Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Windows 7 : Avg melded Tojaner: dropper.generik8.CLXE und kann ihn nicht entfernen

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 11.11.2013, 20:35   #1
mariomon11
 
Windows 7 : Avg melded Tojaner: dropper.generik8.CLXE und kann ihn nicht entfernen - Standard

Windows 7 : Avg melded Tojaner: dropper.generik8.CLXE und kann ihn nicht entfernen



Seit ein paar Tagen gibt mir Avg meldung, sobald ich irgendetwas starte oder ausführe, über einen Tojaner: dropper.generik8.CLXE , wenn das Programm versucht diesen zu entfernen, schlägt es entweder fehl oder (selten) es wird "entfernt" ,kommt aber nach 5 minuten wieder. Ich würde den Trojaner den gerne loswerden.

Defogger Log:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 20:05 on 11/11/2013 (Kiwi)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

FRST Log:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-11-2013 01
Ran by Kiwi (administrator) on GAMER-PC on 11-11-2013 20:07:30
Running from C:\Users\Kiwi\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Conexant Systems Inc.) C:\Windows\system32\CxAudMsg64.exe
(Lenovo (Beijing) Limited) C:\Program Files\Lenovo\Instant Reset\DamageGuardSvc.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
() C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Spotify Ltd) C:\Users\Kiwi\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Nexon Korea Corp.) C:\Nexon\NexonPlug\NexonPlug.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
() C:\Program Files\Rainmeter\Rainmeter.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\loggingserver.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
( ) C:\Program Files (x86)\LockKey\LockKey.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331_STI.EXE
(Lenovo) C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(cyberlink) C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\Bluetooth Headset Helper.exe
() C:\Program Files (x86)\Trust Gaming Mouse\Mouse.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
() C:\Program Files (x86)\AVG Secure Search\vprot.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(McAfee, Inc.) c:\PROGRA~2\mcafee\SITEAD~1\saui.exe
(Microsoft Corporation) C:\Windows\system32\taskmgr.exe
() C:\Users\Kiwi\Desktop\Defogger.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [cAudioFilterAgent] - C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe [564352 2011-12-15] (Conexant Systems, Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2867984 2011-12-22] (Synaptics Incorporated)
HKLM\...\Run: [Energy Management] - C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [8079408 2012-05-21] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] - C:\Program Files (x86)\Lenovo\Energy Management\utility.exe [6199128 2012-05-21] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo EE Boot Optimizer] - C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [206176 2012-05-21] (Lenovo)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Pando Media Booster] - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2013-01-01] ()
HKCU\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1820584 2013-10-30] (Valve Corporation)
HKCU\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1476104 2012-12-20] (Samsung)
HKCU\...\Run: [KiesAirMessage] - C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe [578560 2012-12-18] (Samsung Electronics)
HKCU\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844296 2012-12-20] (Samsung)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
HKCU\...\Run: [Spotify] - C:\Users\Kiwi\AppData\Roaming\Spotify\spotify.exe [4643328 2013-06-23] (Spotify Ltd)
HKCU\...\Run: [Spotify Web Helper] - C:\Users\Kiwi\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1104384 2013-06-23] (Spotify Ltd)
HKCU\...\Run: [NexonPlug] - C:\Nexon\NexonPlug\NexonPlug.exe [2120024 2013-10-16] (Nexon Korea Corp.)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation)
HKLM-x32\...\Run: [LockKey] - C:\Program Files (x86)\LockKey\LockKey.exe [337776 2011-08-25] ( )
HKLM-x32\...\Run: [Dolby Advanced Audio v2] - C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [507744 2011-12-20] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [331BigDog] - C:\Program Files (x86)\USB Camera\VM331_STI.EXE [548864 2011-11-24] (Vimicro)
HKLM-x32\...\Run: [YouCam Mirage] - C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2011-01-28] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] - C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [228448 2011-01-28] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] - C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [VeriFaceManager] - C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2012-05-21] (Lenovo)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [87336 2010-02-02] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] - C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2011-09-28] (cyberlink)
HKLM-x32\...\Run: [UpdatePRCShortCut] - C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [Trust Gaming Mouse] - C:\Program Files (x86)\Trust Gaming Mouse\Mouse.exe [2245632 2011-01-17] ()
HKLM-x32\...\Run: [TQ566808] - "F:\Setup.exe"
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310280 2012-12-20] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4908592 2013-10-07] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] - C:\Program Files (x86)\AVG Secure Search\vprot.exe [2404376 2013-10-02] ()
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2345296 2013-10-01] (LogMeIn Inc.)
HKU\Default\...\RunOnce: [Lenovo.ShowBand] - C:\Program Files\Lenovo\SimpleTap DeskBand\ShowBand.exe [52584 2013-08-08] (Lenovo)
HKU\Default User\...\RunOnce: [Lenovo.ShowBand] - C:\SWTOOLS\SimpleTap DeskBand\ShowBand.exe /show
AppInit_DLLs: c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll c:\windows\system32\nvinitx.dll [1952224 2013-10-22] ()
AppInit_DLLs-x32: c:\progra~3\bitguard\271769~1.27\{c16c1~1\bitguard.dll [2735584 2013-10-22] ()
Lsa: [Notification Packages] scecli C:\Program Files\Lenovo\Bluetooth Software\BtwProximityCP.dll
Startup: C:\Users\Kiwi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Kiwi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.nexon.com
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://search.babylon.com/?babsrc=HP_ss_din2g&mntrId=1855C01885D2AB98&affID=121845&tt=180613_ndtc&tsp=4919
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/
URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=1855C01885D2AB98&affID=121845&tt=180613_ndtc&tsp=4919
SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=1855C01885D2AB98&affID=121845&tt=180613_ndtc&tsp=4919
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.21.5\bh\delta.dll (Delta-search.com)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} - No File
Toolbar: HKLM-x32 - Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.21.5\deltaTlbr.dll (Delta-search.com)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.0.12\ViProtocol.dll (AVG Secure Search)

Chrome:
=======
CHR HomePage: hxxp://isearch.avg.com?cid={010A57FD-D70D-43C0-A11D-52D7B495A5D6}&mid=8ff00883eaf247d384991151c336426b-b49c419320561ec3b366d6005ff47f2eedf4150b&lang=en&ds=AVG&coid=avgtbavg&pr=pr&d=2013-09-25 18:01:43&v=17.0.1.12&pid=avg&sg=0&sap=hp
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.2.0\\npsitesafety.dll (AVG Technologies)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java(TM) Platform SE 7 U10) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.100.18) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Extension: (SiteAdvisor) - C:\Users\Kiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.6.2.1341_1
CHR Extension: (Google Docs) - C:\Users\Kiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Kiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Kiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Adblock Plus) - C:\Users\Kiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.6.1_0
CHR Extension: (Google Search) - C:\Users\Kiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (FrankerFaceZ) - C:\Users\Kiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\fadndhdgpmmaapbmfcknlfgcflmmmieb\1.40_0
CHR Extension: (SiteAdvisor) - C:\Users\Kiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.6.2.1341_1
CHR Extension: (Auto Replay for YouTube) - C:\Users\Kiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb\1.9.28_0
CHR Extension: (Auto HD For YouTube\u2122) - C:\Users\Kiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\koiaokdomkpjdgniimnkhgbilbjgpeak\5.24_0
CHR Extension: (Pokemon Red) - C:\Users\Kiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\njkgicmllgmdcfmfpjmkaoepfikefmlh\1_0
CHR Extension: (Google Wallet) - C:\Users\Kiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Gmail) - C:\Users\Kiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [eooncjejnppfjjklapaamhcdmjbilmde] - C:\Users\Kiwi\AppData\Roaming\BabSolution\CR\Delta.crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\17.0.0.12\avg.crx

==================== Services (Whitelisted) =================

R2 avgfws; C:\Program Files (x86)\AVG\AVG2014\avgfws.exe [1358944 2013-09-25] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3538480 2013-10-03] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [301152 2013-09-25] (AVG Technologies CZ, s.r.o.)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [945440 2012-02-01] (Broadcom Corporation.)
S2 CLKMSVC10_3A60B698; C:\Program Files (x86)\Lenovo\PowerDVD10\NavFilter\kmsvc.exe [241648 2011-04-20] (CyberLink)
R2 DamageGuardSvc; C:\Program Files\Lenovo\Instant Reset\DamageGuardSvc.exe [572976 2012-02-13] (Lenovo (Beijing) Limited)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-28] (Intel Corporation)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [30184 2013-08-08] ()
R2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe [101048 2011-02-16] (McAfee, Inc.)
S3 npggsvc; C:\Windows\SysWow64\GameMon.des [5127200 2013-05-26] (INCA Internet Co., Ltd.)
R2 vToolbarUpdater17.0.12; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe [1734680 2013-10-02] (AVG Secure Search)

==================== Drivers (Whitelisted) ====================

S3 ActionReplayDS; C:\Windows\System32\Drivers\ActionReplayDS_x64.sys [51600 2007-02-08] (Thesycon GmbH, Germany)
R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [22600 2013-03-21] (AVAST Software)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [147768 2013-09-25] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [57144 2013-11-03] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-05-04] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-05-04] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206136 2013-05-04] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311096 2013-05-04] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-05-04] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-05-04] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [239416 2013-05-04] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-10-02] (AVG Technologies)
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [134696 2012-02-02] (Broadcom Corporation.)
R1 DamageGuard; C:\Windows\System32\DRIVERS\DamageGuardX64.sys [217392 2012-02-10] (Lenovo)
R1 dgFltr; C:\Windows\System32\drivers\dgFltrX64.sys [23648 2011-12-13] (Lenovo)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [952832 2011-12-06] (Vimicro Corporation)
U3 BcmSqlStartupSvc;
U2 CLKMSVC10_C3B3B687;
U2 DriverService;
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
U2 iATAgentService;
U2 idealife Update Service;
U3 IGRS;
U2 IviRegMgr;
U2 Oasis2Service;
U2 PCCarerService;
U2 ReadyComm.DirectRouter;
U2 RichVideo;
U2 RtLedService;
U2 SeaPort;
U2 SoftwareService;
U3 SQLWriter;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-11 20:06 - 2013-11-11 20:06 - 00000000 ____D C:\FRST
2013-11-11 20:05 - 2013-11-11 20:05 - 00000470 _____ C:\Users\Kiwi\Desktop\defogger_disable.log
2013-11-11 20:05 - 2013-11-11 20:05 - 00000000 _____ C:\Users\Kiwi\defogger_reenable
2013-11-11 20:04 - 2013-11-11 20:03 - 01957590 _____ (Farbar) C:\Users\Kiwi\Desktop\FRST64.exe
2013-11-11 20:04 - 2013-11-11 20:03 - 00377856 _____ C:\Users\Kiwi\Desktop\gmer_2.1.19163.exe
2013-11-11 20:04 - 2013-11-11 20:03 - 00050477 _____ C:\Users\Kiwi\Desktop\Defogger.exe
2013-11-11 20:03 - 2013-11-11 20:03 - 01957590 _____ (Farbar) C:\Users\Kiwi\Downloads\FRST64.exe
2013-11-11 20:03 - 2013-11-11 20:03 - 00377856 _____ C:\Users\Kiwi\Downloads\gmer_2.1.19163.exe
2013-11-11 20:03 - 2013-11-11 20:03 - 00050477 _____ C:\Users\Kiwi\Downloads\Defogger.exe
2013-11-11 19:48 - 2013-11-11 19:48 - 00000000 ____D C:\AdwCleaner
2013-11-11 19:47 - 2013-11-11 19:47 - 01085542 _____ C:\Users\Kiwi\Downloads\adwcleaner.exe
2013-11-11 19:33 - 2013-11-12 04:38 - 00000000 _____ C:\Recovery.txt
2013-11-11 19:04 - 2013-11-11 19:04 - 00000000 ____D C:\Users\Kiwi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte
2013-11-11 18:37 - 2013-11-11 19:23 - 00001908 _____ C:\Windows\diagwrn.xml
2013-11-11 18:37 - 2013-11-11 19:23 - 00001908 _____ C:\Windows\diagerr.xml
2013-11-11 18:37 - 2013-11-11 18:57 - 00000000 ____D C:\$WINDOWS.~BT
2013-11-04 19:24 - 2013-11-04 19:24 - 00000000 ____D C:\Users\Kiwi\AppData\Roaming\Adobe
2013-11-04 19:24 - 2013-11-04 19:24 - 00000000 ____D C:\Users\Kiwi\AppData\Roaming\Adobe
2013-11-04 17:39 - 2013-11-04 19:19 - 00000000 ____D C:\ProgramData\MFAData
2013-11-04 17:39 - 2013-11-04 19:19 - 00000000 ____D C:\ProgramData\MFAData
2013-11-04 17:39 - 2013-11-04 17:39 - 00000000 ____D C:\Users\Kiwi\AppData\Local\MFAData
2013-11-04 17:39 - 2013-11-04 17:39 - 00000000 ____D C:\Users\Kiwi\AppData\Local\MFAData
2013-11-04 17:39 - 2013-11-04 17:39 - 00000000 ____D C:\Users\Kiwi\AppData\Local\Avg2014
2013-11-04 17:39 - 2013-11-04 17:39 - 00000000 ____D C:\Users\Kiwi\AppData\Local\Avg2014
2013-11-04 17:38 - 2013-11-04 17:38 - 04424240 _____ (AVG Technologies) C:\Users\Kiwi\Downloads\avg_avct_stb_all_2014_4116_cm10.exe
2013-11-03 18:26 - 2013-11-03 18:26 - 00057144 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgfwd6a.sys
2013-11-03 18:22 - 2013-11-03 18:22 - 04436536 _____ (AVG Technologies) C:\Users\Kiwi\Downloads\avg_isct_stb_all_2014_4158.exe
2013-11-03 17:53 - 2013-11-03 17:53 - 00000000 ____D C:\Users\Kiwi\AppData\Local\Google
2013-11-03 17:53 - 2013-11-03 17:53 - 00000000 ____D C:\Users\Kiwi\AppData\Local\Google
2013-11-03 03:00 - 2013-11-03 03:00 - 00000000 ____D C:\ProgramData\BitGuard
2013-11-03 03:00 - 2013-11-03 03:00 - 00000000 ____D C:\ProgramData\BitGuard
2013-11-02 21:40 - 2013-11-03 14:09 - 00000165 _____ C:\Users\Kiwi\Desktop\tembild.txt
2013-10-29 21:18 - 2013-10-29 21:18 - 00000000 ____D C:\Users\Kiwi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
2013-10-24 19:18 - 2013-10-31 01:04 - 00001981 _____ C:\Users\Kiwi\Desktop\cooki.txt
2013-10-23 17:49 - 2013-10-23 17:49 - 00837410 _____ C:\Users\Kiwi\Downloads\117826 Duca - Welcome Berry's (1).osz
2013-10-22 02:11 - 2013-10-22 02:16 - 258366720 _____ (NVIDIA Corporation) C:\Users\Kiwi\Downloads\331.58-notebook-win8-win7-64bit-international-whql.exe
2013-10-21 20:47 - 2013-10-21 20:47 - 00001290 _____ C:\Users\Kiwi\Desktop\MineLaunchSP - Verknüpfung.lnk
2013-10-21 20:45 - 2013-10-21 20:45 - 00000000 ____D C:\Users\Kiwi\Desktop\minecraft
2013-10-21 18:39 - 2013-10-21 18:39 - 00000000 ____D C:\Users\Kiwi\Downloads\mc152-mods (1)
2013-10-21 18:20 - 2013-10-21 18:38 - 544515098 _____ C:\Users\Kiwi\Downloads\mc152-mods (1).zip
2013-10-21 18:08 - 2013-10-21 18:14 - 172932726 _____ C:\Users\Kiwi\Downloads\mc152-mods.zip
2013-10-18 19:32 - 2013-10-18 19:32 - 911787894 _____ C:\Windows\MEMORY.DMP
2013-10-18 19:32 - 2013-10-18 19:32 - 00286584 _____ C:\Windows\Minidump\101813-49405-01.dmp
2013-10-18 19:30 - 2013-10-18 19:30 - 02795931 _____ C:\Users\Kiwi\Downloads\27862 Suzaku - VANESSA.osz
2013-10-18 12:09 - 2013-10-18 12:09 - 00002832 _____ C:\Users\Kiwi\Documents\norm.rms
2013-10-18 00:42 - 2013-10-18 00:42 - 00005808 _____ C:\Users\Kiwi\Documents\olk.rms
2013-10-17 21:43 - 2013-10-17 21:43 - 00910736 _____ (ghost-mouse.com ) C:\Users\Kiwi\Downloads\GhostMouse321-Setup.exe
2013-10-17 21:43 - 2013-10-17 21:43 - 00001080 _____ C:\Users\Public\Desktop\GhostMouse Free.lnk
2013-10-17 21:43 - 2013-10-17 21:43 - 00000000 ____D C:\Users\Kiwi\Documents\AutomaticSolution Software
2013-10-17 21:43 - 2013-10-17 21:43 - 00000000 ____D C:\Program Files (x86)\GhostMouse
2013-10-17 14:36 - 2013-10-17 14:38 - 00001352 _____ C:\Users\Kiwi\Desktop\Poke.txt

