Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Windows 7: Befall von mehreren Trojanern/Viren -Win64/Conedex.B + C + I, Win64/Sirefef.AZ+BJ

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 24.11.2013, 14:39   #1
oigen
 
Windows 7: Befall von mehreren Trojanern/Viren -Win64/Conedex.B + C + I, Win64/Sirefef.AZ+BJ - Standard

Windows 7: Befall von mehreren Trojanern/Viren -Win64/Conedex.B + C + I, Win64/Sirefef.AZ+BJ



Liebes TB-Team,

ich habe seit gestern Probleme mit mehreren Trojanern/Viren - laut dem Log von ESET sind das:

Win64/Conedex.B trojan
Win64/Conedex.C trojan
Win64/Conedex.I trojan

Win64/Sirefef.AZ
Win64/Sirefef.BJ
Win32/Sirefef.FV

Win32/Kryptik.BPOA

Seit dem Befall bekomme ich regelmässige alle paar Minuten eine Meldung von ESET - sie werden aber einfach nicht entfernt. Auch in manuellen Scans konnte das Problem nicht behoben werden.

Damit einher gegangen sein dürfte, dass ich im Verzeichnis
C:\Program Files (x86)\Google\Desktop\Install
nichts löschen kann, und der Windows-Explorer abstürzt.

In meiner Verzweiflung habe ich mir die 30-Tage-Testversion von Emsisoft heruntergeladen und installiert. Leider konnten die Probleme auch damit nicht behoben werden.

Es folgen die Logs:

Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 13:36 on 24/11/2013 (Admin)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-11-2013 03
Ran by Andi (ATTENTION: The logged in user is not administrator) on PC on 24-11-2013 14:04:13
Running from C:\Users\Andi\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(Wondershare) C:\Program Files (x86)\Wondershare\MobileGo for Android\MobileGoService.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
(Huawei Technologies Co., Ltd.) C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [IntelTBRunOnce] - C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs [4526 2010-11-29] ()
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2589992 2011-04-05] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12673128 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [Power Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831016 2011-08-02] (Acer Incorporated)
HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET Smart Security\egui.exe [6330568 2013-03-21] (ESET)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Orbitum] - C:\Users\Andi\AppData\Local\Orbitum\Application\chrome.exe
HKCU\...\Run: [HW_OPENEYE_OUC_] - C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe [110592 2009-12-31] (Huawei Technologies Co., Ltd.)
MountPoints2: E - E:\AutoRun.exe
MountPoints2: F - F:\AutoRun.exe
MountPoints2: {10e3d94e-ad86-11e1-b219-001e101f1f81} - E:\AutoRun.exe
MountPoints2: {8cf2d829-4bc2-11e2-b468-001e101f7fb6} - E:\AutoRun.exe
MountPoints2: {9a409562-acd6-11e1-9bc0-642737311941} - F:\AutoRun.exe
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-04-24] (NTI Corporation)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-07-01] (Dritek System Inc.)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] - C:\Dolby PCEE4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [SuiteTray] - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-09-20] (Egis Technology Inc.)
HKLM-x32\...\Run: [ArcadeMovieService] - C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2011-08-26] (CyberLink Corp.)
HKLM-x32\...\Run: [DataCardMonitor] - C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe [253952 2012-06-02] (Huawei Technologies Co., Ltd.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact] - C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1694208 2013-05-04] (Wondershare)
HKLM-x32\...\Run: [emsisoft anti-malware] - C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe [4329408 2013-09-30] (Emsisoft GmbH)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll [247144 2012-10-08] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [202600 2012-10-08] (NVIDIA Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=ild&from=ild&uid=TOSHIBAXMK1059GSMP_Z1EUT0JTTXXZ1EUT0JTT&ts=1375041299
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=ild&from=ild&uid=TOSHIBAXMK1059GSMP_Z1EUT0JTTXXZ1EUT0JTT&ts=1375041299
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=ild&from=ild&uid=TOSHIBAXMK1059GSMP_Z1EUT0JTTXXZ1EUT0JTT&ts=1375041299
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=ild&from=ild&uid=TOSHIBAXMK1059GSMP_Z1EUT0JTTXXZ1EUT0JTT&ts=1375041299
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=ild&from=ild&uid=TOSHIBAXMK1059GSMP_Z1EUT0JTTXXZ1EUT0JTT&ts=1375041299
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=ild&from=ild&uid=TOSHIBAXMK1059GSMP_Z1EUT0JTTXXZ1EUT0JTT&ts=1375041299
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=ild&from=ild&uid=TOSHIBAXMK1059GSMP_Z1EUT0JTTXXZ1EUT0JTT&ts=1375041299
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=ild&from=ild&uid=TOSHIBAXMK1059GSMP_Z1EUT0JTTXXZ1EUT0JTT&ts=1375041299
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=ild&from=ild&uid=TOSHIBAXMK1059GSMP_Z1EUT0JTTXXZ1EUT0JTT&ts=1375041299
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9 01 mswsock.dll File Not found ()
Winsock: Catalog9 02 mswsock.dll File Not found ()
Winsock: Catalog9 03 mswsock.dll File Not found ()
Winsock: Catalog9 04 mswsock.dll File Not found ()
Winsock: Catalog9 05 mswsock.dll File Not found ()
Winsock: Catalog9 06 mswsock.dll File Not found ()
Winsock: Catalog9 07 mswsock.dll File Not found ()
Winsock: Catalog9 08 mswsock.dll File Not found ()
Winsock: Catalog9 09 mswsock.dll File Not found ()
Winsock: Catalog9 10 mswsock.dll File Not found ()
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9-x64 01 mswsock.dll File Not found ()
Winsock: Catalog9-x64 02 mswsock.dll File Not found ()
Winsock: Catalog9-x64 03 mswsock.dll File Not found ()
Winsock: Catalog9-x64 04 mswsock.dll File Not found ()
Winsock: Catalog9-x64 05 mswsock.dll File Not found ()
Winsock: Catalog9-x64 06 mswsock.dll File Not found ()
Winsock: Catalog9-x64 07 mswsock.dll File Not found ()
Winsock: Catalog9-x64 08 mswsock.dll File Not found ()
Winsock: Catalog9-x64 09 mswsock.dll File Not found ()
Winsock: Catalog9-x64 10 mswsock.dll File Not found ()
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{4227D410-6AA1-42B3-9995-001DD2C8E53B}: [NameServer]213.162.69.169 213.162.69.1
Tcpip\..\Interfaces\{ACF8C42B-3FAB-4EA1-9E15-28CDA0A662A4}: [NameServer]213.162.69.170 213.162.69.2
Tcpip\..\Interfaces\{EFE5D906-626A-491A-B1CC-69F3BF926A2A}: [NameServer]213.162.69.2 213.162.69.170

FireFox:
========
FF ProfilePath: C:\Users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\nt2oyp2q.default-1382384792839
FF Homepage: www.google.at
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @garmin.com/GpsControl - C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\qvo6.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=ild&from=ild&uid=TOSHIBAXMK1059GSMP_Z1EUT0JTTXXZ1EUT0JTT&ts=1375041299

==================== Services (Whitelisted) =================

R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [4153784 2013-09-30] (Emsisoft GmbH)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1341664 2013-03-21] (ESET)
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-24] (NTI Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-09-17] (Microsoft Corporation)
S2 WebCakeUpdater; "C:\Program Files (x86)\Web Cake\WebCakeDesktop.Updater.exe" [x]
S2 WsysSvc; C:\ProgramData\eSafe\eGdpSvc.exe [x]
U2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{b76a39d9-6a23-bedc-000d-ea3828816a40}\   \...\???\{b76a39d9-6a23-bedc-000d-ea3828816a40}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)

==================== Drivers (Whitelisted) ====================

R3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [70960 2013-08-24] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH)
R1 a2injectiondriver; C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [45208 2013-09-30] (Emsisoft GmbH)
R1 a2util; C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [17384 2013-03-28] (Emsisoft GmbH)
S3 androidusb; C:\Windows\System32\Drivers\wsadb.sys [40736 2013-10-03] (Google Inc)
R3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57024 2013-08-19] (Emsisoft GmbH)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [213416 2013-02-20] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [150616 2013-01-10] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [190232 2013-01-10] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [59440 2013-01-10] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [58416 2013-02-20] (ESET)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [243200 2009-10-21] (Huawei Technologies Co., Ltd.)
S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2009-10-12] (Huawei Technologies Co., Ltd.)
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [204568 2013-08-20] (DEVGURU Co., LTD.(www.devguru.co.kr))
U3 ugldapow; \??\C:\Users\Admin\AppData\Local\Temp\ugldapow.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-24 14:04 - 2013-11-24 14:04 - 00017687 _____ C:\Users\Andi\Desktop\FRST.txt
2013-11-24 13:51 - 2013-11-24 13:51 - 00092969 _____ C:\Users\Andi\Downloads\gmer.txt
2013-11-24 13:40 - 2013-11-24 13:40 - 00377856 _____ C:\Users\Andi\Downloads\gmer_2.1.19163.exe
2013-11-24 13:38 - 2013-11-24 13:39 - 00036249 _____ C:\Users\Andi\Downloads\FRST.txt
2013-11-24 13:37 - 2013-11-24 13:37 - 01958396 _____ (Farbar) C:\Users\Andi\Desktop\FRST64.exe
2013-11-24 13:36 - 2013-11-24 13:36 - 00000472 _____ C:\Users\Andi\Downloads\defogger_disable.log
2013-11-24 13:36 - 2013-11-24 13:36 - 00000000 _____ C:\Users\Admin\defogger_reenable
2013-11-24 13:34 - 2013-11-24 13:34 - 00050477 _____ C:\Users\Andi\Downloads\Defogger.exe
2013-11-24 08:55 - 2013-11-24 08:55 - 00001099 _____ C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2013-11-24 08:54 - 2013-11-24 13:57 - 00000000 ____D C:\Program Files (x86)\Emsisoft Anti-Malware
2013-11-24 08:54 - 2013-11-24 08:54 - 00000000 ____D C:\Users\Admin\Documents\Anti-Malware
2013-11-24 08:51 - 2013-11-24 08:54 - 209467344 _____ (Emsisoft GmbH                                               ) C:\Users\Andi\Downloads\EmsisoftAntiMalwareSetup.exe
2013-11-24 08:42 - 2013-11-24 08:42 - 00028988 _____ C:\Users\Admin\Downloads\Addition.txt
2013-11-24 08:40 - 2013-11-24 08:42 - 00041653 _____ C:\Users\Admin\Downloads\FRST.txt
2013-11-24 08:40 - 2013-11-24 08:40 - 01958396 _____ (Farbar) C:\Users\Admin\Downloads\FRST64.exe
2013-11-24 08:40 - 2013-11-24 08:40 - 00000000 ____D C:\FRST
2013-11-24 08:39 - 2013-11-24 08:39 - 01091525 _____ (Farbar) C:\Users\Admin\Downloads\FRST.exe
2013-11-24 08:26 - 2013-11-24 13:31 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1001UA1cee8e678ff332c.job
2013-11-23 20:59 - 2013-11-23 20:59 - 00000000 ____D C:\Users\Andi\Downloads\www.torrent.to...Gefaehrten.2011.DVDScr.German.AC3MD.XViD-PWND
2013-11-23 17:24 - 2013-11-23 17:25 - 00000000 ____D C:\Windows\SysWOW64\C2MP
2013-11-23 17:22 - 2013-11-23 17:24 - 42450960 _____ (VLC - Codec Pack) C:\Users\Andi\Downloads\vlc.codec.pack.v2.0.5.1.setup.exe
2013-11-23 16:35 - 2013-11-23 16:37 - 00000000 ____D C:\Users\Andi\Downloads\The Hobbit The Desolation of Smaug 2013
2013-11-23 16:32 - 2013-11-23 18:35 - 00000000 ____D C:\Users\Andi\Downloads\Der.Hobbit.Eine.unerwartete.Reise.2012.DVDRip.LD.German.XviD-CiNETiPP
2013-11-20 12:27 - 2013-11-23 09:41 - 00000000 ____D C:\Users\Andi\Downloads\Lucky Number Slevin 2006 [German].DVDScr (Dual Audio)
2013-11-19 06:29 - 2013-11-19 06:30 - 00000000 ____D C:\Users\Andi\AppData\Local\{51C3EEAD-C896-4909-B15A-D4D1A00705EF}
2013-11-17 16:43 - 2013-11-17 16:43 - 00000000 ____D C:\Users\Andi\Download
2013-11-15 20:17 - 2013-11-15 20:21 - 00000000 ____D C:\Hörbücher
2013-11-13 08:57 - 2013-10-12 09:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-13 08:57 - 2013-10-12 09:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-13 08:57 - 2013-10-12 09:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-13 08:57 - 2013-10-12 09:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-13 08:57 - 2013-10-12 09:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-13 08:57 - 2013-10-12 09:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-13 08:57 - 2013-10-12 09:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-13 08:57 - 2013-10-12 09:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-13 08:57 - 2013-10-12 09:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-13 08:57 - 2013-10-12 09:43 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-13 08:57 - 2013-10-12 09:43 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-13 08:57 - 2013-10-12 09:43 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-13 08:57 - 2013-10-12 09:43 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-13 08:57 - 2013-10-12 09:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-13 08:57 - 2013-10-12 08:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-13 08:57 - 2013-10-12 08:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-13 08:57 - 2013-10-12 08:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-13 08:57 - 2013-10-12 08:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-13 08:57 - 2013-10-12 08:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-13 08:57 - 2013-10-12 08:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-13 08:57 - 2013-10-12 08:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-13 08:57 - 2013-10-12 08:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-13 08:57 - 2013-10-12 08:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-13 08:57 - 2013-10-12 08:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-13 08:57 - 2013-10-12 08:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-13 08:57 - 2013-10-12 08:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-13 08:57 - 2013-10-12 08:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-13 08:57 - 2013-10-12 07:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-13 08:57 - 2013-10-12 07:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-13 08:57 - 2013-10-12 06:44 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-13 08:57 - 2013-10-12 06:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-13 07:23 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-13 07:23 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-13 07:23 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-13 07:23 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-13 07:23 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-13 07:23 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-13 07:23 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-13 07:23 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-13 07:23 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-13 07:23 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-13 07:23 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-13 07:23 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-13 07:23 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-13 07:23 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-13 07:23 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-13 07:23 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-13 07:23 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-13 07:23 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-13 07:23 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-13 07:23 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-13 07:23 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-13 07:23 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-13 07:23 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-13 07:23 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-13 07:23 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-13 07:23 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-13 07:23 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-13 07:23 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-13 07:23 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-13 07:23 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-10 14:25 - 2013-11-10 14:25 - 00001196 _____ C:\Users\Admin\Desktop\BitTorrent.lnk
2013-11-10 14:25 - 2013-11-10 14:25 - 00000000 ____D C:\Users\Admin\AppData\Roaming\BitTorrent
2013-11-10 14:24 - 2013-11-24 08:28 - 00000000 ____D C:\Users\Andi\AppData\Roaming\BitTorrent
2013-11-10 14:23 - 2013-11-10 14:23 - 01137240 _____ (BitTorrent Inc.) C:\Users\Andi\Downloads\BitTorrent7.8.2_b30265.exe
2013-11-04 22:58 - 2013-11-04 22:58 - 00001406 _____ C:\Users\Andi\Desktop\TinyPic - Verknüpfung.lnk

==================== One Month Modified Files and Folders =======

2013-11-24 14:04 - 2013-11-24 14:04 - 00017687 _____ C:\Users\Andi\Desktop\FRST.txt
2013-11-24 13:58 - 2012-01-15 19:22 - 02024885 _____ C:\Windows\WindowsUpdate.log
2013-11-24 13:57 - 2013-11-24 08:54 - 00000000 ____D C:\Program Files (x86)\Emsisoft Anti-Malware
2013-11-24 13:55 - 2013-10-08 08:50 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cec3fb17587276.job
2013-11-24 13:51 - 2013-11-24 13:51 - 00092969 _____ C:\Users\Andi\Downloads\gmer.txt
2013-11-24 13:40 - 2013-11-24 13:40 - 00377856 _____ C:\Users\Andi\Downloads\gmer_2.1.19163.exe
2013-11-24 13:40 - 2009-07-14 05:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-24 13:40 - 2009-07-14 05:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-24 13:39 - 2013-11-24 13:38 - 00036249 _____ C:\Users\Andi\Downloads\FRST.txt
2013-11-24 13:37 - 2013-11-24 13:37 - 01958396 _____ (Farbar) C:\Users\Andi\Desktop\FRST64.exe
2013-11-24 13:37 - 2012-10-10 22:33 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-24 13:36 - 2013-11-24 13:36 - 00000472 _____ C:\Users\Andi\Downloads\defogger_disable.log
2013-11-24 13:36 - 2013-11-24 13:36 - 00000000 _____ C:\Users\Admin\defogger_reenable
2013-11-24 13:36 - 2012-06-02 11:21 - 00000000 ____D C:\Users\Admin
2013-11-24 13:34 - 2013-11-24 13:34 - 00050477 _____ C:\Users\Andi\Downloads\Defogger.exe
2013-11-24 13:31 - 2013-11-24 08:26 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1001UA1cee8e678ff332c.job
2013-11-24 13:17 - 2013-07-28 20:54 - 00001212 _____ C:\Windows\Tasks\FreeHDSport TV-updater.job
2013-11-24 13:17 - 2013-07-28 20:54 - 00001206 _____ C:\Windows\Tasks\FreeHDSport TV-codedownloader.job
2013-11-24 13:17 - 2013-07-28 20:54 - 00001116 _____ C:\Windows\Tasks\FreeHDSport TV-enabler.job
2013-11-24 13:17 - 2013-07-08 16:40 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-24 13:17 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-24 13:17 - 2009-07-14 05:51 - 00180057 _____ C:\Windows\setupact.log
2013-11-24 13:14 - 2013-07-28 20:54 - 00000000 ____D C:\Program Files (x86)\FreeHDSport TV
2013-11-24 12:56 - 2013-10-12 20:12 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1002UA1cec77f502d0aa.job
2013-11-24 08:55 - 2013-11-24 08:55 - 00001099 _____ C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2013-11-24 08:54 - 2013-11-24 08:54 - 00000000 ____D C:\Users\Admin\Documents\Anti-Malware
2013-11-24 08:54 - 2013-11-24 08:51 - 209467344 _____ (Emsisoft GmbH                                               ) C:\Users\Andi\Downloads\EmsisoftAntiMalwareSetup.exe
2013-11-24 08:42 - 2013-11-24 08:42 - 00028988 _____ C:\Users\Admin\Downloads\Addition.txt
2013-11-24 08:42 - 2013-11-24 08:40 - 00041653 _____ C:\Users\Admin\Downloads\FRST.txt
2013-11-24 08:40 - 2013-11-24 08:40 - 01958396 _____ (Farbar) C:\Users\Admin\Downloads\FRST64.exe
2013-11-24 08:40 - 2013-11-24 08:40 - 00000000 ____D C:\FRST
2013-11-24 08:39 - 2013-11-24 08:39 - 01091525 _____ (Farbar) C:\Users\Admin\Downloads\FRST.exe
2013-11-24 08:31 - 2013-09-13 22:21 - 00001068 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1001Core1ceb0c727a22316.job
2013-11-24 08:31 - 2012-06-02 11:43 - 00000000 ____D C:\ProgramData\clear.fi
2013-11-24 08:28 - 2013-11-10 14:24 - 00000000 ____D C:\Users\Andi\AppData\Roaming\BitTorrent
2013-11-24 08:23 - 2012-06-02 11:21 - 00119864 _____ C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-24 08:11 - 2013-08-27 06:26 - 00000000 ____D C:\Users\Andi\AppData\Roaming\vlc
2013-11-23 21:17 - 2012-06-02 13:35 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1002Core.job
2013-11-23 20:59 - 2013-11-23 20:59 - 00000000 ____D C:\Users\Andi\Downloads\www.torrent.to...Gefaehrten.2011.DVDScr.German.AC3MD.XViD-PWND
2013-11-23 18:35 - 2013-11-23 16:32 - 00000000 ____D C:\Users\Andi\Downloads\Der.Hobbit.Eine.unerwartete.Reise.2012.DVDRip.LD.German.XviD-CiNETiPP
2013-11-23 17:31 - 2013-07-08 16:40 - 00000000 ____D C:\Program Files (x86)\Google
2013-11-23 17:31 - 2012-06-02 13:19 - 00000000 ____D C:\Users\Admin\AppData\Local\Google
2013-11-23 17:25 - 2013-11-23 17:24 - 00000000 ____D C:\Windows\SysWOW64\C2MP
2013-11-23 17:24 - 2013-11-23 17:22 - 42450960 _____ (VLC - Codec Pack) C:\Users\Andi\Downloads\vlc.codec.pack.v2.0.5.1.setup.exe
2013-11-23 16:37 - 2013-11-23 16:35 - 00000000 ____D C:\Users\Andi\Downloads\The Hobbit The Desolation of Smaug 2013
2013-11-23 15:11 - 2012-06-04 21:00 - 00000000 ____D C:\Fotos
2013-11-23 15:11 - 2012-01-16 04:15 - 00669464 _____ C:\Windows\system32\perfh007.dat
2013-11-23 15:11 - 2012-01-16 04:15 - 00134990 _____ C:\Windows\system32\perfc007.dat
2013-11-23 15:11 - 2009-07-14 06:13 - 01528554 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-23 09:41 - 2013-11-20 12:27 - 00000000 ____D C:\Users\Andi\Downloads\Lucky Number Slevin 2006 [German].DVDScr (Dual Audio)
2013-11-23 09:28 - 2012-08-14 20:29 - 00000000 ____D C:\Users\Andi\AppData\Roaming\SoftGrid Client
2013-11-19 06:30 - 2013-11-19 06:29 - 00000000 ____D C:\Users\Andi\AppData\Local\{51C3EEAD-C896-4909-B15A-D4D1A00705EF}
2013-11-17 16:43 - 2013-11-17 16:43 - 00000000 ____D C:\Users\Andi\Download
2013-11-17 16:43 - 2012-06-05 06:00 - 00000000 ____D C:\Users\Andi
2013-11-16 11:53 - 2012-07-09 11:24 - 00000000 ____D C:\Windows\Minidump
2013-11-16 11:53 - 2012-07-09 11:23 - 519110408 _____ C:\Windows\MEMORY.DMP
2013-11-15 20:21 - 2013-11-15 20:17 - 00000000 ____D C:\Hörbücher
2013-11-14 06:46 - 2013-10-16 22:18 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-11-14 06:46 - 2013-04-15 21:58 - 00001935 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2013-11-13 16:09 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-11-13 13:26 - 2010-11-21 04:47 - 00336306 _____ C:\Windows\PFRO.log
2013-11-13 08:57 - 2013-08-15 14:17 - 00000000 ____D C:\Windows\system32\MRT
2013-11-13 08:55 - 2013-08-15 14:17 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-13 07:29 - 2013-09-12 06:01 - 00000000 ____D C:\Program Files\Microsoft Office 15
2013-11-11 05:50 - 2010-11-21 04:27 - 00267936 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2013-11-10 16:04 - 2013-02-07 07:26 - 00000000 ____D C:\Filme und Serien
2013-11-10 14:25 - 2013-11-10 14:25 - 00001196 _____ C:\Users\Admin\Desktop\BitTorrent.lnk
2013-11-10 14:25 - 2013-11-10 14:25 - 00000000 ____D C:\Users\Admin\AppData\Roaming\BitTorrent
2013-11-10 14:23 - 2013-11-10 14:23 - 01137240 _____ (BitTorrent Inc.) C:\Users\Andi\Downloads\BitTorrent7.8.2_b30265.exe
2013-11-04 22:58 - 2013-11-04 22:58 - 00001406 _____ C:\Users\Andi\Desktop\TinyPic - Verknüpfung.lnk
2013-11-02 19:58 - 2012-06-02 13:28 - 00119864 _____ C:\Users\Angi\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-02 17:15 - 2012-06-02 13:52 - 00000000 ____D C:\Users\Angi\AppData\Roaming\SoftGrid Client
2013-11-02 16:55 - 2012-08-18 11:00 - 00000000 ____D C:\Users\Angi\Downloads\Rezepte
2013-10-27 09:36 - 2009-07-14 06:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
ZeroAccess:
C:\Users\Admin\AppData\Local\Google\Desktop\Install
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

