|
Ich brauch dringend hilfe bei einem Trojaner Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-10-2013 Ran by Steffen at 2013-10-08 22:16:10 Running from C:\Users\Steffen\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: AVG AntiVirus Free Edition 2013 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Norton Internet Security (Disabled - Out of date) {63DF5164-9100-186D-2187-8DC619EFD8BF} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: AVG AntiVirus Free Edition 2013 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664} AS: Norton Internet Security (Disabled - Out of date) {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Norton Internet Security (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} FW: AVG update module (Disabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2} ==================== Installed Programs ====================== Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117) Adobe Shockwave Player 11.6 (x32 Version: 11.6.5.635) AMD Accelerated Video Transcoding (Version: 12.10.100.30320) AMD APP SDK Runtime (Version: 10.0.1124.2) AVG 2013 (Version: 13.0.3222) AVG 2013 (Version: 13.0.3408) AVG 2013 (Version: 2013.0.3408) Camtasia Studio 8 (x32 Version: 8.0.4.1060) Canon MG5200 series MP Drivers Catalyst Control Center - Branding (x32 Version: 1.00.0000) Catalyst Control Center (x32 Version: 2013.0320.2223.38347) Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0320.2223.38347) Catalyst Control Center Localization All (x32 Version: 2013.0320.2223.38347) CCC Help Chinese Standard (x32 Version: 2013.0320.2222.38347) CCC Help Chinese Traditional (x32 Version: 2013.0320.2222.38347) CCC Help Czech (x32 Version: 2013.0320.2222.38347) CCC Help Danish (x32 Version: 2013.0320.2222.38347) CCC Help Dutch (x32 Version: 2013.0320.2222.38347) CCC Help English (x32 Version: 2013.0320.2222.38347) CCC Help Finnish (x32 Version: CCC Help French (x32 Version: 2013.0320.2222.38347) CCC Help German (x32 Version: 2013.0320.2222.38347) CCC Help Greek (x32 Version: 2013.0320.2222.38347) CCC Help Hungarian (x32 Version: 2013.0320.2222.38347) CCC Help Italian (x32 Version: 2013.0320.2222.38347) CCC Help Japanese (x32 Version: 2013.0320.2222.38347) CCC Help Korean (x32 Version: 2013.0320.2222.38347) CCC Help Norwegian (x32 Version: 2013.0320.2222.38347) CCC Help Polish (x32 Version: 2013.0320.2222.38347) CCC Help Portuguese (x32 Version: 2013.0320.2222.38347) CCC Help Russian (x32 Version: 2013.0320.2222.38347) CCC Help Spanish (x32 Version: 2013.0320.2222.38347) CCC Help Swedish (x32 Version: 2013.0320.2222.38347) CCC Help Thai (x32 Version: 2013.0320.2222.38347) CCC Help Turkish (x32 Version: 2013.0320.2222.38347) ccc-utility64 (Version: 2013.0320.2223.38347) Compatibility Pack für 2007 Office System (x32 Version: 12.0.6612.1000) CyberLink LabelPrint (x32 Version: 2.5.3.6326) CyberLink Media Suite 10 (x32 Version: 10.0.3.2608) CyberLink PhotoDirector (x32 Version: 2.0.2.3317) CyberLink Power2Go 8 (x32 Version: 8.0.3.2527) CyberLink PowerDirector 10 (x32 Version: 10.0.1.1925) CyberLink PowerDVD (x32 Version: 10.0.6.4319) CyberLink YouCam (x32 Version: 3.5.6.6119) D3DX10 (x32 Version: 15.4.2368.0902) DriverTurbo (x32 Version: 3.0.0) Energy Star (Version: 1.0.8) Facebook Video Calling 1.2.0.287 (x32 Version: 1.2.287) Fraps (remove only) (x32) GIMP 2.8.4 (Version: 2.8.4) Google Chrome (HKCU Version: 30.0.1599.69) Grand Theft Auto: San Andreas (x32) Hewlett-Packard ACLM.NET v1.2.0.0 (x32 Version: 1.00.0000) HP 3D DriveGuard (Version: 4.2.9.1) HP Connected Music (Meridian - installer) (x32 Version: v1.0) HP CoolSense (x32 Version: 2.10.51) HP Customer Experience Enhancements (x32 Version: 6.0.1.7) HP Documentation (x32 Version: 1.1.0.0) HP Postscript Converter (Version: 3.1.3554) HP Quick Launch (x32 Version: 3.0.6) HP Recovery Manager (x32 Version: 7.00) HP Registration Service (Version: 1.0.5976.4186) HP Software Framework (x32 Version: 4.6.10.1) HP Support Assistant (x32 Version: 7.0.32.44) HP Utility Center (x32 Version: 1.0.7) HP Wireless Button Driver (x32 Version: 1.0.6.1) IB Updater 2.0.0.574 (Version: 2.0.0.574) IDT Audio (x32 Version: 1.0.6425.0) Intel(R) Display Audio Driver (x32 Version: 6.14.00.3097) Intel(R) Management Engine Components (x32 Version: 8.1.0.1252) Intel® Trusted Connect Service Client (Version: 1.24.388.1) Java 7 Update 25 (x32 Version: 7.0.250) Java Auto Updater (x32 Version: 2.1.9.5) Livestream Procaster (x32 Version: 20.3.25) LogMeIn Hamachi (x32 Version: 2.2.0.58) Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.2.3.0) Microsoft Office (x32 Version: 14.0.6120.5004) Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003) Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1) Microsoft Office Professional Edition 2003 (x32 Version: 11.0.8173.0) Microsoft Silverlight (Version: 5.1.20513.0) Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.50727.42) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219) Movies Toolbar for Firefox (Dist. by Somoto Ltd.) (x32 Version: 1.6.2.0) Movies Toolbar for Internet Explorer (Dist. by Somoto Ltd.) (x32 Version: 1.6.2.0) MSVCRT (x32 Version: 15.4.2862.0708) MSVCRT Redists (Version: 1.0) MSVCRT Redists (x32 Version: 1.0) MSXML 4.0 SP2 Parser und SDK (x32 Version: 4.20.9818.0) MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0) MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0) MTA:SA v1.3.4 (x32 Version: v1.3.4) Norton Internet Security (x32 Version: 20.4.0.40) OpenAL (x32) Pando Media Booster (x32 Version: 2.6.0.9) PAYDAY 2 (x32) Pokki (HKCU Version: 0.262.11.378) PriceGong 2.6.4 (x32 Version: 2.6.4) PrivitizeVPN (x32 Version: 1.0.0) PX Profile Update (x32 Version: 1.00.1.) Ralink RT5390R 802.11bgn Wi-Fi Adapter (x32 Version: 5.0.2.0) Rapture3D 2.3.22 Game (x32) Realtek Ethernet Controller Driver (x32 Version: 8.3.730.2012) Realtek PCIE Card Reader (x32 Version: 6.2.8400.29029) Skype Click to Call (x32 Version: 6.3.11079) Skype™ 6.1 (x32 Version: 6.1.129) SpyHunter (Version: 4.15.1.4270) Steam (x32 Version: 1.0.0.0) SweetIM for Messenger 3.7 (x32 Version: 3.7.0005) swMSM (x32 Version: 12.0.0.1) Synaptics Pointing Device Driver (Version: 16.5.3.3) TeamSpeak 3 Client (HKCU Version: 3.0.11.1) Trojan Killer (x32 Version: 2.1.8.9) TuneUp Utilities 2013 (x32 Version: 13.0.2020.4) TuneUp Utilities Language Pack (de-DE) (x32 Version: 13.0.2020.4) Unity Web Player (HKCU Version: ) Wajam (x32 Version: 1.91) Windows Live Communications Platform (x32 Version: 15.4.3502.0922) Windows Live Essentials (x32 Version: 15.4.3502.0922) Windows Live Essentials (x32 Version: 15.4.3555.0308) Windows Live Fotogalerie (x32 Version: 15.4.3502.0922) Windows Live Installer (x32 Version: 15.4.3502.0922) Windows Live Language Selector (Version: 15.4.3555.0308) Windows Live Movie Maker (x32 Version: 15.4.3502.0922) Windows Live Photo Common (x32 Version: 15.4.3502.0922) Windows Live Photo Gallery (x32 Version: 15.4.3502.0922) Windows Live PIMT Platform (x32 Version: 15.4.3508.1109) Windows Live SOXE (x32 Version: 15.4.3502.0922) Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922) Windows Live UX Platform (x32 Version: 15.4.3502.0922) Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109) Windows Live Writer (x32 Version: 15.4.3502.0922) Windows Live Writer Resources (x32 Version: 15.4.3502.0922) WinRAR 4.20 (32-Bit) (x32 Version: 4.20.0) XSplit Broadcaster (x32 Version: 1.3.1309.1602) ==================== Restore Points ========================= 20-09-2013 16:06:23 Windows Update 07-10-2013 16:19:20 Windows Update 08-10-2013 17:47:20 Removed Facebook Video Calling 1.2.0.287 ==================== Hosts content: ========================== 2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {001E8A36-ACA6-4076-886A-85A613F5AD2E} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe [2013-06-04] (Symantec Corporation) Task: {09D51968-26EC-4BFD-BB3A-BDAC0B0316C5} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-08] (CyberLink) Task: {13909A58-38CF-4E1B-995A-FD3B21D19BC8} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-07-24] (CyberLink Corp.) Task: {1AC0C2BA-E565-4C18-BCBA-75E6992406FD} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe [2013-06-04] (Symantec Corporation) Task: {2C334C63-7A5C-4AA6-80A2-F0D5E62C641E} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\WSCStub.exe [2013-06-04] (Symantec Corporation) Task: {334A57F1-F319-4B65-B5A0-5867373396C0} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2013-08-16] (Microsoft Corporation) Task: {4BFD2ECB-3A22-44C5-ACD7-F9DA3ABBE636} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe Task: {5141BCFA-8652-4407-8499-2C573196A6CF} - System32\Tasks\{E6ED4AE8-552C-4EE6-B483-3E76AB8C62BC} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.3.0.105/de/go/help.faq.installer?LastError=1618 Task: {54384207-27EB-4581-8992-22583BCE5879} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2012-09-20] (Microsoft Corporation) Task: {5D438C0D-82A5-460E-95E6-C376DB414195} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-08] (Adobe Systems Incorporated) Task: {71DE6D24-3ABC-4400-97B1-C690CBF9183C} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [2013-07-17] (Enigma Software Group USA, LLC.) Task: {75A6193B-2F57-4E7A-AE86-97CECF7D667C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-10] (Hewlett-Packard Company) Task: {A0E2D88C-AA70-4B7F-B7E5-20E9D3F9C7E4} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2013\OneClick.exe [2012-09-19] (TuneUp Software) Task: {B0B25E13-E376-4E5E-9874-D82E4A012B6F} - System32\Tasks\0 => Iexplore.exe Task: {C354786E-D57B-41C3-830B-37C45A3DAC55} - System32\Tasks\{67F99235-3479-44CC-9165-41AF58C7578C} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.3.0.105/de/go/help.faq.installer?LastError=1618 Task: {D9CBE369-FEA3-4D20-B5BA-8C1C7E0460C4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-10] (Hewlett-Packard Company) Task: {E34E3BAE-3703-491C-B627-0338D3262530} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-08-07] (Hewlett-Packard Company) Task: {E9CAD8CE-0F3F-4600-84AF-773846A20EFF} - System32\Tasks\4896 => C:\Users\Steffen\AppData\Local\Temp\launchie.vbsC:\Users\Steffen\AppData\Local\Temp\launchie.vbs //B Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1511950678-379215580-886294624-1001Core.job => C:\Users\Steffen\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1511950678-379215580-886294624-1001Core1ceb176a28e0886.job => C:\Users\Steffen\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\HPCeeScheduleForSteffen.