Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   W32/patched.uc (https://www.trojaner-board.de/135942-w32-patched-uc.html)

TheoLike 02.06.2013 17:46
W32/patched.uc
 
Hallo ich habe ein Problem mit dem Virus W32/patched.uc!

schrauber 02.06.2013 17:52
hi,

Systemscan mit FRST
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32bit oder FRST 64bit
(Wenn du nicht sicher bist: Start > Computer (Rechtsklick) > Eigenschaften)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Scan.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


Wo wird der gefunden?

TheoLike 02.06.2013 17:56
Hier die Files
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-06-2013 02
Ran by Neunzerling (administrator) on 02-06-2013 18:54:24
Running from C:\Users\Neunzerling\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

() C:\Windows\system32\services.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
() C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(WebCake LLC) C:\Program Files (x86)\WebCake\WebCakeDesktop.Updater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
() C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Valve Corporation) D:\Steam\Steam.exe
(Skype Technologies S.A.) D:\Phone\Skype.exe
() C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
(Electronic Arts) D:\Origin\Origin.exe
(Spotify Ltd) C:\Users\Neunzerling\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(WebCake LLC) C:\Users\Neunzerling\AppData\Roaming\WebCake\WebCakeDesktop.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Windows\system\Cm106eye.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Google Inc.) C:\Users\Neunzerling\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Neunzerling\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Neunzerling\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Neunzerling\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Neunzerling\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Neunzerling\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Neunzerling\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Neunzerling\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Neunzerling\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Neunzerling\AppData\Local\Google\Chrome\Application\chrome.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\klwtblfs.exe
(Farbar) C:\Users\Neunzerling\Downloads\FRST64 (1).exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s [6470760 2012-05-08] (Realtek Semiconductor)
HKLM\...\Run: [Cm106Sound] C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cm106.dll,CMICtrlWnd [8151040 2010-07-01] (C-Media Corporation)
HKCU\...\Run: [Google Update] "C:\Users\Neunzerling\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2013-01-28] (Google Inc.)
HKCU\...\Run: [Steam] "D:\Steam\steam.exe" -silent [x]
HKCU\...\Run: [Skype] "D:\Phone\Skype.exe" /minimized /regrun [x]
HKCU\...\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2013-01-28] ()
HKCU\...\Run: [EADM] "D:\Origin\Origin.exe" -AutoStart [x]
HKCU\...\Run: [Spotify Web Helper] "C:\Users\Neunzerling\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1104384 2013-05-25] (Spotify Ltd)
HKCU\...\Run: [WebCake Desktop] "C:\Users\Neunzerling\AppData\Roaming\WebCake\WebCakeDesktop.exe" [47896 2013-05-31] (WebCake LLC)
MountPoints2: {ad0d77d3-6974-11e2-a732-806e6f6e6963} - F:\KMDS.exe
MountPoints2: {ad0d7819-6974-11e2-a732-d43d7e051931} - F:\KMDS.exe
MountPoints2: {e5098649-66fa-11e2-bd20-806e6f6e6963} - E:\Autorun.exe
HKLM-x32\...\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [291608 2012-03-26] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [356376 2013-01-25] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [345312 2013-05-02] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [RaidCall] C:\Program Files (x86)\RaidCall\raidcall.exe [3423928 2013-05-06] (RAIDCALL.COM)
Startup: C:\Users\Neunzerling\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Delta Search
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = PC-SPEZIALIST
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.delta-search.com/?q={searchTerms}&affID=119357&tt=300513_new&babsrc=SP_ss&mntrId=60DED43D7E051931
SearchScopes: HKCU - {B04094C1-09BB-4FBE-AA8F-E477D26E5B68} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=3CB95953-C0F2-4BB1-8690-52F0A3780A9D&apn_sauid=7337EF3B-8270-4E9A-83FD-BCA02BE8054A
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: WebCake - {2A5A2A90-3B30-4E6E-A955-2F232C6EF517} - C:\Program Files (x86)\WebCake\WebCakeIEClient.dll (WebCake LLC)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.21.5\bh\delta.dll (Delta-search.com)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: DealPly - {EF7BD87A-8024-11E2-F316-F3E56188709B} - C:\Program Files (x86)\DealPly\DealPlyIE.dll (DealPly)
Toolbar: HKLM-x32 - Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.21.5\deltaTlbr.dll (Delta-search.com)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9 01 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [260832] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [260832] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [260832] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [260832] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [260832] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [260832] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [260832] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [260832] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 09 mswsock.dll File Not found ()
Winsock: Catalog9 10 mswsock.dll File Not found ()
Winsock: Catalog9 11 mswsock.dll File Not found ()
Winsock: Catalog9 12 mswsock.dll File Not found ()
Winsock: Catalog9 13 mswsock.dll File Not found ()
Winsock: Catalog9 14 mswsock.dll File Not found ()
Winsock: Catalog9 15 mswsock.dll File Not found ()
Winsock: Catalog9 16 mswsock.dll File Not found ()
Winsock: Catalog9 17 mswsock.dll File Not found ()
Winsock: Catalog9 18 mswsock.dll File Not found ()
Winsock: Catalog9 19 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [260832] (Avira Operations GmbH & Co. KG)
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9-x64 01 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [234208] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 02 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [234208] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 03 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [234208] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 04 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [234208] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 05 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [234208] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 06 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [234208] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 07 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [234208] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 08 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [234208] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 09 mswsock.dll File Not found ()
Winsock: Catalog9-x64 10 mswsock.dll File Not found ()
Winsock: Catalog9-x64 11 mswsock.dll File Not found ()
Winsock: Catalog9-x64 12 mswsock.dll File Not found ()
Winsock: Catalog9-x64 13 mswsock.dll File Not found ()
Winsock: Catalog9-x64 14 mswsock.dll File Not found ()
Winsock: Catalog9-x64 15 mswsock.dll File Not found ()
Winsock: Catalog9-x64 16 mswsock.dll File Not found ()
Winsock: Catalog9-x64 17 mswsock.dll File Not found ()
Winsock: Catalog9-x64 18 mswsock.dll File Not found ()
Winsock: Catalog9-x64 19 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [234208] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