Some content of TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\DataCard_Setup64.exe
C:\Users\Admin\AppData\Local\Temp\htmlayout.dll
C:\Users\Admin\AppData\Local\Temp\InstHelper.exe
C:\Users\Admin\AppData\Local\Temp\OfficeSetup.exe
C:\Users\Andi\AppData\Local\Temp\addon.exe
C:\Users\Andi\AppData\Local\Temp\FP_PL_PFS_INSTALLER_32bit.exe
C:\Users\Andi\AppData\Local\Temp\install_flashplayer11x32au_mssa_aih.exe
C:\Users\Andi\AppData\Local\Temp\mediaget-uninstaller.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender

==================== End Of Log ============================
         
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-11-2013 03
Ran by Andi at 2013-11-24 14:04:34
Running from C:\Users\Andi\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: ESET Smart Security 6.0 (Enabled - Up to date) {77DEAFED-8149-104B-25A1-21771CA47CD1}
AS: ESET Smart Security 6.0 (Enabled - Up to date) {CCBF4E09-A773-1FC5-1F11-1A056723366C}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personal firewall (Enabled) {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}

==================== Installed Programs ======================

7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Acer Backup Manager (x32 Version: 3.0.0.99)
Acer Crystal Eye Webcam (x32 Version: 1.0.1904)
Acer ePower Management (x32 Version: 6.00.3008)
Acer eRecovery Management (x32 Version: 5.00.3504)
Acer Games (x32 Version: 1.0.2.5)
Acer Registration (x32 Version: 1.04.3504)
Acer ScreenSaver (x32 Version: 1.1.0913.2011)
Acer Updater (x32 Version: 1.02.3500)
Adobe AIR (x32 Version: 2.7.1.19610)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Reader X (10.1.7) MUI (x32 Version: 10.1.7)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98)
Apple Application Support (x32 Version: 2.3)
Apple Software Update (x32 Version: 2.1.3.127)
Backup Manager V3 (x32 Version: 3.0.0.99)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95)
Bing Bar (x32 Version: 7.0.765.0)
BitTorrent (HKCU Version: 7.8.2.30265)
Broadcom Card Reader Driver Installer (Version: 14.8.2.2)
Broadcom NetLink Controller (Version: 14.8.4.1)
Canon MP550 series MP Drivers
Chuzzle Deluxe (x32 Version: 2.2.0.95)
clear.fi (x32 Version: 1.0.1517_36458)
clear.fi (x32 Version: 1.0.2024.00)
clear.fi (x32 Version: 9.0.8026)
clear.fi Client (x32 Version: 1.00.3500)
Crazy Chicken Kart 2 (x32 Version: 2.2.0.97)
D3DX10 (x32 Version: 15.4.2368.0902)
Dolby Advanced Audio v2 (x32 Version: 7.2.7000.7)
eBay Worldwide (x32 Version: 2.2.0409)
Emsisoft Anti-Malware (x32 Version: 8.1)
ESET Smart Security (Version: 6.0.316.0)
ETDWare PS/2-X64 8.0.6.3_WHQL (Version: 8.0.6.3)
Evernote v. 4.5.1 (x32 Version: 4.5.1.5451)
FATE (x32 Version: 2.2.0.97)
Final Drive: Nitro (x32 Version: 2.2.0.95)
Fooz Kids (x32 Version: 3.0.8)
Fooz Kids Platform (x32 Version: 2.1)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922)
FreeHDSport TV (x32 Version: 1.27.153.8)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922)
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922)
Galeria fotogràfica del Windows Live (x32 Version: 15.4.3502.0922)
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922)
Galerie foto Windows Live (x32 Version: 15.4.3502.0922)
Garmin Communicator Plugin (x32 Version: 4.0.3)
Garmin Communicator Plugin x64 (Version: 4.0.3)
Google Earth Plug-in (x32 Version: 7.1.1.1888)
Google Update Helper (x32 Version: 1.3.21.165)
Identity Card (x32 Version: 1.00.3501)
IlemiTVApp (x32 Version: 2.1 Build 26473)
Insaniquarium Deluxe (x32 Version: 2.2.0.97)
Intel(R) Control Center (x32 Version: 1.2.1.1007)
Intel(R) Management Engine Components (x32 Version: 7.0.0.1144)
Intel(R) Processor Graphics (x32 Version: 8.15.10.2418)
Intel(R) Rapid Storage Technology (x32 Version: 10.5.0.1026)
Jewel Match 3 (x32 Version: 2.2.0.97)
Jewel Quest Solitaire (x32 Version: 2.2.0.95)
John Deere Drive Green (x32 Version: 2.2.0.95)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Launch Manager (x32 Version: 5.1.7)
McAfee Security Scan Plus (Version: 3.8.130.10)
Mesh Runtime (x32 Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 365 Home Premium - de-de (Version: 15.0.4551.1005)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000)
Microsoft Office Klick-und-Los 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - Deutsch (x32 Version: 14.0.5128.5002)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Mozilla Firefox 14.0.1 (x86 de) (x32 Version: 14.0.1)
Mozilla Maintenance Service (x32 Version: 14.0.1)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
Mystery of Mortlake Mansion (x32 Version: 2.2.0.98)
MyWinLocker (Version: 4.0.14.27)
MyWinLocker 4 (x32 Version: 4.0.14.27)
MyWinLocker Suite (x32 Version: 4.0.14.19)
Need For Speed™ World (x32 Version: 1.0.0.1055)
newsXpresso (x32 Version: 1.0.0.40)
Norton Online Backup (x32 Version: 2.1.17869)
NTI Media Maker 9 (x32 Version: 9.0.2.9002)
NVIDIA Grafiktreiber 306.97 (Version: 306.97)
NVIDIA Install Application (Version: 2.1002.85.551)
NVIDIA Optimus 1.10.8 (Version: 1.10.8)
NVIDIA PhysX (x32 Version: 9.10.0514)
NVIDIA Systemsteuerung 306.97 (Version: 306.97)
NVIDIA Update 1.10.8 (Version: 1.10.8)
NVIDIA Update Components (Version: 1.10.8)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4551.1005)
Office 15 Click-to-Run Licensing Component (Version: 15.0.4551.1005)
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4551.1005)
OpenOffice 4.0.0 (x32 Version: 4.00.9702)
Penguins! (x32 Version: 2.2.0.95)
PerformanceTest v7.0 (64-bit) (Version: 7.0)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922)
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922)
Polar Bowler (x32 Version: 2.2.0.97)
Pošta Windows Live (x32 Version: 15.4.3502.0922)
QuickTime (x32 Version: 7.74.80.86)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6438)
Shredder (Version: 2.0.8.9)
Shredder (x32 Version: 2.0.8.9)
Skype™ 5.10 (x32 Version: 5.10.116)
Slingo Deluxe (x32 Version: 2.2.0.95)
StreamTorrent 1.0 (x32)
Tinypic 3.18 (x32 Version: Tinypic 3.18)
T-Mobile Internet Manager (x32 Version: 11.301.05.34.55)
Torchlight (x32 Version: 2.2.0.97)
Überwachungstool für die Intel® Turbo-Boost-Technik 2.0 (Version: 2.1.23.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Update Installer for WildTangent Games App (x32)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.97)
VLC Codec Pack 2.0.5 (x32 Version: 2.0.5)
VLC media player 2.0.7 (x32 Version: 2.0.7)
Web Cake 3.00 (Version: 3.00)
Wedding Dash (x32 Version: 2.2.0.95)
Welcome Center (x32 Version: 1.02.3504)
WildTangent Games App (Acer Games) (x32 Version: 4.0.5.14)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3538.0513)
Windows Live Fotogaléria (x32 Version: 15.4.3502.0922)
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922)
Windows Live Fotogalleri (x32 Version: 15.4.3502.0922)
Windows Live Fotoğraf Galerisi (x32 Version: 15.4.3502.0922)
Windows Live Fotótár (x32 Version: 15.4.3502.0922)
Windows Live Galeria de Fotos (x32 Version: 15.4.3502.0922)
Windows Live Galerija fotografija (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3538.0513)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Messenger (x32 Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live Temel Parçalar (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
Windows Live 影像中心 (x32 Version: 15.4.3502.0922)
Windows Live 程式集 (x32 Version: 15.4.3502.0922)
Windows Liven asennustyökalu (x32 Version: 15.4.3502.0922)
Windows Liven sähköposti (x32 Version: 15.4.3502.0922)
Windows Liven valokuvavalikoima (x32 Version: 15.4.3502.0922)
Wondershare MobileGo for Android ( Version 4.1.0 ) (x32 Version: 4.1.0)
Wsys Control 1.0.0.2557 (x32 Version: 1.0.0.2557)
Zuma Deluxe (x32 Version: 2.2.0.95)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922)
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922)
Почта Windows Live (x32 Version: 15.4.3502.0922)
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922)
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922)
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922)
بريد Windows Live (x32 Version: 15.4.3502.0922)
معرض صور Windows Live (x32 Version: 15.4.3502.0922)

==================== Restore Points  =========================

Could not list Restore Points. Check WMI.


==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => ?
Task: C:\Windows\Tasks\FreeHDSport TV-codedownloader.job => ?
Task: C:\Windows\Tasks\FreeHDSport TV-enabler.job => ?
Task: C:\Windows\Tasks\FreeHDSport TV-updater.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cec3fb17587276.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1001Core1ceb0c727a22316.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1001UA1cee8e678ff332c.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1002Core.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1002UA1cec77f502d0aa.job => ?

==================== Loaded Modules (whitelisted) =============

2011-10-14 04:57 - 2011-06-10 18:36 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-11-23 17:15 - 2013-11-23 17:15 - 02492416 _____ () C:\ProgramData\Microsoft\BingDesktop\BingCore\BingDesktopOverlays.dll
2013-11-23 17:15 - 2013-11-23 17:15 - 02179072 _____ () C:\ProgramData\Microsoft\BingDesktop\BingCore\BingDesktopCore.dll
2011-08-24 18:03 - 2011-08-24 18:03 - 00206216 _____ () C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll
2011-04-24 02:29 - 2011-04-24 02:29 - 00465640 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2012-06-02 13:17 - 2012-08-01 06:46 - 02003424 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-10-09 11:37 - 2013-10-09 11:37 - 16233864 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/24/2013 01:51:27 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: gmer_2.1.19163.exe, Version: 2.1.19163.0, Zeitstempel: 0x515d31f0
Name des fehlerhaften Moduls: nvinit.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x506b31f3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x74a6ce39
ID des fehlerhaften Prozesses: 0x1598
Startzeit der fehlerhaften Anwendung: 0xgmer_2.1.19163.exe0
Pfad der fehlerhaften Anwendung: gmer_2.1.19163.exe1
Pfad des fehlerhaften Moduls: gmer_2.1.19163.exe2
Berichtskennung: gmer_2.1.19163.exe3

Error: (11/24/2013 01:19:54 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d672ee4
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521eaf24
Ausnahmecode: 0xc00000fd
Fehleroffset: 0x0000000000054eea
ID des fehlerhaften Prozesses: 0xbe0
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3

Error: (11/24/2013 01:17:59 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/24/2013 08:35:29 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: explorer.exe, Version: 6.1.7601.17567, Zeitstempel: 0x4d672ee4
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521eaf24
Ausnahmecode: 0xc00000fd
Fehleroffset: 0x0000000000054f01
ID des fehlerhaften Prozesses: 0xf94
Startzeit der fehlerhaften Anwendung: 0xexplorer.exe0
Pfad der fehlerhaften Anwendung: explorer.exe1
Pfad des fehlerhaften Moduls: explorer.exe2
Berichtskennung: explorer.exe3

Error: (11/24/2013 08:32:27 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: explorer.exe, Version: 6.1.7601.17567, Zeitstempel: 0x4d672ee4
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521eaf24
Ausnahmecode: 0xc00000fd
Fehleroffset: 0x000000000005501f
ID des fehlerhaften Prozesses: 0xbe8
Startzeit der fehlerhaften Anwendung: 0xexplorer.exe0
Pfad der fehlerhaften Anwendung: explorer.exe1
Pfad des fehlerhaften Moduls: explorer.exe2
Berichtskennung: explorer.exe3

Error: (11/24/2013 08:32:07 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: explorer.exe, Version: 6.1.7601.17567, Zeitstempel: 0x4d672ee4
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521eaf24
Ausnahmecode: 0xc00000fd
Fehleroffset: 0x000000000005501f
ID des fehlerhaften Prozesses: 0x17cc
Startzeit der fehlerhaften Anwendung: 0xexplorer.exe0
Pfad der fehlerhaften Anwendung: explorer.exe1
Pfad des fehlerhaften Moduls: explorer.exe2
Berichtskennung: explorer.exe3

Error: (11/24/2013 08:31:46 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d672ee4
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521eaf24
Ausnahmecode: 0xc00000fd
Fehleroffset: 0x0000000000054eea
ID des fehlerhaften Prozesses: 0x6f8
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3

Error: (11/24/2013 08:30:06 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/24/2013 08:24:24 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d672ee4
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521eaf24
Ausnahmecode: 0xc00000fd
Fehleroffset: 0x0000000000053520
ID des fehlerhaften Prozesses: 0x17a4
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3

Error: (11/24/2013 08:23:24 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: explorer.exe, Version: 6.1.7601.17567, Zeitstempel: 0x4d672ee4
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521eaf24
Ausnahmecode: 0xc00000fd
Fehleroffset: 0x0000000000054eea
ID des fehlerhaften Prozesses: 0x218
Startzeit der fehlerhaften Anwendung: 0xexplorer.exe0
Pfad der fehlerhaften Anwendung: explorer.exe1
Pfad des fehlerhaften Moduls: explorer.exe2
Berichtskennung: explorer.exe3


System errors:
=============
Error: (11/24/2013 01:53:10 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet: 
%%-2147024891

Error: (11/24/2013 01:53:10 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%-2147024891

Error: (11/24/2013 01:20:08 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%-2147024891

Error: (11/24/2013 01:20:08 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet: 
%%-2147024891

Error: (11/24/2013 01:19:49 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (11/24/2013 01:19:49 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (11/24/2013 01:18:14 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%-2147024891

Error: (11/24/2013 01:18:14 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet: 
%%-2147024891

Error: (11/24/2013 01:17:10 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "WebCakeUpdater" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (11/24/2013 01:17:09 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.


Microsoft Office Sessions:
=========================
Error: (11/24/2013 01:51:27 PM) (Source: Application Error)(User: )
Description: gmer_2.1.19163.exe2.1.19163.0515d31f0nvinit.dll_unloaded0.0.0.0506b31f3c000000574a6ce39159801cee912b8d33ac3C:\Users\Andi\Downloads\gmer_2.1.19163.exenvinit.dll2160d960-5507-11e3-b5af-dc0ea12b1b2b

Error: (11/24/2013 01:19:54 PM) (Source: Application Error)(User: )
Description: Explorer.EXE6.1.7601.175674d672ee4ntdll.dll6.1.7601.18247521eaf24c00000fd0000000000054eeabe001cee90f1a6776e8C:\Windows\Explorer.EXEC:\Windows\SYSTEM32\ntdll.dllb965c702-5502-11e3-b5af-dc0ea12b1b2b

Error: (11/24/2013 01:17:59 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/24/2013 08:35:29 AM) (Source: Application Error)(User: )
Description: explorer.exe6.1.7601.175674d672ee4ntdll.dll6.1.7601.18247521eaf24c00000fd0000000000054f01f9401cee8e755662322C:\Windows\explorer.exeC:\Windows\SYSTEM32\ntdll.dllfd502567-54da-11e3-bc90-dc0ea12b1b2b

Error: (11/24/2013 08:32:27 AM) (Source: Application Error)(User: )
Description: explorer.exe6.1.7601.175674d672ee4ntdll.dll6.1.7601.18247521eaf24c00000fd000000000005501fbe801cee8e748eb5e45C:\Windows\explorer.exeC:\Windows\SYSTEM32\ntdll.dll911a0a48-54da-11e3-bc90-dc0ea12b1b2b

Error: (11/24/2013 08:32:07 AM) (Source: Application Error)(User: )
Description: explorer.exe6.1.7601.175674d672ee4ntdll.dll6.1.7601.18247521eaf24c00000fd000000000005501f17cc01cee8e73cb821f5C:\Windows\explorer.exeC:\Windows\SYSTEM32\ntdll.dll84f9b9b5-54da-11e3-bc90-dc0ea12b1b2b

Error: (11/24/2013 08:31:46 AM) (Source: Application Error)(User: )
Description: Explorer.EXE6.1.7601.175674d672ee4ntdll.dll6.1.7601.18247521eaf24c00000fd0000000000054eea6f801cee8e72195d4c7C:\Windows\Explorer.EXEC:\Windows\SYSTEM32\ntdll.dll787f141d-54da-11e3-bc90-dc0ea12b1b2b

Error: (11/24/2013 08:30:06 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/24/2013 08:24:24 AM) (Source: Application Error)(User: )
Description: Explorer.EXE6.1.7601.175674d672ee4ntdll.dll6.1.7601.18247521eaf24c00000fd000000000005352017a401cee8e61b54ee23C:\Windows\Explorer.EXEC:\Windows\SYSTEM32\ntdll.dll711e383e-54d9-11e3-ab73-dc0ea12b1b2b

Error: (11/24/2013 08:23:24 AM) (Source: Application Error)(User: )
Description: explorer.exe6.1.7601.175674d672ee4ntdll.dll6.1.7601.18247521eaf24c00000fd0000000000054eea21801cee8e5bca6f0ecC:\Windows\explorer.exeC:\Windows\SYSTEM32\ntdll.dll4d9fb392-54d9-11e3-ab73-dc0ea12b1b2b


==================== Memory info =========================== 

Percentage of memory in use: 34%
Total physical RAM: 8043.86 MB
Available physical RAM: 5308.87 MB
Total Pagefile: 16085.9 MB
Available Pagefile: 13319.03 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:913.41 GB) (Free:610.89 GB) NTFS

==================== MBR & Partition Table ==================

==================== End Of Log ============================
         
Die Log von GMER und ESET waren leider zu groß - deshalb mußte ich sie anhängen bzw. zippen!

Herzlichen Dank im Voraus, liebe Grüße,
Andreas

Alt 24.11.2013, 16:26   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7: Befall von mehreren Trojanern/Viren -Win64/Conedex.B + C + I, Win64/Sirefef.AZ+BJ - Standard

Windows 7: Befall von mehreren Trojanern/Viren -Win64/Conedex.B + C + I, Win64/Sirefef.AZ+BJ



hi,
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!
Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________

__________________

Alt 24.11.2013, 18:31   #3
oigen
 
Windows 7: Befall von mehreren Trojanern/Viren -Win64/Conedex.B + C + I, Win64/Sirefef.AZ+BJ - Standard

Windows 7: Befall von mehreren Trojanern/Viren -Win64/Conedex.B + C + I, Win64/Sirefef.AZ+BJ



Code:
ATTFilter
ComboFix 13-11-23.02 - Admin 24.11.2013  16:47:28.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.43.1031.18.8044.5805 [GMT 1:00]
ausgeführt von:: C:\Users\Andi\Desktop\ComboFix.exe
AV: ESET Smart Security 6.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 6.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Im Speicher befindliches AV aktiv.
         