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe ==================== Loaded Modules (whitelisted) ============= 2013-06-02 10:22 - 2013-06-02 10:22 - 00176048 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll 2012-07-25 22:08 - 2012-07-25 22:08 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2013-07-03 20:28 - 2012-06-08 05:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll 2012-06-08 11:34 - 2012-06-08 11:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll 2013-08-21 14:18 - 2013-08-22 00:18 - 00687104 _____ () C:\Program Files (x86)\Steam\SDL2.dll 2013-09-06 12:55 - 2013-10-05 02:54 - 01121704 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL 2013-08-07 11:31 - 2013-09-11 00:20 - 20625832 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll 2013-06-14 15:49 - 2013-06-15 01:49 - 01100800 _____ () C:\Program Files (x86)\Steam\bin\avcodec-53.dll 2013-06-14 15:49 - 2013-06-15 01:49 - 00124416 _____ () C:\Program Files (x86)\Steam\bin\avutil-51.dll 2013-06-14 15:49 - 2013-06-15 01:49 - 00192000 _____ () C:\Program Files (x86)\Steam\bin\avformat-53.dll 2012-09-08 03:25 - 2012-06-25 20:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll 2013-03-08 07:17 - 2013-03-08 07:17 - 07816192 _____ () C:\Program Files (x86)\SplitMediaLabs\XSplit\avcodec-54.dll 2013-03-08 07:17 - 2013-03-08 07:17 - 01425920 _____ () C:\Program Files (x86)\SplitMediaLabs\XSplit\avformat-54.dll 2013-03-08 07:17 - 2013-03-08 07:17 - 00188416 _____ () C:\Program Files (x86)\SplitMediaLabs\XSplit\avutil-52.dll 2013-03-08 07:17 - 2013-03-08 07:17 - 00336896 _____ () C:\Program Files (x86)\SplitMediaLabs\XSplit\swscale-2.dll 2013-03-08 07:17 - 2013-03-08 07:17 - 00096256 _____ () C:\Program Files (x86)\SplitMediaLabs\XSplit\swresample-0.dll 2013-06-18 17:30 - 2012-05-30 08:51 - 00699280 ____R () C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.4.0.40\wincfi39.dll 2013-10-07 23:16 - 2013-10-03 08:03 - 04055504 _____ () C:\Users\Steffen\AppData\Local\Google\Chrome\Application\30.0.1599.69\pdf.dll 2013-10-07 23:16 - 2013-10-03 08:03 - 00415184 _____ () C:\Users\Steffen\AppData\Local\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll 2013-10-07 23:16 - 2013-10-03 08:02 - 01604560 _____ () C:\Users\Steffen\AppData\Local\Google\Chrome\Application\30.0.1599.69\ffmpegsumo.dll 2013-10-07 23:16 - 2013-10-03 08:03 - 13611984 _____ () C:\Users\Steffen\AppData\Local\Google\Chrome\Application\30.0.1599.69\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service" ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (10/08/2013 09:41:44 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: Multi Theft Auto.exe, Version: 1.3.3.0, Zeitstempel: 0x520474c1 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16578, Zeitstempel: 0x515fac6e Ausnahmecode: 0xc0000005 Fehleroffset: 0x00051e8a ID des fehlerhaften Prozesses: 0x7d8 Startzeit der fehlerhaften Anwendung: 0xMulti Theft Auto.exe0 Pfad der fehlerhaften Anwendung: Multi Theft Auto.exe1 Pfad des fehlerhaften Moduls: Multi Theft Auto.exe2 Berichtskennung: Multi Theft Auto.exe3 Vollständiger Name des fehlerhaften Pakets: Multi Theft Auto.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Multi Theft Auto.exe5 Error: (10/08/2013 09:37:22 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: Multi Theft Auto.exe, Version: 1.3.3.0, Zeitstempel: 0x520474c1 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16578, Zeitstempel: 0x515fac6e Ausnahmecode: 0xc0000005 Fehleroffset: 0x00051e0a ID des fehlerhaften Prozesses: 0x1c28 Startzeit der fehlerhaften Anwendung: 0xMulti Theft Auto.exe0 Pfad der fehlerhaften Anwendung: Multi Theft Auto.exe1 Pfad des fehlerhaften Moduls: Multi Theft Auto.exe2 Berichtskennung: Multi Theft Auto.exe3 Vollständiger Name des fehlerhaften Pakets: Multi Theft Auto.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Multi Theft Auto.exe5 Error: (10/08/2013 09:33:30 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: ccSvcHst.exe, Version: 12.3.3.2, Zeitstempel: 0x519ab0d3 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16578, Zeitstempel: 0x515fac6e Ausnahmecode: 0xc0000374 Fehleroffset: 0x000daa3c ID des fehlerhaften Prozesses: 0x2e0 Startzeit der fehlerhaften Anwendung: 0xccSvcHst.exe0 Pfad der fehlerhaften Anwendung: ccSvcHst.exe1 Pfad des fehlerhaften Moduls: ccSvcHst.exe2 Berichtskennung: ccSvcHst.exe3 Vollständiger Name des fehlerhaften Pakets: ccSvcHst.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ccSvcHst.exe5 Error: (10/08/2013 09:22:30 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: GTA_SA.EXE, Version: 0.0.0.0, Zeitstempel: 0x437101ca Name des fehlerhaften Moduls: atiumdva.dll, Version: 8.14.10.363, Zeitstempel: 0x501a0665 Ausnahmecode: 0xc0000005 Fehleroffset: 0x001c9c69 ID des fehlerhaften Prozesses: 0x1bdc Startzeit der fehlerhaften Anwendung: 0xGTA_SA.EXE0 Pfad der fehlerhaften Anwendung: GTA_SA.EXE1 Pfad des fehlerhaften Moduls: GTA_SA.EXE2 Berichtskennung: GTA_SA.EXE3 Vollständiger Name des fehlerhaften Pakets: GTA_SA.EXE4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: GTA_SA.EXE5 Error: (10/08/2013 09:22:28 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: GTA_SA.EXE, Version: 0.0.0.0, Zeitstempel: 0x437101ca Name des fehlerhaften Moduls: atiumdva.dll, Version: 8.14.10.363, Zeitstempel: 0x501a0665 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00011873 ID des fehlerhaften Prozesses: 0x1bdc Startzeit der fehlerhaften Anwendung: 0xGTA_SA.EXE0 Pfad der fehlerhaften Anwendung: GTA_SA.EXE1 Pfad des fehlerhaften Moduls: GTA_SA.EXE2 Berichtskennung: GTA_SA.EXE3 Vollständiger Name des fehlerhaften Pakets: GTA_SA.EXE4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: GTA_SA.EXE5 Error: (10/08/2013 09:20:26 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: GTA_SA.EXE, Version: 0.0.0.0, Zeitstempel: 0x437101ca Name des fehlerhaften Moduls: atiumdva.dll, Version: 8.14.10.363, Zeitstempel: 0x501a0665 Ausnahmecode: 0xc0000005 Fehleroffset: 0x001c9c69 ID des fehlerhaften Prozesses: 0x1378 Startzeit der fehlerhaften Anwendung: 0xGTA_SA.EXE0 Pfad der fehlerhaften Anwendung: GTA_SA.EXE1 Pfad des fehlerhaften Moduls: GTA_SA.EXE2 Berichtskennung: GTA_SA.EXE3 Vollständiger Name des fehlerhaften Pakets: GTA_SA.EXE4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: GTA_SA.EXE5 Error: (10/08/2013 09:20:24 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: GTA_SA.EXE, Version: 0.0.0.0, Zeitstempel: 0x437101ca Name des fehlerhaften Moduls: atiumdva.dll, Version: 8.14.10.363, Zeitstempel: 0x501a0665 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00011873 ID des fehlerhaften Prozesses: 0x1378 Startzeit der fehlerhaften Anwendung: 0xGTA_SA.EXE0 Pfad der fehlerhaften Anwendung: GTA_SA.EXE1 Pfad des fehlerhaften Moduls: GTA_SA.EXE2 Berichtskennung: GTA_SA.EXE3 Vollständiger Name des fehlerhaften Pakets: GTA_SA.EXE4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: GTA_SA.EXE5 Error: (10/08/2013 09:12:53 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: STEFFEN) Description: Die App „microsoft.microsoftskydrive_8wekyb3d8bbwe!Microsoft.MicrosoftSkyDrive“ wurde nicht innerhalb der vorgesehenen Zeit gestartet. Error: (10/08/2013 09:10:37 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: GTA_SA.EXE, Version: 0.0.0.0, Zeitstempel: 0x437101ca Name des fehlerhaften Moduls: atiumdva.dll, Version: 8.14.10.363, Zeitstempel: 0x501a0665 Ausnahmecode: 0xc0000005 Fehleroffset: 0x001c9c69 ID des fehlerhaften Prozesses: 0x1be8 Startzeit der fehlerhaften Anwendung: 0xGTA_SA.EXE0 Pfad der fehlerhaften Anwendung: GTA_SA.EXE1 Pfad des fehlerhaften Moduls: GTA_SA.EXE2 Berichtskennung: GTA_SA.EXE3 Vollständiger Name des fehlerhaften Pakets: GTA_SA.EXE4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: GTA_SA.EXE5 Error: (10/08/2013 09:10:35 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: GTA_SA.EXE, Version: 0.0.0.0, Zeitstempel: 0x437101ca Name des fehlerhaften Moduls: atiumdva.dll, Version: 8.14.10.363, Zeitstempel: 0x501a0665 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00011873 ID des fehlerhaften Prozesses: 0x1be8 Startzeit der fehlerhaften Anwendung: 0xGTA_SA.EXE0 Pfad der fehlerhaften Anwendung: GTA_SA.EXE1 Pfad des