==================== One Month Modified Files and Folders =======

2013-11-12 04:38 - 2013-11-11 19:33 - 00000000 _____ C:\Recovery.txt
2013-11-11 20:09 - 2013-01-01 03:03 - 00000000 ____D C:\Users\Kiwi\AppData\Local\PMB Files
2013-11-11 20:06 - 2013-11-11 20:06 - 00000000 ____D C:\FRST
2013-11-11 20:05 - 2013-11-11 20:05 - 00000470 _____ C:\Users\Kiwi\Desktop\defogger_disable.log
2013-11-11 20:05 - 2013-11-11 20:05 - 00000000 _____ C:\Users\Kiwi\defogger_reenable
2013-11-11 20:03 - 2013-11-11 20:04 - 01957590 _____ (Farbar) C:\Users\Kiwi\Desktop\FRST64.exe
2013-11-11 20:03 - 2013-11-11 20:04 - 00377856 _____ C:\Users\Kiwi\Desktop\gmer_2.1.19163.exe
2013-11-11 20:03 - 2013-11-11 20:04 - 00050477 _____ C:\Users\Kiwi\Desktop\Defogger.exe
2013-11-11 20:03 - 2013-11-11 20:03 - 01957590 _____ (Farbar) C:\Users\Kiwi\Downloads\FRST64.exe
2013-11-11 20:03 - 2013-11-11 20:03 - 00377856 _____ C:\Users\Kiwi\Downloads\gmer_2.1.19163.exe
2013-11-11 20:03 - 2013-11-11 20:03 - 00050477 _____ C:\Users\Kiwi\Downloads\Defogger.exe
2013-11-11 19:49 - 2013-04-13 17:06 - 00000000 ____D C:\Users\Kiwi\AppData\Roaming\Spotify
2013-11-11 19:48 - 2013-11-11 19:48 - 00000000 ____D C:\AdwCleaner
2013-11-11 19:47 - 2013-11-11 19:47 - 01085542 _____ C:\Users\Kiwi\Downloads\adwcleaner.exe
2013-11-11 19:46 - 2013-05-24 15:33 - 00000000 ____D C:\Users\Kiwi\AppData\Local\LogMeIn Hamachi
2013-11-11 19:46 - 2012-05-21 19:01 - 00001124 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-11 19:43 - 2012-12-31 12:48 - 00000000 ____D C:\Users\Kiwi\AppData\Roaming\Skype
2013-11-11 19:42 - 2013-01-27 17:00 - 00000000 ____D C:\Program Files (x86)\Steam
2013-11-11 19:41 - 2012-05-21 19:01 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-11 19:41 - 1601-01-02 05:16 - 00132681 _____ C:\Windows\system32\fastboot.set
2013-11-11 19:40 - 1601-01-02 05:16 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-11 19:39 - 1601-01-02 05:16 - 00000333 _____ C:\Windows\setupact.log
2013-11-11 19:33 - 2012-09-15 17:01 - 00000000 __SHD C:\Recovery
2013-11-11 19:30 - 2009-07-14 05:45 - 00316560 _____ C:\Windows\system32\FNTCACHE.DAT
2013-11-11 19:23 - 2013-11-11 18:37 - 00001908 _____ C:\Windows\diagwrn.xml
2013-11-11 19:23 - 2013-11-11 18:37 - 00001908 _____ C:\Windows\diagerr.xml
2013-11-11 19:20 - 1601-01-02 05:16 - 00000000 _____ C:\Windows\setuperr.log
2013-11-11 19:04 - 2013-11-11 19:04 - 00000000 ____D C:\Users\Kiwi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte
2013-11-11 18:57 - 2013-11-11 18:37 - 00000000 ____D C:\$WINDOWS.~BT
2013-11-11 18:37 - 2012-05-21 18:17 - 01711152 _____ C:\Windows\WindowsUpdate.log
2013-11-04 19:24 - 2013-11-04 19:24 - 00000000 ____D C:\Users\Kiwi\AppData\Roaming\Adobe
2013-11-04 19:24 - 2013-11-04 19:24 - 00000000 ____D C:\Users\Kiwi\AppData\Roaming\Adobe
2013-11-04 19:19 - 2013-11-04 17:39 - 00000000 ____D C:\ProgramData\MFAData
2013-11-04 19:19 - 2013-11-04 17:39 - 00000000 ____D C:\ProgramData\MFAData
2013-11-04 17:39 - 2013-11-04 17:39 - 00000000 ____D C:\Users\Kiwi\AppData\Local\MFAData
2013-11-04 17:39 - 2013-11-04 17:39 - 00000000 ____D C:\Users\Kiwi\AppData\Local\MFAData
2013-11-04 17:39 - 2013-11-04 17:39 - 00000000 ____D C:\Users\Kiwi\AppData\Local\Avg2014
2013-11-04 17:39 - 2013-11-04 17:39 - 00000000 ____D C:\Users\Kiwi\AppData\Local\Avg2014
2013-11-04 17:38 - 2013-11-04 17:38 - 04424240 _____ (AVG Technologies) C:\Users\Kiwi\Downloads\avg_avct_stb_all_2014_4116_cm10.exe
2013-11-03 18:26 - 2013-11-03 18:26 - 00057144 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgfwd6a.sys
2013-11-03 18:22 - 2013-11-03 18:22 - 04436536 _____ (AVG Technologies) C:\Users\Kiwi\Downloads\avg_isct_stb_all_2014_4158.exe
2013-11-03 18:21 - 1601-01-02 05:16 - 01643872 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-03 18:21 - 1601-01-02 05:16 - 00712326 _____ C:\Windows\system32\perfh007.dat
2013-11-03 18:21 - 1601-01-02 05:16 - 00153276 _____ C:\Windows\system32\perfc007.dat
2013-11-03 17:53 - 2013-11-03 17:53 - 00000000 ____D C:\Users\Kiwi\AppData\Local\Google
2013-11-03 17:53 - 2013-11-03 17:53 - 00000000 ____D C:\Users\Kiwi\AppData\Local\Google
2013-11-03 14:10 - 2013-06-27 10:57 - 00433400 _____ C:\Windows\PFRO.log
2013-11-03 14:09 - 2013-11-02 21:40 - 00000165 _____ C:\Users\Kiwi\Desktop\tembild.txt
2013-11-03 14:09 - 2012-12-31 12:54 - 00000000 ____D C:\Program Files (x86)\osu!
2013-11-03 14:08 - 2013-09-25 17:00 - 00000000 ____D C:\ProgramData\AVG2014
2013-11-03 03:00 - 2013-11-03 03:00 - 00000000 ____D C:\ProgramData\BitGuard
2013-11-03 03:00 - 2013-11-03 03:00 - 00000000 ____D C:\ProgramData\BitGuard
2013-11-02 19:05 - 2013-06-02 00:13 - 00001507 _____ C:\Users\Kiwi\Desktop\Neues Textdokument.txt
2013-10-31 21:53 - 2012-09-15 17:02 - 00000000 ___RD C:\Users\Kiwi\Desktop\.
2013-10-31 01:04 - 2013-10-24 19:18 - 00001981 _____ C:\Users\Kiwi\Desktop\cooki.txt
2013-10-29 21:18 - 2013-10-29 21:18 - 00000000 ____D C:\Users\Kiwi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
2013-10-28 22:21 - 2013-08-02 21:27 - 00000000 ____D C:\Users\Kiwi\Desktop\Neuer Ordner (2)
2013-10-28 04:28 - 2013-01-01 03:03 - 00000000 ____D C:\ProgramData\PMB Files
2013-10-23 17:49 - 2013-10-23 17:49 - 00837410 _____ C:\Users\Kiwi\Downloads\117826 Duca - Welcome Berry's (1).osz
2013-10-22 02:16 - 2013-10-22 02:11 - 258366720 _____ (NVIDIA Corporation) C:\Users\Kiwi\Downloads\331.58-notebook-win8-win7-64bit-international-whql.exe
2013-10-22 02:03 - 2013-07-13 10:41 - 00039139 _____ C:\Windows\IE10_main.log
2013-10-22 02:03 - 2013-07-13 10:41 - 00039139 _____ C:\Windows\IE10_main.log
2013-10-21 20:47 - 2013-10-21 20:47 - 00001290 _____ C:\Users\Kiwi\Desktop\MineLaunchSP - Verknüpfung.lnk
2013-10-21 20:45 - 2013-10-21 20:45 - 00000000 ____D C:\Users\Kiwi\Desktop\minecraft
2013-10-21 19:43 - 1601-01-02 05:16 - 548703693 _____ C:\Users\Kiwi\Desktop\minecraft.rar
2013-10-21 18:39 - 2013-10-21 18:39 - 00000000 ____D C:\Users\Kiwi\Downloads\mc152-mods (1)
2013-10-21 18:38 - 2013-10-21 18:20 - 544515098 _____ C:\Users\Kiwi\Downloads\mc152-mods (1).zip
2013-10-21 18:14 - 2013-10-21 18:08 - 172932726 _____ C:\Users\Kiwi\Downloads\mc152-mods.zip
2013-10-21 17:59 - 2013-07-18 20:59 - 00000000 ____D C:\Users\Kiwi\AppData\Roaming\.minecraft
2013-10-18 19:32 - 2013-10-18 19:32 - 911787894 _____ C:\Windows\MEMORY.DMP
2013-10-18 19:32 - 2013-10-18 19:32 - 00286584 _____ C:\Windows\Minidump\101813-49405-01.dmp
2013-10-18 19:32 - 2013-05-14 20:17 - 00000000 ____D C:\Windows\Minidump
2013-10-18 19:30 - 2013-10-18 19:30 - 02795931 _____ C:\Users\Kiwi\Downloads\27862 Suzaku - VANESSA.osz
2013-10-18 12:09 - 2013-10-18 12:09 - 00002832 _____ C:\Users\Kiwi\Documents\norm.rms
2013-10-18 00:42 - 2013-10-18 00:42 - 00005808 _____ C:\Users\Kiwi\Documents\olk.rms
2013-10-17 21:43 - 2013-10-17 21:43 - 00910736 _____ (ghost-mouse.com ) C:\Users\Kiwi\Downloads\GhostMouse321-Setup.exe
2013-10-17 21:43 - 2013-10-17 21:43 - 00001080 _____ C:\Users\Public\Desktop\GhostMouse Free.lnk
2013-10-17 21:43 - 2013-10-17 21:43 - 00000000 ____D C:\Users\Kiwi\Documents\AutomaticSolution Software
2013-10-17 21:43 - 2013-10-17 21:43 - 00000000 ____D C:\Program Files (x86)\GhostMouse
2013-10-17 14:38 - 2013-10-17 14:36 - 00001352 _____ C:\Users\Kiwi\Desktop\Poke.txt
2013-10-16 19:49 - 2012-12-31 13:05 - 00000000 ____D C:\Users\Kiwi\Desktop\Bilder Undso
2013-10-12 03:28 - 2013-05-04 20:21 - 00000000 ____D C:\Program Files (x86)\AVG

Some content of TEMP:
====================
C:\Users\Kiwi\AppData\Local\Temp\i4jdel0.exe
C:\Users\Kiwi\AppData\Local\Temp\oi_{CCE161DE-F8A6-4D6E-96A2-A257E783E790}.exe
C:\Users\Kiwi\AppData\Local\Temp\oi_{D77099F0-FEC0-4A12-B952-461E7CAAEA8A}.exe
C:\Users\Kiwi\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-26 17:39

==================== End Of Log ============================

Addition :
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-11-2013 01
Ran by Kiwi at 2013-11-11 20:09:25
Running from C:\Users\Kiwi\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: AVG Internet Security 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2014 (Enabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}

==================== Installed Programs ======================

7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Action Replay Code Manager (x32)
Adobe AIR (x32 Version: 3.8.0.870)
Adobe Flash Player 10 Plugin (x32 Version: 10.3.181.14)
Adobe Reader X (10.1.1) - Deutsch (x32 Version: 10.1.1)
Adobe Shockwave Player 11.6 (x32 Version: 11.6.8.638)
Apple Application Support (x32 Version: 2.3.4)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 2.0.9.9)
Audacity 2.0.3 (x32 Version: 2.0.3)
AVG 2014 (Version: 14.0.3629)
AVG 2014 (Version: 14.0.4158)
AVG 2014 (Version: 2014.0.4158)
AVG Security Toolbar (x32 Version: 17.0.1.12)
Bandicam (x32 Version: 1.8.9.371)
Bandisoft MPEG-1 Decoder (x32)
Benutzerhandbuch (x32 Version: 1.0.0.6)
BitGuard (x32)
CABAL Online Europe (Europe) (x32)
CamStudio version 2.7 (x32 Version: 2.7)
CCleaner (Version: 4.02)
Conexant HD Audio (Version: 8.54.32.50)
Counter-Strike 1.6 (x32)
D3DX10 (x32 Version: 15.4.2368.0902)
Daum PotPlayer 1.5.37776 (x32)
Delta Chrome Toolbar (x32)
Delta toolbar (x32 Version: 1.8.21.5)
Dolby Advanced Audio v2 (x32 Version: 7.2.7000.11)
Dota 2 (x32)
Dota 2 Test (x32)
Dragon's Prophet (x32 Version: 1.2.1161.12)
Elsword_DE (x32)
Energy Management (x32 Version: 7.0.3.4)
FFsplit version 0.7 (x32 Version: 0.7)
GhostMouse (x32 Version: Free V3.2.1)
GIMP 2.8.2 (Version: 2.8.2)
Google Chrome (x32 Version: 30.0.1599.101)
Google Update Helper (x32 Version: 1.3.21.165)
HandBrake 0.9.9.1 (x32 Version: 0.9.9.1)
Heroes of Newerth (x32 Version: 2.3.0)
Hi-Rez Studios Authenticate and Update Service (x32 Version: 3.0.0.0)
Intel(R) Control Center (x32 Version: 1.2.1.1007)
Intel(R) Management Engine Components (x32 Version: 8.0.3.1427)
Intel(R) OpenCL CPU Runtime (x32)
Intel(R) Processor Graphics (x32 Version: 8.15.10.2656)
Intel(R) Rapid Storage Technology (x32 Version: 11.0.0.1032)
Intel(R) USB 3.0 eXtensible Host Controller Driver (x32 Version: 1.0.4.220)
Intel® Trusted Connect Service Client (Version: 1.23.605.1)
Java 7 Update 10 (x32 Version: 7.0.100)
Java 7 Update 17 (64-bit) (Version: 7.0.170)
Java Auto Updater (x32 Version: 2.1.9.0)
Java SE Development Kit 7 Update 17 (64-bit) (Version: 1.7.0.170)
Java(TM) 6 Update 20 (x32 Version: 6.0.200)
JDownloader 0.9 (x32 Version: 0.9)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
League of Legends (x32 Version: 1.3)
Lenovo Bluetooth with Enhanced Data Rate Software (Version: 6.5.1.2300)
Lenovo EasyCamera (x32 Version: 13.11.1206.1)
Lenovo EE Boot Optimizer (Version: 0.0.1.9)
Lenovo OneKey Recovery (Version: 7.0.0.3712)
Lenovo OneKey Recovery (x32 Version: 7.0.0.3712)
Lenovo PowerDVD10 (x32 Version: 10.0.3712.52)
Lenovo Solution Center (Version: 2.2.002.00)
Lenovo YouCam (x32 Version: 3.1.3728)
Lenovo_Wireless_Driver (x32 Version: 1.02.01)
LockKey (x32 Version: 1.38.1.2)
LogMeIn Hamachi (x32 Version: 2.2.0.58)
McAfee SiteAdvisor (Version: 3.3.1.133)
McAfee SiteAdvisor (x32 Version: 3.6.196)
Mesh Runtime (x32 Version: 15.4.5722.2)
Microsoft .NET Framework 4.5 (Version: 4.5.50709)
Microsoft .NET Framework 4.5 DEU Language Pack (Version: 4.5.50709)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000)
Microsoft Office Klick-und-Los 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - Deutsch (x32 Version: 14.0.5139.5005)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (x32 Version: 11.0.51106.1)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (x32 Version: 11.0.60610.1)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 (Version: 11.0.51106)
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 (Version: 11.0.51106)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (x32 Version: 4.20.9818.0)
MyFreeCodec (HKCU)
Nexon Game Manager (x32)
NVIDIA Grafiktreiber 295.93 (Version: 295.93)
NVIDIA Install Application (Version: 2.1002.62.312)
NVIDIA Optimus 1.7.12 (Version: 1.7.12)
NVIDIA PhysX (x32 Version: 9.11.1111)
NVIDIA PhysX-Systemsoftware 9.11.1111 (Version: 9.11.1111)
NVIDIA Systemsteuerung 295.93 (Version: 295.93)
NVIDIA Update 1.7.12 (Version: 1.7.12)
NVIDIA Update Components (Version: 1.7.12)
OpenOffice.org 3.2 (x32 Version: 3.2.9502)
osu! (x32 Version: 0.0.0.0)
Pando Media Booster (x32 Version: 2.6.0.8)
Pokemon Online 2.0.07 (x32)
Power2Go (x32 Version: 5.6.0.7303)
QuickTime (x32 Version: 7.74.80.86)
Rainmeter (x32 Version: 2.5 r1842)
Realtek USB 2.0 Reader Driver (x32 Version: 6.1.7601.39016)
Samsung Kies (x32 Version: 2.5.1.12123_2)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.16.0)
Skype™ 6.6 (x32 Version: 6.6.106)
Smite (x32 Version: 0.1.1581.4)
Sora no Otoshimono V5 (x32)
Spotify (HKCU Version: 0.9.1.53.g876fa9df)
Steam (x32 Version: 1.0.0.0)
Synaptics Pointing Device Driver (Version: 15.3.39.0)
TeamSpeak 3 Client (x32 Version: 3.0.10)
TeamViewer 8 (x32 Version: 8.0.16642)
TERA (x32 Version: 19.04.02.03.hf3)
Trust Gaming Mouse Driver V1.1 (x32)
Update for Microsoft .NET Framework 4.5 (KB2750147) (x32 Version: 1)
Update for Microsoft .NET Framework 4.5 (KB2805221) (x32 Version: 1)
Update for Microsoft .NET Framework 4.5 (KB2805226) (x32 Version: 1)
UserGuide (x32 Version: 1.0.0.6)
Vegas Pro 12.0 (64-bit) (Version: 12.0.563)
VeriFace (x32 Version: 4.0.1.1230)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
Visual Studio 2012 x64 Redistributables (Version: 14.0.0.1)
Visual Studio 2012 x86 Redistributables (x32 Version: 14.0.0.1)
VLC media player 2.0.6 (x32 Version: 2.0.6)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3508.1109)
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
Windows-Treiberpaket - Lenovo (ACPIVPC) System (12/15/2011 7.1.0.1) (Version: 12/15/2011 7.1.0.1)
YGOPro DevPro version 1.9.2r2 (x32 Version: 1.9.2r2)
넥슨플러그 (x32)
엘소드 (x32)

==================== Restore Points =========================


==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {58828C7B-810A-488A-90DB-AA2DE75AE5CD} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-05-24] (Piriform Ltd)
Task: {7D914431-5E0B-4FDD-984D-094F84959F90} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => C:\Windows\System32\pla.dll [2010-11-21] (Microsoft Corporation)
Task: {A17C84CA-4876-4240-93E9-A55EEEC1F9E9} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2011-01-28] (CyberLink)
Task: {A4352AA1-A1C1-43C9-BDF0-652A676F96A5} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCService.exe [2013-08-08] (Lenovo)
Task: {B8B37C87-07F2-4D59-ABA5-02568293D5F2} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2013-08-08] (Lenovo)
Task: {BC0F1E86-1B67-4A51-9B4F-81048E7D35AF} - System32\Tasks\CreateHardwareScanTask => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCService.exe [2013-08-08] (Lenovo)
Task: {BD28C432-39C8-408C-85CE-FE51F7B3AE84} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-05-21] (Google Inc.)
Task: {C86C7CB7-8EB7-47B6-9DBD-0E774D575E94} - System32\Tasks\EPUpdater => C:\Users\Kiwi\AppData\Roaming\BabSolution\Shared\BabMaint.exe [2013-06-06] ()
Task: {E47322B0-AC91-4285-BF33-7CDC19D3936B} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {E83017A2-2869-48B3-B42D-2B9E8CA961F7} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2013-08-08] ()
Task: {EBC2DD44-2880-4BB7-96D1-2D7411BABD26} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-05-21] (Google Inc.)
Task: {FC2D065B-91A8-480E-A31E-7878089A0CF1} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2013-08-08] ()
Task: {FD6CAA58-A8FC-4928-B7BD-0872996220C1} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-06-06] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-10-29 21:18 - 2013-10-22 16:11 - 01952224 _____ () C:\ProgramData\BitGuard\2.7.1769.27\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\loader.dll
2012-05-21 18:58 - 2012-05-21 18:58 - 01508192 _____ () C:\Windows\system32\IcnOvrly.dll
2012-05-21 18:58 - 2012-05-21 18:58 - 00628064 _____ () C:\Windows\system32\SimpleExt.dll
2012-03-05 09:28 - 2012-02-17 17:21 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2008-12-20 02:20 - 2012-05-21 19:02 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll
2012-03-10 15:30 - 2012-05-21 19:02 - 01509936 _____ () C:\Program Files (x86)\Lenovo\Energy Management\EMWpfUI.dll
2012-03-10 15:31 - 2012-05-21 19:02 - 00012336 _____ () C:\Program Files (x86)\Lenovo\Energy Management\de-DE\EMWpfUI.resources.dll
2008-12-20 02:20 - 2012-05-21 19:02 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll
2013-06-19 21:14 - 2013-03-24 15:40 - 00731832 _____ () C:\Program Files\Rainmeter\Rainmeter.dll
2013-10-29 21:18 - 2013-10-22 16:09 - 02735584 _____ () C:\ProgramData\BitGuard\2.7.1769.27\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.dll
2013-08-02 21:17 - 2006-12-12 03:27 - 00387072 _____ () C:\Nexon\NexonPlug\mss32.dll
2013-08-02 21:17 - 2006-12-12 03:27 - 00150528 _____ () C:\Nexon\NexonPlug\mssmp3.asi
2013-01-11 13:32 - 2010-05-04 15:36 - 00970752 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2013-10-02 11:19 - 2013-10-02 11:18 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\log4cplusU.dll
2012-05-21 18:58 - 2012-05-21 18:58 - 00013664 _____ () C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll
2013-10-02 11:19 - 2013-10-02 11:18 - 00142360 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.0.12\SiteSafety.dll
2013-10-18 19:39 - 2013-10-09 01:01 - 00698832 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\libglesv2.dll
2013-10-18 19:39 - 2013-10-09 01:01 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\libegl.dll
2013-10-18 19:39 - 2013-10-09 01:02 - 04055504 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll
2013-10-18 19:39 - 2013-10-09 01:02 - 00415184 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll
2013-10-18 19:39 - 2013-10-09 01:01 - 01604560 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ffmpegsumo.dll
2013-08-15 07:02 - 2013-08-15 07:02 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\12ed7e59e6a11d2c112a06a4091faa4a\IsdiInterop.ni.dll
2012-05-21 18:22 - 2011-11-29 19:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2012-05-21 18:23 - 2012-02-21 05:09 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/11/2013 07:56:48 PM) (Source: Application Hang) (User: )
Description: Programm adwcleaner.exe, Version 3.0.1.2 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1d94

Startzeit: 01cedf0e9247df42

Endzeit: 3

Anwendungspfad: C:\Users\Kiwi\Downloads\adwcleaner.exe

Berichts-ID:

Error: (11/11/2013 07:44:35 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/11/2013 07:18:20 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/11/2013 07:13:48 PM) (Source: CVHSVC) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Der Servername oder die Serveradresse konnte nicht verarbeitet werden.

Error: (11/11/2013 07:03:06 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/11/2013 06:25:46 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/04/2013 07:01:40 PM) (Source: CVHSVC) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Der Servername oder die Serveradresse konnte nicht verarbeitet werden.

Error: (11/04/2013 06:50:41 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/04/2013 05:45:42 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/03/2013 06:33:23 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (11/11/2013 07:42:55 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "LogMeIn Hamachi Tunneling Engine" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (11/11/2013 07:42:55 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst LogMeIn Hamachi Tunneling Engine erreicht.

Error: (11/11/2013 07:41:13 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Hi-Rez Studios Authenticate and Update Service erreicht.

Error: (11/11/2013 07:39:39 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎11.‎11.‎2013 um 19:24:41 unerwartet heruntergefahren.

Error: (11/11/2013 07:16:53 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Hi-Rez Studios Authenticate and Update Service erreicht.

Error: (11/11/2013 07:12:56 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (11/11/2013 06:58:41 PM) (Source: DCOM) (User: )
Description: {AD3EDBCA-0901-415B-82E9-C16D3B65E38C}

Error: (11/11/2013 06:34:01 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Internet Explorer 10 für Windows 7 für x64-basierte Systeme

Error: (11/11/2013 06:34:01 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80073712 fehlgeschlagen: Kumulatives Sicherheitsupdate für Internet Explorer 9 für Windows 7 für x64-Systeme (KB2879017)

Error: (11/11/2013 06:24:04 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "LogMeIn Hamachi Tunneling Engine" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053


Microsoft Office Sessions:
=========================
Error: (11/11/2013 07:56:48 PM) (Source: Application Hang)(User: )
Description: adwcleaner.exe3.0.1.21d9401cedf0e9247df423C:\Users\Kiwi\Downloads\adwcleaner.exe

Error: (11/11/2013 07:44:35 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/11/2013 07:18:20 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/11/2013 07:13:48 PM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Der Servername oder die Serveradresse konnte nicht verarbeitet werden.

Error: (11/11/2013 07:03:06 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/11/2013 06:25:46 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/04/2013 07:01:40 PM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Der Servername oder die Serveradresse konnte nicht verarbeitet werden.