Chrome:
=======
CHR Extension: (Kaspersky URL Advisor) - C:\Users\Neunzerling\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0
CHR Extension: (WebCake) - C:\Users\Neunzerling\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh\1.0.3_0
CHR Extension: (DealPly Shopping) - C:\Users\Neunzerling\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmfnfnpmhcllokmkepffndflpnadjmma\3.5.3.0_0

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86752 2013-03-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110816 2013-03-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [562744 2013-05-02] (Avira Operations GmbH & Co. KG)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356376 2013-01-25] (Kaspersky Lab ZAO)
R2 BrowserDefendert; C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe [2827728 2013-05-23] ()
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-05-17] ()
R2 WebCake Desktop Updater; C:\Users\Neunzerling\AppData\Roaming\WebCake\WebCakeDesktop.exe [47896 2013-05-31] (WebCake LLC)

==================== Drivers (Whitelisted) ====================

R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458584 2012-06-19] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [613720 2013-01-25] (Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [28504 2012-08-02] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29016 2012-10-25] (Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29528 2012-10-25] (Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54104 2013-01-25] (Kaspersky Lab)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178008 2012-08-13] (Kaspersky Lab)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R3 USBMULCD; C:\Windows\System32\drivers\CM10664.sys [1307648 2009-10-01] (C-Media Electronics Inc)
R2 avgntflt; system32\DRIVERS\avgntflt.sys [x]
R1 avipbb; system32\DRIVERS\avipbb.sys [x]
R1 avkmgr; system32\DRIVERS\avkmgr.sys [x]
S3 MSICDSetup; \??\E:\CDriver64.sys [x]
S3 NTIOLib_1_0_C; \??\E:\NTIOLib_X64.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-02 18:53 - 2013-06-02 18:53 - 01916600 ____A (Farbar) C:\Users\Neunzerling\Downloads\FRST64 (1).exe
2013-06-01 19:53 - 2013-06-01 19:53 - 00000000 ____A C:\Users\Neunzerling\defogger_reenable
2013-06-01 19:51 - 2013-06-01 19:51 - 00019043 ____A C:\Users\Neunzerling\Downloads\Addition.txt
2013-06-01 19:50 - 2013-06-01 19:50 - 00000000 ____D C:\Users\Neunzerling\AppData\Local\Downloaded Installations
2013-06-01 19:50 - 2013-06-01 19:50 - 00000000 ____D C:\FRST
2013-06-01 19:49 - 2013-06-01 19:50 - 01916164 ____A (Farbar) C:\Users\Neunzerling\Downloads\FRST64.exe
2013-06-01 19:49 - 2013-06-01 19:49 - 00000000 ____D C:\Windows\SysWOW64\searchplugins
2013-06-01 19:49 - 2013-06-01 19:49 - 00000000 ____D C:\Windows\SysWOW64\Extensions
2013-06-01 19:49 - 2013-06-01 19:49 - 00000000 ____D C:\Users\Neunzerling\AppData\Roaming\BabSolution
2013-06-01 19:49 - 2013-06-01 19:49 - 00000000 ____D C:\ProgramData\BrowserDefender
2013-06-01 19:48 - 2013-06-01 19:48 - 00000000 ____D C:\Users\Neunzerling\AppData\Roaming\Delta
2013-06-01 19:48 - 2013-06-01 19:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-01 19:48 - 2013-06-01 19:48 - 00000000 ____D C:\Program Files (x86)\Delta
2013-06-01 19:47 - 2013-06-02 18:47 - 00000304 ____A C:\Windows\Tasks\DSite.job
2013-06-01 19:47 - 2013-06-02 18:33 - 00000000 ____D C:\Users\Neunzerling\AppData\Roaming\WebCake
2013-06-01 19:47 - 2013-06-01 19:47 - 00000000 ____D C:\Users\Neunzerling\AppData\Roaming\DSite
2013-06-01 19:47 - 2013-06-01 19:47 - 00000000 ____D C:\Users\Neunzerling\AppData\Roaming\DealPly
2013-06-01 19:47 - 2013-06-01 19:47 - 00000000 ____D C:\Users\Neunzerling\AppData\Roaming\Babylon
2013-06-01 19:47 - 2013-06-01 19:47 - 00000000 ____D C:\ProgramData\Babylon
2013-06-01 19:47 - 2013-06-01 19:47 - 00000000 ____D C:\Program Files (x86)\WebCake
2013-06-01 19:47 - 2013-06-01 19:47 - 00000000 ____D C:\Program Files (x86)\DealPly
2013-06-01 19:46 - 2013-06-01 19:46 - 00791488 ____A C:\Users\Neunzerling\Downloads\CodecPack.exe
2013-06-01 19:34 - 2013-06-01 20:11 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-01 19:26 - 2013-06-01 19:26 - 00632031 ____A C:\Users\Neunzerling\Downloads\adwcleaner.exe
2013-06-01 19:26 - 2013-06-01 19:26 - 00001424 ____A C:\AdwCleaner[S1].txt
2013-06-01 19:21 - 2013-06-01 19:21 - 640065676 ____A C:\Windows\MEMORY.DMP
2013-06-01 19:21 - 2013-06-01 19:21 - 00305152 ____A C:\Windows\Minidump\060113-17253-01.dmp
2013-06-01 19:21 - 2013-06-01 19:21 - 00000000 ____D C:\Windows\Minidump
2013-06-01 19:11 - 2013-06-01 19:11 - 00377856 ____A C:\Users\Neunzerling\Downloads\gmer_2.1.19163.exe
2013-06-01 19:11 - 2013-06-01 19:11 - 00050477 ____A C:\Users\Neunzerling\Downloads\Defogger.exe
2013-06-01 19:11 - 2013-06-01 19:11 - 00000484 ____A C:\Users\Neunzerling\Downloads\defogger_disable.log
2013-06-01 19:11 - 2013-06-01 19:11 - 00000256 ____A C:\Users\Neunzerling\Downloads\defogger_enable.log
2013-06-01 15:34 - 2013-06-01 15:39 - 00036892 ____A C:\Windows\SysWOW64\bassmod.dll
2013-06-01 15:33 - 2013-06-01 15:33 - 02340966 ____A C:\Users\Neunzerling\Downloads\Anno2070_DO_+15Trn+SE_2.00.7780.rar
2013-06-01 15:33 - 2013-01-12 16:07 - 00000000 ____D C:\Users\Neunzerling\Desktop\Anno2070_DO_+15Trn+SE_2.00.7780
2013-06-01 15:06 - 2013-06-01 15:06 - 00000047 ____A C:\Users\Neunzerling\Documents\mt-x_hook.txt
2013-06-01 15:06 - 2013-06-01 15:06 - 00000007 ____A C:\Users\Neunzerling\Documents\mt-e_hook.txt
2013-05-30 21:24 - 2013-05-30 21:24 - 00049323 ____A C:\Users\Neunzerling\Downloads\just_cause_2-demo_v1.0.0.2-trainer_v2010.03.21-dc.zip
2013-05-30 21:24 - 2010-03-21 00:34 - 00050176 ____A C:\Users\Neunzerling\Desktop\Just_Cause_2-Demo_v1.0.0.2-Trainer.exe
2013-05-27 19:47 - 2013-05-27 19:47 - 00000000 ____D C:\Users\Neunzerling\Documents\Square Enix