fehlerhaften Moduls: GTA_SA.EXE2 Berichtskennung: GTA_SA.EXE3 Vollständiger Name des fehlerhaften Pakets: GTA_SA.EXE4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: GTA_SA.EXE5 System errors: ============= Error: (10/08/2013 08:29:49 PM) (Source: Service Control Manager) (User: ) Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error: (10/08/2013 08:29:46 PM) (Source: Service Control Manager) (User: ) Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error: (10/08/2013 02:48:03 PM) (Source: Service Control Manager) (User: ) Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error: (10/08/2013 02:47:59 PM) (Source: Service Control Manager) (User: ) Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error: (10/08/2013 02:47:56 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Wsys Service" wurde nicht richtig gestartet. Error: (10/08/2013 02:47:03 PM) (Source: EventLog) (User: ) Description: Das System wurde zuvor am 08.10.2013 um 14:15:42 unerwartet heruntergefahren. Error: (10/08/2013 02:16:39 PM) (Source: Service Control Manager) (User: ) Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error: (10/08/2013 02:16:36 PM) (Source: Service Control Manager) (User: ) Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error: (10/08/2013 02:16:35 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Wsys Service" wurde nicht richtig gestartet. Error: (10/08/2013 02:14:29 PM) (Source: Service Control Manager) (User: ) Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Microsoft Office Sessions: ========================= Error: (10/08/2013 09:41:44 PM) (Source: Application Error)(User: ) Description: Multi Theft Auto.exe1.3.3.0520474c1ntdll.dll6.2.9200.16578515fac6ec000000500051e8a7d801cec45e6a88b37eC:\Program Files (x86)\MTA San Andreas 1.3\Multi Theft Auto.exeC:\Windows\SYSTEM32\ntdll.dlla8c912df-3051-11e3-bf85-28924a49a2c0 Error: (10/08/2013 09:37:22 PM) (Source: Application Error)(User: ) Description: Multi Theft Auto.exe1.3.3.0520474c1ntdll.dll6.2.9200.16578515fac6ec000000500051e0a1c2801cec45dcdeb9cb8C:\Program Files (x86)\MTA San Andreas 1.3\Multi Theft Auto.exeC:\Windows\SYSTEM32\ntdll.dll0c974743-3051-11e3-bf85-28924a49a2c0 Error: (10/08/2013 09:33:30 PM) (Source: Application Error)(User: ) Description: ccSvcHst.exe12.3.3.2519ab0d3ntdll.dll6.2.9200.16578515fac6ec0000374000daa3c2e001cec45641ebe277C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exeC:\Windows\SYSTEM32\ntdll.dll8252d6cc-3050-11e3-bf85-28924a49a2c0 Error: (10/08/2013 09:22:30 PM) (Source: Application Error)(User: ) Description: GTA_SA.EXE0.0.0.0437101caatiumdva.dll8.14.10.363501a0665c0000005001c9c691bdc01cec45bba02fa7cC:\Program Files (x86)\Steam\SteamApps\common\Grand Theft Auto San Andreas\GTA_SA.EXEC:\Windows\SYSTEM32\atiumdva.dllf912c8f7-304e-11e3-bf85-28924a49a2c0 Error: (10/08/2013 09:22:28 PM) (Source: Application Error)(User: ) Description: GTA_SA.EXE0.0.0.0437101caatiumdva.dll8.14.10.363501a0665c0000005000118731bdc01cec45bba02fa7cC:\Program Files (x86)\Steam\SteamApps\common\Grand Theft Auto San Andreas\GTA_SA.EXEC:\Windows\SYSTEM32\atiumdva.dllf7dcd3a9-304e-11e3-bf85-28924a49a2c0 Error: (10/08/2013 09:20:26 PM) (Source: Application Error)(User: ) Description: GTA_SA.EXE0.0.0.0437101caatiumdva.dll8.14.10.363501a0665c0000005001c9c69137801cec45b700a9150C:\Program Files (x86)\Steam\SteamApps\common\Grand Theft Auto San Andreas\GTA_SA.EXEC:\Windows\SYSTEM32\atiumdva.dllaef1d765-304e-11e3-bf85-28924a49a2c0 Error: (10/08/2013 09:20:24 PM) (Source: Application Error)(User: ) Description: GTA_SA.EXE0.0.0.0437101caatiumdva.dll8.14.10.363501a0665c000000500011873137801cec45b700a9150C:\Program Files (x86)\Steam\SteamApps\common\Grand Theft Auto San Andreas\GTA_SA.EXEC:\Windows\SYSTEM32\atiumdva.dlladd87e7d-304e-11e3-bf85-28924a49a2c0 Error: (10/08/2013 09:12:53 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: STEFFEN) Description: microsoft.microsoftskydrive_8wekyb3d8bbwe!Microsoft.MicrosoftSkyDrive Error: (10/08/2013 09:10:37 PM) (Source: Application Error)(User: ) Description: GTA_SA.EXE0.0.0.0437101caatiumdva.dll8.14.10.363501a0665c0000005001c9c691be801cec45a11056927C:\Program Files (x86)\Steam\SteamApps\common\Grand Theft Auto San Andreas\GTA_SA.EXEC:\Windows\SYSTEM32\atiumdva.dll4fef118b-304d-11e3-bf85-28924a49a2c0 Error: (10/08/2013 09:10:35 PM) (Source: Application Error)(User: ) Description: GTA_SA.EXE0.0.0.0437101caatiumdva.dll8.14.10.363501a0665c0000005000118731be801cec45a11056927C:\Program Files (x86)\Steam\SteamApps\common\Grand Theft Auto San Andreas\GTA_SA.EXEC:\Windows\SYSTEM32\atiumdva.dll4ee406fb-304d-11e3-bf85-28924a49a2c0 CodeIntegrity Errors: =================================== Date: 2013-07-03 20:37:03.207 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system. Date: 2013-07-03 20:36:06.701 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system. Date: 2013-07-03 20:36:04.118 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system. Date: 2013-07-03 20:35:50.516 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system. Date: 2013-07-03 20:34:05.863 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system. Date: 2013-07-03 20:33:19.607 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system. Date: 2013-07-03 20:31:21.365 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system. Date: 2013-07-03 20:31:11.763 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system. Date: 2013-07-03 20:31:11.738 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system. Date: 2013-07-03 20:30:46.665 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Percentage of memory in use: 38% Total physical RAM: 8084.27 MB Available physical RAM: 4998.63 MB Total Pagefile: 9300.27 MB Available Pagefile: 6010.26 MB Total Virtual: 8192 MB Available Virtual: 8191.77 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:681.83 GB) (Free:589.23 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive d: (RECOVERY) (Fixed) (Total:16.03 GB) (Free:1.77 GB) NTFS ==>[System with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 699 GB) (Disk ID: 11F1E139) Partition: GPT Partition Type ==================== End Of Log ============================ Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013 Ran by Steffen (administrator) on STEFFEN on 08-10-2013 22:15:10 Running from C:\Users\Steffen\Downloads Windows 8 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AVG Technologies CZ, s.r.o.) C:\PROGRA~2\AVG\AVG2013\avgrsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe (Enigma Software Group USA, LLC.) C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE (AMD) C:\Windows\system32\atiesrxx.exe (AMD) C:\Windows\system32\atieclxx.exe (IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe (Hewlett-Packard Company) C:\Windows\system32\Hpservice.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Microsoft Corporation) C:\Windows\system32\dashost.exe () C:\Program Files\IB Updater\ExtensionUpdaterService.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe (Wajam) C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe () C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe (Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE (Facebook Inc.) C:\Users\Steffen\AppData\Local\Facebook\Update\FacebookUpdate.exe (Google Inc.) C:\Users\Steffen\AppData\Local\Google\Update\GoogleUpdate.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (GridinSoft LLC.) C:\Program Files\GridinSoft Trojan Killer\trojankiller.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe (Google Inc.) C:\Users\Steffen\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Steffen\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Steffen\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Steffen\AppData\Local\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\system32\msiexec.exe () C:\Program Files (x86)\Steam\SteamApps\common\Grand Theft Auto San Andreas\samp.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1664000 2013-07-03] (IDT, Inc.) HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3053808 2013-07-03] (Synaptics Incorporated) HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] () Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [18705664 2013-01-08] (Skype Technologies S.A.) HKCU\...\Run: [Pokki] - "%LOCALAPPDATA%\Pokki\Engine\pokki.exe" HKCU\...\Run: [Pando Media Booster] - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [4288048 2013-03-29] () HKCU\...\Run: [Power2GoExpress8] - NA HKCU\...\Run: [Facebook Update] - C:\Users\Steffen\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-08-16] (Facebook Inc.) HKCU\...\Run: [Google Update] - C:\Users\Steffen\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-09-14] (Google Inc.) HKCU\...\Run: [DriverTurbo] - C:\Program Files (x86)\DriverTurbo\DriverTurbo.exe [6525088 2013-04-15] () HKCU\...\Run: [Steam] - C:\Program Files (x86)\Steam\steam.exe [1813928 2013-10-05] (Valve Corporation) HKCU\...\Run: [AVG-Secure-Search-Update_0913b] - C:\Users\Steffen\AppData\Roaming\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid 6917e73c4bcd47d09dc4f9db0cad4b33-165236ff086ec777ed697d8c50b4787792faad1a --CMPID 0913b HKCU\...\Run: [Hostprozess für Windows-Dienste] - C:\Users\Steffen\AppData\Roaming\Microsoft\svchost.exe HKCU\...\Run: [Host Process for Windows Services] - C:\Users\Steffen\AppData\Roaming\Microsoft\svchost.exe HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.) HKLM-x32\...