Error: (11/04/2013 06:50:41 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/04/2013 05:45:42 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/03/2013 06:33:23 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info ===========================

Percentage of memory in use: 35%
Total physical RAM: 8094.36 MB
Available physical RAM: 5205 MB
Total Pagefile: 16186.9 MB
Available Pagefile: 12896.96 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:886.32 GB) (Free:490.02 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25.47 GB) (Free:25.32 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: CF2DB9F7)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=886 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=25 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=20 GB) - (Type=12)

==================== End Of Log ============================


Gmer Log :
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-11-11 20:25:05
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST1000LM rev.2AR1 931,51GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Kiwi\AppData\Local\Temp\pgdoqpow.sys


---- User code sections - GMER 2.1 ----

.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2000] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075d61465 2 bytes [D6, 75]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2000] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075d614bb 2 bytes [D6, 75]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2000] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000761bcfca 5 bytes JMP 0000000171905820
.text C:\Program Files (x86)\AVG\AVG2014\avgfws.exe[1904] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000761bcfca 5 bytes JMP 0000000171905820
.text C:\Program Files (x86)\AVG\AVG2014\avgfws.exe[1904] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075d61465 2 bytes [D6, 75]
.text C:\Program Files (x86)\AVG\AVG2014\avgfws.exe[1904] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075d614bb 2 bytes [D6, 75]
.text ... * 2
.text C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe[1544] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000761bcfca 5 bytes JMP 0000000171905820
.text C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe[1544] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075d61465 2 bytes [D6, 75]
.text C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe[1544] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075d614bb 2 bytes [D6, 75]
.text ... * 2
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[2916] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000761bcfca 5 bytes JMP 0000000171905820
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[2916] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075d61465 2 bytes [D6, 75]
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[2916] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075d614bb 2 bytes [D6, 75]
.text ... * 2
.text C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe[2936] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000761bcfca 5 bytes JMP 0000000171905820
.text C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe[2936] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075d61465 2 bytes [D6, 75]
.text C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe[2936] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075d614bb 2 bytes [D6, 75]
.text ... * 2
.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[2944] C:\Windows\SysWOW64\ntdll.dll!DbgBreakPoint 000000007703000c 1 byte [C3]
.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[2944] C:\Windows\SysWOW64\ntdll.dll!DbgUiRemoteBreakin 00000000770bf85a 5 bytes JMP 000000017706d571
.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[2944] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000761bcfca 5 bytes JMP 0000000171905820
.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[2944] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075d61465 2 bytes [D6, 75]
.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[2944] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075d614bb 2 bytes [D6, 75]
.text ... * 2
.text C:\Users\Kiwi\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[844] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000761bcfca 5 bytes JMP 0000000171905820
.text C:\Users\Kiwi\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[844] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075d61465 2 bytes [D6, 75]
.text C:\Users\Kiwi\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[844] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075d614bb 2 bytes [D6, 75]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2740] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000761bcfca 5 bytes JMP 0000000171905820
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2740] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075d61465 2 bytes [D6, 75]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2740] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075d614bb 2 bytes [D6, 75]
.text ... * 2
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3168] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000761bcfca 5 bytes JMP 0000000171905820
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3168] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075d61465 2 bytes [D6, 75]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3168] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075d614bb 2 bytes [D6, 75]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3184] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000761bcfca 5 bytes JMP 0000000171905820
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3184] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075d61465 2 bytes [D6, 75]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3184] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075d614bb 2 bytes [D6, 75]
.text ... * 2
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3444] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075d61465 2 bytes [D6, 75]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3444] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075d614bb 2 bytes [D6, 75]
.text ... * 2
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[3456] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000761bcfca 5 bytes JMP 0000000171905820
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[3456] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075d61465 2 bytes [D6, 75]
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[3456] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075d614bb 2 bytes [D6, 75]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3464] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000761bcfca 5 bytes JMP 0000000171905820
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3464] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075d61465 2 bytes [D6, 75]
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3464] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075d614bb 2 bytes [D6, 75]
.text ... * 2
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[3892] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000761bcfca 5 bytes JMP 0000000171905820
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[3892] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075d61465 2 bytes [D6, 75]
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[3892] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075d614bb 2 bytes [D6, 75]
.text ... * 2
.text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe[3676] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000761bcfca 5 bytes JMP 0000000171905820
.text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe[3676] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075d61465 2 bytes [D6, 75]
.text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe[3676] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075d614bb 2 bytes [D6, 75]
.text ... * 2
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2584] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000761bcfca 5 bytes JMP 0000000171905820
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2584] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075d61465 2 bytes [D6, 75]
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2584] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075d614bb 2 bytes [D6, 75]
.text ... * 2
.text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\loggingserver.exe[4132] C:\Windows\syswow64\user32.dll!DialogBoxParamW 00000000761bcfca 5 bytes JMP 0000000171905820
.text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\loggingserver.exe[4132] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075d61465 2 bytes [D6, 75]
.text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\loggingserver.exe[4132] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075d614bb 2 bytes [D6, 75]
.text ... * 2
.text C:\Windows\SysWOW64\RunDll32.exe[4448] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075d61465 2 bytes [D6, 75]
.text C:\Windows\SysWOW64\RunDll32.exe[4448] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075d614bb 2 bytes [D6, 75]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4700] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075d61465 2 bytes [D6, 75]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4700] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075d614bb 2 bytes [D6, 75]
.text ... * 2
.text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[3324] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075d61465 2 bytes [D6, 75]
.text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[3324] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075d614bb 2 bytes [D6, 75]
.text ... * 2
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[5856] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075d61465 2 bytes [D6, 75]
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[5856] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075d614bb 2 bytes [D6, 75]
.text ... * 2
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[7188] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075d61465 2 bytes [D6, 75]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[7188] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075d614bb 2 bytes [D6, 75]
.text ... * 2
.text C:\Users\Kiwi\Desktop\Defogger.exe[6728] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075d61465 2 bytes [D6, 75]
.text C:\Users\Kiwi\Desktop\Defogger.exe[6728] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075d614bb 2 bytes [D6, 75]
.text ... * 2
.text C:\Users\Kiwi\Desktop\gmer_2.1.19163.exe[7828] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000761bcfca 5 bytes JMP 0000000171905820
.text C:\Users\Kiwi\Desktop\gmer_2.1.19163.exe[7828] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075d61465 2 bytes [D6, 75]
.text C:\Users\Kiwi\Desktop\gmer_2.1.19163.exe[7828] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075d614bb 2 bytes [D6, 75]
.text ... * 2

---- Registry - GMER 2.1 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c01885d2ab98
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c01885d2ab98@d831cf92b794 0xC0 0x23 0x53 0xBA ...
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{8A43C46F-A957-4CB4-83F1-B75B2A0DC808}@LeaseObtainedTime 1384197376
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{8A43C46F-A957-4CB4-83F1-B75B2A0DC808}@T1 1384197503
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{8A43C46F-A957-4CB4-83F1-B75B2A0DC808}@T2 1384197599
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{8A43C46F-A957-4CB4-83F1-B75B2A0DC808}@LeaseTerminatesTime 1384197631
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c01885d2ab98 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c01885d2ab98@d831cf92b794 0xC0 0x23 0x53 0xBA ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer@CleanShutdown 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers@DisableAutoplay 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\DefaultIcon@ C:\Windows\System32\imageres.dll,-109
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\DefaultIcon@ C:\Windows\System32\imageres.dll,-123
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon@full C:\Windows\System32\imageres.dll,-54
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon@ C:\Windows\System32\imageres.dll,-55
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon@empty C:\Windows\System32\imageres.dll,-55
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\DefaultIcon@ C:\Windows\System32\imageres.dll,-25
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew@Classes .bmp?.contact?.jnt?.library-ms?.lnk?.rtf?.txt?.zip?Briefcase?Folder?
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\OpenWithList@MRUList a
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage2@FavoritesRemovedChanges 8
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Taskband@FavoritesChanges 7
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Taskband@FavoritesRemovedChanges 8
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpapers\Images@ID-1 AYAFA8BUg/E0gouOpBhoYjAArADMdmBAvMkOcBAAAAAAAAAAAAAAAAAAAAAAAAgUAEDAAAAAA8SQaCIMAcVauR2b3NHA8AACAQAAv7r76UoGvEkmAqCAAAwlCAAAAAQAAAAAAAAAAAAAAAAAAAAAXBQaA4GAkBwb AcHAzBAAAYBAGBQMAAAAAAQtAtvTwAwVlJGA0AACAQAAv7r76goGurDFsoCAAAApQAAAAAQAAAAAAAAAAAAAAAAAAAAAXBQZAIGAAAgEAgFAxAAAAAAA2CEgZADAXFETMBVQ+FDAAAEAIAABA8uvur DFsYLQAmhKAAAAlCBAAAAABAAAAAAAAAAAAAAAAAAAAcFAhBAbAwGAwBQYAAHAlBgcAAAAYAQ4EEDAAAAAAYLQAmBMAwUZu9mdv9VMAAgPAgAAEAw7+aLQAmhtABYGqAAAAM8JBAAAAYAAAAAAAAAA AAAAAAAAAAATAUGAuBwbAYHAvBwXAEDAAAAGAsIBAAAEA8uvBAAAAkHBAAQdEAAAxMFUTVQ1NXNnusBETeJCAsCL57aIAAAAQAAAAAwSAUGA5BgOAAFAJBARAAAATAAAAQGAAAQeDAAAUAAAAAwQA8 GAuBAZAkGA0BQaA8GAuBAAAIEAAAgHAAAAwBgcA8GAwBANAIDA5AANAkDA2AwNAIDA5AQNAAAAAAwLDAAAT04bR4BEl+EhU/vg5hTG1AAAAAQAAAAALAAAAkIXxL1FaFOS72sRjiPn8JMAAAAAgr1zBp19GgUvHm1xZTij5SGAAAwCAAAAfAgBAAAAqAgLAoGAwBwZAAAAAAQAAAAAAAAAJyV8SdhWhj0uNb0o4zJfCDAAAAA4a9cQ advBI17hZdc2k4YukBAAAsAAAAwHAcAAAAgKA4CAqBAcAUGAnBAAAAAABAAAAAAAAkIXxL1FaFOS72sRjiPn8JMAAAAAgr1zBp19GgUvHm1xZTij5SGAAAwCAAAAfAgBAAAAqAgLAIGAtBAcAAAAAA QAAAAAAAAAJyV8Sdh
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpapers\Images@ID-2 AYAFA8BUg/E0gouOpBhoYjAArADMdmBAvMkOcBAAAAAAAAAAAAAAAAAAAAAAAAgUAEDAAAAAA8SQaCIMAcVauR2b3NHA8AACAQAAv7r76UoGvEkmAqCAAAwlCAAAAAQAAAAAAAAAAAAAAAAAAAAAXBQaA4GAkBwb AcHAzBAAAYBAGBQMAAAAAAQtAtvTwAwVlJGA0AACAQAAv7r76goGurDFsoCAAAApQAAAAAQAAAAAAAAAAAAAAAAAAAAAXBQZAIGAAAgEAgFAxAAAAAAA2CEgZADAXFETMBVQ+FDAAAEAIAABA8uvur DFsYLQAmhKAAAAlCBAAAAABAAAAAAAAAAAAAAAAAAAAcFAhBAbAwGAwBQYAAHAlBgcAAAAYAQ4EEDAAAAAAYLQAmBMAwUZu9mdv9VMAAgPAgAAEAw7+aLQAmhtABYGqAAAAM8JBAAAAYAAAAAAAAAA AAAAAAAAAAATAUGAuBwbAYHAvBwXAEDAAAAGAsIBAAAEA8uvBAAAAkHBAAQdEAAAxMFUTVQ1NXNnusBETeJCAsCL57aIAAAAQAAAAAwSAUGA5BgOAAFAJBARAAAATAAAAQGAAAQeDAAAUAAAAAwQA8 GAuBAZAkGA0BQaA8GAuBAAAIEAAAgHAAAAwBgcA8GAwBANAIDA5AANAkDA2AwNAIDA5AQNAAAAAAwLDAAAT04bR4BEl+EhU/vg5hTG1AAAAAQAAAAALAAAAkIXxL1FaFOS72sRjiPn8JMAAAAAgr1zBp19GgUvHm1xZTij5SGAAAwCAAAAfAgBAAAAqAgLAoGAwBwZAAAAAAQAAAAAAAAAJyV8SdhWhj0uNb0o4zJfCDAAAAA4a9cQ advBI17hZdc2k4YukBAAAsAAAAwHAcAAAAgKA4CAqBAcAUGAnBAAAAAABAAAAAAAAkIXxL1FaFOS72sRjiPn8JMAAAAAgr1zBp19GgUvHm1xZTij5SGAAAwCAAAAfAgBAAAAqAgLAIGAtBAcAAAAAA QAAAAAAAAAJyV8Sdh
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012013110320131104
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012013110320131104@CachePath %USERPROFILE%\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012013110320131104
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012013110320131104@CachePrefix :2013110320131104:
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012013110320131104@CacheLimit 8192
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012013110320131104@CacheOptions 11
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012013110320131104@CacheRepair 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad@WpadLastNetwork {35186997-275D-44A7-A629-96F0FA29E695}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\bc-05-43-f5-11-9f
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\bc-05-43-f5-11-9f@WpadDecisionReason 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\bc-05-43-f5-11-9f@WpadDecisionTime 0xF0 0x2F 0xA4 0x84 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\bc-05-43-f5-11-9f@WpadDecision 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{35186997-275D-44A7-A629-96F0FA29E695}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{35186997-275D-44A7-A629-96F0FA29E695}@WpadDecisionReason 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{35186997-275D-44A7-A629-96F0FA29E695}@WpadDecisionTime 0xF0 0x2F 0xA4 0x84 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{35186997-275D-44A7-A629-96F0FA29E695}@WpadDecision 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{35186997-275D-44A7-A629-96F0FA29E695}@WpadNetworkName FRITZ!Box Fon WLAN 7112
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{35186997-275D-44A7-A629-96F0FA29E695}\bc-05-43-f5-11-9f
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\ThemeManager@DllName %SystemRoot%\resources\Themes\Aero\Aero.msstyles
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Themes@CurrentTheme C:\Users\Kiwi\AppData\Local\Microsoft\Windows\Themes\oem.theme
Reg HKCU\Software\Microsoft\Windows\DWM@CompositionPolicy 0
Reg HKCU\Software\Microsoft\Windows\DWM@ColorizationColor 1802811644
Reg HKCU\Software\Microsoft\Windows\DWM@ColorizationColorBalance 8
Reg HKCU\Software\Microsoft\Windows\DWM@ColorizationAfterglow 1802811644
Reg HKCU\Software\Microsoft\Windows\DWM@ColorizationAfterglowBalance 43
Reg HKCU\Software\Microsoft\Windows\DWM@ColorizationBlurBalance 49
Reg HKCU\Software\Microsoft\Windows\Shell\Bags\1\Desktop@IconSize 18
Reg HKCU\Software\Microsoft\Windows\Windows Error Reporting@LastQueuePesterTime 0xB0 0x20 0x13 0x4E ...
Reg HKCU\Software\Microsoft\Windows Live\QoS@UUID 6B1BC6E1-A69F-4197-96E9-F86B6477F37E

---- Files - GMER 2.1 ----

File C:\Windows\asd.log 49 bytes
File C:\Windows\de-de.log 9187983 bytes
File C:\Windows\SAII_LOG.TXT 703034 bytes
File C:\Windows\Synaptics.log 1366 bytes
File C:\Windows\TSSysprep.log 5949 bytes
File C:\Windows\DPINST.LOG 10928 bytes
File C:\Windows\DtcInstall.log 5075 bytes
File C:\Windows\system32\aspnet_counters.dll (size mismatch) 20832/30160 bytes executable
File C:\Windows\system32\NCCount.bin 0 bytes
File C:\Windows\system32\MRT.exe (size mismatch) 72013344/80541720 bytes executable
File C:\Windows\system32\msvcr100_clr0400.dll (size mismatch) 827744/17896 bytes executable
File C:\Windows\system32\UICommu.bin 228 bytes
File C:\Windows\system32\mfevtps.exe 158832 bytes executable
File C:\Windows\system32\drivers\mfeapfk.sys 156792 bytes executable
File C:\Windows\system32\drivers\mfeavfk.sys 227856 bytes executable
File C:\Windows\system32\drivers\mfeclnk.sys 9984 bytes executable
File C:\Windows\system32\drivers\mfefirek.sys 481376 bytes executable
File C:\Windows\system32\drivers\mfehidk.sys 639216 bytes executable
File C:\Windows\system32\drivers\mfenlfk.sys 75672 bytes executable
File C:\Windows\system32\drivers\mferkdet.sys 98728 bytes executable
File C:\Windows\system32\drivers\mfewfpk.sys 281928 bytes
File C:\Windows\system32\drivers\cfwids.sys 65128 bytes executable
File C:\Windows\system32\drivers\ASWFW.sys 127136 bytes
File C:\Windows\system32\drivers\ASWNDIS.sys 12368 bytes executable
File C:\Windows\system32\drivers\ASWNDIS2.sys 263096 bytes
File C:\Windows\system32\drivers\aswrdr2.sys 70992 bytes executable
File C:\Windows\system32\drivers\ASWRVRT.sys 65336 bytes executable
File C:\Windows\system32\drivers\ASWSNX.sys 984144 bytes executable
File C:\Windows\system32\drivers\ASWSP.sys 370288 bytes executable
File C:\Windows\system32\drivers\ASWTDI.sys 59728 bytes executable
File C:\Windows\system32\drivers\ASWVMM.sys 178624 bytes executable
File C:\Windows\system32\drivers\avgtpx64.sys (size mismatch) 40736/46368 bytes executable <-- ROOTKIT !!!
File C:\Users\Kiwi\IMG_3863.JPG 0 bytes
File C:\Users\Kiwi\IMG_3863.JPG.part 0 bytes
File C:\Users\Kiwi\IMG_3866.JPG 0 bytes
File C:\Users\Kiwi\IMG_3866.JPG.part 0 bytes
File C:\ProgramData\Google 0 bytes
File C:\ProgramData\BrowserDefender 0 bytes
File C:\ProgramData\OneKey Reminder 0 bytes

---- Services - GMER 2.1 ----

Service C:\Windows\system32\drivers\avgtpx64.sys [SYSTEM] avgtp <-- ROOTKIT !!!

---- EOF - GMER 2.1 ----


Danke im vorraus

Alt 11.11.2013, 23:16   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7 : Avg melded Tojaner: dropper.generik8.CLXE und kann ihn nicht entfernen - Standard

Windows 7 : Avg melded Tojaner: dropper.generik8.CLXE und kann ihn nicht entfernen



hi,

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.




Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!
Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________

__________________

Alt 12.11.2013, 17:36   #3
mariomon11
 
Windows 7 : Avg melded Tojaner: dropper.generik8.CLXE und kann ihn nicht entfernen - Standard

Windows 7 : Avg melded Tojaner: dropper.generik8.CLXE und kann ihn nicht entfernen



combofix ist durchgelaufen, hat aber keinen log hinterlassen, was nun ? // edit es tut sich noch was

also der Scan steht seit etwa 1-2 stunden bei Fertiggestellt Stufe_32
ich lass den noch laufen bis ich schlafengehe und versuche es morgen nochmal sollte es heute Abend nicht fertig werden, angenommen es funktioniert dann immer noch nicht , was sollte ich dann machen ?
__________________

Alt 13.11.2013, 09:40   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7 : Avg melded Tojaner: dropper.generik8.CLXE und kann ihn nicht entfernen - Standard

Windows 7 : Avg melded Tojaner: dropper.generik8.CLXE und kann ihn nicht entfernen



Dann poste bitte ein frisches FRST log.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 13.11.2013, 18:02   #5
mariomon11
 
Windows 7 : Avg melded Tojaner: dropper.generik8.CLXE und kann ihn nicht entfernen - Standard

Windows 7 : Avg melded Tojaner: dropper.generik8.CLXE und kann ihn nicht entfernen



hier ist der frische frst :
FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-11-2013
Ran by Kiwi (administrator) on GAMER-PC on 13-11-2013 17:59:06
Running from C:\Users\Kiwi\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Conexant Systems Inc.) C:\Windows\system32\CxAudMsg64.exe
(Lenovo (Beijing) Limited) C:\Program Files\Lenovo\Instant Reset\DamageGuardSvc.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\loggingserver.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Nexon Korea Corp.) C:\Nexon\NexonPlug\NexonPlug.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
() C:\Program Files\Rainmeter\Rainmeter.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
( ) C:\Program Files (x86)\LockKey\LockKey.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331_STI.EXE
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(cyberlink) C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
() C:\Program Files (x86)\Trust Gaming Mouse\Mouse.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
() C:\Program Files (x86)\AVG Secure Search\vprot.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\Bluetooth Headset Helper.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcfgex.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcfgex.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(McAfee, Inc.) c:\PROGRA~2\mcafee\SITEAD~1\saui.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(McAfee, Inc.) c:\PROGRA~2\mcafee\SITEAD~1\saUpd.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Farbar) C:\Users\Kiwi\Desktop\FRST64 (1).exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [cAudioFilterAgent] - C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe [564352 2011-12-15] (Conexant Systems, Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2867984 2011-12-22] (Synaptics Incorporated)
HKLM\...\Run: [Energy Management] - C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [8079408 2012-05-21] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] - C:\Program Files (x86)\Lenovo\Energy Management\utility.exe [6199128 2012-05-21] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo EE Boot Optimizer] - C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [206176 2012-05-21] (Lenovo)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Pando Media Booster] - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2013-01-01] ()
HKCU\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1820584 2013-10-30] (Valve Corporation)
HKCU\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1476104 2012-12-20] (Samsung)
HKCU\...\Run: [KiesAirMessage] - C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe [578560 2012-12-18] (Samsung Electronics)
HKCU\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844296 2012-12-20] (Samsung)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
HKCU\...\Run: [Spotify] - C:\Users\Kiwi\AppData\Roaming\Spotify\spotify.exe [4643328 2013-06-23] (Spotify Ltd)
HKCU\...\Run: [Spotify Web Helper] - C:\Users\Kiwi\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1104384 2013-06-23] (Spotify Ltd)
HKCU\...\Run: [NexonPlug] - C:\Nexon\NexonPlug\NexonPlug.exe [2120024 2013-10-16] (Nexon Korea Corp.)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation)
HKLM-x32\...\Run: [LockKey] - C:\Program Files (x86)\LockKey\LockKey.exe [337776 2011-08-25] ( )
HKLM-x32\...\Run: [Dolby Advanced Audio v2] - C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [507744 2011-12-20] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [331BigDog] - C:\Program Files (x86)\USB Camera\VM331_STI.EXE [548864 2011-11-24] (Vimicro)
HKLM-x32\...\Run: [YouCam Mirage] - C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2011-01-28] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] - C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [228448 2011-01-28] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] - C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [VeriFaceManager] - C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2012-05-21] (Lenovo)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [87336 2010-02-02] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] - C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2011-09-28] (cyberlink)
HKLM-x32\...\Run: [UpdatePRCShortCut] - C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [Trust Gaming Mouse] - C:\Program Files (x86)\Trust Gaming Mouse\Mouse.exe [2245632 2011-01-17] ()
HKLM-x32\...\Run: [TQ566808] - "F:\Setup.exe"
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310280 2012-12-20] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4908592 2013-10-07] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] - C:\Program Files (x86)\AVG Secure Search\vprot.exe [2404376 2013-10-02] ()
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2349392 2013-10-31] (LogMeIn Inc.)
HKU\Default\...\RunOnce: [Lenovo.ShowBand] - C:\Program Files\Lenovo\SimpleTap DeskBand\ShowBand.exe [52584 2013-08-08] (Lenovo)
HKU\Default User\...\RunOnce: [Lenovo.ShowBand] - C:\SWTOOLS\SimpleTap DeskBand\ShowBand.exe /show
AppInit_DLLs: c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll c:\windows\system32\nvinitx.dll [1952224 2013-10-22] ()
AppInit_DLLs-x32: c:\PROGRA~3\BitGuard\271769~1.27\{C16C1~1\BitGuard.dll [2735584 2013-10-22] ()
Lsa: [Notification Packages] scecli C:\Program Files\Lenovo\Bluetooth Software\BtwProximityCP.dll
Startup: C:\Users\Kiwi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Kiwi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.nexon.com
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://search.babylon.com/?babsrc=HP_ss_din2g&mntrId=1855C01885D2AB98&affID=121845&tt=180613_ndtc&tsp=4919
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/
URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=1855C01885D2AB98&affID=121845&tt=180613_ndtc&tsp=4919
SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=1855C01885D2AB98&affID=121845&tt=180613_ndtc&tsp=4919
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.21.5\bh\delta.dll (Delta-search.com)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
Toolbar: HKLM-x32 - Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.21.5\deltaTlbr.dll (Delta-search.com)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.0.12\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

