| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Offenes Klinik W-Lan | Überprüfung meines Systems nach mehrwöchiger BenutzungWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
16.05.2014, 11:37
| #1 |
 |  Offenes Klinik W-Lan | Überprüfung meines Systems nach mehrwöchiger Benutzung Hallo an Alle! Ich befinde mich seit etlichen Wochen in einer Klinik und benutze das dortige, offene W-Lan. Dies wird von vielen anderen Patienten ebenfalls häufig und oft benutzt. (Mit: Smartphones, Tablets, Laptops und öffentlich benutzbare Desktop PCs die für jeden frei zugänglich sind) Öffentliche Desktop-PCs: Leute drücken munter in ihren Spam E-Mails .exe Dateien an, AVG schlägt Alarm. (Um es nicht mit ihrem Rechner zu testen) Laptops von anderen Patienten: Avira dort mal 9 Funde, AVG dort mal 5 Funde. usw. Alles in allem sind manche Benutzer (für meine Begriffe) mit nicht sauberen Geräten im Wlan. Mir ist aufgefallen das wenn ich den Task Manager/Process Explorer öffne, mehr Prozesse als vorher aufzufinden sind (obwohl ich ehrlich gesagt auch viel mehr nach schaue seitdem ich das offene W-Lan benutze.) Kann mich natürlich auch täuschen: : -> conhost (manchmal 2x), taskhost, wlanext, crss, wininit, winlogon (kam glaube ich nach der Spybot Search & Destroy Installation) -> Ich habe mit ProcessExplorer die VirusTotal einreiche Funktion genutzt, bei keinem Prozess lt. VirusTotal etwas auffälliges) Ich möchte bitte gerne Wissen ob bei meinem Laptop noch alles normal verläuft: Vielen Dank im Voraus und viele Grüße - Windows: Windows 7 Professional 64-Bit Version (6.1, Build 7601) -> (Ich habe manuell Dienste deaktiviert/verändert, auf Wunsch kann ich die Liste posten) - Viren Scanner: Eset Smart Security 7.0.302.26 -> (Es befinden sich von vor ein paar Monaten Objekte in der Quarantäne) - Malwarebytes Free Version (aktuell) -> Bissher keine Funde - Hijackthis: -> In der Vergangenheit meine Logs bei hijackthis.de ausgewertet und Fixes vorgenommen. - Spybot Search and Destroy Free Version (aktuell) -> Hat mir irgendwelche Registry Dinger angezeigt (Risiko Grün = gering) die ich nicht gefixt habe. - CCleaner -> (Cleaner benutzt + in der Vergangenheit das Registry Fix Ding) Defogger: (keine Fehlermeldung) Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 11:37 on 16/05/2014 (Andreas)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-05-2014
Ran by Andreas (administrator) on CHFGHT8 on 16-05-2014 11:45:17
Running from C:\Users\Andreas\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\BCMWLTRY.EXE
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
(Blizzard Entertainment) C:\Program Files (x86)\Battle.net\Battle.net.4511\Battle.net.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5618456 2013-09-12] (ESET)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 82.212.62.62 78.42.43.62
FireFox:
========
FF ProfilePath: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\4m9pb2cr.default
FF Homepage: about:blank
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @java.com/DTPlugin,version=11.5.2 - C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.5.2 - C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin HKCU: @Google.com/GoogleEarthPlugin - C:\Users\Andreas\AppData\Local\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF SearchPlugin: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\4m9pb2cr.default\searchplugins\ixquick-https.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Flash Video Downloader - Full HD Download - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\4m9pb2cr.default\Extensions\artur.dubovoy@gmail.com [2014-05-09]
FF Extension: HTTPS-Everywhere - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\4m9pb2cr.default\Extensions\https-everywhere@eff.org [2014-04-27]
FF Extension: anonymoX - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\4m9pb2cr.default\Extensions\client@anonymox.net.xpi [2013-08-22]
FF Extension: Ghostery - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\4m9pb2cr.default\Extensions\firefox@ghostery.com.xpi [2013-08-18]
FF Extension: convert2mp3.net YouTube2MP3 Converter - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\4m9pb2cr.default\Extensions\info@convert2mp3.net.xpi [2013-06-07]
FF Extension: RefControl - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\4m9pb2cr.default\Extensions\{455D905A-D37C-4643-A9E2-F6FEFAA0424A}.xpi [2013-08-22]
FF Extension: SmoothWheel (mozdev.org) - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\4m9pb2cr.default\Extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}.xpi [2013-08-22]
FF Extension: HTTPS Finder - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\4m9pb2cr.default\Extensions\{6bdc61ae-7b80-44a3-9476-e1d121ec2238}.xpi [2013-08-22]
FF Extension: NoScript - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\4m9pb2cr.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-06-07]
FF Extension: Adblock Plus - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\4m9pb2cr.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-06-04]
FF Extension: BetterPrivacy - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\4m9pb2cr.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2013-08-22]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2013-11-09]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2013-11-09]
Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
==================== Services (Whitelisted) =================
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1337752 2013-09-12] (ESET)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-08] (Intel Corporation)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
S3 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738200 2014-04-25] (Safer-Networking Ltd.)