\Run: [HP CoolSense] - C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [SweetIM] - C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe [115032 2012-05-29] (SweetIM Technologies Ltd.) HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411440 2013-08-15] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [PrivitizeVPN] - C:\Program Files (x86)\PrivitizeVPN\PrivitizeVPN.exe [196784 2013-04-17] (OOO Industry) HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-21] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2345296 2013-10-01] (LogMeIn Inc.) AppInit_DLLs: [0 ] () AppInit_DLLs-x32: [0 ] () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=DE&userid=a9b7e8b3-94b0-4b97-805d-ec472c058380&searchtype=ds&q={searchTerms}&installDate=01/01/1970 HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://www.bing.com/search?FORM=BDT3DF&PC=BDT3&dt=091413&q={searchTerms}&src=IE-SearchBox BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO-x32: Shopping Assistant Plugin - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.6.4\PriceGongIE.dll (PriceGong) BHO-x32: IB Updater - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\IB Updater\Extension32.dll () BHO-x32: Movies Toolbar (Dist. by Somoto Ltd.) - {3444c3c5-6c56-4a16-a453-832b05bf6ea4} - C:\PROGRA~2\MOVIES~1\SAFETY~1\SRTOOL~1\IE\searchresultsDx.dll No File BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation) BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Wajam - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam) BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File Toolbar: HKLM-x32 - Claro LTD Toolbar - {9E131A93-EED7-4BEB-B015-A0ADB30B5646} - C:\Program Files (x86)\Claro LTD\claro\1.8.8.5\claroTlbr.dll No File Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation) Toolbar: HKLM-x32 - Movies Toolbar (Dist. by Somoto Ltd.) - {3444c3c5-6c56-4a16-a453-832b05bf6ea4} - C:\PROGRA~2\MOVIES~1\SAFETY~1\SRTOOL~1\IE\searchresultsDx.dll No File Toolbar: HKCU - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} - No File DPF: HKLM-x32 {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.96.0.cab DPF: HKLM-x32 {E55FD215-A32E-43FE-A777-A7E8F165F560} hxxp://download.flatcast.net/objects/NpFv522.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{2994768C-4235-4714-9908-0CAB1EED959B}: [NameServer]8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Steffen\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Steffen\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Steffen\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Steffen\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Plugin HKCU: @www.flatcast.com/FlatViewer 5.2 - C:\Windows\DOWNLO~1\NpFv522.dll (1 mal 1 Software GmbH) FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\IB Updater\Firefox FF Extension: No Name - C:\Program Files\IB Updater\Firefox FF HKLM\...\Firefox\Extensions: [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}] - C:\Program Files\IB Updater\Firefox FF Extension: No Name - C:\Program Files\IB Updater\Firefox FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn\ FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn\ FF HKLM-x32\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\IB Updater\Firefox FF Extension: No Name - C:\Program Files\IB Updater\Firefox FF HKLM-x32\...\Firefox\Extensions: [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}] - C:\Program Files\IB Updater\Firefox FF Extension: No Name - C:\Program Files\IB Updater\Firefox FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFFPlgn\ FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFFPlgn\ FF HKCU\...\Firefox\Extensions: [{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}] - C:\Program Files (x86)\PriceGong\2.6.4\FF FF Extension: PriceGong - C:\Program Files (x86)\PriceGong\2.6.4\FF FF HKCU\...\Firefox\Extensions: [{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}] - C:\Program Files (x86)\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi FF Extension: No Name - C:\Program Files (x86)\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi Chrome: ======= CHR HomePage: hxxp://start.qone8.com/?type=hp&ts=1381196527&from=vtt&uid=ST750LM022XHN-M750MBB_S2SUJ9FC605496 CHR RestoreOnStartup: "https://www.google.de/" CHR Plugin: (Shockwave Flash) - C:\Users\Steffen\AppData\Local\Google\Chrome\Application\30.0.1599.69\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Users\Steffen\AppData\Local\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Users\Steffen\AppData\Local\Google\Chrome\Application\30.0.1599.69\pdf.dll () CHR Plugin: (Intel Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) CHR Plugin: (Intel Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (Unity Player) - C:\Users\Steffen\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Steffen\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) CHR Plugin: (Google Update) - C:\Users\Steffen\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File CHR Plugin: (Flatcast Viewer Plugin 5.2.2.454) - C:\Windows\DOWNLO~1\NpFv522.dll (1 mal 1 Software GmbH) CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll No File CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) CHR Plugin: (Shockwave for Director) - C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) CHR Extension: (Docs) - C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0 CHR Extension: (Google Drive) - C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0 CHR Extension: (YouTube) - C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0 CHR Extension: (Google Search) - C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0 CHR Extension: (Delta Toolbar) - C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.0_0 CHR Extension: (Chrome In-App Payments service) - C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0 CHR Extension: (Gmail) - C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0 CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx CHR HKLM-x32\...\Chrome\Extension: [bkomkajifikmkfnjgphkjcfeepbnojok] - C:\Program Files (x86)\PriceGong\2.6.4\pricegong.crx CHR HKLM-x32\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx CHR HKLM-x32\...\Chrome\Extension: [ifohbjbgfchkkfhphahclmkpgejiplfo] - C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx CHR HKLM-x32\...\Chrome\Extension: [jpmbfleldcgkldadpdinhjjopdfpjfjp] - C:\Users\Steffen\AppData\Local\Wajam\Chrome\wajam.crx CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\Exts\Chrome.crx CHR HKLM-x32\...\Chrome\Extension: [nbmafkdmkkckhggblphicnnhlgljnoje] - C:\Program Files (x86)\TornTV.com\torn2_10.crx CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-07-23] (AVG Technologies CZ, s.r.o.) R2 IB Updater; C:\Program Files\IB Updater\ExtensionUpdaterService.exe [188760 2013-01-29] () R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation) R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation) R2 SpyHunter 4 Service; C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [1025408 2013-07-17] (Enigma Software Group USA, LLC.) R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2365792 2012-09-19] (TuneUp Software) R2 WajamUpdater; C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe [109064 2013-08-12] (Wajam) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21600 2013-03-21] (Advanced Micro Devices, Inc.) S0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36520 2012-09-13] (Advanced Micro Devices, Inc.) S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20912 2012-10-26] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\system32\DRIVERS\avgidsdrivera.sys [154464 2012-10-22] (AVG Technologies CZ, s.r.o. ) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [63328 2012-10-15] (AVG Technologies CZ, s.r.o. ) R1 Avgldx64; C:\Windows\system32\DRIVERS\avgldx64.sys [185696 2012-10-02] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [225120 2012-09-21] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [111968 2012-11-16] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-09-05] (AVG Technologies CZ, s.r.o.) R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [248632 2013-07-18] (AVG Technologies CZ, s.r.o.) R3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20130116.013\BHDrvx64.sys [1388120 2013-01-16] (Symantec Corporation) R3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20130116.013\BHDrvx64.sys [1388120 2013-01-16] (Symantec Corporation) R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys [169048 2013-04-16] (Symantec Corporation) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink) R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-12-24] (Symantec Corporation) R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-12-24] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-12-24] (Symantec Corporation) R3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [13088 2011-03-02] () R2 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2012-06-22] () R3 hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [46136 2013-07-03] (LogMeIn Inc.) R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20130629.001\IDSvia64.sys [513184 2013-06-29] (Symantec Corporation) R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20130629.001\IDSvia64.sys [513184 2013-06-29] (Symantec