver For Windows Vista and Later (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0011 - Realtek)
REALTEK Wireless LAN Driver (HKLM\...\{B20F9D1C-A0A5-4cd8-8306-DE95842311B1}) (Version: 1.00.0129 - REALTEK Semiconductor Corp.)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
RPG MAKER VX Ace RTP (HKLM\...\RPGVXAce_RTP_is1) (Version: 1.00 - Enterbrain)
Sanctum 2 (HKLM\...\Steam App 210770) (Version: - Coffee Stain Studios)
ScanSoft PaperPort 11 (HKLM\...\{B6C89654-A6A2-477C-873B-724EC1C56407}) (Version: 11.1.0000 - Nuance Communications, Inc.)
Scotland Yard (HKLM\...\Scotland Yard) (Version: - )
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Shadowgrounds (HKLM\...\Steam App 2500) (Version: - Frozenbyte)
Skype™ 6.14 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Sniper Elite: Zombie Army (HKLM\...\Steam App 235700) (Version: - Rebellion)
Sniper Elite: Zombie Army 2 (HKLM\...\Steam App 247930) (Version: - Rebellion)
SopCast 3.5.0 (HKLM\...\SopCast) (Version: 3.5.0 - www.sopcast.com)
System Requirements Lab for Intel (HKLM\...\{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}) (Version: 4.5.13.0 - Husdawg, LLC)
Team Fortress 2 (HKLM\...\Steam App 440) (Version: - Valve)
TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.27614 - TeamViewer)
Tinypic 3.18 (HKLM\...\{E3723A04-A894-4036-A78E-282E18F43C0A}_is1) (Version: Tinypic 3.18 - E. Fiedler)
TortoiseSVN 1.8.5.25224 (32 bit) (HKLM\...\{4B07E3B5-2F98-4EA0-89A3-73FD83148034}) (Version: 1.8.25224 - TortoiseSVN)
Tunngle beta (HKLM\...\Tunngle beta_is1) (Version: - Tunngle.net GmbH)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878297) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{9B1DEEA3-B4ED-49F0-9EF7-4A820EEEA7F1}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
VTFEdit 1.3.3 (HKLM\...\VTFEdit_is1) (Version: - Neil Jedrzejewski & Ryan Gregg)
War Thunder (HKLM\...\Steam App 236390) (Version: - Gaijin Entertainment)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX control for remote connections (HKLM\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
WinRAR 5.00 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
ZoneAlarm Free Antivirus + Firewall (HKLM\...\ZoneAlarm Free Antivirus + Firewall) (Version: 13.0.208.000 - Check Point)
ZoneAlarm Security (Version: 13.0.208.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Security Toolbar (HKCU\...\zonealarm) (Version: 1.8.29.17 - Check Point Software Technologies LTD)
ZoneAlarm Security Toolbar (HKLM\...\zonealarm) (Version: 1.8.29.17 - Check Point Software Technologies LTD)
==================== Restore Points =========================
10-04-2014 10:34:59 Geplanter Prüfpunkt
10-04-2014 11:08:04 Windows Update
11-04-2014 11:48:09 Geplanter Prüfpunkt
13-04-2014 12:00:02 Windows Update
13-04-2014 12:28:59 Windows Update
13-04-2014 13:06:15 Windows Update
==================== Hosts content: ==========================
2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {1C618D5F-785E-4A61-8C0F-A05FDA801F41} - System32\Tasks\ScanSoft Background Update => C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25] (Nuance Communications, Inc.)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {1DC5B20E-F1EB-4C81-B877-1922D0A0360D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-10-12] (Google Inc.)
Task: {237AE844-7E06-43FB-8DC3-7E15D564B006} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {3A7CB74D-2D64-40AD-A776-0E168510CAA2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated)
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-18] (Microsoft Corporation)
Task: {55FD986E-01DD-4B7B-8C1E-94E4C2CB5C5A} - System32\Tasks\Razer_Game_Booster_AutoUpdate => C:\Program Files\Razer\Razer Game Booster\AutoUpdate.exe
Task: {75392092-76A3-4D1B-8130-55B51B122AC1} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {85930C87-1EE2-43D9-BE33-1CE0C44C27C1} - System32\Tasks\RealCreateProcessScheduledTask846258S-1-5-21-2149094274-397478528-610200255-1000 => C:\Program Files\Real\RealPlayer\realplay.exe [2013-10-19] (RealNetworks, Inc.)