Problem: Habe es leider nicht geschafft, ESET zu beenden - jetzt hat sich Combofix aufgehängt, und auch nach Neustart springen Fenster über mein Desktop

Update:

Habe es geschafft, ComboFix zu beenden und neu zu starten. Wenn fertig, stelle ich das Log wieder hier rein!
__________________

Alt 25.11.2013, 08:24   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7: Befall von mehreren Trojanern/Viren -Win64/Conedex.B + C + I, Win64/Sirefef.AZ+BJ - Standard

Windows 7: Befall von mehreren Trojanern/Viren -Win64/Conedex.B + C + I, Win64/Sirefef.AZ+BJ



ok
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 25.11.2013, 19:38   #5
oigen
 
Windows 7: Befall von mehreren Trojanern/Viren -Win64/Conedex.B + C + I, Win64/Sirefef.AZ+BJ - Standard

Windows 7: Befall von mehreren Trojanern/Viren -Win64/Conedex.B + C + I, Win64/Sirefef.AZ+BJ



Code:
ATTFilter
ComboFix 13-11-23.02 - Admin 25.11.2013   2:05:37.4.4 - x64
ausgeführt von:: C:\Users\Andi\Desktop\ComboFix.exe
         
Leider keine Verbesserung und nur ein kurzes Log (oben) Beim ersten Start hatte ich ein längeres Log gesehen, aber durch den Absturz habe ich neu gestartet, und jetzt sieht es so aus. Mit "normalem" Hochfahren sieht der Bildschirm jetzt aus wie im Anhang - das Fenster läuft von links oben nach rechts unten über den Bildschirm. Dies stoppt leider nicht - die einzige Möglichkeit war, im abgesicherten Modus zu starten, und C:\Combofix vorübergehend zu löschen.

Gute Nachricht: die Trojaner werden mittlerweile nicht mehr angezeit.
Immer noch schlechte Nachricht: Das Verzeichnis ...\Google\Desktop\Install lässt sich immer noch nicht löschen.

Nochmals danke,
Andreas

Miniaturansicht angehängter Grafiken
Windows 7: Befall von mehreren Trojanern/Viren -Win64/Conedex.B + C + I, Win64/Sirefef.AZ+BJ-20131125_191736.jpg  

Alt 26.11.2013, 10:45   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7: Befall von mehreren Trojanern/Viren -Win64/Conedex.B + C + I, Win64/Sirefef.AZ+BJ - Standard

Windows 7: Befall von mehreren Trojanern/Viren -Win64/Conedex.B + C + I, Win64/Sirefef.AZ+BJ



hi,

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
--> Windows 7: Befall von mehreren Trojanern/Viren -Win64/Conedex.B + C + I, Win64/Sirefef.AZ+BJ

Alt 26.11.2013, 15:36   #7
oigen
 
Windows 7: Befall von mehreren Trojanern/Viren -Win64/Conedex.B + C + I, Win64/Sirefef.AZ+BJ - Standard

Windows 7: Befall von mehreren Trojanern/Viren -Win64/Conedex.B + C + I, Win64/Sirefef.AZ+BJ



Hi,

TDSSKiller findet offenbar nichts. Log:

Code:
ATTFilter
15:29:55.0381 3408  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
15:29:57.0253 3408  ============================================================
15:29:57.0253 3408  Current date / time: 2013/11/26 15:29:57.0253
15:29:57.0253 3408  SystemInfo:
15:29:57.0253 3408  
15:29:57.0253 3408  OS Version: 6.1.7601 ServicePack: 1.0
15:29:57.0253 3408  Product type: Workstation
15:29:57.0253 3408  ComputerName: PC
15:29:57.0253 3408  UserName: Admin
15:29:57.0253 3408  Windows directory: C:\Windows
15:29:57.0253 3408  System windows directory: C:\Windows
15:29:57.0253 3408  Running under WOW64
15:29:57.0253 3408  Processor architecture: Intel x64
15:29:57.0253 3408  Number of processors: 4
15:29:57.0253 3408  Page size: 0x1000
15:29:57.0253 3408  Boot type: Normal boot
15:29:57.0253 3408  ============================================================
15:29:57.0627 3408  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:29:57.0643 3408  ============================================================
15:29:57.0643 3408  \Device\Harddisk0\DR0:
15:29:57.0643 3408  MBR partitions:
15:29:57.0643 3408  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2400800, BlocksNum 0x32000
15:29:57.0643 3408  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2432800, BlocksNum 0x722D3800
15:29:57.0643 3408  ============================================================
15:29:57.0658 3408  C: <-> \Device\Harddisk0\DR0\Partition2
15:29:57.0658 3408  ============================================================
15:29:57.0658 3408  Initialize success
15:29:57.0658 3408  ============================================================
15:30:50.0964 4052  ============================================================
15:30:50.0964 4052  Scan started
15:30:50.0964 4052  Mode: Manual; SigCheck; TDLFS; 
15:30:50.0964 4052  ============================================================
15:30:51.0104 4052  ================ Scan system memory ========================
15:30:51.0104 4052  System memory - ok
15:30:51.0104 4052  ================ Scan services =============================
15:30:51.0291 4052  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
15:30:51.0416 4052  1394ohci - ok
15:30:51.0463 4052  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
15:30:51.0510 4052  ACPI - ok
15:30:51.0525 4052  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
15:30:51.0603 4052  AcpiPmi - ok
15:30:51.0666 4052  [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:30:51.0697 4052  AdobeARMservice - ok
15:30:51.0790 4052  [ A283108E14F3970432C21AF4C0CB1BCE ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:30:51.0822 4052  AdobeFlashPlayerUpdateSvc - ok
15:30:51.0837 4052  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
15:30:51.0868 4052  adp94xx - ok
15:30:51.0915 4052  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
15:30:51.0946 4052  adpahci - ok
15:30:51.0962 4052  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
15:30:51.0978 4052  adpu320 - ok
15:30:52.0024 4052  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
15:30:52.0165 4052  AeLookupSvc - ok
15:30:52.0212 4052  [ 79059559E89D06E8B80CE2944BE20228 ] AFD             C:\Windows\system32\drivers\afd.sys
15:30:52.0290 4052  AFD - ok
15:30:52.0321 4052  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
15:30:52.0336 4052  agp440 - ok
15:30:52.0368 4052  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
15:30:52.0414 4052  ALG - ok
15:30:52.0446 4052  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
15:30:52.0461 4052  aliide - ok
15:30:52.0492 4052  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
15:30:52.0508 4052  amdide - ok
15:30:52.0539 4052  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
15:30:52.0570 4052  AmdK8 - ok
15:30:52.0586 4052  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
15:30:52.0617 4052  AmdPPM - ok
15:30:52.0633 4052  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
15:30:52.0648 4052  amdsata - ok
15:30:52.0664 4052  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
15:30:52.0680 4052  amdsbs - ok
15:30:52.0695 4052  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
15:30:52.0711 4052  amdxata - ok
15:30:52.0742 4052  [ 1CB73619E0F0C7C0BEA7A7B6DC5D2D1E ] androidusb      C:\Windows\system32\Drivers\wsadb.sys
15:30:52.0758 4052  androidusb - ok
15:30:52.0773 4052  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
15:30:52.0960 4052  AppID - ok
15:30:52.0992 4052  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
15:30:53.0070 4052  AppIDSvc - ok
15:30:53.0116 4052  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo         C:\Windows\System32\appinfo.dll
15:30:53.0163 4052  Appinfo - ok
15:30:53.0179 4052  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
15:30:53.0194 4052  arc - ok
15:30:53.0210 4052  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
15:30:53.0226 4052  arcsas - ok
15:30:53.0241 4052  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
15:30:53.0319 4052  AsyncMac - ok
15:30:53.0350 4052  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
15:30:53.0366 4052  atapi - ok
15:30:53.0460 4052  [ 956BC6EB96AA09478BD897AF8DF55A62 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
15:30:53.0538 4052  athr - ok
15:30:53.0584 4052  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:30:53.0631 4052  AudioEndpointBuilder - ok
15:30:53.0647 4052  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
15:30:53.0678 4052  AudioSrv - ok
15:30:53.0678 4052  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
15:30:53.0803 4052  AxInstSV - ok
15:30:53.0834 4052  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
15:30:53.0881 4052  b06bdrv - ok
15:30:53.0896 4052  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
15:30:53.0928 4052  b57nd60a - ok
15:30:53.0959 4052  [ A424CB46A145E5AABF15621550976DF2 ] b57xdbd         C:\Windows\system32\DRIVERS\b57xdbd.sys
15:30:53.0974 4052  b57xdbd - ok
15:30:53.0974 4052  [ BE4E6FD5A898812B85D5817AD9754A9F ] b57xdmp         C:\Windows\system32\DRIVERS\b57xdmp.sys
15:30:53.0990 4052  b57xdmp - ok
15:30:54.0037 4052  [ 87F3BCF82A63E900AF896CD930BF7E05 ] BBSvc           C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
15:30:54.0068 4052  BBSvc - ok
15:30:54.0084 4052  [ 78779EE07231C658B483B1F38B5088DF ] BBUpdate        C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
15:30:54.0099 4052  BBUpdate - ok
15:30:54.0146 4052  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
15:30:54.0193 4052  BDESVC - ok
15:30:54.0240 4052  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
15:30:54.0318 4052  Beep - ok
15:30:54.0349 4052  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
15:30:54.0396 4052  BFE - ok
15:30:54.0442 4052  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\system32\qmgr.dll
15:30:54.0505 4052  BITS - ok
15:30:54.0552 4052  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
15:30:54.0598 4052  blbdrive - ok
15:30:54.0614 4052  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
15:30:54.0676 4052  bowser - ok
15:30:54.0708 4052  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
15:30:54.0723 4052  BrFiltLo - ok
15:30:54.0739 4052  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
15:30:54.0754 4052  BrFiltUp - ok
15:30:54.0770 4052  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
15:30:54.0817 4052  BridgeMP - ok
15:30:54.0879 4052  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
15:30:54.0926 4052  Browser - ok
15:30:54.0973 4052  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
15:30:55.0051 4052  Brserid - ok
15:30:55.0051 4052  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
15:30:55.0082 4052  BrSerWdm - ok
15:30:55.0082 4052  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
15:30:55.0113 4052  BrUsbMdm - ok
15:30:55.0129 4052  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
15:30:55.0144 4052  BrUsbSer - ok
15:30:55.0176 4052  [ 0970D8B7151E9113BF8D44CE2E954DF7 ] bScsiMSa        C:\Windows\system32\DRIVERS\bScsiMSa.sys
15:30:55.0176 4052  bScsiMSa - ok
15:30:55.0207 4052  [ 0C1EEE5AF32402D306874B110DE237EC ] bScsiSDa        C:\Windows\system32\DRIVERS\bScsiSDa.sys
15:30:55.0207 4052  bScsiSDa - ok
15:30:55.0222 4052  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
15:30:55.0254 4052  BTHMODEM - ok
15:30:55.0316 4052  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
15:30:55.0378 4052  bthserv - ok
15:30:55.0378 4052  catchme - ok
15:30:55.0410 4052  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
15:30:55.0456 4052  cdfs - ok
15:30:55.0472 4052  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
15:30:55.0488 4052  cdrom - ok
15:30:55.0550 4052  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
15:30:55.0597 4052  CertPropSvc - ok
15:30:55.0628 4052  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
15:30:55.0659 4052  circlass - ok
15:30:55.0675 4052  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
15:30:55.0690 4052  CLFS - ok
15:30:55.0737 4052  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:30:55.0753 4052  clr_optimization_v2.0.50727_32 - ok
15:30:55.0768 4052  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:30:55.0784 4052  clr_optimization_v2.0.50727_64 - ok
15:30:55.0862 4052  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:30:55.0893 4052  clr_optimization_v4.0.30319_32 - ok
15:30:55.0924 4052  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:30:55.0956 4052  clr_optimization_v4.0.30319_64 - ok
15:30:55.0987 4052  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
15:30:56.0018 4052  CmBatt - ok
15:30:56.0065 4052  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
15:30:56.0096 4052  cmdide - ok
15:30:56.0127 4052  [ EBF28856F69CF094A902F884CF989706 ] CNG             C:\Windows\system32\Drivers\cng.sys
15:30:56.0174 4052  CNG - ok
15:30:56.0205 4052  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
15:30:56.0221 4052  Compbatt - ok
15:30:56.0221 4052  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
15:30:56.0252 4052  CompositeBus - ok
15:30:56.0252 4052  COMSysApp - ok
15:30:56.0268 4052  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
15:30:56.0283 4052  crcdisk - ok
15:30:56.0330 4052  [ 6B400F211BEE880A37A1ED0368776BF4 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
15:30:56.0392 4052  CryptSvc - ok
15:30:56.0486 4052  [ FD557A50A65E44041CD2FCEF4BEB04DB ] cvhsvc          C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
15:30:56.0533 4052  cvhsvc - ok
15:30:56.0580 4052  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
15:30:56.0626 4052  DcomLaunch - ok
15:30:56.0658 4052  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
15:30:56.0689 4052  defragsvc - ok
15:30:56.0720 4052  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
15:30:56.0767 4052  DfsC - ok
15:30:56.0798 4052  [ 388039F99CE8769024EE0438352ACA99 ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
15:30:56.0814 4052  dg_ssudbus - ok
15:30:56.0876 4052  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
15:30:56.0923 4052  Dhcp - ok
15:30:56.0938 4052  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
15:30:56.0985 4052  discache - ok
15:30:57.0001 4052  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
15:30:57.0016 4052  Disk - ok
15:30:57.0048 4052  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
15:30:57.0094 4052  Dnscache - ok
15:30:57.0126 4052  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
15:30:57.0157 4052  dot3svc - ok
15:30:57.0204 4052  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
15:30:57.0282 4052  DPS - ok
15:30:57.0313 4052  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
15:30:57.0328 4052  drmkaud - ok
15:30:57.0391 4052  [ 9DD3A22F804697606C2B7FF9E912FF6B ] DsiWMIService   C:\Program Files (x86)\Launch Manager\dsiwmis.exe
15:30:57.0422 4052  DsiWMIService - ok
15:30:57.0484 4052  [ 88612F1CE3BF42256913BF6E61C70D52 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
15:30:57.0531 4052  DXGKrnl - ok
15:30:57.0547 4052  [ 398904F1FBF13CEF0FCB822E9CA5F2D5 ] eamonm          C:\Windows\system32\DRIVERS\eamonm.sys
15:30:57.0562 4052  eamonm - ok
15:30:57.0609 4052  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
15:30:57.0687 4052  EapHost - ok
15:30:57.0796 4052  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
15:30:57.0874 4052  ebdrv - ok
15:30:57.0906 4052  [ 4D71227301DD8D09097B9E4CC6527E5A ] EFS             C:\Windows\System32\lsass.exe
15:30:57.0937 4052  EFS - ok
15:30:57.0968 4052  [ 5332EC2BA1C112BD4BB1F38127848FEF ] EgisTec Ticket Service C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
15:30:57.0984 4052  EgisTec Ticket Service - ok
15:30:58.0015 4052  [ 9E39134330C18CBAC0F24C1283701D7E ] ehdrv           C:\Windows\system32\DRIVERS\ehdrv.sys
15:30:58.0030 4052  ehdrv - ok
15:30:58.0093 4052  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
15:30:58.0155 4052  ehRecvr - ok
15:30:58.0171 4052  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
15:30:58.0202 4052  ehSched - ok
15:30:58.0296 4052  [ 7FE34FD5652C54BDA8D2DF8AC92E833A ] ekrn            C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
15:30:58.0342 4052  ekrn - ok
15:30:58.0405 4052  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
15:30:58.0436 4052  elxstor - ok
15:30:58.0467 4052  [ 392EC4EA0C265F5BC50D057BEAA593CD ] epfw            C:\Windows\system32\DRIVERS\epfw.sys
15:30:58.0483 4052  epfw - ok
15:30:58.0498 4052  [ 0C9EC63C5BAE9506161F14B8A5C10280 ] EpfwLWF         C:\Windows\system32\DRIVERS\EpfwLWF.sys
15:30:58.0498 4052  EpfwLWF - ok
15:30:58.0530 4052  [ AD03E0C95E750F3FBE84EDA87B2C4E08 ] epfwwfp         C:\Windows\system32\DRIVERS\epfwwfp.sys
15:30:58.0545 4052  epfwwfp - ok
15:30:58.0623 4052  [ 48425C93B6F36529707206E4FA680CF3 ] ePowerSvc       C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
15:30:58.0654 4052  ePowerSvc - ok
15:30:58.0701 4052  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
15:30:58.0732 4052  ErrDev - ok
15:30:58.0764 4052  [ DBAA0C650C9549DC5C599D1E81DEDAAD ] ETD             C:\Windows\system32\DRIVERS\ETD.sys
15:30:58.0779 4052  ETD - ok
15:30:58.0842 4052  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
15:30:58.0904 4052  EventSystem - ok
15:30:58.0935 4052  [ 477BC304201197F4057090BD60AF1739 ] ewusbnet        C:\Windows\system32\DRIVERS\ewusbnet.sys
15:30:58.0951 4052  ewusbnet - ok
15:30:58.0998 4052  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
15:30:59.0060 4052  exfat - ok
15:30:59.0091 4052  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
15:30:59.0154 4052  fastfat - ok
15:30:59.0185 4052  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
15:30:59.0232 4052  Fax - ok
15:30:59.0278 4052  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
15:30:59.0294 4052  fdc - ok
15:30:59.0325 4052  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
15:30:59.0356 4052  fdPHost - ok
15:30:59.0372 4052  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
15:30:59.0403 4052  FDResPub - ok
15:30:59.0434 4052  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
15:30:59.0434 4052  FileInfo - ok
15:30:59.0450 4052  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
15:30:59.0497 4052  Filetrace - ok
15:30:59.0544 4052  [ BB0667B0171B632B97EA759515476F07 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
15:30:59.0559 4052  FLEXnet Licensing Service - ok
15:30:59.0575 4052  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
15:30:59.0590 4052  flpydisk - ok
15:30:59.0606 4052  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
15:30:59.0622 4052  FltMgr - ok
15:30:59.0668 4052  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
15:30:59.0700 4052  FontCache - ok
15:30:59.0746 4052  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:30:59.0778 4052  FontCache3.0.0.0 - ok
15:30:59.0793 4052  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
15:30:59.0824 4052  FsDepends - ok
15:30:59.0856 4052  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
15:30:59.0871 4052  Fs_Rec - ok
15:30:59.0918 4052  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
15:30:59.0949 4052  fvevol - ok
15:30:59.0980 4052  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
15:30:59.0980 4052  gagp30kx - ok
15:31:00.0027 4052  [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
15:31:00.0043 4052  GamesAppService - ok
15:31:00.0090 4052  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
15:31:00.0136 4052  gpsvc - ok
15:31:00.0183 4052  [ C9B2D1D3F86FD3673EF847DEF73B6F9E ] GREGService     C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
15:31:00.0199 4052  GREGService - ok
15:31:00.0230 4052  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:31:00.0261 4052  gupdate - ok
15:31:00.0261 4052  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:31:00.0261 4052  gupdatem - ok
15:31:00.0292 4052  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
15:31:00.0324 4052  hcw85cir - ok
15:31:00.0370 4052  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:31:00.0433 4052  HdAudAddService - ok
15:31:00.0464 4052  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
15:31:00.0495 4052  HDAudBus - ok
15:31:00.0511 4052  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
15:31:00.0542 4052  HidBatt - ok
15:31:00.0589 4052  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
15:31:00.0620 4052  HidBth - ok
15:31:00.0636 4052  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
15:31:00.0651 4052  HidIr - ok
15:31:00.0698 4052  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\System32\hidserv.dll
15:31:00.0792 4052  hidserv - ok
15:31:00.0823 4052  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
15:31:00.0870 4052  HidUsb - ok
15:31:00.0901 4052  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
15:31:00.0963 4052  hkmsvc - ok
15:31:00.0979 4052  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:31:01.0010 4052  HomeGroupListener - ok
15:31:01.0072 4052  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:31:01.0119 4052  HomeGroupProvider - ok
15:31:01.0166 4052  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
15:31:01.0182 4052  HpSAMD - ok
15:31:01.0244 4052  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
15:31:01.0306 4052  HTTP - ok
15:31:01.0322 4052  [ 8F9B0FC4EC3A8194BD4CBC5ED3E7ABEB ] hwdatacard      C:\Windows\system32\DRIVERS\ewusbmdm.sys
15:31:01.0384 4052  hwdatacard - ok
15:31:01.0416 4052  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
15:31:01.0431 4052  hwpolicy - ok
15:31:01.0462 4052  [ B45B3647BA32749B94FA689175EC8C26 ] hwusbdev        C:\Windows\system32\DRIVERS\ewusbdev.sys
15:31:01.0494 4052  hwusbdev - ok
15:31:01.0509 4052  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
15:31:01.0525 4052  i8042prt - ok
15:31:01.0556 4052  [ 26CF4275034214ECEDD8EC17B0A18A99 ] iaStor          C:\Windows\system32\drivers\iaStor.sys
15:31:01.0572 4052  iaStor - ok
15:31:01.0650 4052  [ E79A8E33BD136D14BAE1FA20EB2EF124 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
15:31:01.0665 4052  IAStorDataMgrSvc - ok
15:31:01.0681 4052  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
15:31:01.0712 4052  iaStorV - ok
15:31:01.0759 4052  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:31:01.0821 4052  idsvc - ok
15:31:02.0086 4052  [ 9937600A1584FF00565D5379EB4C9EDB ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
15:31:02.0430 4052  igfx - ok
15:31:02.0492 4052  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
15:31:02.0508 4052  iirsp - ok
15:31:02.0570 4052  [ 344789398EC3EE5A4E00C52B31847946 ] IKEEXT          C:\Windows\System32\ikeext.dll
15:31:02.0617 4052  IKEEXT - ok
15:31:02.0726 4052  [ CB7DADEF3D83FE2C12655A0BDCBA99F2 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
15:31:02.0773 4052  IntcAzAudAddService - ok
15:31:02.0820 4052  [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
15:31:02.0851 4052  IntcDAud - ok
15:31:02.0898 4052  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
15:31:02.0913 4052  intelide - ok
15:31:02.0960 4052  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
15:31:03.0007 4052  intelppm - ok
15:31:03.0038 4052  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
15:31:03.0116 4052  IPBusEnum - ok
15:31:03.0132 4052  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:31:03.0163 4052  IpFilterDriver - ok
15:31:03.0210 4052  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
15:31:03.0241 4052  iphlpsvc - ok
15:31:03.0288 4052  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
15:31:03.0334 4052  IPMIDRV - ok
15:31:03.0350 4052  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
15:31:03.0397 4052  IPNAT - ok
15:31:03.0412 4052  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
15:31:03.0412 4052  IRENUM - ok
15:31:03.0428 4052  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
15:31:03.0428 4052  isapnp - ok
15:31:03.0444 4052  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
15:31:03.0459 4052  iScsiPrt - ok
15:31:03.0475 4052  [ 455B75C19BF3F1F2EE3AC10E1169826C ] k57nd60a        C:\Windows\system32\DRIVERS\k57nd60a.sys
15:31:03.0506 4052  k57nd60a - ok
15:31:03.0537 4052  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
15:31:03.0568 4052  kbdclass - ok
15:31:03.0584 4052  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
15:31:03.0615 4052  kbdhid - ok
15:31:03.0631 4052  [ 4D71227301DD8D09097B9E4CC6527E5A ] KeyIso          C:\Windows\system32\lsass.exe
15:31:03.0631 4052  KeyIso - ok
15:31:03.0678 4052  [ 8F489706472F7E9A06BAAA198703FA64 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
15:31:03.0709 4052  KSecDD - ok
15:31:03.0709 4052  [ 868A2CAAB12EFC7A021682BCA0EEC54C ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
15:31:03.0724 4052  KSecPkg - ok
15:31:03.0756 4052  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
15:31:03.0818 4052  ksthunk - ok
15:31:03.0865 4052  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
15:31:03.0912 4052  KtmRm - ok
15:31:03.0927 4052  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\System32\srvsvc.dll
15:31:03.0990 4052  LanmanServer - ok
15:31:03.0990 4052  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:31:04.0036 4052  LanmanWorkstation - ok
15:31:04.0083 4052  [ B705C7097F9A0EC941D02DCE7C7D426C ] Live Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
15:31:04.0114 4052  Live Updater Service - ok
15:31:04.0130 4052  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
15:31:04.0177 4052  lltdio - ok
15:31:04.0208 4052  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
15:31:04.0255 4052  lltdsvc - ok
15:31:04.0270 4052  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
15:31:04.0333 4052  lmhosts - ok
15:31:04.0380 4052  [ 50C7CE53EF461870410355F1F2E7D515 ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
15:31:04.0411 4052  LMS - ok
15:31:04.0458 4052  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
15:31:04.0489 4052  LSI_FC - ok
15:31:04.0489 4052  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
15:31:04.0520 4052  LSI_SAS - ok
15:31:04.0520 4052  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
15:31:04.0520 4052  LSI_SAS2 - ok
15:31:04.0520 4052  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
15:31:04.0536 4052  LSI_SCSI - ok
15:31:04.0551 4052  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
15:31:04.0598 4052  luafv - ok
15:31:04.0676 4052  [ 968BFF74AEB683C962960ECE0CAE4135 ] McComponentHostService C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe
15:31:04.0707 4052  McComponentHostService - ok
15:31:04.0723 4052  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
15:31:04.0754 4052  Mcx2Svc - ok
15:31:04.0785 4052  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
15:31:04.0801 4052  megasas - ok
15:31:04.0816 4052  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
15:31:04.0848 4052  MegaSR - ok
15:31:04.0863 4052  [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
15:31:04.0879 4052  MEIx64 - ok
15:31:04.0910 4052  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
15:31:04.0957 4052  MMCSS - ok
15:31:04.0972 4052  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
15:31:05.0004 4052  Modem - ok
15:31:05.0050 4052  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
15:31:05.0097 4052  monitor - ok
15:31:05.0144 4052  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
15:31:05.0160 4052  mouclass - ok
15:31:05.0191 4052  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
15:31:05.0222 4052  mouhid - ok
15:31:05.0253 4052  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
15:31:05.0269 4052  mountmgr - ok
15:31:05.0316 4052  [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:31:05.0331 4052  MozillaMaintenance - ok
15:31:05.0362 4052  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
15:31:05.0394 4052  mpio - ok
15:31:05.0425 4052  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
15:31:05.0472 4052  mpsdrv - ok
15:31:05.0518 4052  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
15:31:05.0581 4052  MpsSvc - ok
15:31:05.0628 4052  [ 1A4F75E63C9FB84B85DFFC6B63FD5404 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
15:31:05.0674 4052  MRxDAV - ok
15:31:05.0737 4052  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
15:31:05.0799 4052  mrxsmb - ok
15:31:05.0815 4052  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:31:05.0846 4052  mrxsmb10 - ok
15:31:05.0893 4052  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:31:05.0924 4052  mrxsmb20 - ok
15:31:05.0955 4052  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
15:31:05.0986 4052  msahci - ok
15:31:06.0002 4052  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
15:31:06.0033 4052  msdsm - ok
15:31:06.0064 4052  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
15:31:06.0080 4052  MSDTC - ok
15:31:06.0111 4052  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
15:31:06.0142 4052  Msfs - ok
15:31:06.0174 4052  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
15:31:06.0236 4052  mshidkmdf - ok
15:31:06.0252 4052  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
15:31:06.0252 4052  msisadrv - ok
15:31:06.0283 4052  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
15:31:06.0314 4052  MSiSCSI - ok
15:31:06.0314 4052  msiserver - ok
15:31:06.0330 4052  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
15:31:06.0361 4052  MSKSSRV - ok
15:31:06.0376 4052  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
15:31:06.0423 4052  MSPCLOCK - ok
15:31:06.0439 4052  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
15:31:06.0470 4052  MSPQM - ok
15:31:06.0501 4052  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
15:31:06.0501 4052  MsRPC - ok
15:31:06.0532 4052  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
15:31:06.0532 4052  mssmbios - ok
15:31:06.0595 4052  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
15:31:06.0673 4052  MSTEE - ok
15:31:06.0673 4052  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
15:31:06.0688 4052  MTConfig - ok
15:31:06.0704 4052  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
15:31:06.0720 4052  Mup - ok
15:31:06.0735 4052  [ C009123B206C56854F4E88596035231D ] mwlPSDFilter    C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
15:31:06.0751 4052  mwlPSDFilter - ok
15:31:06.0751 4052  [ BF3739EEB9F008B1DEBAC115089A53F8 ] mwlPSDNServ     C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
15:31:06.0782 4052  mwlPSDNServ - ok
15:31:06.0798 4052  [ 38DD143D95E7A01B86F219DDA9C28779 ] mwlPSDVDisk     C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
15:31:06.0798 4052  mwlPSDVDisk - ok
15:31:06.0829 4052  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
15:31:06.0891 4052  napagent - ok
15:31:06.0922 4052  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
15:31:06.0954 4052  NativeWifiP - ok
15:31:07.0016 4052  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
15:31:07.0078 4052  NDIS - ok
15:31:07.0094 4052  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
15:31:07.0125 4052  NdisCap - ok
15:31:07.0156 4052  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
15:31:07.0172 4052  NdisTapi - ok
15:31:07.0188 4052  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
15:31:07.0219 4052  Ndisuio - ok
15:31:07.0250 4052  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
15:31:07.0281 4052  NdisWan - ok
15:31:07.0297 4052  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
15:31:07.0328 4052  NDProxy - ok
15:31:07.0359 4052  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
15:31:07.0375 4052  NetBIOS - ok
15:31:07.0390 4052  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
15:31:07.0422 4052  NetBT - ok
15:31:07.0437 4052  [ 4D71227301DD8D09097B9E4CC6527E5A ] Netlogon        C:\Windows\system32\lsass.exe
15:31:07.0437 4052  Netlogon - ok
15:31:07.0468 4052  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
15:31:07.0515 4052  Netman - ok
15:31:07.0515 4052  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
15:31:07.0562 4052  netprofm - ok
15:31:07.0578 4052  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:31:07.0593 4052  NetTcpPortSharing - ok
15:31:07.0624 4052  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
15:31:07.0640 4052  nfrd960 - ok
15:31:07.0687 4052  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
15:31:07.0749 4052  NlaSvc - ok
15:31:07.0874 4052  [ 5839A8027D6D324A7CD494051A96628C ] NOBU            C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
15:31:07.0936 4052  NOBU - ok
15:31:07.0968 4052  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
15:31:07.0999 4052  Npfs - ok
15:31:08.0030 4052  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
15:31:08.0046 4052  nsi - ok
15:31:08.0061 4052  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
15:31:08.0108 4052  nsiproxy - ok
15:31:08.0186 4052  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
15:31:08.0217 4052  Ntfs - ok
15:31:08.0280 4052  [ 1873214666F6F0A883742DF91FBC48C9 ] NTI IScheduleSvc C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
15:31:08.0311 4052  NTI IScheduleSvc - ok
15:31:08.0358 4052  [ EE3BA1024594D5D09E314F206B94069E ] NTIDrvr         C:\Windows\system32\drivers\NTIDrvr.sys
15:31:08.0373 4052  NTIDrvr - ok
15:31:08.0389 4052  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
15:31:08.0451 4052  Null - ok
15:31:08.0701 4052  [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:31:08.0857 4052  nvlddmkm - ok
15:31:08.0904 4052  [ 918841B2454F4F2BD94479692079490B ] nvpciflt        C:\Windows\system32\DRIVERS\nvpciflt.sys
15:31:08.0904 4052  nvpciflt - ok
15:31:08.0919 4052  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
15:31:08.0935 4052  nvraid - ok
15:31:08.0935 4052  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
15:31:08.0950 4052  nvstor - ok
15:31:09.0013 4052  [ DDFAFCE89A5C93D04712B86F94E9FCBA ] nvsvc           C:\Windows\system32\nvvsvc.exe
15:31:09.0044 4052  nvsvc - ok
15:31:09.0122 4052  [ 84E035225474E48CD3A6A3CE52332095 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
15:31:09.0184 4052  nvUpdatusService - ok
15:31:09.0200 4052  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
15:31:09.0200 4052  nv_agp - ok
15:31:09.0372 4052  [ D02B9C22F789B320CD87A4A9D1C0FC09 ] OfficeSvc       C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
15:31:09.0434 4052  OfficeSvc - ok
15:31:09.0481 4052  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
15:31:09.0528 4052  ohci1394 - ok
15:31:09.0559 4052  [ 30B5F9FB0C35AE6B4A0851D24CE2EE8B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:31:09.0590 4052  ose - ok
15:31:09.0840 4052  [ FE9C0029E1AF26350D9985D00520E5C8 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:31:09.0996 4052  osppsvc - ok
15:31:10.0027 4052  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
15:31:10.0105 4052  p2pimsvc - ok
15:31:10.0136 4052  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
15:31:10.0167 4052  p2psvc - ok
15:31:10.0198 4052  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
15:31:10.0214 4052  Parport - ok
15:31:10.0261 4052  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
15:31:10.0261 4052  partmgr - ok
15:31:10.0292 4052  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
15:31:10.0339 4052  PcaSvc - ok
15:31:10.0354 4052  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
15:31:10.0370 4052  pci - ok
15:31:10.0401 4052  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
15:31:10.0432 4052  pciide - ok
15:31:10.0464 4052  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
15:31:10.0479 4052  pcmcia - ok
15:31:10.0479 4052  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
15:31:10.0495 4052  pcw - ok
15:31:10.0526 4052  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
15:31:10.0588 4052  PEAUTH - ok
15:31:10.0635 4052  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
15:31:10.0682 4052  PerfHost - ok
15:31:10.0744 4052  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
15:31:10.0838 4052  pla - ok
15:31:10.0869 4052  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
15:31:10.0900 4052  PlugPlay - ok
15:31:10.0916 4052  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
15:31:10.0947 4052  PNRPAutoReg - ok
15:31:10.0963 4052  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
15:31:10.0978 4052  PNRPsvc - ok
15:31:11.0010 4052  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
15:31:11.0041 4052  PolicyAgent - ok
15:31:11.0056 4052  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
15:31:11.0134 4052  Power - ok
15:31:11.0150 4052  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
15:31:11.0181 4052  PptpMiniport - ok
15:31:11.0212 4052  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
15:31:11.0244 4052  Processor - ok
15:31:11.0275 4052  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
15:31:11.0306 4052  ProfSvc - ok
15:31:11.0322 4052  [ 4D71227301DD8D09097B9E4CC6527E5A ] ProtectedStorage C:\Windows\system32\lsass.exe
15:31:11.0337 4052  ProtectedStorage - ok
15:31:11.0353 4052  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
15:31:11.0431 4052  Psched - ok
15:31:11.0478 4052  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
15:31:11.0540 4052  ql2300 - ok
15:31:11.0556 4052  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
15:31:11.0556 4052  ql40xx - ok
15:31:11.0587 4052  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
15:31:11.0602 4052  QWAVE - ok
15:31:11.0618 4052  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
15:31:11.0634 4052  QWAVEdrv - ok
15:31:11.0665 4052  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
15:31:11.0696 4052  RasAcd - ok
15:31:11.0727 4052  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
15:31:11.0743 4052  RasAgileVpn - ok
15:31:11.0774 4052  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
15:31:11.0805 4052  RasAuto - ok
15:31:11.0821 4052  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
15:31:11.0852 4052  Rasl2tp - ok
15:31:11.0883 4052  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
15:31:11.0914 4052  RasMan - ok
15:31:11.0930 4052  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
15:31:11.0977 4052  RasPppoe - ok
15:31:12.0008 4052  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
15:31:12.0086 4052  RasSstp - ok
15:31:12.0102 4052  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
15:31:12.0133 4052  rdbss - ok
15:31:12.0148 4052  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
15:31:12.0180 4052  rdpbus - ok
15:31:12.0195 4052  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
15:31:12.0211 4052  RDPCDD - ok
15:31:12.0242 4052  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
15:31:12.0289 4052  RDPENCDD - ok
15:31:12.0289 4052  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
15:31:12.0320 4052  RDPREFMP - ok
15:31:12.0351 4052  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
15:31:12.0382 4052  RdpVideoMiniport - ok
15:31:12.0429 4052  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
15:31:12.0476 4052  RDPWD - ok
15:31:12.0538 4052  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
15:31:12.0554 4052  rdyboost - ok
15:31:12.0585 4052  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
15:31:12.0648 4052  RemoteRegistry - ok
15:31:12.0663 4052  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
15:31:12.0694 4052  RpcEptMapper - ok
15:31:12.0726 4052  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
15:31:12.0757 4052  RpcLocator - ok
15:31:12.0788 4052  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
15:31:12.0804 4052  RpcSs - ok
15:31:12.0835 4052  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
15:31:12.0897 4052  rspndr - ok
15:31:12.0913 4052  [ 4D71227301DD8D09097B9E4CC6527E5A ] SamSs           C:\Windows\system32\lsass.exe
15:31:12.0928 4052  SamSs - ok
15:31:12.0928 4052  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
15:31:12.0944 4052  sbp2port - ok
15:31:12.0960 4052  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
15:31:12.0991 4052  SCardSvr - ok
15:31:13.0006 4052  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
15:31:13.0053 4052  scfilter - ok
15:31:13.0084 4052  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
15:31:13.0131 4052  Schedule - ok
15:31:13.0162 4052  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
15:31:13.0178 4052  SCPolicySvc - ok
15:31:13.0209 4052  [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
15:31:13.0240 4052  sdbus - ok
15:31:13.0272 4052  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
15:31:13.0303 4052  SDRSVC - ok
15:31:13.0334 4052  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
15:31:13.0396 4052  secdrv - ok
15:31:13.0412 4052  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
15:31:13.0459 4052  seclogon - ok
15:31:13.0474 4052  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\system32\sens.dll
15:31:13.0506 4052  SENS - ok
15:31:13.0521 4052  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
15:31:13.0568 4052  SensrSvc - ok
15:31:13.0584 4052  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\drivers\serenum.sys
15:31:13.0599 4052  Serenum - ok
15:31:13.0615 4052  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\drivers\serial.sys
15:31:13.0630 4052  Serial - ok
15:31:13.0646 4052  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
15:31:13.0662 4052  sermouse - ok
15:31:13.0677 4052  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
15:31:13.0724 4052  SessionEnv - ok
15:31:13.0724 4052  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
15:31:13.0740 4052  sffdisk - ok
15:31:13.0755 4052  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
15:31:13.0771 4052  sffp_mmc - ok
15:31:13.0786 4052  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
15:31:13.0833 4052  sffp_sd - ok
15:31:13.0849 4052  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
15:31:13.0896 4052  sfloppy - ok
15:31:13.0927 4052  [ 2046AA7491DE7EFA4D70E615D9BC9D09 ] Sftfs           C:\Windows\system32\DRIVERS\Sftfslh.sys
15:31:13.0974 4052  Sftfs - ok
15:31:14.0036 4052  [ 77C5A741A7452812F278EF2C18478862 ] sftlist         C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
15:31:14.0067 4052  sftlist - ok
15:31:14.0083 4052  [ 0E0446BC4D51BE4263ACB7E33491191C ] Sftplay         C:\Windows\system32\DRIVERS\Sftplaylh.sys
15:31:14.0098 4052  Sftplay - ok
15:31:14.0098 4052  [ C5FB982CD266E604ED3142102C26D62C ] Sftredir        C:\Windows\system32\DRIVERS\Sftredirlh.sys
15:31:14.0114 4052  Sftredir - ok
15:31:14.0114 4052  [ 2575511AF67AA1FA068CCC4918E2C2A3 ] Sftvol          C:\Windows\system32\DRIVERS\Sftvollh.sys
15:31:14.0130 4052  Sftvol - ok
15:31:14.0145 4052  [ 39B1D0A636A400304565D4521FAD6D77 ] sftvsa          C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
15:31:14.0145 4052  sftvsa - ok
15:31:14.0208 4052  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
15:31:14.0301 4052  SharedAccess - ok
15:31:14.0317 4052  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:31:14.0379 4052  ShellHWDetection - ok
15:31:14.0410 4052  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
15:31:14.0426 4052  SiSRaid2 - ok
15:31:14.0442 4052  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
15:31:14.0442 4052  SiSRaid4 - ok
15:31:14.0504 4052  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
15:31:14.0520 4052  SkypeUpdate - ok
15:31:14.0551 4052  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
15:31:14.0629 4052  Smb - ok
15:31:14.0676 4052  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
15:31:14.0707 4052  SNMPTRAP - ok
15:31:14.0738 4052  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
15:31:14.0754 4052  spldr - ok
15:31:14.0832 4052  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
15:31:14.0878 4052  Spooler - ok
15:31:15.0019 4052  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
15:31:15.0128 4052  sppsvc - ok
15:31:15.0175 4052  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
15:31:15.0206 4052  sppuinotify - ok
15:31:15.0222 4052  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
15:31:15.0253 4052  srv - ok
15:31:15.0284 4052  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
15:31:15.0300 4052  srv2 - ok
15:31:15.0315 4052  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
15:31:15.0331 4052  srvnet - ok
15:31:15.0346 4052  [ 8F8324ED1DE63FFC7B1A02CD2D963C72 ] ssadbus         C:\Windows\system32\DRIVERS\ssadbus.sys
15:31:15.0378 4052  ssadbus - ok
15:31:15.0409 4052  [ 58221EFCB74167B73667F0024C661CE0 ] ssadmdfl        C:\Windows\system32\DRIVERS\ssadmdfl.sys
15:31:15.0456 4052  ssadmdfl - ok
15:31:15.0471 4052  [ 4DA7C71BFAC5AD71255B7E4CAB980163 ] ssadmdm         C:\Windows\system32\DRIVERS\ssadmdm.sys
15:31:15.0502 4052  ssadmdm - ok
15:31:15.0534 4052  [ D33D1BD3EC0E766211A234F56A12726D ] ssadserd        C:\Windows\system32\DRIVERS\ssadserd.sys
15:31:15.0596 4052  ssadserd - ok
15:31:15.0658 4052  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
15:31:15.0721 4052  SSDPSRV - ok
15:31:15.0721 4052  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
15:31:15.0752 4052  SstpSvc - ok
15:31:15.0783 4052  [ AAF6F247F1DC370C593B4430974EAD9C ] ssudmdm         C:\Windows\system32\DRIVERS\ssudmdm.sys
15:31:15.0830 4052  ssudmdm - ok
15:31:15.0846 4052  [ 3248B5CC4AA7942EE7BC26F1EB00210B ] ssudserd        C:\Windows\system32\DRIVERS\ssudserd.sys
15:31:15.0861 4052  ssudserd - ok
15:31:15.0861 4052  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
15:31:15.0877 4052  stexstor - ok
15:31:15.0908 4052  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
15:31:15.0939 4052  stisvc - ok
15:31:15.0970 4052  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
15:31:15.0970 4052  swenum - ok
15:31:16.0002 4052  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
15:31:16.0048 4052  swprv - ok
15:31:16.0126 4052  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
15:31:16.0173 4052  SysMain - ok
15:31:16.0204 4052  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:31:16.0236 4052  TabletInputService - ok
15:31:16.0282 4052  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
15:31:16.0329 4052  TapiSrv - ok
15:31:16.0345 4052  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
15:31:16.0376 4052  TBS - ok
15:31:16.0454 4052  [ 40AF23633D197905F03AB5628C558C51 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
15:31:16.0516 4052  Tcpip - ok
15:31:16.0548 4052  [ 40AF23633D197905F03AB5628C558C51 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
15:31:16.0579 4052  TCPIP6 - ok
15:31:16.0610 4052  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
15:31:16.0626 4052  tcpipreg - ok
15:31:16.0641 4052  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
15:31:16.0688 4052  TDPIPE - ok
15:31:16.0719 4052  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
15:31:16.0735 4052  TDTCP - ok
15:31:16.0750 4052  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
15:31:16.0813 4052  tdx - ok
15:31:16.0828 4052  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
15:31:16.0844 4052  TermDD - ok
15:31:16.0875 4052  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
15:31:16.0906 4052  TermService - ok
15:31:16.0922 4052  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
15:31:16.0938 4052  Themes - ok
15:31:16.0953 4052  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
15:31:16.0969 4052  THREADORDER - ok
15:31:16.0984 4052  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
15:31:17.0016 4052  TrkWks - ok
15:31:17.0062 4052  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:31:17.0109 4052  TrustedInstaller - ok
15:31:17.0156 4052  [ 4CE278FC9671BA81A138D70823FCAA09 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
15:31:17.0203 4052  tssecsrv - ok
15:31:17.0234 4052  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
15:31:17.0265 4052  TsUsbFlt - ok
15:31:17.0281 4052  [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
15:31:17.0312 4052  TsUsbGD - ok
15:31:17.0343 4052  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
15:31:17.0406 4052  tunnel - ok
15:31:17.0421 4052  [ FD24F98D2898BE093FE926604BE7DB99 ] TurboB          C:\Windows\system32\DRIVERS\TurboB.sys
15:31:17.0452 4052  TurboB - ok
15:31:17.0484 4052  [ 600B406A04D90F577FEA8A88D7379F08 ] TurboBoost      C:\Program Files\Intel\TurboBoost\TurboBoost.exe
15:31:17.0515 4052  TurboBoost - ok
15:31:17.0562 4052  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
15:31:17.0593 4052  uagp35 - ok
15:31:17.0608 4052  [ A17D5E1A6DF4EAB0A480F2C490DE4C9D ] UBHelper        C:\Windows\system32\drivers\UBHelper.sys
15:31:17.0624 4052  UBHelper - ok
15:31:17.0655 4052  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
15:31:17.0718 4052  udfs - ok
15:31:17.0749 4052  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
15:31:17.0764 4052  UI0Detect - ok
15:31:17.0780 4052  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
15:31:17.0780 4052  uliagpkx - ok
15:31:17.0811 4052  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
15:31:17.0842 4052  umbus - ok
15:31:17.0858 4052  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
15:31:17.0874 4052  UmPass - ok
15:31:17.0983 4052  [ 374EBDA379A8F38E0CFC2211611E7167 ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
15:31:18.0076 4052  UNS - ok
15:31:18.0139 4052  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
15:31:18.0217 4052  upnphost - ok
15:31:18.0248 4052  [ ACCEA6BC68D0C9A78EB97EE159028B4E ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
15:31:18.0264 4052  usbccgp - ok
15:31:18.0326 4052  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
15:31:18.0373 4052  usbcir - ok
15:31:18.0420 4052  [ 311C1DD1088E55BEAE15954D17F50646 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
15:31:18.0451 4052  usbehci - ok
15:31:18.0513 4052  [ 280E90CBF4B2DDD169F0728CB44D726F ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
15:31:18.0560 4052  usbhub - ok
15:31:18.0591 4052  [ 9406D801042FAF859CF81B2C886413DC ] usbohci         C:\Windows\system32\drivers\usbohci.sys
15:31:18.0622 4052  usbohci - ok
15:31:18.0654 4052  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
15:31:18.0700 4052  usbprint - ok
15:31:18.0747 4052  [ 9661DA76B4531B2DA272ECCE25A8AF24 ] usbscan         C:\Windows\system32\drivers\usbscan.sys
15:31:18.0794 4052  usbscan - ok
15:31:18.0825 4052  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:31:18.0888 4052  USBSTOR - ok
15:31:18.0934 4052  [ A83D0EC9AE4C31704442099D40BA2471 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
15:31:18.0966 4052  usbuhci - ok
15:31:18.0981 4052  [ 1F775DA4CF1A3A1834207E975A72E9D7 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
15:31:19.0012 4052  usbvideo - ok
15:31:19.0044 4052  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
15:31:19.0106 4052  UxSms - ok
15:31:19.0122 4052  [ 4D71227301DD8D09097B9E4CC6527E5A ] VaultSvc        C:\Windows\system32\lsass.exe
15:31:19.0137 4052  VaultSvc - ok
15:31:19.0168 4052  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
15:31:19.0168 4052  vdrvroot - ok
15:31:19.0200 4052  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
15:31:19.0246 4052  vds - ok
15:31:19.0246 4052  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
15:31:19.0262 4052  vga - ok
15:31:19.0278 4052  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
15:31:19.0309 4052  VgaSave - ok
15:31:19.0340 4052  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
15:31:19.0356 4052  vhdmp - ok
15:31:19.0387 4052  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
15:31:19.0418 4052  viaide - ok
15:31:19.0418 4052  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
15:31:19.0449 4052  volmgr - ok
15:31:19.0465 4052  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
15:31:19.0480 4052  volmgrx - ok
15:31:19.0496 4052  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
15:31:19.0512 4052  volsnap - ok
15:31:19.0543 4052  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
15:31:19.0558 4052  vsmraid - ok
15:31:19.0621 4052  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
15:31:19.0714 4052  VSS - ok
15:31:19.0730 4052  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
15:31:19.0777 4052  vwifibus - ok
15:31:19.0792 4052  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
15:31:19.0808 4052  vwififlt - ok
15:31:19.0824 4052  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
15:31:19.0839 4052  vwifimp - ok
15:31:19.0855 4052  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
15:31:19.0886 4052  W32Time - ok
15:31:19.0902 4052  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
15:31:19.0948 4052  WacomPen - ok
15:31:19.0980 4052  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
15:31:20.0058 4052  WANARP - ok
15:31:20.0058 4052  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
15:31:20.0089 4052  Wanarpv6 - ok
15:31:20.0136 4052  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
15:31:20.0167 4052  WatAdminSvc - ok
15:31:20.0245 4052  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
15:31:20.0323 4052  wbengine - ok
15:31:20.0323 4052  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
15:31:20.0354 4052  WbioSrvc - ok
15:31:20.0385 4052  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
15:31:20.0416 4052  wcncsvc - ok
15:31:20.0448 4052  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:31:20.0463 4052  WcsPlugInService - ok
15:31:20.0494 4052  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
15:31:20.0494 4052  Wd - ok
15:31:20.0557 4052  [ E2C933EDBC389386EBE6D2BA953F43D8 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
15:31:20.0619 4052  Wdf01000 - ok
15:31:20.0650 4052  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
15:31:20.0744 4052  WdiServiceHost - ok
15:31:20.0744 4052  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
15:31:20.0775 4052  WdiSystemHost - ok
15:31:20.0775 4052  WebCakeUpdater - ok
15:31:20.0806 4052  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D ] WebClient       C:\Windows\System32\webclnt.dll
15:31:20.0822 4052  WebClient - ok
15:31:20.0853 4052  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
15:31:20.0916 4052  Wecsvc - ok
15:31:20.0931 4052  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
15:31:20.0962 4052  wercplsupport - ok
15:31:20.0978 4052  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
15:31:20.0994 4052  WerSvc - ok
15:31:21.0025 4052  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
15:31:21.0072 4052  WfpLwf - ok
15:31:21.0087 4052  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
15:31:21.0103 4052  WIMMount - ok
15:31:21.0118 4052  WinDefend - ok
15:31:21.0118 4052  WinHttpAutoProxySvc - ok
15:31:21.0181 4052  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
15:31:21.0243 4052  Winmgmt - ok
15:31:21.0306 4052  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
15:31:21.0368 4052  WinRM - ok
15:31:21.0430 4052  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
15:31:21.0462 4052  WinUsb - ok
15:31:21.0508 4052  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
15:31:21.0540 4052  Wlansvc - ok
15:31:21.0602 4052  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
15:31:21.0618 4052  wlcrasvc - ok
15:31:21.0758 4052  [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:31:21.0805 4052  wlidsvc - ok
15:31:21.0836 4052  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
15:31:21.0867 4052  WmiAcpi - ok
15:31:21.0898 4052  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
15:31:21.0930 4052  wmiApSrv - ok
15:31:21.0945 4052  WMPNetworkSvc - ok
15:31:21.0976 4052  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
15:31:22.0008 4052  WPCSvc - ok
15:31:22.0023 4052  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
15:31:22.0054 4052  WPDBusEnum - ok
15:31:22.0086 4052  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
15:31:22.0148 4052  ws2ifsl - ok
15:31:22.0164 4052  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\system32\wscsvc.dll
15:31:22.0195 4052  wscsvc - ok
15:31:22.0195 4052  WSearch - ok
15:31:22.0273 4052  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
15:31:22.0335 4052  wuauserv - ok
15:31:22.0366 4052  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
15:31:22.0429 4052  WudfPf - ok
15:31:22.0444 4052  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
15:31:22.0491 4052  WUDFRd - ok
15:31:22.0522 4052  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
15:31:22.0554 4052  wudfsvc - ok
15:31:22.0616 4052  [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc         C:\Windows\System32\wwansvc.dll
15:31:22.0678 4052  WwanSvc - ok
15:31:22.0725 4052  ================ Scan global ===============================
15:31:22.0756 4052  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
15:31:22.0803 4052  [ 88EDD0B34EED542745931E581AD21A32 ] C:\Windows\system32\winsrv.dll
15:31:22.0819 4052  [ 88EDD0B34EED542745931E581AD21A32 ] C:\Windows\system32\winsrv.dll
15:31:22.0850 4052  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
15:31:22.0866 4052  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
15:31:22.0881 4052  [Global] - ok
15:31:22.0881 4052  ================ Scan MBR ==================================
15:31:22.0881 4052  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
15:31:23.0989 4052  \Device\Harddisk0\DR0 - ok
15:31:23.0989 4052  ================ Scan VBR ==================================
15:31:24.0020 4052  [ 6ED3B2E98EFA6CB1B5ADFDA84A55A18C ] \Device\Harddisk0\DR0\Partition1
15:31:24.0020 4052  \Device\Harddisk0\DR0\Partition1 - ok
15:31:24.0036 4052  [ ED4DDEB08A25A0829582289060FAF499 ] \Device\Harddisk0\DR0\Partition2
15:31:24.0036 4052  \Device\Harddisk0\DR0\Partition2 - ok
15:31:24.0036 4052  ============================================================
15:31:24.0036 4052  Scan finished
15:31:24.0036 4052  ============================================================
15:31:24.0067 3188  Detected object count: 0
15:31:24.0067 3188  Actual detected object count: 0
15:32:27.0060 2044  Deinitialize success
         