S3 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2081752 2014-04-25] (Safer-Networking Ltd.)
S3 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe [5824512 2013-05-31] (Broadcom Corporation)
==================== Drivers (Whitelisted) ====================
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-04-20] (Disc Soft Ltd)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [239320 2013-09-17] (ESET)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [239296 2013-09-17] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [168256 2013-09-17] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [220232 2013-09-17] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [44120 2013-09-17] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [62136 2013-09-17] (ESET)
S3 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R3 SmbDrv; C:\Windows\System32\DRIVERS\Smb_driver.sys [22800 2012-02-14] (Synaptics Incorporated)
S3 DIRECTIO; \??\C:\Program Files\PerformanceTest\DirectIo64.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-05-16 11:45 - 2014-05-16 11:45 - 00010021 _____ () C:\Users\Andreas\Desktop\FRST.txt
2014-05-16 11:44 - 2014-05-16 11:45 - 02067456 _____ (Farbar) C:\Users\Andreas\Desktop\FRST64.exe
2014-05-16 11:38 - 2014-05-16 11:45 - 00000000 ____D () C:\FRST
2014-05-16 11:37 - 2014-05-16 11:37 - 00000476 _____ () C:\Users\Andreas\Desktop\defogger_disable.log
2014-05-16 11:37 - 2014-05-16 11:37 - 00000000 _____ () C:\Users\Andreas\defogger_reenable
2014-05-16 11:36 - 2014-05-16 11:36 - 00050477 _____ () C:\Users\Andreas\Desktop\Defogger.exe
2014-05-16 11:20 - 2014-05-16 11:45 - 00001203 _____ () C:\Users\Andreas\Desktop\trojaner.txt
2014-05-15 21:37 - 2014-05-15 23:21 - 00000119 _____ () C:\Users\Andreas\Desktop\wow.txt
2014-05-15 11:00 - 2014-05-16 11:35 - 00000000 ____D () C:\Users\Andreas\Documents\bookmarks
2014-05-14 22:34 - 2014-05-16 09:59 - 00000280 _____ () C:\Windows\setupact.log
2014-05-14 22:34 - 2014-05-14 22:34 - 00294712 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-14 22:34 - 2014-05-14 22:34 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-14 14:31 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-14 14:31 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-14 14:31 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-14 14:31 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-14 14:31 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-14 14:31 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-14 10:59 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-14 10:59 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-14 10:59 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 10:59 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 10:59 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 10:59 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 10:59 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-14 10:59 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-14 10:59 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-14 10:59 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 10:59 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 10:59 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 10:59 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 10:59 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 10:59 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 10:59 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 10:59 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 10:59 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-14 10:59 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 10:59 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-14 10:59 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-14 10:59 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-14 10:59 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-14 10:59 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 10:59 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-14 10:59 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-14 10:59 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-14 10:59 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-14 10:59 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-14 10:59 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-14 10:59 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-14 10:59 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-14 10:59 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-14 10:59 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-14 