Task: {92A4BF15-B0AA-4072-9024-0363BDF5F2A2} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation)
Task: {A3DC85AC-F378-4D3A-9A87-449563911976} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2149094274-397478528-610200255-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {A71D143B-191C-45ED-BD7C-880435FA2678} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {A728AE6B-5AB8-4223-AD3E-E6341441A01C} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => Rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries
Task: {BEA5712F-C89A-421E-9629-475BA94D97BE} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\VistaSP1CEIP => C:\Windows\servicing\vsp1ceip.exe [2008-01-18] (Microsoft Corporation)
Task: {D61D2ADB-AADD-4311-844C-DF5F5BDE1F87} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-10-12] (Google Inc.)
Task: {DA9625CF-7650-4573-BAA1-F596D0F80E3B} - System32\Tasks\Real Player-Online-Aktualisierungsprogramm => C:\Program Files\Real\RealPlayer\update\realsched.exe [2013-10-19] (RealNetworks, Inc.)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2013-10-12] ()
Task: {ED65E03E-A4A3-4990-B8D2-5F8921AC5C10} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files\Desk 365\desk365.exe <==== ATTENTION
Task: {FCFD05DB-C8B2-4797-950B-C316F5004573} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: {FF026709-958F-4231-9C35-49847884C60B} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2149094274-397478528-610200255-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2014-04-08 16:34 - 2013-10-17 17:32 - 00019448 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\TeamViewer_PrintProcessor.dll
2013-10-12 15:36 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
2014-02-18 21:32 - 2014-02-18 21:32 - 00065776 _____ () C:\Program Files\TortoiseSVN\bin\TortoiseStub32.dll
2014-02-18 21:32 - 2014-02-18 21:32 - 00071920 _____ () C:\Program Files\TortoiseSVN\bin\libsasl32.dll
2014-03-28 11:35 - 2014-03-28 11:35 - 00093696 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2012-06-18 17:24 - 2012-06-18 17:24 - 00260096 _____ () C:\Program Files\Notepad++\NppShell_05.dll
2013-12-14 19:32 - 2013-12-13 00:19 - 00142848 _____ () E:\Steamm\libavresample-1.dll
2013-12-14 19:32 - 2013-11-05 03:12 - 00890592 _____ () E:\Steamm\libavutil-52.dll
2013-12-07 15:10 - 2014-02-11 04:34 - 00751616 _____ () E:\Steamm\SDL2.dll
2013-12-07 15:11 - 2014-02-25 23:57 - 01135296 _____ () E:\Steamm\bin\chromehtml.dll
2013-12-07 15:11 - 2014-01-11 01:33 - 20625832 _____ () E:\Steamm\bin\libcef.dll
2013-12-07 15:11 - 2013-06-15 01:49 - 01100800 _____ () E:\Steamm\bin\avcodec-53.dll
2013-12-07 15:11 - 2013-06-15 01:49 - 00124416 _____ () E:\Steamm\bin\avutil-51.dll
2013-12-07 15:11 - 2013-06-15 01:49 - 00192000 _____ () E:\Steamm\bin\avformat-53.dll
2014-03-12 21:10 - 2014-03-12 21:10 - 16276872 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll
2014-03-29 13:53 - 2014-03-29 13:53 - 03642480 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
Name: Realtek RTL8191SU Wireless LAN 802.11n USB 2.0 Network Adapter
Description: Realtek RTL8191SU Wireless LAN 802.11n USB 2.0 Network Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek Semiconductor Corp.
Service: RTL8192su
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (04/13/2014 04:57:55 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall
Error: (04/13/2014 03:25:45 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (04/13/2014 03:25:45 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (04/13/2014 03:22:11 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (04/13/2014 03:22:11 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (04/13/2014 03:21:48 PM) (Source: ESENT) (User: )
Description: WinMail (2808) WindowsMail0: Die Sicherung wurde abgebrochen, weil sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen wurde.
Error: (04/13/2014 03:07:53 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Fehler beim Starten einer Windows Installer-Transaktion: C:\Users\Chaos\AppData\Local\Temp\{907A1104-E812-4b5c-959B-E4DAB37A96AB}\Firewall.msi. Beim Beenden der Transaktion ist Fehler 1622 aufgetreten.
Error: (04/13/2014 02:58:43 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall
Error: (04/13/2014 02:21:28 PM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung Setup.exe_Microsoft Security Client, Version 4.5.216.0, Zeitstempel 0x531f4402, fehlerhaftes Modul msvcrt.dll, Version 7.0.6002.18551, Zeitstempel 0x4ee8cc5a, Ausnahmecode 0x40000015, Fehleroffset 0x00052fd3,
Prozess-ID 0x9e0, Anwendungsstartzeit Setup.exe_Microsoft Security Client0.