Schätze, das ist ein gutes Zeichen...?

lg,
Andreas

Alt 26.11.2013, 15:39   #8
oigen
 
Windows 7: Befall von mehreren Trojanern/Viren -Win64/Conedex.B + C + I, Win64/Sirefef.AZ+BJ - Standard

Windows 7: Befall von mehreren Trojanern/Viren -Win64/Conedex.B + C + I, Win64/Sirefef.AZ+BJ



Doppelpost...sorry

Alt 27.11.2013, 09:15   #9
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7: Befall von mehreren Trojanern/Viren -Win64/Conedex.B + C + I, Win64/Sirefef.AZ+BJ - Standard

Windows 7: Befall von mehreren Trojanern/Viren -Win64/Conedex.B + C + I, Win64/Sirefef.AZ+BJ



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 27.11.2013, 13:13   #10
oigen
 
Windows 7: Befall von mehreren Trojanern/Viren -Win64/Conedex.B + C + I, Win64/Sirefef.AZ+BJ - Standard

Windows 7: Befall von mehreren Trojanern/Viren -Win64/Conedex.B + C + I, Win64/Sirefef.AZ+BJ



Also:

Malwarebytes Anti-Malware
Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.11.27.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16736
Admin :: PC [Administrator]

27.11.2013 12:05:51
mbam-log-2013-11-27 (12-05-51).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 301401
Laufzeit: 5 Minute(n), 21 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 27
HKCR\AppID\{7169BBB3-3289-4696-B35D-4A88BCF6FB12} (PUP.Optional.WebCake.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{11111111-1111-1111-1111-110311531136} (PUP.Optional.FreeHDSport.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110311531136} (PUP.Optional.FreeHDSport.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{22222222-2222-2222-2222-220322532236} (PUP.Optional.FreeHDSport.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CrossriderApp0035336.Sandbox.1 (PUP.Optional.FreeHDSport.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CrossriderApp0035336.Sandbox (PUP.Optional.FreeHDSport.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517} (PUP.WebCake) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{AF6B0594-6008-4327-93E5-608AD710A6FA} (PUP.Optional.WebCake.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\WebCakeIEClient.Api.1 (PUP.Optional.WebCake.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\WebCakeIEClient.Api (PUP.Optional.WebCake.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{AF6B0594-6008-4327-93E5-608AD710A6FA} (PUP.Optional.WebCake.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AF6B0594-6008-4327-93E5-608AD710A6FA} (PUP.Optional.WebCake.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{BB975E58-E769-4E5A-BA12-B765BC559FF3} (PUP.Optional.WebCake.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899} (PUP.Optional.WebCake.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899} (PUP.Optional.WebCake.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CrossriderApp0035336.BHO (PUP.Optional.FreeHDSport.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FreeHDSport TV (PUP.Optional.FreeHDSport.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\AppID\WebCakeIEClient.DLL (PUP.WebCake) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} (PUP.Optional.Qone8) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\1ClickDownload (PUP.Optional.1ClickDownload.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\InstalledBrowserExtensions\installdaddy (PUP.Optional.CrossRider.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\qvo6Software (PUP.Optional.qvo6.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Google\Chrome\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh (PUP.WebCake) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Google\Chrome\Extensions\nbdbmopeebalgaeghmjoegpkngglikgn (PUP.Optional.FreeHDSport.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} (PUP.Optional.Qone8) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SYSTEM\CurrentControlSet\Services\WebCakeUpdater (PUP.Optional.WebCake.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload (PUP.Optional.TVApp.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 4
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Bösartig: (hxxp://www.qvo6.com/?utm_source=b&utm_medium=ild&from=ild&uid=TOSHIBAXMK1059GSMP_Z1EUT0JTTXXZ1EUT0JTT&ts=1375041299) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Page_URL (Hijack.StartPage) -> Bösartig: (hxxp://www.qvo6.com/?utm_source=b&utm_medium=ild&from=ild&uid=TOSHIBAXMK1059GSMP_Z1EUT0JTTXXZ1EUT0JTT&ts=1375041299) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Bösartig: (hxxp://www.qvo6.com/?utm_source=b&utm_medium=ild&from=ild&uid=TOSHIBAXMK1059GSMP_Z1EUT0JTTXXZ1EUT0JTT&ts=1375041299) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|DefaultScope (PUP.Optional.Qone8) -> Bösartig: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}) Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 8
C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38} (PUP.WebCake) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\Cache (PUP.WebCake) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\FreeHDSport TV (PUP.Optional.FreeHDSport.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\FreeHDSport.TV (PUP.Optional.FreeHDSport.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\IlemiTVApp.com (PUP.Optional.TVApp.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Common Files\337\libcef (PUP.Optional.337Technologies.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Common Files\337\libcef\1.1364.1123 (PUP.Optional.337Technologies.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Common Files\337\libcef\1.1364.1123\locales (PUP.Optional.337Technologies.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 21
C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\Setup.ico (PUP.WebCake) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\Setup.dat (PUP.WebCake) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\Setup.exe (PUP.WebCake) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\_Setup.dll (PUP.WebCake) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\FreeHDSport TV\background.html (PUP.Optional.FreeHDSport.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\FreeHDSport TV\FreeHDSport TV-buttonutil.dll (PUP.Optional.FreeHDSport.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\FreeHDSport TV\FreeHDSport TV-buttonutil.exe (PUP.Optional.FreeHDSport.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\FreeHDSport TV\FreeHDSport TV-buttonutil64.dll (PUP.Optional.FreeHDSport.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\FreeHDSport TV\FreeHDSport TV-buttonutil64.exe (PUP.Optional.FreeHDSport.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\FreeHDSport TV\FreeHDSport TV.ico (PUP.Optional.FreeHDSport.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\FreeHDSport TV\Installer.log (PUP.Optional.FreeHDSport.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\FreeHDSport TV\Uninstall.exe (PUP.Optional.FreeHDSport.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\FreeHDSport.TV\freehdsporttv10.crx (PUP.Optional.FreeHDSport.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Tasks\FreeHDSport TV-codedownloader.job (PUP.Optional.FreeHDSport.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Tasks\FreeHDSport TV-enabler.job (PUP.Optional.FreeHDSport.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Tasks\FreeHDSport TV-updater.job (PUP.Optional.FreeHDSport.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\IlemiTVApp.com\IlemiTVApp.exe (PUP.Optional.TVApp.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\IlemiTVApp.com\uninst.exe (PUP.Optional.TVApp.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Common Files\337\libcef\1.1364.1123\icudt.dll (PUP.Optional.337Technologies.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Common Files\337\libcef\1.1364.1123\libcef.dll (PUP.Optional.337Technologies.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Common Files\337\libcef\1.1364.1123\locales\en-US.pak (PUP.Optional.337Technologies.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v3.013 - Bericht erstellt am 27/11/2013 um 12:35:09
# Updated 24/11/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Admin - PC
# Gestartet von : C:\Users\Andi\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\eSafe
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\Program Files (x86)\Common Files\337
Ordner Gelöscht : C:\Users\Admin\AppData\Roaming\eIntaller
Ordner Gelöscht : C:\Users\Admin\AppData\Roaming\Web Cake
Ordner Gelöscht : C:\Users\Angi\AppData\Roaming\Desk 365
Ordner Gelöscht : C:\Users\Andi\AppData\Roaming\Desk 365
Ordner Gelöscht : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kpmgns1t.default\Extensions\plugin@getwebcake.com
Ordner Gelöscht : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh
Ordner Gelöscht : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbdbmopeebalgaeghmjoegpkngglikgn
Ordner Gelöscht : C:\Users\Angi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbdbmopeebalgaeghmjoegpkngglikgn
Datei Gelöscht : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kpmgns1t.default\Extensions\fhdp3@freehdsp.tv.xpi
Datei Gelöscht : C:\Users\Public\Desktop\eBay.lnk
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\qvo6.xml
Datei Gelöscht : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kpmgns1t.default\user.js
Datei Gelöscht : C:\Windows\System32\Tasks\Desk 365 RunAsStdUser

***** [ Verknüpfungen ] *****

Verknüpfung Desinfiziert : C:\Users\Publ	ic\Desktop\Mozilla Firefox.lnk
Verknüpfung Desinfiziert : C:\Users\Admin\Desktop\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\Admin\Desktop\iexplore - Verknüpfung.lnk
Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Verknüpfung Desinfiziert : C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Verknüpfung Desinfiziert : C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Verknüpfung Desinfiziert : C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Verknüpfung Desinfiziert : C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk

***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A0B10EBE-4E51-4CAE-949B-E6B9E7D68CEA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F511AFDB-726E-4458-90E7-1ECB97406544}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355535536}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366536636}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355535536}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366536636}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Daten Wiederhergestellt : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command
Daten Wiederhergestellt : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command
Schlüssel Gelöscht : HKCU\Software\installedbrowserextensions
Schlüssel Gelöscht : HKLM\Software\Desksvc
Schlüssel Gelöscht : HKLM\Software\eSafeSecControl
Schlüssel Gelöscht : HKLM\Software\hdcode
Schlüssel Gelöscht : HKLM\Software\V9
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WsysControl
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16736

Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v14.0.1 (de)

[ Datei : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kpmgns1t.default\prefs.js ]


[ Datei : C:\Users\Angi\AppData\Roaming\Mozilla\Firefox\Profiles\h2qx2vyb.default\prefs.js ]


[ Datei : C:\Users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\ft4qh1wm.default\prefs.js ]


[ Datei : C:\Users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\nt2oyp2q.default-1382384792839\prefs.js ]

Zeile gelöscht : user_pref("browser.search.defaultenginename", "qvo6");
Zeile gelöscht : user_pref("browser.search.order.1", "qvo6");
Zeile gelöscht : user_pref("browser.search.selectedEngine", "qvo6");
Zeile gelöscht : user_pref("extentions.webcake.defaultEnableAppsList", "layers/banner,layers/inline,layers/search,layers/shopping,newOffers/wc");
Zeile gelöscht : user_pref("extentions.webcake.installId", "da97bfb5-866d-4e0b-852c-f9409fb37348");