Corporation) S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20130201.033\ENG64.SYS [126192 2013-01-16] (Symantec Corporation) S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20130201.033\ENG64.SYS [126192 2013-01-16] (Symantec Corporation) S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20130201.033\EX64.SYS [2087664 2013-01-16] (Symantec Corporation) S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20130201.033\EX64.SYS [2087664 2013-01-16] (Symantec Corporation) S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwNe64.sys [11400192 2012-06-02] (Intel Corporation) S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [269968 2012-07-04] (Realtek Semiconductor Corp.) S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2013-07-03] (Synaptics Incorporated) S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation) R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS [36952 2013-03-05] (Symantec Corporation) R3 SymDS; C:\Windows\system32\drivers\NISx64\1404000.028\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation) R3 SymEFA; C:\Windows\system32\drivers\NISx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation) S4 SymELAM; C:\Windows\system32\drivers\NISx64\1404000.028\SymELAM.sys [23448 2012-06-20] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-06-19] (Symantec Corporation) R3 SymIRON; C:\Windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS [224416 2013-03-05] (Symantec Corporation) R3 SymNetS; C:\Windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS [433752 2013-04-25] (Symantec Corporation) R3 TrojanKillerDriver; C:\Windows\System32\DRIVERS\gtkdrv.sys [16640 2013-06-26] (Windows (R) Win 7 DDK provider) R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [11880 2012-09-19] (TuneUp Software) R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.) S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [x] S3 getbus; \??\C:\Users\Steffen\AppData\Local\Temp\getbus.sys [x] S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-10-08 22:15 - 2013-10-08 22:15 - 00000000 ____D C:\FRST 2013-10-08 22:14 - 2013-10-08 22:14 - 01954124 _____ (Farbar) C:\Users\Steffen\Downloads\FRST64.exe 2013-10-08 20:51 - 2013-10-08 21:20 - 00000000 ____D C:\ProgramData\MTA San Andreas All 2013-10-08 20:51 - 2013-10-08 20:51 - 00000000 ____D C:\Program Files (x86)\MTA San Andreas 1.3 2013-10-08 20:40 - 2013-10-08 21:18 - 00000000 ____D C:\Users\Steffen\Documents\GTA San Andreas User Files 2013-10-08 20:31 - 2013-10-08 20:31 - 00000000 _____ C:\autoexec.bat 2013-10-08 20:29 - 2013-10-08 20:29 - 00000126 _____ C:\sh4_service.log 2013-10-08 20:27 - 2013-10-08 20:31 - 00000000 ____D C:\sh4ldr 2013-10-08 20:27 - 2013-10-08 20:27 - 00003332 _____ C:\Windows\System32\Tasks\SpyHunter4Startup 2013-10-08 20:27 - 2013-10-08 20:27 - 00000000 ____D C:\Windows\86CA3695A4124BAE92B649A60C2AC663.TMP 2013-10-08 20:27 - 2013-10-08 20:27 - 00000000 ____D C:\Users\Steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter 2013-10-08 20:27 - 2013-10-08 20:27 - 00000000 ____D C:\Program Files\Enigma Software Group 2013-10-08 20:27 - 2012-06-22 12:01 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys 2013-10-08 20:27 - 2010-08-05 18:01 - 00014680 _____ C:\Windows\system32\sh4native.exe 2013-10-08 20:08 - 2013-10-08 21:31 - 00000000 ____D C:\Program Files\GridinSoft Trojan Killer 2013-10-08 19:00 - 2013-10-08 19:44 - 00000000 ____D C:\Users\Steffen\AppData\Local\WebPlayer 2013-10-08 17:51 - 2013-10-08 17:51 - 00000221 _____ C:\Users\Steffen\Desktop\Grand Theft Auto San Andreas.url 2013-10-08 13:18 - 2013-10-08 13:18 - 00000000 ____D C:\Users\Steffen\AppData\Local\LogMeIn 2013-10-08 13:18 - 2013-10-08 13:18 - 00000000 ____D C:\ProgramData\LogMeIn 2013-10-08 04:44 - 2013-10-08 04:44 - 00000000 ____D C:\Users\Steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\San Andreas Multiplayer 2013-10-08 03:43 - 2013-10-08 19:57 - 00000000 ____D C:\ProgramData\eSafe 2013-10-08 03:30 - 2013-10-08 03:35 - 00000000 ___HD C:\Users\Steffen\Documents\MSDCSC 2013-10-07 18:09 - 2013-10-08 13:18 - 00000000 ____D C:\ProgramData\AVG Security Toolbar 2013-10-07 17:57 - 2013-10-07 17:57 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi 2013-09-27 19:09 - 2013-09-27 19:09 - 00000000 ____D C:\Users\Steffen\Documents\Bus Simulator 2012 Demo 2013-09-27 19:09 - 2013-09-27 19:09 - 00000000 ____D C:\Users\Steffen\AppData\Local\Bus Simulator 2012 Demo 2013-09-26 17:59 - 2013-09-26 17:59 - 00000000 _____ C:\end 2013-09-21 00:49 - 2013-09-21 00:49 - 00000000 ____D C:\Users\Steffen\AppData\Local\SplitMediaLabs 2013-09-21 00:48 - 2013-09-21 00:48 - 00000000 ____D C:\ProgramData\SplitMediaLabs 2013-09-21 00:48 - 2013-09-21 00:48 - 00000000 ____D C:\Program Files (x86)\SplitMediaLabs 2013-09-21 00:47 - 2013-09-21 00:47 - 00000000 ____D C:\Users\Steffen\AppData\Roaming\SplitMediaLabs 2013-09-20 18:09 - 2013-09-20 18:09 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2013-09-20 18:09 - 2013-09-20 18:09 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2013-09-15 12:37 - 2013-10-08 19:47 - 00000000 ____D C:\Users\Steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2013-09-15 12:03 - 2013-10-08 21:53 - 00000000 ____D C:\Program Files (x86)\Steam 2013-09-15 12:03 - 2013-09-15 12:03 - 00000917 _____ C:\Users\Public\Desktop\Steam.lnk 2013-09-15 11:54 - 2013-09-15 11:54 - 00000000 ____D C:\ProgramData\BitGuard 2013-09-15 11:53 - 2013-09-15 11:53 - 00000000 ____D C:\ProgramData\DSearchLink 2013-09-15 11:53 - 2013-09-15 11:53 - 00000000 ____D C:\Program Files (x86)\DriverTurbo 2013-09-15 11:52 - 2013-09-15 11:53 - 00000000 ____D C:\Users\Steffen\AppData\Roaming\DriverTurbo 2013-09-15 11:36 - 2013-09-15 11:36 - 00000992 _____ C:\Windows\svcpack.log 2013-09-15 11:36 - 2013-09-15 11:36 - 00000000 ____D C:\Windows\SysWOW64\CatRoot_bak 2013-09-14 20:43 - 2013-08-02 08:28 - 19758080 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2013-09-14 20:43 - 2013-08-02 07:08 - 17561088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2013-09-14 20:42 - 2013-08-10 07:21 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\SettingSync.dll 2013-09-14 20:42 - 2013-08-10 07:21 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncInfo.dll 2013-09-14 20:42 - 2013-08-10 05:58 - 00356352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSync.dll 2013-09-14 20:42 - 2013-08-03 08:40 - 01374208 _____ (Microsoft Corporation) C:\Windows\system32\wdc.dll 2013-09-14 20:42 - 2013-08-03 08:40 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wvc.dll 2013-09-14 20:42 - 2013-08-03 08:40 - 00462336 _____ (Microsoft Corporation) C:\Windows\system32\sysmon.ocx 2013-09-14 20:42 - 2013-08-03 07:14 - 00399360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sysmon.ocx 2013-09-14 20:42 - 2013-08-03 07:13 - 01245696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdc.dll 2013-09-14 20:42 - 2013-08-03 07:13 - 00437248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wvc.dll 2013-09-14 20:42 - 2013-08-02 08:28 - 10116608 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll 2013-09-14 20:42 - 2013-08-02 08:28 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll 2013-09-14 20:42 - 2013-08-02 08:26 - 02304512 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2013-09-14 20:42 - 2013-08-02 07:08 - 08858112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll 2013-09-14 20:42 - 2013-08-02 07:08 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll 2013-09-14 20:42 - 2013-08-02 07:06 - 02035712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2013-09-14 20:42 - 2013-08-01 12:41 - 02233688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2013-09-14 20:42 - 2013-07-31 01:30 - 00386923 _____ C:\Windows\system32\ApnDatabase.xml 2013-09-14 20:42 - 2013-07-25 01:10 - 00158208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mbsmsapi.dll 2013-09-14 20:42 - 2013-07-25 01:06 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\mbsmsapi.dll 2013-09-14 20:42 - 2013-04-10 01:17 - 01125888 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll 2013-09-14 20:42 - 2013-04-10 00:29 - 00893952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll 2013-09-14 20:40 - 2013-08-07 07:15 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\tssdisai.dll 2013-09-14 20:17 - 2013-09-14 20:17 - 00001092 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1511950678-379215580-886294624-1001Core1ceb176a28e0886.job 2013-09-14 20:15 - 2013-09-14 20:15 - 00450416 _____ C:\Windows\system32\FNTCACHE.DAT 2013-09-14 20:09 - 2013-09-14 20:09 - 00000000 ____D C:\Users\Steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome 2013-09-14 20:08 - 2013-09-14 20:09 - 00000000 ____D C:\Users\Steffen\AppData\Local\Google 2013-09-14 19:36 - 2013-09-14 19:36 - 00000000 ____D C:\Users\Steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam 2013-09-14 19:36 - 2013-09-14 19:36 - 00000000 ____D C:\Program Files (x86)\Wajam 2013-09-14 19:18 - 2013-09-14 19:18 - 00003302 _____ C:\Windows\System32\Tasks\4896 2013-09-14 19:18 - 2013-09-14 19:18 - 00003202 _____ C:\Windows\System32\Tasks\0 2013-09-14 19:18 - 2013-09-14 19:18 - 00003104 _____ C:\Windows\System32\Tasks\{F22EC7DC-0F72-4956-9DA3-B52AB9C39572} 2013-09-14 19:15 - 2013-09-14 19:15 - 00003268 _____ C:\Windows\System32\Tasks\{7735E009-72FA-44D1-BF26-5EA5BC43112E} 2013-09-14 15:21 - 2013-09-14 15:21 - 00000000 ____D C:\Users\Steffen\AppData\Local\{90305D36-84F0-4143-A4E0-5A60555431F2} 2013-09-14 13:29 - 2013-08-16 07:39 - 02371728 _____ (Microsoft Corporation) C:\Windows\system32\WSService.dll 2013-09-14 13:29 - 2013-08-16 07:32 - 00209200 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe 2013-09-14 13:29 - 2013-08-16 07:22 - 04917760 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe 2013-09-14 13:29 - 2013-08-16 07:21 - 01164288 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll 2013-09-14 13:28 - 2013-08-21 06:12 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-09-14 13:28 - 2013-08-21 06:12 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-09-14 13:28 - 2013-08-21 06:11 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-09-14 13:28 - 2013-08-21 06:11 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-09-14 13:28 - 2013-08-21 06:11 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-09-14 13:28 - 2013-08-21 06:11 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-09-14 13:28 - 2013-08-21 06:11 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-09-14 13:28 - 2013-08-21 06:11 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll 2013-09-14 13:28 - 2013-08-21 06:11 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-09-14 13:28 - 2013-08-21 06:11 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-09-14 13:28 - 2013-08-21 06:11 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-09-14 13:28 - 2013-08-21 06:11 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-09-14 13:28 - 2013-08-21 06:11 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll 2013-09-14 13:28 - 2013-08-21 06:11 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-09-14 13:28 - 2013-08-21 06:11 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-09-14 13:28 - 2013-08-21 04:34 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-09-14 13:28 - 2013-08-21 04:06 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-09-14 13:28 - 2013-08-21 04:06 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-09-14 13:28 - 2013-08-21 04:06 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll 2013-09-14 13:28 - 2013-08-21 04:05 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-09-14 13:28 - 2013-08-21 04:05 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-09-14 13:28 - 2013-08-21 04:05 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-09-14 13:28 - 2013-08-21 04:05 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-09-14 13:28 - 2013-08-21 04:05 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-09-14 13:28 - 2013-08-21 04:05 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-09-14 13:28 - 2013-08-21 04:05 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-09-14 13:28 - 2013-08-21 04:05 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-09-14 13:28 - 2013-08-21 04:05 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-09-14 13:28 - 2013-08-21 04:05 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-09-14 13:28 - 2013-08-21 03:43 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-09-14 13:28 - 2013-08-21 01:52 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll 2013-09-14 13:28 - 2013-08-16 07:41 - 00058200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dam.sys 2013-09-14 13:28 - 2013-08-16 07:39 - 00059416 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2013-09-14 13:28 - 2013-08-16 07:22 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2013-09-14 13:28 - 2013-08-16 07:21 - 03275776 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2013-09-14 13:28 - 2013-08-16 07:21 - 01621504 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2013-09-14 13:28 - 2013-08-16 07:21 - 00773120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2013-09-14 13:28 - 2013-08-16 07:21 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll 2013-09-14 13:28 - 2013-08-16 07:21 - 00368640 _____ (Microsoft Corporation) C:\Windows\system32\sppwinob.dll 2013-09-14 13:28 - 2013-08-16 07:21 - 00252416 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll 2013-09-14 13:28 - 2013-08-16 07:21 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\WSClient.dll 2013-09-14 13:28 - 2013-08-16 07:21 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll 2013-09-14 13:28 - 2013-08-16 07:21 - 00183808 _____ (Microsoft Corporation) C:\Windows\system32\WSSync.dll 2013-09-14 13:28 - 2013-08-16 07:21 - 00174592 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll 2013-09-14 13:28 - 2013-08-16 07:21 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2013-09-14 13:28 - 2013-08-16 07:21 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2013-09-14 13:28 - 2013-08-16 07:21 - 00120320 _____ (Microsoft Corporation) C:\Windows\system32\sppc.dll 2013-09-14 13:28 - 2013-08-16 07:21 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2013-09-14 13:28 - 2013-08-16 07:21 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\setupcln.dll 2013-09-14 13:28 - 2013-08-16 07:21 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2013-09-14 13:28 - 2013-08-16 07:21 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2013-09-14 13:28 - 2013-08-16 07:20 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll 2013-09-14 13:28 - 2013-08-16 00:43 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2013-09-14 13:28 - 2013-08-16 00:43 - 00562688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll 2013-09-14 13:28 - 2013-08-16 00:43 - 00167424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSClient.dll 2013-09-14 13:28 - 2013-08-16 00:43 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSSync.dll 2013-09-14 13:28 - 2013-08-16 00:43 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll 2013-09-14 13:28 - 2013-08-16 00:43 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2013-09-14 13:28 - 2013-08-16 00:43 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 2013-09-14 13:28 - 2013-08-16 00:43 - 00084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2013-09-14 13:28 - 2013-08-16 00:43 - 00083968 _____ C:\Windows\SysWOW64\OEMLicense.dll 2013-09-14 13:28 - 2013-08-16 00:43 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2013-09-14 13:28 - 2013-08-16 00:43 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2013-09-14 13:28 - 2013-08-16 00:42 - 00091648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sppc.dll 2013-09-14 13:28 - 2013-08-16 00:42 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setupcln.dll 2013-09-14 13:27 - 2013-08-03 06:30 - 04038144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2013-09-14 13:27 - 2013-07-09 10:04 - 00120144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msgpioclx.sys 2013-09-14 13:27 - 2013-07-09 08:18 - 00439488 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe 2013-09-14 13:27 - 2013-07-09 06:25 - 00385768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe 2013-09-14 13:27 - 2013-07-09 05:57 - 00245760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LocationApi.dll 2013-09-14 13:27 - 2013-07-09 00:46 - 00543744 _____ (Microsoft Corporation) C:\Windows\system32\wwanmm.dll 2013-09-14 13:27 - 2013-07-09 00:46 - 00414208 _____ (Microsoft Corporation) C:\Windows\system32\wwanconn.dll 2013-09-14 13:27 - 2013-07-09 00:46 - 00370688 _____ (Microsoft Corporation) C:\Windows\system32\Wwanadvui.dll 2013-09-14 13:27 - 2013-07-09 00:45 - 00312832 _____ (Microsoft Corporation) C:\Windows\system32\LocationApi.dll 2013-09-14 13:27 - 2013-07-06 02:16 - 01025024 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll 2013-09-14 13:27 - 2013-07-03 02:23 - 00778752 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2013-09-14 13:27 - 2013-07-03 02:23 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.BackgroundTransfer.dll 2013-09-14 13:27 - 2013-07-03 02:22 - 02839552 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll 2013-09-14 13:27 - 2013-07-03 02:22 - 01300480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2013-09-14 13:27 - 2013-07-03 02:11 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll 2013-09-14 13:27 - 2013-07-03 02:11 - 00268800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.BackgroundTransfer.dll 2013-09-14 13:27 - 2013-07-03 02:10 - 02273792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll 2013-09-14 13:27 - 2013-07-01 00:30 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\openfiles.exe 2013-09-14 13:27 - 2013-07-01 00:29 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\openfiles.exe 2013-09-14 13:27 - 2013-06-29 08:15 - 00195416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys 2013-09-14 13:27 - 2013-06-29 08:15 - 00125784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys 2013-09-14 13:27 - 2013-06-29 07:43 - 00327512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys 2013-09-14 13:27 - 2013-06-29 03:12 - 01022464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2013-09-14 13:27 - 2013-06-26 05:01 - 00321536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys 2013-09-14 13:27 - 2013-06-26 04:59 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\HdAudio.sys 2013-09-14 13:27 - 2013-06-25 00:54 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll 2013-09-14 13:27 - 2013-06-25 00:54 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\wcmsvc.dll 2013-09-14 13:27 - 2013-06-25 00:54 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\wcmcsp.dll 