Error: (04/13/2014 01:23:58 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall
System errors:
=============
Error: (04/13/2014 05:03:34 PM) (Source: Service Control Manager) (User: )
Description: TeamViewer 9220001Neustart des Diensts
Error: (04/13/2014 05:03:29 PM) (Source: Service Control Manager) (User: )
Description: TeamViewer 9120001Neustart des Diensts
Error: (04/13/2014 05:03:17 PM) (Source: Service Control Manager) (User: )
Description: PnkBstrB1
Error: (04/13/2014 05:03:16 PM) (Source: Service Control Manager) (User: )
Description: PnkBstrA1
Error: (04/13/2014 05:03:09 PM) (Source: Service Control Manager) (User: )
Description: Adobe Acrobat Update Service1
Error: (04/13/2014 05:03:07 PM) (Source: Service Control Manager) (User: )
Description: Bing Desktop Update service1
Error: (04/13/2014 03:15:14 PM) (Source: Service Control Manager) (User: )
Description: Microsoft Antimalware Service%%2
Error: (04/13/2014 03:15:11 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)
Error: (04/13/2014 03:15:10 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (04/13/2014 02:33:09 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: 0x80070643Definitionsupdate für Microsoft Security Essentials – KB2310138 (Definition 1.169.2500.0){7CEC6E91-D83F-4D21-8991-D759F7BF90E7}201
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2014-04-03 18:26:33.125
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\msiltcfg.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-04-03 18:26:21.266
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\msiltcfg.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-04-03 18:26:06.130
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\msiltcfg.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-04-03 18:26:00.136
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\msiltcfg.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-04-03 18:25:48.232
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\msiltcfg.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-04-02 17:01:58.602
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\msiltcfg.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-04-02 17:01:54.300
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\msiltcfg.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-04-02 17:01:50.260
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\msiltcfg.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-04-02 17:01:29.263
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\msiltcfg.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-04-02 17:01:24.057
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\msiltcfg.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 58%
Total physical RAM: 3070.51 MB
Available physical RAM: 1269.45 MB
Total Pagefile: 6387.29 MB
Available Pagefile: 4588.58 MB
Total Virtual: 2047.88 MB
Available Virtual: 1904.27 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:186.31 GB) (Free:49.91 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (127 GB Extra Speicher) (Fixed) (Total:127.99 GB) (Free:22.09 GB) NTFS
Drive f: (170 GB Extra Speicher) (Fixed) (Total:170.1 GB) (Free:137.4 GB) NTFS
Drive j: () (Removable) (Total:1.83 GB) (Free:1.67 GB) FAT
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: 00000001)
Partition 1: (Active) - (Size=128 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=170 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 186 GB) (Disk ID: 95768B25)
Partition 1: (Active) - (Size=186 GB) - (Type=07 NTFS)
========================================================
Disk: 3 (Size: 2 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
==================== End Of Log ============================
Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 18:16 on 13/04/2014 (Chaos)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
vielen Dank im Vorraus. |
|
13.04.2014, 20:52
| #2 |
| /// the machine /// TB-Ausbilder   |  Windows Vista SP2: Kein Zugriff mehr auf viele Programme. hi,
__________________Scan mit Combofix
__________________ |
|
13.04.2014, 23:36
| #3 | |
| | Windows Vista SP2: Kein Zugriff mehr auf viele Programme. Hallo Schrauber,
__________________ich habe mir Combofix heruntergeladen, und auf dem Desktop gezogen. Als ich es starten wollte kam das selbe Problem wie mit allen anderen Antiviren Programme, es lies sich wegen mangelnder Bereechtigung nicht öffnen... Als ich es nocheinmal heruntergeladen hatte um es in einem anderen Verzeichnis zu probieren, kam auch wie bei allen anderen Anitvirenprogrammen: Download fehlgeschlagen. Zitat:
 Grüße, Florian.K |
|
15.04.2014, 10:21
| #4 |
| /// the machine /// TB-Ausbilder | Windows Vista SP2: Kein Zugriff mehr auf viele Programme. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKU\S-1-5-21-2149094274-397478528-610200255-1000\...\Winlogon: [Shell] explorer.exe,"C:\ProgramData\Windows Firewall\winfirewall.exe" [0 ] (Motorola, Inc.) <==== ATTENTION
IFEO\AvastSvc.exe: [Debugger] nqij.exe
IFEO\AvastUI.exe: [Debugger] nqij.exe
IFEO\avcenter.exe: [Debugger] nqij.exe
IFEO\avconfig.exe: [Debugger] nqij.exe
IFEO\avgcsrvx.exe: [Debugger] nqij.exe
IFEO\avgidsagent.exe: [Debugger] nqij.exe
IFEO\avgnt.exe: [Debugger] nqij.exe
IFEO\avgrsx.exe: [Debugger] nqij.exe