2013-05-25 18:08 - 2013-05-25 18:09 - 03819928 ____A C:\Users\Neunzerling\Downloads\battlelog-web-plugins_2.1.4_112.exe
2013-05-25 17:59 - 2013-05-25 18:01 - 18848284 ____A C:\Users\Neunzerling\Downloads\QueenstownNZIanRushton.themepack
2013-05-25 13:12 - 2013-05-25 13:13 - 00000000 ____D C:\Users\Neunzerling\Desktop\Anno 2070 Produktionsketten
2013-05-23 20:41 - 2013-05-23 20:41 - 00002146 ____A C:\Users\Public\Desktop\Eu3 - DEMO.lnk
2013-05-23 20:41 - 2013-05-23 20:41 - 00000000 ____D C:\Program Files (x86)\Paradox Interactive
2013-05-23 20:23 - 2013-05-23 20:38 - 132963467 ____A (Paradox Interactive ) C:\Users\Neunzerling\Downloads\eu3_demo.exe
2013-05-23 19:19 - 2013-05-23 20:00 - 00474925 ____A C:\Users\Neunzerling\Downloads\FliegenunterWasser.odp
2013-05-21 12:28 - 2013-05-21 12:28 - 00000000 ____D C:\Users\Neunzerling\Documents\Empire Earth II SP Demo
2013-05-21 12:28 - 2013-05-21 12:28 - 00000000 ____D C:\Users\Neunzerling\AppData\Roaming\Sierra
2013-05-21 12:26 - 2013-05-21 12:26 - 00001010 ____A C:\Users\Public\Desktop\Launch EEII SP Demo.lnk
2013-05-21 12:26 - 2013-05-21 12:26 - 00000000 ____D C:\Program Files (x86)\Sierra
2013-05-21 10:39 - 2013-05-21 10:39 - 00614816 ____A (Download-Sponsor.de - Verdienen Sie mehr Geld mit Ihrer Software!) C:\Users\Neunzerling\Downloads\empireearth2_spdemo_en (1).exe
2013-05-20 22:11 - 2013-05-20 22:11 - 00614816 ____A (Download-Sponsor.de - Verdienen Sie mehr Geld mit Ihrer Software!) C:\Users\Neunzerling\Downloads\empireearth2_spdemo_en.exe
2013-05-20 20:45 - 2013-05-20 20:45 - 00673992 ____A C:\Users\Neunzerling\Downloads\Brothersoft_downloader_For_Empire_Earth_1.exe
2013-05-18 22:13 - 2013-05-27 15:07 - 00000000 ____D C:\Users\Neunzerling\Desktop\Ruse
2013-05-18 21:22 - 2013-05-18 21:26 - 43144421 ____A C:\Users\Neunzerling\Downloads\RUSE_THEME.zip
2013-05-18 20:22 - 2013-05-18 20:22 - 00000000 ____D C:\Users\Neunzerling\Documents\ANNO 2070
2013-05-18 20:15 - 2013-05-18 20:15 - 00000000 ____D C:\Users\Neunzerling\Documents\Electronic Arts
2013-05-18 20:02 - 2013-05-18 20:02 - 00000000 ____D C:\ProgramData\Solidshield
2013-05-18 16:42 - 2013-05-18 16:42 - 00002250 ____A C:\Users\Public\Desktop\Die Sims™ 3 Traumkarrieren.lnk
2013-05-18 16:40 - 2013-05-18 16:41 - 08950523 ____A C:\Users\Neunzerling\Downloads\awesome.zip
2013-05-18 16:39 - 2013-05-18 16:39 - 00887896 ____A (Microsoft Corporation) C:\Users\Neunzerling\Downloads\dotNetFx40_Client_setup.exe
2013-05-18 16:38 - 2013-05-18 16:39 - 02869264 ____A (Microsoft Corporation) C:\Users\Neunzerling\Downloads\dotNetFx35setup.exe
2013-05-18 16:15 - 2013-05-18 16:15 - 00002090 ____A C:\Users\Public\Desktop\Die*Sims™*3.lnk
2013-05-18 16:15 - 2013-05-18 16:15 - 00000000 ____D C:\Program Files (x86)\Microsoft WSE
2013-05-18 16:01 - 2013-05-18 16:36 - 00000000 ____D C:\Program Files (x86)\Electronic Arts
2013-05-18 12:32 - 2013-05-18 12:32 - 00000658 ____A C:\Users\Neunzerling\Desktop\Anno 2070.lnk
2013-05-18 12:32 - 2013-05-18 12:32 - 00000000 ____D C:\Users\Neunzerling\AppData\Roaming\Ubisoft
2013-05-17 19:29 - 2013-05-30 17:05 - 00291088 ____A C:\Windows\SysWOW64\PnkBstrB.exe
2013-05-17 19:29 - 2013-05-17 19:34 - 00076888 ____A C:\Windows\SysWOW64\PnkBstrA.exe
2013-05-17 19:20 - 2013-05-17 19:20 - 00886409 ____A C:\Users\Neunzerling\Downloads\pbsetup.zip
2013-05-17 19:19 - 2012-07-06 16:13 - 02580552 ____A C:\Windows\SysWOW64\pbsvc.exe
2013-05-16 21:37 - 2013-05-16 21:37 - 03820336 ____A C:\Users\Neunzerling\Downloads\battlelog-web-plugins_2.1.3_109.exe
2013-05-16 16:35 - 2013-05-16 16:35 - 00000000 ____D C:\Users\Neunzerling\AppData\Local\Adobe
2013-05-16 15:45 - 2013-04-05 08:52 - 02242048 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-05-16 15:45 - 2013-04-05 08:52 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-05-16 15:45 - 2013-04-05 08:52 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-05-16 15:45 - 2013-04-05 08:50 - 19231232 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-16 15:45 - 2013-04-05 08:50 - 15404032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-05-16 15:45 - 2013-04-05 08:50 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-05-16 15:45 - 2013-04-05 08:50 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-05-16 15:45 - 2013-04-05 08:50 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-05-16 15:45 - 2013-04-05 08:50 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-05-16 15:45 - 2013-04-05 08:50 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-05-16 15:45 - 2013-04-05 08:50 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-05-16 15:45 - 2013-04-05 08:50 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-05-16 15:45 - 2013-04-05 08:50 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-05-16 15:45 - 2013-04-05 08:50 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-05-16 15:45 - 2013-04-05 07:28 - 01767424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-05-16 15:45 - 2013-04-05 07:28 - 01130496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-05-16 15:45 - 2013-04-05 07:26 - 14323712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-05-16 15:45 - 2013-04-05 07:26 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-05-16 15:45 - 2013-04-05 07:26 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-05-16 15:45 - 2013-04-05 07:26 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-05-16 15:45 - 2013-04-05 07:26 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-05-16 15:45 - 2013-04-05 07:26 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-05-16 15:45 - 2013-04-05 07:26 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-05-16 15:45 - 2013-04-05 07:26 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-05-16 15:45 - 