2013-09-14 13:27 - 2013-06-19 07:36 - 00183808 _____ (Microsoft Corporation) C:\Windows\system32\winmmbase.dll 2013-09-14 13:27 - 2013-06-19 07:36 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\winmm.dll 2013-09-14 13:27 - 2013-06-19 00:38 - 00160256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmmbase.dll 2013-09-14 13:27 - 2013-06-19 00:38 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmm.dll 2013-09-14 13:27 - 2013-06-12 01:43 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll 2013-09-14 13:27 - 2013-06-12 01:26 - 00230912 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll 2013-09-14 13:27 - 2013-06-10 23:17 - 00096512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys 2013-09-14 13:27 - 2013-06-10 21:16 - 00888832 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll 2013-09-14 13:27 - 2013-06-10 21:15 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL 2013-09-14 13:27 - 2013-06-10 21:15 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL 2013-09-14 13:27 - 2013-06-10 21:15 - 00381952 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL 2013-09-14 13:27 - 2013-06-10 21:10 - 00702464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll 2013-09-14 13:27 - 2013-06-10 21:10 - 00245248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL 2013-09-14 13:27 - 2013-06-06 10:03 - 00119040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS 2013-09-13 18:52 - 2013-09-13 18:52 - 00000000 ____D C:\ProgramData\ATI 2013-09-13 18:48 - 2013-09-13 18:48 - 00000000 ____D C:\ProgramData\AMD 2013-09-13 18:48 - 2013-09-13 18:48 - 00000000 ____D C:\Program Files (x86)\AMD AVT 2013-09-13 18:48 - 2013-09-13 18:48 - 00000000 ____D C:\Program Files (x86)\AMD APP 2013-09-13 18:40 - 2013-09-13 18:48 - 00000000 ____D C:\Program Files\ATI Technologies 2013-09-13 18:36 - 2013-09-14 05:05 - 00000000 ____D C:\AMD 2013-09-13 18:20 - 2013-09-13 18:20 - 00000000 ____D C:\ProgramData\IObit 2013-09-13 18:20 - 2013-09-13 18:20 - 00000000 ____D C:\Program Files (x86)\IObit ==================== One Month Modified Files and Folders ======= 2013-10-08 22:15 - 2013-10-08 22:15 - 00000000 ____D C:\FRST 2013-10-08 22:15 - 2013-03-29 13:31 - 00000000 ____D C:\Users\Steffen\AppData\Local\PMB Files 2013-10-08 22:14 - 2013-10-08 22:14 - 01954124 _____ (Farbar) C:\Users\Steffen\Downloads\FRST64.exe 2013-10-08 22:00 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\sru 2013-10-08 21:56 - 2012-12-28 12:05 - 00000000 ____D C:\Users\Steffen\AppData\Roaming\Skype 2013-10-08 21:53 - 2013-09-15 12:03 - 00000000 ____D C:\Program Files (x86)\Steam 2013-10-08 21:50 - 2012-12-24 19:10 - 00003594 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1511950678-379215580-886294624-1001 2013-10-08 21:41 - 2013-04-14 15:58 - 00000000 ____D C:\Users\Steffen\AppData\Local\CrashDumps 2013-10-08 21:32 - 2013-06-09 17:51 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-10-08 21:31 - 2013-10-08 20:08 - 00000000 ____D C:\Program Files\GridinSoft Trojan Killer 2013-10-08 21:20 - 2013-10-08 20:51 - 00000000 ____D C:\ProgramData\MTA San Andreas All 2013-10-08 21:18 - 2013-10-08 20:40 - 00000000 ____D C:\Users\Steffen\Documents\GTA San Andreas User Files 2013-10-08 20:57 - 2012-12-24 19:00 - 01283824 _____ C:\Windows\WindowsUpdate.log 2013-10-08 20:51 - 2013-10-08 20:51 - 00000000 ____D C:\Program Files (x86)\MTA San Andreas 1.3 2013-10-08 20:37 - 2012-09-01 01:11 - 00840126 _____ C:\Windows\system32\perfh007.dat 2013-10-08 20:37 - 2012-09-01 01:11 - 00192632 _____ C:\Windows\system32\perfc007.dat 2013-10-08 20:37 - 2012-07-26 09:28 - 01976542 _____ C:\Windows\system32\PerfStringBackup.INI 2013-10-08 20:31 - 2013-10-08 20:31 - 00000000 _____ C:\autoexec.bat 2013-10-08 20:31 - 2013-10-08 20:27 - 00000000 ____D C:\sh4ldr 2013-10-08 20:30 - 2013-01-08 21:09 - 00000000 ____D C:\Users\Steffen\AppData\Local\LogMeIn Hamachi 2013-10-08 20:29 - 2013-10-08 20:29 - 00000126 _____ C:\sh4_service.log 2013-10-08 20:29 - 2012-08-04 00:23 - 00049568 _____ C:\Windows\PFRO.log 2013-10-08 20:29 - 2012-07-26 09:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-10-08 20:28 - 2012-07-26 07:26 - 00524288 ___SH C:\Windows\system32\config\BBI 2013-10-08 20:27 - 2013-10-08 20:27 - 00003332 _____ C:\Windows\System32\Tasks\SpyHunter4Startup 2013-10-08 20:27 - 2013-10-08 20:27 - 00000000 ____D C:\Windows\86CA3695A4124BAE92B649A60C2AC663.TMP 2013-10-08 20:27 - 2013-10-08 20:27 - 00000000 ____D C:\Users\Steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter 2013-10-08 20:27 - 2013-10-08 20:27 - 00000000 ____D C:\Program Files\Enigma Software Group 2013-10-08 19:57 - 2013-10-08 03:43 - 00000000 ____D C:\ProgramData\eSafe 2013-10-08 19:54 - 2013-09-05 13:38 - 00000000 ____D C:\Program Files (x86)\OBS 2013-10-08 19:50 - 2013-01-27 14:51 - 00000000 ____D C:\Program Files (x86)\SweetIM 2013-10-08 19:47 - 2013-09-15 12:37 - 00000000 ____D C:\Users\Steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2013-10-08 19:44 - 2013-10-08 19:00 - 00000000 ____D C:\Users\Steffen\AppData\Local\WebPlayer 2013-10-08 19:32 - 2013-07-02 20:29 - 00000000 ____D C:\Users\Steffen\AppData\Roaming\.minecraft 2013-10-08 19:32 - 2013-06-09 17:51 - 00003772 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2013-10-08 18:55 - 2013-03-29 13:04 - 00000000 ____D C:\ProgramData\MFAData 2013-10-08 17:51 - 2013-10-08 17:51 - 00000221 _____ C:\Users\Steffen\Desktop\Grand Theft Auto San Andreas.url 2013-10-08 15:42 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\AUInstallAgent 2013-10-08 13:31 - 2013-04-17 15:35 - 00000000 ____D C:\Windows\SysWOW64\directx 2013-10-08 13:29 - 2013-04-17 15:35 - 00000000 ___HD C:\Windows\msdownld.tmp 2013-10-08 13:18 - 2013-10-08 13:18 - 00000000 ____D C:\Users\Steffen\AppData\Local\LogMeIn 2013-10-08 13:18 - 2013-10-08 13:18 - 00000000 ____D C:\ProgramData\LogMeIn 2013-10-08 13:18 - 2013-10-07 18:09 - 00000000 ____D C:\ProgramData\AVG Security Toolbar 2013-10-08 04:44 - 2013-10-08 04:44 - 00000000 ____D C:\Users\Steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\San Andreas Multiplayer 2013-10-08 03:43 - 2012-12-24 19:03 - 00001642 _____ C:\Users\Steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2013-10-08 03:35 - 2013-10-08 03:30 - 00000000 ___HD C:\Users\Steffen\Documents\MSDCSC 2013-10-07 18:34 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\rescache 2013-10-07 18:01 - 2012-07-26 07:26 - 00262144 ___SH C:\Windows\system32\config\ELAM 2013-10-07 17:57 - 2013-10-07 17:57 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi 2013-09-28 01:58 - 2012-07-26 09:21 - 00051757 _____ C:\Windows\setupact.log 2013-09-27 19:09 - 2013-09-27 19:09 - 00000000 ____D C:\Users\Steffen\Documents\Bus Simulator 2012 Demo 2013-09-27 19:09 - 2013-09-27 19:09 - 00000000 ____D C:\Users\Steffen\AppData\Local\Bus Simulator 2012 Demo 2013-09-26 17:59 - 2013-09-26 17:59 - 00000000 _____ C:\end 2013-09-24 19:35 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\NDF 2013-09-24 14:19 - 2013-04-10 15:29 - 00000000 ____D C:\Program Files (x86)\Yahoo! 2013-09-21 01:10 - 2013-01-17 18:14 - 00000000 ____D C:\Users\Steffen\AppData\Local\Conduit 2013-09-21 01:04 - 2013-04-10 15:29 - 00000000 ____D C:\ProgramData\Yahoo! 2013-09-21 00:49 - 2013-09-21 00:49 - 00000000 ____D C:\Users\Steffen\AppData\Local\SplitMediaLabs 2013-09-21 00:48 - 2013-09-21 00:48 - 00000000 ____D C:\ProgramData\SplitMediaLabs 2013-09-21 00:48 - 2013-09-21 00:48 - 00000000 ____D C:\Program Files (x86)\SplitMediaLabs 2013-09-21 00:48 - 2013-06-09 17:46 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin 2013-09-21 00:47 - 2013-09-21 00:47 - 00000000 ____D C:\Users\Steffen\AppData\Roaming\SplitMediaLabs 2013-09-20 20:45 - 2013-07-22 17:04 - 00000000 ____D C:\Users\Steffen\AppData\Roaming\TS3Client 2013-09-20 18:09 - 2013-09-20 18:09 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2013-09-20 18:09 - 2013-09-20 18:09 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2013-09-19 01:26 - 2013-06-27 10:20 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-09-19 01:26 - 2013-06-27 10:20 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-09-18 20:15 - 2012-12-27 20:57 - 00426496 ___SH C:\Users\Steffen\Downloads\Thumbs.db 2013-09-15 12:03 - 2013-09-15 12:03 - 00000917 _____ C:\Users\Public\Desktop\Steam.lnk 2013-09-15 12:03 - 2012-12-24 18:59 - 00000000 ____D C:\Users\Steffen 2013-09-15 12:00 - 2012-12-26 15:30 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log 2013-09-15 12:00 - 2012-12-26 15:29 - 00000000 _____ C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt 2013-09-15 11:58 - 2012-09-08 03:30 - 00000000 ____D C:\Windows\Hewlett-Packard 2013-09-15 11:58 - 2012-08-04 02:02 - 00000000 ____D C:\SWSetup 2013-09-15 11:56 - 2012-08-31 15:37 - 00000000 ____D C:\Program Files (x86)\CyberLink 2013-09-15 11:54 - 2013-09-15 11:54 - 00000000 ____D C:\ProgramData\BitGuard 2013-09-15 11:53 - 2013-09-15 11:53 - 00000000 ____D C:\ProgramData\DSearchLink 2013-09-15 11:53 - 2013-09-15 11:53 - 00000000 ____D C:\Program Files (x86)\DriverTurbo 2013-09-15 11:53 - 2013-09-15 11:52 - 00000000 ____D C:\Users\Steffen\AppData\Roaming\DriverTurbo 2013-09-15 11:36 - 2013-09-15 11:36 - 00000992 _____ C:\Windows\svcpack.log 2013-09-15 11:36 - 2013-09-15 11:36 - 00000000 ____D C:\Windows\SysWOW64\CatRoot_bak 2013-09-14 20:51 - 2012-12-24 19:03 - 00000000 ___RD