IFEO\avguard.exe: [Debugger] nqij.exe
IFEO\avgui.exe: [Debugger] nqij.exe
IFEO\avgwdsvc.exe: [Debugger] nqij.exe
IFEO\avp.exe: [Debugger] nqij.exe
IFEO\avscan.exe: [Debugger] nqij.exe
IFEO\bdagent.exe: [Debugger] nqij.exe
IFEO\ccuac.exe: [Debugger] nqij.exe
IFEO\ComboFix.exe: [Debugger] nqij.exe
IFEO\egui.exe: [Debugger] nqij.exe
IFEO\hijackthis.exe: [Debugger] nqij.exe
IFEO\instup.exe: [Debugger] nqij.exe
IFEO\keyscrambler.exe: [Debugger] nqij.exe
IFEO\mbam.exe: [Debugger] nqij.exe
IFEO\mbamgui.exe: [Debugger] nqij.exe
IFEO\mbampt.exe: [Debugger] nqij.exe
IFEO\mbamscheduler.exe: [Debugger] nqij.exe
IFEO\mbamservice.exe: [Debugger] nqij.exe
IFEO\MpCmdRun.exe: [Debugger] nqij.exe
IFEO\MSASCui.exe: [Debugger] nqij.exe
IFEO\MsMpEng.exe: [Debugger] nqij.exe
IFEO\msseces.exe: [Debugger] nqij.exe
IFEO\rstrui.exe: [Debugger] nqij.exe
IFEO\spybotsd.exe: [Debugger] nqij.exe
IFEO\wireshark.exe: [Debugger] nqij.exe
IFEO\zlclient.exe: [Debugger] nqij.exe
C:\ProgramData\Windows Firewall
C:\Users\Chaos\AppData\Roaming\msconfig.ini
C:\Users\Public\AlexaNSISPlugin.3456.dll
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Jetzt bitte nochmal Combofix.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
15.04.2014, 17:59
| #5 |
| |  Windows Vista SP2: Kein Zugriff mehr auf viele Programme. Danke Schrauber für die Fixlist, danach hatte Combofix dann auch endlich funktioniert  .Hier die Auswertungslogs: FRST Fixlog Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 14-04-2014
Ran by Chaos at 2014-04-15 18:29:26 Run:1
Running from C:\Users\Chaos\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
HKU\S-1-5-21-2149094274-397478528-610200255-1000\...\Winlogon: [Shell] explorer.exe,"C:\ProgramData\Windows Firewall\winfirewall.exe" [0 ] (Motorola, Inc.) <==== ATTENTION
IFEO\AvastSvc.exe: [Debugger] nqij.exe
IFEO\AvastUI.exe: [Debugger] nqij.exe
IFEO\avcenter.exe: [Debugger] nqij.exe
IFEO\avconfig.exe: [Debugger] nqij.exe
IFEO\avgcsrvx.exe: [Debugger] nqij.exe
IFEO\avgidsagent.exe: [Debugger] nqij.exe
IFEO\avgnt.exe: [Debugger] nqij.exe
IFEO\avgrsx.exe: [Debugger] nqij.exe
IFEO\avguard.exe: [Debugger] nqij.exe
IFEO\avgui.exe: [Debugger] nqij.exe
IFEO\avgwdsvc.exe: [Debugger] nqij.exe
IFEO\avp.exe: [Debugger] nqij.exe
IFEO\avscan.exe: [Debugger] nqij.exe
IFEO\bdagent.exe: [Debugger] nqij.exe
IFEO\ccuac.exe: [Debugger] nqij.exe
IFEO\ComboFix.exe: [Debugger] nqij.exe
IFEO\egui.exe: [Debugger] nqij.exe
IFEO\hijackthis.exe: [Debugger] nqij.exe
IFEO\instup.exe: [Debugger] nqij.exe
IFEO\keyscrambler.exe: [Debugger] nqij.exe
IFEO\mbam.exe: [Debugger] nqij.exe
IFEO\mbamgui.exe: [Debugger] nqij.exe
IFEO\mbampt.exe: [Debugger] nqij.exe
IFEO\mbamscheduler.exe: [Debugger] nqij.exe
IFEO\mbamservice.exe: [Debugger] nqij.exe
IFEO\MpCmdRun.exe: [Debugger] nqij.exe
IFEO\MSASCui.exe: [Debugger] nqij.exe
IFEO\MsMpEng.exe: [Debugger] nqij.exe
IFEO\msseces.exe: [Debugger] nqij.exe
IFEO\rstrui.exe: [Debugger] nqij.exe
IFEO\spybotsd.exe: [Debugger] nqij.exe
IFEO\wireshark.exe: [Debugger] nqij.exe
IFEO\zlclient.exe: [Debugger] nqij.exe
C:\ProgramData\Windows Firewall
C:\Users\Chaos\AppData\Roaming\msconfig.ini
C:\Users\Public\AlexaNSISPlugin.3456.dll
*****************
HKU\S-1-5-21-2149094274-397478528-610200255-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\AvastSvc.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\AvastUI.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avcenter.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avconfig.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgcsrvx.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgidsagent.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgnt.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgrsx.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avguard.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgui.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgwdsvc.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avp.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avscan.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bdagent.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ccuac.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ComboFix.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\egui.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\hijackthis.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\instup.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\keyscrambler.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbam.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbamgui.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbampt.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbamscheduler.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbamservice.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MpCmdRun.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MSASCui.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MsMpEng.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\msseces.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\rstrui.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\spybotsd.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\wireshark.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\zlclient.exe => Key deleted successfully.