2013-04-05 07:26 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-05-16 15:45 - 2013-04-05 07:26 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-05-16 15:45 - 2013-04-05 07:26 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-05-16 15:45 - 2013-04-05 06:43 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-16 15:45 - 2013-04-05 06:29 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-05-16 15:45 - 2013-04-05 05:51 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-05-16 15:45 - 2013-04-05 05:38 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-05-16 15:44 - 2013-04-10 08:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-05-16 15:44 - 2013-04-10 08:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2013-05-16 15:44 - 2013-04-10 05:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-05-16 15:44 - 2013-03-19 07:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll
2013-05-16 15:44 - 2013-03-19 07:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll
2013-05-16 15:44 - 2013-02-27 08:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
2013-05-16 15:44 - 2013-02-27 07:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-05-16 15:44 - 2013-02-27 07:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-05-16 15:44 - 2013-02-27 07:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-05-16 15:44 - 2013-02-27 07:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll
2013-05-16 15:44 - 2013-02-27 06:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-05-16 15:44 - 2013-02-27 06:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-05-16 15:44 - 2013-02-27 06:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-05-16 15:44 - 2011-02-03 13:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2013-05-13 15:13 - 2013-05-13 15:13 - 00092776 ____A (Spotify Ltd) C:\Users\Neunzerling\Downloads\SpotifySetup.exe
2013-05-13 15:11 - 2013-06-01 15:13 - 00000000 ____D C:\Users\Neunzerling\AppData\Local\Spotify
2013-05-13 15:11 - 2013-05-13 15:11 - 00001797 ____A C:\Users\Neunzerling\Desktop\Spotify.lnk
2013-05-13 15:10 - 2013-06-01 16:11 - 00000000 ____D C:\Users\Neunzerling\AppData\Roaming\Spotify
2013-05-13 15:09 - 2013-05-13 15:09 - 00092776 ____A (Spotify Ltd) C:\Users\Neunzerling\Downloads\SpotifySetup33.exe
2013-05-13 15:09 - 2013-05-13 15:09 - 00092776 ____A (Spotify Ltd) C:\Users\Neunzerling\Downloads\SpotifySetup33 (1).exe
2013-05-12 16:04 - 2013-05-12 16:07 - 23647099 ____A C:\Users\Neunzerling\Downloads\WestCoastNZIanRushton.themepack
2013-05-12 16:04 - 2013-05-12 16:06 - 15384369 ____A C:\Users\Neunzerling\Downloads\PanoramicDeserts.deskthemepack
2013-05-08 14:18 - 2013-05-08 14:18 - 00000202 ____A C:\Users\Neunzerling\Desktop\Teraria.url
2013-05-07 20:49 - 2013-05-07 20:49 - 00321645 ____A C:\Users\Neunzerling\Downloads\Flaggenmod.zip
2013-05-07 20:36 - 2013-05-07 20:38 - 09928241 ____A C:\Users\Neunzerling\Downloads\AustralianLandscapes IanJohnson.themepack
2013-05-07 20:36 - 2013-05-07 20:37 - 08337971 ____A C:\Users\Neunzerling\Downloads\AustralianShoresAntonGorlin.themepack
2013-05-07 16:46 - 2013-05-07 16:47 - 12378733 ____A C:\Users\Neunzerling\Downloads\PCSX2 BIOS CJG.rar
2013-05-07 16:43 - 2013-05-07 19:30 - 00000000 ____D C:\Users\Neunzerling\Documents\PCSX2
2013-05-07 16:40 - 2013-05-07 16:40 - 08945660 ____A C:\Users\Neunzerling\Downloads\pcsx2-1.0.0-r5350-setup.exe
2013-05-07 16:38 - 2013-05-07 16:40 - 11403721 ____A C:\Users\Neunzerling\Downloads\san_francisco_rush_2049.zip
2013-05-07 10:00 - 2013-05-07 10:02 - 10122352 ____A C:\Users\Neunzerling\Downloads\mariokart64.zip
2013-05-07 09:59 - 2013-05-07 19:31 - 00000000 ____D C:\Program Files (x86)\Project64 1.6
2013-05-07 09:57 - 2013-05-07 09:57 - 00613216 ____A (Download-Sponsor.de - Verdienen Sie mehr Geld mit Ihrer Software!) C:\Users\Neunzerling\Downloads\setup_Project64_1.6en.exe
2013-05-06 15:11 - 2013-05-23 14:35 - 00000000 ____A C:\Windows\SysWOW64\filetrace.log
2013-05-05 13:52 - 2013-05-23 14:43 - 00000000 ____D C:\Program Files (x86)\RaidCall
2013-05-05 13:52 - 2013-05-05 13:52 - 05515624 ____A C:\Users\Neunzerling\Downloads\raidcall_v7.2.0.exe
2013-05-05 13:52 - 2013-05-05 13:52 - 00001011 ____A C:\Users\UpdatusUser\Desktop\RaidCall.lnk
2013-05-05 13:52 - 2013-05-05 13:52 - 00001011 ____A C:\Users\Neunzerling\Desktop\Raidcall.lnk
2013-05-05 13:52 - 2013-05-05 13:52 - 00000000 ____D C:\Users\Neunzerling\AppData\Roaming\raidcall
2013-05-05 12:27 - 2013-05-06 17:56 - 00000000 ____D C:\Users\Neunzerling\AppData\Roaming\TS3Client
2013-05-05 12:26 - 2013-05-05 12:26 - 00000967 ____A C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2013-05-05 12:26 - 2013-05-05 12:26 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2013-05-05 12:23 - 2013-05-05 12:26 - 34954912 ____A (TeamSpeak Systems GmbH) C:\Users\Neunzerling\Downloads\TeamSpeak3-Client-win64-3.0.10.1.exe
2013-05-04 17:03 - 2013-05-04 17:03 - 00097946 ____A C:\Users\Neunzerling\Downloads\TooManyItems2013_04_25_1.5.2.zip
2013-05-04 16:46 - 2013-06-01 13:09 - 00000000 ____D C:\Users\Neunzerling\AppData\Roaming\.minecraft
2013-05-04 16:45 - 2013-05-04 16:46 - 11584038 ____A C:\Users\Neunzerling\Downloads\Sphax PureBDcraft 64x MC15.zip
2013-05-04 16:43 - 2013-05-04 16:44 - 00376304 ____A C:\Users\Neunzerling\Downloads\OptiFine_1.5.2_HD_U_D2.zip
2013-05-03 20:20 - 2013-05-03 20:20 - 00004107 ____A C:\Windows\SysWOW64\jupdate-1.7.0_21-b11.log
2013-05-03 20:20 - 2013-04-04 05:35 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-05-03 20:20 - 2013-04-04 05:30 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-05-03 20:20 - 2013-04-04 05:29 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-05-03 15:10 - 2013-05-03 15:27 - 231404576 ____A (Ubisoft) C:\Users\Neunzerling\Downloads\FarCry3_mp_dlc.exe