Chrome: 
=======
CHR HomePage: hxxp://isearch.avg.com?cid={010A57FD-D70D-43C0-A11D-52D7B495A5D6}&mid=8ff00883eaf247d384991151c336426b-b49c419320561ec3b366d6005ff47f2eedf4150b&lang=en&ds=AVG&coid=avgtbavg&pr=pr&d=2013-09-25 18:01:43&v=17.0.1.12&pid=avg&sg=0&sap=hp
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.2.0\\npsitesafety.dll (AVG Technologies)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java(TM) Platform SE 7 U10) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.100.18) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Extension: (SiteAdvisor) - C:\Users\Kiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.6.2.1341_1
CHR Extension: (Google Docs) - C:\Users\Kiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Kiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Kiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Adblock Plus) - C:\Users\Kiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.6.1_0
CHR Extension: (Google Search) - C:\Users\Kiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (FrankerFaceZ) - C:\Users\Kiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\fadndhdgpmmaapbmfcknlfgcflmmmieb\1.40_0
CHR Extension: (SiteAdvisor) - C:\Users\Kiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.6.2.1341_1
CHR Extension: (Auto Replay for YouTube) - C:\Users\Kiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb\1.9.28_0
CHR Extension: (Auto HD For YouTube\u2122) - C:\Users\Kiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\koiaokdomkpjdgniimnkhgbilbjgpeak\5.24_0
CHR Extension: (Pokemon Red) - C:\Users\Kiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\njkgicmllgmdcfmfpjmkaoepfikefmlh\1_0
CHR Extension: (Google Wallet) - C:\Users\Kiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Gmail) - C:\Users\Kiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [eooncjejnppfjjklapaamhcdmjbilmde] - C:\Users\Kiwi\AppData\Roaming\BabSolution\CR\Delta.crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\17.0.0.12\avg.crx

==================== Services (Whitelisted) =================

R2 avgfws; C:\Program Files (x86)\AVG\AVG2014\avgfws.exe [1358944 2013-09-25] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3538480 2013-10-03] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [301152 2013-09-25] (AVG Technologies CZ, s.r.o.)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [945440 2012-02-01] (Broadcom Corporation.)
S2 CLKMSVC10_3A60B698; C:\Program Files (x86)\Lenovo\PowerDVD10\NavFilter\kmsvc.exe [241648 2011-04-20] (CyberLink)
R2 DamageGuardSvc; C:\Program Files\Lenovo\Instant Reset\DamageGuardSvc.exe [572976 2012-02-13] (Lenovo (Beijing) Limited)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-28] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377104 2013-10-11] (LogMeIn, Inc.)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [30184 2013-08-08] ()
R2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe [101048 2011-02-16] (McAfee, Inc.)
S3 npggsvc; C:\Windows\SysWow64\GameMon.des [5127200 2013-05-26] (INCA Internet Co., Ltd.)
R2 vToolbarUpdater17.0.12; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe [1734680 2013-10-02] (AVG Secure Search)

==================== Drivers (Whitelisted) ====================

S3 ActionReplayDS; C:\Windows\System32\Drivers\ActionReplayDS_x64.sys [51600 2007-02-08] (Thesycon GmbH, Germany)
R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [22600 2013-03-21] (AVAST Software)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [147768 2013-09-25] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [57144 2013-11-03] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-05-04] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-05-04] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206136 2013-05-04] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311096 2013-05-04] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-05-04] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-05-04] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [239416 2013-05-04] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-10-02] (AVG Technologies)
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [134696 2012-02-02] (Broadcom Corporation.)
R1 DamageGuard; C:\Windows\System32\DRIVERS\DamageGuardX64.sys [217392 2012-02-10] (Lenovo)
R1 dgFltr; C:\Windows\System32\drivers\dgFltrX64.sys [23648 2011-12-13] (Lenovo)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [952832 2011-12-06] (Vimicro Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
U3 BcmSqlStartupSvc; 
U2 CLKMSVC10_C3B3B687; 
U2 DriverService; 
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
U2 iATAgentService; 
U2 idealife Update Service; 
U3 IGRS; 
U2 IviRegMgr; 
U2 Oasis2Service; 
U2 PCCarerService; 
U2 ReadyComm.DirectRouter; 
U2 RichVideo; 
U2 RtLedService; 
U2 SeaPort; 
U2 SoftwareService; 
U3 SQLWriter; 

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-13 17:58 - 2013-11-13 17:58 - 01957610 _____ (Farbar) C:\Users\Kiwi\Downloads\FRST64 (1).exe
2013-11-13 17:58 - 2013-11-13 17:58 - 01957610 _____ (Farbar) C:\Users\Kiwi\Desktop\FRST64 (1).exe
2013-11-13 17:26 - 2013-11-13 17:44 - 00000000 ___SD C:\ComboFix
2013-11-12 13:54 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2013-11-12 13:54 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2013-11-12 13:54 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-11-12 13:54 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-11-12 13:54 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-11-12 13:54 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) C:\Windows\SWXCACLS.exe
2013-11-12 13:54 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2013-11-12 13:54 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2013-11-12 13:54 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2013-11-12 13:50 - 2013-11-12 13:53 - 00000000 ____D C:\Qoobox
2013-11-12 13:45 - 2013-11-12 13:45 - 00000000 ____D C:\Windows\erdnt
2013-11-12 13:41 - 2013-11-12 13:42 - 05145576 ____R (Swearware) C:\Users\Kiwi\Desktop\ComboFix.exe
2013-11-12 13:39 - 2013-11-12 13:39 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2013-11-11 20:25 - 2013-11-11 20:25 - 00041850 _____ C:\Users\Kiwi\Desktop\Gmer.Txt
2013-11-11 20:10 - 2013-11-13 17:59 - 00025348 _____ C:\Users\Kiwi\Desktop\FRST.txt
2013-11-11 20:09 - 2013-11-11 20:10 - 00023467 _____ C:\Users\Kiwi\Desktop\Addition.txt
2013-11-11 20:06 - 2013-11-11 20:06 - 00000000 ____D C:\FRST
2013-11-11 20:05 - 2013-11-11 20:05 - 00000470 _____ C:\Users\Kiwi\Desktop\defogger_disable.log
2013-11-11 20:05 - 2013-11-11 20:05 - 00000000 _____ C:\Users\Kiwi\defogger_reenable
2013-11-11 20:04 - 2013-11-11 20:03 - 00377856 _____ C:\Users\Kiwi\Desktop\gmer_2.1.19163.exe
2013-11-11 20:04 - 2013-11-11 20:03 - 00050477 _____ C:\Users\Kiwi\Desktop\Defogger.exe
2013-11-11 20:03 - 2013-11-11 20:03 - 01957590 _____ (Farbar) C:\Users\Kiwi\Downloads\FRST64.exe
2013-11-11 20:03 - 2013-11-11 20:03 - 00377856 _____ C:\Users\Kiwi\Downloads\gmer_2.1.19163.exe
2013-11-11 20:03 - 2013-11-11 20:03 - 00050477 _____ C:\Users\Kiwi\Downloads\Defogger.exe
2013-11-11 19:48 - 2013-11-11 19:48 - 00000000 ____D C:\AdwCleaner
2013-11-11 19:47 - 2013-11-11 19:47 - 01085542 _____ C:\Users\Kiwi\Downloads\adwcleaner.exe
2013-11-11 19:04 - 2013-11-11 19:04 - 00000000 ____D C:\Users\Kiwi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte
2013-11-11 18:37 - 2013-11-11 19:23 - 00001908 _____ C:\Windows\diagwrn.xml
2013-11-11 18:37 - 2013-11-11 19:23 - 00001908 _____ C:\Windows\diagerr.xml
2013-11-11 18:37 - 2013-11-11 18:57 - 00000000 ____D C:\$WINDOWS.~BT
2013-11-04 19:24 - 2013-11-04 19:24 - 00000000 ____D C:\Users\Kiwi\AppData\Roaming\Adobe
2013-11-04 19:24 - 2013-11-04 19:24 - 00000000 ____D C:\Users\Kiwi\AppData\Roaming\Adobe
2013-11-04 17:39 - 2013-11-04 19:19 - 00000000 ____D C:\ProgramData\MFAData
2013-11-04 17:39 - 2013-11-04 19:19 - 00000000 ____D C:\ProgramData\MFAData
2013-11-04 17:39 - 2013-11-04 17:39 - 00000000 ____D C:\Users\Kiwi\AppData\Local\MFAData
2013-11-04 17:39 - 2013-11-04 17:39 - 00000000 ____D C:\Users\Kiwi\AppData\Local\MFAData
2013-11-04 17:39 - 2013-11-04 17:39 - 00000000 ____D C:\Users\Kiwi\AppData\Local\Avg2014
2013-11-04 17:39 - 2013-11-04 17:39 - 00000000 ____D C:\Users\Kiwi\AppData\Local\Avg2014
2013-11-04 17:38 - 2013-11-04 17:38 - 04424240 _____ (AVG Technologies) C:\Users\Kiwi\Downloads\avg_avct_stb_all_2014_4116_cm10.exe
2013-11-03 18:26 - 2013-11-03 18:26 - 00057144 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgfwd6a.sys
2013-11-03 18:22 - 2013-11-03 18:22 - 04436536 _____ (AVG Technologies) C:\Users\Kiwi\Downloads\avg_isct_stb_all_2014_4158.exe
2013-11-03 17:53 - 2013-11-03 17:53 - 00000000 ____D C:\Users\Kiwi\AppData\Local\Google
2013-11-03 17:53 - 2013-11-03 17:53 - 00000000 ____D C:\Users\Kiwi\AppData\Local\Google
2013-11-03 03:00 - 2013-11-03 03:00 - 00000000 ____D C:\ProgramData\BitGuard
2013-11-03 03:00 - 2013-11-03 03:00 - 00000000 ____D C:\ProgramData\BitGuard
2013-11-02 21:40 - 2013-11-03 14:09 - 00000165 _____ C:\Users\Kiwi\Desktop\tembild.txt
2013-10-29 21:18 - 2013-10-29 21:18 - 00000000 ____D C:\Users\Kiwi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
2013-10-24 19:18 - 2013-11-11 21:55 - 00002051 _____ C:\Users\Kiwi\Desktop\cooki.txt
2013-10-23 17:49 - 2013-10-23 17:49 - 00837410 _____ C:\Users\Kiwi\Downloads\117826 Duca - Welcome Berry's (1).osz
2013-10-22 02:11 - 2013-10-22 02:16 - 258366720 _____ (NVIDIA Corporation) C:\Users\Kiwi\Downloads\331.58-notebook-win8-win7-64bit-international-whql.exe
2013-10-21 20:47 - 2013-10-21 20:47 - 00001290 _____ C:\Users\Kiwi\Desktop\MineLaunchSP - Verknüpfung.lnk
2013-10-21 20:45 - 2013-10-21 20:45 - 00000000 ____D C:\Users\Kiwi\Desktop\minecraft
2013-10-21 18:39 - 2013-10-21 18:39 - 00000000 ____D C:\Users\Kiwi\Downloads\mc152-mods (1)
2013-10-21 18:20 - 2013-10-21 18:38 - 544515098 _____ C:\Users\Kiwi\Downloads\mc152-mods (1).zip
2013-10-21 18:08 - 2013-10-21 18:14 - 172932726 _____ C:\Users\Kiwi\Downloads\mc152-mods.zip
2013-10-18 19:32 - 2013-10-18 19:32 - 911787894 _____ C:\Windows\MEMORY.DMP
2013-10-18 19:32 - 2013-10-18 19:32 - 00286584 _____ C:\Windows\Minidump\101813-49405-01.dmp
2013-10-18 19:30 - 2013-10-18 19:30 - 02795931 _____ C:\Users\Kiwi\Downloads\27862 Suzaku - VANESSA.osz
2013-10-18 12:09 - 2013-10-18 12:09 - 00002832 _____ C:\Users\Kiwi\Documents\norm.rms
2013-10-18 00:42 - 2013-10-18 00:42 - 00005808 _____ C:\Users\Kiwi\Documents\olk.rms
2013-10-17 21:43 - 2013-10-17 21:43 - 00910736 _____ (ghost-mouse.com                                             ) C:\Users\Kiwi\Downloads\GhostMouse321-Setup.exe
2013-10-17 21:43 - 2013-10-17 21:43 - 00001080 _____ C:\Users\Public\Desktop\GhostMouse Free.lnk
2013-10-17 21:43 - 2013-10-17 21:43 - 00000000 ____D C:\Users\Kiwi\Documents\AutomaticSolution Software
2013-10-17 21:43 - 2013-10-17 21:43 - 00000000 ____D C:\Program Files (x86)\GhostMouse
2013-10-17 14:36 - 2013-10-17 14:38 - 00001352 _____ C:\Users\Kiwi\Desktop\Poke.txt

==================== One Month Modified Files and Folders =======

2013-11-13 17:59 - 2013-11-11 20:10 - 00025348 _____ C:\Users\Kiwi\Desktop\FRST.txt
2013-11-13 17:58 - 2013-11-13 17:58 - 01957610 _____ (Farbar) C:\Users\Kiwi\Downloads\FRST64 (1).exe
2013-11-13 17:58 - 2013-11-13 17:58 - 01957610 _____ (Farbar) C:\Users\Kiwi\Desktop\FRST64 (1).exe
2013-11-13 17:50 - 2013-01-01 03:03 - 00000000 ____D C:\Users\Kiwi\AppData\Local\PMB Files
2013-11-13 17:48 - 2012-05-21 19:01 - 00001124 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-13 17:44 - 2013-11-13 17:26 - 00000000 ___SD C:\ComboFix
2013-11-13 17:30 - 2012-05-21 19:01 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-13 17:25 - 2013-05-24 15:33 - 00000000 ____D C:\Users\Kiwi\AppData\Local\LogMeIn Hamachi
2013-11-13 17:23 - 1601-01-02 05:16 - 01672852 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-13 17:23 - 1601-01-02 05:16 - 00727118 _____ C:\Windows\system32\perfh007.dat
2013-11-13 17:23 - 1601-01-02 05:16 - 00158012 _____ C:\Windows\system32\perfc007.dat
2013-11-13 17:22 - 2013-04-13 17:06 - 00000000 ____D C:\Users\Kiwi\AppData\Roaming\Spotify
2013-11-13 17:22 - 2012-12-31 12:48 - 00000000 ____D C:\Users\Kiwi\AppData\Roaming\Skype
2013-11-13 17:20 - 2013-01-27 17:00 - 00000000 ____D C:\Program Files (x86)\Steam
2013-11-13 17:20 - 1601-01-02 05:16 - 00154759 _____ C:\Windows\system32\fastboot.set
2013-11-13 11:06 - 2013-06-27 10:57 - 00434388 _____ C:\Windows\PFRO.log
2013-11-13 11:06 - 1601-01-02 05:16 - 00000445 _____ C:\Windows\setupact.log
2013-11-13 11:06 - 1601-01-02 05:16 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-12 18:29 - 2012-05-21 18:17 - 01719537 _____ C:\Windows\WindowsUpdate.log
2013-11-12 13:53 - 2013-11-12 13:50 - 00000000 ____D C:\Qoobox
2013-11-12 13:45 - 2013-11-12 13:45 - 00000000 ____D C:\Windows\erdnt
2013-11-12 13:42 - 2013-11-12 13:41 - 05145576 ____R (Swearware) C:\Users\Kiwi\Desktop\ComboFix.exe
2013-11-12 13:39 - 2013-11-12 13:39 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2013-11-12 13:39 - 2013-05-24 15:33 - 00000943 _____ C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
2013-11-11 21:55 - 2013-10-24 19:18 - 00002051 _____ C:\Users\Kiwi\Desktop\cooki.txt
2013-11-11 20:25 - 2013-11-11 20:25 - 00041850 _____ C:\Users\Kiwi\Desktop\Gmer.Txt
2013-11-11 20:10 - 2013-11-11 20:09 - 00023467 _____ C:\Users\Kiwi\Desktop\Addition.txt
2013-11-11 20:06 - 2013-11-11 20:06 - 00000000 ____D C:\FRST
2013-11-11 20:05 - 2013-11-11 20:05 - 00000470 _____ C:\Users\Kiwi\Desktop\defogger_disable.log
2013-11-11 20:05 - 2013-11-11 20:05 - 00000000 _____ C:\Users\Kiwi\defogger_reenable
2013-11-11 20:03 - 2013-11-11 20:04 - 00377856 _____ C:\Users\Kiwi\Desktop\gmer_2.1.19163.exe
2013-11-11 20:03 - 2013-11-11 20:04 - 00050477 _____ C:\Users\Kiwi\Desktop\Defogger.exe
2013-11-11 20:03 - 2013-11-11 20:03 - 01957590 _____ (Farbar) C:\Users\Kiwi\Downloads\FRST64.exe
2013-11-11 20:03 - 2013-11-11 20:03 - 00377856 _____ C:\Users\Kiwi\Downloads\gmer_2.1.19163.exe
2013-11-11 20:03 - 2013-11-11 20:03 - 00050477 _____ C:\Users\Kiwi\Downloads\Defogger.exe
2013-11-11 19:48 - 2013-11-11 19:48 - 00000000 ____D C:\AdwCleaner
2013-11-11 19:47 - 2013-11-11 19:47 - 01085542 _____ C:\Users\Kiwi\Downloads\adwcleaner.exe
2013-11-11 19:30 - 2009-07-14 05:45 - 00316560 _____ C:\Windows\system32\FNTCACHE.DAT
2013-11-11 19:23 - 2013-11-11 18:37 - 00001908 _____ C:\Windows\diagwrn.xml
2013-11-11 19:23 - 2013-11-11 18:37 - 00001908 _____ C:\Windows\diagerr.xml
2013-11-11 19:20 - 1601-01-02 05:16 - 00000000 _____ C:\Windows\setuperr.log
2013-11-11 19:04 - 2013-11-11 19:04 - 00000000 ____D C:\Users\Kiwi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte
2013-11-11 18:57 - 2013-11-11 18:37 - 00000000 ____D C:\$WINDOWS.~BT
2013-11-04 19:24 - 2013-11-04 19:24 - 00000000 ____D C:\Users\Kiwi\AppData\Roaming\Adobe
2013-11-04 19:24 - 2013-11-04 19:24 - 00000000 ____D C:\Users\Kiwi\AppData\Roaming\Adobe
2013-11-04 19:19 - 2013-11-04 17:39 - 00000000 ____D C:\ProgramData\MFAData
2013-11-04 19:19 - 2013-11-04 17:39 - 00000000 ____D C:\ProgramData\MFAData
2013-11-04 17:39 - 2013-11-04 17:39 - 00000000 ____D C:\Users\Kiwi\AppData\Local\MFAData
2013-11-04 17:39 - 2013-11-04 17:39 - 00000000 ____D C:\Users\Kiwi\AppData\Local\MFAData
2013-11-04 17:39 - 2013-11-04 17:39 - 00000000 ____D C:\Users\Kiwi\AppData\Local\Avg2014
2013-11-04 17:39 - 2013-11-04 17:39 - 00000000 ____D C:\Users\Kiwi\AppData\Local\Avg2014
2013-11-04 17:38 - 2013-11-04 17:38 - 04424240 _____ (AVG Technologies) C:\Users\Kiwi\Downloads\avg_avct_stb_all_2014_4116_cm10.exe
2013-11-03 18:26 - 2013-11-03 18:26 - 00057144 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgfwd6a.sys
2013-11-03 18:22 - 2013-11-03 18:22 - 04436536 _____ (AVG Technologies) C:\Users\Kiwi\Downloads\avg_isct_stb_all_2014_4158.exe
2013-11-03 17:53 - 2013-11-03 17:53 - 00000000 ____D C:\Users\Kiwi\AppData\Local\Google
2013-11-03 17:53 - 2013-11-03 17:53 - 00000000 ____D C:\Users\Kiwi\AppData\Local\Google
2013-11-03 14:09 - 2013-11-02 21:40 - 00000165 _____ C:\Users\Kiwi\Desktop\tembild.txt
2013-11-03 14:09 - 2012-12-31 12:54 - 00000000 ____D C:\Program Files (x86)\osu!
2013-11-03 14:08 - 2013-09-25 17:00 - 00000000 ____D C:\ProgramData\AVG2014
2013-11-03 03:00 - 2013-11-03 03:00 - 00000000 ____D C:\ProgramData\BitGuard
2013-11-03 03:00 - 2013-11-03 03:00 - 00000000 ____D C:\ProgramData\BitGuard
2013-11-02 19:05 - 2013-06-02 00:13 - 00001507 _____ C:\Users\Kiwi\Desktop\Neues Textdokument.txt
2013-10-31 21:53 - 2012-09-15 17:02 - 00000000 ___RD C:\Users\Kiwi\Desktop\.
2013-10-29 21:18 - 2013-10-29 21:18 - 00000000 ____D C:\Users\Kiwi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
2013-10-28 22:21 - 2013-08-02 21:27 - 00000000 ____D C:\Users\Kiwi\Desktop\Neuer Ordner (2)
2013-10-28 04:28 - 2013-01-01 03:03 - 00000000 ____D C:\ProgramData\PMB Files
2013-10-23 17:49 - 2013-10-23 17:49 - 00837410 _____ C:\Users\Kiwi\Downloads\117826 Duca - Welcome Berry's (1).osz
2013-10-22 02:16 - 2013-10-22 02:11 - 258366720 _____ (NVIDIA Corporation) C:\Users\Kiwi\Downloads\331.58-notebook-win8-win7-64bit-international-whql.exe
2013-10-22 02:03 - 2013-07-13 10:41 - 00039139 _____ C:\Windows\IE10_main.log
2013-10-22 02:03 - 2013-07-13 10:41 - 00039139 _____ C:\Windows\IE10_main.log
2013-10-21 20:47 - 2013-10-21 20:47 - 00001290 _____ C:\Users\Kiwi\Desktop\MineLaunchSP - Verknüpfung.lnk
2013-10-21 20:45 - 2013-10-21 20:45 - 00000000 ____D C:\Users\Kiwi\Desktop\minecraft
2013-10-21 19:43 - 1601-01-02 05:16 - 548703693 _____ C:\Users\Kiwi\Desktop\minecraft.rar
2013-10-21 18:39 - 2013-10-21 18:39 - 00000000 ____D C:\Users\Kiwi\Downloads\mc152-mods (1)
2013-10-21 18:38 - 2013-10-21 18:20 - 544515098 _____ C:\Users\Kiwi\Downloads\mc152-mods (1).zip
2013-10-21 18:14 - 2013-10-21 18:08 - 172932726 _____ C:\Users\Kiwi\Downloads\mc152-mods.zip
2013-10-21 17:59 - 2013-07-18 20:59 - 00000000 ____D C:\Users\Kiwi\AppData\Roaming\.minecraft
2013-10-18 19:32 - 2013-10-18 19:32 - 911787894 _____ C:\Windows\MEMORY.DMP
2013-10-18 19:32 - 2013-10-18 19:32 - 00286584 _____ C:\Windows\Minidump\101813-49405-01.dmp
2013-10-18 19:32 - 2013-05-14 20:17 - 00000000 ____D C:\Windows\Minidump
2013-10-18 19:30 - 2013-10-18 19:30 - 02795931 _____ C:\Users\Kiwi\Downloads\27862 Suzaku - VANESSA.osz
2013-10-18 12:09 - 2013-10-18 12:09 - 00002832 _____ C:\Users\Kiwi\Documents\norm.rms
2013-10-18 00:42 - 2013-10-18 00:42 - 00005808 _____ C:\Users\Kiwi\Documents\olk.rms
2013-10-17 21:43 - 2013-10-17 21:43 - 00910736 _____ (ghost-mouse.com                                             ) C:\Users\Kiwi\Downloads\GhostMouse321-Setup.exe
2013-10-17 21:43 - 2013-10-17 21:43 - 00001080 _____ C:\Users\Public\Desktop\GhostMouse Free.lnk
2013-10-17 21:43 - 2013-10-17 21:43 - 00000000 ____D C:\Users\Kiwi\Documents\AutomaticSolution Software
2013-10-17 21:43 - 2013-10-17 21:43 - 00000000 ____D C:\Program Files (x86)\GhostMouse
2013-10-17 14:38 - 2013-10-17 14:36 - 00001352 _____ C:\Users\Kiwi\Desktop\Poke.txt
2013-10-16 19:49 - 2012-12-31 13:05 - 00000000 ____D C:\Users\Kiwi\Desktop\Bilder Undso