C:\Users\Steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2013-09-14 20:51 - 2012-12-24 19:03 - 00000000 ___RD C:\Users\Steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2013-09-14 20:47 - 2012-07-26 10:12 - 00000000 ___RD C:\Windows\ToastData 2013-09-14 20:17 - 2013-09-14 20:17 - 00001092 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1511950678-379215580-886294624-1001Core1ceb176a28e0886.job 2013-09-14 20:15 - 2013-09-14 20:15 - 00450416 _____ C:\Windows\system32\FNTCACHE.DAT 2013-09-14 20:09 - 2013-09-14 20:09 - 00000000 ____D C:\Users\Steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome 2013-09-14 20:09 - 2013-09-14 20:08 - 00000000 ____D C:\Users\Steffen\AppData\Local\Google 2013-09-14 19:36 - 2013-09-14 19:36 - 00000000 ____D C:\Users\Steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam 2013-09-14 19:36 - 2013-09-14 19:36 - 00000000 ____D C:\Program Files (x86)\Wajam 2013-09-14 19:18 - 2013-09-14 19:18 - 00003302 _____ C:\Windows\System32\Tasks\4896 2013-09-14 19:18 - 2013-09-14 19:18 - 00003202 _____ C:\Windows\System32\Tasks\0 2013-09-14 19:18 - 2013-09-14 19:18 - 00003104 _____ C:\Windows\System32\Tasks\{F22EC7DC-0F72-4956-9DA3-B52AB9C39572} 2013-09-14 19:16 - 2013-04-23 14:17 - 00000000 ____D C:\Users\Steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft 2013-09-14 19:16 - 2013-04-23 14:17 - 00000000 ____D C:\Users\Steffen\AppData\Local\Deployment 2013-09-14 19:16 - 2013-04-23 14:17 - 00000000 ____D C:\Ubisoft 2013-09-14 19:15 - 2013-09-14 19:15 - 00003268 _____ C:\Windows\System32\Tasks\{7735E009-72FA-44D1-BF26-5EA5BC43112E} 2013-09-14 19:04 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\WinStore 2013-09-14 19:04 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\PolicyDefinitions 2013-09-14 19:04 - 2012-07-26 07:38 - 00000000 ____D C:\Windows\system32\oobe 2013-09-14 19:03 - 2012-09-08 03:23 - 00000000 ____D C:\Program Files (x86)\ATI Technologies 2013-09-14 15:57 - 2012-07-26 07:26 - 00000188 _____ C:\Windows\win.ini 2013-09-14 15:53 - 2013-08-16 21:01 - 00000000 ____D C:\Windows\system32\MRT 2013-09-14 15:51 - 2012-12-28 14:59 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2013-09-14 15:42 - 2013-07-05 11:26 - 00000000 ____D C:\Users\Steffen\Documents\Camtasia Studio 2013-09-14 15:21 - 2013-09-14 15:21 - 00000000 ____D C:\Users\Steffen\AppData\Local\{90305D36-84F0-4143-A4E0-5A60555431F2} 2013-09-14 05:05 - 2013-09-13 18:36 - 00000000 ____D C:\AMD 2013-09-13 23:41 - 2013-09-05 15:29 - 00000000 ____D C:\Users\Steffen\AppData\Local\Procaster 2013-09-13 18:52 - 2013-09-13 18:52 - 00000000 ____D C:\ProgramData\ATI 2013-09-13 18:48 - 2013-09-13 18:48 - 00000000 ____D C:\ProgramData\AMD 2013-09-13 18:48 - 2013-09-13 18:48 - 00000000 ____D C:\Program Files (x86)\AMD AVT 2013-09-13 18:48 - 2013-09-13 18:48 - 00000000 ____D C:\Program Files (x86)\AMD APP 2013-09-13 18:48 - 2013-09-13 18:40 - 00000000 ____D C:\Program Files\ATI Technologies 2013-09-13 18:20 - 2013-09-13 18:20 - 00000000 ____D C:\ProgramData\IObit 2013-09-13 18:20 - 2013-09-13 18:20 - 00000000 ____D C:\Program Files (x86)\IObit 2013-09-13 16:35 - 2012-08-31 15:44 - 00368945 _____ C:\Windows\DirectX.log Some content of TEMP: ==================== C:\Users\Steffen\AppData\Local\Temp\7z920.exe C:\Users\Steffen\AppData\Local\Temp\appshat-distribution.exe C:\Users\Steffen\AppData\Local\Temp\bdfilters.dll C:\Users\Steffen\AppData\Local\Temp\BingBarSetup-Partner.exe C:\Users\Steffen\AppData\Local\Temp\binkw32.dll C:\Users\Steffen\AppData\Local\Temp\BI_RunOnce.exe C:\Users\Steffen\AppData\Local\Temp\Core.dll C:\Users\Steffen\AppData\Local\Temp\detectionapi_rd.dll C:\Users\Steffen\AppData\Local\Temp\detectionui_r.exe C:\Users\Steffen\AppData\Local\Temp\directx9tests_rd.dll C:\Users\Steffen\AppData\Local\Temp\drm_dyndata_7400009.dll C:\Users\Steffen\AppData\Local\Temp\Engine.dll C:\Users\Steffen\AppData\Local\Temp\Extract.exe C:\Users\Steffen\AppData\Local\Temp\FLVPlayerSetup.exe C:\Users\Steffen\AppData\Local\Temp\FLVPlayerUpdate_downloader_by_FLVPlayerUpdate.exe C:\Users\Steffen\AppData\Local\Temp\fraps_setup.exe C:\Users\Steffen\AppData\Local\Temp\FreemakeVideoConverter_3.2.1.3.exe C:\Users\Steffen\AppData\Local\Temp\i4jdel0.exe C:\Users\Steffen\AppData\Local\Temp\i4jdel1.exe C:\Users\Steffen\AppData\Local\Temp\i4jdel2.exe C:\Users\Steffen\AppData\Local\Temp\i4jdel3.exe C:\Users\Steffen\AppData\Local\Temp\IFC23.dll C:\Users\Steffen\AppData\Local\Temp\install_flash_player.exe C:\Users\Steffen\AppData\Local\Temp\jansi-32-git-Bukkit-1.4.7-R0.1-21-geea7fc2-b2620jnks.dll C:\Users\Steffen\AppData\Local\Temp\jansi-32-git-Bukkit-1.5.2-R0.1-1-g53734d2-b2777jnks.dll C:\Users\Steffen\AppData\Local\Temp\jansi-32-git-Bukkit-1.5.2-R0.1-b2771jnks.dll C:\Users\Steffen\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe C:\Users\Steffen\AppData\Local\Temp\local.dll C:\Users\Steffen\AppData\Local\Temp\mfc80.dll C:\Users\Steffen\AppData\Local\Temp\mfc80u.dll C:\Users\Steffen\AppData\Local\Temp\mgsqlite3.dll C:\Users\Steffen\AppData\Local\Temp\MoviesToolbarSetup_Somoto.exe C:\Users\Steffen\AppData\Local\Temp\msvci70.dll C:\Users\Steffen\AppData\Local\Temp\msvci70d.dll C:\Users\Steffen\AppData\Local\Temp\msvcirt.dll C:\Users\Steffen\AppData\Local\Temp\msvcp70.dll C:\Users\Steffen\AppData\Local\Temp\msvcp70d.dll C:\Users\Steffen\AppData\Local\Temp\msvcp71.dll C:\Users\Steffen\AppData\Local\Temp\msvcp71d.dll C:\Users\Steffen\AppData\Local\Temp\msvcp80.dll C:\Users\Steffen\AppData\Local\Temp\MSVCR70.dll C:\Users\Steffen\AppData\Local\Temp\MSVCR70d.dll C:\Users\Steffen\AppData\Local\Temp\MSVCR71.dll C:\Users\Steffen\AppData\Local\Temp\MSVCR71d.dll C:\Users\Steffen\AppData\Local\Temp\msvcr80.dll C:\Users\Steffen\AppData\Local\Temp\MSVCRt.dll C:\Users\Steffen\AppData\Local\Temp\octC196.tmp.exe C:\Users\Steffen\AppData\Local\Temp\octEAF8.tmp.exe C:\Users\Steffen\AppData\Local\Temp\ogg.dll C:\Users\Steffen\AppData\Local\Temp\ogg_d.dll C:\Users\Steffen\AppData\Local\Temp\OptimizerPro.exe C:\Users\Steffen\AppData\Local\Temp\OriginThinSetup.exe C:\Users\Steffen\AppData\Local\Temp\plus-hd-2-6.exe C:\Users\Steffen\AppData\Local\Temp\ProcasterUpdateInstaller.exe C:\Users\Steffen\AppData\Local\Temp\protect.dll C:\Users\Steffen\AppData\Local\Temp\protect.exe C:\Users\Steffen\AppData\Local\Temp\PSC Generator.exe C:\Users\Steffen\AppData\Local\Temp\PSC.sfx.exe C:\Users\Steffen\AppData\Local\Temp\SendStats.exe C:\Users\Steffen\AppData\Local\Temp\Setup.exe C:\Users\Steffen\AppData\Local\Temp\Shortcut_BundleSweetIMSetup.exe C:\Users\Steffen\AppData\Local\Temp\SHSetup.exe C:\Users\Steffen\AppData\Local\Temp\silent_pricora_DE.exe C:\Users\Steffen\AppData\Local\Temp\SIMEEIInstaller.exe C:\Users\Steffen\AppData\Local\Temp\SkypeSetup.exe C:\Users\Steffen\AppData\Local\Temp\SmartbarExeInstaller.exe C:\Users\Steffen\AppData\Local\Temp\SP58423.exe C:\Users\Steffen\AppData\Local\Temp\SP59647.exe C:\Users\Steffen\AppData\Local\Temp\SP59649.exe C:\Users\Steffen\AppData\Local\Temp\SP59927.exe C:\Users\Steffen\AppData\Local\Temp\SP60051.exe C:\Users\Steffen\AppData\Local\Temp\SP60109.exe C:\Users\Steffen\AppData\Local\Temp\SP60290.exe C:\Users\Steffen\AppData\Local\Temp\SP61037.exe C:\Users\Steffen\AppData\Local\Temp\SP61101.exe C:\Users\Steffen\AppData\Local\Temp\SP61277.exe C:\Users\Steffen\AppData\Local\Temp\SP61279.exe C:\Users\Steffen\AppData\Local\Temp\SP61280.exe C:\Users\Steffen\AppData\Local\Temp\SP61306.exe C:\Users\Steffen\AppData\Local\Temp\SP61632.exe C:\Users\Steffen\AppData\Local\Temp\SP61882.exe C:\Users\Steffen\AppData\Local\Temp\SP62194.exe C:\Users\Steffen\AppData\Local\Temp\SP62218.exe C:\Users\Steffen\AppData\Local\Temp\SP62364.exe C:\Users\Steffen\AppData\Local\Temp\SP62405.exe C:\Users\Steffen\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll C:\Users\Steffen\AppData\Local\Temp\swt-win32-3740.dll C:\Users\Steffen\AppData\Local\Temp\tbfind.dll C:\Users\Steffen\AppData\Local\Temp\tbuTor.dll C:\Users\Steffen\AppData\Local\Temp\tmp_minecraft.exe C:\Users\Steffen\AppData\Local\Temp\Tsu6D6BA026.dll C:\Users\Steffen\AppData\Local\Temp\TsuB705C90C.dll C:\Users\Steffen\AppData\Local\Temp\TuneUpUtilities2013_de-DE.exe C:\Users\Steffen\AppData\Local\Temp\UbiStats.dll C:\Users\Steffen\AppData\Local\Temp\uninst1.exe C:\Users\Steffen\AppData\Local\Temp\UNINSTALL.EXE C:\Users\Steffen\AppData\Local\Temp\update76.exe C:\Users\Steffen\AppData\Local\Temp\UpdateCheckerSetup.exe C:\Users\Steffen\AppData\Local\Temp\utt96F6.tmp.exe C:\Users\Steffen\AppData\Local\Temp\vcredist_x86.exe C:\Users\Steffen\AppData\Local\Temp\vorbis.dll C:\Users\Steffen\AppData\Local\Temp\vorbisfile.dll C:\Users\Steffen\AppData\Local\Temp\vorbisfile_d.dll C:\Users\Steffen\AppData\Local\Temp\vorbis_d.dll C:\Users\Steffen\AppData\Local\Temp\Window.dll C:\Users\Steffen\AppData\Local\Temp\winziprosetup-WZRO6_20130221.exe C:\Users\Steffen\AppData\Local\Temp\_is1E45.exe C:\Users\Steffen\AppData\Local\Temp\_is24C6.exe C:\Users\Steffen\AppData\Local\Temp\_is656.exe C:\Users\Steffen\AppData\Local\Temp\_is6B5D.exe C:\Users\Steffen\AppData\Local\Temp\_isF290.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-10-07 18:23 ==================== End Of Log ============================ Könnt ihr mir helfen? |
hi,  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
|
| Alle Zeitangaben in WEZ +1. Es ist jetzt 12:57 Uhr. |
Copyright ©2000-2025, Trojaner-Board