==================== One Month Modified Files and Folders =======

2013-06-02 18:54 - 2013-01-28 20:57 - 00000000 ____D C:\Users\Neunzerling\AppData\Local\PMB Files
2013-06-02 18:53 - 2013-06-02 18:53 - 01916600 ____A (Farbar) C:\Users\Neunzerling\Downloads\FRST64 (1).exe
2013-06-02 18:48 - 2013-01-28 20:19 - 00000000 ____D C:\Users\Neunzerling\AppData\Roaming\Skype
2013-06-02 18:47 - 2013-06-01 19:47 - 00000304 ____A C:\Windows\Tasks\DSite.job
2013-06-02 18:39 - 2009-07-14 06:45 - 00021840 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-02 18:39 - 2009-07-14 06:45 - 00021840 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-02 18:38 - 2011-04-12 09:43 - 00654372 ____A C:\Windows\System32\perfh007.dat
2013-06-02 18:38 - 2011-04-12 09:43 - 00129986 ____A C:\Windows\System32\perfc007.dat
2013-06-02 18:38 - 2009-07-14 07:13 - 01499844 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-02 18:34 - 2013-01-25 20:12 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-06-02 18:33 - 2013-06-01 19:47 - 00000000 ____D C:\Users\Neunzerling\AppData\Roaming\WebCake
2013-06-02 18:32 - 2013-01-25 19:57 - 00000000 ____D C:\ProgramData\NVIDIA
2013-06-02 18:32 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-02 18:32 - 2009-07-14 06:51 - 00043300 ____A C:\Windows\setupact.log
2013-06-01 20:27 - 2013-01-28 20:04 - 00001144 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1396853779-1898471116-1014588444-1000UA.job
2013-06-01 20:11 - 2013-06-01 19:34 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-01 20:04 - 2013-01-25 20:08 - 00000000 ____D C:\Users\Neunzerling\AppData\Roaming\SoftGrid Client
2013-06-01 19:53 - 2013-06-01 19:53 - 00000000 ____A C:\Users\Neunzerling\defogger_reenable
2013-06-01 19:53 - 2013-01-25 16:30 - 00000000 ____D C:\users\Neunzerling
2013-06-01 19:51 - 2013-06-01 19:51 - 00019043 ____A C:\Users\Neunzerling\Downloads\Addition.txt
2013-06-01 19:50 - 2013-06-01 19:50 - 00000000 ____D C:\Users\Neunzerling\AppData\Local\Downloaded Installations
2013-06-01 19:50 - 2013-06-01 19:50 - 00000000 ____D C:\FRST
2013-06-01 19:50 - 2013-06-01 19:49 - 01916164 ____A (Farbar) C:\Users\Neunzerling\Downloads\FRST64.exe
2013-06-01 19:49 - 2013-06-01 19:49 - 00000000 ____D C:\Windows\SysWOW64\searchplugins
2013-06-01 19:49 - 2013-06-01 19:49 - 00000000 ____D C:\Windows\SysWOW64\Extensions
2013-06-01 19:49 - 2013-06-01 19:49 - 00000000 ____D C:\Users\Neunzerling\AppData\Roaming\BabSolution
2013-06-01 19:49 - 2013-06-01 19:49 - 00000000 ____D C:\ProgramData\BrowserDefender
2013-06-01 19:48 - 2013-06-01 19:48 - 00000000 ____D C:\Users\Neunzerling\AppData\Roaming\Delta
2013-06-01 19:48 - 2013-06-01 19:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-01 19:48 - 2013-06-01 19:48 - 00000000 ____D C:\Program Files (x86)\Delta
2013-06-01 19:47 - 2013-06-01 19:47 - 00000000 ____D C:\Users\Neunzerling\AppData\Roaming\DSite
2013-06-01 19:47 - 2013-06-01 19:47 - 00000000 ____D C:\Users\Neunzerling\AppData\Roaming\DealPly
2013-06-01 19:47 - 2013-06-01 19:47 - 00000000 ____D C:\Users\Neunzerling\AppData\Roaming\Babylon
2013-06-01 19:47 - 2013-06-01 19:47 - 00000000 ____D C:\ProgramData\Babylon
2013-06-01 19:47 - 2013-06-01 19:47 - 00000000 ____D C:\Program Files (x86)\WebCake
2013-06-01 19:47 - 2013-06-01 19:47 - 00000000 ____D C:\Program Files (x86)\DealPly
2013-06-01 19:46 - 2013-06-01 19:46 - 00791488 ____A C:\Users\Neunzerling\Downloads\CodecPack.exe
2013-06-01 19:34 - 2013-04-03 11:41 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-01 19:34 - 2013-03-24 00:10 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-01 19:26 - 2013-06-01 19:26 - 00632031 ____A C:\Users\Neunzerling\Downloads\adwcleaner.exe
2013-06-01 19:26 - 2013-06-01 19:26 - 00001424 ____A C:\AdwCleaner[S1].txt
2013-06-01 19:21 - 2013-06-01 19:21 - 640065676 ____A C:\Windows\MEMORY.DMP
2013-06-01 19:21 - 2013-06-01 19:21 - 00305152 ____A C:\Windows\Minidump\060113-17253-01.dmp
2013-06-01 19:21 - 2013-06-01 19:21 - 00000000 ____D C:\Windows\Minidump
2013-06-01 19:19 - 2013-01-25 16:30 - 01651897 ____A C:\Windows\WindowsUpdate.log
2013-06-01 19:11 - 2013-06-01 19:11 - 00377856 ____A C:\Users\Neunzerling\Downloads\gmer_2.1.19163.exe
2013-06-01 19:11 - 2013-06-01 19:11 - 00050477 ____A C:\Users\Neunzerling\Downloads\Defogger.exe
2013-06-01 19:11 - 2013-06-01 19:11 - 00000484 ____A C:\Users\Neunzerling\Downloads\defogger_disable.log
2013-06-01 19:11 - 2013-06-01 19:11 - 00000256 ____A C:\Users\Neunzerling\Downloads\defogger_enable.log
2013-06-01 16:36 - 2013-02-01 21:12 - 00000000 ____D C:\Program Files (x86)\Origin Games
2013-06-01 16:11 - 2013-05-13 15:10 - 00000000 ____D C:\Users\Neunzerling\AppData\Roaming\Spotify