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-26 17:39

==================== End Of Log ============================
         
--- --- ---

--- --- ---


außerdem meldet avg mir mittlerweile auch einen Adware: Generic5.AJQD , falls diese information irgendwie hilft


Alt 14.11.2013, 09:53   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7 : Avg melded Tojaner: dropper.generik8.CLXE und kann ihn nicht entfernen - Standard

Windows 7 : Avg melded Tojaner: dropper.generik8.CLXE und kann ihn nicht entfernen



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
--> Windows 7 : Avg melded Tojaner: dropper.generik8.CLXE und kann ihn nicht entfernen

Alt 14.11.2013, 19:58   #7
mariomon11
 
Windows 7 : Avg melded Tojaner: dropper.generik8.CLXE und kann ihn nicht entfernen - Standard

Windows 7 : Avg melded Tojaner: dropper.generik8.CLXE und kann ihn nicht entfernen



der adwcleaner hat sich beim scannen nach infizierten verknüpfungen 2 mal aufgehangen (bzw ist nach 1-2 stunden immer noch nicht weiter/fertig gewesen) daher fehlt dieses log

MBAM log :
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.11.14.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Kiwi :: GAMER-PC [Administrator]

Schutz: Aktiviert

14.11.2013 15:31:15
mbam-log-2013-11-14 (15-31-15).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 228621
Laufzeit: 8 Minute(n), 11 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 37
HKCR\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE} (PUP.Optional.Delta) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\escort.escortIEPane.1 (PUP.Optional.Delta) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\escort.escortIEPane (PUP.Optional.Delta) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} (PUP.Optional.Delta) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\delta.deltaHlpr.1 (PUP.Optional.Delta) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\delta.deltaHlpr (PUP.Optional.Delta) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} (PUP.Optional.Delta) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} (PUP.Optional.Delta) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} (PUP.Optional.Delta) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8} (PUP.Optional.Delta) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D} (PUP.Optional.Delta) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\esrv.deltaESrvc.1 (PUP.Optional.Delta) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\esrv.deltaESrvc (PUP.Optional.Delta) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\delta.deltadskBnd.1 (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\delta.deltadskBnd (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Typelib\{4599D05A-D545-4069-BB42-5895B4EAE05B} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Interface\{1231839B-064E-4788-B865-465A1B5266FD} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\DELTA\DELTA (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\DataMngr (PUP.Optional.DataMngr.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\BabSolution\Updater (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings (PUP.Optional.BProtector.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Delta\delta\Instl (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\delta.deltaappCore.1 (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\delta.deltaappCore (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\d (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\delta (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 7
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{82E1477C-B154-48D3-9891-33D83C26BCD3} (PUP.Optional.Delta.A) -> Daten: Delta Toolbar -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{82E1477C-B154-48D3-9891-33D83C26BCD3} (PUP.Optional.Delta.A) -> Daten:  -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Delta\Delta|tlbrSrchUrl (PUP.Optional.Delta.A) -> Daten:  -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|bProtector Start Page (PUP.BProtector) -> Daten: hxxp://search.babylon.com/?babsrc=HP_ss_din2g&mntrId=1855C01885D2AB98&affID=121845&tt=180613_ndtc&tsp=4919 -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|bProtectorDefaultScope (PUP.BProtector) -> Daten: {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\Delta\delta|lastB (PUP.Optional.Delta.A) -> Daten: hxxp://www.delta-search.com/?babsrc=HP_ss&mntrId=1855C01885D2AB98&affID=121845&tt=180613_ndtc&tsp=4919 -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Daten: 0L1N1H2O1S -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 8
C:\Users\Kiwi\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Kiwi\AppData\Roaming\Delta (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Kiwi\AppData\Roaming\BABSOLUTION (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Kiwi\AppData\Roaming\BABSOLUTION\CR (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Kiwi\AppData\Roaming\BABSOLUTION\Shared (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Delta\delta\1.8.21.5 (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Delta\delta\1.8.21.5\bh (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Kiwi\AppData\Roaming\FILE SCOUT (PUP.Optional.FileScout.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 34
C:\Program Files (x86)\Delta\delta\1.8.21.5\bh\delta.dll (PUP.Optional.Delta) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Delta\delta\1.8.21.5\deltasrv.exe (PUP.Optional.Delta) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Delta\delta\1.8.21.5\deltaTlbr.dll (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Kiwi\AppData\Roaming\File Scout\filescout.exe (PUP.Optional.FileScout.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Kiwi\AppData\Local\Temp\bus231\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Kiwi\AppData\Local\Temp\bus25F1\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Kiwi\AppData\Local\Temp\bus2EEC\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Kiwi\AppData\Local\Temp\bus3F11\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Kiwi\AppData\Local\Temp\bus5D97\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Kiwi\AppData\Local\Temp\bus67B3\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Kiwi\AppData\Local\Temp\bus6AF2\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Kiwi\AppData\Local\Temp\bus744F\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Kiwi\AppData\Local\Temp\bus846B\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Kiwi\AppData\Local\Temp\busAA4B\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Kiwi\AppData\Local\Temp\busD162\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Kiwi\AppData\Local\Temp\busDF6C\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Kiwi\AppData\Local\Temp\busF91D\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Kiwi\AppData\Local\Temp\busFB2F\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Kiwi\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Kiwi\AppData\Roaming\Delta\sqlite3.dll (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Kiwi\AppData\Local\Google\Chrome\User Data\Default\BPROTECTOR WEB DATA (PUP.Optional.BProtector.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Kiwi\AppData\Local\Google\Chrome\User Data\Default\BPROTECTORPREFERENCES (PUP.Optional.BProtector.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Kiwi\AppData\Roaming\BABSOLUTION\CR\Delta.crx (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Kiwi\AppData\Roaming\BABSOLUTION\Shared\BUSolution.dll (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Kiwi\AppData\Roaming\BABSOLUTION\Shared\chu.js (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Kiwi\AppData\Roaming\BABSOLUTION\Shared\Delta.ico (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Kiwi\AppData\Roaming\BABSOLUTION\Shared\GUninstaller.exe (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Kiwi\AppData\Roaming\BABSOLUTION\Shared\SetupParams.ini (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Kiwi\AppData\Roaming\BABSOLUTION\Shared\sqlite3.dll (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Delta\delta\1.8.21.5\deltaApp.dll (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Delta\delta\1.8.21.5\deltaEng.dll (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Delta\delta\1.8.21.5\GUninstaller.exe (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Delta\delta\1.8.21.5\uninstall.exe (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Kiwi\AppData\Roaming\FILE SCOUT\uninst.exe (PUP.Optional.FileScout.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
JRT log :
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by Kiwi on 14.11.2013 at 19:29:51,18
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escort.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escortapp.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escorteng.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escortlbr.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\esrv.exe
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\scripthelper.exe
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\secman.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\viprotocol.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\babsolution
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\delta
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2273897401-1722668117-2798484020-1001\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\delta
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\protocols\handler\viprotocol
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{15d2d75c-9cb2-4efd-bad7-b9b4cb4bc693}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}



~~~ Files

Successfully deleted: [File] C:\Windows\syswow64\sho6433.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoA78B.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoD196.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoEDF2.tmp



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\babylon"
Failed to delete: [Folder] "C:\ProgramData\bitguard"
Successfully deleted: [Folder] "C:\ProgramData\partner"
Successfully deleted: [Folder] "C:\Program Files (x86)\delta"
Successfully deleted: [Folder] "C:\Program Files (x86)\myfree codec"
Successfully deleted: [Empty Folder] C:\Users\Kiwi\appdata\local\{0AA5EA0B-883F-4F70-B15C-B4243D0CDF07}
Successfully deleted: [Empty Folder] C:\Users\Kiwi\appdata\local\{C6F3593B-FF5A-4B2C-9447-01AB51876A32}
Successfully deleted: [Empty Folder] C:\Users\Kiwi\appdata\local\{E88BA37B-D938-4B03-9F59-B8151D18419F}
Successfully deleted: [Empty Folder] C:\Users\Kiwi\appdata\local\{F3A4E6A9-0D5E-468E-9AC4-D40748FF6874}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 14.11.2013 at 19:40:15,85
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         


FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-11-2013
Ran by Kiwi (administrator) on GAMER-PC on 14-11-2013 19:51:51
Running from C:\Users\Kiwi\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Conexant Systems Inc.) C:\Windows\system32\CxAudMsg64.exe
(Lenovo (Beijing) Limited) C:\Program Files\Lenovo\Instant Reset\DamageGuardSvc.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Spotify Ltd) C:\Users\Kiwi\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
() C:\Program Files\Rainmeter\Rainmeter.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\Bluetooth Headset Helper.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
( ) C:\Program Files (x86)\LockKey\LockKey.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331_STI.EXE
(Lenovo) C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(cyberlink) C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
() C:\Program Files (x86)\Trust Gaming Mouse\Mouse.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\loggingserver.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcfgex.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcfgex.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Kiwi\Desktop\FRST64 (1).exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [cAudioFilterAgent] - C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe [564352 2011-12-15] (Conexant Systems, Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2867984 2011-12-22] (Synaptics Incorporated)
HKLM\...\Run: [Energy Management] - C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [8079408 2012-05-21] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] - C:\Program Files (x86)\Lenovo\Energy Management\utility.exe [6199128 2012-05-21] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo EE Boot Optimizer] - C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [206176 2012-05-21] (Lenovo)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Pando Media Booster] - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2013-01-01] ()
HKCU\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1820584 2013-10-30] (Valve Corporation)
HKCU\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1476104 2012-12-20] (Samsung)
HKCU\...\Run: [KiesAirMessage] - C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe [578560 2012-12-18] (Samsung Electronics)
HKCU\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844296 2012-12-20] (Samsung)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
HKCU\...\Run: [Spotify] - C:\Users\Kiwi\AppData\Roaming\Spotify\spotify.exe [4643328 2013-06-23] (Spotify Ltd)
HKCU\...\Run: [Spotify Web Helper] - C:\Users\Kiwi\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1104384 2013-06-23] (Spotify Ltd)
HKCU\...\Run: [NexonPlug] - C:\Nexon\NexonPlug\NexonPlug.exe [2120024 2013-10-16] (Nexon Korea Corp.)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation)
HKLM-x32\...\Run: [LockKey] - C:\Program Files (x86)\LockKey\LockKey.exe [337776 2011-08-25] ( )
HKLM-x32\...\Run: [Dolby Advanced Audio v2] - C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [507744 2011-12-20] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [331BigDog] - C:\Program Files (x86)\USB Camera\VM331_STI.EXE [548864 2011-11-24] (Vimicro)
HKLM-x32\...\Run: [YouCam Mirage] - C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2011-01-28] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] - C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [228448 2011-01-28] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] - C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [VeriFaceManager] - C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2012-05-21] (Lenovo)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [87336 2010-02-02] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] - C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2011-09-28] (cyberlink)
HKLM-x32\...\Run: [UpdatePRCShortCut] - C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [Trust Gaming Mouse] - C:\Program Files (x86)\Trust Gaming Mouse\Mouse.exe [2245632 2011-01-17] ()
HKLM-x32\...\Run: [TQ566808] - "F:\Setup.exe"
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310280 2012-12-20] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4908592 2013-10-07] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] - C:\Program Files (x86)\AVG Secure Search\vprot.exe [2420248 2013-11-14] ()
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2349392 2013-10-31] (LogMeIn Inc.)
HKU\Default\...\RunOnce: [Lenovo.ShowBand] - C:\Program Files\Lenovo\SimpleTap DeskBand\ShowBand.exe [52584 2013-08-08] (Lenovo)
HKU\Default User\...\RunOnce: [Lenovo.ShowBand] - C:\SWTOOLS\SimpleTap DeskBand\ShowBand.exe /show
AppInit_DLLs: c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll c:\windows\system32\nvinitx.dll [1952224 2013-10-22] ()
Lsa: [Notification Packages] scecli C:\Program Files\Lenovo\Bluetooth Software\BtwProximityCP.dll
Startup: C:\Users\Kiwi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Kiwi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.nexon.com
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/
URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {0633ee93-d776-472f-a0ff-e1416b8b2e3a} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

Chrome: 
=======
CHR HomePage: hxxp://isearch.avg.com?cid={010A57FD-D70D-43C0-A11D-52D7B495A5D6}&mid=8ff00883eaf247d384991151c336426b-b49c419320561ec3b366d6005ff47f2eedf4150b&lang=en&ds=AVG&coid=avgtbavg&pr=pr&d=2013-09-25 18:01:43&v=17.0.1.12&pid=avg&sg=0&sap=hp
CHR RestoreOnStartup: "hxxp://isearch.avg.com?cid={010A57FD-D70D-43C0-A11D-52D7B495A5D6}&mid=8ff00883eaf247d384991151c336426b-b49c419320561ec3b366d6005ff47f2eedf4150b&lang=en&ds=AVG&coid=avgtbavg&pr=pr&d=2013-09-25 18:01:43&v=17.0.1.12&pid=avg&sg=0&sap=hp"
CHR DefaultSearchURL: (AVG Secure Search) - hxxp://isearch.avg.com/search?cid={010A57FD-D70D-43C0-A11D-52D7B495A5D6}&mid=8ff00883eaf247d384991151c336426b-b49c419320561ec3b366d6005ff47f2eedf4150b&lang=en&ds=AVG&coid=avgtbavg&pr=pr&d=2013-09-25 18:01:43&v=17.0.1.12&pid=avg&sg=0&sap=dsp&q={searchTerms}
CHR DefaultSuggestURL: (AVG Secure Search) - hxxp://toolbar.avg.com/acp?q={searchTerms}&o=1
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.2.0\\npsitesafety.dll (AVG Technologies)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java(TM) Platform SE 7 U10) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.100.18) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Extension: (SiteAdvisor) - C:\Users\Kiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.6.2.1341_1
CHR Extension: (Google Docs) - C:\Users\Kiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Kiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Kiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Adblock Plus) - C:\Users\Kiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.6.1_0
CHR Extension: (Google Search) - C:\Users\Kiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (FrankerFaceZ) - C:\Users\Kiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\fadndhdgpmmaapbmfcknlfgcflmmmieb\1.40_0
CHR Extension: (SiteAdvisor) - C:\Users\Kiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.6.2.1341_1
CHR Extension: (Auto Replay for YouTube) - C:\Users\Kiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb\1.9.28_0
CHR Extension: (Auto HD For YouTube\u2122) - C:\Users\Kiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\koiaokdomkpjdgniimnkhgbilbjgpeak\5.24_0
CHR Extension: (AVG Secure Search) - C:\Users\Kiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\17.1.2.1_0
CHR Extension: (Pokemon Red) - C:\Users\Kiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\njkgicmllgmdcfmfpjmkaoepfikefmlh\1_0
CHR Extension: (Google Wallet) - C:\Users\Kiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Gmail) - C:\Users\Kiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\17.1.2.1\avg.crx

==================== Services (Whitelisted) =================

R2 avgfws; C:\Program Files (x86)\AVG\AVG2014\avgfws.exe [1358944 2013-09-25] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3538480 2013-10-03] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [301152 2013-09-25] (AVG Technologies CZ, s.r.o.)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [945440 2012-02-01] (Broadcom Corporation.)
S2 CLKMSVC10_3A60B698; C:\Program Files (x86)\Lenovo\PowerDVD10\NavFilter\kmsvc.exe [241648 2011-04-20] (CyberLink)
R2 DamageGuardSvc; C:\Program Files\Lenovo\Instant Reset\DamageGuardSvc.exe [572976 2012-02-13] (Lenovo (Beijing) Limited)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-28] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377104 2013-10-11] (LogMeIn, Inc.)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [30184 2013-08-08] ()
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe [101048 2011-02-16] (McAfee, Inc.)
S3 npggsvc; C:\Windows\SysWow64\GameMon.des [5127200 2013-05-26] (INCA Internet Co., Ltd.)
R2 vToolbarUpdater17.1.2; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe [1734680 2013-11-14] (AVG Secure Search)

==================== Drivers (Whitelisted) ====================

S3 ActionReplayDS; C:\Windows\System32\Drivers\ActionReplayDS_x64.sys [51600 2007-02-08] (Thesycon GmbH, Germany)