[ Datei : C:\Users\Angi\AppData\Roaming\Mozilla\Firefox\Profiles\h2qx2vyb.default\prefs.js ]


[ Datei : C:\Users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\ft4qh1wm.default\prefs.js ]


[ Datei : C:\Users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\nt2oyp2q.default-1382384792839\prefs.js ]


-\\ Google Chrome v

[ Datei : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht : homepage
Gelöscht : search_url
Gelöscht : keyword
Gelöscht : urls_to_restore_on_startup

[ Datei : C:\Users\Angi\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [8521 octets] - [27/11/2013 12:29:29]
AdwCleaner[S0].txt - [6773 octets] - [27/11/2013 12:35:09]

########## EOF - \AdwCleaner\AdwCleaner[S0].txt - [6833 octets] ##########
         
--- --- ---

Junkware Removal Tool
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by Admin on 27.11.2013 at 12:51:00,80
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\webcakeupdater



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Admin\appdata\local\{1E716ED3-B2F6-4F0B-89A9-DA6AF8BCC5E7}



~~~ Chrome

Successfully deleted: [Folder] C:\Users\Admin\appdata\local\Google\Chrome\User Data\Default\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 27.11.2013 at 12:56:00,67
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-11-2013
Ran by Andi (ATTENTION: The logged in user is not administrator) on PC on 27-11-2013 13:03:55
Running from C:\Users\Andi\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Wondershare) C:\Program Files (x86)\Wondershare\MobileGo for Android\MobileGoService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Huawei Technologies Co., Ltd.) C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [IntelTBRunOnce] - C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs [4526 2010-11-29] ()
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2589992 2011-04-05] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12673128 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [Power Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831016 2011-08-02] (Acer Incorporated)
HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET Smart Security\egui.exe [6330568 2013-03-21] (ESET)
HKLM\...\Run: [combofix] - C:\ComboFix\CF22070.3XE /c C:\ComboFix\Combobatch.bat
HKLM\...\Runonce: [combofix] - C:\ComboFix\CF22070.3XE /c C:\ComboFixCombobatch.bat
HKLM\...\runonceex: [flags] - 8
HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware ] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware  (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1127496 2013-04-04] (Malwarebytes Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Orbitum] - C:\Users\Andi\AppData\Local\Orbitum\Application\chrome.exe
HKCU\...\Run: [HW_OPENEYE_OUC_] - C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe [110592 2009-12-31] (Huawei Technologies Co., Ltd.)
MountPoints2: E - E:\AutoRun.exe
MountPoints2: F - F:\AutoRun.exe
MountPoints2: {10e3d94e-ad86-11e1-b219-001e101f1f81} - E:\AutoRun.exe
MountPoints2: {8cf2d829-4bc2-11e2-b468-001e101f7fb6} - E:\AutoRun.exe
MountPoints2: {9a409562-acd6-11e1-9bc0-642737311941} - F:\AutoRun.exe
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-04-24] (NTI Corporation)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-07-01] (Dritek System Inc.)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] - C:\Dolby PCEE4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [SuiteTray] - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-09-20] (Egis Technology Inc.)
HKLM-x32\...\Run: [ArcadeMovieService] - C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2011-08-26] (CyberLink Corp.)
HKLM-x32\...\Run: [DataCardMonitor] - C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe [253952 2012-06-02] (Huawei Technologies Co., Ltd.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact] - "C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe"
AppInit_DLLs: C:\Windows\System32\nvinitx.dll [247144 2012-10-08] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [202600 2012-10-08] (NVIDIA Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [327168] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{4227D410-6AA1-42B3-9995-001DD2C8E53B}: [NameServer]213.162.69.169 213.162.69.1
Tcpip\..\Interfaces\{ACF8C42B-3FAB-4EA1-9E15-28CDA0A662A4}: [NameServer]213.162.69.170 213.162.69.2
Tcpip\..\Interfaces\{EFE5D906-626A-491A-B1CC-69F3BF926A2A}: [NameServer]213.162.69.2 213.162.69.170

FireFox:
========
FF ProfilePath: C:\Users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\nt2oyp2q.default-1382384792839
FF Homepage: www.google.at
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @garmin.com/GpsControl - C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

==================== Services (Whitelisted) =================

R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1341664 2013-03-21] (ESET)
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-24] (NTI Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-09-17] (Microsoft Corporation)
S4 RemoteAccess; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] ()

==================== Drivers (Whitelisted) ====================

S3 androidusb; C:\Windows\System32\Drivers\wsadb.sys [40736 2013-10-03] (Google Inc)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [213416 2013-02-20] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [150616 2013-01-10] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [190232 2013-01-10] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [59440 2013-01-10] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [58416 2013-02-20] (ESET)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [243200 2009-10-21] (Huawei Technologies Co., Ltd.)
S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2009-10-12] (Huawei Technologies Co., Ltd.)
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [204568 2013-08-20] (DEVGURU Co., LTD.(www.devguru.co.kr))
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-27 13:01 - 2013-11-27 13:01 - 01958818 _____ (Farbar) C:\Users\Andi\Downloads\FRST64.exe
2013-11-27 12:56 - 2013-11-27 12:56 - 00001120 _____ C:\Users\Admin\Desktop\JRT.txt
2013-11-27 12:50 - 2013-11-27 12:50 - 00000000 ____D C:\Windows\ERUNT
2013-11-27 12:48 - 2013-11-27 12:47 - 00007207 _____ C:\Users\Andi\Desktop\AdwCleaner[S0].txt
2013-11-27 12:29 - 2013-11-27 12:41 - 00000000 ____D C:\AdwCleaner
2013-11-27 12:15 - 2013-11-27 12:15 - 00000000 ____D C:\Users\Andi\AppData\Roaming\Malwarebytes
2013-11-27 12:11 - 2013-11-27 12:11 - 01034531 _____ (Thisisu) C:\Users\Andi\Desktop\JRT.exe
2013-11-27 12:10 - 2013-11-27 12:10 - 01091882 _____ C:\Users\Andi\Desktop\adwcleaner.exe
2013-11-27 11:58 - 2013-11-27 11:58 - 00001117 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-11-27 11:58 - 2013-11-27 11:58 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Malwarebytes
2013-11-27 11:58 - 2013-11-27 11:58 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-27 11:58 - 2013-11-27 11:58 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-27 11:58 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-11-27 11:57 - 2013-11-27 11:57 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Andi\Downloads\mbam-setup-1.75.0.1300.exe
2013-11-26 15:29 - 2013-11-26 15:29 - 04101441 _____ C:\Users\Admin\Downloads\tdsskiller(1).zip
2013-11-26 15:28 - 2013-11-26 15:28 - 04101441 _____ C:\Users\Admin\Downloads\tdsskiller.zip
2013-11-26 15:23 - 2013-11-26 15:23 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Andi\Desktop\tdsskiller.exe
2013-11-25 01:48 - 2013-11-25 01:50 - 00000000 ___SD C:\32788R22FWJFW
2013-11-24 19:59 - 2013-11-24 19:59 - 00603312 _____ (Emsisoft GmbH) C:\Users\Andi\Downloads\emsiclean.exe
2013-11-24 19:59 - 2013-11-24 19:59 - 00122614 _____ C:\Users\Andi\Downloads\EmsiClean_2013.11.24_19.59.55.txt
2013-11-24 18:06 - 2013-11-24 18:06 - 00000000 ____D C:\Windows\pss
2013-11-24 16:44 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2013-11-24 16:44 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2013-11-24 16:44 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-11-24 16:44 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-11-24 16:44 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-11-24 16:44 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2013-11-24 16:44 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2013-11-24 16:44 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2013-11-24 16:43 - 2013-11-24 16:54 - 00000000 ____D C:\Windows\erdnt
2013-11-24 16:43 - 2013-11-24 16:43 - 00000000 ____D C:\Qoobox
2013-11-24 16:40 - 2013-11-24 16:40 - 05149261 ____R (Swearware) C:\Users\Andi\Desktop\ComboFix.exe
2013-11-24 14:41 - 2013-11-24 14:41 - 00000472 _____ C:\Users\Andi\Downloads\defogger_disable.log
2013-11-24 14:13 - 2013-11-24 14:13 - 00009625 _____ C:\Users\Andi\Desktop\log_ESET.7z
2013-11-24 14:04 - 2013-11-24 14:04 - 00036850 _____ C:\Users\Andi\Desktop\FRST_alt.txt
2013-11-24 14:04 - 2013-11-24 14:04 - 00023873 _____ C:\Users\Andi\Desktop\Addition.txt
2013-11-24 13:51 - 2013-11-24 13:51 - 00092969 _____ C:\Users\Andi\Desktop\gmer.txt
2013-11-24 13:40 - 2013-11-24 13:40 - 00377856 _____ C:\Users\Andi\Downloads\gmer_2.1.19163.exe
2013-11-24 13:38 - 2013-11-27 13:03 - 00013909 _____ C:\Users\Andi\Downloads\FRST.txt
2013-11-24 13:36 - 2013-11-24 13:36 - 00000472 _____ C:\Users\Andi\Desktop\defogger_disable.log
2013-11-24 13:36 - 2013-11-24 13:36 - 00000000 _____ C:\Users\Admin\defogger_reenable
2013-11-24 13:34 - 2013-11-24 13:34 - 00050477 _____ C:\Users\Andi\Downloads\Defogger.exe
2013-11-24 08:54 - 2013-11-24 08:54 - 00000000 ____D C:\Users\Admin\Documents\Anti-Malware
2013-11-24 08:51 - 2013-11-24 08:54 - 209467344 _____ (Emsisoft GmbH                                               ) C:\Users\Andi\Downloads\EmsisoftAntiMalwareSetup.exe
2013-11-24 08:42 - 2013-11-24 08:42 - 00028988 _____ C:\Users\Admin\Downloads\Addition.txt
2013-11-24 08:40 - 2013-11-24 08:42 - 00041653 _____ C:\Users\Admin\Downloads\FRST.txt
2013-11-24 08:40 - 2013-11-24 08:40 - 01958396 _____ (Farbar) C:\Users\Admin\Downloads\FRST64.exe
2013-11-24 08:40 - 2013-11-24 08:40 - 00000000 ____D C:\FRST
2013-11-24 08:39 - 2013-11-24 08:39 - 01091525 _____ (Farbar) C:\Users\Admin\Downloads\FRST.exe
2013-11-24 08:26 - 2013-11-27 12:31 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1001UA1cee8e678ff332c.job
2013-11-23 20:59 - 2013-11-23 20:59 - 00000000 ____D C:\Users\Andi\Downloads\www.torrent.to...Gefaehrten.2011.DVDScr.German.AC3MD.XViD-PWND
2013-11-23 17:24 - 2013-11-23 17:25 - 00000000 ____D C:\Windows\SysWOW64\C2MP
2013-11-23 17:22 - 2013-11-23 17:24 - 42450960 _____ (VLC - Codec Pack) C:\Users\Andi\Downloads\vlc.codec.pack.v2.0.5.1.setup.exe
2013-11-23 16:35 - 2013-11-23 16:37 - 00000000 ____D C:\Users\Andi\Downloads\The Hobbit The Desolation of Smaug 2013
2013-11-23 16:32 - 2013-11-23 18:35 - 00000000 ____D C:\Users\Andi\Downloads\Der.Hobbit.Eine.unerwartete.Reise.2012.DVDRip.LD.German.XviD-CiNETiPP
2013-11-20 12:27 - 2013-11-23 09:41 - 00000000 ____D C:\Users\Andi\Downloads\Lucky Number Slevin 2006 [German].DVDScr (Dual Audio)
2013-11-19 06:29 - 2013-11-19 06:30 - 00000000 ____D C:\Users\Andi\AppData\Local\{51C3EEAD-C896-4909-B15A-D4D1A00705EF}
2013-11-17 16:43 - 2013-11-17 16:43 - 00000000 ____D C:\Users\Andi\Download
2013-11-15 20:17 - 2013-11-15 20:21 - 00000000 ____D C:\Hörbücher
2013-11-13 08:57 - 2013-10-12 09:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-13 08:57 - 2013-10-12 09:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-13 08:57 - 2013-10-12 09:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-13 08:57 - 2013-10-12 09:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-13 08:57 - 2013-10-12 09:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-13 08:57 - 2013-10-12 09:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-13 08:57 - 2013-10-12 09:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-13 08:57 - 2013-10-12 09:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-13 08:57 - 2013-10-12 09:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-13 08:57 - 2013-10-12 09:43 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-13 08:57 - 2013-10-12 09:43 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-13 08:57 - 2013-10-12 09:43 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-13 08:57 - 2013-10-12 09:43 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-13 08:57 - 2013-10-12 09:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-13 08:57 - 2013-10-12 08:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-13 08:57 - 2013-10-12 08:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-13 08:57 - 2013-10-12 08:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-13 08:57 - 2013-10-12 08:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-13 08:57 - 2013-10-12 08:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-13 08:57 - 2013-10-12 08:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-13 08:57 - 2013-10-12 08:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-13 08:57 - 2013-10-12 08:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-13 08:57 - 2013-10-12 08:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-13 08:57 - 2013-10-12 08:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-13 08:57 - 2013-10-12 08:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-13 08:57 - 2013-10-12 08:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-13 08:57 - 2013-10-12 08:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-13 08:57 - 2013-10-12 07:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-13 08:57 - 2013-10-12 07:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-13 08:57 - 2013-10-12 06:44 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-13 08:57 - 2013-10-12 06:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-13 07:23 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-13 07:23 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-13 07:23 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-13 07:23 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-13 07:23 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-13 07:23 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-13 07:23 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-13 07:23 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-13 07:23 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-13 07:23 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-13 07:23 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-13 07:23 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-13 07:23 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-13 07:23 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-13 07:23 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-13 07:23 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-13 07:23 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-13 07:23 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-13 07:23 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-13 07:23 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-13 07:23 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-13 07:23 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-13 07:23 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-13 07:23 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-13 07:23 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-13 07:23 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-13 07:23 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-13 07:23 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-13 07:23 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-13 07:23 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-10 14:25 - 2013-11-10 14:25 - 00001196 _____ C:\Users\Admin\Desktop\BitTorrent.lnk
2013-11-10 14:25 - 2013-11-10 14:25 - 00000000 ____D C:\Users\Admin\AppData\Roaming\BitTorrent
2013-11-10 14:24 - 2013-11-24 08:28 - 00000000 ____D C:\Users\Andi\AppData\Roaming\BitTorrent
2013-11-10 14:23 - 2013-11-10 14:23 - 01137240 _____ (BitTorrent Inc.) C:\Users\Andi\Downloads\BitTorrent7.8.2_b30265.exe
2013-11-04 22:58 - 2013-11-04 22:58 - 00001406 _____ C:\Users\Andi\Desktop\TinyPic - Verknüpfung.lnk

==================== One Month Modified Files and Folders =======

2013-11-27 13:04 - 2013-11-24 13:38 - 00013909 _____ C:\Users\Andi\Downloads\FRST.txt
2013-11-27 13:01 - 2013-11-27 13:01 - 01958818 _____ (Farbar) C:\Users\Andi\Downloads\FRST64.exe
2013-11-27 12:57 - 2012-06-02 13:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-27 12:56 - 2013-11-27 12:56 - 00001120 _____ C:\Users\Admin\Desktop\JRT.txt
2013-11-27 12:56 - 2012-01-15 19:22 - 01467278 _____ C:\Windows\WindowsUpdate.log
2013-11-27 12:55 - 2013-10-08 08:50 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cec3fb17587276.job
2013-11-27 12:50 - 2013-11-27 12:50 - 00000000 ____D C:\Windows\ERUNT
2013-11-27 12:49 - 2009-07-14 05:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-27 12:49 - 2009-07-14 05:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-27 12:47 - 2013-11-27 12:48 - 00007207 _____ C:\Users\Andi\Desktop\AdwCleaner[S0].txt
2013-11-27 12:42 - 2013-07-08 16:40 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-27 12:41 - 2013-11-27 12:29 - 00000000 ____D C:\AdwCleaner
2013-11-27 12:41 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-27 12:41 - 2009-07-14 05:51 - 00181569 _____ C:\Windows\setupact.log
2013-11-27 12:37 - 2012-10-10 22:33 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-27 12:35 - 2012-06-02 13:24 - 00001333 _____ C:\Users\Admin\Desktop\Google Chrome.lnk
2013-11-27 12:35 - 2012-06-02 13:24 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2013-11-27 12:35 - 2012-06-02 13:17 - 00001057 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-11-27 12:35 - 2012-06-02 13:10 - 00000891 _____ C:\Users\Admin\Desktop\iexplore - Verknüpfung.lnk
2013-11-27 12:35 - 2012-06-02 11:23 - 00001200 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-11-27 12:31 - 2013-11-24 08:26 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1001UA1cee8e678ff332c.job
2013-11-27 12:17 - 2013-10-12 20:12 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1002UA1cec77f502d0aa.job
2013-11-27 12:15 - 2013-11-27 12:15 - 00000000 ____D C:\Users\Andi\AppData\Roaming\Malwarebytes
2013-11-27 12:14 - 2010-11-21 04:47 - 00346278 _____ C:\Windows\PFRO.log
2013-11-27 12:11 - 2013-11-27 12:11 - 01034531 _____ (Thisisu) C:\Users\Andi\Desktop\JRT.exe
2013-11-27 12:10 - 2013-11-27 12:10 - 01091882 _____ C:\Users\Andi\Desktop\adwcleaner.exe
2013-11-27 11:58 - 2013-11-27 11:58 - 00001117 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-11-27 11:58 - 2013-11-27 11:58 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Malwarebytes
2013-11-27 11:58 - 2013-11-27 11:58 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-27 11:58 - 2013-11-27 11:58 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-27 11:57 - 2013-11-27 11:57 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Andi\Downloads\mbam-setup-1.75.0.1300.exe
2013-11-27 09:23 - 2013-09-13 22:21 - 00001068 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1001Core1ceb0c727a22316.job
2013-11-26 15:29 - 2013-11-26 15:29 - 04101441 _____ C:\Users\Admin\Downloads\tdsskiller(1).zip
2013-11-26 15:28 - 2013-11-26 15:28 - 04101441 _____ C:\Users\Admin\Downloads\tdsskiller.zip
2013-11-26 15:23 - 2013-11-26 15:23 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Andi\Desktop\tdsskiller.exe
2013-11-26 14:02 - 2012-06-02 13:35 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1002Core.job
2013-11-25 01:50 - 2013-11-25 01:48 - 00000000 ___SD C:\32788R22FWJFW
2013-11-25 01:48 - 2009-07-14 06:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-11-24 23:58 - 2012-01-16 04:15 - 00669464 _____ C:\Windows\system32\perfh007.dat
2013-11-24 23:58 - 2012-01-16 04:15 - 00134990 _____ C:\Windows\system32\perfc007.dat
2013-11-24 23:58 - 2009-07-14 06:13 - 01528364 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-24 19:59 - 2013-11-24 19:59 - 00603312 _____ (Emsisoft GmbH) C:\Users\Andi\Downloads\emsiclean.exe
2013-11-24 19:59 - 2013-11-24 19:59 - 00122614 _____ C:\Users\Andi\Downloads\EmsiClean_2013.11.24_19.59.55.txt
2013-11-24 19:42 - 2012-06-02 11:43 - 00000000 ____D C:\ProgramData\clear.fi
2013-11-24 18:06 - 2013-11-24 18:06 - 00000000 ____D C:\Windows\pss
2013-11-24 16:54 - 2013-11-24 16:43 - 00000000 ____D C:\Windows\erdnt
2013-11-24 16:43 - 2013-11-24 16:43 - 00000000 ____D C:\Qoobox
2013-11-24 16:40 - 2013-11-24 16:40 - 05149261 ____R (Swearware) C:\Users\Andi\Desktop\ComboFix.exe
2013-11-24 14:41 - 2013-11-24 14:41 - 00000472 _____ C:\Users\Andi\Downloads\defogger_disable.log
2013-11-24 14:13 - 2013-11-24 14:13 - 00009625 _____ C:\Users\Andi\Desktop\log_ESET.7z
2013-11-24 14:04 - 2013-11-24 14:04 - 00036850 _____ C:\Users\Andi\Desktop\FRST_alt.txt
2013-11-24 14:04 - 2013-11-24 14:04 - 00023873 _____ C:\Users\Andi\Desktop\Addition.txt
2013-11-24 13:51 - 2013-11-24 13:51 - 00092969 _____ C:\Users\Andi\Desktop\gmer.txt
2013-11-24 13:40 - 2013-11-24 13:40 - 00377856 _____ C:\Users\Andi\Downloads\gmer_2.1.19163.exe
2013-11-24 13:36 - 2013-11-24 13:36 - 00000472 _____ C:\Users\Andi\Desktop\defogger_disable.log
2013-11-24 13:36 - 2013-11-24 13:36 - 00000000 _____ C:\Users\Admin\defogger_reenable
2013-11-24 13:36 - 2012-06-02 11:21 - 00000000 ____D C:\Users\Admin
2013-11-24 13:34 - 2013-11-24 13:34 - 00050477 _____ C:\Users\Andi\Downloads\Defogger.exe
2013-11-24 08:54 - 2013-11-24 08:54 - 00000000 ____D C:\Users\Admin\Documents\Anti-Malware
2013-11-24 08:54 - 2013-11-24 08:51 - 209467344 _____ (Emsisoft GmbH                                               ) C:\Users\Andi\Downloads\EmsisoftAntiMalwareSetup.exe
2013-11-24 08:42 - 2013-11-24 08:42 - 00028988 _____ C:\Users\Admin\Downloads\Addition.txt
2013-11-24 08:42 - 2013-11-24 08:40 - 00041653 _____ C:\Users\Admin\Downloads\FRST.txt
2013-11-24 08:40 - 2013-11-24 08:40 - 01958396 _____ (Farbar) C:\Users\Admin\Downloads\FRST64.exe
2013-11-24 08:40 - 2013-11-24 08:40 - 00000000 ____D C:\FRST
2013-11-24 08:39 - 2013-11-24 08:39 - 01091525 _____ (Farbar) C:\Users\Admin\Downloads\FRST.exe
2013-11-24 08:28 - 2013-11-10 14:24 - 00000000 ____D C:\Users\Andi\AppData\Roaming\BitTorrent
2013-11-24 08:23 - 2012-06-02 11:21 - 00119864 _____ C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-24 08:11 - 2013-08-27 06:26 - 00000000 ____D C:\Users\Andi\AppData\Roaming\vlc
2013-11-23 20:59 - 2013-11-23 20:59 - 00000000 ____D C:\Users\Andi\Downloads\www.torrent.to...Gefaehrten.2011.DVDScr.German.AC3MD.XViD-PWND
2013-11-23 18:35 - 2013-11-23 16:32 - 00000000 ____D C:\Users\Andi\Downloads\Der.Hobbit.Eine.unerwartete.Reise.2012.DVDRip.LD.German.XviD-CiNETiPP
2013-11-23 17:31 - 2013-07-08 16:40 - 00000000 ____D C:\Program Files (x86)\Google
2013-11-23 17:31 - 2012-06-02 13:19 - 00000000 ____D C:\Users\Admin\AppData\Local\Google
2013-11-23 17:25 - 2013-11-23 17:24 - 00000000 ____D C:\Windows\SysWOW64\C2MP
2013-11-23 17:24 - 2013-11-23 17:22 - 42450960 _____ (VLC - Codec Pack) C:\Users\Andi\Downloads\vlc.codec.pack.v2.0.5.1.setup.exe
2013-11-23 16:37 - 2013-11-23 16:35 - 00000000 ____D C:\Users\Andi\Downloads\The Hobbit The Desolation of Smaug 2013
2013-11-23 15:11 - 2012-06-04 21:00 - 00000000 ____D C:\Fotos
2013-11-23 09:41 - 2013-11-20 12:27 - 00000000 ____D C:\Users\Andi\Downloads\Lucky Number Slevin 2006 [German].DVDScr (Dual Audio)
2013-11-23 09:28 - 2012-08-14 20:29 - 00000000 ____D C:\Users\Andi\AppData\Roaming\SoftGrid Client
2013-11-19 06:30 - 2013-11-19 06:29 - 00000000 ____D C:\Users\Andi\AppData\Local\{51C3EEAD-C896-4909-B15A-D4D1A00705EF}
2013-11-17 16:43 - 2013-11-17 16:43 - 00000000 ____D C:\Users\Andi\Download
2013-11-17 16:43 - 2012-06-05 06:00 - 00000000 ____D C:\Users\Andi
2013-11-16 11:53 - 2012-07-09 11:24 - 00000000 ____D C:\Windows\Minidump
2013-11-16 11:53 - 2012-07-09 11:23 - 519110408 _____ C:\Windows\MEMORY.DMP
2013-11-15 20:21 - 2013-11-15 20:17 - 00000000 ____D C:\Hörbücher
2013-11-14 06:46 - 2013-10-16 22:18 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-11-14 06:46 - 2013-04-15 21:58 - 00001935 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2013-11-13 16:09 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-11-13 08:57 - 2013-08-15 14:17 - 00000000 ____D C:\Windows\system32\MRT
2013-11-13 08:55 - 2013-08-15 14:17 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-13 07:29 - 2013-09-12 06:01 - 00000000 ____D C:\Program Files\Microsoft Office 15
2013-11-11 05:50 - 2010-11-21 04:27 - 00267936 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2013-11-10 16:04 - 2013-02-07 07:26 - 00000000 ____D C:\Filme und Serien
2013-11-10 14:25 - 2013-11-10 14:25 - 00001196 _____ C:\Users\Admin\Desktop\BitTorrent.lnk
2013-11-10 14:25 - 2013-11-10 14:25 - 00000000 ____D C:\Users\Admin\AppData\Roaming\BitTorrent
2013-11-10 14:23 - 2013-11-10 14:23 - 01137240 _____ (BitTorrent Inc.) C:\Users\Andi\Downloads\BitTorrent7.8.2_b30265.exe
2013-11-04 22:58 - 2013-11-04 22:58 - 00001406 _____ C:\Users\Andi\Desktop\TinyPic - Verknüpfung.lnk
2013-11-02 19:58 - 2012-06-02 13:28 - 00119864 _____ C:\Users\Angi\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-02 17:15 - 2012-06-02 13:52 - 00000000 ____D C:\Users\Angi\AppData\Roaming\SoftGrid Client
2013-11-02 16:55 - 2012-08-18 11:00 - 00000000 ____D C:\Users\Angi\Downloads\Rezepte
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install

Some content of TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender

==================== End Of Log ============================
         
--- --- ---

--- --- ---

Alt 28.11.2013, 09:17   #11
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7: Befall von mehreren Trojanern/Viren -Win64/Conedex.B + C + I, Win64/Sirefef.AZ+BJ - Standard

Windows 7: Befall von mehreren Trojanern/Viren -Win64/Conedex.B + C + I, Win64/Sirefef.AZ+BJ




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 28.11.2013, 22:05   #12
oigen
 
Windows 7: Befall von mehreren Trojanern/Viren -Win64/Conedex.B + C + I, Win64/Sirefef.AZ+BJ - Standard

Windows 7: Befall von mehreren Trojanern/Viren -Win64/Conedex.B + C + I, Win64/Sirefef.AZ+BJ



OK:

ESET
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=15abe541e46392429fea2421aa038481
# engine=16063
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-11-28 07:42:14
# local_time=2013-11-28 08:42:14 (+0100, Mitteleuropäische Zeit)
# country="Austria"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 29 443528 12218231 0 0
# compatibility_mode=8216 16776701 100 98 9344463 135680686 0 0
# scanned=273717
# found=4
# cleaned=0
# scan_time=9319
# nod_component=V3 Build:0x30000000
sh=95E0A800A171FB561B0272F091950FE0A09EA10D ft=1 fh=5179a328503fe202 vn="a variant of Win32/Kryptik.BPOA trojan" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\Google\Desktop\Install\{b76a39d9-6a23-bedc-000d-ea3828816a40}\9519~1\A535~1\E628~1\{b76a39d9-6a23-bedc-000d-ea3828816a40}\GoogleUpdate.exe.vir"
sh=46C1319EE38510C365A4226621DE30BDF7E462FF ft=1 fh=662930a683ab766b vn="Win64/Conedex.C trojan" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\Google\Desktop\Install\{b76a39d9-6a23-bedc-000d-ea3828816a40}\9519~1\A535~1\E628~1\{b76a39d9-6a23-bedc-000d-ea3828816a40}\U\00000004.@.vir"
sh=A065922E48E274F827BC8A04091A44632D498373 ft=1 fh=f3684398a5f5cf1b vn="Win64/Conedex.I trojan" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\Google\Desktop\Install\{b76a39d9-6a23-bedc-000d-ea3828816a40}\9519~1\A535~1\E628~1\{b76a39d9-6a23-bedc-000d-ea3828816a40}\U\00000008.@.vir"
sh=810E28D4E7B28D658DC48A82F0C65B46149AAE89 ft=1 fh=120d32a29875bbd8 vn="Win64/Conedex.B trojan" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\Google\Desktop\Install\{b76a39d9-6a23-bedc-000d-ea3828816a40}\9519~1\A535~1\E628~1\{b76a39d9-6a23-bedc-000d-ea3828816a40}\U\000000cb.@.vir"
         
SecurityCheck
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.76  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
ESET Smart Security 6.0   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 Adobe Flash Player 11.9.900.117  
 Adobe Reader 10.1.7 Adobe Reader out of Date!  
 Mozilla Firefox 14.0.1 Firefox out of Date!  
 Google Chrome 23.0.1271.97  
 Google Chrome 29.0.1547.66  
````````Process Check: objlist.exe by Laurent````````  
 ESET NOD32 Antivirus egui.exe  
 ESET NOD32 Antivirus ekrn.exe  
 Symantec Norton Online Backup NOBuAgent.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-11-2013
Ran by Admin (administrator) on PC on 28-11-2013 22:00:00
Running from C:\Users\Andi\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Wondershare) C:\Program Files (x86)\Wondershare\MobileGo for Android\MobileGoService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Huawei Technologies Co., Ltd.) C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [IntelTBRunOnce] - C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs [4526 2010-11-29] ()
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2589992 2011-04-05] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12673128 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [Power Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831016 2011-08-02] (Acer Incorporated)
HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET Smart Security\egui.exe [6330568 2013-03-21] (ESET)
HKLM\...\Run: [combofix] - C:\ComboFix\CF22070.3XE /c C:\ComboFix\Combobatch.bat
HKLM\...\Runonce: [combofix] - C:\ComboFix\CF22070.3XE /c C:\ComboFixCombobatch.bat
HKLM\...\runonceex: [flags] - 8
HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware ] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware  (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1127496 2013-04-04] (Malwarebytes Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [HW_OPENEYE_OUC_T-Mobile Internet Manager] - C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe [110592 2009-12-31] (Huawei Technologies Co., Ltd.)
HKCU\...\Run: [Wondershare Helper Compact] - "C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe"
HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-04-24] (NTI Corporation)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-07-01] (Dritek System Inc.)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] - C:\Dolby PCEE4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [SuiteTray] - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-09-20] (Egis Technology Inc.)
HKLM-x32\...\Run: [ArcadeMovieService] - C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2011-08-26] (CyberLink Corp.)
HKLM-x32\...\Run: [DataCardMonitor] - C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe [253952 2012-06-02] (Huawei Technologies Co., Ltd.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact] - "C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe"
HKU\Angi\...\Run: [Google Update] - C:\Users\Angi\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-06-02] (Google Inc.)
HKU\Angi\...\Run: [HW_OPENEYE_OUC_] - C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe [110592 2009-12-31] (Huawei Technologies Co., Ltd.)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162408 2011-09-13] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162408 2011-09-13] ()
HKU\Hans\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162408 2011-09-13] ()
HKU\UpdatusUser\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
AppInit_DLLs: C:\Windows\System32\nvinitx.dll [247144 2012-10-08] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [202600 2012-10-08] (NVIDIA Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [327168] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{4227D410-6AA1-42B3-9995-001DD2C8E53B}: [NameServer]213.162.69.169 213.162.69.1
Tcpip\..\Interfaces\{ACF8C42B-3FAB-4EA1-9E15-28CDA0A662A4}: [NameServer]213.162.69.170 213.162.69.2
Tcpip\..\Interfaces\{EFE5D906-626A-491A-B1CC-69F3BF926A2A}: [NameServer]213.162.69.2 213.162.69.170

FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kpmgns1t.default
FF Homepage: hxxp://www.google.at/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @garmin.com/GpsControl - C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Admin\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Admin\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR DefaultSearchURL: (qvo6) - hxxp://www.google.com
CHR DefaultSuggestURL: (qvo6) -       "suggest_url": ""
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Admin\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Admin\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Admin\AppData\Local\Google\Chrome\Application\23.0.1271.97\gcswf32.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.2_0\McChPlg.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (WildTangent Games App Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll No File
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\Admin\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll No File
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1341664 2013-03-21] (ESET)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-24] (NTI Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-09-17] (Microsoft Corporation)
S4 RemoteAccess; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] ()

==================== Drivers (Whitelisted) ====================

S3 androidusb; C:\Windows\System32\Drivers\wsadb.sys [40736 2013-10-03] (Google Inc)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [213416 2013-02-20] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [150616 2013-01-10] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [190232 2013-01-10] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [59440 2013-01-10] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [58416 2013-02-20] (ESET)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [243200 2009-10-21] (Huawei Technologies Co., Ltd.)
S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2009-10-12] (Huawei Technologies Co., Ltd.)
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [204568 2013-08-20] (DEVGURU Co., LTD.(www.devguru.co.kr))
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-28 21:59 - 2013-11-28 21:59 - 01959024 _____ (Farbar) C:\Users\Andi\Desktop\FRST64.exe
2013-11-28 21:56 - 2013-11-28 21:56 - 00000988 _____ C:\Users\Andi\Desktop\checkup.txt
2013-11-28 21:52 - 2013-11-28 21:52 - 00000988 _____ C:\Users\Admin\Desktop\checkup.txt
2013-11-28 17:58 - 2013-11-28 17:58 - 00891184 _____ C:\Users\Andi\Desktop\SecurityCheck.exe
2013-11-28 17:57 - 2013-11-28 17:57 - 02347384 _____ (ESET) C:\Users\Andi\Desktop\esetsmartinstaller_enu.exe
2013-11-27 13:04 - 2013-11-28 22:00 - 00018645 _____ C:\Users\Andi\Desktop\FRST.txt
2013-11-27 12:56 - 2013-11-27 12:56 - 00001120 _____ C:\Users\Admin\Desktop\JRT.txt
2013-11-27 12:50 - 2013-11-27 12:50 - 00000000 ____D C:\Windows\ERUNT
2013-11-27 12:48 - 2013-11-27 12:47 - 00007207 _____ C:\Users\Andi\Desktop\AdwCleaner[S0].txt
2013-11-27 12:29 - 2013-11-27 12:41 - 00000000 ____D C:\AdwCleaner
2013-11-27 12:15 - 2013-11-27 12:15 - 00000000 ____D C:\Users\Andi\AppData\Roaming\Malwarebytes
2013-11-27 12:11 - 2013-11-27 12:11 - 01034531 _____ (Thisisu) C:\Users\Andi\Desktop\JRT.exe
2013-11-27 12:10 - 2013-11-27 12:10 - 01091882 _____ C:\Users\Andi\Desktop\adwcleaner.exe
2013-11-27 11:58 - 2013-11-27 11:58 - 00001117 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-11-27 11:58 - 2013-11-27 11:58 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Malwarebytes
2013-11-27 11:58 - 2013-11-27 11:58 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-27 11:58 - 2013-11-27 11:58 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-27 11:58 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-11-27 11:57 - 2013-11-27 11:57 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Andi\Downloads\mbam-setup-1.75.0.1300.exe
2013-11-26 15:29 - 2013-11-26 15:29 - 04101441 _____ C:\Users\Admin\Downloads\tdsskiller(1).zip
2013-11-26 15:28 - 2013-11-26 15:28 - 04101441 _____ C:\Users\Admin\Downloads\tdsskiller.zip
2013-11-26 15:23 - 2013-11-26 15:23 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Andi\Desktop\tdsskiller.exe
2013-11-25 01:48 - 2013-11-25 01:50 - 00000000 ___SD C:\32788R22FWJFW
2013-11-24 19:59 - 2013-11-24 19:59 - 00603312 _____ (Emsisoft GmbH) C:\Users\Andi\Downloads\emsiclean.exe
2013-11-24 19:59 - 2013-11-24 19:59 - 00122614 _____ C:\Users\Andi\Downloads\EmsiClean_2013.11.24_19.59.55.txt
2013-11-24 18:06 - 2013-11-24 18:06 - 00000000 ____D C:\Windows\pss
2013-11-24 16:44 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2013-11-24 16:44 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2013-11-24 16:44 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-11-24 16:44 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-11-24 16:44 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-11-24 16:44 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2013-11-24 16:44 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2013-11-24 16:44 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2013-11-24 16:43 - 2013-11-24 16:54 - 00000000 ____D C:\Windows\erdnt
2013-11-24 16:43 - 2013-11-24 16:43 - 00000000 ____D C:\Qoobox
2013-11-24 16:40 - 2013-11-24 16:40 - 05149261 ____R (Swearware) C:\Users\Andi\Desktop\ComboFix.exe
2013-11-24 14:41 - 2013-11-24 14:41 - 00000472 _____ C:\Users\Andi\Downloads\defogger_disable.log
2013-11-24 14:13 - 2013-11-24 14:13 - 00009625 _____ C:\Users\Andi\Desktop\log_ESET.7z
2013-11-24 14:04 - 2013-11-24 14:04 - 00036850 _____ C:\Users\Andi\Desktop\FRST_alt.txt
2013-11-24 14:04 - 2013-11-24 14:04 - 00023873 _____ C:\Users\Andi\Desktop\Addition.txt
2013-11-24 13:51 - 2013-11-24 13:51 - 00092969 _____ C:\Users\Andi\Desktop\gmer.txt
2013-11-24 13:40 - 2013-11-24 13:40 - 00377856 _____ C:\Users\Andi\Downloads\gmer_2.1.19163.exe
2013-11-24 13:38 - 2013-11-27 13:04 - 00037845 _____ C:\Users\Andi\Downloads\FRST.txt
2013-11-24 13:36 - 2013-11-24 13:36 - 00000472 _____ C:\Users\Andi\Desktop\defogger_disable.log
2013-11-24 13:36 - 2013-11-24 13:36 - 00000000 _____ C:\Users\Admin\defogger_reenable
2013-11-24 13:34 - 2013-11-24 13:34 - 00050477 _____ C:\Users\Andi\Downloads\Defogger.exe
2013-11-24 08:54 - 2013-11-24 08:54 - 00000000 ____D C:\Users\Admin\Documents\Anti-Malware
2013-11-24 08:51 - 2013-11-24 08:54 - 209467344 _____ (Emsisoft GmbH                                               ) C:\Users\Andi\Downloads\EmsisoftAntiMalwareSetup.exe
2013-11-24 08:42 - 2013-11-24 08:42 - 00028988 _____ C:\Users\Admin\Downloads\Addition.txt
2013-11-24 08:40 - 2013-11-24 08:42 - 00041653 _____ C:\Users\Admin\Downloads\FRST.txt
2013-11-24 08:40 - 2013-11-24 08:40 - 01958396 _____ (Farbar) C:\Users\Admin\Downloads\FRST64.exe
2013-11-24 08:40 - 2013-11-24 08:40 - 00000000 ____D C:\FRST
2013-11-24 08:39 - 2013-11-24 08:39 - 01091525 _____ (Farbar) C:\Users\Admin\Downloads\FRST.exe
2013-11-24 08:26 - 2013-11-28 21:31 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1001UA1cee8e678ff332c.job
2013-11-24 08:26 - 2013-11-24 08:26 - 00004090 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1001UA1cee8e678ff332c
2013-11-23 20:59 - 2013-11-23 20:59 - 00000000 ____D C:\Users\Andi\Downloads\www.torrent.to...Gefaehrten.2011.DVDScr.German.AC3MD.XViD-PWND
2013-11-23 17:24 - 2013-11-23 17:25 - 00000000 ____D C:\Windows\SysWOW64\C2MP
2013-11-23 17:22 - 2013-11-23 17:24 - 42450960 _____ (VLC - Codec Pack) C:\Users\Andi\Downloads\vlc.codec.pack.v2.0.5.1.setup.exe
2013-11-23 16:35 - 2013-11-23 16:37 - 00000000 ____D C:\Users\Andi\Downloads\The Hobbit The Desolation of Smaug 2013
2013-11-23 16:32 - 2013-11-23 18:35 - 00000000 ____D C:\Users\Andi\Downloads\Der.Hobbit.Eine.unerwartete.Reise.2012.DVDRip.LD.German.XviD-CiNETiPP
2013-11-20 12:27 - 2013-11-23 09:41 - 00000000 ____D C:\Users\Andi\Downloads\Lucky Number Slevin 2006 [German].DVDScr (Dual Audio)
2013-11-19 06:29 - 2013-11-19 06:30 - 00000000 ____D C:\Users\Andi\AppData\Local\{51C3EEAD-C896-4909-B15A-D4D1A00705EF}
2013-11-17 16:43 - 2013-11-17 16:43 - 00000000 ____D C:\Users\Andi\Download
2013-11-16 11:53 - 2013-11-16 11:53 - 00262144 _____ C:\Windows\Minidump\111613-22464-01.dmp
2013-11-15 20:17 - 2013-11-15 20:21 - 00000000 ____D C:\Hörbücher
2013-11-14 20:34 - 2013-11-14 20:34 - 00262144 _____ C:\Windows\Minidump\111413-24710-01.dmp
2013-11-13 08:57 - 2013-10-12 09:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-13 08:57 - 2013-10-12 09:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-13 08:57 - 2013-10-12 09:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-13 08:57 - 2013-10-12 09:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-13 08:57 - 2013-10-12 09:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-13 08:57 - 2013-10-12 09:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-13 08:57 - 2013-10-12 09:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-13 08:57 - 2013-10-12 09:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-13 08:57 - 2013-10-12 09:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-13 08:57 - 2013-10-12 09:43 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-13 08:57 - 2013-10-12 09:43 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-13 08:57 - 2013-10-12 09:43 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-13 08:57 - 2013-10-12 09:43 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-13 08:57 - 2013-10-12 09:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-13 08:57 - 2013-10-12 08:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-13 08:57 - 2013-10-12 08:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-13 08:57 - 2013-10-12 08:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-13 08:57 - 2013-10-12 08:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-13 08:57 - 2013-10-12 08:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-13 08:57 - 2013-10-12 08:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-13 08:57 - 2013-10-12 08:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-13 08:57 - 2013-10-12 08:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-13 08:57 - 2013-10-12 08:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-13 08:57 - 2013-10-12 08:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-13 08:57 - 2013-10-12 08:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-13 08:57 - 2013-10-12 08:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-13 08:57 - 2013-10-12 08:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-13 08:57 - 2013-10-12 07:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-13 08:57 - 2013-10-12 07:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-13 08:57 - 2013-10-12 06:44 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-13 08:57 - 2013-10-12 06:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-13 07:23 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-13 07:23 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-13 07:23 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-13 07:23 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-13 07:23 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-13 07:23 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-13 07:23 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-13 07:23 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-13 07:23 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-13 07:23 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-13 07:23 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-13 07:23 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-13 07:23 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-13 07:23 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-13 07:23 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-13 07:23 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-13 07:23 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-13 07:23 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-13 07:23 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-13 07:23 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-13 07:23 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-13 07:23 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-13 07:23 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-13 07:23 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-13 07:23 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-13 07:23 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-13 07:23 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-13 07:23 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-13 07:23 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-13 07:23 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-10 14:25 - 2013-11-10 14:25 - 00001196 _____ C:\Users\Admin\Desktop\BitTorrent.lnk
2013-11-10 14:25 - 2013-11-10 14:25 - 00000000 ____D C:\Users\Admin\AppData\Roaming\BitTorrent
2013-11-10 14:24 - 2013-11-24 08:28 - 00000000 ____D C:\Users\Andi\AppData\Roaming\BitTorrent
2013-11-10 14:23 - 2013-11-10 14:23 - 01137240 _____ (BitTorrent Inc.) C:\Users\Andi\Downloads\BitTorrent7.8.2_b30265.exe
2013-11-04 22:58 - 2013-11-04 22:58 - 00001406 _____ C:\Users\Andi\Desktop\TinyPic - Verknüpfung.lnk