2013-06-01 15:39 - 2013-06-01 15:34 - 00036892 ____A C:\Windows\SysWOW64\bassmod.dll
2013-06-01 15:33 - 2013-06-01 15:33 - 02340966 ____A C:\Users\Neunzerling\Downloads\Anno2070_DO_+15Trn+SE_2.00.7780.rar
2013-06-01 15:13 - 2013-05-13 15:11 - 00000000 ____D C:\Users\Neunzerling\AppData\Local\Spotify
2013-06-01 15:06 - 2013-06-01 15:06 - 00000047 ____A C:\Users\Neunzerling\Documents\mt-x_hook.txt
2013-06-01 15:06 - 2013-06-01 15:06 - 00000007 ____A C:\Users\Neunzerling\Documents\mt-e_hook.txt
2013-06-01 13:23 - 2013-01-28 20:57 - 00000000 ____D C:\ProgramData\PMB Files
2013-06-01 13:09 - 2013-05-04 16:46 - 00000000 ____D C:\Users\Neunzerling\AppData\Roaming\.minecraft
2013-05-31 21:27 - 2013-01-28 20:04 - 00001092 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1396853779-1898471116-1014588444-1000Core.job
2013-05-31 19:25 - 2009-07-14 07:08 - 00032640 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-05-30 21:24 - 2013-05-30 21:24 - 00049323 ____A C:\Users\Neunzerling\Downloads\just_cause_2-demo_v1.0.0.2-trainer_v2010.03.21-dc.zip
2013-05-30 17:05 - 2013-05-17 19:29 - 00291088 ____A C:\Windows\SysWOW64\PnkBstrB.exe
2013-05-30 17:05 - 2013-01-29 20:36 - 00291088 ____A C:\Windows\SysWOW64\PnkBstrB.xtr
2013-05-28 19:21 - 2013-01-29 20:06 - 00291088 ____A C:\Windows\SysWOW64\PnkBstrB.ex0
2013-05-27 19:47 - 2013-05-27 19:47 - 00000000 ____D C:\Users\Neunzerling\Documents\Square Enix
2013-05-27 15:07 - 2013-05-18 22:13 - 00000000 ____D C:\Users\Neunzerling\Desktop\Ruse
2013-05-26 16:08 - 2013-02-04 13:31 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2013-05-26 16:08 - 2010-11-21 05:47 - 00273884 ____A C:\Windows\PFRO.log
2013-05-25 18:09 - 2013-05-25 18:08 - 03819928 ____A C:\Users\Neunzerling\Downloads\battlelog-web-plugins_2.1.4_112.exe
2013-05-25 18:01 - 2013-05-25 17:59 - 18848284 ____A C:\Users\Neunzerling\Downloads\QueenstownNZIanRushton.themepack
2013-05-25 13:13 - 2013-05-25 13:12 - 00000000 ____D C:\Users\Neunzerling\Desktop\Anno 2070 Produktionsketten
2013-05-23 20:41 - 2013-05-23 20:41 - 00002146 ____A C:\Users\Public\Desktop\Eu3 - DEMO.lnk
2013-05-23 20:41 - 2013-05-23 20:41 - 00000000 ____D C:\Program Files (x86)\Paradox Interactive
2013-05-23 20:41 - 2013-01-25 16:58 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-05-23 20:38 - 2013-05-23 20:23 - 132963467 ____A (Paradox Interactive ) C:\Users\Neunzerling\Downloads\eu3_demo.exe
2013-05-23 20:00 - 2013-05-23 19:19 - 00474925 ____A C:\Users\Neunzerling\Downloads\FliegenunterWasser.odp
2013-05-23 14:43 - 2013-05-05 13:52 - 00000000 ____D C:\Program Files (x86)\RaidCall
2013-05-23 14:35 - 2013-05-06 15:11 - 00000000 ____A C:\Windows\SysWOW64\filetrace.log
2013-05-21 12:28 - 2013-05-21 12:28 - 00000000 ____D C:\Users\Neunzerling\Documents\Empire Earth II SP Demo
2013-05-21 12:28 - 2013-05-21 12:28 - 00000000 ____D C:\Users\Neunzerling\AppData\Roaming\Sierra
2013-05-21 12:26 - 2013-05-21 12:26 - 00001010 ____A C:\Users\Public\Desktop\Launch EEII SP Demo.lnk
2013-05-21 12:26 - 2013-05-21 12:26 - 00000000 ____D C:\Program Files (x86)\Sierra
2013-05-21 10:39 - 2013-05-21 10:39 - 00614816 ____A (Download-Sponsor.de - Verdienen Sie mehr Geld mit Ihrer Software!) C:\Users\Neunzerling\Downloads\empireearth2_spdemo_en (1).exe
2013-05-20 22:11 - 2013-05-20 22:11 - 00614816 ____A (Download-Sponsor.de - Verdienen Sie mehr Geld mit Ihrer Software!) C:\Users\Neunzerling\Downloads\empireearth2_spdemo_en.exe
2013-05-20 20:45 - 2013-05-20 20:45 - 00673992 ____A C:\Users\Neunzerling\Downloads\Brothersoft_downloader_For_Empire_Earth_1.exe
2013-05-18 21:26 - 2013-05-18 21:22 - 43144421 ____A C:\Users\Neunzerling\Downloads\RUSE_THEME.zip
2013-05-18 20:22 - 2013-05-18 20:22 - 00000000 ____D C:\Users\Neunzerling\Documents\ANNO 2070
2013-05-18 20:15 - 2013-05-18 20:15 - 00000000 ____D C:\Users\Neunzerling\Documents\Electronic Arts
2013-05-18 20:02 - 2013-05-18 20:02 - 00000000 ____D C:\ProgramData\Solidshield
2013-05-18 17:21 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-05-18 16:42 - 2013-05-18 16:42 - 00002250 ____A C:\Users\Public\Desktop\Die Sims™ 3 Traumkarrieren.lnk
2013-05-18 16:41 - 2013-05-18 16:40 - 08950523 ____A C:\Users\Neunzerling\Downloads\awesome.zip
2013-05-18 16:39 - 2013-05-18 16:39 - 00887896 ____A (Microsoft Corporation) C:\Users\Neunzerling\Downloads\dotNetFx40_Client_setup.exe
2013-05-18 16:39 - 2013-05-18 16:38 - 02869264 ____A (Microsoft Corporation) C:\Users\Neunzerling\Downloads\dotNetFx35setup.exe
2013-05-18 16:36 - 2013-05-18 16:01 - 00000000 ____D C:\Program Files (x86)\Electronic Arts
2013-05-18 16:15 - 2013-05-18 16:15 - 00002090 ____A C:\Users\Public\Desktop\Die*Sims™*3.lnk
2013-05-18 16:15 - 2013-05-18 16:15 - 00000000 ____D C:\Program Files (x86)\Microsoft WSE