10:59 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-14 10:59 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-14 10:59 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-14 10:59 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-14 10:59 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-14 10:59 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-14 10:59 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-14 10:58 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-14 10:58 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-14 10:58 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 10:58 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-12 23:34 - 2014-05-12 23:44 - 00000254 _____ () C:\Users\Andreas\Desktop\LESEN.txt
2014-05-12 22:57 - 2014-05-12 22:57 - 00000000 ____D () C:\Users\Andreas\Documents\ProcAlyzer Dumps
2014-05-12 22:52 - 2014-05-14 15:34 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-05-12 22:52 - 2014-05-12 22:59 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-05-12 22:52 - 2014-05-12 22:52 - 00001395 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-05-12 22:52 - 2014-05-12 22:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-05-12 22:52 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-05-12 22:08 - 2014-05-12 22:08 - 00000000 __SHD () C:\Users\Andreas\AppData\Local\EmieUserList
2014-05-12 22:08 - 2014-05-12 22:08 - 00000000 __SHD () C:\Users\Andreas\AppData\Local\EmieSiteList
2014-05-12 00:07 - 2014-05-12 00:13 - 33748743 ____H () C:\Users\Andreas\Downloads\sdgsg.flv
2014-05-12 00:03 - 2014-05-12 00:05 - 51899193 ____H () C:\Users\Andreas\Downloads\sdgshsg.flv
2014-05-12 00:02 - 2014-05-12 00:04 - 12015699 ____H () C:\Users\Andreas\Downloads\segsg.flv
2014-05-12 00:01 - 2014-05-12 00:01 - 02293224 ____H () C:\Users\Andreas\Downloads\regsfg.flv
2014-05-11 23:35 - 2014-05-11 23:35 - 00000091 _____ () C:\Users\Andreas\Documents\einstellungen windows.txt
2014-05-09 10:44 - 2014-05-09 10:44 - 00000000 ____D () C:\Users\Andreas\Documents\forex
2014-05-07 20:06 - 2014-05-07 21:13 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\TS3Client
2014-05-07 20:05 - 2014-05-07 20:05 - 00001166 _____ () C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2014-05-07 20:05 - 2014-05-07 20:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2014-05-07 20:05 - 2014-05-07 20:05 - 00000000 ____D () C:\Program Files (x86)\TeamSpeak 3 Client
2014-05-06 19:39 - 2014-05-06 19:39 - 00000052 _____ () C:\Users\Andreas\Desktop\nicknames.txt
2014-05-06 18:56 - 2014-05-15 13:51 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-06 18:56 - 2014-05-06 18:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-05-06 18:56 - 2014-05-06 18:56 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-06 18:56 - 2014-05-06 18:56 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-05-06 18:56 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-06 18:56 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-06 18:56 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-29 15:39 - 2014-04-29 15:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MetaTrader - AAAFx
2014-04-29 15:36 - 2014-04-29 15:39 - 00000000 ____D () C:\MT4
2014-04-28 19:01 - 2014-04-28 19:01 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\SanDisk
2014-04-25 23:49 - 2014-04-25 23:49 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\Wireshark
2014-04-25 23:47 - 2014-04-25 23:48 - 00000000 ____D () C:\Program Files\Wireshark
2014-04-25 23:47 - 2014-04-25 23:47 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
2014-04-25 23:47 - 2014-04-25 23:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
2014-04-25 23:47 - 2014-04-25 23:47 - 00000000 ____D () C:\Program Files (x86)\WinPcap
2014-04-25 21:13 - 2014-05-14 14:31 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-04-22 13:42 - 2014-05-12 00:18 - 00000000 ____D () C:\android
2014-04-21 10:27 - 2014-04-21 10:27 - 00000000 ____D () C:\Users\Andreas\.eclipse
2014-04-21 00:00 - 2014-04-21 22:57 - 00000000 ____D () C:\Users\Andreas\.android
2014-04-20 23:44 - 2014-04-20 23:44 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-04-20 23:44 - 2014-04-20 23:44 - 00191400 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-04-20 23:44 - 2014-04-20 23:44 - 00190888 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-04-20 23:44 - 2014-04-20 23:44 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-04-20 23:44 - 2014-04-20 23:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2014-04-20 23:44 - 2014-04-20 23:44 - 00000000 ____D () C:\Program Files\Java