R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [22600 2013-03-21] (AVAST Software)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [147768 2013-09-25] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [57144 2013-11-03] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-05-04] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-05-04] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206136 2013-05-04] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311096 2013-05-04] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-05-04] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-05-04] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [239416 2013-05-04] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-11-14] (AVG Technologies)
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [134696 2012-02-02] (Broadcom Corporation.)
R1 DamageGuard; C:\Windows\System32\DRIVERS\DamageGuardX64.sys [217392 2012-02-10] (Lenovo)
R1 dgFltr; C:\Windows\System32\drivers\dgFltrX64.sys [23648 2011-12-13] (Lenovo)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [952832 2011-12-06] (Vimicro Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
U3 BcmSqlStartupSvc; 
U2 CLKMSVC10_C3B3B687; 
U2 DriverService; 
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
U2 iATAgentService; 
U2 idealife Update Service; 
U3 IGRS; 
U2 IviRegMgr; 
U2 Oasis2Service; 
U2 PCCarerService; 
U2 ReadyComm.DirectRouter; 
U2 RichVideo; 
U2 RtLedService; 
U2 SeaPort; 
U2 SoftwareService; 
U3 SQLWriter; 

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-14 19:40 - 2013-11-14 19:40 - 00008307 _____ C:\Users\Kiwi\Desktop\JRT.txt
2013-11-14 19:29 - 2013-11-14 19:29 - 00000000 ____D C:\Windows\ERUNT
2013-11-14 19:28 - 2013-11-14 19:28 - 01034531 _____ (Thisisu) C:\Users\Kiwi\Downloads\JRT.exe
2013-11-14 19:28 - 2013-11-14 19:28 - 01034531 _____ (Thisisu) C:\Users\Kiwi\Desktop\JRT.exe
2013-11-14 15:48 - 2013-11-14 15:48 - 01085542 _____ C:\Users\Kiwi\Downloads\adwcleaner (2).exe
2013-11-14 15:48 - 2013-11-14 15:48 - 01085542 _____ C:\Users\Kiwi\Downloads\adwcleaner (1).exe
2013-11-14 15:48 - 2013-11-14 15:48 - 01085542 _____ C:\Users\Kiwi\Desktop\adwcleaner (1).exe
2013-11-14 15:40 - 2013-11-14 15:40 - 00012468 _____ C:\Users\Kiwi\Desktop\mbam.txt
2013-11-14 15:28 - 2013-11-14 15:28 - 00001142 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-11-14 15:28 - 2013-11-14 15:28 - 00000000 ____D C:\Users\Kiwi\AppData\Roaming\Malwarebytes
2013-11-14 15:28 - 2013-11-14 15:28 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-14 15:28 - 2013-11-14 15:28 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-14 15:28 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-11-14 15:27 - 2013-11-14 15:27 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Kiwi\Downloads\mbam-setup-1.75.0.1300.exe
2013-11-14 15:25 - 2013-11-14 15:25 - 05145576 _____ (Swearware) C:\Users\Kiwi\Downloads\ComboFix.exe
2013-11-13 17:58 - 2013-11-13 17:58 - 01957610 _____ (Farbar) C:\Users\Kiwi\Downloads\FRST64 (1).exe
2013-11-13 17:58 - 2013-11-13 17:58 - 01957610 _____ (Farbar) C:\Users\Kiwi\Desktop\FRST64 (1).exe
2013-11-13 17:26 - 2013-11-13 17:44 - 00000000 ___SD C:\ComboFix
2013-11-12 13:54 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2013-11-12 13:54 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2013-11-12 13:54 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-11-12 13:54 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-11-12 13:54 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-11-12 13:54 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) C:\Windows\SWXCACLS.exe
2013-11-12 13:54 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2013-11-12 13:54 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2013-11-12 13:54 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2013-11-12 13:50 - 2013-11-12 13:53 - 00000000 ____D C:\Qoobox
2013-11-12 13:45 - 2013-11-12 13:45 - 00000000 ____D C:\Windows\erdnt
2013-11-12 13:41 - 2013-11-12 13:42 - 05145576 ____R (Swearware) C:\Users\Kiwi\Desktop\ComboFix.exe
2013-11-12 13:39 - 2013-11-12 13:39 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2013-11-11 20:25 - 2013-11-11 20:25 - 00041850 _____ C:\Users\Kiwi\Desktop\Gmer.Txt
2013-11-11 20:10 - 2013-11-14 19:51 - 00025024 _____ C:\Users\Kiwi\Desktop\FRST.txt
2013-11-11 20:09 - 2013-11-11 20:10 - 00023467 _____ C:\Users\Kiwi\Desktop\Addition.txt
2013-11-11 20:06 - 2013-11-11 20:06 - 00000000 ____D C:\FRST
2013-11-11 20:05 - 2013-11-11 20:05 - 00000470 _____ C:\Users\Kiwi\Desktop\defogger_disable.log
2013-11-11 20:05 - 2013-11-11 20:05 - 00000000 _____ C:\Users\Kiwi\defogger_reenable
2013-11-11 20:04 - 2013-11-11 20:03 - 00377856 _____ C:\Users\Kiwi\Desktop\gmer_2.1.19163.exe
2013-11-11 20:04 - 2013-11-11 20:03 - 00050477 _____ C:\Users\Kiwi\Desktop\Defogger.exe
2013-11-11 20:03 - 2013-11-11 20:03 - 01957590 _____ (Farbar) C:\Users\Kiwi\Downloads\FRST64.exe
2013-11-11 20:03 - 2013-11-11 20:03 - 00377856 _____ C:\Users\Kiwi\Downloads\gmer_2.1.19163.exe
2013-11-11 20:03 - 2013-11-11 20:03 - 00050477 _____ C:\Users\Kiwi\Downloads\Defogger.exe
2013-11-11 19:48 - 2013-11-14 18:27 - 00000000 ____D C:\AdwCleaner
2013-11-11 19:47 - 2013-11-11 19:47 - 01085542 _____ C:\Users\Kiwi\Downloads\adwcleaner.exe
2013-11-11 18:37 - 2013-11-11 19:23 - 00001908 _____ C:\Windows\diagwrn.xml
2013-11-11 18:37 - 2013-11-11 19:23 - 00001908 _____ C:\Windows\diagerr.xml
2013-11-11 18:37 - 2013-11-11 18:57 - 00000000 ____D C:\$WINDOWS.~BT
2013-11-04 19:24 - 2013-11-04 19:24 - 00000000 ____D C:\Users\Kiwi\AppData\Roaming\Adobe
2013-11-04 19:24 - 2013-11-04 19:24 - 00000000 ____D C:\Users\Kiwi\AppData\Roaming\Adobe
2013-11-04 17:39 - 2013-11-04 19:19 - 00000000 ____D C:\ProgramData\MFAData
2013-11-04 17:39 - 2013-11-04 19:19 - 00000000 ____D C:\ProgramData\MFAData
2013-11-04 17:39 - 2013-11-04 17:39 - 00000000 ____D C:\Users\Kiwi\AppData\Local\MFAData
2013-11-04 17:39 - 2013-11-04 17:39 - 00000000 ____D C:\Users\Kiwi\AppData\Local\MFAData
2013-11-04 17:39 - 2013-11-04 17:39 - 00000000 ____D C:\Users\Kiwi\AppData\Local\Avg2014
2013-11-04 17:39 - 2013-11-04 17:39 - 00000000 ____D C:\Users\Kiwi\AppData\Local\Avg2014
2013-11-04 17:38 - 2013-11-04 17:38 - 04424240 _____ (AVG Technologies) C:\Users\Kiwi\Downloads\avg_avct_stb_all_2014_4116_cm10.exe
2013-11-03 18:26 - 2013-11-03 18:26 - 00057144 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgfwd6a.sys
2013-11-03 18:22 - 2013-11-03 18:22 - 04436536 _____ (AVG Technologies) C:\Users\Kiwi\Downloads\avg_isct_stb_all_2014_4158.exe
2013-11-03 17:53 - 2013-11-03 17:53 - 00000000 ____D C:\Users\Kiwi\AppData\Local\Google
2013-11-03 17:53 - 2013-11-03 17:53 - 00000000 ____D C:\Users\Kiwi\AppData\Local\Google
2013-11-03 03:00 - 2013-11-03 03:00 - 00000000 ____D C:\ProgramData\BitGuard
2013-11-03 03:00 - 2013-11-03 03:00 - 00000000 ____D C:\ProgramData\BitGuard
2013-11-02 21:40 - 2013-11-03 14:09 - 00000165 _____ C:\Users\Kiwi\Desktop\tembild.txt
2013-10-29 21:18 - 2013-10-29 21:18 - 00000000 ____D C:\Users\Kiwi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
2013-10-24 19:18 - 2013-11-11 21:55 - 00002051 _____ C:\Users\Kiwi\Desktop\cooki.txt
2013-10-23 17:49 - 2013-10-23 17:49 - 00837410 _____ C:\Users\Kiwi\Downloads\117826 Duca - Welcome Berry's (1).osz
2013-10-22 02:11 - 2013-10-22 02:16 - 258366720 _____ (NVIDIA Corporation) C:\Users\Kiwi\Downloads\331.58-notebook-win8-win7-64bit-international-whql.exe
2013-10-21 20:47 - 2013-10-21 20:47 - 00001290 _____ C:\Users\Kiwi\Desktop\MineLaunchSP - Verknüpfung.lnk
2013-10-21 20:45 - 2013-10-21 20:45 - 00000000 ____D C:\Users\Kiwi\Desktop\minecraft
2013-10-21 18:39 - 2013-10-21 18:39 - 00000000 ____D C:\Users\Kiwi\Downloads\mc152-mods (1)
2013-10-21 18:20 - 2013-10-21 18:38 - 544515098 _____ C:\Users\Kiwi\Downloads\mc152-mods (1).zip
2013-10-21 18:08 - 2013-10-21 18:14 - 172932726 _____ C:\Users\Kiwi\Downloads\mc152-mods.zip
2013-10-18 19:32 - 2013-10-18 19:32 - 911787894 _____ C:\Windows\MEMORY.DMP
2013-10-18 19:32 - 2013-10-18 19:32 - 00286584 _____ C:\Windows\Minidump\101813-49405-01.dmp
2013-10-18 19:30 - 2013-10-18 19:30 - 02795931 _____ C:\Users\Kiwi\Downloads\27862 Suzaku - VANESSA.osz
2013-10-18 12:09 - 2013-10-18 12:09 - 00002832 _____ C:\Users\Kiwi\Documents\norm.rms
2013-10-18 00:42 - 2013-10-18 00:42 - 00005808 _____ C:\Users\Kiwi\Documents\olk.rms
2013-10-17 21:43 - 2013-10-17 21:43 - 00910736 _____ (ghost-mouse.com                                             ) C:\Users\Kiwi\Downloads\GhostMouse321-Setup.exe
2013-10-17 21:43 - 2013-10-17 21:43 - 00001080 _____ C:\Users\Public\Desktop\GhostMouse Free.lnk
2013-10-17 21:43 - 2013-10-17 21:43 - 00000000 ____D C:\Users\Kiwi\Documents\AutomaticSolution Software
2013-10-17 21:43 - 2013-10-17 21:43 - 00000000 ____D C:\Program Files (x86)\GhostMouse
2013-10-17 14:36 - 2013-10-17 14:38 - 00001352 _____ C:\Users\Kiwi\Desktop\Poke.txt

==================== One Month Modified Files and Folders =======

2013-11-14 19:53 - 2013-11-11 20:10 - 00025024 _____ C:\Users\Kiwi\Desktop\FRST.txt
2013-11-14 19:46 - 2012-05-21 19:01 - 00001124 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-14 19:40 - 2013-11-14 19:40 - 00008307 _____ C:\Users\Kiwi\Desktop\JRT.txt
2013-11-14 19:29 - 2013-11-14 19:29 - 00000000 ____D C:\Windows\ERUNT
2013-11-14 19:28 - 2013-11-14 19:28 - 01034531 _____ (Thisisu) C:\Users\Kiwi\Downloads\JRT.exe
2013-11-14 19:28 - 2013-11-14 19:28 - 01034531 _____ (Thisisu) C:\Users\Kiwi\Desktop\JRT.exe
2013-11-14 18:55 - 2013-01-01 03:03 - 00000000 ____D C:\Users\Kiwi\AppData\Local\PMB Files
2013-11-14 18:46 - 2012-05-21 19:01 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-14 18:27 - 2013-11-11 19:48 - 00000000 ____D C:\AdwCleaner
2013-11-14 18:26 - 2013-09-25 17:01 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
2013-11-14 18:26 - 2013-05-24 15:33 - 00000000 ____D C:\Users\Kiwi\AppData\Local\LogMeIn Hamachi
2013-11-14 18:26 - 2013-01-27 17:00 - 00000000 ____D C:\Program Files (x86)\Steam
2013-11-14 18:26 - 2012-12-31 12:48 - 00000000 ____D C:\Users\Kiwi\AppData\Roaming\Skype
2013-11-14 18:26 - 1601-01-02 05:16 - 00046368 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2013-11-14 18:25 - 2013-04-13 17:06 - 00000000 ____D C:\Users\Kiwi\AppData\Roaming\Spotify
2013-11-14 18:23 - 1601-01-02 05:16 - 00149589 _____ C:\Windows\system32\fastboot.set
2013-11-14 18:21 - 1601-01-02 05:16 - 00000613 _____ C:\Windows\setupact.log
2013-11-14 18:21 - 1601-01-02 05:16 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-14 15:48 - 2013-11-14 15:48 - 01085542 _____ C:\Users\Kiwi\Downloads\adwcleaner (2).exe
2013-11-14 15:48 - 2013-11-14 15:48 - 01085542 _____ C:\Users\Kiwi\Downloads\adwcleaner (1).exe
2013-11-14 15:48 - 2013-11-14 15:48 - 01085542 _____ C:\Users\Kiwi\Desktop\adwcleaner (1).exe
2013-11-14 15:42 - 2013-06-27 10:57 - 00445722 _____ C:\Windows\PFRO.log
2013-11-14 15:40 - 2013-11-14 15:40 - 00012468 _____ C:\Users\Kiwi\Desktop\mbam.txt
2013-11-14 15:28 - 2013-11-14 15:28 - 00001142 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-11-14 15:28 - 2013-11-14 15:28 - 00000000 ____D C:\Users\Kiwi\AppData\Roaming\Malwarebytes
2013-11-14 15:28 - 2013-11-14 15:28 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-14 15:28 - 2013-11-14 15:28 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-14 15:27 - 2013-11-14 15:27 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Kiwi\Downloads\mbam-setup-1.75.0.1300.exe
2013-11-14 15:25 - 2013-11-14 15:25 - 05145576 _____ (Swearware) C:\Users\Kiwi\Downloads\ComboFix.exe
2013-11-13 17:58 - 2013-11-13 17:58 - 01957610 _____ (Farbar) C:\Users\Kiwi\Downloads\FRST64 (1).exe
2013-11-13 17:58 - 2013-11-13 17:58 - 01957610 _____ (Farbar) C:\Users\Kiwi\Desktop\FRST64 (1).exe
2013-11-13 17:44 - 2013-11-13 17:26 - 00000000 ___SD C:\ComboFix
2013-11-13 17:23 - 1601-01-02 05:16 - 01672852 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-13 17:23 - 1601-01-02 05:16 - 00727118 _____ C:\Windows\system32\perfh007.dat
2013-11-13 17:23 - 1601-01-02 05:16 - 00158012 _____ C:\Windows\system32\perfc007.dat
2013-11-12 18:29 - 2012-05-21 18:17 - 01719537 _____ C:\Windows\WindowsUpdate.log
2013-11-12 13:53 - 2013-11-12 13:50 - 00000000 ____D C:\Qoobox
2013-11-12 13:45 - 2013-11-12 13:45 - 00000000 ____D C:\Windows\erdnt
2013-11-12 13:42 - 2013-11-12 13:41 - 05145576 ____R (Swearware) C:\Users\Kiwi\Desktop\ComboFix.exe
2013-11-12 13:39 - 2013-11-12 13:39 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2013-11-12 13:39 - 2013-05-24 15:33 - 00000943 _____ C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
2013-11-11 21:55 - 2013-10-24 19:18 - 00002051 _____ C:\Users\Kiwi\Desktop\cooki.txt
2013-11-11 20:25 - 2013-11-11 20:25 - 00041850 _____ C:\Users\Kiwi\Desktop\Gmer.Txt
2013-11-11 20:10 - 2013-11-11 20:09 - 00023467 _____ C:\Users\Kiwi\Desktop\Addition.txt
2013-11-11 20:06 - 2013-11-11 20:06 - 00000000 ____D C:\FRST
2013-11-11 20:05 - 2013-11-11 20:05 - 00000470 _____ C:\Users\Kiwi\Desktop\defogger_disable.log
2013-11-11 20:05 - 2013-11-11 20:05 - 00000000 _____ C:\Users\Kiwi\defogger_reenable
2013-11-11 20:03 - 2013-11-11 20:04 - 00377856 _____ C:\Users\Kiwi\Desktop\gmer_2.1.19163.exe
2013-11-11 20:03 - 2013-11-11 20:04 - 00050477 _____ C:\Users\Kiwi\Desktop\Defogger.exe
2013-11-11 20:03 - 2013-11-11 20:03 - 01957590 _____ (Farbar) C:\Users\Kiwi\Downloads\FRST64.exe
2013-11-11 20:03 - 2013-11-11 20:03 - 00377856 _____ C:\Users\Kiwi\Downloads\gmer_2.1.19163.exe
2013-11-11 20:03 - 2013-11-11 20:03 - 00050477 _____ C:\Users\Kiwi\Downloads\Defogger.exe
2013-11-11 19:47 - 2013-11-11 19:47 - 01085542 _____ C:\Users\Kiwi\Downloads\adwcleaner.exe
2013-11-11 19:30 - 2009-07-14 05:45 - 00316560 _____ C:\Windows\system32\FNTCACHE.DAT
2013-11-11 19:23 - 2013-11-11 18:37 - 00001908 _____ C:\Windows\diagwrn.xml
2013-11-11 19:23 - 2013-11-11 18:37 - 00001908 _____ C:\Windows\diagerr.xml
2013-11-11 19:20 - 1601-01-02 05:16 - 00000000 _____ C:\Windows\setuperr.log
2013-11-11 18:57 - 2013-11-11 18:37 - 00000000 ____D C:\$WINDOWS.~BT
2013-11-04 19:24 - 2013-11-04 19:24 - 00000000 ____D C:\Users\Kiwi\AppData\Roaming\Adobe
2013-11-04 19:24 - 2013-11-04 19:24 - 00000000 ____D C:\Users\Kiwi\AppData\Roaming\Adobe
2013-11-04 19:19 - 2013-11-04 17:39 - 00000000 ____D C:\ProgramData\MFAData
2013-11-04 19:19 - 2013-11-04 17:39 - 00000000 ____D C:\ProgramData\MFAData
2013-11-04 17:39 - 2013-11-04 17:39 - 00000000 ____D C:\Users\Kiwi\AppData\Local\MFAData
2013-11-04 17:39 - 2013-11-04 17:39 - 00000000 ____D C:\Users\Kiwi\AppData\Local\MFAData
2013-11-04 17:39 - 2013-11-04 17:39 - 00000000 ____D C:\Users\Kiwi\AppData\Local\Avg2014
2013-11-04 17:39 - 2013-11-04 17:39 - 00000000 ____D C:\Users\Kiwi\AppData\Local\Avg2014
2013-11-04 17:38 - 2013-11-04 17:38 - 04424240 _____ (AVG Technologies) C:\Users\Kiwi\Downloads\avg_avct_stb_all_2014_4116_cm10.exe
2013-11-03 18:26 - 2013-11-03 18:26 - 00057144 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgfwd6a.sys
2013-11-03 18:22 - 2013-11-03 18:22 - 04436536 _____ (AVG Technologies) C:\Users\Kiwi\Downloads\avg_isct_stb_all_2014_4158.exe
2013-11-03 17:53 - 2013-11-03 17:53 - 00000000 ____D C:\Users\Kiwi\AppData\Local\Google
2013-11-03 17:53 - 2013-11-03 17:53 - 00000000 ____D C:\Users\Kiwi\AppData\Local\Google
2013-11-03 14:09 - 2013-11-02 21:40 - 00000165 _____ C:\Users\Kiwi\Desktop\tembild.txt
2013-11-03 14:09 - 2012-12-31 12:54 - 00000000 ____D C:\Program Files (x86)\osu!
2013-11-03 14:08 - 2013-09-25 17:00 - 00000000 ____D C:\ProgramData\AVG2014
2013-11-03 03:00 - 2013-11-03 03:00 - 00000000 ____D C:\ProgramData\BitGuard
2013-11-03 03:00 - 2013-11-03 03:00 - 00000000 ____D C:\ProgramData\BitGuard
2013-11-02 19:05 - 2013-06-02 00:13 - 00001507 _____ C:\Users\Kiwi\Desktop\Neues Textdokument.txt
2013-10-31 21:53 - 2012-09-15 17:02 - 00000000 ___RD C:\Users\Kiwi\Desktop\.
2013-10-29 21:18 - 2013-10-29 21:18 - 00000000 ____D C:\Users\Kiwi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
2013-10-28 22:21 - 2013-08-02 21:27 - 00000000 ____D C:\Users\Kiwi\Desktop\Neuer Ordner (2)
2013-10-28 04:28 - 2013-01-01 03:03 - 00000000 ____D C:\ProgramData\PMB Files
2013-10-23 17:49 - 2013-10-23 17:49 - 00837410 _____ C:\Users\Kiwi\Downloads\117826 Duca - Welcome Berry's (1).osz
2013-10-22 02:16 - 2013-10-22 02:11 - 258366720 _____ (NVIDIA Corporation) C:\Users\Kiwi\Downloads\331.58-notebook-win8-win7-64bit-international-whql.exe
2013-10-22 02:03 - 2013-07-13 10:41 - 00039139 _____ C:\Windows\IE10_main.log
2013-10-22 02:03 - 2013-07-13 10:41 - 00039139 _____ C:\Windows\IE10_main.log
2013-10-21 20:47 - 2013-10-21 20:47 - 00001290 _____ C:\Users\Kiwi\Desktop\MineLaunchSP - Verknüpfung.lnk
2013-10-21 20:45 - 2013-10-21 20:45 - 00000000 ____D C:\Users\Kiwi\Desktop\minecraft
2013-10-21 19:43 - 1601-01-02 05:16 - 548703693 _____ C:\Users\Kiwi\Desktop\minecraft.rar
2013-10-21 18:39 - 2013-10-21 18:39 - 00000000 ____D C:\Users\Kiwi\Downloads\mc152-mods (1)
2013-10-21 18:38 - 2013-10-21 18:20 - 544515098 _____ C:\Users\Kiwi\Downloads\mc152-mods (1).zip
2013-10-21 18:14 - 2013-10-21 18:08 - 172932726 _____ C:\Users\Kiwi\Downloads\mc152-mods.zip
2013-10-21 17:59 - 2013-07-18 20:59 - 00000000 ____D C:\Users\Kiwi\AppData\Roaming\.minecraft
2013-10-18 19:32 - 2013-10-18 19:32 - 911787894 _____ C:\Windows\MEMORY.DMP
2013-10-18 19:32 - 2013-10-18 19:32 - 00286584 _____ C:\Windows\Minidump\101813-49405-01.dmp
2013-10-18 19:32 - 2013-05-14 20:17 - 00000000 ____D C:\Windows\Minidump
2013-10-18 19:30 - 2013-10-18 19:30 - 02795931 _____ C:\Users\Kiwi\Downloads\27862 Suzaku - VANESSA.osz
2013-10-18 12:09 - 2013-10-18 12:09 - 00002832 _____ C:\Users\Kiwi\Documents\norm.rms
2013-10-18 00:42 - 2013-10-18 00:42 - 00005808 _____ C:\Users\Kiwi\Documents\olk.rms
2013-10-17 21:43 - 2013-10-17 21:43 - 00910736 _____ (ghost-mouse.com                                             ) C:\Users\Kiwi\Downloads\GhostMouse321-Setup.exe
2013-10-17 21:43 - 2013-10-17 21:43 - 00001080 _____ C:\Users\Public\Desktop\GhostMouse Free.lnk
2013-10-17 21:43 - 2013-10-17 21:43 - 00000000 ____D C:\Users\Kiwi\Documents\AutomaticSolution Software
2013-10-17 21:43 - 2013-10-17 21:43 - 00000000 ____D C:\Program Files (x86)\GhostMouse
2013-10-17 14:38 - 2013-10-17 14:36 - 00001352 _____ C:\Users\Kiwi\Desktop\Poke.txt
2013-10-16 19:49 - 2012-12-31 13:05 - 00000000 ____D C:\Users\Kiwi\Desktop\Bilder Undso

Some content of TEMP:
====================
C:\Users\Kiwi\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-26 17:39

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---

Und nun ?

Alt 15.11.2013, 12:08   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7 : Avg melded Tojaner: dropper.generik8.CLXE und kann ihn nicht entfernen - Standard

Windows 7 : Avg melded Tojaner: dropper.generik8.CLXE und kann ihn nicht entfernen




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 15.11.2013, 13:32   #9
mariomon11
 
Windows 7 : Avg melded Tojaner: dropper.generik8.CLXE und kann ihn nicht entfernen - Standard

Windows 7 : Avg melded Tojaner: dropper.generik8.CLXE und kann ihn nicht entfernen



hier ist das ESET log :
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=12
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=9f42277d96d6dd45abf48ca098219579
# engine=15895
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-11-15 12:01:57
# local_time=2013-11-15 01:01:57 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=771 16777214 16 1 16814410 16814410 0 0
# compatibility_mode=5893 16776574 100 94 329105 136146767 0 0
# scanned=23307
# found=0
# cleaned=0
# scan_time=445
         
Das checkup Log :
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.76  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
AVG Internet Security 2014   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 McAfee SiteAdvisor    
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 Java(TM) 6 Update 20  
 Java 7 Update 10  
 Java version out of Date! 
 Adobe Flash Player 10 Flash Player out of Date! 
 Adobe Reader 10.1.1 Adobe Reader out of Date!  
 Google Chrome 30.0.1599.101  
 Google Chrome 30.0.1599.69  
````````Process Check: objlist.exe by Laurent````````  
 AVG avgwdsvc.exe 
 Lenovo Instant Reset DamageGuardSvc.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         
und der frst log :