"C:\ProgramData\Windows Firewall" directory move:
Could not move "C:\ProgramData\Windows Firewall\winfirewall.exe" => Scheduled to move on reboot.
Could not move "C:\ProgramData\Windows Firewall" directory. => Scheduled to move on reboot.
C:\Users\Chaos\AppData\Roaming\msconfig.ini => Moved successfully.
C:\Users\Public\AlexaNSISPlugin.3456.dll => Moved successfully.
=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-04-15 18:31:06)<=
C:\ProgramData\Windows Firewall\winfirewall.exe => Is moved successfully.
C:\ProgramData\Windows Firewall => Moved successfully.
==== End of Fixlog ====
Combofix Code:
ATTFilter ComboFix 14-04-12.01 - Chaos 15.04.2014 18:45:48.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3071.1703 [GMT 2:00]
ausgeführt von:: c:\users\Chaos\Desktop\ComboFixx.exe
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0407.exe
c:\windows\unin0407.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-03-15 bis 2014-04-15 ))))))))))))))))))))))))))))))
.
.
2014-04-15 16:54 . 2014-04-15 16:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-04-15 16:54 . 2014-04-15 16:54 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2014-04-15 16:37 . 2014-04-15 16:37 39464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F930E937-BE9B-4975-B1DC-2C0C526D8B59}\MpKslb7668738.sys
2014-04-15 16:30 . 2014-03-07 04:35 7969936 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F930E937-BE9B-4975-B1DC-2C0C526D8B59}\mpengine.dll
2014-04-14 16:00 . 2014-04-14 16:00 -------- d-----w- c:\program files\Samsung
2014-04-13 15:52 . 2014-04-15 16:31 -------- d-----w- C:\FRST
2014-04-13 13:21 . 2014-04-14 22:17 -------- d-----w- c:\users\Administrator\AppData\Local\TSVNCache
2014-04-13 13:21 . 2014-04-13 13:21 -------- d-----w- c:\users\Administrator\AppData\Roaming\Subversion
2014-04-13 13:06 . 2010-04-05 20:00 221568 ----a-w- c:\windows\system32\drivers\netio.sys
2014-04-13 12:54 . 2014-04-13 12:54 -------- d-----w- c:\program files\Check Point Software Technologies LTD
2014-04-13 12:54 . 2014-04-13 12:54 -------- d-----w- c:\users\Chaos\AppData\Roaming\Check Point Software Technologies LTD
2014-04-13 12:54 . 2014-04-13 13:07 -------- d-----w- c:\program files\CheckPoint
2014-04-13 12:52 . 2014-04-13 12:52 -------- d-----w- c:\programdata\CheckPoint
2014-04-13 12:00 . 2014-03-17 08:16 7969936 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C4BB82B5-309C-493D-9C53-BB4620520742}\mpengine.dll
2014-04-11 17:42 . 2014-04-11 17:42 -------- d-----w- c:\users\Chaos\AppData\Roaming\com.wb.DC2
2014-04-11 17:41 . 2014-04-11 17:41 -------- d-----w- c:\program files\Common Files\Adobe AIR
2014-04-11 11:43 . 2014-03-07 04:35 7969936 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-04-08 17:30 . 2014-04-08 17:30 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2014-04-08 17:30 . 2014-04-08 17:30 -------- d-----w- c:\program files\DVDVideoSoft
2014-04-08 17:29 . 2014-04-08 17:30 -------- d-----w- c:\users\Chaos\AppData\Roaming\DVDVideoSoft
2014-04-08 15:10 . 2014-04-08 15:10 -------- d-----w- c:\users\Chaos\AppData\Roaming\Enterbrain
2014-04-08 15:10 . 2014-04-08 15:10 -------- d-----w- c:\program files\Common Files\Enterbrain
2014-04-08 15:08 . 2014-04-09 10:32 -------- d-----w- c:\program files\RPG Maker VX Ace