2013-05-18 12:32 - 2013-05-18 12:32 - 00000658 ____A C:\Users\Neunzerling\Desktop\Anno 2070.lnk
2013-05-18 12:32 - 2013-05-18 12:32 - 00000000 ____D C:\Users\Neunzerling\AppData\Roaming\Ubisoft
2013-05-18 12:17 - 2013-01-29 19:57 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2013-05-17 19:34 - 2013-05-17 19:29 - 00076888 ____A C:\Windows\SysWOW64\PnkBstrA.exe
2013-05-17 19:20 - 2013-05-17 19:20 - 00886409 ____A C:\Users\Neunzerling\Downloads\pbsetup.zip
2013-05-16 21:37 - 2013-05-16 21:37 - 03820336 ____A C:\Users\Neunzerling\Downloads\battlelog-web-plugins_2.1.3_109.exe
2013-05-16 20:08 - 2013-01-25 20:05 - 00000000 ____D C:\ProgramData\Adobe
2013-05-16 20:06 - 2009-07-14 06:45 - 00294168 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-16 16:35 - 2013-05-16 16:35 - 00000000 ____D C:\Users\Neunzerling\AppData\Local\Adobe
2013-05-16 16:35 - 2013-01-30 16:58 - 00000000 ____D C:\Users\Neunzerling\AppData\Roaming\Adobe
2013-05-16 15:48 - 2013-01-25 20:48 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-05-13 15:13 - 2013-05-13 15:13 - 00092776 ____A (Spotify Ltd) C:\Users\Neunzerling\Downloads\SpotifySetup.exe
2013-05-13 15:11 - 2013-05-13 15:11 - 00001797 ____A C:\Users\Neunzerling\Desktop\Spotify.lnk
2013-05-13 15:09 - 2013-05-13 15:09 - 00092776 ____A (Spotify Ltd) C:\Users\Neunzerling\Downloads\SpotifySetup33.exe
2013-05-13 15:09 - 2013-05-13 15:09 - 00092776 ____A (Spotify Ltd) C:\Users\Neunzerling\Downloads\SpotifySetup33 (1).exe
2013-05-12 16:21 - 2013-01-29 20:35 - 00000000 ____D C:\Users\Neunzerling\Documents\My Games
2013-05-12 16:07 - 2013-05-12 16:04 - 23647099 ____A C:\Users\Neunzerling\Downloads\WestCoastNZIanRushton.themepack
2013-05-12 16:06 - 2013-05-12 16:04 - 15384369 ____A C:\Users\Neunzerling\Downloads\PanoramicDeserts.deskthemepack
2013-05-08 14:18 - 2013-05-08 14:18 - 00000202 ____A C:\Users\Neunzerling\Desktop\Teraria.url
2013-05-07 20:49 - 2013-05-07 20:49 - 00321645 ____A C:\Users\Neunzerling\Downloads\Flaggenmod.zip
2013-05-07 20:38 - 2013-05-07 20:36 - 09928241 ____A C:\Users\Neunzerling\Downloads\AustralianLandscapes IanJohnson.themepack
2013-05-07 20:37 - 2013-05-07 20:36 - 08337971 ____A C:\Users\Neunzerling\Downloads\AustralianShoresAntonGorlin.themepack
2013-05-07 19:31 - 2013-05-07 09:59 - 00000000 ____D C:\Program Files (x86)\Project64 1.6
2013-05-07 19:30 - 2013-05-07 16:43 - 00000000 ____D C:\Users\Neunzerling\Documents\PCSX2
2013-05-07 16:47 - 2013-05-07 16:46 - 12378733 ____A C:\Users\Neunzerling\Downloads\PCSX2 BIOS CJG.rar
2013-05-07 16:41 - 2013-01-25 16:30 - 00000000 ____D C:\Users\Neunzerling\AppData\Local\VirtualStore
2013-05-07 16:40 - 2013-05-07 16:40 - 08945660 ____A C:\Users\Neunzerling\Downloads\pcsx2-1.0.0-r5350-setup.exe
2013-05-07 16:40 - 2013-05-07 16:38 - 11403721 ____A C:\Users\Neunzerling\Downloads\san_francisco_rush_2049.zip
2013-05-07 10:02 - 2013-05-07 10:00 - 10122352 ____A C:\Users\Neunzerling\Downloads\mariokart64.zip
2013-05-07 09:57 - 2013-05-07 09:57 - 00613216 ____A (Download-Sponsor.de - Verdienen Sie mehr Geld mit Ihrer Software!) C:\Users\Neunzerling\Downloads\setup_Project64_1.6en.exe
2013-05-06 17:56 - 2013-05-05 12:27 - 00000000 ____D C:\Users\Neunzerling\AppData\Roaming\TS3Client
2013-05-05 13:52 - 2013-05-05 13:52 - 05515624 ____A C:\Users\Neunzerling\Downloads\raidcall_v7.2.0.exe
2013-05-05 13:52 - 2013-05-05 13:52 - 00001011 ____A C:\Users\UpdatusUser\Desktop\RaidCall.lnk
2013-05-05 13:52 - 2013-05-05 13:52 - 00001011 ____A C:\Users\Neunzerling\Desktop\Raidcall.lnk
2013-05-05 13:52 - 2013-05-05 13:52 - 00000000 ____D C:\Users\Neunzerling\AppData\Roaming\raidcall
2013-05-05 12:26 - 2013-05-05 12:26 - 00000967 ____A C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2013-05-05 12:26 - 2013-05-05 12:26 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2013-05-05 12:26 - 2013-05-05 12:23 - 34954912 ____A (TeamSpeak Systems GmbH) C:\Users\Neunzerling\Downloads\TeamSpeak3-Client-win64-3.0.10.1.exe
2013-05-04 17:03 - 2013-05-04 17:03 - 00097946 ____A C:\Users\Neunzerling\Downloads\TooManyItems2013_04_25_1.5.2.zip
2013-05-04 16:46 - 2013-05-04 16:45 - 11584038 ____A C:\Users\Neunzerling\Downloads\Sphax PureBDcraft 64x MC15.zip
2013-05-04 16:44 - 2013-05-04 16:43 - 00376304 ____A C:\Users\Neunzerling\Downloads\OptiFine_1.5.2_HD_U_D2.zip
2013-05-03 20:20 - 2013-05-03 20:20 - 00004107 ____A C:\Windows\SysWOW64\jupdate-1.7.0_21-b11.log
2013-05-03 20:20 - 2013-03-31 18:28 - 00000000 ____D C:\Program Files (x86)\Java
2013-05-03 15:40 - 2013-01-26 13:19 - 00000000 ____D C:\Users\Neunzerling\AppData\Local\Windows Live
2013-05-03 15:27 - 2013-05-03 15:10 - 231404576 ____A (Ubisoft) C:\Users\Neunzerling\Downloads\FarCry3_mp_dlc.exe