2014-04-20 23:34 - 2014-04-20 23:33 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-20 23:33 - 2014-04-20 23:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-04-20 23:14 - 2014-05-14 22:20 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\DAEMON Tools Lite
2014-04-20 23:14 - 2014-04-20 23:14 - 00283064 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys
2014-04-20 23:14 - 2014-04-20 23:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2014-04-20 23:14 - 2014-04-20 23:14 - 00000000 ____D () C:\Program Files (x86)\DAEMON Tools Lite
2014-04-20 23:13 - 2014-04-20 23:16 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite
2014-04-20 20:54 - 2014-04-20 20:54 - 00000000 ____D () C:\Users\Andreas\Documents\StarCraft II
2014-04-20 20:54 - 2014-04-20 20:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
2014-04-20 20:53 - 2014-04-20 22:03 - 00000000 ____D () C:\Program Files (x86)\StarCraft II
2014-04-16 20:32 - 2014-04-16 20:32 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\OpenOffice
2014-04-16 20:22 - 2014-04-16 20:22 - 00001116 _____ () C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk
2014-04-16 20:22 - 2014-04-16 20:22 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.1
2014-04-16 20:21 - 2014-04-16 20:22 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2014-04-16 14:47 - 2014-04-16 14:51 - 37550135 ____H () C:\Users\Andreas\Downloads\95c0b8750b941f5779e1cab6dfc6753e.mp4
2014-04-16 14:47 - 2014-04-16 14:48 - 15205820 ____H () C:\Users\Andreas\Downloads\49911f994205fc439d20f151e21d4142.mp4
2014-04-16 14:47 - 2014-04-16 14:48 - 102803441 ____H () C:\Users\Andreas\Downloads\fa60ba935db15ecc61baf591f1c0ab71.mp4
2014-04-16 14:46 - 2014-04-16 14:48 - 78347742 ____H () C:\Users\Andreas\Downloads\yadfag.mp4
2014-04-16 14:45 - 2014-04-16 14:45 - 08345158 ____H () C:\Users\Andreas\Downloads\7e175e1d58915f87c6bb4c0e9f75d9eb.mp4
==================== One Month Modified Files and Folders =======
2014-05-16 11:45 - 2014-05-16 11:45 - 00010021 _____ () C:\Users\Andreas\Desktop\FRST.txt
2014-05-16 11:45 - 2014-05-16 11:44 - 02067456 _____ (Farbar) C:\Users\Andreas\Desktop\FRST64.exe
2014-05-16 11:45 - 2014-05-16 11:38 - 00000000 ____D () C:\FRST
2014-05-16 11:45 - 2014-05-16 11:20 - 00001203 _____ () C:\Users\Andreas\Desktop\trojaner.txt
2014-05-16 11:42 - 2014-01-17 22:37 - 00000000 ____D () C:\Users\Andreas\AppData\Local\Battle.net
2014-05-16 11:42 - 2009-07-14 06:45 - 00026720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-16 11:42 - 2009-07-14 06:45 - 00026720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-16 11:37 - 2014-05-16 11:37 - 00000476 _____ () C:\Users\Andreas\Desktop\defogger_disable.log
2014-05-16 11:37 - 2014-05-16 11:37 - 00000000 _____ () C:\Users\Andreas\defogger_reenable
2014-05-16 11:37 - 2013-05-31 15:45 - 00000000 ____D () C:\Users\Andreas
2014-05-16 11:36 - 2014-05-16 11:36 - 00050477 _____ () C:\Users\Andreas\Desktop\Defogger.exe
2014-05-16 11:35 - 2014-05-15 11:00 - 00000000 ____D () C:\Users\Andreas\Documents\bookmarks
2014-05-16 11:02 - 2013-05-31 15:36 - 01194197 _____ () C:\Windows\WindowsUpdate.log
2014-05-16 10:06 - 2013-06-01 01:31 - 00699682 _____ () C:\Windows\system32\perfh007.dat
2014-05-16 10:06 - 2013-06-01 01:31 - 00149790 _____ () C:\Windows\system32\perfc007.dat
2014-05-16 10:06 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-16 09:59 - 2014-05-14 22:34 - 00000280 _____ () C:\Windows\setupact.log
2014-05-16 09:59 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-15 23:31 - 2013-06-27 17:08 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\vlc
2014-05-15 23:21 - 2014-05-15 21:37 - 00000119 _____ () C:\Users\Andreas\Desktop\wow.txt
2014-05-15 14:29 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-05-15 13:51 - 2014-05-06 18:56 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-14 22:34 - 2014-05-14 22:34 - 00294712 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-14 22:34 - 2014-05-14 22:34 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-14 22:20 - 2014-04-20 23:14 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\DAEMON Tools Lite