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-11-2013
Ran by Kiwi (administrator) on GAMER-PC on 15-11-2013 13:21:04
Running from C:\Users\Kiwi\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Conexant Systems Inc.) C:\Windows\system32\CxAudMsg64.exe
(Lenovo (Beijing) Limited) C:\Program Files\Lenovo\Instant Reset\DamageGuardSvc.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\loggingserver.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Spotify Ltd) C:\Users\Kiwi\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
() C:\Program Files\Rainmeter\Rainmeter.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
( ) C:\Program Files (x86)\LockKey\LockKey.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331_STI.EXE
(Lenovo) C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(cyberlink) C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
() C:\Program Files (x86)\Trust Gaming Mouse\Mouse.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
() C:\Program Files (x86)\AVG Secure Search\vprot.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\Bluetooth Headset Helper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcfgex.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcfgex.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
() C:\Users\Kiwi\Desktop\SecurityCheck.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(McAfee, Inc.) c:\PROGRA~2\mcafee\SITEAD~1\saui.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Farbar) C:\Users\Kiwi\Desktop\FRST64 (2).exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [cAudioFilterAgent] - C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe [564352 2011-12-15] (Conexant Systems, Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2867984 2011-12-22] (Synaptics Incorporated)
HKLM\...\Run: [Energy Management] - C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [8079408 2012-05-21] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] - C:\Program Files (x86)\Lenovo\Energy Management\utility.exe [6199128 2012-05-21] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo EE Boot Optimizer] - C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [206176 2012-05-21] (Lenovo)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Pando Media Booster] - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2013-01-01] ()
HKCU\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1820584 2013-10-30] (Valve Corporation)
HKCU\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1476104 2012-12-20] (Samsung)
HKCU\...\Run: [KiesAirMessage] - C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe [578560 2012-12-18] (Samsung Electronics)
HKCU\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844296 2012-12-20] (Samsung)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
HKCU\...\Run: [Spotify] - C:\Users\Kiwi\AppData\Roaming\Spotify\spotify.exe [4643328 2013-06-23] (Spotify Ltd)
HKCU\...\Run: [Spotify Web Helper] - C:\Users\Kiwi\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1104384 2013-06-23] (Spotify Ltd)
HKCU\...\Run: [NexonPlug] - C:\Nexon\NexonPlug\NexonPlug.exe [2120024 2013-10-16] (Nexon Korea Corp.)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation)
HKLM-x32\...\Run: [LockKey] - C:\Program Files (x86)\LockKey\LockKey.exe [337776 2011-08-25] ( )
HKLM-x32\...\Run: [Dolby Advanced Audio v2] - C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [507744 2011-12-20] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [331BigDog] - C:\Program Files (x86)\USB Camera\VM331_STI.EXE [548864 2011-11-24] (Vimicro)
HKLM-x32\...\Run: [YouCam Mirage] - C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2011-01-28] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] - C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [228448 2011-01-28] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] - C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [VeriFaceManager] - C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2012-05-21] (Lenovo)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [87336 2010-02-02] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] - C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2011-09-28] (cyberlink)
HKLM-x32\...\Run: [UpdatePRCShortCut] - C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [Trust Gaming Mouse] - C:\Program Files (x86)\Trust Gaming Mouse\Mouse.exe [2245632 2011-01-17] ()
HKLM-x32\...\Run: [TQ566808] - "F:\Setup.exe"
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310280 2012-12-20] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4908592 2013-10-07] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] - C:\Program Files (x86)\AVG Secure Search\vprot.exe [2420248 2013-11-14] ()
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2349392 2013-11-11] (LogMeIn Inc.)
HKU\Default\...\RunOnce: [Lenovo.ShowBand] - C:\Program Files\Lenovo\SimpleTap DeskBand\ShowBand.exe [52584 2013-08-08] (Lenovo)
HKU\Default User\...\RunOnce: [Lenovo.ShowBand] - C:\SWTOOLS\SimpleTap DeskBand\ShowBand.exe /show
AppInit_DLLs: c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll c:\windows\system32\nvinitx.dll [1952224 2013-10-22] ()
Lsa: [Notification Packages] scecli C:\Program Files\Lenovo\Bluetooth Software\BtwProximityCP.dll
Startup: C:\Users\Kiwi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Kiwi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.nexon.com
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/
URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {0633ee93-d776-472f-a0ff-e1416b8b2e3a} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

Chrome: 
=======
CHR HomePage: hxxp://isearch.avg.com?cid={010A57FD-D70D-43C0-A11D-52D7B495A5D6}&mid=8ff00883eaf247d384991151c336426b-b49c419320561ec3b366d6005ff47f2eedf4150b&lang=en&ds=AVG&coid=avgtbavg&pr=pr&d=2013-09-25 18:01:43&v=17.0.1.12&pid=avg&sg=0&sap=hp
CHR RestoreOnStartup: "hxxp://isearch.avg.com?cid={010A57FD-D70D-43C0-A11D-52D7B495A5D6}&mid=8ff00883eaf247d384991151c336426b-b49c419320561ec3b366d6005ff47f2eedf4150b&lang=en&ds=AVG&coid=avgtbavg&pr=pr&d=2013-09-25 18:01:43&v=17.0.1.12&pid=avg&sg=0&sap=hp"
CHR DefaultSearchURL: (AVG Secure Search) - hxxp://isearch.avg.com/search?cid={010A57FD-D70D-43C0-A11D-52D7B495A5D6}&mid=8ff00883eaf247d384991151c336426b-b49c419320561ec3b366d6005ff47f2eedf4150b&lang=en&ds=AVG&coid=avgtbavg&pr=pr&d=2013-09-25 18:01:43&v=17.0.1.12&pid=avg&sg=0&sap=dsp&q={searchTerms}
CHR DefaultSuggestURL: (AVG Secure Search) - hxxp://toolbar.avg.com/acp?q={searchTerms}&o=1
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.2.0\\npsitesafety.dll (AVG Technologies)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java(TM) Platform SE 7 U10) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.100.18) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Extension: (SiteAdvisor) - C:\Users\Kiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.6.2.1341_1
CHR Extension: (Google Docs) - C:\Users\Kiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Kiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Kiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Adblock Plus) - C:\Users\Kiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.6.1_0
CHR Extension: (Google Search) - C:\Users\Kiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (FrankerFaceZ) - C:\Users\Kiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\fadndhdgpmmaapbmfcknlfgcflmmmieb\1.40_0
CHR Extension: (SiteAdvisor) - C:\Users\Kiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.6.2.1341_1
CHR Extension: (Auto Replay for YouTube) - C:\Users\Kiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb\1.9.28_0
CHR Extension: (Auto HD For YouTube\u2122) - C:\Users\Kiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\koiaokdomkpjdgniimnkhgbilbjgpeak\5.24_0
CHR Extension: (AVG Secure Search) - C:\Users\Kiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\17.1.2.1_0
CHR Extension: (Pokemon Red) - C:\Users\Kiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\njkgicmllgmdcfmfpjmkaoepfikefmlh\1_0
CHR Extension: (Google Wallet) - C:\Users\Kiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Gmail) - C:\Users\Kiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\17.1.2.1\avg.crx

==================== Services (Whitelisted) =================

R2 avgfws; C:\Program Files (x86)\AVG\AVG2014\avgfws.exe [1358944 2013-09-25] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3538480 2013-10-03] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [301152 2013-09-25] (AVG Technologies CZ, s.r.o.)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [945440 2012-02-01] (Broadcom Corporation.)
S2 CLKMSVC10_3A60B698; C:\Program Files (x86)\Lenovo\PowerDVD10\NavFilter\kmsvc.exe [241648 2011-04-20] (CyberLink)
R2 DamageGuardSvc; C:\Program Files\Lenovo\Instant Reset\DamageGuardSvc.exe [572976 2012-02-13] (Lenovo (Beijing) Limited)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-28] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377104 2013-10-11] (LogMeIn, Inc.)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [30184 2013-08-08] ()
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe [101048 2011-02-16] (McAfee, Inc.)
S3 npggsvc; C:\Windows\SysWow64\GameMon.des [5127200 2013-05-26] (INCA Internet Co., Ltd.)
R2 vToolbarUpdater17.1.2; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe [1734680 2013-11-14] (AVG Secure Search)

==================== Drivers (Whitelisted) ====================

S3 ActionReplayDS; C:\Windows\System32\Drivers\ActionReplayDS_x64.sys [51600 2007-02-08] (Thesycon GmbH, Germany)
R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [22600 2013-03-21] (AVAST Software)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [147768 2013-09-25] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [57144 2013-11-03] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-05-04] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-05-04] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206136 2013-05-04] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311096 2013-05-04] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-05-04] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-05-04] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [239416 2013-05-04] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-11-14] (AVG Technologies)
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [134696 2012-02-02] (Broadcom Corporation.)
R1 DamageGuard; C:\Windows\System32\DRIVERS\DamageGuardX64.sys [217392 2012-02-10] (Lenovo)
R1 dgFltr; C:\Windows\System32\drivers\dgFltrX64.sys [23648 2011-12-13] (Lenovo)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [952832 2011-12-06] (Vimicro Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
U3 BcmSqlStartupSvc; 
U2 CLKMSVC10_C3B3B687; 
U2 DriverService; 
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
U2 iATAgentService; 
U2 idealife Update Service; 
U3 IGRS; 
U2 IviRegMgr; 
U2 Oasis2Service; 
U2 PCCarerService; 
U2 ReadyComm.DirectRouter; 
U2 RichVideo; 
U2 RtLedService; 
U2 SeaPort; 
U2 SoftwareService; 
U3 SQLWriter; 

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-15 13:20 - 2013-11-15 13:20 - 01957794 _____ (Farbar) C:\Users\Kiwi\Downloads\FRST64 (2).exe
2013-11-15 13:20 - 2013-11-15 13:20 - 01957794 _____ (Farbar) C:\Users\Kiwi\Desktop\FRST64 (2).exe
2013-11-15 13:05 - 2013-11-15 13:04 - 00891184 _____ C:\Users\Kiwi\Desktop\SecurityCheck.exe
2013-11-15 13:04 - 2013-11-15 13:04 - 00891184 _____ C:\Users\Kiwi\Downloads\SecurityCheck.exe
2013-11-15 12:47 - 2013-11-15 12:48 - 02347384 _____ (ESET) C:\Users\Kiwi\Downloads\esetsmartinstaller_enu.exe
2013-11-15 12:44 - 2013-11-15 12:44 - 00000000 ____D C:\Users\Kiwi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte
2013-11-15 12:42 - 2013-11-15 12:42 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2013-11-14 19:40 - 2013-11-14 19:40 - 00008307 _____ C:\Users\Kiwi\Desktop\JRT.txt
2013-11-14 19:29 - 2013-11-14 19:29 - 00000000 ____D C:\Windows\ERUNT
2013-11-14 19:28 - 2013-11-14 19:28 - 01034531 _____ (Thisisu) C:\Users\Kiwi\Downloads\JRT.exe
2013-11-14 19:28 - 2013-11-14 19:28 - 01034531 _____ (Thisisu) C:\Users\Kiwi\Desktop\JRT.exe
2013-11-14 15:53 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-14 15:53 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-14 15:53 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-14 15:53 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-14 15:53 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-14 15:53 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-14 15:50 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-14 15:50 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-14 15:50 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-14 15:50 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-14 15:50 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-14 15:50 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-14 15:50 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-14 15:48 - 2013-11-14 15:48 - 01085542 _____ C:\Users\Kiwi\Downloads\adwcleaner (2).exe
2013-11-14 15:48 - 2013-11-14 15:48 - 01085542 _____ C:\Users\Kiwi\Downloads\adwcleaner (1).exe
2013-11-14 15:48 - 2013-11-14 15:48 - 01085542 _____ C:\Users\Kiwi\Desktop\adwcleaner (1).exe
2013-11-14 15:40 - 2013-11-14 15:40 - 00012468 _____ C:\Users\Kiwi\Desktop\mbam.txt
2013-11-14 15:28 - 2013-11-14 15:28 - 00001142 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-11-14 15:28 - 2013-11-14 15:28 - 00000000 ____D C:\Users\Kiwi\AppData\Roaming\Malwarebytes
2013-11-14 15:28 - 2013-11-14 15:28 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-14 15:28 - 2013-11-14 15:28 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-14 15:28 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-11-14 15:27 - 2013-11-14 15:27 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Kiwi\Downloads\mbam-setup-1.75.0.1300.exe
2013-11-14 15:25 - 2013-11-14 15:25 - 05145576 _____ (Swearware) C:\Users\Kiwi\Downloads\ComboFix.exe
2013-11-13 17:58 - 2013-11-13 17:58 - 01957610 _____ (Farbar) C:\Users\Kiwi\Downloads\FRST64 (1).exe
2013-11-13 17:26 - 2013-11-13 17:44 - 00000000 ___SD C:\ComboFix
2013-11-12 13:54 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2013-11-12 13:54 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2013-11-12 13:54 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-11-12 13:54 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-11-12 13:54 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-11-12 13:54 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) C:\Windows\SWXCACLS.exe
2013-11-12 13:54 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2013-11-12 13:54 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2013-11-12 13:54 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2013-11-12 13:50 - 2013-11-12 13:53 - 00000000 ____D C:\Qoobox
2013-11-12 13:45 - 2013-11-12 13:45 - 00000000 ____D C:\Windows\erdnt
2013-11-12 13:41 - 2013-11-12 13:42 - 05145576 ____R (Swearware) C:\Users\Kiwi\Desktop\ComboFix.exe
2013-11-11 20:25 - 2013-11-11 20:25 - 00041850 _____ C:\Users\Kiwi\Desktop\Gmer.Txt
2013-11-11 20:10 - 2013-11-15 13:21 - 00025423 _____ C:\Users\Kiwi\Desktop\FRST.txt
2013-11-11 20:09 - 2013-11-11 20:10 - 00023467 _____ C:\Users\Kiwi\Desktop\Addition.txt
2013-11-11 20:06 - 2013-11-11 20:06 - 00000000 ____D C:\FRST
2013-11-11 20:05 - 2013-11-11 20:05 - 00000470 _____ C:\Users\Kiwi\Desktop\defogger_disable.log
2013-11-11 20:05 - 2013-11-11 20:05 - 00000000 _____ C:\Users\Kiwi\defogger_reenable
2013-11-11 20:04 - 2013-11-11 20:03 - 00377856 _____ C:\Users\Kiwi\Desktop\gmer_2.1.19163.exe
2013-11-11 20:04 - 2013-11-11 20:03 - 00050477 _____ C:\Users\Kiwi\Desktop\Defogger.exe
2013-11-11 20:03 - 2013-11-11 20:03 - 01957590 _____ (Farbar) C:\Users\Kiwi\Downloads\FRST64.exe
2013-11-11 20:03 - 2013-11-11 20:03 - 00377856 _____ C:\Users\Kiwi\Downloads\gmer_2.1.19163.exe
2013-11-11 20:03 - 2013-11-11 20:03 - 00050477 _____ C:\Users\Kiwi\Downloads\Defogger.exe
2013-11-11 19:48 - 2013-11-14 18:27 - 00000000 ____D C:\AdwCleaner
2013-11-11 19:47 - 2013-11-11 19:47 - 01085542 _____ C:\Users\Kiwi\Downloads\adwcleaner.exe
2013-11-11 18:37 - 2013-11-11 19:23 - 00001908 _____ C:\Windows\diagwrn.xml
2013-11-11 18:37 - 2013-11-11 19:23 - 00001908 _____ C:\Windows\diagerr.xml
2013-11-11 18:37 - 2013-11-11 18:57 - 00000000 ____D C:\$WINDOWS.~BT
2013-11-04 19:24 - 2013-11-04 19:24 - 00000000 ____D C:\Users\Kiwi\AppData\Roaming\Adobe
2013-11-04 19:24 - 2013-11-04 19:24 - 00000000 ____D C:\Users\Kiwi\AppData\Roaming\Adobe
2013-11-04 17:39 - 2013-11-04 19:19 - 00000000 ____D C:\ProgramData\MFAData
2013-11-04 17:39 - 2013-11-04 19:19 - 00000000 ____D C:\ProgramData\MFAData
2013-11-04 17:39 - 2013-11-04 17:39 - 00000000 ____D C:\Users\Kiwi\AppData\Local\MFAData
2013-11-04 17:39 - 2013-11-04 17:39 - 00000000 ____D C:\Users\Kiwi\AppData\Local\MFAData
2013-11-04 17:39 - 2013-11-04 17:39 - 00000000 ____D C:\Users\Kiwi\AppData\Local\Avg2014
2013-11-04 17:39 - 2013-11-04 17:39 - 00000000 ____D C:\Users\Kiwi\AppData\Local\Avg2014
2013-11-04 17:38 - 2013-11-04 17:38 - 04424240 _____ (AVG Technologies) C:\Users\Kiwi\Downloads\avg_avct_stb_all_2014_4116_cm10.exe
2013-11-03 18:26 - 2013-11-03 18:26 - 00057144 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgfwd6a.sys
2013-11-03 18:22 - 2013-11-03 18:22 - 04436536 _____ (AVG Technologies) C:\Users\Kiwi\Downloads\avg_isct_stb_all_2014_4158.exe
2013-11-03 17:53 - 2013-11-03 17:53 - 00000000 ____D C:\Users\Kiwi\AppData\Local\Google
2013-11-03 17:53 - 2013-11-03 17:53 - 00000000 ____D C:\Users\Kiwi\AppData\Local\Google
2013-11-03 03:00 - 2013-11-03 03:00 - 00000000 ____D C:\ProgramData\BitGuard
2013-11-03 03:00 - 2013-11-03 03:00 - 00000000 ____D C:\ProgramData\BitGuard
2013-11-02 21:40 - 2013-11-03 14:09 - 00000165 _____ C:\Users\Kiwi\Desktop\tembild.txt
2013-10-29 21:18 - 2013-10-29 21:18 - 00000000 ____D C:\Users\Kiwi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
2013-10-24 19:18 - 2013-11-11 21:55 - 00002051 _____ C:\Users\Kiwi\Desktop\cooki.txt
2013-10-23 17:49 - 2013-10-23 17:49 - 00837410 _____ C:\Users\Kiwi\Downloads\117826 Duca - Welcome Berry's (1).osz
2013-10-22 02:11 - 2013-10-22 02:16 - 258366720 _____ (NVIDIA Corporation) C:\Users\Kiwi\Downloads\331.58-notebook-win8-win7-64bit-international-whql.exe
2013-10-21 20:47 - 2013-10-21 20:47 - 00001290 _____ C:\Users\Kiwi\Desktop\MineLaunchSP - Verknüpfung.lnk
2013-10-21 20:45 - 2013-10-21 20:45 - 00000000 ____D C:\Users\Kiwi\Desktop\minecraft
2013-10-21 18:39 - 2013-10-21 18:39 - 00000000 ____D C:\Users\Kiwi\Downloads\mc152-mods (1)
2013-10-21 18:20 - 2013-10-21 18:38 - 544515098 _____ C:\Users\Kiwi\Downloads\mc152-mods (1).zip
2013-10-21 18:08 - 2013-10-21 18:14 - 172932726 _____ C:\Users\Kiwi\Downloads\mc152-mods.zip
2013-10-18 19:32 - 2013-10-18 19:32 - 911787894 _____ C:\Windows\MEMORY.DMP
2013-10-18 19:32 - 2013-10-18 19:32 - 00286584 _____ C:\Windows\Minidump\101813-49405-01.dmp
2013-10-18 19:30 - 2013-10-18 19:30 - 02795931 _____ C:\Users\Kiwi\Downloads\27862 Suzaku - VANESSA.osz
2013-10-18 12:09 - 2013-10-18 12:09 - 00002832 _____ C:\Users\Kiwi\Documents\norm.rms
2013-10-18 00:42 - 2013-10-18 00:42 - 00005808 _____ C:\Users\Kiwi\Documents\olk.rms
2013-10-17 21:43 - 2013-10-17 21:43 - 00910736 _____ (ghost-mouse.com                                             ) C:\Users\Kiwi\Downloads\GhostMouse321-Setup.exe
2013-10-17 21:43 - 2013-10-17 21:43 - 00001080 _____ C:\Users\Public\Desktop\GhostMouse Free.lnk
2013-10-17 21:43 - 2013-10-17 21:43 - 00000000 ____D C:\Users\Kiwi\Documents\AutomaticSolution Software
2013-10-17 21:43 - 2013-10-17 21:43 - 00000000 ____D C:\Program Files (x86)\GhostMouse
2013-10-17 14:36 - 2013-10-17 14:38 - 00001352 _____ C:\Users\Kiwi\Desktop\Poke.txt