==================== One Month Modified Files and Folders =======

2013-11-28 22:00 - 2013-11-27 13:04 - 00018645 _____ C:\Users\Andi\Desktop\FRST.txt
2013-11-28 21:59 - 2013-11-28 21:59 - 01959024 _____ (Farbar) C:\Users\Andi\Desktop\FRST64.exe
2013-11-28 21:56 - 2013-11-28 21:56 - 00000988 _____ C:\Users\Andi\Desktop\checkup.txt
2013-11-28 21:55 - 2013-10-08 08:50 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cec3fb17587276.job
2013-11-28 21:52 - 2013-11-28 21:52 - 00000988 _____ C:\Users\Admin\Desktop\checkup.txt
2013-11-28 21:37 - 2012-10-10 22:33 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-28 21:31 - 2013-11-24 08:26 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1001UA1cee8e678ff332c.job
2013-11-28 21:17 - 2013-10-12 20:12 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1002UA1cec77f502d0aa.job
2013-11-28 21:17 - 2012-06-02 13:35 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1002Core.job
2013-11-28 18:03 - 2009-07-14 05:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-28 18:03 - 2009-07-14 05:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-28 18:00 - 2012-01-16 04:15 - 00669464 _____ C:\Windows\system32\perfh007.dat
2013-11-28 18:00 - 2012-01-16 04:15 - 00134990 _____ C:\Windows\system32\perfc007.dat
2013-11-28 18:00 - 2009-07-14 06:13 - 01528364 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-28 17:58 - 2013-11-28 17:58 - 00891184 _____ C:\Users\Andi\Desktop\SecurityCheck.exe
2013-11-28 17:57 - 2013-11-28 17:57 - 02347384 _____ (ESET) C:\Users\Andi\Desktop\esetsmartinstaller_enu.exe
2013-11-28 17:57 - 2012-01-15 19:22 - 01626572 _____ C:\Windows\WindowsUpdate.log
2013-11-28 17:55 - 2013-07-08 16:40 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-28 17:55 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-28 17:55 - 2009-07-14 05:51 - 00181827 _____ C:\Windows\setupact.log
2013-11-27 13:04 - 2013-11-24 13:38 - 00037845 _____ C:\Users\Andi\Downloads\FRST.txt
2013-11-27 12:57 - 2012-06-02 13:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-27 12:56 - 2013-11-27 12:56 - 00001120 _____ C:\Users\Admin\Desktop\JRT.txt
2013-11-27 12:50 - 2013-11-27 12:50 - 00000000 ____D C:\Windows\ERUNT
2013-11-27 12:47 - 2013-11-27 12:48 - 00007207 _____ C:\Users\Andi\Desktop\AdwCleaner[S0].txt
2013-11-27 12:41 - 2013-11-27 12:29 - 00000000 ____D C:\AdwCleaner
2013-11-27 12:35 - 2012-06-02 13:24 - 00001333 _____ C:\Users\Admin\Desktop\Google Chrome.lnk
2013-11-27 12:35 - 2012-06-02 13:24 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2013-11-27 12:35 - 2012-06-02 13:17 - 00001057 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-11-27 12:35 - 2012-06-02 13:10 - 00000891 _____ C:\Users\Admin\Desktop\iexplore - Verknüpfung.lnk
2013-11-27 12:35 - 2012-06-02 11:23 - 00001200 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-11-27 12:15 - 2013-11-27 12:15 - 00000000 ____D C:\Users\Andi\AppData\Roaming\Malwarebytes
2013-11-27 12:14 - 2010-11-21 04:47 - 00346278 _____ C:\Windows\PFRO.log
2013-11-27 12:11 - 2013-11-27 12:11 - 01034531 _____ (Thisisu) C:\Users\Andi\Desktop\JRT.exe
2013-11-27 12:10 - 2013-11-27 12:10 - 01091882 _____ C:\Users\Andi\Desktop\adwcleaner.exe
2013-11-27 11:58 - 2013-11-27 11:58 - 00001117 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-11-27 11:58 - 2013-11-27 11:58 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Malwarebytes
2013-11-27 11:58 - 2013-11-27 11:58 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-27 11:58 - 2013-11-27 11:58 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-27 11:57 - 2013-11-27 11:57 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Andi\Downloads\mbam-setup-1.75.0.1300.exe
2013-11-27 09:23 - 2013-09-13 22:21 - 00001068 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1001Core1ceb0c727a22316.job
2013-11-26 15:29 - 2013-11-26 15:29 - 04101441 _____ C:\Users\Admin\Downloads\tdsskiller(1).zip
2013-11-26 15:28 - 2013-11-26 15:28 - 04101441 _____ C:\Users\Admin\Downloads\tdsskiller.zip
2013-11-26 15:23 - 2013-11-26 15:23 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Andi\Desktop\tdsskiller.exe
2013-11-25 01:50 - 2013-11-25 01:48 - 00000000 ___SD C:\32788R22FWJFW
2013-11-25 01:48 - 2009-07-14 06:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-11-24 19:59 - 2013-11-24 19:59 - 00603312 _____ (Emsisoft GmbH) C:\Users\Andi\Downloads\emsiclean.exe
2013-11-24 19:59 - 2013-11-24 19:59 - 00122614 _____ C:\Users\Andi\Downloads\EmsiClean_2013.11.24_19.59.55.txt
2013-11-24 19:42 - 2012-06-02 11:43 - 00000000 ____D C:\ProgramData\clear.fi
2013-11-24 18:06 - 2013-11-24 18:06 - 00000000 ____D C:\Windows\pss
2013-11-24 16:54 - 2013-11-24 16:43 - 00000000 ____D C:\Windows\erdnt
2013-11-24 16:54 - 2009-07-14 03:34 - 79691776 _____ C:\Windows\system32\config\SOFTWARE.bak
2013-11-24 16:54 - 2009-07-14 03:34 - 23068672 _____ C:\Windows\system32\config\SYSTEM.bak
2013-11-24 16:54 - 2009-07-14 03:34 - 00524288 _____ C:\Windows\system32\config\DEFAULT.bak
2013-11-24 16:54 - 2009-07-14 03:34 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak
2013-11-24 16:54 - 2009-07-14 03:34 - 00262144 _____ C:\Windows\system32\config\SAM.bak
2013-11-24 16:43 - 2013-11-24 16:43 - 00000000 ____D C:\Qoobox
2013-11-24 16:40 - 2013-11-24 16:40 - 05149261 ____R (Swearware) C:\Users\Andi\Desktop\ComboFix.exe
2013-11-24 14:41 - 2013-11-24 14:41 - 00000472 _____ C:\Users\Andi\Downloads\defogger_disable.log
2013-11-24 14:13 - 2013-11-24 14:13 - 00009625 _____ C:\Users\Andi\Desktop\log_ESET.7z
2013-11-24 14:04 - 2013-11-24 14:04 - 00036850 _____ C:\Users\Andi\Desktop\FRST_alt.txt
2013-11-24 14:04 - 2013-11-24 14:04 - 00023873 _____ C:\Users\Andi\Desktop\Addition.txt
2013-11-24 13:51 - 2013-11-24 13:51 - 00092969 _____ C:\Users\Andi\Desktop\gmer.txt
2013-11-24 13:40 - 2013-11-24 13:40 - 00377856 _____ C:\Users\Andi\Downloads\gmer_2.1.19163.exe
2013-11-24 13:36 - 2013-11-24 13:36 - 00000472 _____ C:\Users\Andi\Desktop\defogger_disable.log
2013-11-24 13:36 - 2013-11-24 13:36 - 00000000 _____ C:\Users\Admin\defogger_reenable
2013-11-24 13:36 - 2012-06-02 11:21 - 00000000 ____D C:\Users\Admin
2013-11-24 13:34 - 2013-11-24 13:34 - 00050477 _____ C:\Users\Andi\Downloads\Defogger.exe
2013-11-24 08:54 - 2013-11-24 08:54 - 00000000 ____D C:\Users\Admin\Documents\Anti-Malware
2013-11-24 08:54 - 2013-11-24 08:51 - 209467344 _____ (Emsisoft GmbH                                               ) C:\Users\Andi\Downloads\EmsisoftAntiMalwareSetup.exe
2013-11-24 08:42 - 2013-11-24 08:42 - 00028988 _____ C:\Users\Admin\Downloads\Addition.txt
2013-11-24 08:42 - 2013-11-24 08:40 - 00041653 _____ C:\Users\Admin\Downloads\FRST.txt
2013-11-24 08:40 - 2013-11-24 08:40 - 01958396 _____ (Farbar) C:\Users\Admin\Downloads\FRST64.exe
2013-11-24 08:40 - 2013-11-24 08:40 - 00000000 ____D C:\FRST
2013-11-24 08:39 - 2013-11-24 08:39 - 01091525 _____ (Farbar) C:\Users\Admin\Downloads\FRST.exe
2013-11-24 08:28 - 2013-11-10 14:24 - 00000000 ____D C:\Users\Andi\AppData\Roaming\BitTorrent
2013-11-24 08:26 - 2013-11-24 08:26 - 00004090 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1001UA1cee8e678ff332c
2013-11-24 08:26 - 2013-09-13 22:21 - 00003694 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1001Core1ceb0c727a22316
2013-11-24 08:23 - 2012-06-02 11:21 - 00119864 _____ C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-24 08:11 - 2013-08-27 06:26 - 00000000 ____D C:\Users\Andi\AppData\Roaming\vlc
2013-11-23 20:59 - 2013-11-23 20:59 - 00000000 ____D C:\Users\Andi\Downloads\www.torrent.to...Gefaehrten.2011.DVDScr.German.AC3MD.XViD-PWND
2013-11-23 18:35 - 2013-11-23 16:32 - 00000000 ____D C:\Users\Andi\Downloads\Der.Hobbit.Eine.unerwartete.Reise.2012.DVDRip.LD.German.XviD-CiNETiPP
2013-11-23 17:31 - 2013-07-08 16:40 - 00000000 ____D C:\Program Files (x86)\Google
2013-11-23 17:31 - 2012-06-02 13:19 - 00000000 ____D C:\Users\Admin\AppData\Local\Google
2013-11-23 17:25 - 2013-11-23 17:24 - 00000000 ____D C:\Windows\SysWOW64\C2MP
2013-11-23 17:24 - 2013-11-23 17:22 - 42450960 _____ (VLC - Codec Pack) C:\Users\Andi\Downloads\vlc.codec.pack.v2.0.5.1.setup.exe
2013-11-23 16:37 - 2013-11-23 16:35 - 00000000 ____D C:\Users\Andi\Downloads\The Hobbit The Desolation of Smaug 2013
2013-11-23 15:11 - 2012-06-04 21:00 - 00000000 ____D C:\Fotos
2013-11-23 09:41 - 2013-11-20 12:27 - 00000000 ____D C:\Users\Andi\Downloads\Lucky Number Slevin 2006 [German].DVDScr (Dual Audio)
2013-11-23 09:28 - 2012-08-14 20:29 - 00000000 ____D C:\Users\Andi\AppData\Roaming\SoftGrid Client
2013-11-19 06:30 - 2013-11-19 06:29 - 00000000 ____D C:\Users\Andi\AppData\Local\{51C3EEAD-C896-4909-B15A-D4D1A00705EF}
2013-11-17 16:43 - 2013-11-17 16:43 - 00000000 ____D C:\Users\Andi\Download
2013-11-17 16:43 - 2012-06-05 06:00 - 00000000 ____D C:\Users\Andi
2013-11-16 11:53 - 2013-11-16 11:53 - 00262144 _____ C:\Windows\Minidump\111613-22464-01.dmp
2013-11-16 11:53 - 2012-07-09 11:24 - 00000000 ____D C:\Windows\Minidump
2013-11-16 11:53 - 2012-07-09 11:23 - 519110408 _____ C:\Windows\MEMORY.DMP
2013-11-15 20:21 - 2013-11-15 20:17 - 00000000 ____D C:\Hörbücher
2013-11-14 20:34 - 2013-11-14 20:34 - 00262144 _____ C:\Windows\Minidump\111413-24710-01.dmp
2013-11-14 06:46 - 2013-10-16 22:18 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-11-14 06:46 - 2013-04-15 21:58 - 00001935 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2013-11-13 16:09 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-11-13 08:57 - 2013-08-15 14:17 - 00000000 ____D C:\Windows\system32\MRT
2013-11-13 08:55 - 2013-08-15 14:17 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-13 07:29 - 2013-09-12 06:01 - 00000000 ____D C:\Program Files\Microsoft Office 15
2013-11-11 05:50 - 2010-11-21 04:27 - 00267936 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2013-11-10 16:04 - 2013-02-07 07:26 - 00000000 ____D C:\Filme und Serien
2013-11-10 14:25 - 2013-11-10 14:25 - 00001196 _____ C:\Users\Admin\Desktop\BitTorrent.lnk
2013-11-10 14:25 - 2013-11-10 14:25 - 00000000 ____D C:\Users\Admin\AppData\Roaming\BitTorrent
2013-11-10 14:23 - 2013-11-10 14:23 - 01137240 _____ (BitTorrent Inc.) C:\Users\Andi\Downloads\BitTorrent7.8.2_b30265.exe
2013-11-04 22:58 - 2013-11-04 22:58 - 00001406 _____ C:\Users\Andi\Desktop\TinyPic - Verknüpfung.lnk
2013-11-02 19:58 - 2012-06-02 13:28 - 00119864 _____ C:\Users\Angi\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-02 17:15 - 2012-06-02 13:52 - 00000000 ____D C:\Users\Angi\AppData\Roaming\SoftGrid Client
2013-11-02 16:55 - 2012-08-18 11:00 - 00000000 ____D C:\Users\Angi\Downloads\Rezepte
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install

Some content of TEMP:
====================
C:\Users\Admin\AppData\Local\temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender


LastRegBack: 2013-11-20 00:09

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---

Alt 29.11.2013, 19:45   #13
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7: Befall von mehreren Trojanern/Viren -Win64/Conedex.B + C + I, Win64/Sirefef.AZ+BJ - Standard

Windows 7: Befall von mehreren Trojanern/Viren -Win64/Conedex.B + C + I, Win64/Sirefef.AZ+BJ



Combofix bitte löschen und neu laden, und nochmal laufen lassen.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 29.11.2013, 21:27   #14
oigen
 
Windows 7: Befall von mehreren Trojanern/Viren -Win64/Conedex.B + C + I, Win64/Sirefef.AZ+BJ - Standard

Windows 7: Befall von mehreren Trojanern/Viren -Win64/Conedex.B + C + I, Win64/Sirefef.AZ+BJ



Code:
ATTFilter
ComboFix 13-11-27.01 - Admin 29.11.2013  21:00:20.5.4 - x64
ausgeführt von:: C:\Users\Andi\Desktop\ComboFix.exe
         
Selbes Ergebnis wie letztes Mal - wieder das laufende Fenster...

Alt 01.12.2013, 09:51   #15
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7: Befall von mehreren Trojanern/Viren -Win64/Conedex.B + C + I, Win64/Sirefef.AZ+BJ - Standard

Windows 7: Befall von mehreren Trojanern/Viren -Win64/Conedex.B + C + I, Win64/Sirefef.AZ+BJ



Sorry für die Verspätung, liege flach mit Grippe.

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Windows 7: Befall von mehreren Trojanern/Viren -Win64/Conedex.B + C + I, Win64/Sirefef.AZ+BJ
bingbar, flash player, hijack.startpage, iexplore.exe, launch, ntdll.dll, office 365, plug-in, pup.optional.1clickdownload.a, pup.optional.337technologies.a, pup.optional.crossrider.a, pup.optional.freehdsport.a, pup.optional.qone8, pup.optional.qvo6.a, pup.optional.tvapp.a, pup.optional.webcake.a, pup.webcake, services.exe, svchost.exe, wildtangent games, win32/kryptik.bpoa, win32/sirefef.fv, win64/conedex.b, win64/conedex.c, win64/conedex.i, win64/sirefef.az, win64/sirefef.az+bj, win64/sirefef.bj, windows, winlogon.exe



Ähnliche Themen: Windows 7: Befall von mehreren Trojanern/Viren -Win64/Conedex.B + C + I, Win64/Sirefef.AZ+BJ


  1. Windows 7 Trojaner eingefangen, evtl. Win64/Sathurbot.A, Win32/Kryptik.CMWL, Win64/Sathurbot.A u. a.
    Log-Analyse und Auswertung - 14.10.2014 (15)
  2. Win64/Sirefef.AB, W, !cfg, AE
    Plagegeister aller Art und deren Bekämpfung - 23.02.2013 (1)
  3. Win64/Patched.A und Luhe.Sirefef.A gefunden
    Log-Analyse und Auswertung - 21.01.2013 (5)
  4. Win64:Sirefef-A [Trj]
    Plagegeister aller Art und deren Bekämpfung - 20.01.2013 (38)
  5. Trojanisches Pferd Win64:Sirefef-A (trj)
    Plagegeister aller Art und deren Bekämpfung - 07.10.2012 (3)
  6. Virus/Trojaner: Win64/sirefef.A ; Win64/sirefef.AB ; Win64/sirefef.W ; Auto-Neustart nach 1 Minute
    Plagegeister aller Art und deren Bekämpfung - 13.08.2012 (18)
  7. win 32:Sirefef-AO und Malware.gen, win64:Sirefef-A gefunden von avast!
    Log-Analyse und Auswertung - 11.08.2012 (1)
  8. Win64/Sirefef.AE Trojaner Win64/Agent.BA TrojanerC:\Windows\Installer\{f041020c-58e9-a705-4143-4ddcc
    Plagegeister aller Art und deren Bekämpfung - 25.07.2012 (7)
  9. Virusbefall (Trojan.Generic, Trojan.Sirefef, Win64.Sirefef, Win32.Atraps) bei windows installer & Co
    Plagegeister aller Art und deren Bekämpfung - 23.07.2012 (19)
  10. Trojanerbefall von: TR/Atraps.gen & 2 + BDS/ZAccess.T + Win64/Sirefef.AL
    Log-Analyse und Auswertung - 23.07.2012 (5)
  11. Win64:Sirefef-A (Trj) und Win32:Sirefef-AO (Rtk) eingefangen
    Log-Analyse und Auswertung - 10.06.2012 (14)
  12. Trojan:Win32/Win64/Sirefef; Trojan:Win32/Conedex und Trojandropper:Win32/Sirefef
    Plagegeister aller Art und deren Bekämpfung - 14.03.2012 (11)
  13. Trojan:Win64/Sirefef.K, Sirefef.E und Sirefef.D kommen immer wieder
    Plagegeister aller Art und deren Bekämpfung - 04.01.2012 (1)
  14. Win64/Sirefef.D / E / K
    Plagegeister aller Art und deren Bekämpfung - 03.01.2012 (2)
  15. Trojaner-Befall durch Trojan:Win64/Sirefef.k .d .e
    Log-Analyse und Auswertung - 03.01.2012 (1)
  16. Trojan:Win64/Sirefef.K + Trojan:Win64/Sirefef.D + Trojan:Win64/Sirefef.E
    Plagegeister aller Art und deren Bekämpfung - 02.01.2012 (19)
  17. Trojan:win64/sirefef.b in file:C:\Windows\assembly\tmp\U\800000cb.@
    Plagegeister aller Art und deren Bekämpfung - 29.08.2011 (13)

Zum Thema Windows 7: Befall von mehreren Trojanern/Viren -Win64/Conedex.B + C + I, Win64/Sirefef.AZ+BJ - Liebes TB-Team, ich habe seit gestern Probleme mit mehreren Trojanern/Viren - laut dem Log von ESET sind das: Win64/Conedex.B trojan Win64/Conedex.C trojan Win64/Conedex.I trojan Win64/Sirefef.AZ Win64/Sirefef.BJ Win32/Sirefef.FV Win32/Kryptik.BPOA Seit dem - Windows 7: Befall von mehreren Trojanern/Viren -Win64/Conedex.B + C + I, Win64/Sirefef.AZ+BJ...
Archiv
Du betrachtest: Windows 7: Befall von mehreren Trojanern/Viren -Win64/Conedex.B + C + I, Win64/Sirefef.AZ+BJ auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.