2014-05-14 15:34 - 2014-05-12 22:52 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-05-14 14:52 - 2013-06-05 08:58 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-14 14:52 - 2013-06-05 08:58 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-14 14:31 - 2014-04-25 21:13 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-14 14:23 - 2013-05-31 15:46 - 00000000 ___RD () C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-14 14:23 - 2013-05-31 15:46 - 00000000 ___RD () C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-14 14:21 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-05-14 11:11 - 2013-07-12 21:23 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-14 11:10 - 2013-06-01 07:34 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-13 23:03 - 2014-04-01 15:10 - 03903624 _____ (MetaQuotes Software Corp.) C:\Windows\system32\MetaViewer64.dll
2014-05-12 23:44 - 2014-05-12 23:34 - 00000254 _____ () C:\Users\Andreas\Desktop\LESEN.txt
2014-05-12 22:59 - 2014-05-12 22:52 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-05-12 22:57 - 2014-05-12 22:57 - 00000000 ____D () C:\Users\Andreas\Documents\ProcAlyzer Dumps
2014-05-12 22:52 - 2014-05-12 22:52 - 00001395 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-05-12 22:52 - 2014-05-12 22:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-05-12 22:08 - 2014-05-12 22:08 - 00000000 __SHD () C:\Users\Andreas\AppData\Local\EmieUserList
2014-05-12 22:08 - 2014-05-12 22:08 - 00000000 __SHD () C:\Users\Andreas\AppData\Local\EmieSiteList
2014-05-12 00:18 - 2014-04-22 13:42 - 00000000 ____D () C:\android
2014-05-12 00:13 - 2014-05-12 00:07 - 33748743 ____H () C:\Users\Andreas\Downloads\sdgsg.flv
2014-05-12 00:05 - 2014-05-12 00:03 - 51899193 ____H () C:\Users\Andreas\Downloads\sdgshsg.flv
2014-05-12 00:04 - 2014-05-12 00:02 - 12015699 ____H () C:\Users\Andreas\Downloads\segsg.flv
2014-05-12 00:01 - 2014-05-12 00:01 - 02293224 ____H () C:\Users\Andreas\Downloads\regsfg.flv
2014-05-11 23:57 - 2013-06-27 17:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-11 23:35 - 2014-05-11 23:35 - 00000091 _____ () C:\Users\Andreas\Documents\einstellungen windows.txt
2014-05-11 21:24 - 2013-06-04 09:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-11 13:52 - 2014-03-20 13:28 - 00000000 ____D () C:\Spiele
2014-05-09 15:30 - 2014-03-28 00:01 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft
2014-05-09 10:44 - 2014-05-09 10:44 - 00000000 ____D () C:\Users\Andreas\Documents\forex
2014-05-09 08:14 - 2014-05-14 10:58 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 08:11 - 2014-05-14 10:58 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-08 23:27 - 2014-01-17 22:40 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-05-07 21:13 - 2014-05-07 20:06 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\TS3Client
2014-05-07 20:05 - 2014-05-07 20:05 - 00001166 _____ () C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2014-05-07 20:05 - 2014-05-07 20:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2014-05-07 20:05 - 2014-05-07 20:05 - 00000000 ____D () C:\Program Files (x86)\TeamSpeak 3 Client
2014-05-06 19:39 - 2014-05-06 19:39 - 00000052 _____ () C:\Users\Andreas\Desktop\nicknames.txt
2014-05-06 18:56 - 2014-05-06 18:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-05-06 18:56 - 2014-05-06 18:56 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-06 18:56 - 2014-05-06 18:56 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-05-06 06:40 - 2014-05-14 14:31 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 06:17 - 2014-05-14 14:31 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 05:25 - 2014-05-14 14:31 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 05:07 - 2014-05-14 14:31 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-06 05:00 - 2014-05-14 14:31 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 04:10 - 2014-05-14 14:31 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-02 19:36 - 2014-01-17 22:37 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-04-29 17:31 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-29 15:39 - 2014-04-29 15:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MetaTrader - AAAFx
2014-04-29 15:39 - 2014-04-29 15:36 - 00000000 ____D () C:\MT4
2014-04-29 15:38 - 2014-04-01 15:10 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\MetaQuotes
2014-04-28 19:01 - 2014-04-28 19:01 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\SanDisk
2014-04-25 23:49 - 2014-04-25 23:49 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\Wireshark
2014-04-25 23:48 - 2014-04-25 23:47 - 00000000 ____D () C:\Program Files\Wireshark
2014-04-25 23:47 - 2014-04-25 23:47 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
2014-04-25 23:47 - 2014-04-25 23:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
2014-04-25 23:47 - 2014-04-25 23:47 - 00000000 ____D () C:\Program Files (x86)\WinPcap
2014-04-21 22:57 - 2014-04-21 00:00 - 00000000 ____D () C:\Users\Andreas\.android