2014-04-08 14:34 . 2013-10-17 15:32 19448 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\TeamViewer_PrintProcessor.dll
2014-04-08 14:32 . 2014-04-10 11:06 -------- d-----w- c:\users\Chaos\AppData\Roaming\TeamViewer
2014-04-08 14:32 . 2013-10-17 15:32 25088 ----a-w- c:\windows\system32\drivers\teamviewervpn.sys
2014-04-07 10:20 . 2014-04-07 10:20 -------- d-----w- c:\users\Chaos\AppData\Roaming\LolClient
2014-04-06 22:14 . 2008-07-12 06:18 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2014-04-06 22:14 . 2008-07-12 06:18 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2014-04-06 22:14 . 2008-07-12 06:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2014-04-06 22:13 . 2014-04-06 22:13 -------- d-sh--w- c:\windows\system32\AI_RecycleBin
2014-04-06 22:12 . 2014-04-12 20:03 -------- d-----w- c:\users\Chaos\AppData\Local\PMB Files
2014-04-06 22:12 . 2014-04-12 20:03 -------- d-----w- c:\programdata\PMB Files
2014-04-06 22:12 . 2014-04-06 22:12 -------- d-----w- c:\program files\Pando Networks
2014-04-06 22:11 . 2014-04-06 22:12 -------- d-----w- c:\users\Chaos\AppData\Roaming\Riot Games
2014-04-06 16:46 . 2014-04-06 16:46 -------- d-----w- c:\program files\Infogrames
2014-04-06 16:45 . 2002-12-05 12:10 155648 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2014-04-06 16:45 . 2002-12-02 13:22 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2014-04-06 16:45 . 2002-12-02 11:33 57344 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2014-04-06 16:45 . 2002-12-02 11:33 32768 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2014-04-06 16:45 . 2002-12-02 11:33 237568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2014-04-06 16:45 . 2002-12-05 12:12 692224 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2014-04-06 16:44 . 2014-04-06 16:44 282756 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2014-04-06 16:44 . 2014-04-06 16:44 163972 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2014-04-05 10:45 . 2014-04-05 10:45 -------- d-----w- c:\program files\Pro Pinball
2014-04-03 08:39 . 2014-04-03 08:39 -------- d-----w- c:\users\Chaos\AppData\Local\Electronic Arts
2014-04-02 17:40 . 2014-04-02 17:46 -------- d-----w- c:\users\Chaos\AppData\Roaming\Notepad++
2014-04-02 17:39 . 2014-04-02 17:39 -------- d-----w- C:\Neuer Ordner
2014-03-31 13:10 . 2014-03-31 13:10 -------- d-----w- c:\program files\InterActual
2014-03-30 09:57 . 2014-03-30 09:57 -------- d-----w- c:\program files\SCOL
2014-03-30 09:52 . 2014-03-30 09:57 -------- d-----w- c:\program files\Scotland Yard
2014-03-30 09:50 . 2014-03-30 09:50 -------- d-----w- C:\SCOL
2014-03-30 09:49 . 1998-01-23 10:22 304128 ----a-w- c:\windows\IsUninst.exe
2014-03-29 20:39 . 2014-04-15 16:31 -------- d-----w- c:\users\Chaos\AppData\Local\TSVNCache
2014-03-29 19:58 . 2014-03-29 19:58 -------- d-----w- c:\users\Chaos\AppData\Roaming\TortoiseSVN
2014-03-29 19:58 . 2014-03-29 19:58 -------- d-----w- c:\users\Chaos\AppData\Roaming\Subversion
2014-03-29 19:56 . 2014-03-29 19:57 -------- d-----w- c:\program files\TortoiseSVN
2014-03-29 19:56 . 2014-03-29 19:56 -------- d-----w- c:\program files\Common Files\TortoiseOverlays
2014-03-25 20:36 . 2014-03-25 20:37 -------- d-----w- c:\users\Chaos\AppData\Local\Sniper Elite Zombie Army 2
2014-03-24 18:52 . 2014-03-24 19:22 -------- d-----w- c:\users\Chaos\AppData\Local\ESN Sonar