ZeroAccess:
C:\Windows\Installer\{ac1db9bb-b2dc-73c1-293b-096c6512083d}
C:\Windows\Installer\{ac1db9bb-b2dc-73c1-293b-096c6512083d}\@
C:\Windows\Installer\{ac1db9bb-b2dc-73c1-293b-096c6512083d}\L
C:\Windows\Installer\{ac1db9bb-b2dc-73c1-293b-096c6512083d}\U
C:\Windows\Installer\{ac1db9bb-b2dc-73c1-293b-096c6512083d}\L\00000004.@
C:\Windows\Installer\{ac1db9bb-b2dc-73c1-293b-096c6512083d}\L\76603ac3
C:\Windows\Installer\{ac1db9bb-b2dc-73c1-293b-096c6512083d}\U\00000004.@
C:\Windows\Installer\{ac1db9bb-b2dc-73c1-293b-096c6512083d}\U\00000008.@
C:\Windows\Installer\{ac1db9bb-b2dc-73c1-293b-096c6512083d}\U\000000cb.@
C:\Windows\Installer\{ac1db9bb-b2dc-73c1-293b-096c6512083d}\U\80000000.@
C:\Windows\Installer\{ac1db9bb-b2dc-73c1-293b-096c6512083d}\U\80000032.@
C:\Windows\Installer\{ac1db9bb-b2dc-73c1-293b-096c6512083d}\U\80000064.@

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe
[2009-07-14 01:19] - [2009-07-14 03:39] - 0329216 ____A () D41D8CD98F00B204E9800998ECF8427E

C:\Windows\System32\services.exe IS INFECTED. <===== ATTENTION!

C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender


Last Boot: 2013-05-24 19:42

==================== End Of Log ============================
Welche ist denn die FRST.txt?

schrauber 02.06.2013 18:18
Der alte Thread wurde schon wegen Cracks geschlossen, ergo ;)

aber nette Verseuchung. Formatier und fertig.


Alle Zeitangaben in WEZ +1. Es ist jetzt 18:46 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27