2014-04-21 10:27 - 2014-04-21 10:27 - 00000000 ____D () C:\Users\Andreas\.eclipse
2014-04-20 23:44 - 2014-04-20 23:44 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-04-20 23:44 - 2014-04-20 23:44 - 00191400 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-04-20 23:44 - 2014-04-20 23:44 - 00190888 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-04-20 23:44 - 2014-04-20 23:44 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-04-20 23:44 - 2014-04-20 23:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2014-04-20 23:44 - 2014-04-20 23:44 - 00000000 ____D () C:\Program Files\Java
2014-04-20 23:44 - 2014-04-20 23:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-04-20 23:44 - 2014-04-15 21:46 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-20 23:34 - 2013-10-21 11:56 - 00000000 ____D () C:\Users\Andreas\Documents\docs
2014-04-20 23:33 - 2014-04-20 23:34 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-20 23:33 - 2014-04-15 21:45 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-20 23:33 - 2014-04-15 21:45 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-04-20 23:33 - 2014-04-15 21:45 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-20 23:16 - 2014-04-20 23:13 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite
2014-04-20 23:14 - 2014-04-20 23:14 - 00283064 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys
2014-04-20 23:14 - 2014-04-20 23:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2014-04-20 23:14 - 2014-04-20 23:14 - 00000000 ____D () C:\Program Files (x86)\DAEMON Tools Lite
2014-04-20 22:03 - 2014-04-20 20:53 - 00000000 ____D () C:\Program Files (x86)\StarCraft II
2014-04-20 20:54 - 2014-04-20 20:54 - 00000000 ____D () C:\Users\Andreas\Documents\StarCraft II
2014-04-20 20:54 - 2014-04-20 20:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
2014-04-20 20:54 - 2014-01-17 22:37 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2014-04-16 20:32 - 2014-04-16 20:32 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\OpenOffice
2014-04-16 20:22 - 2014-04-16 20:22 - 00001116 _____ () C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk
2014-04-16 20:22 - 2014-04-16 20:22 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.1
2014-04-16 20:22 - 2014-04-16 20:21 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2014-04-16 20:14 - 2013-08-21 20:09 - 00000000 ____D () C:\Users\Andreas\AppData\Local\Teasi
2014-04-16 14:51 - 2014-04-16 14:47 - 37550135 ____H () C:\Users\Andreas\Downloads\95c0b8750b941f5779e1cab6dfc6753e.mp4
2014-04-16 14:48 - 2014-04-16 14:47 - 15205820 ____H () C:\Users\Andreas\Downloads\49911f994205fc439d20f151e21d4142.mp4
2014-04-16 14:48 - 2014-04-16 14:47 - 102803441 ____H () C:\Users\Andreas\Downloads\fa60ba935db15ecc61baf591f1c0ab71.mp4
2014-04-16 14:48 - 2014-04-16 14:46 - 78347742 ____H () C:\Users\Andreas\Downloads\yadfag.mp4
2014-04-16 14:45 - 2014-04-16 14:45 - 08345158 ____H () C:\Users\Andreas\Downloads\7e175e1d58915f87c6bb4c0e9f75d9eb.mp4
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe
[2014-05-14 10:59] - [2014-03-04 11:43] - 0455168 ____A (Microsoft Corporation) 88AB9B72B4BF3963A0DE0820B4B0B06C
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-05-09 12:21
==================== End Of Log ============================
FRST Additional: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-05-2014
Ran by Andreas at 2014-05-16 11:45:36
Running from C:\Users\Andreas\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: ESET Smart Security 7.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: ESET Smart Security 7.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personal Firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
==================== Installed Programs ======================
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Broadcom Card Reader Driver Installer (HKLM\...\{4710662C-8204-4334-A977-B1AC9E547819}) (Version: 15.0.7.3 - Broadcom Corporation)
Broadcom NetLink Controller (HKLM\...\{C91DCB72-F5BB-410D-A91A-314F5D1B4284}) (Version: 15.0.7.1 - Broadcom Corporation)
Broadcom Wireless Utility (HKLM\...\Broadcom Wireless Utility) (Version: 5.100.82.120 - Broadcom Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 4.06 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.3.4643 - CDBurnerXP)
CDex - Open Source Digital Audio CD Extractor (HKLM-x32\...\CDex) (Version: 1.70.4.2009 - Georgy Berdyshev)
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
ESET Smart Security (HKLM\...\{F5A3E880-A737-48F2-A124-6F5D4CEA6AB4}) (Version: 7.0.302.26 - ESET, spol s r. o.)