2014-03-24 15:51 . 2014-03-24 15:51 -------- d-----w- c:\users\Chaos\AppData\Local\Skype
2014-03-23 17:07 . 2014-03-23 17:17 -------- d-----w- c:\users\Chaos\AppData\Roaming\Meine Die Schlacht um Mittelerde™ II-Dateien
2014-03-23 10:03 . 2014-03-23 17:42 -------- d-----w- c:\users\Chaos\AppData\Roaming\Meine Der Herr der Ringe™, Aufstieg des Hexenkönigs™-Dateien
2014-03-22 18:15 . 2014-03-22 18:15 -------- d-----w- c:\program files\CDCheck
2014-03-16 19:36 . 2014-04-13 22:06 -------- d-----w- c:\users\Chaos\AppData\Roaming\FileZilla
2014-03-16 19:36 . 2014-04-11 14:32 -------- d-----w- c:\program files\FileZilla FTP Client
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-09 13:35 . 2013-12-15 21:09 138056 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2014-04-09 13:35 . 2013-12-15 21:09 138056 ----a-w- c:\users\Chaos\AppData\Roaming\PnkBstrK.sys
2014-04-09 13:35 . 2013-12-15 21:09 189248 ----a-w- c:\windows\system32\PnkBstrB.exe
2014-04-09 13:35 . 2013-12-15 21:09 189248 ----a-w- c:\windows\system32\PnkBstrB.ex0
2014-04-09 13:35 . 2013-12-15 21:09 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2014-04-05 12:54 . 2014-03-06 11:15 280904 ----a-w- c:\windows\system32\PnkBstrB.xtr
2014-03-31 07:35 . 2013-10-12 18:28 231584 ------w- c:\windows\system32\MpSigStub.exe
2014-03-12 19:10 . 2013-10-12 18:26 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-03-12 19:10 . 2013-10-12 18:26 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-11 07:52 . 2013-09-27 08:53 104264 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2014-02-26 11:34 . 2014-02-26 11:34 140664 ----a-r- c:\users\Chaos\AppData\Roaming\Microsoft\Installer\{580AEA6C-E35C-4470-818F-0F0A083EE1AD}\NewShortcut32_2E5D39767F054810B83C83055B807C9B.exe
2014-02-26 11:34 . 2014-02-26 11:34 140664 ----a-r- c:\users\Chaos\AppData\Roaming\Microsoft\Installer\{580AEA6C-E35C-4470-818F-0F0A083EE1AD}\NewShortcut31_B73A0743FB134C4FB6C20785375EEA87.exe
2014-02-26 11:34 . 2014-02-26 11:34 140664 ----a-r- c:\users\Chaos\AppData\Roaming\Microsoft\Installer\{580AEA6C-E35C-4470-818F-0F0A083EE1AD}\NewShortcut161_93A99C3B61474B5EBFCC517073898C1A.exe
2014-02-26 11:34 . 2014-02-26 11:34 140664 ----a-r- c:\users\Chaos\AppData\Roaming\Microsoft\Installer\{580AEA6C-E35C-4470-818F-0F0A083EE1AD}\ARPPRODUCTICON.exe
2014-02-07 10:38 . 2014-03-12 17:49 2050560 ----a-w- c:\windows\system32\win32k.sys
2014-02-03 10:37 . 2014-03-12 17:49 505344 ----a-w- c:\windows\system32\qedit.dll
2014-01-30 07:46 . 2014-03-12 17:48 876032 ----a-w- c:\windows\system32\wer.dll
2014-01-24 23:19 . 2014-01-24 23:19 231960 ----a-w- c:\windows\system32\drivers\MpFilter.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Installer"="c:\program files\CheckPoint\Install\Launcher.exe" [2014-04-13 435848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" -osboot
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "c:\programdata\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - MPKSLB7668738
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-04-08 21:45 1077576 ----a-w- c:\program files\Google\Chrome\Application\34.0.1847.116\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-04-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-12 19:10]
.
2014-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-10-12 12:57]
.