==================== One Month Modified Files and Folders =======

2013-11-15 13:23 - 2013-11-11 20:10 - 00025423 _____ C:\Users\Kiwi\Desktop\FRST.txt
2013-11-15 13:20 - 2013-11-15 13:20 - 01957794 _____ (Farbar) C:\Users\Kiwi\Downloads\FRST64 (2).exe
2013-11-15 13:20 - 2013-11-15 13:20 - 01957794 _____ (Farbar) C:\Users\Kiwi\Desktop\FRST64 (2).exe
2013-11-15 13:19 - 2013-08-02 21:27 - 00000000 ____D C:\Users\Kiwi\Desktop\Neuer Ordner (2)
2013-11-15 13:14 - 2013-01-01 03:03 - 00000000 ____D C:\Users\Kiwi\AppData\Local\PMB Files
2013-11-15 13:04 - 2013-11-15 13:05 - 00891184 _____ C:\Users\Kiwi\Desktop\SecurityCheck.exe
2013-11-15 13:04 - 2013-11-15 13:04 - 00891184 _____ C:\Users\Kiwi\Downloads\SecurityCheck.exe
2013-11-15 13:02 - 2012-05-21 19:01 - 00001124 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-15 12:53 - 1601-01-02 05:16 - 01672852 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-15 12:53 - 1601-01-02 05:16 - 00727118 _____ C:\Windows\system32\perfh007.dat
2013-11-15 12:53 - 1601-01-02 05:16 - 00158012 _____ C:\Windows\system32\perfc007.dat
2013-11-15 12:48 - 2013-11-15 12:47 - 02347384 _____ (ESET) C:\Users\Kiwi\Downloads\esetsmartinstaller_enu.exe
2013-11-15 12:46 - 2013-04-13 17:06 - 00000000 ____D C:\Users\Kiwi\AppData\Roaming\Spotify
2013-11-15 12:46 - 2013-01-27 17:00 - 00000000 ____D C:\Program Files (x86)\Steam
2013-11-15 12:46 - 2012-12-31 12:48 - 00000000 ____D C:\Users\Kiwi\AppData\Roaming\Skype
2013-11-15 12:44 - 2013-11-15 12:44 - 00000000 ____D C:\Users\Kiwi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte
2013-11-15 12:44 - 2013-05-24 15:33 - 00000000 ____D C:\Users\Kiwi\AppData\Local\LogMeIn Hamachi
2013-11-15 12:43 - 2012-05-21 19:01 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-15 12:43 - 1601-01-02 05:16 - 00166695 _____ C:\Windows\system32\fastboot.set
2013-11-15 12:42 - 2013-11-15 12:42 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2013-11-15 12:42 - 2013-05-24 15:33 - 00000943 _____ C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
2013-11-15 12:40 - 1601-01-02 05:16 - 00000669 _____ C:\Windows\setupact.log
2013-11-15 12:40 - 1601-01-02 05:16 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-14 20:04 - 2012-05-21 18:17 - 01725992 _____ C:\Windows\WindowsUpdate.log
2013-11-14 20:00 - 2013-07-27 02:00 - 00000000 ____D C:\Windows\system32\MRT
2013-11-14 20:00 - 1601-01-02 05:16 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-14 19:40 - 2013-11-14 19:40 - 00008307 _____ C:\Users\Kiwi\Desktop\JRT.txt
2013-11-14 19:29 - 2013-11-14 19:29 - 00000000 ____D C:\Windows\ERUNT
2013-11-14 19:28 - 2013-11-14 19:28 - 01034531 _____ (Thisisu) C:\Users\Kiwi\Downloads\JRT.exe
2013-11-14 19:28 - 2013-11-14 19:28 - 01034531 _____ (Thisisu) C:\Users\Kiwi\Desktop\JRT.exe
2013-11-14 18:27 - 2013-11-11 19:48 - 00000000 ____D C:\AdwCleaner
2013-11-14 18:26 - 2013-09-25 17:01 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
2013-11-14 18:26 - 1601-01-02 05:16 - 00046368 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2013-11-14 15:48 - 2013-11-14 15:48 - 01085542 _____ C:\Users\Kiwi\Downloads\adwcleaner (2).exe
2013-11-14 15:48 - 2013-11-14 15:48 - 01085542 _____ C:\Users\Kiwi\Downloads\adwcleaner (1).exe
2013-11-14 15:48 - 2013-11-14 15:48 - 01085542 _____ C:\Users\Kiwi\Desktop\adwcleaner (1).exe
2013-11-14 15:42 - 2013-06-27 10:57 - 00445722 _____ C:\Windows\PFRO.log
2013-11-14 15:40 - 2013-11-14 15:40 - 00012468 _____ C:\Users\Kiwi\Desktop\mbam.txt
2013-11-14 15:28 - 2013-11-14 15:28 - 00001142 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-11-14 15:28 - 2013-11-14 15:28 - 00000000 ____D C:\Users\Kiwi\AppData\Roaming\Malwarebytes
2013-11-14 15:28 - 2013-11-14 15:28 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-14 15:28 - 2013-11-14 15:28 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-14 15:27 - 2013-11-14 15:27 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Kiwi\Downloads\mbam-setup-1.75.0.1300.exe
2013-11-14 15:25 - 2013-11-14 15:25 - 05145576 _____ (Swearware) C:\Users\Kiwi\Downloads\ComboFix.exe
2013-11-13 17:58 - 2013-11-13 17:58 - 01957610 _____ (Farbar) C:\Users\Kiwi\Downloads\FRST64 (1).exe
2013-11-13 17:44 - 2013-11-13 17:26 - 00000000 ___SD C:\ComboFix
2013-11-12 13:53 - 2013-11-12 13:50 - 00000000 ____D C:\Qoobox
2013-11-12 13:45 - 2013-11-12 13:45 - 00000000 ____D C:\Windows\erdnt
2013-11-12 13:42 - 2013-11-12 13:41 - 05145576 ____R (Swearware) C:\Users\Kiwi\Desktop\ComboFix.exe
2013-11-11 21:55 - 2013-10-24 19:18 - 00002051 _____ C:\Users\Kiwi\Desktop\cooki.txt
2013-11-11 20:25 - 2013-11-11 20:25 - 00041850 _____ C:\Users\Kiwi\Desktop\Gmer.Txt
2013-11-11 20:10 - 2013-11-11 20:09 - 00023467 _____ C:\Users\Kiwi\Desktop\Addition.txt
2013-11-11 20:06 - 2013-11-11 20:06 - 00000000 ____D C:\FRST
2013-11-11 20:05 - 2013-11-11 20:05 - 00000470 _____ C:\Users\Kiwi\Desktop\defogger_disable.log
2013-11-11 20:05 - 2013-11-11 20:05 - 00000000 _____ C:\Users\Kiwi\defogger_reenable
2013-11-11 20:03 - 2013-11-11 20:04 - 00377856 _____ C:\Users\Kiwi\Desktop\gmer_2.1.19163.exe
2013-11-11 20:03 - 2013-11-11 20:04 - 00050477 _____ C:\Users\Kiwi\Desktop\Defogger.exe
2013-11-11 20:03 - 2013-11-11 20:03 - 01957590 _____ (Farbar) C:\Users\Kiwi\Downloads\FRST64.exe
2013-11-11 20:03 - 2013-11-11 20:03 - 00377856 _____ C:\Users\Kiwi\Downloads\gmer_2.1.19163.exe
2013-11-11 20:03 - 2013-11-11 20:03 - 00050477 _____ C:\Users\Kiwi\Downloads\Defogger.exe
2013-11-11 19:47 - 2013-11-11 19:47 - 01085542 _____ C:\Users\Kiwi\Downloads\adwcleaner.exe
2013-11-11 19:30 - 2009-07-14 05:45 - 00316560 _____ C:\Windows\system32\FNTCACHE.DAT
2013-11-11 19:23 - 2013-11-11 18:37 - 00001908 _____ C:\Windows\diagwrn.xml
2013-11-11 19:23 - 2013-11-11 18:37 - 00001908 _____ C:\Windows\diagerr.xml
2013-11-11 19:20 - 1601-01-02 05:16 - 00000000 _____ C:\Windows\setuperr.log
2013-11-11 18:57 - 2013-11-11 18:37 - 00000000 ____D C:\$WINDOWS.~BT
2013-11-04 19:24 - 2013-11-04 19:24 - 00000000 ____D C:\Users\Kiwi\AppData\Roaming\Adobe
2013-11-04 19:24 - 2013-11-04 19:24 - 00000000 ____D C:\Users\Kiwi\AppData\Roaming\Adobe
2013-11-04 19:19 - 2013-11-04 17:39 - 00000000 ____D C:\ProgramData\MFAData
2013-11-04 19:19 - 2013-11-04 17:39 - 00000000 ____D C:\ProgramData\MFAData
2013-11-04 17:39 - 2013-11-04 17:39 - 00000000 ____D C:\Users\Kiwi\AppData\Local\MFAData
2013-11-04 17:39 - 2013-11-04 17:39 - 00000000 ____D C:\Users\Kiwi\AppData\Local\MFAData
2013-11-04 17:39 - 2013-11-04 17:39 - 00000000 ____D C:\Users\Kiwi\AppData\Local\Avg2014
2013-11-04 17:39 - 2013-11-04 17:39 - 00000000 ____D C:\Users\Kiwi\AppData\Local\Avg2014
2013-11-04 17:38 - 2013-11-04 17:38 - 04424240 _____ (AVG Technologies) C:\Users\Kiwi\Downloads\avg_avct_stb_all_2014_4116_cm10.exe
2013-11-03 18:26 - 2013-11-03 18:26 - 00057144 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgfwd6a.sys
2013-11-03 18:22 - 2013-11-03 18:22 - 04436536 _____ (AVG Technologies) C:\Users\Kiwi\Downloads\avg_isct_stb_all_2014_4158.exe
2013-11-03 17:53 - 2013-11-03 17:53 - 00000000 ____D C:\Users\Kiwi\AppData\Local\Google
2013-11-03 17:53 - 2013-11-03 17:53 - 00000000 ____D C:\Users\Kiwi\AppData\Local\Google
2013-11-03 14:09 - 2013-11-02 21:40 - 00000165 _____ C:\Users\Kiwi\Desktop\tembild.txt
2013-11-03 14:09 - 2012-12-31 12:54 - 00000000 ____D C:\Program Files (x86)\osu!
2013-11-03 14:08 - 2013-09-25 17:00 - 00000000 ____D C:\ProgramData\AVG2014
2013-11-03 03:00 - 2013-11-03 03:00 - 00000000 ____D C:\ProgramData\BitGuard
2013-11-03 03:00 - 2013-11-03 03:00 - 00000000 ____D C:\ProgramData\BitGuard
2013-11-02 19:05 - 2013-06-02 00:13 - 00001507 _____ C:\Users\Kiwi\Desktop\Neues Textdokument.txt
2013-10-31 21:53 - 2012-09-15 17:02 - 00000000 ___RD C:\Users\Kiwi\Desktop\.
2013-10-29 21:18 - 2013-10-29 21:18 - 00000000 ____D C:\Users\Kiwi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
2013-10-28 04:28 - 2013-01-01 03:03 - 00000000 ____D C:\ProgramData\PMB Files
2013-10-23 17:49 - 2013-10-23 17:49 - 00837410 _____ C:\Users\Kiwi\Downloads\117826 Duca - Welcome Berry's (1).osz
2013-10-22 02:16 - 2013-10-22 02:11 - 258366720 _____ (NVIDIA Corporation) C:\Users\Kiwi\Downloads\331.58-notebook-win8-win7-64bit-international-whql.exe
2013-10-22 02:03 - 2013-07-13 10:41 - 00039139 _____ C:\Windows\IE10_main.log
2013-10-22 02:03 - 2013-07-13 10:41 - 00039139 _____ C:\Windows\IE10_main.log
2013-10-21 20:47 - 2013-10-21 20:47 - 00001290 _____ C:\Users\Kiwi\Desktop\MineLaunchSP - Verknüpfung.lnk
2013-10-21 20:45 - 2013-10-21 20:45 - 00000000 ____D C:\Users\Kiwi\Desktop\minecraft
2013-10-21 19:43 - 1601-01-02 05:16 - 548703693 _____ C:\Users\Kiwi\Desktop\minecraft.rar
2013-10-21 18:39 - 2013-10-21 18:39 - 00000000 ____D C:\Users\Kiwi\Downloads\mc152-mods (1)
2013-10-21 18:38 - 2013-10-21 18:20 - 544515098 _____ C:\Users\Kiwi\Downloads\mc152-mods (1).zip
2013-10-21 18:14 - 2013-10-21 18:08 - 172932726 _____ C:\Users\Kiwi\Downloads\mc152-mods.zip
2013-10-21 17:59 - 2013-07-18 20:59 - 00000000 ____D C:\Users\Kiwi\AppData\Roaming\.minecraft
2013-10-18 19:32 - 2013-10-18 19:32 - 911787894 _____ C:\Windows\MEMORY.DMP
2013-10-18 19:32 - 2013-10-18 19:32 - 00286584 _____ C:\Windows\Minidump\101813-49405-01.dmp
2013-10-18 19:32 - 2013-05-14 20:17 - 00000000 ____D C:\Windows\Minidump
2013-10-18 19:30 - 2013-10-18 19:30 - 02795931 _____ C:\Users\Kiwi\Downloads\27862 Suzaku - VANESSA.osz
2013-10-18 12:09 - 2013-10-18 12:09 - 00002832 _____ C:\Users\Kiwi\Documents\norm.rms
2013-10-18 00:42 - 2013-10-18 00:42 - 00005808 _____ C:\Users\Kiwi\Documents\olk.rms
2013-10-17 21:43 - 2013-10-17 21:43 - 00910736 _____ (ghost-mouse.com                                             ) C:\Users\Kiwi\Downloads\GhostMouse321-Setup.exe
2013-10-17 21:43 - 2013-10-17 21:43 - 00001080 _____ C:\Users\Public\Desktop\GhostMouse Free.lnk
2013-10-17 21:43 - 2013-10-17 21:43 - 00000000 ____D C:\Users\Kiwi\Documents\AutomaticSolution Software
2013-10-17 21:43 - 2013-10-17 21:43 - 00000000 ____D C:\Program Files (x86)\GhostMouse
2013-10-17 14:38 - 2013-10-17 14:36 - 00001352 _____ C:\Users\Kiwi\Desktop\Poke.txt
2013-10-16 19:49 - 2012-12-31 13:05 - 00000000 ____D C:\Users\Kiwi\Desktop\Bilder Undso

Some content of TEMP:
====================
C:\Users\Kiwi\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-26 17:39

==================== End Of Log ============================
         
--- --- ---

--- --- ---




Der trojaner scheint weg zu sein , avg melded aber immernoch den Adware: Generic5.AJQD
was wird nun gemacht ?
// falls die info hilft , avg verweist immer auf den ordner "bitguard" wenn es sich meldet

Geändert von mariomon11 (15.11.2013 um 14:00 Uhr)

Alt 16.11.2013, 11:59   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7 : Avg melded Tojaner: dropper.generik8.CLXE und kann ihn nicht entfernen - Standard

Windows 7 : Avg melded Tojaner: dropper.generik8.CLXE und kann ihn nicht entfernen



Java, Flash und Adobe updten.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
2013-11-03 03:00 - 2013-11-03 03:00 - 00000000 ____D C:\ProgramData\BitGuard
2013-11-03 03:00 - 2013-11-03 03:00 - 00000000 ____D C:\ProgramData\BitGuard
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 16.11.2013, 12:07   #11
mariomon11
 
Windows 7 : Avg melded Tojaner: dropper.generik8.CLXE und kann ihn nicht entfernen - Standard

Windows 7 : Avg melded Tojaner: dropper.generik8.CLXE und kann ihn nicht entfernen



Hier ist das log

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-11-2013
Ran by Kiwi at 2013-11-16 12:06:40 Run:1
Running from C:\Users\Kiwi\Desktop\Alles von antivirus kram
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
2013-11-03 03:00 - 2013-11-03 03:00 - 00000000 ____D C:\ProgramData\BitGuard
2013-11-03 03:00 - 2013-11-03 03:00 - 00000000 ____D C:\ProgramData\BitGuard
         
*****************

C:\ProgramData\BitGuard => Moved successfully.
C:\ProgramData\BitGuard => Moved successfully.

==== End of Fixlog ====
         
Noch etwas ?
// bestimmt ne dumme frage aber wie stelle ich das mit den updates an ?

Geändert von mariomon11 (16.11.2013 um 12:34 Uhr)

Alt 17.11.2013, 06:40   #12
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7 : Avg melded Tojaner: dropper.generik8.CLXE und kann ihn nicht entfernen - Standard

Windows 7 : Avg melded Tojaner: dropper.generik8.CLXE und kann ihn nicht entfernen



Am besten die Software deinstallieren und die aktuelle neu installieren.

Fertig

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.


Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 17.11.2013, 13:50   #13
mariomon11
 
Windows 7 : Avg melded Tojaner: dropper.generik8.CLXE und kann ihn nicht entfernen - Standard

Windows 7 : Avg melded Tojaner: dropper.generik8.CLXE und kann ihn nicht entfernen



die Meldung über den addware ist immernoch da ( adobe,flash und java sind updated) und Windows hat Schwierigkeiten beim updaten (der download vom update selbst kommt nicht voran)

Was sollte ich da machen ?

Alt 18.11.2013, 09:06   #14
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7 : Avg melded Tojaner: dropper.generik8.CLXE und kann ihn nicht entfernen - Standard

Windows 7 : Avg melded Tojaner: dropper.generik8.CLXE und kann ihn nicht entfernen



Zitat:
die Meldung über den addware ist immernoch da
was für ne Meldung? Von wem? Genauer Wortlaut oder Screenshot bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 18.11.2013, 17:21   #15
mariomon11
 
Windows 7 : Avg melded Tojaner: dropper.generik8.CLXE und kann ihn nicht entfernen - Standard

Windows 7 : Avg melded Tojaner: dropper.generik8.CLXE und kann ihn nicht entfernen



avg meldet mir wie in einem vorherigen post beschrieben :
Zitat:
außerdem meldet avg mir mittlerweile auch einen Adware: Generic5.AJQD
nur das er mittlerweile Adware: Generic5.AJQO zu sein scheint

Dieser ist kurz vor der entfernungs aktion für den trojaner dazugekommen was ich auch gemeldet hatte (siehe zitat)
hier ist noch ein bild von der meldung

alsoo , was nun ? ^^"

(die meldung kommt nebenbei in verschiedenen Zeitabständen)

Antwort

Themen zu Windows 7 : Avg melded Tojaner: dropper.generik8.CLXE und kann ihn nicht entfernen
adblock, browser, device driver, entfernen, farbar, farbar recovery scan tool, feedback, flash player, homepage, iexplore.exe, internet explorer 10, minidump, ntdll.dll, programm, pup.bprotector, pup.optional.babsolution.a, pup.optional.babylon.a, pup.optional.bprotector.a, pup.optional.crx.a, pup.optional.datamngr.a, pup.optional.delta, pup.optional.delta.a, pup.optional.filescout.a, pup.optional.installcore.a, secure search, security, siteadvisor, spotify web helper, svchost.exe, trojaner, vtoolbarupdater, windows



Ähnliche Themen: Windows 7 : Avg melded Tojaner: dropper.generik8.CLXE und kann ihn nicht entfernen


  1. TR/Dropper.Gen lässt sich nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 10.07.2014 (28)
  2. Windows 8 - SpyBot findet Maleware C kann diese aber nicht entfernen!
    Plagegeister aller Art und deren Bekämpfung - 18.12.2013 (9)
  3. Wie kann ich die Tojaner TR/ATRAPS.Gen 2 und TR/Sirefef.AG.20 entfernen?
    Log-Analyse und Auswertung - 29.09.2013 (17)
  4. Windows 7 (64bit) - hyperaktive timeserver.exe - Malwarebytes kann Befall nicht dauerhaft entfernen
    Log-Analyse und Auswertung - 15.08.2013 (5)
  5. AVG findet Rootkits in C:\Windows\System32\drivers und kann sie nicht entfernen
    Log-Analyse und Auswertung - 24.06.2012 (8)
  6. akm virus (oder tojaner?) entfernen
    Plagegeister aller Art und deren Bekämpfung - 03.05.2012 (2)
  7. TR/Dropper.gen Gefunden kann ihn aber nicht löschen
    Plagegeister aller Art und deren Bekämpfung - 02.08.2011 (5)
  8. Tojaner TR/Spy.BrowseA. entfernen...?
    Plagegeister aller Art und deren Bekämpfung - 10.08.2010 (24)
  9. Kann Virus nicht entfernen - WINDOWS\system32\rcpnsta.dll
    Plagegeister aller Art und deren Bekämpfung - 23.07.2010 (5)
  10. kann Windows Protection Suite und microsoft.windows.redirected hosts nicht entfernen
    Log-Analyse und Auswertung - 10.05.2010 (2)
  11. AntiVir meldet TR/Dropper-Infektion; Anti-malware kann nicht zuende scannen...
    Plagegeister aller Art und deren Bekämpfung - 18.02.2010 (5)
  12. Trojaner TR/Dropper.Gen kann nicht entfernt werden
    Plagegeister aller Art und deren Bekämpfung - 31.12.2009 (1)
  13. TR/Dropper.Gen lässt sich nicht entfernen
    Log-Analyse und Auswertung - 11.12.2009 (1)
  14. TR/Agent.coxr & TR/Dropper.Gen (BNC.tmp) nicht zu entfernen
    Log-Analyse und Auswertung - 07.07.2009 (0)
  15. Windows-Update-Tool ermittelt TrojanSpy:Win32/Bancos.gen!A, kann aber nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 18.04.2009 (20)
  16. Wie Tojaner entfernen?
    Plagegeister aller Art und deren Bekämpfung - 01.10.2008 (5)
  17. Dropper gefunden, kann nicht gelöscht werden - was tun??
    Plagegeister aller Art und deren Bekämpfung - 24.02.2008 (6)

Zum Thema Windows 7 : Avg melded Tojaner: dropper.generik8.CLXE und kann ihn nicht entfernen - Seit ein paar Tagen gibt mir Avg meldung, sobald ich irgendetwas starte oder ausführe, über einen Tojaner: dropper.generik8.CLXE , wenn das Programm versucht diesen zu entfernen, schlägt es entweder fehl - Windows 7 : Avg melded Tojaner: dropper.generik8.CLXE und kann ihn nicht entfernen...
Archiv
Du betrachtest: Windows 7 : Avg melded Tojaner: dropper.generik8.CLXE und kann ihn nicht entfernen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.