Google Earth (HKLM-x32\...\{28E82311-8616-11E1-BEB0-B8AC6F97B88E}) (Version: 6.2.2.6613 - Google)
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.2.1410 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
Java 8 Update 5 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418005FF}) (Version: 8.0.50 - Oracle Corporation)
Java Auto Updater (x32 Version: 2.8.05.13 - Oracle, Inc.) Hidden
Java SE Development Kit 8 Update 5 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180050}) (Version: 8.0.50 - Oracle Corporation)
Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.15 - Acer Inc.)
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
MetaTrader - AAAFx (HKLM-x32\...\MetaTrader - AAAFx) (Version: 4.00 - MetaQuotes Software Corp.)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6873 - Realtek Semiconductor Corp.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.3.39 - Safer-Networking Ltd.)
StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment)
Stellarium 0.12.2 (HKLM\...\Stellarium_is1) (Version: 0.12.2 - Stellarium team)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.41.5 - Synaptics Incorporated)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
TEASI tool version 2.1.1.1 (HKLM-x32\...\{805FBA43-88AB-4E02-A16C-560F7D0D7CD5}_is1) (Version: 2.1.1.1 - GPS Tuner)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Wireshark 1.10.7 (64-bit) (HKLM-x32\...\Wireshark) (Version: 1.10.7 - The Wireshark developer community, hxxp://www.wireshark.org)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
==================== Restore Points =========================
Could not list Restore Points. Check "winmgmt" service or repair WMI.
==================== Hosts content: ==========================
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {F5DE7485-495F-4EBC-A9C6-45809ACBA23A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-09-19] (Piriform Ltd)
==================== Loaded Modules (whitelisted) =============
2013-05-31 19:33 - 2012-03-27 02:33 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-05-02 19:18 - 2014-05-02 19:18 - 26118656 _____ () C:\Program Files (x86)\Battle.net\Battle.net.4511\libcef.dll
2014-05-02 19:18 - 2014-05-02 19:18 - 00739840 _____ () C:\Program Files (x86)\Battle.net\Battle.net.4511\libglesv2.dll
2014-05-02 19:18 - 2014-05-02 19:18 - 00130048 _____ () C:\Program Files (x86)\Battle.net\Battle.net.4511\libegl.dll
2014-02-19 14:18 - 2014-02-19 14:18 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\00a0b4a9df6e4abf30ae2af3624a77ce\IsdiInterop.ni.dll
2013-05-31 19:32 - 2012-02-01 16:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2013-05-31 19:37 - 2012-02-08 03:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2013-06-04 09:41 - 2014-05-11 21:24 - 03839088 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-01-03 08:59 - 2014-02-10 19:04 - 00430080 _____ () C:\Windows\mod_frst.exe
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== EXE Association (whitelisted) =============
==================== Disabled items from MSCONFIG ==============
MSCONFIG\startupreg: Broadcom Wireless Manager UI => C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: FlashPlayerUpdate => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_117_Plugin.exe -update plugin
MSCONFIG\startupreg: HotKeysCmds => "C:\Windows\system32\hkcmd.exe"
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
MSCONFIG\startupreg: LManager => C:\Program Files (x86)\Launch Manager\LManager.exe
MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
==================== Faulty Device Manager Devices =============
Name: Broadcom Virtual Wireless Adapter
Description: Broadcom Virtual Wireless Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Broadcom
Service: BcmVWL
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Broadcom NetLink (TM) Gigabit Ethernet
Description: Broadcom NetLink (TM) Gigabit Ethernet
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Broadcom
Service: k57nd60a
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (05/16/2014 11:45:36 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
.