2014-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-10-12 12:57]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p23_serp_ie_de_display?ie=UTF8&tagbase=bds-p23&tbrId=v1_abb-channel-23_ab05ecf424094889917629fe99e7a7a4_39_1006_20131019_DE_ie_sp_
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=026eb550-70ca-0627-a2c3-9e18f96de028&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=09/01/2014&type=hp1000
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Chaos\AppData\Roaming\Mozilla\Firefox\Profiles\m44lhb7g.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p23_serp_ff_de_display?ie=UTF8&tagbase=bds-p23&tbrId=v1_abb-channel-23_ab05ecf424094889917629fe99e7a7a4_39_1006_20131019_DE_ff_sp_
FF - prefs.js: keyword.URL - hxxp://search.zonealarm.com/search?src=sp&tbid=HFA5&Lan=de&gu=3116355a4a3d46799656bd523f45b98c&tu=10G9z00DR1D03M0&sku=&tstsId=&ver=&&q=
FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?src=tb&tbid=HFA5&Lan={dfltLng}&gu=3116355a4a3d46799656bd523f45b98c&tu=10G9z00DR1D03M0&sku=&tstsId=&ver=&&q=
FF - user.js: extensions.zonealarm.id - 50dafc6500000000000000ff290e3ad9
FF - user.js: extensions.zonealarm.appId - {C56C48A0-DA4E-46F6-9859-1553DC865F84}
FF - user.js: extensions.zonealarm.instlDay - 16173
FF - user.js: extensions.zonealarm.vrsn - 1.8.29.17
FF - user.js: extensions.zonealarm.vrsni - 1.8.29.17
FF - user.js: extensions.zonealarm.vrsnTs - 1.8.29.1714:54
FF - user.js: extensions.zonealarm.prtnrId - checkpoint
FF - user.js: extensions.zonealarm.prdct - zonealarm
FF - user.js: extensions.zonealarm.aflt - 1001
FF - user.js: extensions.zonealarm.smplGrp - NewUSR
FF - user.js: extensions.zonealarm.tlbrId - HFA5
FF - user.js: extensions.zonealarm.instlRef - ZLN122667745103209-1001
FF - user.js: extensions.zonealarm.dfltLng - de
FF - user.js: extensions.zonealarm.excTlbr - false
FF - user.js: extensions.zonealarm.ffxUnstlRst - false
FF - user.js: extensions.zonealarm.admin - false
FF - user.js: extensions.zonealarm.autoRvrt - false
FF - user.js: extensions.zonealarm.rvrt - false
FF - user.js: extensions.zonealarm.dfltSrch - true
FF - user.js: extensions.zonealarm.srchPrvdr - Search By ZoneAlarm
FF - user.js: extensions.zonealarm.kw_url - hxxp://search.zonealarm.com/search?src=sp&tbid=HFA5&Lan=de&gu=3116355a4a3d46799656bd523f45b98c&tu=10G9z00DR1D03M0&sku=&tstsId=&ver=&&q=
FF - user.js: extensions.zonealarm.dnsErr - true
FF - user.js: extensions.zonealarm.newTab - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
c:\users\Chaos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-Amazon Browser Settings - c:\program files\Amazon Browser Bar\uninstall.exe
AddRemove-Bochs 2.6.2 - c:\program files\Bochs-2.6.2\Uninstall.exe
AddRemove-Build and Shoot Launcher - c:\program files\Build and Shoot\uninst.exe
AddRemove-LUXOR Evolved - c:\program files\MumboJumbo\LUXOR Evolved\uninstall.exe
AddRemove-Myst Masterpiece Edition - c:\windows\IsUn0407.exe
AddRemove-Origin - c:\program files\Origin\OriginUninstall.exe
AddRemove-{7E265513-8CDA-4631-B696-F40D983F3B07}_is1 - c:\program files\CDBurnerXP\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2014-04-15 18:54
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-04-15 18:56:13
ComboFix-quarantined-files.txt 2014-04-15 16:56
.
Vor Suchlauf: 13 Verzeichnis(se), 52.543.275.008 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 52.937.965.568 Bytes frei
.
- - End Of File - - 9AAB0FDA03DDA6DB3CE86AB1CAAEF722
5C616939100B85E558DA92B899A0FC36
Florian.K |
|
16.04.2014, 18:50
| #6 |
| /// the machine /// TB-Ausbilder | Windows Vista SP2: Kein Zugriff mehr auf viele Programme. Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> Windows Vista SP2: Kein Zugriff mehr auf viele Programme. |
|
16.04.2014, 21:59
| #7 |
| |  Windows Vista SP2: Kein Zugriff mehr auf viele Programme. Guten Tag Schrauber! Wie du gesagt hast, habe ich alle Programme ihre Scans machen lassen, und zum Glück hat auch alles soweit geklappt! Da die Logs zu lang sind habe, ich wie in der Checkliste geschrieben ist, alle in einer RAR Datei verpackt und als Anhang angefügt. |
|
17.04.2014, 14:01
| #8 |
| /// the machine /// TB-Ausbilder | Windows Vista SP2: Kein Zugriff mehr auf viele Programme. Hi, Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen. Ich kann auf Arbeit keine Anhänge öffnen, danke.  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Windows Vista SP2: Kein Zugriff mehr auf viele Programme. |
| 4d36e972-e325-11ce-bfc1-08002be10318, acrobat update, adobe, antivierenprogramm, antivirus, branding, checkliste, defender, dvdvideosoft ltd., email, excel, failed, fehlermeldung, firefox, flash player, ftp, hijack, home, homepage, install.exe, minidump, mozilla, msiinstaller, problem, registry, robot, rundll, scan, security, services.exe, software, svchost.exe, teamspeak, tracker, virus, vista, windows |
Linear-Darstellung