Vorgang:
VSS-Server wird instanziiert
Error: (05/16/2014 11:45:36 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} und dem Namen "IVssCoordinatorEx2" kann nicht gestartet werden. [0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
]
Vorgang:
VSS-Server wird instanziiert
Error: (05/16/2014 11:38:49 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
.
Vorgang:
VSS-Server wird instanziiert
Error: (05/16/2014 11:38:49 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} und dem Namen "IVssCoordinatorEx2" kann nicht gestartet werden. [0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
]
Vorgang:
VSS-Server wird instanziiert
Error: (05/16/2014 10:01:45 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/15/2014 03:59:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/14/2014 10:38:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (05/16/2014 10:00:00 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Windows-Bilderfassung (WIA)" ist vom Dienst "Shellhardwareerkennung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (05/15/2014 04:21:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Modules Installer" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (05/15/2014 03:57:57 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Windows-Bilderfassung (WIA)" ist vom Dienst "Shellhardwareerkennung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (05/14/2014 10:34:35 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Windows-Bilderfassung (WIA)" ist vom Dienst "Shellhardwareerkennung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Microsoft Office Sessions:
=========================
Error: (05/16/2014 11:45:36 AM) (Source: VSS) (EventID: 8193) (User: )
Description: CoCreateInstance0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
Vorgang:
VSS-Server wird instanziiert
Error: (05/16/2014 11:45:36 AM) (Source: VSS) (EventID: 13) (User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
Vorgang:
VSS-Server wird instanziiert
Error: (05/16/2014 11:38:49 AM) (Source: VSS) (EventID: 8193) (User: )
Description: CoCreateInstance0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
Vorgang:
VSS-Server wird instanziiert
Error: (05/16/2014 11:38:49 AM) (Source: VSS) (EventID: 13) (User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
Vorgang:
VSS-Server wird instanziiert
Error: (05/16/2014 10:01:45 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/15/2014 03:59:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/14/2014 10:38:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
==================== Memory info ===========================
Percentage of memory in use: 21%
Total physical RAM: 8008.36 MB
Available physical RAM: 6254.75 MB
Total Pagefile: 20018.54 MB
Available Pagefile: 18286.9 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:465.66 GB) (Free:341.69 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 9ABFF84B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-05-16 12:15:52
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.AM00 465,76GB
Running: 82gb74s6.exe; Driver: C:\Users\Andreas\AppData\Local\Temp\fgldqpod.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1416] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000773d8791 4 bytes [C2, 04, 00, 00]
.text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1416] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000076bf1465 2 bytes [BF, 76]
.text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1416] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 0000000076bf14bb 2 bytes [BF, 76]
.text ... * 2
---- EOF - GMER 2.1 ----
|
|
16.05.2014, 11:48
| #2 |
| /// the machine /// TB-Ausbilder    |  Offenes Klinik W-Lan | Überprüfung meines Systems nach mehrwöchiger Benutzung Hi,
__________________logs sind sauber 
__________________ |
|
17.05.2014, 12:25
| #3 |
| | Offenes Klinik W-Lan | Überprüfung meines Systems nach mehrwöchiger Benutzung Hallo schrauber,
__________________danke für deine Hilfe. Kann ich mit Defogger die Treiber wieder reaktivieren? Ansonsten wäre alles getan oder? |
|
18.05.2014, 11:10
| #4 |
| /// the machine /// TB-Ausbilder | Offenes Klinik W-Lan | Überprüfung meines Systems nach mehrwöchiger Benutzung Ja kannste machen, und FRST einfach löschen.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Offenes Klinik W-Lan | Überprüfung meines Systems nach mehrwöchiger Benutzung |
| 0x8007042, 4d36e972-e325-11ce-bfc1-08002be10318, association, avira, battle.net, browser, converter, cpu, desktop, device driver, downloader, firefox, flash player, funde, helper, hijack, hijackthis, homepage, installation, launch, mozilla, nutzer, prozesse, registry, safer networking, scan, security, sicherheit, software, svchost.exe, system, teamspeak, viren, virus, windows, wirelesslan, zugänglich |
Linear-Darstellung
